Sorry for the late reply but i have been busy with work. Read below... On Sun, Jul 19, 2009 at 2:29 AM, Evgeny Yurchenko<evgeny.yurche...@frontline.ca> wrote: >> -----Original Message----- >> From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On >> Behalf Of Chris Buechler >> Sent: July 18, 2009 3:50 AM >> To: support@pfsense.com >> Subject: Re: [pfSense Support] IGMP packet out of WAN >> >> On Mon, Jul 13, 2009 at 6:59 PM, Evgeny >> Yurchenko<evgeny.yurche...@frontline.ca> wrote: >> > >> > No, I can not see in logs. But on LAN I have >> > >> > 18:55:24.602839 IP 192.168.1.2 > 224.0.0.22: igmp v2 report >> > 239.142.1.1 >> > >> > It does not go out of WAN. And when I disable packet >> filtering it does go out of WAN. >> > >> >> You're using the IGMP proxy package on 1.2.x I presume? It's >> not blocking it if it isn't getting logged (unless you >> disabled logging on the default rules), but it sounds like it >> has some sort of impact on the traffic. I spent some time >> working with that package and never could get it to pass the >> traffic as it should, though the code it came from in 2.0 did >> work for me. Haven't had time to go back and look at it further. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com For >> additional commands, e-mail: support-h...@pfsense.com >> >> Commercial support available - https://portal.pfsense.org >> >> > Yes, I use 1.2 release. I am sorry for misinforming you. When I disable > packet filtering then packet received on LAN goes to WAN which is quite > expected behaviour, so it is not packet generated by igmpproxy. > My findings are here. I get in debug mode: > igmpproxy, Version 0.1 beta2, Build 090427 > Copyright 2005 by Johnny Egeland <joh...@rlo.org> > Distributed under the GNU GENERAL PUBLIC LICENSE, Version 2 - check > GPL.txt > > Debu: Searching for config file at '/tmp/igmpproxy.conf' > Debu: Config: Quick leave mode enabled. > Debu: Config: Got a phyint token. > Debu: Config: IF: Config for interface bge0. > Debu: Config: IF: Got downstream token. > Debu: Config: IF: Got ratelimit token '0'. > Debu: Config: IF: Got threshold token '1'. > Debu: Config: IF: Got altnet token 224.0.0.0/4. > Debu: Config: IF: Altnet: Parsed altnet to 224/4. > Debu: IF name : bge0 > Debu: Next ptr : 0 > Debu: Ratelimit : 0 > Debu: Threshold : 1 > Debu: State : 2 > Debu: Allowednet ptr : 2820c030 > Debu: Config: Got a phyint token. > Debu: Config: IF: Config for interface bge1. > Debu: Config: IF: Got upstream token. > Debu: Config: IF: Got ratelimit token '0'. > Debu: Config: IF: Got threshold token '1'. > Debu: Config: IF: Got altnet token 224.0.0.0/4. > Debu: Config: IF: Altnet: Parsed altnet to 224/4. > Debu: IF name : bge1 > Debu: Next ptr : 0 > Debu: Ratelimit : 0 > Debu: Threshold : 1 > Debu: State : 1 > Debu: Allowednet ptr : 2820c040 > Debu: Adding Physical Index value of IF 'bge0' is 1 > Debu: buildIfVc: Interface bge0 Addr: 192.168.1.1, Flags: 0xffff8943, > Network: 192.168.1/24 > Debu: Adding Physical Index value of IF 'bge1' is 2 > Debu: buildIfVc: Interface bge1 Addr: 192.168.7.171, Flags: 0xffff8843, > Network: 192.168.7/24 > Debu: Adding Physical Index value of IF 'lo0' is 6 > Debu: buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0xffff8049, > Network: 127/8 > Debu: Found config for bge1 > Note: adding VIF, Ix 0 Fl 0x0 IP 0x0101a8c0 bge0, Threshold: 1, > Ratelimit: 0 > Debu: Network for [bge0] : 192.168.1/24 > Note: adding VIF, Ix 1 Fl 0x0 IP 0xab07a8c0 bge1, Threshold: 1, > Ratelimit: 0 > Debu: Network for [bge1] : 192.168.7/24 > Debu: Network for [bge1] : 224/4 > Debu: Got 262144 byte buffer size in 0 iterations > Debu: Joining all-routers group 224.0.0.2 on vif 192.168.1.1 > Note: joinMcGroup: 224.0.0.2 on bge0 > Debu: SENT Membership query from 192.168.1.1 to 224.0.0.1 > Debu: Sent membership query from 192.168.1.1 to 224.0.0.1. Delay: 10 > Debu: Created timeout 1 (#0) - delay 10 secs > Debu: (Id:1, Time:10) > Debu: Created timeout 2 (#1) - delay 21 secs > Debu: (Id:1, Time:10) > Debu: (Id:2, Time:21) > Debu: Packet from 192.168.1.1: proto: 2 hdrlen: 20 iplen: 8 or 2048 > Note: RECV Membership query from 192.168.1.1 to 224.0.0.1 (ip_hl > 20, data 8) > ^[[5~Debu: About to call timeout 1 (#0) > Debu: Aging routes in table. > Debu: > Current routing table (Age active routes); > ----------------------------------------------------- > > Debu: No routes in table... > Debu: > ------------------------------- > > > Then I run small program on my laptop connected to LAN and generating > IGMP membership reports and indeed igmpproxy sees them: > Debu: Packet from 192.168.1.2: proto: 2 hdrlen: 20 iplen: 8 or 2048 > Note: RECV V2 member report from 192.168.1.2 to 224.0.0.22 (ip_hl > 20, data 8) > Debu: Should insert group 239.142.1.1 (from: 192.168.1.2) to route > table. Vif Ix : 0 > Debu: No existing route for 239.142.1.1. Create new. > Debu: No routes in table. Insert at beginning. > Info: Inserted route table entry for 239.142.1.1 on VIF #0 > Debu: Joining group 239.142.1.1 upstream on IF address 192.168.7.171 > Note: joinMcGroup: 239.142.1.1 on bge1 > Debu: > Current routing table (Insert Route); > ----------------------------------------------------- > > Debu: #0: Dst: 239.142.1.1, Age:2, St: I, OutVifs: 0x00000001 > Debu: > ----------------------------------------------------- > > But this IGMP packet never goes to WAN interface... > Code from mcgroup.c: > { > my_log( LOG_NOTICE, 0, "%sMcGroup: %s on %s", CmdSt, > inetFmt( mcastaddr, s1 ), IfDp ? IfDp->Name : "<any>" ); > } > > if( setsockopt( UdpSock, IPPROTO_IP, > Cmd == 'j' ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP,
Try to make IP_ADD_MEMBERSHIP to IP_ADD_SOURCE_MEMBERSHIP the same for the DROP just add a SOURCE_ and test. It should work that way. > (void *)&CtlReq, sizeof( CtlReq ) ) ) > { > my_log( LOG_WARNING, errno, "MRT_%s_MEMBERSHIP failed", Cmd == > 'j' ? "ADD" : "DROP" ); > return 1; > } > > return 0; > > Code before setsockopt() is executed as we see it in dump. setsockopt() > is then also executed without error as we do not see any errors but this > setsockopt() call must generate IGMP membership report on WAN though it > does not happen. Could anybody explain this please? > Thanks. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > -- Ermal --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org