multicast inconsistant
-
@bmeeks I tried a packet capture after stopping the dpinger service, but it didn't change anything.
I correct myself : on a capture on my pfSense when I have this problem, I only see multicast with IPv4 source address of my pfSense AND MDNS multicast packets (224.0.0.251) from my lan AND multicast leave group from my lan (but not multicast join group)
-
@maximushugus said in multicast inconsistant:
stopping the dpinger service
what would that have to do with anything - dpinger is what checks to see if your gateway is online via pinging it.
-
@johnpoz I though this would stop IDS/IPS service as said above
-
@maximushugus said in multicast inconsistant:
I though this would stop IDS/IPS service as said above
It won't. dpinger has no relationship to IDS/IPS.
-
I don't really know what you mean by IDS/IPS. If it's in relation to snort or suricata, i do not have those packet installed
I have wireguard, avahi, openvpn (and arping, iperf) -
@maximushugus said in multicast inconsistant:
I don't really know what you mean by IDS/IPS. If it's in relation to snort or suricata, i do not have those packet installed
I have wireguard, avahi, openvpn (and arping, iperf)If you do not have Snort or Suricata installed, then forget all the remarks about IDS/IPS. They are not relevant without one of those packages installed and running.
-
@maximushugus said in multicast inconsistant:
By reseting the port link on my switch for my pfSense, I can reproduce this behavior
@maximushugus, you should start with this suggestion:
@johnpoz said in multicast inconsistant:
When troubleshooting where trying to validate traffic gets to where it is suppose to go and there is a lag at the endpoint, we have always turned down all but one interface in the lag
-
To update the topic : for the moment I'm not able to do testing disabling lag because of my configuration.
But I reinstalled pfSense 2.7.0 reimporting the exact same configuration, and my multicast is working again.
I suspect a bug in the igmpproxy program in pfSense 2.7.2 (or pfSense 2.7.1 but I never tried this version)
Maybe it is related with this : https://redmine.pfsense.org/issues/15043 -
@maximushugus said in multicast inconsistant:
https://redmine.pfsense.org/issues/15043
It could be that. Those fixes are in 24.03.
-
I tried to transfer the igmpproxy binary from working 2.7.0 pfSense to 2.7.2.
But it looks like the binary is exactly the same...To resume : if I restart my pfSense interfaces and launch igmpproxy, the first multicast stream I ask is working. But as soon as I leave this first asked multicast stream, it is not working anymore, and if I do a packet capture, I do not see any multicast packets exept those with IPv4 source address of my pfSense AND MDNS multicast packets (224.0.0.251) from my lan AND multicast leave group from my lan (but not multicast join group).
I managed to get igmpproxy logs from working state to not working (by restarting interfaces from my switch and lauching igmpproxy after reconnecting). On this log I put "****************" when I left the stream on my PC :
igmpproxy -n -d -vv /etc/igmpproxy.conf Searching for config file at '/etc/igmpproxy.conf' Config: Quick leave mode enabled. Config: Got a phyint token. Config: IF: Config for interface lagg0.1. Config: IF: Got upstream token. Config: IF: Got ratelimit token '0'. Config: IF: Got threshold token '1'. Config: IF: Got whitelist token 233.32.36.0/24. Config: IF: Altnet: Parsed altnet to 233.32.36/24. Config: IF: Got whitelist token 233.60.197.0/24. Config: IF: Altnet: Parsed altnet to 233.60.197/24. Config: IF: Got whitelist token 233.49.82.0/24. Config: IF: Altnet: Parsed altnet to 233.49.82/24. Config: IF: Got whitelist token 233.136.0.0/24. Config: IF: Altnet: Parsed altnet to 233.136.0/24. Config: IF: Got whitelist token 233.136.44.0/24. Config: IF: Altnet: Parsed altnet to 233.136.44/24. Config: IF: Got altnet token 0.0.0.0/0. Config: IF: Altnet: Parsed altnet to default. IF name : lagg0.1 Next ptr : 0 Ratelimit : 0 Threshold : 1 State : 1 Allowednet ptr : 7c41b0a0 Config: Got a phyint token. Config: IF: Config for interface lagg0.3. Config: IF: Got downstream token. Config: IF: Got ratelimit token '0'. Config: IF: Got threshold token '1'. Config: IF: Got altnet token 0.0.0.0/0. Config: IF: Altnet: Parsed altnet to default. IF name : lagg0.3 Next ptr : 0 Ratelimit : 0 Threshold : 1 State : 2 Allowednet ptr : 7c41b0c0 Config: Got a phyint token. Config: IF: Config for interface lagg0.99. Config: IF: Got downstream token. Config: IF: Got ratelimit token '0'. Config: IF: Got threshold token '1'. IF name : lagg0.99 Next ptr : 0 Ratelimit : 0 Threshold : 1 State : 2 Allowednet ptr : 0 Config: Got a phyint token. Config: IF: Config for interface lagg0.50. Config: IF: Got disabled token. IF name : lagg0.50 Next ptr : 0 Ratelimit : 0 Threshold : 1 State : 0 Allowednet ptr : 0 Config: Got a phyint token. Config: IF: Config for interface gre0. Config: IF: Got disabled token. IF name : gre0 Next ptr : 0 Ratelimit : 0 Threshold : 1 State : 0 Allowednet ptr : 0 Config: Got a phyint token. Config: IF: Config for interface tun_wg0. Config: IF: Got disabled token. IF name : tun_wg0 Next ptr : 0 Ratelimit : 0 Threshold : 1 State : 0 Allowednet ptr : 0 Config: Got a phyint token. Config: IF: Config for interface tun_wg1. Config: IF: Got disabled token. IF name : tun_wg1 Next ptr : 0 Ratelimit : 0 Threshold : 1 State : 0 Allowednet ptr : 0 Config: Got a phyint token. Config: IF: Config for interface lagg0.2. Config: IF: Got disabled token. IF name : lagg0.2 Next ptr : 0 Ratelimit : 0 Threshold : 1 State : 0 Allowednet ptr : 0 buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0xffff8049, Network: 127/8 buildIfVc: Interface lo0 Addr: 45.13.104.149, Flags: 0xffff8049, Network: 45/8 buildIfVc: Interface lagg0.3 Addr: 192.168.3.1, Flags: 0xffff8943, Network: 192.168.3/24 buildIfVc: Interface lagg0.50 Addr: 192.168.50.1, Flags: 0xffff8943, Network: 192.168.50/24 buildIfVc: Interface lagg0.99 Addr: 192.168.99.1, Flags: 0xffff8943, Network: 192.168.99/24 buildIfVc: Interface lagg0.1 Addr: 109.11.243.7, Flags: 0xffff8843, Network: 109.11.243/24 buildIfVc: Interface lagg0.1 Addr: 192.168.4.253, Flags: 0xffff8843, Network: 192.168.4/24 buildIfVc: Interface ovpns1 Addr: 192.168.26.1, Flags: 0xffff8043, Network: 192.168.26/24 buildIfVc: Interface tun_wg0 Addr: 192.168.25.1, Flags: 0xffff80c1, Network: 192.168.25/24 buildIfVc: Interface tun_wg1 Addr: 192.168.27.1, Flags: 0xffff80c1, Network: 192.168.27/24 buildIfVc: Interface gre0 Addr: 10.1.0.246, Flags: 0xffff8051, Network: 10.1.0.244/30 Found config for lagg0.3 Found config for lagg0.50 Found config for lagg0.99 Found config for lagg0.1 Found config for lagg0.1 Found config for tun_wg0 Found config for tun_wg1 Found config for gre0 adding VIF, Ix 0 Fl 0x0 IP 0x0103a8c0 lagg0.3, Threshold: 1, Ratelimit: 0 Network for [lagg0.3] : 192.168.3/24 Network for [lagg0.3] : default adding VIF, Ix 1 Fl 0x0 IP 0x0163a8c0 lagg0.99, Threshold: 1, Ratelimit: 0 Network for [lagg0.99] : 192.168.99/24 Found upstrem IF #0, will assing as upstream Vif 27 adding VIF, Ix 2 Fl 0x0 IP 0x07f30b6d lagg0.1, Threshold: 1, Ratelimit: 0 Network for [lagg0.1] : 109.11.243/24 Network for [lagg0.1] : default Found upstrem IF #1, will assing as upstream Vif 28 adding VIF, Ix 3 Fl 0x0 IP 0xfd04a8c0 lagg0.1, Threshold: 1, Ratelimit: 0 Network for [lagg0.1] : 192.168.4/24 Network for [lagg0.1] : default Got 262144 byte buffer size in 0 iterations Joining all-routers group 224.0.0.2 on vif 192.168.3.1 Joining group 224.0.0.2 on interface lagg0.3 Joining all igmpv3 multicast routers group 224.0.0.22 on vif 192.168.3.1 Joining group 224.0.0.22 on interface lagg0.3 Joining all-routers group 224.0.0.2 on vif 192.168.99.1 Joining group 224.0.0.2 on interface lagg0.99 Joining all igmpv3 multicast routers group 224.0.0.22 on vif 192.168.99.1 Joining group 224.0.0.22 on interface lagg0.99 SENT Membership query from 192.168.3.1 to 224.0.0.1 Sent membership query from 192.168.3.1 to 224.0.0.1. Delay: 10 SENT Membership query from 192.168.99.1 to 224.0.0.1 Sent membership query from 192.168.99.1 to 224.0.0.1. Delay: 10 Created timeout 1 (#0) - delay 10 secs (Id:1, Time:10) Created timeout 2 (#1) - delay 21 secs (Id:1, Time:10) (Id:2, Time:21) RECV V2 member report from 192.168.3.1 to 224.0.0.2 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.1 to 224.0.0.22 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.99.1 to 224.0.0.2 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.99.1 to 224.0.0.22 The IGMP message was from myself. Ignoring. RECV Membership query from 192.168.3.1 to 224.0.0.1 RECV Membership query from 192.168.99.1 to 224.0.0.1 Route activate request from 192.168.3.31 to 224.2.127.254 on VIF[2] No table entry for 224.2.127.254 [From: 192.168.3.31]. Inserting route. No existing route for 224.2.127.254. Create new. No routes in table. Insert at beginning. Inserted route table entry for 224.2.127.254 on VIF #-1 The group address 224.2.127.254 may not be forwarded upstream. Ignoring. Current routing table (Insert Route): ----------------------------------------------------- #0: Dst: 224.2.127.254, Age:2, St: I, OutVifs: 0x00000000, dHosts: yes ----------------------------------------------------- Current routing table (Activate Route): ----------------------------------------------------- #0: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000000, dHosts: yes ----------------------------------------------------- Route activate request from 192.168.3.4 to 239.255.255.250 on VIF[2] No table entry for 239.255.255.250 [From: 192.168.3.4]. Inserting route. No existing route for 239.255.255.250. Create new. Found existing routes. Find insert location. Inserting at beginning, before route 224.2.127.254 Inserted route table entry for 239.255.255.250 on VIF #-1 The group address 239.255.255.250 may not be forwarded upstream. Ignoring. Current routing table (Insert Route): ----------------------------------------------------- #0: Dst: 239.255.255.250, Age:2, St: I, OutVifs: 0x00000000, dHosts: yes #1: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000000, dHosts: yes ----------------------------------------------------- Current routing table (Activate Route): ----------------------------------------------------- #0: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000000, dHosts: yes #1: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000000, dHosts: yes ----------------------------------------------------- RECV V2 member report from 192.168.3.4 to 224.2.127.254 Should insert group 224.2.127.254 (from: 192.168.3.4) to route table. Vif Ix : 0 Updated route entry for 224.2.127.254 on VIF #0 Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Adding MFC: 192.168.3.31 -> 224.2.127.254, InpVIf: 2 The group address 224.2.127.254 may not be forwarded upstream. Ignoring. Current routing table (Insert Route): ----------------------------------------------------- #0: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000000, dHosts: yes #1: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- RECV V2 member report from 192.168.3.4 to 239.255.255.250 Should insert group 239.255.255.250 (from: 192.168.3.4) to route table. Vif Ix : 0 Updated route entry for 239.255.255.250 on VIF #0 Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Adding MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2 The group address 239.255.255.250 may not be forwarded upstream. Ignoring. Current routing table (Insert Route): ----------------------------------------------------- #0: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #1: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- RECV V2 member report from 192.168.99.1 to 224.0.0.2 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.1 to 224.0.0.2 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.37 to 239.255.255.250 Should insert group 239.255.255.250 (from: 192.168.3.37) to route table. Vif Ix : 0 Updated route entry for 239.255.255.250 on VIF #0 Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Adding MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2 The group address 239.255.255.250 may not be forwarded upstream. Ignoring. Current routing table (Insert Route): ----------------------------------------------------- #0: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #1: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- RECV V2 member report from 192.168.3.4 to 239.255.255.246 Should insert group 239.255.255.246 (from: 192.168.3.4) to route table. Vif Ix : 0 No existing route for 239.255.255.246. Create new. Found existing routes. Find insert location. Inserting at beginning, before route 239.255.255.250 Inserted route table entry for 239.255.255.246 on VIF #0 The group address 239.255.255.246 may not be forwarded upstream. Ignoring. Current routing table (Insert Route): ----------------------------------------------------- #0: Dst: 239.255.255.246, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes #1: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- RECV V2 member report from 192.168.3.9 to 239.255.255.250 Should insert group 239.255.255.250 (from: 192.168.3.9) to route table. Vif Ix : 0 Updated route entry for 239.255.255.250 on VIF #0 Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Adding MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2 The group address 239.255.255.250 may not be forwarded upstream. Ignoring. Current routing table (Insert Route): ----------------------------------------------------- #0: Dst: 239.255.255.246, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes #1: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- RECV V2 member report from 192.168.3.18 to 239.255.255.250 Should insert group 239.255.255.250 (from: 192.168.3.18) to route table. Vif Ix : 0 Updated route entry for 239.255.255.250 on VIF #0 Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Adding MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2 The group address 239.255.255.250 may not be forwarded upstream. Ignoring. Current routing table (Insert Route): ----------------------------------------------------- #0: Dst: 239.255.255.246, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes #1: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- RECV Membership query from 1.1.1.1 to 224.0.0.1 RECV V2 member report from 192.168.3.1 to 224.0.0.22 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.1 to 224.0.0.251 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.111 to 239.255.255.250 Should insert group 239.255.255.250 (from: 192.168.3.111) to route table. Vif Ix : 0 Updated route entry for 239.255.255.250 on VIF #0 Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Adding MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2 The group address 239.255.255.250 may not be forwarded upstream. Ignoring. Current routing table (Insert Route): ----------------------------------------------------- #0: Dst: 239.255.255.246, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes #1: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- RECV V2 member report from 192.168.99.1 to 224.0.0.22 The IGMP message was from myself. Ignoring. About to call timeout 1 (#0) Aging routes in table. Current routing table (Age active routes): ----------------------------------------------------- #0: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes #1: Src0: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- Route activate request from 192.168.3.18 to 239.255.255.250 on VIF[2] Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Adding MFC: 192.168.3.18 -> 239.255.255.250, InpVIf: 2 Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Adding MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2 Current routing table (Activate Route): ----------------------------------------------------- #0: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes #1: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- RECV V2 member report from 192.168.3.4 to 224.2.127.254 Should insert group 224.2.127.254 (from: 192.168.3.4) to route table. Vif Ix : 0 Updated route entry for 224.2.127.254 on VIF #0 Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Adding MFC: 192.168.3.31 -> 224.2.127.254, InpVIf: 2 The group address 224.2.127.254 may not be forwarded upstream. Ignoring. Current routing table (Insert Route): ----------------------------------------------------- #0: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes #1: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- RECV V2 member report from 192.168.3.4 to 239.255.255.250 Should insert group 239.255.255.250 (from: 192.168.3.4) to route table. Vif Ix : 0 Updated route entry for 239.255.255.250 on VIF #0 Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Adding MFC: 192.168.3.18 -> 239.255.255.250, InpVIf: 2 Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Adding MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2 The group address 239.255.255.250 may not be forwarded upstream. Ignoring. Current routing table (Insert Route): ----------------------------------------------------- #0: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes #1: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- RECV V2 member report from 192.168.3.4 to 239.255.255.246 Should insert group 239.255.255.246 (from: 192.168.3.4) to route table. Vif Ix : 0 Updated route entry for 239.255.255.246 on VIF #0 The group address 239.255.255.246 may not be forwarded upstream. Ignoring. Current routing table (Insert Route): ----------------------------------------------------- #0: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes #1: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- RECV V2 member report from 192.168.3.112 to 233.136.0.202 Should insert group 233.136.0.202 (from: 192.168.3.112) to route table. Vif Ix : 0 No existing route for 233.136.0.202. Create new. Found existing routes. Find insert location. Inserting at beginning, before route 239.255.255.246 Inserted route table entry for 233.136.0.202 on VIF #0 Joining group 233.136.0.202 upstream on IF address 109.11.243.7 Joining group 233.136.0.202 on interface lagg0.1 Joining group 233.136.0.202 upstream on IF address 192.168.4.253 Joining group 233.136.0.202 on interface lagg0.1 can't join group 233.136.0.202 on interface lagg0.1; Errno(48): Address already in use Current routing table (Insert Route): ----------------------------------------------------- #0: Dst: 233.136.0.202, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes #1: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes #2: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #3: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- RECV V2 member report from 109.11.243.7 to 233.136.0.202 The IGMP message was from myself. Ignoring. Route activate request from 77.130.48.82 to 233.136.0.202 on VIF[2] Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Adding MFC: 77.130.48.82 -> 233.136.0.202, InpVIf: 2 Current routing table (Activate Route): ----------------------------------------------------- #0: Src0: 77.130.48.82, Dst: 233.136.0.202, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #1: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes #2: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #3: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- About to call timeout 2 (#0) SENT Membership query from 192.168.3.1 to 224.0.0.1 Sent membership query from 192.168.3.1 to 224.0.0.1. Delay: 10 SENT Membership query from 192.168.99.1 to 224.0.0.1 Sent membership query from 192.168.99.1 to 224.0.0.1. Delay: 10 Created timeout 3 (#0) - delay 10 secs (Id:3, Time:10) Created timeout 4 (#1) - delay 21 secs (Id:3, Time:10) (Id:4, Time:21) RECV Membership query from 192.168.99.1 to 224.0.0.1 RECV Membership query from 192.168.3.1 to 224.0.0.1 RECV V2 member report from 192.168.99.1 to 224.0.0.22 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.1 to 224.0.0.22 The IGMP message was from myself. Ignoring. About to call timeout 3 (#0) Aging routes in table. Current routing table (Age active routes): ----------------------------------------------------- #0: Src0: 77.130.48.82, Dst: 233.136.0.202, Age:1, St: A, OutVifs: 0x00000001, dHosts: yes #1: Dst: 239.255.255.246, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes #2: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #3: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- RECV Leave message from 192.168.3.112 to 224.0.0.2 Got leave message from 192.168.3.112 to 233.136.0.202. Starting last member detection. ********************************************************************** counted 1 interfaces quickleave is enabled and this was the last downstream host, leaving group 233.136.0.202 now Leaving group 233.136.0.202 upstream on IF address 109.11.243.7 Leaving group 233.136.0.202 on interface lagg0.1 Interface id 0 is in group $d SENT Membership query from 192.168.3.1 to 233.136.0.202 Sent membership query from 192.168.3.1 to 233.136.0.202. Delay: 10 Interface id 1 is in group $d Created timeout 5 (#0) - delay 10 secs (Id:5, Time:10) (Id:4, Time:11) RECV Leave message from 109.11.243.7 to 224.0.0.2 Got leave message from 109.11.243.7 to 233.136.0.202. Starting last member detection. The found if for 109.11.243.7 was not downstream. Ignoring leave request. RECV Membership query from 192.168.3.1 to 233.136.0.202 RECV V2 member report from 192.168.3.1 to 224.0.0.251 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.1 to 224.0.0.2 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.99.1 to 224.0.0.2 The IGMP message was from myself. Ignoring. About to call timeout 5 (#0) Interface id 0 is in group $d SENT Membership query from 192.168.3.1 to 233.136.0.202 Sent membership query from 192.168.3.1 to 233.136.0.202. Delay: 10 Interface id 1 is in group $d Created timeout 6 (#0) - delay 10 secs (Id:6, Time:10) (Id:4, Time:1) RECV Membership query from 192.168.3.1 to 233.136.0.202 About to call timeout 6 (#0) Removing group 233.136.0.202. Died of old age. Removed route entry for 233.136.0.202 from table. Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Removing MFC: 77.130.48.82 -> 233.136.0.202, InpVIf: 2 Current routing table (Remove route): ----------------------------------------------------- #0: Dst: 239.255.255.246, Age:2, St: I, OutVifs: 0x00000001, dHosts: yes #1: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes #2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:2, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- About to call timeout 4 (#0) SENT Membership query from 192.168.3.1 to 224.0.0.1 Sent membership query from 192.168.3.1 to 224.0.0.1. Delay: 10 SENT Membership query from 192.168.99.1 to 224.0.0.1 Sent membership query from 192.168.99.1 to 224.0.0.1. Delay: 10 Created timeout 7 (#0) - delay 10 secs (Id:7, Time:10) Created timeout 8 (#1) - delay 115 secs (Id:7, Time:10) (Id:8, Time:115) RECV Membership query from 192.168.3.1 to 224.0.0.1 RECV Membership query from 192.168.99.1 to 224.0.0.1 RECV Membership query from 1.1.1.1 to 224.0.0.1 RECV V2 member report from 192.168.99.1 to 224.0.0.2 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.1 to 224.0.0.22 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.1 to 224.0.0.2 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.1 to 224.0.0.251 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.99.1 to 224.0.0.22 The IGMP message was from myself. Ignoring. About to call timeout 7 (#0) Aging routes in table. Current routing table (Age active routes): ----------------------------------------------------- #0: Dst: 239.255.255.246, Age:1, St: I, OutVifs: 0x00000001, dHosts: yes #1: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:1, St: A, OutVifs: 0x00000001, dHosts: yes #2: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:1, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- About to call timeout 8 (#0) SENT Membership query from 192.168.3.1 to 224.0.0.1 Sent membership query from 192.168.3.1 to 224.0.0.1. Delay: 10 SENT Membership query from 192.168.99.1 to 224.0.0.1 Sent membership query from 192.168.99.1 to 224.0.0.1. Delay: 10 Created timeout 9 (#0) - delay 10 secs (Id:9, Time:10) Created timeout 10 (#1) - delay 115 secs (Id:9, Time:10) (Id:10, Time:115) RECV Membership query from 192.168.3.1 to 224.0.0.1 RECV Membership query from 192.168.99.1 to 224.0.0.1 RECV V2 member report from 192.168.99.1 to 224.0.0.2 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.99.1 to 224.0.0.22 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.1 to 224.0.0.251 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.1 to 224.0.0.2 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.1 to 224.0.0.22 The IGMP message was from myself. Ignoring. About to call timeout 9 (#0) Aging routes in table. Removing group 239.255.255.246. Died of old age. Removed route entry for 239.255.255.246 from table. Current routing table (Remove route): ----------------------------------------------------- #0: Src0: 192.168.3.18, Src1: 192.168.3.4, Dst: 239.255.255.250, Age:1, St: A, OutVifs: 0x00000001, dHosts: yes #1: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:1, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- Removing group 239.255.255.250. Died of old age. Removed route entry for 239.255.255.250 from table. Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Removing MFC: 192.168.3.18 -> 239.255.255.250, InpVIf: 2 Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Removing MFC: 192.168.3.4 -> 239.255.255.250, InpVIf: 2 Current routing table (Remove route): ----------------------------------------------------- #0: Src0: 192.168.3.31, Dst: 224.2.127.254, Age:1, St: A, OutVifs: 0x00000001, dHosts: yes ----------------------------------------------------- Removing group 224.2.127.254. Died of old age. Removed route entry for 224.2.127.254 from table. Vif bits : 0x00000001 Setting TTL for Vif 0 to 1 Removing MFC: 192.168.3.31 -> 224.2.127.254, InpVIf: 2 Current routing table (Remove route): ----------------------------------------------------- No routes in table... ----------------------------------------------------- Current routing table (Age active routes): ----------------------------------------------------- No routes in table... ----------------------------------------------------- About to call timeout 10 (#0) SENT Membership query from 192.168.3.1 to 224.0.0.1 Sent membership query from 192.168.3.1 to 224.0.0.1. Delay: 10 SENT Membership query from 192.168.99.1 to 224.0.0.1 Sent membership query from 192.168.99.1 to 224.0.0.1. Delay: 10 Created timeout 11 (#0) - delay 10 secs (Id:11, Time:10) Created timeout 12 (#1) - delay 115 secs (Id:11, Time:10) (Id:12, Time:115) RECV Membership query from 192.168.3.1 to 224.0.0.1 RECV Membership query from 192.168.99.1 to 224.0.0.1 RECV V2 member report from 192.168.99.1 to 224.0.0.2 The IGMP message was from myself. Ignoring. About to call timeout 11 (#0) Aging routes in table. Current routing table (Age active routes): ----------------------------------------------------- No routes in table... ----------------------------------------------------- RECV Membership query from 1.1.1.1 to 224.0.0.1 RECV V2 member report from 192.168.99.1 to 224.0.0.22 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.1 to 224.0.0.251 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.1 to 224.0.0.2 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.3.1 to 224.0.0.22 The IGMP message was from myself. Ignoring.
So as you can see, after leaving the stream, it is not receiving any join group anymore (even if I try to join this multicast stream again on my PC).
Because the igmpproxy binary was not changed, I think this is a kernel/pfSense issue with rule/state/filter table between 2.7.0 and 2.7.2,
What do you think about it ?
Thanks -
Also if it can help, here is netstat -g results at different moment during the problem :
Before lauching igmpproxy :
netstat -g IPv4 Virtual Interface Table is empty IPv4 Multicast Forwarding Table is empty IPv6 Multicast Interface Table is empty IPv6 Multicast Forwarding Table is empty
After starting igmpproxy but before asking for the stream on my PC :
netstat -g IPv4 Virtual Interface Table Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out 0 1 192.168.3.1 0 0 1 1 192.168.99.1 0 0 2 1 109.11.243.7 0 0 3 1 192.168.4.253 0 0 IPv4 Multicast Forwarding Table Origin Group Packets In-Vif Out-Vifs:Ttls 192.168.3.31 224.2.127.254 0 2 0:1 192.168.3.4 239.255.255.250 0 2 0:1
After asking for the multicast stream on my PC and receiving the stream :
netstat -g IPv4 Virtual Interface Table Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out 0 1 192.168.3.1 0 16716 1 1 192.168.99.1 0 0 2 1 109.11.243.7 16716 0 3 1 192.168.4.253 0 0 IPv4 Multicast Forwarding Table Origin Group Packets In-Vif Out-Vifs:Ttls 192.168.3.31 224.2.127.254 0 2 0:1 77.130.48.82 233.136.0.202 16716 2 0:1 192.168.3.18 239.255.255.250 0 2 0:1 192.168.3.4 239.255.255.250 0 2 0:1 IPv6 Multicast Interface Table is empty IPv6 Multicast Forwarding Table is empty
After stopping the stream on my PC :
netstat -g IPv4 Virtual Interface Table Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out 0 1 192.168.3.1 0 16716 1 1 192.168.99.1 0 0 2 1 109.11.243.7 16716 0 3 1 192.168.4.253 0 0 IPv4 Multicast Forwarding Table Origin Group Packets In-Vif Out-Vifs:Ttls 192.168.3.31 224.2.127.254 0 2 0:1 77.130.48.82 233.136.0.202 16716 2 0:1 192.168.3.18 239.255.255.250 0 2 0:1 192.168.3.4 239.255.255.250 0 2 0:1 IPv6 Multicast Interface Table is empty IPv6 Multicast Forwarding Table is empty
And if I try again to ask for the multicast stream on my PC :
netstat -g IPv4 Virtual Interface Table Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out 0 1 192.168.3.1 0 16716 1 1 192.168.99.1 0 0 2 1 109.11.243.7 16716 0 3 1 192.168.4.253 0 0 IPv4 Multicast Forwarding Table Origin Group Packets In-Vif Out-Vifs:Ttls 192.168.3.31 224.2.127.254 0 2 0:1 77.130.48.82 233.136.0.202 16716 2 0:1 192.168.3.18 239.255.255.250 0 2 0:1 192.168.3.4 239.255.255.250 0 2 0:1 IPv6 Multicast Interface Table is empty IPv6 Multicast Forwarding Table is empty
-
Just to update, I still have the problem.
But I installed and properly configured PIMD, disabling IGMP proxy.With this configuration I have the exact same problem : I only see multicast with IPv4 source of my pfSense, and MDNS, (224.0.0.251) from my lan and multicast leave group but not multicast join group from my lan.
So I this the problem is in pfSense itself and not in IGMPproxy nor PIMD
Also if from a PC on my lan I ping a multicast 224.0.0.2, I can see this on a capture on pfSense.
That's really weird
-
I found I have the same problem as discribed here
I have the same configuration with a LAGG of ixl0 and ixl1
I suspect this is the problem.
I get a lot of those errorspfSense kernel: ixl1: Disabled multicast promiscuous mode
when enabling or disabling any multicast program (avahi, igmpproxy or pimd), even if I disable every program
-
Ok I think I found the problem : it looks as a freebsd kernel bug with Intel x710 NIC.
Here is the same problem in OPNsense : link
Here is the Github OPNsense problem : link
In OPNsense by reverting this freebsd commit it resolve the problem (see here)
Can someone open an issue for next pfsense ?
Does someone have skills to compile a pfsense kernel without the faulty commit ?Thanks ?
-
Hmm, surprised you can't disable that kind of hardware offloading.
Since it can only handle 128 addresses and has a mode where it stops filtering in hardware when it goes above that anyway.....
-
Seems to be setup with vlan hw filtering. Did you try disabling that?
Like:
ifconfig ixl0 -vlanhwfilter
-
@stephenw10 It looks as if I cannot disable vlan hw filtering because if I run this command the interface doesn't go up anymore until I restart
-
I created the bug in pfSense bugtracker : here
-
Hmm, that's odd. Are you using VLANs on that? Do they all fail if so?
-
I have a LAG with both ixl0 and ixl1.
And on top of this LAG if have multiple VLANs.
As far as I entered this command for ixl0, every VLANs was inaccessible. I had to restart pfSense.
Then for ixl0 in ifconfig I had "satus : no carrier".
I entered :ifconfig ixl0 vlanhwfilter
and everything came back normal