IGMP Proxy broken?
-
Cannot start IGMP proxy after upgrading to 2.3 BETA.
Config looks OK:
[2.3-BETA][root@***]/root: cat /tmp/igmpproxy.conf ##------------------------------------------------------ ## Enable Quickleave mode (Sends Leave instantly) ##------------------------------------------------------ quickleave phyint vtnet3 upstream ratelimit 0 threshold 1 phyint vtnet0 downstream ratelimit 0 threshold 1 phyint vtnet1 disabled phyint vtnet2 disabledBut it fails with
[2.3-BETA][root@***]/root: igmpproxy -dv /tmp/igmpproxy.conf adding VIF, Ix 0 Fl 0x0 IP 0x036fa8c0 vtnet0, Threshold: 1, Ratelimit: 0 adding VIF, Ix 1 Fl 0x0 IP 0xfe6fa8c0 vtnet0, Threshold: 1, Ratelimit: 0 adding VIF, Ix 2 Fl 0x0 IP 0xfda8a8c0 vtnet1, Threshold: 1, Ratelimit: 0 adding VIF, Ix 3 Fl 0x0 IP 0xfea8a8c0 vtnet1, Threshold: 1, Ratelimit: 0 adding VIF, Ix 4 Fl 0x0 IP 0xfd0ba8c0 vtnet2, Threshold: 1, Ratelimit: 0 adding VIF, Ix 5 Fl 0x0 IP 0xfdb2a8c0 vtnet3, Threshold: 1, Ratelimit: 0 Vif #13 was already upstream. Cannot set VIF #14 as upstream as well. -
It works fine here. When mine starts, I only see the "adding VIF" lines once per interface. Not sure why it's adding them twice on yours, might be some quirk of the vtnet driver.
-
Does not seem to be limited to the vtnet driver, I can reproduce this on my Supermicro C2758 board:
[2.3-BETA][admin@***]/root: cat /tmp/igmpproxy.conf ##------------------------------------------------------ ## Enable Quickleave mode (Sends Leave instantly) ##------------------------------------------------------ quickleave phyint igb2 upstream ratelimit 0 threshold 1 phyint igb0 downstream ratelimit 0 threshold 1 phyint igb1 disabled phyint igb0_vlan101 disabled phyint gif0 disabled [2.3-BETA][admin@***]/root: igmpproxy -dv /tmp/igmpproxy.conf adding VIF, Ix 0 Fl 0x0 IP 0x026fa8c0 igb0, Threshold: 1, Ratelimit: 0 adding VIF, Ix 1 Fl 0x0 IP 0xfe6fa8c0 igb0, Threshold: 1, Ratelimit: 0 adding VIF, Ix 2 Fl 0x0 IP 0xfca8a8c0 igb1, Threshold: 1, Ratelimit: 0 adding VIF, Ix 3 Fl 0x0 IP 0xfea8a8c0 igb1, Threshold: 1, Ratelimit: 0 adding VIF, Ix 4 Fl 0x0 IP 0xfcb2a8c0 igb2, Threshold: 1, Ratelimit: 0 Vif #11 was already upstream. Cannot set VIF #12 as upstream as well.I'm using (different) private 192.168 /24 networks on both LAN and WAN, could that be a problem with the new igmpproxy? The old one did not have a problem with it.
-
I think it's related to CARP, could you try it with a CARP alias on WAN?
buildIfVc: Interface igb2 Addr: 192.168.100.252, Flags: 0xffff8943, Network: 192.168.100/24 buildIfVc: Interface igb2 Addr: 192.168.100.254, Flags: 0xffff8943, Network: 192.168.100/24It adds the LAN real and CARP IP (igb0) and it stops at the WAN interface (igb2), probably while trying to add the CARP alias, as there can only be one upstream interface:
adding VIF, Ix 0 Fl 0x0 IP 0x026fa8c0 igb0, Threshold: 1, Ratelimit: 0 Network for [igb0] : 192.168.1/24 adding VIF, Ix 1 Fl 0x0 IP 0xfe6fa8c0 igb0, Threshold: 1, Ratelimit: 0 Network for [igb0] : 192.168.1/24 adding VIF, Ix 2 Fl 0x0 IP 0xfca8a8c0 igb1, Threshold: 1, Ratelimit: 0 Network for [igb1] : 192.168.50/24 adding VIF, Ix 3 Fl 0x0 IP 0xfea8a8c0 igb1, Threshold: 1, Ratelimit: 0 Network for [igb1] : 192.168.50/24 adding VIF, Ix 4 Fl 0x0 IP 0xfcb2a8c0 igb2, Threshold: 1, Ratelimit: 0 Network for [igb2] : 192.168.100/24 Vif #11 was already upstream. Cannot set VIF #12 as upstream as well. -
Ah, no. I didn't try it that way. Open up an entry on redmine, not sure what we can do about that but we can look into it.
-
The FreeBSD man page suggests:
If multiple IP addresses is used on one single interface (ae. eth0:1 ...), all interface aliases not in use should be configured as disabled.But it also talks about eth0:0 as a possible alias. Seems the Linux man page was just copied and pasted.
How would we address a CARP alias in FreeBSD? The original OpenBSD carpX notation does not seem to apply to FreeBSD, at least on my pfSense 2.3 install…
Or can you bring back the old pfSense IGMP Proxy? -
On 2.2.x and later, CARP VIPs work like IP aliases at the OS level. The code may have to be changed to find them and mark them as disabled.
Bringing back the old igmpproxy is not an option.
-
Thanks jimp, ticket opened:
https://redmine.pfsense.org/issues/5783 -
athurdent or anyone else seeing issues here, this looks to be fixed, please upgrade and report back to confirm.
-
Thanks, it starts now.
Does not really work for me, though. I used it to forward SSDP on 2.2.6, which worked fine. I setup a 2.2.6 VM to confirm that it still works there. Also tried an older 2.3 beta without the new changes and without CARP. Errors below are the same.On 2.2.6 I get:
$ netstat -gn IPv4 Virtual Interface Table Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out 0 1 192.168.1xx.6 340 0 1 1 192.168.2xx.105 0 340 IPv4 Multicast Forwarding Table Origin Group Packets In-Vif Out-Vifs:Ttls 192.168.1xx.11 239.255.255.250 100 0 1:1 192.168.1xx.31 239.255.255.250 12 0 1:1 192.168.1xx.30 239.255.255.250 134 0 1:1 192.168.1xx.245 239.255.255.250 42 0 1:1 192.168.1xx.36 239.255.255.250 12 0 1:1 192.168.1xx.246 239.255.255.250 40 0 1:1on 2.3:
netstat -gn IPv4 Virtual Interface Table Vif Thresh Local-Address Remote-Address Pkts-In Pkts-Out 0 1 192.168.1xx.2 0 0 1 1 192.168.2xx.252 0 0 IPv4 Multicast Forwarding Table is emptyAnd many complaints in the log about LAN hosts not being in any vaild net for WAN upstream, which seems kind of odd to me.
The source address 192.168.1xx.245 for group 239.255.255.250, is not in any valid net for upstream VIF.Firewall rules on 2.2.6 and 2.3 are set to allow all IGMP incoming on either LAN and WAN with IP options, so no difference there.
