IGMP Proxy конфликт версий
-
Добрый день. Заранее прошу прощения, тема вроде как в ветке IPTV поднималась, но решения(из тех что я нашел) на версии 2.4.5 не работают. Суть проблемы. Провайдер работает с igmp v2 , но на выходе из pfsense отправляются уже v3 report. В tunables net.inet.igmp.default_version = 2, пробовал так же прописать в /etc/rc - результата ноль. Выключаем фаервол - и pf начинает отправлять репорт 2 версии, включаем обратно, снова тоже самое.
sysctl -a | grep igmp net.inet.igmp.gsrdelay: 10 net.inet.igmp.default_version: 2 net.inet.igmp.legacysupp: 1 net.inet.igmp.v2enable: 1 net.inet.igmp.v1enable: 1 net.inet.igmp.sendlocal: 1 net.inet.igmp.sendra: 0 net.inet.igmp.recvifkludge: 1
tcpdump -i em2 | grep igmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em2, link-type EN10MB (Ethernet), capture size 262144 bytes 13:32:44.674446 IP 192.168.101.1 > all-systems.mcast.net: igmp query v2 13:32:45.971892 IP 192.168.101.100 > 224.0.0.251: igmp v2 report 224.0.0.251 13:32:46.053159 IP 192.168.101.1 > igmp.mcast.net: igmp v2 report igmp.mcast.net
tcpdump -i em0 | grep igmp | grep ... tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes 12:47:01.067170 IP recursor-slave.domain > ....57733: 24636 1/0/0 PTR igmp.mcast.net. (69) 12:47:01.285513 IP recursor-master.domain > ....57733: 24636 1/0/0 PTR igmp.mcast.net. (69) 12:47:14.402841 IP ... > igmp.mcast.net: igmp v3 report, 1 group record(s) 12:47:17.413184 IP ... > igmp.mcast.net: igmp v3 report, 1 group record(s)
-
@codriver
Здр
в теме igmp не сильно разбираюсь , но попробуйте сделать так ( для диагностики )- останавливате службу IGMP Proxy
- из консоли запускаете команду /usr/local/sbin/igmpproxy -d -v -v /var/etc/igmpproxy.conf и смотрите , что происходит
В идеале выложить 2 файла для анализа ( для 2-х Ваших случаев ) , чтобы попытаться понять в чем разница
-
@Konstanti said in IGMP Proxy конфликт версий:
/usr/local/sbin/igmpproxy -d -v -v /var/etc/igmpproxy.conf
Спасибо за ответ.
Firewall включен
Current routing table (Insert Route): ----------------------------------------------------- #0: Dst: 230.200.201.32, Age:2, St: I, OutVifs: 0x00000002 ----------------------------------------------------- RECV V3 member report from my_ip to 224.0.0.22 The IGMP message was from myself. Ignoring. Route activate request from 10.1.70.242 to 230.200.201.32 on VIF[0] Vif bits : 0x00000002 Setting TTL for Vif 1 to 1 Adding MFC: 10.1.70.242 -> 230.200.201.32, InpVIf: 0 Current routing table (Activate Route): ----------------------------------------------------- #0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:2, St: A, OutVifs: 0x00000002 ----------------------------------------------------- RECV V2 member report from 192.168.101.1 to 224.0.0.2 The IGMP message was from myself. Ignoring. The IGMP message was local multicast. Ignoring. RECV V3 member report from my_ip to 224.0.0.22 The IGMP message was from myself. Ignoring. About to call timeout 1 (#0) Aging routes in table. Current routing table (Age active routes): ----------------------------------------------------- #0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:1, St: A, OutVifs: 0x00000002 ----------------------------------------------------- RECV V2 member report from 192.168.101.100 to 224.0.0.251 Should insert group 224.0.0.251 (from: 192.168.101.100) to route table. Vif Ix : 1 No existing route for 224.0.0.251. Create new. Found existing routes. Find insert location. Inserting after route 230.200.201.32 Inserted route table entry for 224.0.0.251 on VIF #1 Joining group 224.0.0.251 upstream on IF address my_ip joinMcGroup: 224.0.0.251 on em0 Current routing table (Insert Route): ----------------------------------------------------- #0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:1, St: A, OutVifs: 0x00000002 #1: Dst: 224.0.0.251, Age:2, St: I, OutVifs: 0x00000002 ----------------------------------------------------- RECV V3 member report from my_ip to 224.0.0.22 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.101.1 to 224.0.0.22 The IGMP message was from myself. Ignoring. RECV V3 member report from my_ip to 224.0.0.22 The IGMP message was from myself. Ignoring. About to call timeout 2 (#0) SENT Membership query from 192.168.101.1 to 224.0.0.1 Sent membership query from 192.168.101.1 to 224.0.0.1. Delay: 10 Created timeout 3 (#0) - delay 10 secs (Id:3, Time:10) Created timeout 4 (#1) - delay 21 secs (Id:3, Time:10) (Id:4, Time:21) RECV Membership query from 192.168.101.1 to 224.0.0.1 RECV V2 member report from 192.168.101.1 to 224.0.0.22 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.101.1 to 224.0.0.2 The IGMP message was from myself. Ignoring. The IGMP message was local multicast. Ignoring. RECV V2 member report from 192.168.101.200 to 230.200.201.32 Should insert group 230.200.201.32 (from: 192.168.101.200) to route table. Vif Ix : 1 Updated route entry for 230.200.201.32 on VIF #1 Vif bits : 0x00000002 Setting TTL for Vif 1 to 1 Adding MFC: 10.1.70.242 -> 230.200.201.32, InpVIf: 0
Firewall выключен
Current routing table (Insert Route): ----------------------------------------------------- #0: Dst: 230.200.201.32, Age:2, St: I, OutVifs: 0x00000002 ----------------------------------------------------- RECV V2 member report from my_ip to 230.200.201.32 The IGMP message was from myself. Ignoring. Route activate request from 10.1.70.242 to 230.200.201.32 on VIF[0] Vif bits : 0x00000002 Setting TTL for Vif 1 to 1 Adding MFC: 10.1.70.242 -> 230.200.201.32, InpVIf: 0 Current routing table (Activate Route): ----------------------------------------------------- #0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:2, St: A, OutVifs: 0x00000002 ----------------------------------------------------- RECV V2 member report from 192.168.101.100 to 224.0.0.251 Should insert group 224.0.0.251 (from: 192.168.101.100) to route table. Vif Ix : 1 No existing route for 224.0.0.251. Create new. Found existing routes. Find insert location. Inserting after route 230.200.201.32 Inserted route table entry for 224.0.0.251 on VIF #1 Joining group 224.0.0.251 upstream on IF address my_ip joinMcGroup: 224.0.0.251 on em0 Current routing table (Insert Route): ----------------------------------------------------- #0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:2, St: A, OutVifs: 0x00000002 #1: Dst: 224.0.0.251, Age:2, St: I, OutVifs: 0x00000002 ----------------------------------------------------- RECV V2 member report from my_ip to 224.0.0.251 The IGMP message was from myself. Ignoring. The IGMP message was local multicast. Ignoring. The IGMP message was local multicast. Ignoring. The IGMP message was local multicast. Ignoring. The IGMP message was local multicast. Ignoring. The IGMP message was local multicast. Ignoring. RECV V2 member report from 192.168.101.1 to 224.0.0.22 The IGMP message was from myself. Ignoring. RECV Membership query from 10.2.148.5 to 224.0.0.1 RECV V2 member report from 46.163.185.177 to 224.0.0.1 Mebership report was received on the upstream interface. Ignoring. The IGMP message was local multicast. Ignoring. About to call timeout 1 (#0) Aging routes in table. Current routing table (Age active routes): ----------------------------------------------------- #0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:1, St: A, OutVifs: 0x00000002 #1: Dst: 224.0.0.251, Age:1, St: I, OutVifs: 0x00000002 ----------------------------------------------------- RECV V2 member report from 85.12.210.254 to 224.0.0.9 No interfaces found for source 85.12.210.254 The IGMP message was local multicast. Ignoring. RECV V2 member report from my_ip to 230.200.201.32 The IGMP message was from myself. Ignoring. RECV Leave message from 82.151.213.180 to 224.0.0.2 Got leave message from 82.151.213.180 to 224.0.0.251. Starting last member detection. No interfaces found for source 82.151.213.180 RECV V2 member report from my_ip to 224.0.0.251 The IGMP message was from myself. Ignoring. RECV Membership query from 10.2.148.5 to 230.200.201.185 RECV Membership query from 10.2.148.5 to 230.200.201.185 RECV Membership query from 10.2.148.5 to 230.200.201.185 About to call timeout 2 (#0) SENT Membership query from 192.168.101.1 to 224.0.0.1 Sent membership query from 192.168.101.1 to 224.0.0.1. Delay: 10 Created timeout 3 (#0) - delay 10 secs (Id:3, Time:10) Created timeout 4 (#1) - delay 21 secs (Id:3, Time:10) (Id:4, Time:21) RECV Membership query from 192.168.101.1 to 224.0.0.1 RECV Membership query from 10.2.148.5 to 239.99.17.128 RECV Membership query from 10.2.148.5 to 239.99.17.128 RECV V2 member report from 192.168.101.100 to 224.0.0.251 Should insert group 224.0.0.251 (from: 192.168.101.100) to route table. Vif Ix : 1 Updated route entry for 224.0.0.251 on VIF #1
-
https://forum.lissyara.su/viewtopic.php?f=4&t=35261
мб это Вам поможет
тут почитайте ( особенно последний пост ) , первые посты вряд ли будут решением , хотя и информативно
-
да, я находил эту тему и в /etc/rc прописывал значения, не работает
-
@codriver
вот еще что написано в докахA firewall rule is also required on the Downstream side (e.g. LAN) to match and pass the multicast traffic. In the Advanced Options of the firewall rule, Allow packets with IP Options must be enabled.
и на всякий случай проверьте логи файрвола , нет ли блокировок IGMP/UDP трафика
-
пров вещает из сеток 10.1.16.0 и 10.1.70.0 пробовал их добавлять и по отдельности и просто 10.1.0.0/16 , результата нет. Если файервол включен то как я понимаю мультикаст просто не приходит с некоторых серверов, т.е. приставка запрос отправляет, но ответа нет:RECV V2 member report from 192.168.101.200 to 239.99.17.246 Should insert group 239.99.17.246 (from: 192.168.101.200) to route table. Vif Ix : 1 No existing route for 239.99.17.246. Create new. No routes in table. Insert at beginning. Inserted route table entry for 239.99.17.246 on VIF #1 Joining group 239.99.17.246 upstream on IF address my_ip joinMcGroup: 239.99.17.246 on em0 Current routing table (Insert Route): ----------------------------------------------------- #0: Dst: 239.99.17.246, Age:2, St: I, OutVifs: 0x00000002 ----------------------------------------------------- RECV V3 member report from my_ip to 224.0.0.22 The IGMP message was from myself. Ignoring. RECV V2 member report from 192.168.101.100 to 224.0.0.251 Should insert group 224.0.0.251 (from: 192.168.101.100) to route table. Vif Ix : 1 No existing route for 224.0.0.251. Create new. Found existing routes. Find insert location. Inserting after route 239.99.17.246 Inserted route table entry for 224.0.0.251 on VIF #1 Joining group 224.0.0.251 upstream on IF address my_ip joinMcGroup: 224.0.0.251 on em0 Current routing table (Insert Route): ----------------------------------------------------- #0: Dst: 239.99.17.246, Age:2, St: I, OutVifs: 0x00000002 #1: Dst: 224.0.0.251, Age:2, St: I, OutVifs: 0x00000002 ----------------------------------------------------- RECV V3 member report from my_ip to 224.0.0.22 The IGMP message was from myself. Ignoring. RECV Leave message from 192.168.101.200 to 224.0.0.2 Got leave message from 192.168.101.200 to 239.99.17.246. Starting last member detection. counted 1 interfaces Leaving group -166632465 now Leaving group 239.99.17.246 upstream on IF address my_ip leaveMcGroup: 239.99.17.246 on em0 Interface id 1 is in group $d SENT Membership query from 192.168.101.1 to 239.99.17.246 Sent membership query from 192.168.101.1 to 239.99.17.246. Delay: 10 Created timeout 3 (#1) - delay 3 secs (Id:1, Time:7) (Id:3, Time:3) (Id:2, Time:18) RECV Membership query from 192.168.101.1 to 239.99.17.246 RECV V2 member report from 192.168.101.200 to 239.99.17.246 Should insert group 239.99.17.246 (from: 192.168.101.200) to route table. Vif Ix : 1 Updated route entry for 239.99.17.246 on VIF #1 Joining group 239.99.17.246 upstream on IF address my_ip joinMcGroup: 239.99.17.246 on em0
-
у приставки есть свой ip т.е. по идее её можно вынести за nat но в этом случае я не смогу её использовать для просмотра в локальной сети. Сижу вот думаю как можно бы пробросить на неё трафик но при этом чтоб по nfs она видела локальную сеть, но что-то решения не приходит
-
@codriver said in IGMP Proxy конфликт версий:
239.99.17.246
Запустите tcpdump при отключенном файрволе и посмотрите на обмен трафиком с приставкой . И поймете , какие сервера и адреса использует провайдер
Посмотрите еще тут пример настроек для PF
https://weburg.net/forums/weburg-tv/comp-tv/167456
-
Да, я так и делал составлял список ip, так как если просто в upstream добавить 224.0.0.0/4 то ничего не приходило, после добавления . не могу понять что за адрес 10.2.148.5
вот лог проблемного канала
wantcpdump -i em0 | grep igmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes 20:31:06.480223 IP 46.163.185.220 > all-routers.mcast.net: igmp leave 224.0.1.187 20:31:06.564598 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185] 20:31:06.809066 IP 10.2.148.5 > 230.200.201.189: igmp query v2 [max resp time 10] [gaddr 230.200.201.189] 20:31:07.623127 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185] 20:31:07.826781 IP 10.2.148.5 > 230.200.201.189: igmp query v2 [max resp time 10] [gaddr 230.200.201.189] 20:31:08.004816 IP 10.2.148.5 > 230.200.201.4: igmp query v2 [max resp time 10] [gaddr 230.200.201.4] 20:31:13.738765 IP 82.151.211.34 > all-routers.mcast.net: igmp leave 224.0.0.251 20:31:16.442001 IP 10.2.148.5 > 230.200.201.12: igmp query v2 [max resp time 10] [gaddr 230.200.201.12] 20:31:20.347096 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185] 20:31:22.597913 IP 83.167.20.140 > all-routers.mcast.net: igmp leave 224.168.100.1 20:31:22.747240 IP 85.12.231.84 > all-routers.mcast.net: igmp leave 224.0.0.251 20:31:29.645727 IP 10.2.148.5 > 239.99.17.182: igmp query v2 [max resp time 10] [gaddr 239.99.17.182] 20:31:29.659452 IP 10.2.148.5 > 239.99.17.182: igmp query v2 [max resp time 10] [gaddr 239.99.17.182] 20:31:29.789036 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185] 20:31:30.665806 IP 10.2.148.5 > 239.99.17.182: igmp query v2 [max resp time 10] [gaddr 239.99.17.182] 20:31:30.817014 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185] 20:31:32.600702 IP 83.167.20.140 > all-routers.mcast.net: igmp leave 224.168.100.1 20:31:34.278868 IP 10.2.148.5 > 230.200.201.4: igmp query v2 [max resp time 10] [gaddr 230.200.201.4] 20:31:34.291121 IP 10.2.148.5 > 230.200.201.4: igmp query v2 [max resp time 10] [gaddr 230.200.201.4] 20:31:35.321045 IP 10.2.148.5 > 230.200.201.4: igmp query v2 [max resp time 10] [gaddr 230.200.201.4] 20:31:40.323521 IP 85.12.231.73 > all-routers.mcast.net: igmp leave 224.0.0.251 20:31:40.332658 IP 85.12.231.73 > all-routers.mcast.net: igmp leave 224.0.0.252 20:31:40.465332 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185] 20:31:41.484605 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185] 20:31:42.604333 IP 83.167.20.140 > all-routers.mcast.net: igmp leave 224.168.100.1 ^C23461 packets captured 28680 packets received by filter 5027 packets dropped by kernel
lan
0:25:00.079122 IP 192.168.101.200 > 239.99.17.246: igmp v2 report 239.99.17.246 20:25:05.415773 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250 20:25:20.640707 IP 192.168.101.200 > all-routers.mcast.net: igmp leave 239.99.17.246 20:25:20.870741 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94 20:25:21.863658 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94 20:25:30.330913 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94 20:25:41.728934 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94 20:25:50.685157 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250 20:26:05.918774 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250 20:26:06.334852 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94 20:26:20.960480 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250 20:26:21.504613 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94 20:26:44.099168 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250 20:26:47.427671 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94 20:27:01.141241 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94 20:27:05.829818 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250 20:27:46.926093 IP 192.168.101.200 > all-routers.mcast.net: igmp leave 239.99.17.94 20:27:47.152672 IP 192.168.101.200 > 239.99.17.246: igmp v2 report 239.99.17.246 20:27:47.440511 IP 192.168.101.200 > 239.99.17.246: igmp v2 report 239.99.17.246 20:27:53.531242 IP 192.168.101.200 > 239.99.17.246: igmp v2 report 239.99.17.246
-
@Konstanti спасибо за участие. Победил. Добавил на wan правило для igmp траффика с 10.2.148.5 и остальные каналы заработали. При этом про данный ip даже сам пров мне ничего не говорил.