IGMP Proxy конфликт версий



  • Добрый день. Заранее прошу прощения, тема вроде как в ветке IPTV поднималась, но решения(из тех что я нашел) на версии 2.4.5 не работают. Суть проблемы. Провайдер работает с igmp v2 , но на выходе из pfsense отправляются уже v3 report. В tunables net.inet.igmp.default_version = 2, пробовал так же прописать в /etc/rc - результата ноль. Выключаем фаервол - и pf начинает отправлять репорт 2 версии, включаем обратно, снова тоже самое.

    sysctl -a | grep igmp
    net.inet.igmp.gsrdelay: 10
    net.inet.igmp.default_version: 2
    net.inet.igmp.legacysupp: 1
    net.inet.igmp.v2enable: 1
    net.inet.igmp.v1enable: 1
    net.inet.igmp.sendlocal: 1
    net.inet.igmp.sendra: 0
    net.inet.igmp.recvifkludge: 1
    
    tcpdump -i em2 | grep igmp
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on em2, link-type EN10MB (Ethernet), capture size 262144 bytes
    13:32:44.674446 IP 192.168.101.1 > all-systems.mcast.net: igmp query v2
    13:32:45.971892 IP 192.168.101.100 > 224.0.0.251: igmp v2 report 224.0.0.251
    13:32:46.053159 IP 192.168.101.1 > igmp.mcast.net: igmp v2 report igmp.mcast.net
    
    tcpdump -i em0 | grep igmp | grep ...
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
    12:47:01.067170 IP recursor-slave.domain > ....57733: 24636 1/0/0 PTR igmp.mcast.net. (69)
    12:47:01.285513 IP recursor-master.domain > ....57733: 24636 1/0/0 PTR igmp.mcast.net. (69)
    12:47:14.402841 IP ... > igmp.mcast.net: igmp v3 report, 1 group record(s)
    12:47:17.413184 IP ... > igmp.mcast.net: igmp v3 report, 1 group record(s)
    


  • @codriver
    Здр
    в теме igmp не сильно разбираюсь , но попробуйте сделать так ( для диагностики )

    1. останавливате службу IGMP Proxy
    2. из консоли запускаете команду /usr/local/sbin/igmpproxy -d -v -v /var/etc/igmpproxy.conf и смотрите , что происходит
      В идеале выложить 2 файла для анализа ( для 2-х Ваших случаев ) , чтобы попытаться понять в чем разница


  • @Konstanti said in IGMP Proxy конфликт версий:

    /usr/local/sbin/igmpproxy -d -v -v /var/etc/igmpproxy.conf

    Спасибо за ответ.

    Firewall включен

    Current routing table (Insert Route):
    -----------------------------------------------------
    #0: Dst: 230.200.201.32, Age:2, St: I, OutVifs: 0x00000002
    -----------------------------------------------------
    RECV V3 member report   from my_ip  to 224.0.0.22
    The IGMP message was from myself. Ignoring.
    Route activate request from 10.1.70.242 to 230.200.201.32 on VIF[0]
    Vif bits : 0x00000002
    Setting TTL for Vif 1 to 1
    Adding MFC: 10.1.70.242 -> 230.200.201.32, InpVIf: 0
    
    Current routing table (Activate Route):
    -----------------------------------------------------
    #0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:2, St: A, OutVifs: 0x00000002
    -----------------------------------------------------
    RECV V2 member report   from 192.168.101.1   to 224.0.0.2
    The IGMP message was from myself. Ignoring.
    The IGMP message was local multicast. Ignoring.
    RECV V3 member report   from my_ip  to 224.0.0.22
    The IGMP message was from myself. Ignoring.
    About to call timeout 1 (#0)
    Aging routes in table.
    
    Current routing table (Age active routes):
    -----------------------------------------------------
    #0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:1, St: A, OutVifs: 0x00000002
    -----------------------------------------------------
    RECV V2 member report   from 192.168.101.100 to 224.0.0.251
    Should insert group 224.0.0.251 (from: 192.168.101.100) to route table. Vif Ix : 1
    No existing route for 224.0.0.251. Create new.
    Found existing routes. Find insert location.
    Inserting after route 230.200.201.32
    Inserted route table entry for 224.0.0.251 on VIF #1
    Joining group 224.0.0.251 upstream on IF address my_ip
    joinMcGroup: 224.0.0.251 on em0
    
    Current routing table (Insert Route):
    -----------------------------------------------------
    #0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:1, St: A, OutVifs: 0x00000002
    #1: Dst: 224.0.0.251, Age:2, St: I, OutVifs: 0x00000002
    -----------------------------------------------------
    RECV V3 member report   from my_ip  to 224.0.0.22
    The IGMP message was from myself. Ignoring.
    RECV V2 member report   from 192.168.101.1   to 224.0.0.22
    The IGMP message was from myself. Ignoring.
    RECV V3 member report   from my_ip  to 224.0.0.22
    The IGMP message was from myself. Ignoring.
    About to call timeout 2 (#0)
    SENT Membership query   from 192.168.101.1   to 224.0.0.1
    Sent membership query from 192.168.101.1 to 224.0.0.1. Delay: 10
    Created timeout 3 (#0) - delay 10 secs
    (Id:3, Time:10) 
    Created timeout 4 (#1) - delay 21 secs
    (Id:3, Time:10) 
    (Id:4, Time:21) 
    RECV Membership query   from 192.168.101.1   to 224.0.0.1
    RECV V2 member report   from 192.168.101.1   to 224.0.0.22
    The IGMP message was from myself. Ignoring.
    RECV V2 member report   from 192.168.101.1   to 224.0.0.2
    The IGMP message was from myself. Ignoring.
    The IGMP message was local multicast. Ignoring.
    RECV V2 member report   from 192.168.101.200 to 230.200.201.32
    Should insert group 230.200.201.32 (from: 192.168.101.200) to route table. Vif Ix : 1
    Updated route entry for 230.200.201.32 on VIF #1
    Vif bits : 0x00000002
    Setting TTL for Vif 1 to 1
    Adding MFC: 10.1.70.242 -> 230.200.201.32, InpVIf: 0 
    

    Firewall выключен

    Current routing table (Insert Route):
    -----------------------------------------------------
    #0: Dst: 230.200.201.32, Age:2, St: I, OutVifs: 0x00000002
    -----------------------------------------------------
    RECV V2 member report   from my_ip  to 230.200.201.32
    The IGMP message was from myself. Ignoring.
    Route activate request from 10.1.70.242 to 230.200.201.32 on VIF[0]
    Vif bits : 0x00000002
    Setting TTL for Vif 1 to 1
    Adding MFC: 10.1.70.242 -> 230.200.201.32, InpVIf: 0
    
    Current routing table (Activate Route):
    -----------------------------------------------------
    #0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:2, St: A, OutVifs: 0x00000002
    -----------------------------------------------------
    RECV V2 member report   from 192.168.101.100 to 224.0.0.251
    Should insert group 224.0.0.251 (from: 192.168.101.100) to route table. Vif Ix : 1
    No existing route for 224.0.0.251. Create new.
    Found existing routes. Find insert location.
    Inserting after route 230.200.201.32
    Inserted route table entry for 224.0.0.251 on VIF #1
    Joining group 224.0.0.251 upstream on IF address my_ip
    joinMcGroup: 224.0.0.251 on em0
    
    Current routing table (Insert Route):
    -----------------------------------------------------
    #0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:2, St: A, OutVifs: 0x00000002
    #1: Dst: 224.0.0.251, Age:2, St: I, OutVifs: 0x00000002
    -----------------------------------------------------
    RECV V2 member report   from my_ip  to 224.0.0.251
    The IGMP message was from myself. Ignoring.
    The IGMP message was local multicast. Ignoring.
    The IGMP message was local multicast. Ignoring.
    The IGMP message was local multicast. Ignoring.
    The IGMP message was local multicast. Ignoring.
    The IGMP message was local multicast. Ignoring.
    RECV V2 member report   from 192.168.101.1   to 224.0.0.22
    The IGMP message was from myself. Ignoring.
    RECV Membership query   from 10.2.148.5      to 224.0.0.1
    RECV V2 member report   from 46.163.185.177  to 224.0.0.1
    Mebership report was received on the upstream interface. Ignoring.
    The IGMP message was local multicast. Ignoring.
    About to call timeout 1 (#0)
    Aging routes in table.
    
    Current routing table (Age active routes):
    -----------------------------------------------------
    #0: Src0: 10.1.70.242, Dst: 230.200.201.32, Age:1, St: A, OutVifs: 0x00000002
    #1: Dst: 224.0.0.251, Age:1, St: I, OutVifs: 0x00000002
    -----------------------------------------------------
    RECV V2 member report   from 85.12.210.254   to 224.0.0.9
    No interfaces found for source 85.12.210.254
    The IGMP message was local multicast. Ignoring.
    RECV V2 member report   from my_ip  to 230.200.201.32
    The IGMP message was from myself. Ignoring.
    RECV Leave message      from 82.151.213.180  to 224.0.0.2
    Got leave message from 82.151.213.180 to 224.0.0.251. Starting last member detection.
    No interfaces found for source 82.151.213.180
    RECV V2 member report   from my_ip  to 224.0.0.251
    The IGMP message was from myself. Ignoring.
    RECV Membership query   from 10.2.148.5      to 230.200.201.185
    RECV Membership query   from 10.2.148.5      to 230.200.201.185
    RECV Membership query   from 10.2.148.5      to 230.200.201.185
    About to call timeout 2 (#0)
    SENT Membership query   from 192.168.101.1   to 224.0.0.1
    Sent membership query from 192.168.101.1 to 224.0.0.1. Delay: 10
    Created timeout 3 (#0) - delay 10 secs
    (Id:3, Time:10) 
    Created timeout 4 (#1) - delay 21 secs
    (Id:3, Time:10) 
    (Id:4, Time:21) 
    RECV Membership query   from 192.168.101.1   to 224.0.0.1
    RECV Membership query   from 10.2.148.5      to 239.99.17.128
    RECV Membership query   from 10.2.148.5      to 239.99.17.128
    RECV V2 member report   from 192.168.101.100 to 224.0.0.251
    Should insert group 224.0.0.251 (from: 192.168.101.100) to route table. Vif Ix : 1
    Updated route entry for 224.0.0.251 on VIF #1
    


  • @codriver

    https://forum.lissyara.su/viewtopic.php?f=4&t=35261

    мб это Вам поможет

    тут почитайте ( особенно последний пост ) , первые посты вряд ли будут решением , хотя и информативно



  • да, я находил эту тему и в /etc/rc прописывал значения, не работает



  • @codriver
    вот еще что написано в доках

    A firewall rule is also required on the Downstream side (e.g. LAN) to match and pass the multicast traffic. 
    In the Advanced Options of the firewall rule, Allow packets with IP Options must be enabled.
    

    и на всякий случай проверьте логи файрвола , нет ли блокировок IGMP/UDP трафика



  • 1cd015fb-7205-4b2d-a0ea-af961a4e4135-image.png
    пров вещает из сеток 10.1.16.0 и 10.1.70.0 пробовал их добавлять и по отдельности и просто 10.1.0.0/16 , результата нет. Если файервол включен то как я понимаю мультикаст просто не приходит с некоторых серверов, т.е. приставка запрос отправляет, но ответа нет:

    RECV V2 member report   from 192.168.101.200 to 239.99.17.246
    Should insert group 239.99.17.246 (from: 192.168.101.200) to route table. Vif Ix : 1
    No existing route for 239.99.17.246. Create new.
    No routes in table. Insert at beginning.
    Inserted route table entry for 239.99.17.246 on VIF #1
    Joining group 239.99.17.246 upstream on IF address my_ip
    joinMcGroup: 239.99.17.246 on em0
    
    Current routing table (Insert Route):
    -----------------------------------------------------
    #0: Dst: 239.99.17.246, Age:2, St: I, OutVifs: 0x00000002
    -----------------------------------------------------
    RECV V3 member report   from my_ip  to 224.0.0.22
    The IGMP message was from myself. Ignoring.
    RECV V2 member report   from 192.168.101.100 to 224.0.0.251
    Should insert group 224.0.0.251 (from: 192.168.101.100) to route table. Vif Ix : 1
    No existing route for 224.0.0.251. Create new.
    Found existing routes. Find insert location.
    Inserting after route 239.99.17.246
    Inserted route table entry for 224.0.0.251 on VIF #1
    Joining group 224.0.0.251 upstream on IF address my_ip
    joinMcGroup: 224.0.0.251 on em0
    
    Current routing table (Insert Route):
    -----------------------------------------------------
    #0: Dst: 239.99.17.246, Age:2, St: I, OutVifs: 0x00000002
    #1: Dst: 224.0.0.251, Age:2, St: I, OutVifs: 0x00000002
    -----------------------------------------------------
    RECV V3 member report   from my_ip  to 224.0.0.22
    The IGMP message was from myself. Ignoring.
    RECV Leave message      from 192.168.101.200 to 224.0.0.2
    Got leave message from 192.168.101.200 to 239.99.17.246. Starting last member detection.
    counted 1 interfaces
    Leaving group -166632465 now
    Leaving group 239.99.17.246 upstream on IF address my_ip
    leaveMcGroup: 239.99.17.246 on em0
    Interface id 1 is in group $d
    SENT Membership query   from 192.168.101.1   to 239.99.17.246
    Sent membership query from 192.168.101.1 to 239.99.17.246. Delay: 10
    Created timeout 3 (#1) - delay 3 secs
    (Id:1, Time:7) 
    (Id:3, Time:3) 
    (Id:2, Time:18) 
    RECV Membership query   from 192.168.101.1   to 239.99.17.246
    RECV V2 member report   from 192.168.101.200 to 239.99.17.246
    Should insert group 239.99.17.246 (from: 192.168.101.200) to route table. Vif Ix : 1
    Updated route entry for 239.99.17.246 on VIF #1
    Joining group 239.99.17.246 upstream on IF address my_ip
    joinMcGroup: 239.99.17.246 on em0
    


  • у приставки есть свой ip т.е. по идее её можно вынести за nat но в этом случае я не смогу её использовать для просмотра в локальной сети. Сижу вот думаю как можно бы пробросить на неё трафик но при этом чтоб по nfs она видела локальную сеть, но что-то решения не приходит



  • @codriver said in IGMP Proxy конфликт версий:

    239.99.17.246

    Запустите tcpdump при отключенном файрволе и посмотрите на обмен трафиком с приставкой . И поймете , какие сервера и адреса использует провайдер

    Посмотрите еще тут пример настроек для PF

    https://weburg.net/forums/weburg-tv/comp-tv/167456



  • Да, я так и делал составлял список ip, так как если просто в upstream добавить 224.0.0.0/4 то ничего не приходило, после добавления . не могу понять что за адрес 10.2.148.5

    вот лог проблемного канала
    wan

    tcpdump -i em0 | grep igmp
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
    20:31:06.480223 IP 46.163.185.220 > all-routers.mcast.net: igmp leave 224.0.1.187
    20:31:06.564598 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185]
    20:31:06.809066 IP 10.2.148.5 > 230.200.201.189: igmp query v2 [max resp time 10] [gaddr 230.200.201.189]
    20:31:07.623127 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185]
    20:31:07.826781 IP 10.2.148.5 > 230.200.201.189: igmp query v2 [max resp time 10] [gaddr 230.200.201.189]
    20:31:08.004816 IP 10.2.148.5 > 230.200.201.4: igmp query v2 [max resp time 10] [gaddr 230.200.201.4]
    20:31:13.738765 IP 82.151.211.34 > all-routers.mcast.net: igmp leave 224.0.0.251
    20:31:16.442001 IP 10.2.148.5 > 230.200.201.12: igmp query v2 [max resp time 10] [gaddr 230.200.201.12]
    20:31:20.347096 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185]
    20:31:22.597913 IP 83.167.20.140 > all-routers.mcast.net: igmp leave 224.168.100.1
    20:31:22.747240 IP 85.12.231.84 > all-routers.mcast.net: igmp leave 224.0.0.251
    20:31:29.645727 IP 10.2.148.5 > 239.99.17.182: igmp query v2 [max resp time 10] [gaddr 239.99.17.182]
    20:31:29.659452 IP 10.2.148.5 > 239.99.17.182: igmp query v2 [max resp time 10] [gaddr 239.99.17.182]
    20:31:29.789036 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185]
    20:31:30.665806 IP 10.2.148.5 > 239.99.17.182: igmp query v2 [max resp time 10] [gaddr 239.99.17.182]
    20:31:30.817014 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185]
    20:31:32.600702 IP 83.167.20.140 > all-routers.mcast.net: igmp leave 224.168.100.1
    20:31:34.278868 IP 10.2.148.5 > 230.200.201.4: igmp query v2 [max resp time 10] [gaddr 230.200.201.4]
    20:31:34.291121 IP 10.2.148.5 > 230.200.201.4: igmp query v2 [max resp time 10] [gaddr 230.200.201.4]
    20:31:35.321045 IP 10.2.148.5 > 230.200.201.4: igmp query v2 [max resp time 10] [gaddr 230.200.201.4]
    20:31:40.323521 IP 85.12.231.73 > all-routers.mcast.net: igmp leave 224.0.0.251
    20:31:40.332658 IP 85.12.231.73 > all-routers.mcast.net: igmp leave 224.0.0.252
    20:31:40.465332 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185]
    20:31:41.484605 IP 10.2.148.5 > 230.200.201.185: igmp query v2 [max resp time 10] [gaddr 230.200.201.185]
    20:31:42.604333 IP 83.167.20.140 > all-routers.mcast.net: igmp leave 224.168.100.1
    ^C23461 packets captured
    28680 packets received by filter
    5027 packets dropped by kernel
    

    lan

    0:25:00.079122 IP 192.168.101.200 > 239.99.17.246: igmp v2 report 239.99.17.246
    20:25:05.415773 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250
    20:25:20.640707 IP 192.168.101.200 > all-routers.mcast.net: igmp leave 239.99.17.246
    20:25:20.870741 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
    20:25:21.863658 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
    20:25:30.330913 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
    20:25:41.728934 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
    20:25:50.685157 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250
    20:26:05.918774 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250
    20:26:06.334852 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
    20:26:20.960480 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250
    20:26:21.504613 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
    20:26:44.099168 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250
    20:26:47.427671 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
    20:27:01.141241 IP 192.168.101.200 > 239.99.17.94: igmp v2 report 239.99.17.94
    20:27:05.829818 IP 192.168.101.200 > 239.255.255.250: igmp v2 report 239.255.255.250
    20:27:46.926093 IP 192.168.101.200 > all-routers.mcast.net: igmp leave 239.99.17.94
    20:27:47.152672 IP 192.168.101.200 > 239.99.17.246: igmp v2 report 239.99.17.246
    20:27:47.440511 IP 192.168.101.200 > 239.99.17.246: igmp v2 report 239.99.17.246
    20:27:53.531242 IP 192.168.101.200 > 239.99.17.246: igmp v2 report 239.99.17.246
    


  • @Konstanti спасибо за участие. Победил. Добавил на wan правило для igmp траффика с 10.2.148.5 и остальные каналы заработали. При этом про данный ip даже сам пров мне ничего не говорил.


Log in to reply