IGMP Proxy broken?



  • Cannot start IGMP proxy after upgrading to 2.3 BETA.

    Config looks OK:

    [2.3-BETA][root@***]/root: cat /tmp/igmpproxy.conf
    
    ##------------------------------------------------------
    ## Enable Quickleave mode (Sends Leave instantly)
    ##------------------------------------------------------
    quickleave
    phyint vtnet3 upstream ratelimit 0 threshold 1
    
    phyint vtnet0 downstream ratelimit 0 threshold 1
    
    phyint vtnet1 disabled
    phyint vtnet2 disabled
    

    But it fails with

    [2.3-BETA][root@***]/root: igmpproxy -dv /tmp/igmpproxy.conf
    adding VIF, Ix 0 Fl 0x0 IP 0x036fa8c0 vtnet0, Threshold: 1, Ratelimit: 0
    adding VIF, Ix 1 Fl 0x0 IP 0xfe6fa8c0 vtnet0, Threshold: 1, Ratelimit: 0
    adding VIF, Ix 2 Fl 0x0 IP 0xfda8a8c0 vtnet1, Threshold: 1, Ratelimit: 0
    adding VIF, Ix 3 Fl 0x0 IP 0xfea8a8c0 vtnet1, Threshold: 1, Ratelimit: 0
    adding VIF, Ix 4 Fl 0x0 IP 0xfd0ba8c0 vtnet2, Threshold: 1, Ratelimit: 0
    adding VIF, Ix 5 Fl 0x0 IP 0xfdb2a8c0 vtnet3, Threshold: 1, Ratelimit: 0
    Vif #13 was already upstream. Cannot set VIF #14 as upstream as well.
    

  • Rebel Alliance Developer Netgate

    It works fine here. When mine starts, I only see the "adding VIF" lines once per interface. Not sure why it's adding them twice on yours, might be some quirk of the vtnet driver.



  • Does not seem to be limited to the vtnet driver, I can reproduce this on my Supermicro C2758 board:

    [2.3-BETA][admin@***]/root: cat /tmp/igmpproxy.conf
    
    ##------------------------------------------------------
    ## Enable Quickleave mode (Sends Leave instantly)
    ##------------------------------------------------------
    quickleave
    phyint igb2 upstream ratelimit 0 threshold 1
    
    phyint igb0 downstream ratelimit 0 threshold 1
    
    phyint igb1 disabled
    phyint igb0_vlan101 disabled
    phyint gif0 disabled
    
    [2.3-BETA][admin@***]/root: igmpproxy -dv /tmp/igmpproxy.conf
    adding VIF, Ix 0 Fl 0x0 IP 0x026fa8c0 igb0, Threshold: 1, Ratelimit: 0
    adding VIF, Ix 1 Fl 0x0 IP 0xfe6fa8c0 igb0, Threshold: 1, Ratelimit: 0
    adding VIF, Ix 2 Fl 0x0 IP 0xfca8a8c0 igb1, Threshold: 1, Ratelimit: 0
    adding VIF, Ix 3 Fl 0x0 IP 0xfea8a8c0 igb1, Threshold: 1, Ratelimit: 0
    adding VIF, Ix 4 Fl 0x0 IP 0xfcb2a8c0 igb2, Threshold: 1, Ratelimit: 0
    Vif #11 was already upstream. Cannot set VIF #12 as upstream as well.
    

    I'm using (different) private 192.168 /24 networks on both LAN and WAN, could that be a problem with the new igmpproxy? The old one did not have a problem with it.



  • I think it's related to CARP, could you try it with a CARP alias on WAN?

    buildIfVc: Interface igb2 Addr: 192.168.100.252, Flags: 0xffff8943, Network: 192.168.100/24
    buildIfVc: Interface igb2 Addr: 192.168.100.254, Flags: 0xffff8943, Network: 192.168.100/24
    

    It adds the LAN real and CARP IP (igb0) and it stops at the WAN interface (igb2), probably while trying to add the CARP alias, as there can only be one upstream interface:

    
    adding VIF, Ix 0 Fl 0x0 IP 0x026fa8c0 igb0, Threshold: 1, Ratelimit: 0
            Network for [igb0] : 192.168.1/24
    adding VIF, Ix 1 Fl 0x0 IP 0xfe6fa8c0 igb0, Threshold: 1, Ratelimit: 0
            Network for [igb0] : 192.168.1/24
    adding VIF, Ix 2 Fl 0x0 IP 0xfca8a8c0 igb1, Threshold: 1, Ratelimit: 0
            Network for [igb1] : 192.168.50/24
    adding VIF, Ix 3 Fl 0x0 IP 0xfea8a8c0 igb1, Threshold: 1, Ratelimit: 0
            Network for [igb1] : 192.168.50/24
    adding VIF, Ix 4 Fl 0x0 IP 0xfcb2a8c0 igb2, Threshold: 1, Ratelimit: 0
            Network for [igb2] : 192.168.100/24
    Vif #11 was already upstream. Cannot set VIF #12 as upstream as well.
    
    

  • Rebel Alliance Developer Netgate

    Ah, no. I didn't try it that way. Open up an entry on redmine, not sure what we can do about that but we can look into it.



  • The FreeBSD man page suggests:

    If multiple IP addresses is used on one  single  interface
    (ae. eth0:1 ...), all interface aliases not in use should be configured
    as disabled.
    

    But it also talks about eth0:0 as a possible alias. Seems the Linux man page was just copied and pasted.
    How would we address a CARP alias in FreeBSD? The original OpenBSD carpX notation does not seem to apply to FreeBSD, at least on my pfSense 2.3 install…
    Or can you bring back the old pfSense IGMP Proxy?


  • Rebel Alliance Developer Netgate

    On 2.2.x and later, CARP VIPs work like IP aliases at the OS level. The code may have to be changed to find them and mark them as disabled.

    Bringing back the old igmpproxy is not an option.



  • Thanks jimp, ticket opened:
    https://redmine.pfsense.org/issues/5783



  • athurdent or anyone else seeing issues here, this looks to be fixed, please upgrade and report back to confirm.



  • Thanks, it starts now.
    Does not really work for me, though. I used it to forward SSDP on 2.2.6, which worked fine. I setup a 2.2.6 VM to confirm that it still works there. Also tried an older 2.3 beta without the new changes and without CARP. Errors below are the same.

    On 2.2.6 I get:

    $ netstat -gn
    
    IPv4 Virtual Interface Table
     Vif   Thresh   Local-Address   Remote-Address    Pkts-In   Pkts-Out
      0         1   192.168.1xx.6                         340          0
      1         1   192.168.2xx.105                         0        340
    
    IPv4 Multicast Forwarding Table
     Origin          Group             Packets In-Vif  Out-Vifs:Ttls
     192.168.1xx.11  239.255.255.250       100    0    1:1
     192.168.1xx.31  239.255.255.250        12    0    1:1
     192.168.1xx.30  239.255.255.250       134    0    1:1
     192.168.1xx.245 239.255.255.250        42    0    1:1
     192.168.1xx.36  239.255.255.250        12    0    1:1
     192.168.1xx.246 239.255.255.250        40    0    1:1
    

    on 2.3:

    netstat -gn
    
    IPv4 Virtual Interface Table
     Vif   Thresh   Local-Address   Remote-Address    Pkts-In   Pkts-Out
      0         1   192.168.1xx.2                           0          0
      1         1   192.168.2xx.252                         0          0
    
    IPv4 Multicast Forwarding Table is empty
    

    And many complaints in the log about LAN hosts not being in any vaild net for WAN upstream, which seems kind of odd to me.

    The source address 192.168.1xx.245 for group 239.255.255.250, is not in any valid net for upstream VIF.
    

    Firewall rules on 2.2.6 and 2.3 are set to allow all IGMP incoming on either LAN and WAN with IP options, so no difference there.