On Sun, 09 Aug 2020 13:55:02 +0000 "Bjoern A. Zeeb" <bzeeb-li...@lists.zabbadoz.net> wrote:
> On 8 Aug 2020, at 12:31, Abelenda Diego wrote: > > > On Sat, 8 Aug 2020 12:54:37 +0200 > > Hans Petter Selasky <h...@selasky.org> wrote: > > > >> On 2020-08-07 15:25, Abelenda Diego wrote: > >>> Hello, > >>> > >>> I have discovered that I had a multicast issue for years I did not > >>> know > >>> about. I use a FreeBSD (opnsense) setup as router for my home > >>> network and > >>> have igmpproxy for IPTV. Somehow everything seems to work, until I > >>> realized > >>> that my ISP was making a DoS with multicast. It is pretty much what > >>> was > >>> described years ago here: > >>> https://forum.netgate.com/topic/62591/igmp-issues-causing-isp-to-perform-multicast-dos-on-my-pfsense/7. > >>> But the solution of not using FreeBSD seem weird. So dug a lot > >>> learning > >>> about Multicast IGMPv{2,3} etc in the process. Here is an abstract > >>> of what > >>> I found: > >> > >> Which version of FreeBSD is this (uname -a) ? > >> > >> There has been some fixes in the multicast area from time to time, > >> and > >> you should make sure you've got all the fixes incorporated in the > >> kernel > >> you are using, typically by testing a kernel based on a -stable or > >> -current branch of FreeBSD. > >> > >> --HPS > >> > > > > Hello, > > > > This is opnsense, so it is not like I can change kernel as I want. > > Moreover the > > kernel used by opnsense has some patches for stf 6rd support for > > example, > > things like that. > > > > Anyway, the kernel I use is: > > > > FreeBSD $hostname 12.1-RELEASE-p7-HBSD FreeBSD 12.1-RELEASE-p7-HBSD #0 > > 427d53bc125(stable/20.7)-dirty: Sun Jul 26 05:51:42 CEST 2020 > > root@sensey64:/usr/obj/usr/src/amd64.amd64/sys/SMP amd64 > > > > But from what you are asking, it seems you suggest my issue is kernel > > related > > and in no way a userspace problem. So I cannot do anything to mitigate > > the > > issue? > > > > BTW I said reset the interface fixed the issue, but in fact, I need to > > reboot, > > I found no way to clear the multicast group memberships. > > > Is this related to: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248512 and the there > referenced other bugs? > > > /bz Hello, Yes seems to be that, even the address already in use error is present in the log of imgpproxy. Thank you for pointing that. I will try to make opnsense include this patch quickly. Best regards, Diego Abelenda
pgppwWOtFAB_E.pgp
Description: OpenPGP digital signature
