Re: Multicast issue, interface not leaving Mutlicast Group

[Bjoern A. Zeeb]

On 8 Aug 2020, at 12:31, Abelenda Diego wrote:


On Sat, 8 Aug 2020 12:54:37 +0200
Hans Petter Selasky  wrote:


On 2020-08-07 15:25, Abelenda Diego wrote:

Hello,

I have discovered that I had a multicast issue for years I did not 
know
about. I use a FreeBSD (opnsense) setup as router for my home 
network and
have igmpproxy for IPTV. Somehow everything seems to work, until I 
realized
that my ISP was making a DoS with multicast. It is pretty much what 
was

described years ago here:
https://forum.netgate.com/topic/62591/igmp-issues-causing-isp-to-perform-multicast-dos-on-my-pfsense/7.
But the solution of not using FreeBSD seem weird. So dug a lot 
learning
about Multicast IGMPv{2,3} etc in the process. Here is an abstract 
of what

I found:


Which version of FreeBSD is this (uname -a) ?

There has been some fixes in the multicast area from time to time, 
and
you should make sure you've got all the fixes incorporated in the 
kernel

you are using, typically by testing a kernel based on a -stable or
-current branch of FreeBSD.

--HPS



Hello,

This is opnsense, so it is not like I can change kernel as I want. 
Moreover the
kernel used by opnsense has some patches for stf 6rd support for 
example,

things like that.

Anyway, the kernel I use is:

FreeBSD $hostname 12.1-RELEASE-p7-HBSD FreeBSD 12.1-RELEASE-p7-HBSD #0 
 427d53bc125(stable/20.7)-dirty: Sun Jul 26 05:51:42 CEST 2020 
root@sensey64:/usr/obj/usr/src/amd64.amd64/sys/SMP  amd64


But from what you are asking, it seems you suggest my issue is kernel 
related
and in no way a userspace problem. So I cannot do anything to mitigate 
the

issue?

BTW I said reset the interface fixed the issue, but in fact, I need to 
reboot,

I found no way to clear the multicast group memberships.



Is this related to:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248512  and the there 
referenced other bugs?



/bz
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Problem reports for n...@freebsd.org that need special attention

[bugzilla-noreply]

To view an individual PR, use:
  https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id).

The following is a listing of current problems submitted by FreeBSD users,
which need special attention. These represent problem reports covering
all versions including experimental development code and obsolete releases.

Status  |Bug Id | Description
+---+---
In Progress |221146 | [ixgbe] Problem with second laggport  
In Progress |235700 | oce(4) driver causes fatal trap 12 on boot with e 
New |204438 | setsockopt() handling of kern.ipc.maxsockbuf limi 
New |213410 | [carp] service netif restart causes hang only whe 
Open|  7556 | ppp: sl_compress_init() will fail if called anyth 
Open|187835 | ngctl(8) strange behavior when adding more than 5 
Open|193452 | Dell PowerEdge 210 II -- Kernel panic bce (broadc 
Open|194453 | dummynet(4): pipe config bw parameter limited to  
Open|200319 | Bridge+CARP crashes/freezes   
Open|202510 | [CARP] advertisements sourced from CARP IP cause  
Open|207261 | netmap: Doesn't do TX sync with kqueue
Open|210726 | tcp connect() can return invalid EADDRINUSE (Eg:  
Open|217978 | dhclient: Support supersede statement for option  
Open|73 | igb(4): Kernel panic (fatal trap 12) due to netwo 
Open|225438 | panic in6_unlink_ifa() due to race
Open|227720 | Kernel panic in ppp server
Open|230807 | if_alc(4): Driver not working for Killer Networki 
Open|235524 | igb(4): Ethernet interface loses active link stat 
Open|236888 | ppp daemon: Allow MTU to be overridden for PPPoE  
Open|236983 | bnxt(4) VLAN not operational unless explicit "ifc 
Open|237072 | netgraph(4): performance issue [on HardenedBSD]?  
Open|237840 | Removed dummynet dependency on ipfw   
Open|238324 | Add XG-C100C/AQtion AQC107 10GbE NIC driver   
Open|240530 | netgraph/ng_source: Allow ng_source to inject int 
Open|240944 | em(4): Crash with Intel 82571EB NIC with AMD Pile 
Open|240969 | netinet6: Neighbour reachability detection broken 
Open|241106 | tun/ppp: panic: vm_fault: fault on nofault entry  
Open|241162 | Panic in closefp() triggered by nginx (uwsgi with 
Open|243463 | ix0: Watchdog timeout 
Open|244066 | divert: Add sysctls for divert socket send and re 
Open|244706 | panic: NULL dereference inside __mtx_lock_sleep() 
Open|248306 | if_mvneta: Corrupts TX packets when TXCSUM is not 
Open|118111 | rc: network.subr Add MAC address based interface  

33 problems total for which you should take action.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: Multicast issue, interface not leaving Mutlicast Group

[Abelenda Diego]

On Sun, 09 Aug 2020 13:55:02 +
"Bjoern A. Zeeb"  wrote:

> On 8 Aug 2020, at 12:31, Abelenda Diego wrote:
> 
> > On Sat, 8 Aug 2020 12:54:37 +0200
> > Hans Petter Selasky  wrote:
> >  
> >> On 2020-08-07 15:25, Abelenda Diego wrote:  
> >>> Hello,
> >>>
> >>> I have discovered that I had a multicast issue for years I did not 
> >>> know
> >>> about. I use a FreeBSD (opnsense) setup as router for my home 
> >>> network and
> >>> have igmpproxy for IPTV. Somehow everything seems to work, until I 
> >>> realized
> >>> that my ISP was making a DoS with multicast. It is pretty much what 
> >>> was
> >>> described years ago here:
> >>> https://forum.netgate.com/topic/62591/igmp-issues-causing-isp-to-perform-multicast-dos-on-my-pfsense/7.
> >>> But the solution of not using FreeBSD seem weird. So dug a lot 
> >>> learning
> >>> about Multicast IGMPv{2,3} etc in the process. Here is an abstract 
> >>> of what
> >>> I found:  
> >>
> >> Which version of FreeBSD is this (uname -a) ?
> >>
> >> There has been some fixes in the multicast area from time to time, 
> >> and
> >> you should make sure you've got all the fixes incorporated in the 
> >> kernel
> >> you are using, typically by testing a kernel based on a -stable or
> >> -current branch of FreeBSD.
> >>
> >> --HPS
> >>  
> >
> > Hello,
> >
> > This is opnsense, so it is not like I can change kernel as I want. 
> > Moreover the
> > kernel used by opnsense has some patches for stf 6rd support for 
> > example,
> > things like that.
> >
> > Anyway, the kernel I use is:
> >
> > FreeBSD $hostname 12.1-RELEASE-p7-HBSD FreeBSD 12.1-RELEASE-p7-HBSD #0 
> >  427d53bc125(stable/20.7)-dirty: Sun Jul 26 05:51:42 CEST 2020 
> > root@sensey64:/usr/obj/usr/src/amd64.amd64/sys/SMP  amd64
> >
> > But from what you are asking, it seems you suggest my issue is kernel 
> > related
> > and in no way a userspace problem. So I cannot do anything to mitigate 
> > the
> > issue?
> >
> > BTW I said reset the interface fixed the issue, but in fact, I need to 
> > reboot,
> > I found no way to clear the multicast group memberships.  
> 
> 
> Is this related to:
> 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248512  and the there 
> referenced other bugs?
> 
> 
> /bz


Hello,

Yes seems to be that, even the address already in use error is present in the
log of imgpproxy.

Thank you for pointing that. I will try to make opnsense include this patch
quickly.

Best regards,
Diego Abelenda


pgppwWOtFAB_E.pgp
Description: OpenPGP digital signature