From owner-freebsd-net@freebsd.org Sat Aug 8 12:31:17 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BC0933AB1D6 for ; Sat, 8 Aug 2020 12:31:17 +0000 (UTC) (envelope-from diego.abelenda@gmail.com) Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BP1mh6QvGz3fTm for ; Sat, 8 Aug 2020 12:31:16 +0000 (UTC) (envelope-from diego.abelenda@gmail.com) Received: by mail-ed1-x531.google.com with SMTP id c2so3130953edx.8 for ; Sat, 08 Aug 2020 05:31:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version; bh=16WVV29PFMqHITkvXsgJTsfe/xoBifmfG0ADL/Yqtbg=; b=RYyIbBjOK+4I0f6Pw+dLG/f9YwRtL2xUT1AV5Ym/OA80CK8wP22TBfN/cbfqpaIjT8 BNcpygfrOWY8zS5stvPxYHtavTjmHkXcPtC8PGwMO+TfGRpo1lAd9JJi9nBNW3uBUS/p u6sq+hv2ZysfxWJDW+N9TVcEZt5GgcqCqF5pRqCTReDhqybyskHiQscsrQAM2unzBNc6 u3zUc75+6oAbWVlrpwcQN2eEI6OVXlSu/sIWDYaBNLrixrk/i8np5laLCQNdS4uwU1tD z79/9a+GZQPdBuXIzsqvwgXsQ/3kq6OCJHax/rt7XB8ST7kCLiNvToo0eZOneH7jVb3B uLiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version; bh=16WVV29PFMqHITkvXsgJTsfe/xoBifmfG0ADL/Yqtbg=; b=Z/Q5UimG1bHc6JOql2ZeYFtH1ujSt/UYDFDZdYlyFIFSnEdtKIbm/D2NNXhuHR0Dnt 3tuoLWN37mousXA5yVD6BVYNv/IHE+NyGwdUTcSGnrGLdfoB0skrL6uusTcYW8aBMF/F EkaZNZ7/zuR7wSxKoZ17GdvLiDQeLW+gHhmNq0DoEKets61os06Cw1NLuAaCrKDXiSs+ JA5zxTGH866qB9ysosZQNhruSCyawX3Qk48lWF8x15jAknuPH16KYpAI1gnRXVz3C8c5 pPR5LAh9Fzjv6pGFfp41Vy+3QduxkEvAJQjCGiBqs6PbXsgHP9ggolJzGi24rTjU9afX K7LA== X-Gm-Message-State: AOAM531uVIdxxoTIheKKLJmau0ml9eG1YhkTFAqqEA7FQYmR7cqVqGeX QDj/eAuQnE5o03Tf9NnOu1OEay2F X-Google-Smtp-Source: ABdhPJwQTrnYsQGGZ2O/5b5XOYnXbzf/L7/W1prnGuybrC4oTTXZrWuKoLosY6OTdJgvy6aIkaFMAw== X-Received: by 2002:a50:ef0a:: with SMTP id m10mr13357255eds.226.1596889873993; Sat, 08 Aug 2020 05:31:13 -0700 (PDT) Received: from debian (29.182.6.85.dynamic.wline.res.cust.swisscom.ch. [85.6.182.29]) by smtp.gmail.com with ESMTPSA id du2sm8321344ejc.2.2020.08.08.05.31.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 08 Aug 2020 05:31:12 -0700 (PDT) Date: Sat, 8 Aug 2020 14:31:06 +0200 From: Abelenda Diego To: Hans Petter Selasky Cc: freebsd-net@freebsd.org Subject: Re: Multicast issue, interface not leaving Mutlicast Group Message-ID: <20200808143106.423bd20f@debian> In-Reply-To: <9c241a38-977b-dcdd-ba5d-e8b2dfa2b17c@selasky.org> References: <20200807152525.711d4072@debian> <9c241a38-977b-dcdd-ba5d-e8b2dfa2b17c@selasky.org> X-Mailer: Claws Mail 3.17.6 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/jeHJ7RfEfAXT+K14BOlLRzI"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Rspamd-Queue-Id: 4BP1mh6QvGz3fTm X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=RYyIbBjO; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of diegoabelenda@gmail.com designates 2a00:1450:4864:20::531 as permitted sender) smtp.mailfrom=diegoabelenda@gmail.com X-Spamd-Result: default: False [-3.49 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.89)[-0.887]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.977]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.03)[-1.028]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::531:from]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Aug 2020 12:31:17 -0000 --Sig_/jeHJ7RfEfAXT+K14BOlLRzI Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Sat, 8 Aug 2020 12:54:37 +0200 Hans Petter Selasky wrote: > On 2020-08-07 15:25, Abelenda Diego wrote: > > Hello, > >=20 > > I have discovered that I had a multicast issue for years I did not know > > about. I use a FreeBSD (opnsense) setup as router for my home network a= nd > > have igmpproxy for IPTV. Somehow everything seems to work, until I real= ized > > that my ISP was making a DoS with multicast. It is pretty much what was > > described years ago here: > > https://forum.netgate.com/topic/62591/igmp-issues-causing-isp-to-perfor= m-multicast-dos-on-my-pfsense/7. > > But the solution of not using FreeBSD seem weird. So dug a lot learning > > about Multicast IGMPv{2,3} etc in the process. Here is an abstract of w= hat > > I found:=20 >=20 > Which version of FreeBSD is this (uname -a) ? >=20 > There has been some fixes in the multicast area from time to time, and=20 > you should make sure you've got all the fixes incorporated in the kernel= =20 > you are using, typically by testing a kernel based on a -stable or=20 > -current branch of FreeBSD. >=20 > --HPS >=20 Hello, This is opnsense, so it is not like I can change kernel as I want. Moreover= the kernel used by opnsense has some patches for stf 6rd support for example, things like that. Anyway, the kernel I use is: FreeBSD $hostname 12.1-RELEASE-p7-HBSD FreeBSD 12.1-RELEASE-p7-HBSD #0 427= d53bc125(stable/20.7)-dirty: Sun Jul 26 05:51:42 CEST 2020 root@sensey6= 4:/usr/obj/usr/src/amd64.amd64/sys/SMP amd64 But from what you are asking, it seems you suggest my issue is kernel relat= ed and in no way a userspace problem. So I cannot do anything to mitigate the issue? BTW I said reset the interface fixed the issue, but in fact, I need to rebo= ot, I found no way to clear the multicast group memberships. Best regards, Diego Abelenda --Sig_/jeHJ7RfEfAXT+K14BOlLRzI Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEhLBEGh6nN5+aat9KomT4UAfkGfgFAl8umwoACgkQomT4UAfk Gfj8+A//b7ylRIAcxPq1g1l2QBwfpFUqYiv5g0VvuvWc/8/AiyeI7txP0vzobrL+ 2lF6I/1ZcWwABCVRg6WYew8RPeACR7TMi+McXeKqpwAQTsmHW1NTKqrr+vL+AdRA /FBB0V3VX39SXcf7eVsfGGz9gGJsD8eURyL2NyiLiBW+VwRRX2W1QkaF1o1pHSKb iwkjIzXUM+CfUGA5+36frnKo9BraDr9JZL/rvFLEG9qJfo/oFlsdQ+e37clES67f pbXblN0qhLswm58NwVMZhTR1Yf5Y/+lyljzTXL75F4rru14czCo9j3J7dRNE9zsl jEUgCRhkoN5N6Pb6kPVRBDFE2Ovk8PbHrY2/wPAvXVZOzE9EIte2jYf2UNMRvocR OwxQK7I/qc3qPvHjte8zPRBgAxD1Ofp+61Pe3unMbWDD66MQuXsIsbcJ9qHaA3Vk 5Whp2CSOKnL0DPTjKlODfJgFo3vkCUB3rTXwmLCkvt4WOeiqR6d3QOZWohiGDppO RldJu+iFM8UI0yiQVCiskY31lZtn6nXYWZfFj6wJTmeCYH/P4TtkQ+XbThErf6N5 F+54xS+RSp9dY/N3KrzSgYbquG2EIJMwfszgUeb1i5wfjWc7kkzRJ5EMTD4o6Zph D/wdrCEKXffDvyc/j7Au2FfgzEa/O6GcBOAq5FlMJxnSXQ+d6Zo= =AN42 -----END PGP SIGNATURE----- --Sig_/jeHJ7RfEfAXT+K14BOlLRzI--