From owner-freebsd-net@FreeBSD.ORG Sat May 2 02:00:49 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 11A58106564A for ; Sat, 2 May 2009 02:00:49 +0000 (UTC) (envelope-from Jinmei_Tatuya@isc.org) Received: from mon.jinmei.org (mon.jinmei.org [IPv6:2001:4f8:3:36::162]) by mx1.freebsd.org (Postfix) with ESMTP id F3C908FC1E for ; Sat, 2 May 2009 02:00:48 +0000 (UTC) (envelope-from Jinmei_Tatuya@isc.org) Received: from jmb.jinmei.org (unknown [IPv6:2001:4f8:3:bb:217:f2ff:fee0:a91f]) by mon.jinmei.org (Postfix) with ESMTP id A930833C2E; Fri, 1 May 2009 19:00:48 -0700 (PDT) Date: Fri, 01 May 2009 19:00:48 -0700 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: Bruce Simpson In-Reply-To: <49FB327E.3010504@incunabulum.net> References: <49FB327E.3010504@incunabulum.net> User-Agent: Wanderlust/2.14.0 (Africa) Emacs/22.1 Mule/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net Subject: Re: Request feedback on IPv6 multicast listen on :: X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 May 2009 02:00:49 -0000 At Fri, 01 May 2009 18:33:50 +0100, Bruce Simpson wrote: > During the MLDv2 refactoring, I removed some old KAME code which=20 > supports the ability to listen to *all* multicast groups. > It isn't clear to me whether this code was still in use, and I couldn't=20 > find information about it in the normative RFCs (2292, 3542) for IPv6=20 > stack implementation. >=20 > This call needed super-user privileges to use, and I'm not sure if=20 > anything is actually using it. Can anyone out there with possible=20 > exposure to it clarify? I believe you can safely remove it. The KAME repository version of that code was already deprecated long time ago. See the change for rev.1.433 at: http://orange.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ip6_output.c I also noted this strange behavior in a book about the KAME implementation: 3684: mreq =3D mtod(m, struct ipv6_mreq *); 3685: if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr= )) { 3686: /* 3687: * We use the unspecified address to specif= y to accept 3688: * all multicast addresses. Only super user= is allowed 3689: * to do this. 3690: */ 3692: if (suser(p)) 3696: { 3697: error =3D EACCES; 3698: break; 3699: } 3684=E2=80=933699 ipv6mr_multiaddr =EF=AC=81eld must hold a valid IPv6 multicast address. The KAME implementation allows a privileged application to specify the IPv6 unspeci=EF=AC=81ed address. While the intention may be = to allow the socket to accept packets from any multicast address, the system does not actually behave that way. First, the IN6_LOOKUP_MULTI() macro does not have a special matching rule for the unspeci=EF=AC=81ed address. Secondly, in order to accept any multicast addresses on an interface, it is necessary to specify the promiscuous mode for the interface=E2=80=99s multicast =EF=AC=81lter, which will not = actually be done in this case. Later versions of the KAME implementation removed this code and similar code that exists for IPV6_LEAVE_GROUP. Hope this helps, --- JINMEI, Tatuya Internet Systems Consortium, Inc.