Date: Thu, 29 Jun 2000 12:23:43 +0200 From: Emmanuel Duros <Emmanuel.Duros@UDcast.com> To: freebsd-bugs@freebsd.org Cc: Patrick Cipiere <Patrick.Cipiere@UDcast.com> Subject: mrouted and tcpdump (igmp reports) Message-ID: <395B23AF.143F5D58@UDcast.com>
next in thread | raw e-mail | index | archive | help
Dear all,
tcpdump outputs weird (inexistent) packets when using mrouted. I have noticed
this behaviour with FreeBSD 3.4-R and 2.2.7-R. I do not know if it also occurs
with 4.x-R (this might be good to check).
Basically, tcpdump shows packets with unknown Ethernet types and wrong dst and
src Ethernet addresses. Furthermore these packets are not sent over the lan
itself.
I you feel like reproducing this, here is what to do:
- start mrouted on a multi-homed station
- start tcpdump displaying the link layer level (let's say fxp0)
- start mtest and join a Mcast group on fxp0
Every time there is an IGMP report sent via fxp0 we have an extra badly-formated
packet displayed with tcpdump. This packet does not go through the lan (other
hosts do not see it).
Here is an example:
$ tcpdump -n -e -i fxp0
11:43:40.604722 0:d0:c1:1:59:76 1:0:5e:0:0:4 0800 46: 193.48.223.27 > 224.0.0.4:
igmp dvmrp Probe [tos 0xc0] [ttl 1]
11:43:50.604750 0:d0:c1:1:59:76 1:0:5e:0:0:4 0800 46: 193.48.223.27 > 224.0.0.4:
igmp dvmrp Probe [tos 0xc0] [ttl 1]
11:43:58.249665 0:0:1:2:44:3a 46:0:0:20:5f:4f c130 32:
df1b e001 0101 9404 0000 1600 08fd e001
0101
11:43:58.249708 0:d0:c1:1:59:76 1:0:5e:1:1:1 0800 46: 193.48.223.27 > 224.1.1.1:
igmp v2 report 224.1.1.1 [ttl 1]
11:44:01.274806 0:d0:c1:1:59:76 1:0:5e:0:0:4 0800 46: 193.48.223.27 > 224.0.0.4:
igmp dvmrp Probe [tos 0xc0] [ttl 1]
11:44:02.434710 0:0:1:2:44:2f 46:0:0:20:5f:5a c130 32:
df1b e001 0101 9404 0000 1600 08fd e001
0101
11:44:02.434754 0:d0:c1:1:59:76 1:0:5e:1:1:1 0800 46: 193.48.223.27 > 224.1.1.1:
igmp v2 report 224.1.1.1 [ttl 1]
The first 2 lines show dvmrp probes, all is ok.
Then I start mtest and I join 224.1.1.1 on fxp0
The weird output comes up, the ethernet header (src and dst addr, ether type) is
completely wrong. The following line shows the igmp report.
There are several things to note here:
1- the weird line always appears right before the igmp report with *very short*
time in between.
2- the weird ethernet frame is in fact the payload of the correctly formated
Ehternet (igmp report) ! It is like the IP igmp packet was delivered the berkley
package filter without layer 2 encapsulation.
Let's have a look at the Eth frame.:
The Eth type is c130 followed by df1b that is the IP addr 193.48.223.27
We also have the sequence e001 0101 that is 224.1.1.1
We can easily conclude that the IP packet is mapped onto an Ethernet header...
I though this was a bug with the fxp0 driver, I made this test with different
drivers and I got the same result: it is not directly related to drivers.
This *ONLY* occures when using mrouted AND for IGMP repports. Without mrouted
IGMP reports are correctly displayed.
My understanding is that the pb might be in some related code to Mcast routing
and not with drivers. I tried to find some bpf code in /sys/netinet but this was
unsuccessful. I also had a look at /sys/net, same result.
I hope my investigation will be of some use for you. Please, keep me inform if
you fix this !
Regards
Emmanuel
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?395B23AF.143F5D58>