Re: [pim] Group-Specific Queries dropped by kernel

Linus Lüssing <linus.luessing@c0d3.blue> Sat, 13 April 2019 10:20 UTC

Return-Path: <linus.luessing@c0d3.blue>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D78112010C for <pim@ietfa.amsl.com>; Sat, 13 Apr 2019 03:20:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4
X-Spam-Level:
X-Spam-Status: No, score=-4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=c0d3.blue
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V0vEosDgLrl5 for <pim@ietfa.amsl.com>; Sat, 13 Apr 2019 03:20:05 -0700 (PDT)
Received: from mail.aperture-lab.de (mail.aperture-lab.de [IPv6:2a01:4f8:171:314c::100:a1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 894251200C4 for <pim@ietf.org>; Sat, 13 Apr 2019 03:20:05 -0700 (PDT)
Date: Sat, 13 Apr 2019 12:20:00 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=c0d3.blue; s=2018; t=1555150803; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gYTyC79hEQZ1QCZu3kuwUPH1KHxv2wVvh5XwHq7DyY4=; b=tlLoI2E8QTlI9bZxLTlkgEL5lxxUaw9zMzDoUSCYQztWj2U5Dxm3Xnys8la2v+l74z+4UT hVHMW1CH+TwEacwoCjzTWCvlXJClXKoftTeajIWOAqwgpoqUcUjdp9f/qd9EDX4+WRwZG8 OPYsZk0eLPxNkvqV1Xy/gclmow9d5jzEh3g6L03PTHzLAA954dikhTN556Y2B9DJgQVg/y NKK/RUhUaF4ZU+hNaO2WjyurO6fJcpIa35VnW93n/F0SbhbdTjuRxMTEQJogvNEwrLjPx5 MY5R28o89m92VmfBlaGIyx5K2tFetzF/5oS1NeHiO7dZIANCPdIOqNRUMgauow==
From: Linus =?utf-8?Q?L=C3=BCssing?= <linus.luessing@c0d3.blue>
To: mal.hubert@bt.com
Cc: pim@ietf.org
Message-ID: <20190413102000.GA2085@otheros>
References: <40be04cccedb47b78e62771e4aeaabda@rew09926dag07b.domain1.systemhost.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <40be04cccedb47b78e62771e4aeaabda@rew09926dag07b.domain1.systemhost.net>
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=c0d3.blue; s=2018; t=1555150803; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gYTyC79hEQZ1QCZu3kuwUPH1KHxv2wVvh5XwHq7DyY4=; b=B1pBzOhix0gmnbxTNk2s/pLqZrW8XO29kAk2/F0/xnyLrD7NgW15i9daUKJnxb4FnRpuXn 7xB4zSAjeCL3Vcki5Akns9Te7dINiAIVG9FVpM64orCxR4u8GzjMeShQhnAqUeAGmRJnvH pyslD9AIhWuej4aPNqsEPMmBsg6/0Tyhh5lX1jFfDUmbXst146kZpiBHcxOyxmvxKcycLw hntSrnedpJHXrzL/A9ThwR2uHVTjHp8nVBt7A+hFhuTly7XAgWrI3vFZoNb6Tb1gVMIP/q 0QgFkt01Q8Ok8j4jD51bzrTfYtJ4yZBfWqBQhP68EQOl06lfeVqwYAF6ew9uoA==
ARC-Seal: i=1; s=2018; d=c0d3.blue; t=1555150803; a=rsa-sha256; cv=none; b=c7orwu1VftKwKUYW37+W+qkH/d2+yQwTsfZ6xbBn1988egT5nF6f0y3S2no0GFuKDbyr3k 9rxidbl08QUHgsyACUIRtCfebausQrmqJKESz/tO05O5Oa9WEhhfc+9jxdG3yXi+xKyzlY P+cm5jjJlkxoazltBq7HN/xsnKHsHHC9/Fqpqygn0uQfie+LxHYFMIQOKBZB4VTB9IxJpX SvLT0yxPaIknzGSjnd3BjIlBDc9bnRh7BJny0uF5NI3ExM5sm5LncWW/QE3Zq4ocv8jozB VJOIwBDkpXAgUARcFpvVkGfmtlZemhNk4r/lUMy8sAUwKSMXZiBBaqZlXUGRzg==
ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=linus.luessing@c0d3.blue smtp.mailfrom=linus.luessing@c0d3.blue
Authentication-Results: ORIGINATING; auth=pass smtp.auth=linus.luessing@c0d3.blue smtp.mailfrom=linus.luessing@c0d3.blue
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/S0sogqaOFzzRdXU-4Tr3m_OW3ZM>
Subject: Re: [pim] Group-Specific Queries dropped by kernel
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Apr 2019 10:20:11 -0000

Hi Hubert,

On Fri, Apr 12, 2019 at 12:34:52PM +0000, mal.hubert@bt.com wrote:
> Hey
> 
>  
> 
> Hopefully someone on here can answer this basic query for me. It would appear
> that the Linux kernel by default will allow IGMPv3 "General Query" if it has a
> source IP of 0.0.0.0 but will drop any "Group-Specific Queries" if the source
> IP is 0..0.0.0. This doesn't appear to be specific to my implementation and
> seems to be the implementation in the Linux Kernel.
> 
>  
> 
> Some questions about this, if someone would be so kind as to help.
> 
>  
> 
>  
> 
> 1)    Is this by design in the rfc3367 standard and would someone point out to
> me where it is and enlighten me as to why this is the case.

I couldn't find anything like this in RFC3367. I searched for
0.0.0.0 and "zero" in this document, but these only seem to be
mentioned for the IGMPv3 report source address and the group
address for IGMP queries.

There is a "4.2.13. IP Source Addresses for Reports" but no
equivalent in 4.1 for IGMP queries.

> 2)    Is this by design in the Kernel and would enlighten me as to why this is
> the case.

Hm, for the Linux bridge IGMP snooping code at least I think we do not
have such a restriction (or I keep missing it while rereading the code). Both
an IGMPv3 "General Query" and "Group-Specific Queries" with a
0.0.0.0 source addres should be accepted here.

In the Linux IPv4 stack code I wasn't able to find such a restriction either.
igmp_rcv() or igmp_heard_query() do not seem to have such a
check? But I'm not that familiar with the IP stack code - do you
know where this check should be?


I do see a comment "Stop IGMP from 0.0.0.0 being accepted." (which
seems wrong) in the changelog here:

https://elixir.bootlin.com/linux/v5.0/source/net/ipv4/igmp.c#L47

But as it came with the big git import in 2005 I'm unable to track
with "git blame" etc. what Alan had actually changed in the code.


Could you share a tcpdump capture of the IGMP queries your
application is sending? Maybe "by coincidence" the IGMP or IP
checksums are messed up only for the Group-Specific IGMP queries
in your application or something like that?

Does Wireshark remark anything suspicious for your IGMP queries?

Regards, Linus