IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership

Aham Brahmasmi
Hello misc,

Running 6.4-beta from approximately a week ago.

1) How to determine the IPv6 multicast groups which have been joined by
a particular interface?
I have tried netstat but have been unsuccessful.

# ifconfig em0
em0: flags=648843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,INET6_NOPRIVACY,AUTOCONF6,INET6_NOSOII> mtu 1500
        ...
        status: active
        ...
        inet6 <link_local_unicast_address>%em0 prefixlen 64 scopeid 0x1
        inet6 <global_unicast_address> prefixlen 64 autoconf pltime xxxxxx vltime xxxxxxx
# cat /etc/pf.conf
...
pass quick on egress inet6 proto icmp6
...
# netstat -g
Virtual Interface Table is empty
Multicast Forwarding Cache is empty

IPv6 Multicast Interface Table is empty
IPv6 Multicast Routing Table is empty

2) How to disable an interface from joining IPv6 Node Information
multicast group (RFC 4620)?
In sys/netinet6/in6.c, the function in6_update_ifa contains the
following lines:

/*
 * join node information group address
 */
if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr) == 0) {
        imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error);
        if (!imm) {
                /* XXX not very fatal, go on... */
        } else {
                LIST_INSERT_HEAD(&ia6->ia6_memberships,
                    imm, i6mm_chain);
        }
}

Since I cannot determine the multicast groups that an interface joins,
I cannot ascertain whether the Node Information multicast group is
joined by the egress interface or not.

Some noteworthy excerpts/sections from RFC 4620:
Status of This Memo
   This memo defines an Experimental Protocol for the Internet
   community.
1.  Introduction
   This document specifies a mechanism for discovering information about
   names and addresses.  The applicability of these mechanisms is
   currently limited to diagnostic and debugging tools and network
   management (e.g., node discovery).
8.  Security Considerations
   https://tools.ietf.org/html/rfc4620#section-8 

I understand that IPv6 is a challenging subject for me. In my layman
understanding, I am trying to disable RFC 4620 because it is an
experimental protocol with no evident use, for me atleast.

Thanks.

Regards,
ab
---------|---------|---------|---------|---------|---------|---------|--

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership

Stuart Henderson
On 2018-10-01, Aham Brahmasmi <[hidden email]> wrote:

> 2) How to disable an interface from joining IPv6 Node Information
> multicast group (RFC 4620)?
> In sys/netinet6/in6.c, the function in6_update_ifa contains the
> following lines:
>
> /*
>  * join node information group address
>  */
> if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr) == 0) {
> imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error);
> if (!imm) {
> /* XXX not very fatal, go on... */
> } else {
> LIST_INSERT_HEAD(&ia6->ia6_memberships,
>    imm, i6mm_chain);
> }
> }

Not 100% sure but I think this may have been missed when support for
RFC 4620 was removed from the kernel in 2014

https://github.com/openbsd/src/commit/43f29087ef2fc515510c43f9dd706f7bbd9e39b7


Reply | Threaded
Open this post in threaded view
|

Re: IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership

Aham Brahmasmi
Hi Stuart,

Thank you for your response.

> > 2) How to disable an interface from joining IPv6 Node Information
> > multicast group (RFC 4620)?
> > In sys/netinet6/in6.c, the function in6_update_ifa contains the
> > following lines:
> >
> > /*
> >  * join node information group address
> >  */
> > if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr) == 0) {
> > imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error);
> > if (!imm) {
> > /* XXX not very fatal, go on... */
> > } else {
> > LIST_INSERT_HEAD(&ia6->ia6_memberships,
> >    imm, i6mm_chain);
> > }
> > }
>
> Not 100% sure but I think this may have been missed when support for
> RFC 4620 was removed from the kernel in 2014
>
> https://github.com/openbsd/src/commit/43f29087ef2fc515510c43f9dd706f7bbd9e39b7

You may be probably right, although I do not claim to understand IPv6.
My best guess is that the code block might have been originally present
in the KAME project.

Regards,
ab
---------|---------|---------|---------|---------|---------|---------|--

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership

Stuart Henderson
On 2018/10/03 12:36, Aham Brahmasmi wrote:

> Hi Stuart,
>
> Thank you for your response.
>
> > > 2) How to disable an interface from joining IPv6 Node Information
> > > multicast group (RFC 4620)?
> > > In sys/netinet6/in6.c, the function in6_update_ifa contains the
> > > following lines:
> > >
> > > /*
> > >  * join node information group address
> > >  */
> > > if (in6_nigroup(ifp, hostname, hostnamelen, &mltaddr) == 0) {
> > > imm = in6_joingroup(ifp, &mltaddr.sin6_addr, &error);
> > > if (!imm) {
> > > /* XXX not very fatal, go on... */
> > > } else {
> > > LIST_INSERT_HEAD(&ia6->ia6_memberships,
> > >    imm, i6mm_chain);
> > > }
> > > }
> >
> > Not 100% sure but I think this may have been missed when support for
> > RFC 4620 was removed from the kernel in 2014
> >
> > https://github.com/openbsd/src/commit/43f29087ef2fc515510c43f9dd706f7bbd9e39b7
>
> You may be probably right, although I do not claim to understand IPv6.
> My best guess is that the code block might have been originally present
> in the KAME project.

Yes the original code was in the original import from KAME. The code
that actually *processed* these queries was removed in the commit I
mentioned (so it seems your main concern is already dealt with), but
I think the interfaces are still joined to the group so will receive
those packets.

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership

Aham Brahmasmi
Stuart,

> Yes the original code was in the original import from KAME. The code
> that actually *processed* these queries was removed in the commit I
> mentioned (so it seems your main concern is already dealt with), but
> I think the interfaces are still joined to the group so will receive
> those packets.

I too think that the Node Information multicast group is joined when
the interface comes up, but could not ascertain this for sure whether
the group was being joined or not. Hence my 1st question - How to
determine the list of IPv6 multicast groups joined by an interface?

"netstat -g" does not return IPv6 multicast groups joined, because I
think it deals with multicast routing rather than IPv6 multicast groups.
I could not gather much from the results of apropos multicast[1].

Regards,
ab

[1] - https://man.openbsd.org/?query=multicast&apropos=1&sec=0&arch=default&manpath=OpenBSD-current
---------|---------|---------|---------|---------|---------|---------|--

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership

Fernando Gont-2
In reply to this post by Aham Brahmasmi
On 1/10/18 17:18, Aham Brahmasmi wrote:
> Hello misc,
>
> Running 6.4-beta from approximately a week ago.
>
> 1) How to determine the IPv6 multicast groups which have been joined by
> a particular interface?

Use ifmcstat

But you need to install the corresponding package first.

Thanks,
--
Fernando Gont
e-mail: [hidden email] || [hidden email]
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1



Reply | Threaded
Open this post in threaded view
|

Re: IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership

Stuart Henderson
On 2018-12-17, Fernando Gont <[hidden email]> wrote:

> On 1/10/18 17:18, Aham Brahmasmi wrote:
>> Hello misc,
>>
>> Running 6.4-beta from approximately a week ago.
>>
>> 1) How to determine the IPv6 multicast groups which have been joined by
>> a particular interface?
>
> Use ifmcstat
>
> But you need to install the corresponding package first.
>
> Thanks,

ifmcstat hasn't worked since 2013, nobody fixed it after a round of
kernel changes to multicast.


Reply | Threaded
Open this post in threaded view
|

Re: IPv6 Multicast Listener Discovery - Listing and Disabling Group Membership

Paul de Weerd
On Tue, Dec 18, 2018 at 07:13:28PM +0000, Stuart Henderson wrote:
| On 2018-12-17, Fernando Gont <[hidden email]> wrote:
| > On 1/10/18 17:18, Aham Brahmasmi wrote:
| >> Hello misc,
| >>
| >> Running 6.4-beta from approximately a week ago.
| >>
| >> 1) How to determine the IPv6 multicast groups which have been joined by
| >> a particular interface?
| >
| > Use ifmcstat
| >
| > But you need to install the corresponding package first.
| >
| > Thanks,
|
| ifmcstat hasn't worked since 2013, nobody fixed it after a round of
| kernel changes to multicast.

And the port was removed by danj as a result 2 months ago, after
having been marked BROKEN for nearly five years.  In those five years,
nobody complained (at least, not to me), so aparently it wasn't a big
loss :)

Paul 'WEiRD' de Weerd

--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
                 http://www.weirdnet.nl/