Re: [PATCH 1/1] net: Allow all multicast packets to be received on a interface.
From: Callum Sinclair
Date: Thu Jun 17 2021 - 20:07:39 EST
> I'm also wondering if it could be useful to configure it via
> setsockopt() per application instead of per device via sysctl. Either by
> adding a new socket option. Or by allowing the any IP address
> 0.0.0.0 / :: with IP_ADD_MEMBERSHIP/IPV6_JOIN_GROUP. So that you
> could use this for instance:
Yes perhaps this would be a better way to get multicast snooping working with the existing
options. I can see that using a multicast routing IP socket I will receive all IGMP and MLD
data from that. I was just not creating the socket as a multicast routing socket.
> Or would you prefer to be able to use a layer 3 IP instead of
> a layer 2 packet socket?
Yes I was preferring to use a L3 IP socket instead of a L2 packet socket. This was to have
access to additional data from IP_PKTINFO.
From: Linus Lüssing <linus.luessing@xxxxxxxxx>
Sent: Friday, June 18, 2021 12:33 AM
To: Callum Sinclair
Cc: dsahern@xxxxxxxxxx; nikolay@xxxxxxxxxx; netdev@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; troglobit@xxxxxxxxx
Subject: Re: [PATCH 1/1] net: Allow all multicast packets to be received on a interface.
On Thu, Jun 17, 2021 at 09:50:20PM +1200, Callum Sinclair wrote:
> +mc_snooping - BOOLEAN
> + Enable multicast snooping on the interface. This allows any given
> + multicast group to be received without explicitly being joined.
> + The kernel needs to be compiled with CONFIG_MROUTE and/or
> + CONFIG_IPV6_MROUTE.
> + conf/all/mc_snooping must also be set to TRUE to enable multicast
> + snooping for the interface.
Generally this sounds like a useful feature. One note: When there
are snooping bridges/switches involved, you might run into issues
in receiving all multicast packets, as due to the missing IGMP/MLD
reports the snooping switches won't forward to you.
In that case, to conform to RFC4541 you would also need to become
the selected IGMP/MLD querier and send IGMP/MLD query messages. Or
better, you'd need to send Multicast Router Advertisements
(RFC4286). The latter is the recommended, more flexible way but
might not be supported by all multicast snooping switches yet.
The Linux bridge supports this.
There is a userspace tool called mrdisc you can use for MRD-Adv.
though: https://scanmail.trustwave.com/?c=20988&d=n8HL4MpWu6CIvz405pawlYFbPjGsj-TvRIl7ADnUOg&u=https%3a%2f%2fgithub%2ecom%2ftroglobit%2fmrdisc So no need to
implement MRD Advertisements in the kernel with this patch (though
I could imagine that it might be a useful feature to have, having
MRD support out-of-the-box with this option). Just a note that some
IGMP/MLD Querier or MRD Adv. would be needed when IGMP/MLD snooping
switches are invoved might be nice to have in the mc_snooping
description for now, to avoid potential confusion later.
I'm also wondering if it could be useful to configure it via
setsockopt() per application instead of per device via sysctl. Either by
adding a new socket option. Or by allowing the any IP address
0.0.0.0 / :: with IP_ADD_MEMBERSHIP/IPV6_JOIN_GROUP. So that you
could use this for instance:
$ socat -u UDP6-RECV:1234,reuseaddr,ipv6-join-group="[::]:eth0" -
(currently :: fails with "Invalid argument")
I'm not sure however what the requirements for adding or extending
socket options are, if there are some POSIX standards that'd need
to be followed for compatibility with other OSes, for instance.
Hm, actually, I just noticed that there seem to be some multicast
related setsockopt()s already:
The last one seems to be what you are looking for, I think, the
manpage here says:
"PACKET_MR_ALLMULTI sets the socket up to receive all multicast
packets arriving at the interface"
Or would you prefer to be able to use a layer 3 IP instead of
a layer 2 packet socket?