Skip to main content

Linux Kernel not passing through multicast UDP packets

itemprop="text">

Recently I've set up a new Ubuntu
Server 10.04 and noticed my UDP server is no longer able
to see any multicast
data sent to the interface, even after joining the multicast group. I've got the exact
same set up on two other Ubuntu 8.04.4 LTS machines and there is no problem receiving
data after joining the same multicast group.



The
ethernet card is a Broadcom netXtreme II BCM5709 and the driver used
is:



b $ ethtool -i
            eth1

driver: bnx2
version:
            2.0.2
firmware-version: 5.0.11 NCSI 2.0.5
bus-info:
            0000:01:00.1


I'm using
smcroute to manage my multicast
registrations.



b$ smcroute
            -d
b$ smcroute -j eth1
            233.37.54.71



After
joining the group ip maddr shows the newly added
registration.



b$ ip
            maddr

 1: lo
 inet 224.0.0.1
 inet6
            ff02::1
 2: eth0

 link 33:33:ff:40:c6:ad
 link
            01:00:5e:00:00:01
 link 33:33:00:00:00:01
 inet 224.0.0.1

            inet6 ff02::1:ff40:c6ad
 inet6 ff02::1
 3: eth1
 link
            01:00:5e:25:36:47
 link 01:00:5e:25:36:3e
 link
            01:00:5e:25:36:3d

 link 33:33:ff:40:c6:af
 link
            01:00:5e:00:00:01
 link 33:33:00:00:00:01
 inet 233.37.54.71
            <------- McastGroup.
 inet 224.0.0.1
 inet6
            ff02::1:ff40:c6af
 inet6
            ff02::1


So far so
good, I can see that I'm receiving data for this multicast
group.




b$ sudo tcpdump
            -i eth1 -s 65534 host 233.37.54.71
tcpdump: verbose output suppressed, use -v
            or -vv for full protocol decode
listening on eth1, link-type EN10MB
            (Ethernet), capture size 65534 bytes
09:30:09.924337 IP 192.164.1.120.58848
            > 233.37.54.71.15572: UDP, length 212
09:30:09.947547 IP
            192.164.1.120.58848 > 233.37.54.71.15572: UDP, length 212
09:30:10.108378
            IP 192.164.1.120.58866 > 233.37.54.71.15574: UDP, length
            268
09:30:10.196841 IP 192.164.1.120.58848 > 233.37.54.71.15572: UDP,
            length
            212
...



I
can also confirm that the interface is receiving mcast
packets.



b $ ethtool -S eth1 |
            grep mcast_pack
rx_mcast_packets: 103998
tx_mcast_packets:
            33


Now here's the
problem. When I try to capture the traffic using a simple ruby UDP server I receive zero
data! Here's a simple server that reads data send on port 15572 and prints
the
first two characters. This works on the two 8.04.4 Ubuntu Servers, but not the 10.04
server.




require
            'socket'
s = UDPSocket.new
s.bind("", 15572)
5.times
            do
 text, sender = s.recvfrom(2)
 puts
            text
end



If
I send a UDP packet crafted in ruby to localhost, the server receives it and prints out
the first two characters. So I know that the server above is working
correctly.



irb(main):001:0>
            require 'socket'
=> true
irb(main):002:0> s =
            UDPSocket.new
=>
            #
irb(main):003:0> s.send("I2 XXX", 0,
            'localhost',
            15572)


When I check
the protocol statistics I see that InMcastPkts is not increasing. While
on

the other 8.04 servers, on the same network, received a few
thousands packets in 10 seconds.



b
            $ netstat -sgu ; sleep 10 ; netstat -sgu
IcmpMsg:
 InType3:
            11
 OutType3: 11
Udp:
 446 packets received
 4
            packets to unknown port received.
 0 packet receive
            errors

 461 packets
            sent
UdpLite:
IpExt:
 InMcastPkts: 4654 <--------- Same
            as below
 OutMcastPkts: 3426
 InBcastPkts: 9854
 InOctets:
            -1691733021
 OutOctets: 51187936
 InMcastOctets: 145207

            OutMcastOctets: 109680

 InBcastOctets:
            1246341
IcmpMsg:
 InType3: 11
 OutType3:
            11
Udp:
 446 packets received
 4 packets to unknown port
            received.
 0 packet receive errors
 461 packets
            sent
UdpLite:

IpExt:
 InMcastPkts: 4656
            <-------------- Same as above
 OutMcastPkts: 3427
 InBcastPkts:
            9854
 InOctets: -1690886265
 OutOctets: 51188788

            InMcastOctets: 145267
 OutMcastOctets: 109712
 InBcastOctets:
            1246341



If
I try forcing the interface into promisc mode nothing
changes.



At this point I'm stuck. I've confirmed
the kernel config has multicast enabled. Perhaps there are other config options I should
be checking?



b $ grep
            CONFIG_IP_MULTICAST
            /boot/config-2.6.32-23-server
CONFIG_IP_MULTICAST=y


Any
thoughts on where to go from here?



class="post-text" itemprop="text">
class="normal">Answer



In our
instance, our problem was solved by sysctl parameters, one different from
Maciej.



Please note that I do not speak for the
OP (buecking), I came on this post due to the problem being related by the basic detail
(no multicast traffic in userland).



We have an
application that reads data sent to four multicast addresses, and a unique port per
multicast address, from an appliance that is (usually) connected directly to an
interface on the receiving server.



We were
attempting to deploy this software on a customer site when it mysteriously failed with
no known reason. Attempts at debugging this software resulted in inspecting every system
call, ultimately they all told us the same
thing:



Our software asks for data, and the OS
never provides any.




The multicast
packet counter incremented, tcpdump showed the traffic reaching the box/specific
interface, yet we couldn't do anything with it. SELinux was disabled, iptables was
running but had no rules in any of the
tables.



Stumped, we
were.



In randomly poking around, we started
thinking about the kernel parameters that sysctl handles, but none of the documented
features was either particularly relevant, or if they had to do with multicast traffic,
they were enabled. Oh, and ifconfig did list "MULTICAST" in the feature line (up,
broadcast, running, multicast). Out of curiosity we looked at
/etc/sysctl.conf. 'lo and behold, this customer's base image
had a couple of extra lines added to it at the
bottom.



In our case, the customer had set
net.ipv4.all.rp_filter = 1. rp_filter is the Route Path filter,
which (as I understand it) rejects all traffic that could not have possibly reached this
box. Network subnet hopping, the thought being that the source IP is being spoofed.



Well, this server was on a 192.168.1/24 subnet
and the appliance's source IP address for the multicast traffic was somewhere in the
10.* network. Thus, the filter was preventing the server from doing anything meaningful
with the traffic.




A couple of tweaks
approved by the customer; net.ipv4.eth0.rp_filter = 1 and
net.ipv4.eth1.rp_filter = 0 and we were running
happily.


Comments

Post a Comment

Popular posts from this blog

linux - iDRAC6 Virtual Media native library cannot be loaded

When attempting to mount Virtual Media on a iDRAC6 IP KVM session I get the following error: I'm using Ubuntu 9.04 and: $ javaws -version Java(TM) Web Start 1.6.0_16 $ uname -a Linux aud22419-linux 2.6.28-15-generic #51-Ubuntu SMP Mon Aug 31 13:39:06 UTC 2009 x86_64 GNU/Linux $ firefox -version Mozilla Firefox 3.0.14, Copyright (c) 1998 - 2009 mozilla.org On Windows + IE it (unsurprisingly) works. I've just gotten off the phone with the Dell tech support and I was told it is known to work on Linux + Firefox, albeit Ubuntu is not supported (by Dell, that is). Has anyone out there managed to mount virtual media in the same scenario?
Post a Comment
Read more

hp proliant - Smart Array P822 with HBA Mode?

We get an HP DL360 G8 with an Smart Array P822 controller. On that controller will come a HP StorageWorks D2700 . Does anybody know, that it is possible to run the Smart Array P822 in HBA mode? I found only information about the P410i, who can run HBA. If this is not supported, what you think about the LSI 9207-8e controller? Will this fit good in that setup? The Hardware we get is used but all original from HP. The StorageWorks has 25 x 900 GB SAS 10K disks. Because the disks are not new I would like to use only 22 for raid6, and the rest for spare (I need to see if the disk count is optimal or not for zfs). It would be nice if I'm not stick to SAS in future. As OS I would like to install debian stretch with zfs 0.71 as file system and software raid. I have see that hp has an page for debian to. I would like to use hba mode because it is recommend, that zfs know at most as possible about the disk, and I'm independent from the raid controller. For us zfs have many benefits,
Post a Comment
Read more

apache 2.2 - Server Potentially Compromised -- c99madshell

So, low and behold, a legacy site we've been hosting for a client had a version of FCKEditor that allowed someone to upload the dreaded c99madshell exploit onto our web host. I'm not a big security buff -- frankly I'm just a dev currently responsible for S/A duties due to a loss of personnel. Accordingly, I'd love any help you server-faulters could provide in assessing the damage from the exploit. To give you a bit of information: The file was uploaded into a directory within the webroot, "/_img/fck_uploads/File/". The Apache user and group are restricted such that they can't log in and don't have permissions outside of the directory from which we serve sites. All the files had 770 permissions (user rwx, group rwx, other none) -- something I wanted to fix but was told to hold off on as it wasn't "high priority" (hopefully this changes that). So it seems the hackers could've easily executed the script. Now I wasn't able
Post a Comment
Read more