Bug #15679
closedMulticast with intel NIC
0%
Description
Since pfSense 2.7.1, in systems with intel X710 netork card, multicast is not working anymore.
By using a multicast application (IGMP Proxy, or PIMD, or Avahi for exemple), we see in pfSense logs :
pfSense kernel: ixl1: Disabled multicast promiscuous mode
Symptoms of this bug : pfSense only sees mutlicasts packets with one of its interface's mac address, and multicast packets from groups pfSense has already joined
So pfSense only see multicasts packets from its IP addresses, and from groups pfSense has already joined (for example 224.0.0.251 if avahi is lauched, 224.0.0.1 and 224.0.0.2 if IGMP Proxy is lauched as it's used as an IGMP Querier).
But it cannot see multicast packet from another host on one of its lan interface asking to join another multicast group (as those packet will have source IP from the host and destination IP as the multicast group, and source mac address as the host's mac address and destination mac address as the mac addresse corresponding to this multicast host).
This is resulting in pfSense not able to work in a mutlicast environnement, not able to proxy, to route or respond to multicast queries.
This bug has been discussed (with packets captures) on the netgate forum :https://forum.netgate.com/topic/188736/multicast-inconsistant/37
The same problem exists in opnsense : https://forum.opnsense.org/index.php?topic=41923.0
Here is the Github issue corresponding to this bug is opnsense : https://github.com/opnsense/src/issues/212
You can see the bug seems to be caused by this freebsd commit : https://reviews.freebsd.org/D40860#1054462 as by reverting this commit, it fixed opnsense (https://github.com/opnsense/src/issues/212#issuecomment-2274126169).
The bug exists in pfSense CE 2.7.1 and 2.7.2. By going back to pfSense CE 2.7.0 with the same configuration, the problem doesn't happed.
Updated by Max Pal 4 months ago
To update on this issue, you can see the FreeBSD bug here : https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281125
You can see someone patched OPNsense with reverting the FreeBSD commit (https://reviews.freebsd.org/D40860#1054462) that seem to cause this bug : https://github.com/opnsense/src/issues/212#issuecomment-2320207580
Updated by Emre K about 2 months ago
Why is this "closed" with "needs patch"? Or it is me who is weird and don't understand the workflow.
Updated by Jim Pingle about 2 months ago
Emre K wrote in #note-4:
Why is this "closed" with "needs patch"? Or it is me who is weird and don't understand the workflow.
It's "closed" because there is nothing actionable from us -- it's waiting on a patch from an upstream/external source to correct the issue.
Updated by Max Pal 5 days ago
- https://github.com/freebsd/freebsd-src/pull/1545
- https://cgit.freebsd.org/src/commit/?id=38663adb61440bd659fb457909782b71ba8806fa
- https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281125
When this is merged to main FreeBSD, any chance this revert commit is included in pfSense 2.8 ? Or with a patch ?