Project

General

Profile

Actions

Bug #15679

closed

Multicast with intel NIC

Added by Max Pal 5 months ago. Updated 5 days ago.

Status:
Needs Patch
Priority:
High
Assignee:
-
Category:
Operating System
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.7.1
Affected Architecture:

Description

Since pfSense 2.7.1, in systems with intel X710 netork card, multicast is not working anymore.
By using a multicast application (IGMP Proxy, or PIMD, or Avahi for exemple), we see in pfSense logs :

pfSense kernel: ixl1: Disabled multicast promiscuous mode

Symptoms of this bug : pfSense only sees mutlicasts packets with one of its interface's mac address, and multicast packets from groups pfSense has already joined
So pfSense only see multicasts packets from its IP addresses, and from groups pfSense has already joined (for example 224.0.0.251 if avahi is lauched, 224.0.0.1 and 224.0.0.2 if IGMP Proxy is lauched as it's used as an IGMP Querier).
But it cannot see multicast packet from another host on one of its lan interface asking to join another multicast group (as those packet will have source IP from the host and destination IP as the multicast group, and source mac address as the host's mac address and destination mac address as the mac addresse corresponding to this multicast host).
This is resulting in pfSense not able to work in a mutlicast environnement, not able to proxy, to route or respond to multicast queries.

This bug has been discussed (with packets captures) on the netgate forum :https://forum.netgate.com/topic/188736/multicast-inconsistant/37
The same problem exists in opnsense : https://forum.opnsense.org/index.php?topic=41923.0
Here is the Github issue corresponding to this bug is opnsense : https://github.com/opnsense/src/issues/212
You can see the bug seems to be caused by this freebsd commit : https://reviews.freebsd.org/D40860#1054462 as by reverting this commit, it fixed opnsense (https://github.com/opnsense/src/issues/212#issuecomment-2274126169).

The bug exists in pfSense CE 2.7.1 and 2.7.2. By going back to pfSense CE 2.7.0 with the same configuration, the problem doesn't happed.

Actions #1

Updated by Max Pal 4 months ago

To update on this issue, you can see the FreeBSD bug here : https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281125

You can see someone patched OPNsense with reverting the FreeBSD commit (https://reviews.freebsd.org/D40860#1054462) that seem to cause this bug : https://github.com/opnsense/src/issues/212#issuecomment-2320207580

Actions #2

Updated by Emre K 3 months ago

I am also hitting the same issue and it is pretty brutal for me with pfsense crashing.
pfsense plus 24.03

Actions #3

Updated by Marcos M 3 months ago

  • Status changed from New to Needs Patch
Actions #4

Updated by Emre K about 2 months ago

Why is this "closed" with "needs patch"? Or it is me who is weird and don't understand the workflow.

Actions #5

Updated by Jim Pingle about 2 months ago

Emre K wrote in #note-4:

Why is this "closed" with "needs patch"? Or it is me who is weird and don't understand the workflow.

It's "closed" because there is nothing actionable from us -- it's waiting on a patch from an upstream/external source to correct the issue.

Actions #6

Updated by Max Pal 5 days ago

To update on this issue a commit has been merged on FreeBSD :

When this is merged to main FreeBSD, any chance this revert commit is included in pfSense 2.8 ? Or with a patch ?

Actions

Also available in: Atom PDF