Bug #15679
closedMulticast with intel NIC
0%
Description
Since pfSense 2.7.1, in systems with intel X710 netork card, multicast is not working anymore.
By using a multicast application (IGMP Proxy, or PIMD, or Avahi for exemple), we see in pfSense logs :
pfSense kernel: ixl1: Disabled multicast promiscuous mode
Symptoms of this bug : pfSense only sees mutlicasts packets with one of its interface's mac address, and multicast packets from groups pfSense has already joined
So pfSense only see multicasts packets from its IP addresses, and from groups pfSense has already joined (for example 224.0.0.251 if avahi is lauched, 224.0.0.1 and 224.0.0.2 if IGMP Proxy is lauched as it's used as an IGMP Querier).
But it cannot see multicast packet from another host on one of its lan interface asking to join another multicast group (as those packet will have source IP from the host and destination IP as the multicast group, and source mac address as the host's mac address and destination mac address as the mac addresse corresponding to this multicast host).
This is resulting in pfSense not able to work in a mutlicast environnement, not able to proxy, to route or respond to multicast queries.
This bug has been discussed (with packets captures) on the netgate forum :https://forum.netgate.com/topic/188736/multicast-inconsistant/37
The same problem exists in opnsense : https://forum.opnsense.org/index.php?topic=41923.0
Here is the Github issue corresponding to this bug is opnsense : https://github.com/opnsense/src/issues/212
You can see the bug seems to be caused by this freebsd commit : https://reviews.freebsd.org/D40860#1054462 as by reverting this commit, it fixed opnsense (https://github.com/opnsense/src/issues/212#issuecomment-2274126169).
The bug exists in pfSense CE 2.7.1 and 2.7.2. By going back to pfSense CE 2.7.0 with the same configuration, the problem doesn't happed.