Re: re-routing multicast pkts after mangle table marking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I looked your old mail and I tested on debian buster.
"ip rule dport" not working like fwmark. How did you tested? Share your setup step-by-step with example commands.(Please use veth with namespace)
Kernel doesn't forward multicast traffic to an other interface without user-level multicast routing daemon.(mrouted,smcroute,pimd etc.) 
Am I wrong? Can someone correct me?
Kernel enable multicast forwarding feature with multicast daemon otherwise you don't have permission for this. 

echo 1 > /proc/sys/net/ipv4/conf/all/mc_forwarding
-bash: /proc/sys/net/ipv4/conf/all/mc_forwarding: Permission denied

When started the daemon you will see the forwarding enable.

Routing deamon will be add this route automatically to routing table.
ip route show table all type multicast
multicast 225.1.2.3/32 from 10.0.1.2/32 table default proto 17 iif s-eth10
    nexthop dev c-eth10 weight 2
Anyway. If you want to example for "fwmark" with mcast daemon, than flow these steps.
iptables -t mangle -A PREROUTING -d 225.1.2.3/32 -p udp -m pkttype --pkt-type multicast -m udp --dport 3000 -m mark --mark 0x0 -j MARK --set-mark 12 

ip mrule add fwmark 12 table 12 pref 12  # don't use 0 for pref.

cat > /etc/mrt12.conf <<EOF
mgroup from s-eth10 group 225.1.2.3
mroute from s-eth10 group 225.1.2.3 to c-eth10
EOF

smcrouted -n -I mrt12 -t 12

-I instance name
-t routing table id

ip route show table all type multicast
multicast 225.1.2.3/32 from 10.0.1.2/32 table 12 proto 17 iif s-eth10
    nexthop dev c-eth10 weight 2


Regards.

Fatih USTA

On 2.12.2020 21:04, Marcin Szewczyk wrote:

On Wed, Dec 02, 2020 at 07:35:07PM +0200, Eliezer Croitor wrote:

There is a difference between packets which are dropped to the nic itself
and traffic which is bounded to a specific ip address.
 From what I remember( and my memory is not the best as it was..) the last
time I checked on Debian jessie you couldn't do any routing
decision on a bounded socket.
Maybe on newer versions of the kernel or another OS it's not the same.

But remember that `ip rule dport…` works (available in Buster) and it
interacts with the same sockets as fwmark does but `ip rule fwmark…`
doesn't work. So evidence suggest that there are indeed routing
decisions being made for those sockets.

Also note that I have done tests on sockets with sendto() without
explicit binding with any address or interface.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux