bin/111493: routed doesn't use multicasts for RIPv2 via P2P interfaces

Dan Lukes dan at obluda.cz
Mon Jul 30 20:50:08 UTC 2007 

The following reply was made to PR bin/111493; it has been noted by GNATS.

From: Dan Lukes <dan at obluda.cz>
To: Vernon Schryver <vjs at calcite.rhyolite.com>
Cc: bms at incunabulum.net, carlson at workingcode.com,
        freebsd-gnats-submit at FreeBSD.org
Subject: Re: bin/111493: routed doesn't use multicasts for RIPv2 via P2P interfaces
Date: Mon, 30 Jul 2007 22:42:54 +0200

 Vernon Schryver napsal/wrote, On 07/30/07 20:56:
 >> 	If you trust the administrator to decide on ethernet interface, I see 
 >> no reason not to trust them on P2P interface as well.
 > 
 > The issue has nothing to do with trusting administrators.  It is whether
 > sending RIPv5 packets over interfaces with IFF_POINTOPOINT and IFF_MULTICAST
 > bits set to the RIPv2 multicast address will break any existing installaions.
 
 	The issue has nothing to do with P2P interfaces. For the purpose of 
 multicasting, the only relevant question is "is the interface multicast 
 capable ?". The exact name of the interface nor the "has the interface 
 some others characteristict, for example, is the interface POINTTOPOINT" 
 has no reason to be counted.
 
 > It makes no sense to me to set both the IFF_POINTOPOINT and IFF_MULTICAST bits
 > on an interface.
 
 	Are you sure you didn't mis something ? Your arguments says that 
 packets of all types can be routed over P2P tunnel including multicast 
 packets, so all IFF_POINTOPOINT are multicast capable and IFF_MULTICAST 
 is redundant and not necesarry. Well. even if I agree with you, your 
 code are not consistent with those arguments - althougt you say "all P2P 
 interface are multicast capable" the code treat them as unicast only ...
 
 	IMHO the IFF_POINTOPOINT and IFF_MULTICAST are not related flags. The 
 first says something, the second something and no one of them imply the 
 presence or absence the second ...
 
 > Do any existing installations using `routed` and GRE tunnels depend on
 > RIPv2 packets being sent unicast?
 
 	I don't know. But if yes, the current routed can be forced to use 
 unicast even over multicast capable interfaces. So if an instalation 
 depend on RIPv2 unicast over GRE, it still be possible, with small 
 change in configuration.
 
 	The current code - if a instalation want's to use multicast RIPv2 over 
 multicast capable interface, it's not possible now.
 
 >> 	It's policy is - RIPv2 on multicasts. The RIPv2 on unicasts are blocked by firewall. He says that RIPv2 daemon on multicast link shall be able to use multicast, unless it's implementation is incomplete.
 
 > However, that someone
 > has a firewall rule should not convince anyone of anything.  For example,
 > the stupid firewall rules that block all ICMP packets do not imply that
 > ICMP should changed.  Dealing with idiots who know far less than they
 > think they do might justify a new kind of path MTU discovery, but only
 > after careful consideration.
 
 	Your example is carefully selected, but interpretation is bad. ICMP is 
 part of IP implementation. If someone create an environment where ICMP 
 are blocked or are not supported at all by network stack, then it has 
 incomplete implementation and need await problems.
 
 	It's exactly the problem with routed - RIPv2 is multicast capable 
 protocol, GRE interface is multicast capable interface - but the routed 
 code can't send multicast over it. The implemetation is incomplete.
 
 	Imagine the DNS resolver that can use the TCP only althought the DNS 
 protocol is defined over both TCP and UDP.  It shall work as all servers 
 must support the TCP - but it's incomplete. Not because someone mad on 
 the way with misconfigured firewall blocks TCP communication to port 53 
 allowing the UDP only, but because DNS shall support UDP also.
 
 	As a routed - RIPv2 has defined unicasts and multicasts as transport 
 protocol. Even all the components of the systems support multicasting, 
 the routed can unicast only. The point of the problem is not that there 
 is someone mad with misconfigured firewall, but the fact the routed 
 implementation of RIPv2 protocol is incomplete - it doesn't support 
 multicasting over some multivcast capable interface.
 
 	Not becasue the specific multicast interface needs specific handling, 
 but because is excluded by programmers decision.
 
 > I am only saying that the mere existence
 > of a firewall rule at one site should not convince anyone of anything.
 
 	But you are saying that the fact the interface is point-to-point shall 
 convince the code programmer to ignore the fact the interface is 
 multicast capable and shall be treated differently despite it can be 
 services as standard multicast interface. For me, mad firewall rule and 
 "ignore multicasting on m-cast capable itnerface because it's P2P class 
 interface" are both arguments that I don't understand so much.
 
 >> 	The required changes in the current code is simple, but the final 
 >> decision is yours.
 > 
 > I am sure that your proposed changes work for you.  The problem is
 > whether they would work for other people.  Would they break existing
 > implementations?
 
 	I'm sure you know I can't answer your question. I'm sure this question 
 is relevant for most of changes in the code. Use the same procedure 
 before committing changes as usually.
 
 > I have the impression from Cisco web pages that multicast does not work
 > by default through GRE tunnels on Cisco routers.  If that is true, then
 > making `routed` use multicast instead of unicast would be a big mistake.
 
 	There are configuration parametr "use unicasts even on multicast 
 interface". It shall be used when administrator doesn't want to use 
 multicast over multicast-capable interface.
 
 	If I found and vendor of black-box router that will not support 
 multicast on thernet - do you count it as argument to break support for 
 multicasting from ethernet also ?
 
 > A small problem is that if IFF_MULTICAST should overried IFF_POINTOPOINT,
 > then perhaps the two main changes are not the best style.  Perhaps
 > IFF_MULTICAST should be checked and handled before IFF_POINTOPOINT.
 
 	The suggested patch tried to minimize the amount of changed code. The 
 decision about the best style is sovereign decision of code maintainer. 
 I have no problem with it.
 
 
 	Please remember I'm not the native English speaker. Nothing in this 
 email shall be considered as attack of any way. Even if you found some 
 strong wording, it's unintentional consequence of it also.
 
 					Dan
 
 
 -- 
 Dan Lukes                                               SISAL MFF UK
 AKA: dan at obluda.cz, dan at freebsd.cz, dan at (kolej.)mff.cuni.cz

More information about the freebsd-bugs mailing list