Request feedback on IPv6 multicast listen on ::

Sat May 2 02:00:49 UTC 2009

At Fri, 01 May 2009 18:33:50 +0100,
Bruce Simpson <bms at incunabulum.net> wrote:

> During the MLDv2 refactoring, I removed some old KAME code which 
> supports the ability to listen to *all* multicast groups.
> It isn't clear to me whether this code was still in use, and I couldn't 
> find information about it in the normative RFCs (2292, 3542) for IPv6 
> stack implementation.
> 
> This call needed super-user privileges to use, and I'm not sure if 
> anything is actually using it. Can anyone out there with possible 
> exposure to it clarify?

I believe you can safely remove it.  The KAME repository version of
that code was already deprecated long time ago.  See the change for
rev.1.433 at:
http://orange.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ip6_output.c

I also noted this strange behavior in a book about the KAME
implementation:

3684:                   mreq = mtod(m, struct ipv6_mreq *);
3685:                   if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) {
3686:                           /*
3687:                            * We use the unspecified address to specify to accept
3688:                            * all multicast addresses. Only super user is allowed
3689:                            * to do this.
3690:                            */
3692:                           if (suser(p))
3696:                           {
3697:                                   error = EACCES;
3698:                                   break;
3699:                           }

3684–3699
  ipv6mr_multiaddr ﬁeld must hold a valid IPv6 multicast
  address. The KAME implementation allows a privileged application to
  specify the IPv6 unspeciﬁed address.  While the intention may be to
  allow the socket to accept packets from any multicast address, the
  system does not actually behave that way. First, the
  IN6_LOOKUP_MULTI() macro does not have a special matching rule for the
  unspeciﬁed address. Secondly, in order to accept any multicast
  addresses on an interface, it is necessary to specify the promiscuous
  mode for the interface’s multicast ﬁlter, which will not actually be
  done in this case. Later versions of the KAME implementation removed
  this code and similar code that exists for IPV6_LEAVE_GROUP.

Hope this helps,

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.