Closed stormshield-sylvainm closed 1 year ago
This change I'm not so sure of. Do you have any reference to an RFC that says we should ignore v2 reports?
Thing is this: on a shared LAN, switches implementing IGMP snooping may back down to the lowest common IGMP version if any end-device on that LAN starts sending with a lower version.
I'm actually quite suspicious in general of the SSM support in pimd. It has proven several times to have derailed some critical functionality and caused backwards incompatibility problems.
We have found this RFC for SSM : https://datatracker.ietf.org/doc/html/rfc4607#section-8. This patch is not valid as is, there is no check if the interface is in v2 or v3. If the interface is v3, the SSM range is valid, if the interface is v2, the SSM range does not exist. This test should be done everywhere in pimd....
Ah, there it is. Thank you! (saving!) Always great to include a reference, or the reasoning/why for a change. For future reference.
Yeah this is very difficult to solve, not just in pimd, but also on a system level. IGMP snooping switches usually cannot filter on (S,G), only on (*,G), and what's worse they usually only support L2 filtering using RFC1112 translation from the IPv4 multicast range to 01:00:5e:xx:yy:zz.
For this request, in IGMPv2, all Membership report for group in SSM range are rejected.