Subject: Re: multicast filter
To: Nitin P Mahajan <Nitin@soc-soft.com>
From: Greg Troxel <gdt@ir.bbn.com>
List: tech-net
Date: 04/09/2004 09:53:41
Basically you have to implement the right semantics with a combination
of hardware filtering and software filtering after the hardware
receives packets. Clearly the more you can filter in hardware the
better.
If IFF_PROMISC is set, all packets must be received by the hardware,
e.g. to be made available to bpf. I believe that then normally all
multicast packets are received and filtered at the IP layer for being
a group of interest. (One could argue that only packets with ethernet
multicast groups of interest should be subject to this processing, but
also that IFF_PROMISC means that one should take IP multicast packets
on odd groups). So in this case programming is easy - take everything.
IFF_ALLMULTI seems to be different than I remember it from before. I
had thought it was a command from multicast routing to the interface
to get all multicast packets. But it seems now (from looking at
netinet/ip_mroute.c and sys/dev/ic/i82557.c) that multicast routing
commands that all multicast packets be received by doing SIOCADDMULTI
with a zero IP address. This causes the fxp driver to set ALLMULTI
during mc filter programming because of having a range of multicast
addresses (and thus not bother with the filter), which then causes the
allmulti bit to be set in the hardwaer.
In the general non-PROMISC case, the desired set of packets are
broadcast address
one's own MAC address
the set of Ethernet addresses set by ether_add_multi (which will
generally be those obtained by mapping the IPv4 and IPv6 joined
multicast addresses to Ethernet addresses, plus any ranges set by mc
routing)
Here (which includes the multicast router case), the right thing to do
is program the card to take all of the above and as little else. If
the card supports ranges, it would be cool to take only the Ethernet
ranges needed for multicast routing.
But given your options, I think you need to receive all multicast
packets whenever any multicast address should be received. This is
essentially always, because the all-hosts group is always joined
("netstat -ain" is helpful here).
Is the first option you list really 'reject those from the CAM', or
'accept if in CAM'? If the latter, you could use the CAM to get what
you need and avoid setting ALLMULTI.
--
Greg Troxel <gdt@ir.bbn.com>