#2 IPv6 Multicast does not work on CentOS 6.6

[Christian Ferrari]

flom IPv6 multicast implementation does not work with some Linux distributions.
At least one distribution and version does not pass the tests: CentOS 6.6 (32 and 64 bits) on top of KVM (in a virtualized environment).
I have no idea where the issue is and an IPv6 multicast expert could help to solve the bug.
The bug can be reproduced using the following steps:
1. open 2 command line terminals inside the same system
2. in the first terminal execute the command "flom --debug-feature=ipv6.multicast.server -A ff01::1"
3. in the second terminal execute the command "flom --debug-feature=ipv6.multicast.client -A ff01::1"

Right behaviour:

first terminal:

[tiian@centos71-64 flom-1.1.0-dev]$ flom --debug-feature=ipv6.multicast.server -A ff01::1
Arrived datagram is 'HELLO'
Sent datagram is 'WELCOME'

second terminal:

[tiian@centos71-64 ~]$ flom --debug-feature=ipv6.multicast.client -A ff01::1
Sent datagram is 'HELLO'
Arrived datagram is 'WELCOME'

Wrong behaviour:

first terminal:

[tiian@centos66-64 flom-1.1.0-dev]$ flom --debug-feature=ipv6.multicast.server -A ff01::1

second terminal:

[tiian@centos66-64 tests]$ flom --debug-feature=ipv6.multicast.client -A ff01::1
Sent datagram is 'HELLO'
both processes freeze.

Trace messages can be activated with "export FLOM_TRACE_MASK=0x10000" before the above commands; with the trace activated these are the console messages:

first terminal:

[tiian@centos66-64 flom-1.1.0-dev]$ export FLOM_TRACE_MASK=0x10000
[tiian@centos66-64 flom-1.1.0-dev]$ flom --debug-feature=ipv6.multicast.server -A ff01::1
2015-11-17 23:07:17.255742 [11721/0xf05c00] flom_debug_features
2015-11-17 23:07:17.255772 [11721/0xf05c00] flom_debug_features: name='ipv6.multicast.server'
2015-11-17 23:07:17.255777 [11721/0xf05c00] flom_debug_features_ipv6_multicast_server
2015-11-17 23:07:17.255779 [11721/0xf05c00] flom_debug_features_ipv6_multicast_server: multicast address='ff01::1', multicast port=28015
2015-11-17 23:07:17.255801 [11721/0xf05c00] flom_debug_features_ipv6_multicast_server/getaddrinfo() list pointer 0xf17f10
2015-11-17 23:07:17.255804 [11721/0xf05c00] flom_debug_features_ipv6_multicast_server: address returned by getaddrinfo():addrlen=28; IPv6 address, sin6_port=28015, sin6_flowinfo=0x0, sin6_addr='ff01::1', sin6_scope_id=0
2015-11-17 23:07:17.255816 [11721/0xf05c00] flom_debug_features_ipv6_multicast_server/getaddrinfo(): [ai_flags=1,ai_family=10,ai_socktype=2,ai_protocol=17,ai_addrlen=28,ai_canonname='{null}']
2015-11-17 23:07:17.255820 [11721/0xf05c00] flom_debug_features_ipv6_multicast_server: creating a new socket...
2015-11-17 23:07:17.255826 [11721/0xf05c00] flom_debug_features_ipv6_multicast_server: address returned by getsockname(): addrlen=28; IPv6 address, sin6_port=0, sin6_flowinfo=0x0, sin6_addr='::', sin6_scope_id=0
2015-11-17 23:07:17.255831 [11721/0xf05c00] flom_debug_features_ipv6_multicast_server: setting SO_REUSEADDR socket property...
2015-11-17 23:07:17.255843 [11721/0xf05c00] flom_debug_features_ipv6_multicast_server: binding to address addrlen=28; IPv6 address, sin6_port=28015, sin6_flowinfo=0x0, sin6_addr='::', sin6_scope_id=0
2015-11-17 23:07:17.255850 [11721/0xf05c00] flom_debug_features_ipv6_multicast_server: address returned by bind() addrlen=28; IPv6 address, sin6_port=28015, sin6_flowinfo=0x0, sin6_addr='::', sin6_scope_id=0
2015-11-17 23:07:17.255855 [11721/0xf05c00] flom_debug_features_ipv6_multicast_server: activating multicast...
2015-11-17 23:07:17.255887 [11721/0xf05c00] flom_debug_features_ipv6_multicast_server: multicast server created, waiting datagram...

second terminal:

[tiian@centos66-64 tests]$ export FLOM_TRACE_MASK=0x10000
[tiian@centos66-64 tests]$ flom --debug-feature=ipv6.multicast.client -A ff01::1
2015-11-17 23:07:34.120173 [11722/0x2453c00] flom_debug_features
2015-11-17 23:07:34.120214 [11722/0x2453c00] flom_debug_features: name='ipv6.multicast.client'
2015-11-17 23:07:34.120220 [11722/0x2453c00] flom_debug_features_ipv6_multicast_client
2015-11-17 23:07:34.120224 [11722/0x2453c00] flom_debug_features_ipv6_multicast_client: multicast address='ff01::1', multicast port=28015
2015-11-17 23:07:34.120255 [11722/0x2453c00] flom_debug_features_ipv6_multicast_client/getaddrinfo() list pointer 0x2465f10
2015-11-17 23:07:34.120259 [11722/0x2453c00] flom_debug_features_ipv6_multicast_client: address returned by getaddrinfo():addrlen=28; IPv6 address, sin6_port=28015, sin6_flowinfo=0x0, sin6_addr='ff01::1', sin6_scope_id=0
2015-11-17 23:07:34.120275 [11722/0x2453c00] flom_debug_features_ipv6_multicast_client/getaddrinfo(): [ai_flags=1,ai_family=10,ai_socktype=2,ai_protocol=17,ai_addrlen=28,ai_canonname='{null}']
2015-11-17 23:07:34.120284 [11722/0x2453c00] flom_debug_features_ipv6_multicast_client: setting IPV6_MULTICAST_HOPS to value 1
2015-11-17 23:07:34.120289 [11722/0x2453c00] flom_debug_features_ipv6_multicast_client: setting SO_REUSEADDR to value 1
2015-11-17 23:07:34.120293 [11722/0x2453c00] flom_debug_features_ipv6_multicast_client: binding to address: addrlen=28; IPv6 address, sin6_port=0, sin6_flowinfo=0x0, sin6_addr='::', sin6_scope_id=0
2015-11-17 23:07:34.120305 [11722/0x2453c00] flom_debug_features_ipv6_multicast_client: address returned by bind() addrlen=28; IPv6 address, sin6_port=0, sin6_flowinfo=0x0, sin6_addr='::', sin6_scope_id=0
2015-11-17 23:07:34.120313 [11722/0x2453c00] flom_debug_features_ipv6_multicast_client: sending 'HELLO' to the server...
2015-11-17 23:07:34.120316 [11722/0x2453c00] flom_debug_features_ipv6_multicast_client: destination address:addrlen=28; IPv6 address, sin6_port=28015, sin6_flowinfo=0x0, sin6_addr='ff01::1', sin6_scope_id=0
Sent datagram is 'HELLO'
2015-11-17 23:07:34.120371 [11722/0x2453c00] flom_debug_features_ipv6_multicast_client: waiting an answer from the server...

[Christian Ferrari]

After further investigation it seems not related to a specific distro: after some patching of the Ubuntu 15.04 KVM host, the issue happens on any guest VM.
There maybe something related to the firewall, this is the current configuration:

root@presanella:/home/tiian# ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp      anywhere             anywhere             udp dpt:dhcpv6-server
ACCEPT     udp      anywhere             anywhere             udp dpt:domain
ACCEPT     tcp      anywhere             anywhere             tcp dpt:domain

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all      anywhere             2001:db8:dead:beef:fe::/96 
ACCEPT     all      2001:db8:dead:beef:fe::/96  anywhere            
ACCEPT     all      anywhere             anywhere            
REJECT     all      anywhere             anywhere             reject-with icmp6-port-unreachable
REJECT     all      anywhere             anywhere             reject-with icmp6-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

but unfortunately there's no relevant difference if compared with IPv4 configuration:

root@presanella:/home/tiian# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             192.168.122.0/24     ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc

but multicast works with IPv4.

Any help will be appreciated!
Thanks to all.

[Christian Ferrari]

The issue was not related to the distro version, but to 2 different pitfall.

ff01::1 is node local

This multicast address can be used only inside 1 system and it uses the loopback device. No way to multicast a message to a different system using this address.

ip6tables prevented UDP/IPv6

Some distro install a default configuration for ip6tables that blocks IPv6 multicast.
Here is a default config for CentOS 6.6:

[root@centos66-64 tiian]# ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all      anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     ipv6-icmp    anywhere             anywhere            
ACCEPT     all      anywhere             anywhere            
ACCEPT     udp      anywhere             fe80::/64           state NEW udp dpt:dhcpv6-client 
ACCEPT     tcp      anywhere             anywhere            state NEW tcp dpt:ssh 
REJECT     all      anywhere             anywhere            reject-with icmp6-adm-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all      anywhere             anywhere            reject-with icmp6-adm-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@centos66-64 tiian]#

and this is the not secured config:

[root@centos66-64 tiian]# ip6tables -F
[root@centos66-64 tiian]# ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

The second one does not stop the UDP/IPv6 datagrams used by FLoM; if you need firewalling, a more secure configuration will be needed.