On Thu, Jan 21, 2016 at 11:40:41AM +0100, Stefan Sperling wrote:
> On Thu, Jan 21, 2016 at 12:27:06PM +0200, Kapetanakis Giannis wrote:
> > Hi,
> >
> > I'm constantly seeing this on my pf router.
> > rule 61/(ip-option) pass in on $ext_if: $ext_gw > 224.0.0.1: igmp query [tos
> > 0xc0] [ttl 1]
> >
> > Rule 61 is:
> > @61 pass quick inet proto igmp from $ext_if:network to 224.0.0.1 keep state
> > (no-sync)
> >
> > tcpdump on $ext_if shows:
> > $ext_gw > 224.0.0.1: igmp query [tos 0xc0] [ttl 1] (id 59056, len 32,
> > optlen=4 IPOPT-148{4})
> >
> > I guess pf has a problem with ip-option 148 which is router alert (rfc2113)
> > Is this normal? Why does it think it's bad?
> >
> > Ext gateway is cisco (no under my control) which apparently is sending this
> > option.
> >
> > G
>
> Multicast traffic is black-holed by default.
> You may want to set multicast_host=Yes in /etc/rc.conf.local.
> See the MULTICAST ROUTING section in the netstart(8) man page.
>
Note that it is just "multicast" with snapshots and >= 5.9
http://www.openbsd.org/faq/current.html#20151205
