IGMP messages are not seen by NEFilterDataProvider?

Question

Created Sep ’21

Replies 1

Boosts 0

Participants 2

While testing NEFilterDataProvider, I observed that IGMP traffic is not seen in it. Perhaps someone can show me where my testing is wrong and provide a better methodology to create IGMP traffic.

I am using iperf found in Homebrew. I am using iperf as follows:

I execute the client/consumer iperf on the VM where the NEFilterDataProvider is active and running: iperf -s -u -B 224.1.1.1 -i 1
I then execute on another machine the server/producer side of things: iperf -c 224.1.1.1 -u -T 32 -t 3 -i 1.

This works correctly as both sides receive the data and everything seems to be good.

However, I don't see any IGMP traffic on the NEFilterDataProvider.

When I create a raw socket with python and send traffic marked as IGMP, that gets seen by NEFilterDataProvider.

Is this expected where the kernel handle IGMP messages which don't get bubbled up to usermode through a NetworkExtension?

Am I not actually testing the right thing to see IGMP traffic in NEFilterDataProvider?

By the way, I am not sure if NEFilterPacketProvider would see this—I just haven't had a chance to try it since packet provider is not working in my Parallels VM.

Boost

Answer 1

Systems Engineer OP

Apple

Sep ’21

Is this expected where the kernel handle IGMP messages which don't get bubbled up to usermode through a NetworkExtension?

Last I knew, the Network Extension APIs handled TCP and UDP traffic only. Now, there has been some discussion about supporting different protocols in the past, but I am not sure where that ended up. My advice for you here is to test with the protocol version of NENetworkRuleProtocolAny and if that does not provide any tangible results than I would open an Enhancement Request for this.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0