Ticket #79: openvpn-mcast-r2.patch

Makefile.am

@@ -57 +57 @@
         lzo.c lzo.h \
         manage.c manage.h \
         mbuf.c mbuf.h \
-        memdbg.h \
+        mcast.c mcast.h \
+        memdbg.h \
         misc.c misc.h \
         mroute.c mroute.h \
         mss.c mss.h \
@@ -65 +66 @@
         mtu.c mtu.h \
         mudp.c mudp.h \
         multi.c multi.h \
-        ntlm.c ntlm.h \
+        ntlm.c ntlm.h \
         occ.c occ.h occ-inline.h \
         openvpn.c openvpn.h \
         openvpn-plugin.h \

errlevel.h

@@ -88 +88 @@
 #define D_AUTH               LOGLEV(3, 37, 0)        /* show user/pass auth info */
 #define D_MULTI_LOW          LOGLEV(3, 38, 0)        /* show point-to-multipoint low-freq debug info */
 #define D_MULTI_DROPPED      LOGLEV(3, 39, 0)        /* show point-to-multipoint packet drops */
+#define D_MCAST_LOW          LOGLEV(3, 38, 0)        /* show point-to-multipoint low-freq debug info */
 #define D_PLUGIN             LOGLEV(3, 40, 0)        /* show plugin calls */
 #define D_MANAGEMENT         LOGLEV(3, 41, 0)        /* show --management info */
 #define D_SCHED_EXIT         LOGLEV(3, 42, 0)        /* show arming of scheduled exit */
@@ -114 +115 @@
 #define D_MTU_DEBUG          LOGLEV(7, 70, M_DEBUG)  /* show MTU debugging info */
 #define D_PID_DEBUG_LOW      LOGLEV(7, 70, M_DEBUG)  /* show low-freq packet-id debugging info */
 #define D_MULTI_DEBUG        LOGLEV(7, 70, M_DEBUG)  /* show medium-freq multi debugging info */
+#define D_MCAST_DEBUG        LOGLEV(3, 70, M_DEBUG)  /* show medium-freq multi debugging info */
 #define D_MSS                LOGLEV(7, 70, M_DEBUG)  /* show MSS adjustments */
 #define D_COMP_LOW           LOGLEV(7, 70, M_DEBUG)  /* show adaptive compression state changes */
 #define D_REMOTE_LIST        LOGLEV(7, 70, M_DEBUG)  /* show --remote list */

list.h

@@ -182 +182 @@
   return hash_lookup_lock (hash, key, hash_value (hash, key));
 }
 
+static inline void **
+hash_lookup_ptr (struct hash *hash, const void *key)
+{
+  void **ret = NULL;
+  struct hash_element *he;
+  uint32_t hv = hash_value (hash, key);
+  struct hash_bucket *bucket = &hash->buckets[hv & hash->mask];
+
+  mutex_lock (&bucket->mutex);
+  he = hash_lookup_fast (hash, bucket, key, hv);
+  if (he)
+    ret = &he->value;
+  mutex_unlock (&bucket->mutex);
+
+  return ret;
+}
+
 /* NOTE: assumes that key is not a duplicate */
 static inline void
 hash_add_fast (struct hash *hash,

new file mcast.c

@@ +1 @@
+/*
+ *  OpenVPN -- An application to securely tunnel IP networks
+ *             over a single TCP/UDP port, with support for SSL/TLS-based
+ *             session authentication and key exchange,
+ *             packet encryption, packet authentication, and
+ *             packet compression.
+ *
+ *  Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifdef WIN32
+#include "config-win32.h"
+#else
+#include "config.h"
+#endif
+
+#include "syshead.h"
+
+#include "mcast.h"
+#include "proto.h"
+#include "list.h"
+#include "mroute.h"
+
+struct mcast_recipient_list
+{
+  struct mroute_addr rcpt;
+  struct multi_instance *mi;
+  struct mcast_recipient_list *next;
+};
+
+struct mcast_timeout_list
+{
+  struct mroute_addr * rcpt;
+  uint32_t group;
+  struct timeval timeout;
+  struct mcast_timeout_list * next;
+};
+
+/** mcast hashing functions */
+uint32_t mcast_addr_hash(const void *key, uint32_t iv)
+{
+  return (*(const int32_t *)key) % iv;
+}
+
+bool mcast_addr_compare(const void *key1, const void *key2)
+{
+  return (*(const int32_t *)key1) == (*(const int32_t *)key2);
+}
+
+/** initialization-stuff */
+void mcast_init(struct multi_context *m)
+{
+  m->mcast_group_map = hash_init(4096, mcast_addr_hash, mcast_addr_compare);
+  msg (D_MCAST_LOW, "MCAST: initialized multicast maps");
+}
+
+/** debug_output_functions */
+void mcast_print_group_list(const struct multi_context *m, struct gc_arena *gc, uint32_t group)
+{
+  struct mcast_recipient_list * current_list;
+
+  msg (D_MCAST_DEBUG, "MCAST: current recipients for group %s", print_in_addr_t (group, IA_EMPTY_IF_UNDEF, gc));
+
+  for (current_list = (struct mcast_recipient_list *)hash_lookup(m->mcast_group_map, &group); current_list; current_list = current_list->next)
+    msg (D_MCAST_DEBUG, "MCAST:   %s through %s", mroute_addr_print(&current_list->rcpt, gc), multi_instance_string(current_list->mi, false, gc));
+}
+
+void mcast_print_timeout_list(const struct multi_instance *mi, struct gc_arena *gc)
+{
+  struct mcast_timeout_list * current_list;
+
+  msg (D_MCAST_DEBUG, "MCAST: current timeouts for multi-instance. (now = %s)", tv_string_abs(&((struct timeval){now,0}), gc));
+
+  for (current_list = mi->mcast_timeouts; current_list; current_list = current_list->next)
+    msg (D_MCAST_DEBUG, "MCAST:   (%s, %s) -> %s", mroute_addr_print(current_list->rcpt, gc), print_in_addr_t (current_list->group, IA_EMPTY_IF_UNDEF, gc), tv_string_abs(&current_list->timeout, gc));
+}
+
+/** functions to manipulate mcast-receiver-lists */
+inline struct mcast_recipient_list * mcast__create_recv_list_item(struct multi_instance * mi, const struct mroute_addr * rcpt)
+{
+  struct mcast_recipient_list *list;
+  ALLOC_OBJ(list, struct mcast_recipient_list);
+  list->next = NULL;
+  list->mi = mi;
+  memcpy(&list->rcpt, rcpt, sizeof(struct mroute_addr));
+  
+  return list;
+}
+
+struct mcast_timeout_list * mcast__create_timeout_list_item(const uint32_t group, struct mroute_addr * rcpt)
+{
+  struct mcast_timeout_list * timeout;
+  ALLOC_OBJ(timeout, struct mcast_timeout_list);
+  timeout->group = group;
+  timeout->rcpt = rcpt;
+  timeout->timeout = (struct timeval){now + MCAST_TIMEOUT_INTERVAL,0};
+  return timeout;
+}
+
+void mcast__update_time_for_recipient(struct multi_instance * mi, const uint32_t group, struct mroute_addr * rcpt)
+{
+  struct mcast_timeout_list **current_list;
+  struct mcast_timeout_list * tmp_list;
+  struct mcast_timeout_list * new_list_item = mcast__create_timeout_list_item(group, rcpt);
+
+  mutex_lock(mi->mutex);
+
+  current_list = &mi->mcast_timeouts; // Start with a pointer to the pointer to the first item.
+
+  while ((*current_list) && tv_ge(&new_list_item->timeout, &(*current_list)->timeout))  // Continue while there exist a next item, and the next item is scheduled for removal later than the current. */
+  {
+    if (mroute_addr_equal((*current_list)->rcpt, rcpt) && ((*current_list)->group == group)) // If old item exist, remove it.
+    {
+      tmp_list = (*current_list)->next;
+      free(*current_list);
+      *current_list = tmp_list;
+    }
+    else
+      current_list = &(*current_list)->next; // Bring up the next item in list
+  }
+  // We should now be positioned at the right spot in the list, just insert the new item.
+  new_list_item->next = (*current_list);
+  *current_list = new_list_item;
+
+  mutex_unlock(mi->mutex);
+}
+
+void mcast__clean_times_for_recipient(struct multi_instance * mi, const uint32_t group, struct mroute_addr * rcpt)
+{
+  struct mcast_timeout_list **current_list;
+  struct mcast_timeout_list * tmp_list;
+
+  mutex_lock(mi->mutex);
+
+  current_list = &mi->mcast_timeouts;  // Start with a pointer to the pointer to the first item.
+
+  while (*current_list)  // Continue while there exist a next item
+  {
+    if (mroute_addr_equal((*current_list)->rcpt, rcpt) && (*current_list)->group == group) // If old item exist, remove it.
+    {
+      tmp_list = (*current_list)->next;
+      free(*current_list);
+      *current_list = tmp_list;
+    }
+    else
+      current_list = &(*current_list)->next; // Bring up the next item in list
+  }
+  mutex_unlock(mi->mutex);
+}
+
+void mcast_add_rcpt(struct multi_context *m, const uint32_t group, const struct mroute_addr *rcpt, struct multi_instance * mi)
+{
+  struct gc_arena gc = gc_new ();
+  struct mcast_recipient_list **list_item_ptr;
+
+  mutex_lock(m->mutex);
+
+  list_item_ptr = (struct mcast_recipient_list **)hash_lookup_ptr(m->mcast_group_map, &group);
+
+  if (list_item_ptr) // Recipient list for this group already exist
+  {
+    while ((*list_item_ptr) && !mroute_addr_equal(rcpt, &(*list_item_ptr)->rcpt))
+      list_item_ptr = &(*list_item_ptr)->next;
+
+    if (*list_item_ptr)
+    {
+      /* TODO: Add timers and updates. */
+      msg (D_MCAST_LOW, "MCAST: refreshed %s in group-list %s", mroute_addr_print(rcpt, &gc), print_in_addr_t (group, IA_EMPTY_IF_UNDEF, &gc));
+    }
+    else
+    {
+      *list_item_ptr = mcast__create_recv_list_item(mi, rcpt);
+      msg (D_MCAST_LOW, "MCAST: added %s to group-list %s", mroute_addr_print(rcpt, &gc), print_in_addr_t (group, IA_EMPTY_IF_UNDEF, &gc));
+    }
+  }
+  else // Create new mcast_recipient_list
+  {
+    struct mcast_recipient_list * new_list_item = mcast__create_recv_list_item(mi, rcpt);;
+    uint32_t *group_cpy;
+    ALLOC_OBJ(group_cpy, uint32_t)
+    *group_cpy = group;
+    list_item_ptr = &new_list_item;
+    hash_add(m->mcast_group_map, group_cpy, new_list_item, false);
+    msg (D_MCAST_LOW, "MCAST: created group-list %s for %s", print_in_addr_t (group, IA_EMPTY_IF_UNDEF, &gc), mroute_addr_print(rcpt, &gc));
+  }
+  mcast__update_time_for_recipient(mi, group, &(*list_item_ptr)->rcpt);
+  mcast_print_group_list(m, &gc, group);
+
+  mutex_unlock(m->mutex);
+  gc_free(&gc);
+}
+
+void mcast_remove_rcpt(struct multi_context *m, const uint32_t group, const struct mroute_addr *rcpt, struct multi_instance * mi, bool clean_timeouts)
+{
+  struct gc_arena gc = gc_new();
+  struct mcast_recipient_list ** list_item_ptr;
+  struct mcast_recipient_list * next_item;
+  struct mroute_addr rcpt_copy = *rcpt;
+
+  mutex_lock(m->mutex);
+
+  list_item_ptr = (struct mcast_recipient_list **)hash_lookup_ptr(m->mcast_group_map, &group);
+
+  while (list_item_ptr && (*list_item_ptr) && !mroute_addr_equal(rcpt, &(*list_item_ptr)->rcpt))
+    list_item_ptr = &(*list_item_ptr)->next;
+  
+  if (list_item_ptr && *list_item_ptr) // We found something
+  {
+    if (clean_timeouts)
+      mcast__clean_times_for_recipient(mi, group, &(*list_item_ptr)->rcpt);
+
+    next_item = (*list_item_ptr)->next;
+    free(*list_item_ptr);
+    *list_item_ptr = next_item;
+  }
+
+  msg (D_MCAST_LOW, "MCAST: removed %s from group %s", mroute_addr_print(&rcpt_copy, &gc), print_in_addr_t (group, IA_EMPTY_IF_UNDEF, &gc));
+
+  mcast_print_group_list(m, &gc, group);
+
+  mutex_unlock(m->mutex);
+
+  gc_free(&gc);
+}
+
+void mcast_clean_old_groups(struct multi_context *m, struct multi_instance *mi, bool drop_all)
+{
+  struct mcast_timeout_list **current_list;
+  struct mcast_timeout_list * tmp_list;
+  struct timeval timeval_now = (struct timeval){now, 0};
+  struct gc_arena gc = gc_new();
+
+  update_time();
+
+  mutex_lock(mi->mutex);
+
+  current_list = &mi->mcast_timeouts; // Start with a pointer to the pointer to the first item.
+
+  msg (D_MCAST_DEBUG, "Cleaning old groups for multi_instance");
+
+  while ((*current_list) && (tv_ge(&timeval_now, &(*current_list)->timeout) || drop_all))  // Continue while there exist a next item, and either the next item is scheduled for removal before now, or we're due to clean out all joined groups*/
+  {
+    msg (D_MCAST_LOW, "MCAST: detected stale recipient %s in group %s", mroute_addr_print((*current_list)->rcpt, &gc), print_in_addr_t ((*current_list)->group, IA_EMPTY_IF_UNDEF, &gc));
+    mcast_remove_rcpt(m, (*current_list)->group, (*current_list)->rcpt, mi, false); // If old item exist, remove it.
+
+    tmp_list = (*current_list)->next;
+    free(*current_list);
+    *current_list = tmp_list;
+  }
+  mcast_print_timeout_list(mi, &gc);
+  mutex_unlock(mi->mutex);
+  gc_free(&gc);
+}
+
+/** functions to parse possible IGMP-headers */
+void mcast_igmp_snoop(struct multi_context *m, struct multi_instance * mi, const struct openvpn_igmpv3hdr *igmp, const void * buf_end, const struct mroute_addr *src_addr)
+{
+  uint16_t i;
+  struct openvpn_igmpv3_record_hdr * record;
+
+  update_time();
+
+  if (mi)
+    mcast_clean_old_groups(m, mi, false);
+
+  switch (igmp->type)
+  {
+    case OPENVPN_IGMP_QUERY:
+      msg(D_MCAST_DEBUG, "MCAST: saw IGMP query message");
+      break;
+    case OPENVPN_IGMP_REPORT_V2:
+      mcast_add_rcpt(m, ntohl(igmp->data.igmpv2_group_addr), src_addr, mi);
+      break;
+    case OPENVPN_IGMP_LEAVE_V2:
+      mcast_remove_rcpt(m, ntohl(igmp->data.igmpv2_group_addr), src_addr, mi, true);
+      break;
+    case OPENVPN_IGMP_REPORT_V3:
+      record = (struct openvpn_igmpv3_record_hdr*)((void *)igmp + sizeof(struct openvpn_igmpv3hdr));
+      for (i = 0; (i < ntohs(igmp->data.igmpv3_num_records)) && ((((void *)record) + sizeof(struct openvpn_igmpv3_record_hdr)) <= buf_end); i++)
+      {
+        switch (record->type)
+        {
+          case OPENVPN_IGMPV3_FILTER_CHANGE_TO_INCLUDE:
+            mcast_remove_rcpt(m, ntohl(record->group_address), src_addr, mi, true);
+            break;
+          case OPENVPN_IGMPV3_FILTER_CHANGE_TO_EXCLUDE:
+            mcast_add_rcpt(m, ntohl(record->group_address), src_addr, mi);
+            break;
+        }
+        record = ((void *)record) + sizeof(struct openvpn_igmpv3hdr) + 4*(record->aux_len + record->num_sources);
+      }
+      break;
+  }
+}
+
+/** functions to quickly filter out IGMP-packets **/
+const struct openvpn_iphdr * mcast_pkt_is_ip(const struct buffer *buf)
+{
+  if (BLEN(buf) >= sizeof(struct openvpn_ethhdr) + sizeof(struct openvpn_iphdr))
+  {
+    if (ntohs(((struct openvpn_ethhdr *)BPTR(buf))->proto) == OPENVPN_ETH_P_IPV4)
+      return (const struct openvpn_iphdr *)(BPTR(buf) + sizeof(struct openvpn_ethhdr));
+  }
+  return NULL;
+}
+
+const struct openvpn_igmpv3hdr* mcast_pkt_is_igmp(const struct buffer *buf)
+{
+  const struct openvpn_iphdr *ip;
+  if (ip = mcast_pkt_is_ip(buf))
+  {
+    if ((ip->protocol == OPENVPN_IPPROTO_IGMP) && (BLEN(buf) >= (sizeof(struct openvpn_ethhdr) + ntohs(ip->tot_len))))
+      return (const struct openvpn_igmpv3hdr *)openvpn_ip_payload(ip);
+  }
+  return NULL;
+}
+
+/** functions hash multi_instances */
+uint32_t multi_instance_hash(const void *key, uint32_t iv)
+{
+  return (uint32_t)key % iv;
+}
+
+bool multi_instance_compare(const void *key1, const void *key2)
+{
+  return key1 == key2;
+}
+
+/** functions to actually use the learnt mcast-forward-lists */
+void mcast_send(struct multi_context *m,
+                  const struct buffer *buf,
+                  struct multi_instance *omit)
+{
+  struct multi_instance *mi;
+  struct mbuf_buffer *mb;
+  struct hash *output_instances;
+  const struct openvpn_iphdr *ip;
+  uint32_t group_address;
+  struct mcast_recipient_list * rcpt_list;
+  struct gc_arena gc = gc_new ();
+
+  if (ip = mcast_pkt_is_ip(buf))
+    {
+      group_address = ntohl(ip->daddr);
+
+      msg (D_MULTI_DEBUG, "MCAST: sending packet to group %s", print_in_addr_t (group_address, IA_EMPTY_IF_UNDEF, &gc));
+
+      mutex_lock(m->mutex);
+
+      rcpt_list = (struct mcast_recipient_list *)hash_lookup(m->mcast_group_map, &group_address);
+      if (rcpt_list)
+      {
+        perf_push (PERF_MULTI_MCAST);
+#ifdef MULTI_DEBUG_EVENT_LOOP
+        printf ("MCAST len=%d\n", BLEN (buf));
+#endif
+        mb = mbuf_alloc_buf (buf);
+        output_instances = hash_init(16, multi_instance_hash, multi_instance_compare);
+  
+  
+        while (rcpt_list)
+        {
+          mi = rcpt_list->mi;
+          if (mi != omit && !mi->halt && hash_add(output_instances, mi, mi, false)) // Should send here
+            multi_add_mbuf (m, mi, mb);
+          rcpt_list = rcpt_list->next;
+        }
+  
+        hash_free(output_instances);
+        mbuf_free_buf (mb);
+        perf_pop ();
+  
+        mutex_unlock(m->mutex);
+      }
+    }
+
+    gc_free(&gc);
+}
+
+void mcast_disconnect(struct multi_context *m, struct multi_instance *mi)
+{
+  struct gc_arena gc = gc_new ();
+
+  // Free dangling multicast-groups
+  mcast_clean_old_groups(m, mi, true);
+
+  msg (D_MCAST_DEBUG, "MCAST: Disconnect: %s has left the building.", multi_instance_string(mi, false, &gc));
+
+  gc_free(&gc);
+}

new file mcast.h

@@ +1 @@
+/*
+ *  OpenVPN -- An application to securely tunnel IP networks
+ *             over a single TCP/UDP port, with support for SSL/TLS-based
+ *             session authentication and key exchange,
+ *             packet encryption, packet authentication, and
+ *             packet compression.
+ *
+ *  Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2
+ *  as published by the Free Software Foundation.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef MCAST_H
+#define MCAST_H
+
+#include "buffer.h"
+#include "list.h"
+#include "multi.h"
+
+#define MCAST_TIMEOUT_INTERVAL 80  // The timeout interval in seconds, when a member of a group is considered dead. (Should really be aquired by following the IGMP query-pulses from the Designated Router)
+
+void mcast_init();
+
+const struct openvpn_igmpv3hdr * mcast_pkt_is_igmp(const struct buffer *buf);
+
+void mcast_igmp_snoop(struct multi_context *m, struct multi_instance * mi, const struct openvpn_igmpv3hdr *igmp, const void * buf_end, const struct mroute_addr *src_addr);
+
+void mcast_send(struct multi_context *m,
+                  const struct buffer *buf,
+                  struct multi_instance *omit);
+
+void mcast_clean_old_groups(struct multi_context *m, struct multi_instance *mi, bool drop_all);
+
+void mcast_disconnect(struct multi_context *m, struct multi_instance *mi);
+
+#endif /* MCAST_H */

mroute.c

@@ -50 +50 @@
  */
 
 static inline bool
-is_mac_mcast_addr (const uint8_t *mac)
+is_mac_bcast_addr (const uint8_t *mac)
 {
   return (bool) mac[0] & 1;
 }
 
 static inline bool
-is_mac_mcast_maddr (const struct mroute_addr *addr)
+is_mac_bcast_maddr (const struct mroute_addr *addr)
+{
+  return (addr->type & MR_ADDR_MASK) == MR_ADDR_ETHER && is_mac_bcast_addr (addr->addr); 
+}
+
+static inline bool
+is_mac_mcast_addr (const uint8_t *mac)
 {
-  return (addr->type & MR_ADDR_MASK) == MR_ADDR_ETHER && is_mac_mcast_addr (addr->addr); 
+  return ((*(uint32_t*)mac) & htonl(MAC_MCAST_MASK)) == htonl(MAC_MCAST_ADDRS);
 }
 
 /*
@@ -79 +85 @@
       if (b != 0xFF)
         not_all_ones = true;
     }
-  return not_all_zeros && not_all_ones && !is_mac_mcast_maddr (addr);
+  return not_all_zeros && not_all_ones && !is_mac_bcast_maddr (addr);
 }
 
 /*
@@ -157 +163 @@
               memcpy (dest->addr, eth->dest, 6);
 
               /* ethernet broadcast/multicast packet? */
-              if (is_mac_mcast_addr (eth->dest))
+              if (is_mac_bcast_addr (eth->dest))
+              {
                 ret |= MROUTE_EXTRACT_BCAST;
+                if (is_mac_mcast_addr (eth->dest))
+                  ret |= MROUTE_EXTRACT_MCAST;
+              }
             }
           
           ret |= MROUTE_EXTRACT_SUCCEEDED;

mroute.h

@@ -34 +34 @@
 #define IP_MCAST_SUBNET_MASK  ((in_addr_t)240<<24)
 #define IP_MCAST_NETWORK      ((in_addr_t)224<<24)
 
+#define MAC_MCAST_ADDRS        0x01005e00
+#define MAC_MCAST_MASK         0xFFFFFE00
+
 /* Return status values for mroute_extract_addr_from_packet */
 #define MROUTE_EXTRACT_SUCCEEDED (1<<1)
 #define MROUTE_EXTRACT_BCAST     (1<<2)

multi.c

@@ -267 +267 @@
   m->mbuf = mbuf_init (t->options.n_bcast_buf);
 
   /*
+   * Initialize the mcast group_maps.
+   */
+  mcast_init(m);
+
+  /*
    * Different status file format options are available
    */
   m->status_file_version = t->options.status_file_version;
@@ -463 +468 @@
 
       schedule_remove_entry (m->schedule, (struct schedule_entry *) mi);
 
+      mcast_disconnect(m, mi);
+
       ifconfig_pool_release (m->ifconfig_pool, mi->vaddr_handle, false);
       
       if (mi->did_iroutes)
@@ -562 +569 @@
   multi_instance_inc_refcount (mi);
   mi->vaddr_handle = -1;
   mi->created = now;
+  mi->mcast_timeouts = NULL;
   mroute_addr_init (&mi->real);
 
   if (real)
@@ -1561 +1569 @@
               (int)mi->context.c2.timeval.tv_sec,
               (int)mi->context.c2.timeval.tv_usec);
 #endif
-    }
+    } 
+
 
   if ((flags & MPP_RECORD_TOUCH) && m->mpp_touched)
     *m->mpp_touched = mi;
@@ -1672 +1681 @@
 
               if (mroute_flags & MROUTE_EXTRACT_SUCCEEDED)
                 {
+                  const struct openvpn_igmpv3hdr * igmphdr;
+
+                  if (igmphdr = (const struct openvpn_igmpv3hdr *)mcast_pkt_is_igmp(&c->c2.to_tun))
+                      mcast_igmp_snoop(m, m->pending, igmphdr, BEND(&c->c2.to_tun), &src);
+
+/*                  if (mroute_flags & MROUTE_EXTRACT_MCAST)
+                      mcast_send(m, &c->c2.to_tun, m->pending);
+                  else*/
                   if (multi_learn_addr (m, m->pending, &src, 0) == m->pending)
                     {
                       /* check for broadcast */
                       if (m->enable_c2c)
                         {
-                          if (mroute_flags & (MROUTE_EXTRACT_BCAST|MROUTE_EXTRACT_MCAST))
-                            {
-                              multi_bcast (m, &c->c2.to_tun, m->pending);
-                            }
+                          if ((mroute_flags & MROUTE_EXTRACT_BCAST) && !(mroute_flags & MROUTE_EXTRACT_MCAST))
+                            multi_bcast (m, &c->c2.to_tun, m->pending);
                           else /* try client-to-client routing */
                             {
                               mi = multi_get_instance_by_virtual_addr (m, &dest, false);
@@ -1756 +1771 @@
         {
           struct context *c;
 
-          /* broadcast or multicast dest addr? */
-          if (mroute_flags & (MROUTE_EXTRACT_BCAST|MROUTE_EXTRACT_MCAST))
+          if (mroute_flags & MROUTE_EXTRACT_MCAST)
             {
-              /* for now, treat multicast as broadcast */
-              multi_bcast (m, &m->top.c2.buf, NULL);
+              const struct openvpn_igmpv3hdr * igmphdr;
+
+//            Don't intercept IGMP flowing this direction for the moment. Will probably have to do it later to properly implement IGMP-query-snooping
+//            For now, treat IGMP queries flowing downstream as broadcasts
+              if (igmphdr = (const struct openvpn_igmpv3hdr *)mcast_pkt_is_igmp(&m->top.c2.buf))
+              {
+                if (igmphdr->type == OPENVPN_IGMP_QUERY)
+                  multi_bcast(m, &m->top.c2.buf, NULL);
+              }
+              else
+                mcast_send(m, &m->top.c2.buf, NULL);
             }
+          else if (mroute_flags & MROUTE_EXTRACT_BCAST)
+              multi_bcast (m, &m->top.c2.buf, NULL);
           else
             {
               multi_set_pending (m, multi_get_instance_by_virtual_addr (m, &dest, dev_type == DEV_TYPE_TUN));
@@ -1849 +1874 @@
   if (m->earliest_wakeup)
     {
       set_prefix (m->earliest_wakeup);
+      mcast_clean_old_groups(m, m->earliest_wakeup, false);
       ret = multi_process_post (m, m->earliest_wakeup, mpp_flags);
       m->earliest_wakeup = NULL;
       clear_prefix ();

multi.h

@@ -67 +67 @@
   ifconfig_pool_handle vaddr_handle;
   const char *msg_prefix;
 
+  struct mcast_timeout_list *mcast_timeouts;
+
   /* queued outgoing data in Server/TCP mode */
   unsigned int tcp_rwflags;
   struct mbuf_set *tcp_link_out_deferred;
@@ -104 +106 @@
   struct ifconfig_pool *ifconfig_pool;
   struct frequency_limit *new_connection_limiter;
   struct mroute_helper *route_helper;
+  struct hash *mcast_group_map;
   struct multi_reap *reaper;
   struct mroute_addr local;
   bool enable_c2c;

proto.h

@@ -43 +43 @@
  */
 
 #define OPENVPN_ETH_ALEN 6            /* ethernet address length */
-struct openvpn_ethhdr 
+struct openvpn_ethhdr
 {
   uint8_t dest[OPENVPN_ETH_ALEN];     /* destination ethernet addr */
   uint8_t source[OPENVPN_ETH_ALEN];   /* source ethernet addr   */
@@ -79 +79 @@
   /*The options start here. */
 };
 
+static inline uint8_t *
+openvpn_ip_payload (const struct openvpn_iphdr *h)
+{
+  return (uint8_t*)(((uint8_t*)h) + OPENVPN_IPH_GET_LEN(h->version_len));
+}
+
+#define OPENVPN_IGMP_QUERY        0x11
+#define OPENVPN_IGMP_REPORT_V2    0x16
+#define OPENVPN_IGMP_LEAVE_V2     0x17
+#define OPENVPN_IGMP_REPORT_V3    0x22
+struct openvpn_igmpv3hdr {
+  uint8_t    type;
+  uint8_t    max_response;
+  uint16_t   chk_sum;
+  union
+  {
+    uint32_t   igmpv2_group_addr;
+    struct
+    {
+      uint16_t igmpv3_reserved;
+      uint16_t igmpv3_num_records;
+    };
+  } data;
+};
+
+struct openvpn_igmpv3_record_hdr {
+#define OPENVPN_IGMPV3_FILTER_CHANGE_TO_INCLUDE 3
+#define OPENVPN_IGMPV3_FILTER_CHANGE_TO_EXCLUDE 4
+  uint8_t type;
+  uint8_t aux_len;
+  uint16_t num_sources;
+  uint32_t group_address;
+};
+
 /*
  * UDP header
  */