sysctl permission denied on mc_forwarding keys

Discussion in 'Linux Networking' started by J G Miller, Sep 22, 2011.

  1. J G Miller

    J G Miller Guest

    On Debian testing, Linux 3.0.0-1-686-pae, the kernel config file
    in /boot/config-3.0.0-1-686-pae has

    CONFIG_IP_MROUTE=y
    CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
    CONFIG_IPV6_MROUTE=y
    CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y


    Please would somebody explain why this happens?

    # sysctl net.ipv4.conf.default.mc_forwarding=1

    error: permission denied on key 'net.ipv4.conf.default.mc_forwarding'

    and similiarty for .all., .eth0., .gre1. etc.

    Why is it not possible to turn on multicast forwarding on any interface?

    Thanks for your help.
     
    J G Miller, Sep 22, 2011
    #1
    1. Advertisements

  2. J G Miller

    buck Guest

    'net.ipv4.conf.default.mc_forwarding'

    Try
    echo 1 >/proc/sys/net/ipv4/FIXMEmc_forwarding
    where FIXME should be obvious when you see the correct path and "file"
    name...
     
    buck, Sep 23, 2011
    #2
    1. Advertisements

  3. J G Miller

    J G Miller Guest

    ll /proc/sys/net/ipv4/*mc*
    ls: cannot access /proc/sys/net/ipv4/*mc*: No such file or directory

    So why is FIXME ovbious when FIXME obviously does not exist,
    but the subdirectory conf containing the individual device names under
    which the mc_forward key is present.
     
    J G Miller, Sep 24, 2011
    #3
  4. J G Miller

    Lew Pitcher Guest

    ~ $ find /proc/sys/net/ipv4 -type f | grep mc_forwarding
    /proc/sys/net/ipv4/conf/all/mc_forwarding
    /proc/sys/net/ipv4/conf/default/mc_forwarding
    /proc/sys/net/ipv4/conf/lo/mc_forwarding

    FIXME appears to be a placeholder for all the directories under which
    mc_forwarding appears.
     
    Lew Pitcher, Sep 24, 2011
    #4
  5. J G Miller

    J G Miller Guest

    Which corresponds to the key I originally mentioned

    net.ipv4.conf.default.mc_forwarding

    and was told was not the correct path.
    repeating what I had already observed viz

    So still no answer to the original question.

    sysctl net.ipv4.conf.default.mc_forwarding=1
    error: permission denied on key 'net.ipv4.conf.default.mc_forwarding'

    echo 1 >/proc/sys/net/ipv4/conf/default/mc_forwarding
    bash: /proc/sys/net/ipv4/conf/default/mc_forwarding: Permission denied
     
    J G Miller, Sep 24, 2011
    #5
  6. J G Miller

    buck Guest

    denied

    So what does
    ls -l /proc/sys/net/ipv4/conf/default
    show> In other words, who is the owner and what are the permissions?

    On my slackware64-current system, the permissions are read only, so of
    course one cannot alter the value unless the permissions are altered
    to rw. If you must change this
    chmod 644 /proc/sys/net/ipv4/conf/default/mc_forwarding
    echo 1 >/proc/sys/net/ipv4/conf/default/mc_forwarding
     
    buck, Sep 24, 2011
    #6
  7. J G Miller

    J G Miller Guest

    ll /proc/sys/net/ipv4/conf/default/mc_forwarding
    0 -r--r--r-- 1 root root 0 2011-09-24 21:50 /proc/sys/net/ipv4/conf/default/mc_forwarding
    It is not just the permission on the file that allows one to change a file,
    but the permission on the directory.

    But normally root can change any file regardless of the ownership
    or permission on the file.
    chmod 644 /proc/sys/net/ipv4/conf/default/mc_forwarding
    chmod: changing permissions of `/proc/sys/net/ipv4/conf/default/mc_forwarding':
    Operation not permitted

    Which still leaves the question unanswered,

    "Why is it not possible to turn on multicast forwarding on any interface?"
     
    J G Miller, Sep 24, 2011
    #7
  8. J G Miller

    Lew Pitcher Guest

    Remember that the directories and files in the /proc directory tree
    are "manufactured" on the fly by kernel components. While they exhibit the
    expected permission structure, they do not necessarily behave like regular
    files; the kernel components can impose additional restrictions, such
    as "without write permission, even root cannot write", and "user processes
    (including root user processes) cannot change the permission structure".

    Thus, it appears that, by themselves, the mc_forwarding files are strictly
    read-only, providing information on the current setting of multicast
    forwarding, and not providing a mechanism to change it.
    It /is/ possible. But it takes more than just an
    echo 1 >.../mc_forwarding
    to accomplish.

    IIRC, you /first/ must have a multicast router running, which sets up the
    proper kernel conditions to activate multicast forwarding.

    Do you have a multicast router running?
     
    Lew Pitcher, Sep 24, 2011
    #8
  9. J G Miller

    J G Miller Guest

    Thank you! That was the answer to the problem.

    Since my original post I have now discovered that the value of
    the mc_forwarding key is changed from 0 to 1 when running eg
    pimd or xorp so there is no need to even attempt to manually
    change it.
     
    J G Miller, Sep 25, 2011
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.