FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
alif
Staff
Staff
Article Id 364499
Description This article describes a known issue on FortiGate devices running Linux kernel 4.19.13 where the IGMP Membership report with source IP 0.0.0.0 is dropped.
Scope FortiGate devices running Linux kernel 4.19.13.
Solution

IGMP Membership report sent with a source IP of 0.0.0.0 is getting dropped/discarded by the FortiGate devices running kernel 4.19.13.

 

In order to find out the kernel version on FortiGate, run the below command:

 

FGT # fnsysctl cat /proc/version
Linux version 4.19.13 (root@build) (gcc version 10.3.0 (GCC)) #1 SMP Mon Sep 16 18:52:53 America 2024

 

Due to this behavior, the servers do not receive the multicast stream. The packet with source IP 0.0.0.0 can be seen in packet capture, but the IGMP daemon does not process the packet.

 

FGT # diag sniff packet any 'igmp' 4
interfaces=[any]
filters=[igmp]
6.126795 port1 in 0.0.0.0 -> 239.100.100.100: ip-proto-2 8
^C
1 packets received by filter
0 packets dropped by kernel

 

FGT # get router info multicast igmp groups
<blank_output>

 

The debug flow reports that the packet is discarded due to the reason 'ip_sessoin_handle_no_dst'.

 

id=65308 trace_id=1 func=print_pkt_detail line=5862 msg="vd-root:0 received a packet(proto=2, 0.0.0.0:0->239.100.100.100:0) tun_id=0.0.0.0 from port1 . "
id=65308 trace_id=1 func=init_ip_session_common line=6047 msg="allocate a new session-00002076"
id=65308 trace_id=1 func=ip_session_handle_no_dst line=6133 msg="trace"

 

Note that the IGMP membership table is updated correctly if the request comes from a source IP other than 0.0.0.0.

 

FGT # get router info multicast igmp groups
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
239.100.100.100 port1 00:00:29 00:03:50 10.90.15.208

 

This is a known issue and has been resolved in FortiOS 7.2.11, 7.4.6, and 7.6.1 versions.

Resolved issues 7.6.1

Resolved issues 7.4.6

 

Contributors