sysctl permission denied on mc_forwarding keys

[J G Miller]

On Debian testing, Linux 3.0.0-1-686-pae, the kernel config file
in /boot/config-3.0.0-1-686-pae has

CONFIG_IP_MROUTE=y
CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
CONFIG_IPV6_MROUTE=y
CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y


Please would somebody explain why this happens?

# sysctl net.ipv4.conf.default.mc_forwarding=1

error: permission denied on key 'net.ipv4.conf.default.mc_forwarding'

and similiarty for .all., .eth0., .gre1. etc.

Why is it not possible to turn on multicast forwarding on any interface?

Thanks for your help.

[buck]

J G Miller <mil...@yoyo.ORG> wrote in news:j5fsmk$qd3$1...@dont-email.me:

> On Debian testing, Linux 3.0.0-1-686-pae, the kernel config file
>

> Please would somebody explain why this happens?
>
> # sysctl net.ipv4.conf.default.mc_forwarding=1
>
> error: permission denied on key
'net.ipv4.conf.default.mc_forwarding'

Try
echo 1 >/proc/sys/net/ipv4/FIXMEmc_forwarding
where FIXME should be obvious when you see the correct path and "file"
name...
--
buck

[J G Miller]

On Friday, September 23rd, 2011 at 17:30:10h +0000, Buck suggested:

> Try
> echo 1 >/proc/sys/net/ipv4/FIXMEmc_forwarding where FIXME should be
> obvious when you see the correct path and "file" name...

ll /proc/sys/net/ipv4/*mc*
ls: cannot access /proc/sys/net/ipv4/*mc*: No such file or directory

So why is FIXME ovbious when FIXME obviously does not exist,
but the subdirectory conf containing the individual device names under
which the mc_forward key is present.

[Lew Pitcher]

On September 23, 2011 19:16, in comp.os.linux.networking, mil...@yoyo.ORG
wrote:

> On Friday, September 23rd, 2011 at 17:30:10h +0000, Buck suggested:
>
>> Try
>> echo 1 >/proc/sys/net/ipv4/FIXMEmc_forwarding where FIXME should be
>> obvious when you see the correct path and "file" name...
>
> ll /proc/sys/net/ipv4/*mc*
> ls: cannot access /proc/sys/net/ipv4/*mc*: No such file or directory

~ $ find /proc/sys/net/ipv4 -type f | grep mc_forwarding
/proc/sys/net/ipv4/conf/all/mc_forwarding
/proc/sys/net/ipv4/conf/default/mc_forwarding
/proc/sys/net/ipv4/conf/lo/mc_forwarding

> So why is FIXME ovbious when FIXME obviously does not exist,

FIXME appears to be a placeholder for all the directories under which
mc_forwarding appears.

> but the subdirectory conf containing the individual device names under
> which the mc_forward key is present.

--
Lew Pitcher
Master Codewright & JOAT-in-training | Registered Linux User #112576
Me: http://pitcher.digitalfreehold.ca/ | Just Linux: http://justlinux.ca/
---------- Slackware - Because I know what I'm doing. ------

[J G Miller]

On Friday, September 23rd, 2011 at 19:23:39h -0400, Lew Pitcher wrote:

> /proc/sys/net/ipv4/conf/default/mc_forwarding

Which corresponds to the key I originally mentioned

net.ipv4.conf.default.mc_forwarding

and was told was not the correct path.

> FIXME appears to be a placeholder for all the directories under which
> mc_forwarding appears.

repeating what I had already observed viz

>> but the subdirectory conf containing the individual device names under
>> which the mc_forward key is present.

So still no answer to the original question.

sysctl net.ipv4.conf.default.mc_forwarding=1
error: permission denied on key 'net.ipv4.conf.default.mc_forwarding'

echo 1 >/proc/sys/net/ipv4/conf/default/mc_forwarding
bash: /proc/sys/net/ipv4/conf/default/mc_forwarding: Permission denied

[buck]

J G Miller <mil...@yoyo.ORG> wrote in news:j5kq8g$eoh$2...@dont-email.me:

> So still no answer to the original question.
>
> sysctl net.ipv4.conf.default.mc_forwarding=1
> error: permission denied on key
'net.ipv4.conf.default.mc_forwarding'
>
> echo 1 >/proc/sys/net/ipv4/conf/default/mc_forwarding
> bash: /proc/sys/net/ipv4/conf/default/mc_forwarding: Permission
denied

So what does
ls -l /proc/sys/net/ipv4/conf/default
show> In other words, who is the owner and what are the permissions?

On my slackware64-current system, the permissions are read only, so of
course one cannot alter the value unless the permissions are altered
to rw. If you must change this
chmod 644 /proc/sys/net/ipv4/conf/default/mc_forwarding
echo 1 >/proc/sys/net/ipv4/conf/default/mc_forwarding
--
buck

[J G Miller]

On Saturday, September 24th, 2011 at 19:29:26 +0000, Buck asked:

> So what does
> ls -l /proc/sys/net/ipv4/conf/default
> show

ll /proc/sys/net/ipv4/conf/default/mc_forwarding
0 -r--r--r-- 1 root root 0 2011-09-24 21:50 /proc/sys/net/ipv4/conf/default/mc_forwarding

> On my slackware64-current system, the permissions are read only, so of
> course one cannot alter the value unless the permissions are altered to
> rw.

It is not just the permission on the file that allows one to change a file,
but the permission on the directory.

But normally root can change any file regardless of the ownership
or permission on the file.

> If you must change this
> chmod 644 /proc/sys/net/ipv4/conf/default/mc_forwarding

chmod 644 /proc/sys/net/ipv4/conf/default/mc_forwarding
chmod: changing permissions of `/proc/sys/net/ipv4/conf/default/mc_forwarding':
Operation not permitted

Which still leaves the question unanswered,

[Lew Pitcher]

On September 24, 2011 15:57, in comp.os.linux.networking, mil...@yoyo.ORG
wrote:

> On Saturday, September 24th, 2011 at 19:29:26 +0000, Buck asked:
>
>> So what does
>> ls -l /proc/sys/net/ipv4/conf/default
>> show
>
> ll /proc/sys/net/ipv4/conf/default/mc_forwarding
> 0 -r--r--r-- 1 root root 0 2011-09-24 21:50
> /proc/sys/net/ipv4/conf/default/mc_forwarding
>
>> On my slackware64-current system, the permissions are read only, so of
>> course one cannot alter the value unless the permissions are altered to
>> rw.
>
> It is not just the permission on the file that allows one to change a
> file, but the permission on the directory.
>
> But normally root can change any file regardless of the ownership
> or permission on the file.
>
>> If you must change this
>> chmod 644 /proc/sys/net/ipv4/conf/default/mc_forwarding
>
> chmod 644 /proc/sys/net/ipv4/conf/default/mc_forwarding
> chmod: changing permissions of
> `/proc/sys/net/ipv4/conf/default/mc_forwarding': Operation not permitted

Remember that the directories and files in the /proc directory tree
are "manufactured" on the fly by kernel components. While they exhibit the
expected permission structure, they do not necessarily behave like regular
files; the kernel components can impose additional restrictions, such
as "without write permission, even root cannot write", and "user processes
(including root user processes) cannot change the permission structure".

Thus, it appears that, by themselves, the mc_forwarding files are strictly
read-only, providing information on the current setting of multicast
forwarding, and not providing a mechanism to change it.

> Which still leaves the question unanswered,
>
> "Why is it not possible to turn on multicast forwarding on any interface?"

It /is/ possible. But it takes more than just an
echo 1 >.../mc_forwarding
to accomplish.

IIRC, you /first/ must have a multicast router running, which sets up the
proper kernel conditions to activate multicast forwarding.

Do you have a multicast router running?

[J G Miller]

On Saturday, September 24th, 2011 at 16:05:31h -0400, Lew Pitcher wrote:

> IIRC, you /first/ must have a multicast router running, which sets up
> the proper kernel conditions to activate multicast forwarding.

Thank you! That was the answer to the problem.

Since my original post I have now discovered that the value of
the mc_forwarding key is changed from 0 to 1 when running eg
pimd or xorp so there is no need to even attempt to manually
change it.