miniupnp.tuxfamily.org

offbynull · Joined: 27 Jan 2014 Posts: 11

Hi,

A minor bug I noticed while testing my Java client library with miniupnpd's PCP functionality: If a request packet is missing data, miniupnpd crashes. I noticed this bug when I accidentally truncated the suggested external IP address (last field in the MAP op) to 4 bytes. I believe the proper response should something with error code MALFORMED_REQUEST (http://tools.ietf.org/html/rfc6887#section-7.4).

Also, I noticed that I get a UNSUPP_OPCODE error code when I attempt an announce request. From reading the RFC, I think the proper response for this should be a response with no payload, 0 for the op code, and 0 for the lifetime (http://tools.ietf.org/html/rfc6887#section-14.1.2). From the RFC: "This functionality allows a PCP client to determine a server's Epoch, or to determine if a PCP server is running, without changing the server's state"

offbynull · Joined: 27 Jan 2014 Posts: 11

Hi,

Another issue I just noticed with PCP: If the version field is set to 3 in a request, the miniupnpd process seems to end. I believe the correct behaviour should be a reply with UNSUPP_VERSION (http://tools.ietf.org/html/rfc6887#section-9).

miniupnp · Site Admin Joined: 14 Apr 2007 Posts: 1587

miniupnp · Site Admin Joined: 14 Apr 2007 Posts: 1587

I implemented ANNOUNCE request and fixed various issues

can you test again with the updated code miniupnpd-1.8.20140203.tar.gz or from github : https://github.com/miniupnp/miniupnp
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/

offbynull · Joined: 27 Jan 2014 Posts: 11

Hi,

Terribly sorry for the delay. I was under the impression that the phpbb would automatically notify me of replies to threads I start.

I'll give this a try in a bit and let you know how it goes. But I've also encountered another issue:

My understanding is that to keep a mapping alive. You need to re-issue your MAP requests at a rate less than the lifetime in the MAP response. Right now I'm re-issuing my MAP requests at lifetime / 4 (30 seconds in my case), but miniupnpd still drops my mapping. At first I thought that this may be due to the fact that I use a new nonce value for each MAP packet, but after inspecting pcpserver.c, it doesn't look like nonce is taken in to consideration.

Here's the wireshark output + syslog of my Ubuntu VM with miniupnpd installed. I create the mapping, keep it updated for 200 seconds, then try to unmap it. My client code doesn't report an error, but the syslog mentions that the mapping has been removed. Also, if I only maintain the mapping for exactly 120 seconds, the unmapping returns an error (NO_RESOURCE I think was the error code?).

EDIT: It seems that phpBB is truncating my dumps. Is there another avenue to get these logs to you?

miniupnp · Site Admin Joined: 14 Apr 2007 Posts: 1587

you can use http://pastebin.com/, email me (miniupnp at free dot fr) or github https://github.com/miniupnp/miniupnp
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/

offbynull · Joined: 27 Jan 2014 Posts: 11

Wireshark dump: http://pastebin.com/sA6NGZ4f
Syslog excerpt: http://pastebin.com/SL8vzYqf

miniupnp · Site Admin Joined: 14 Apr 2007 Posts: 1587

it looks like Mapping renewal is not working well
RFC6887 11.2.1. An existing mapping SHOULD have its lifetime extended by the PCP client for as long as the client wishes to have that mapping continue to exist. To do this, the PCP client sends a new MAP request indicating the internal port.
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/

miniupnp · Site Admin Joined: 14 Apr 2007 Posts: 1587

I think I have fixed it :
https://github.com/miniupnp/miniupnp/commit/16ea0db41162f80bdbee37bcc92bc8ce1f45e695
The lifetime was not updated...
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/

offbynull · Joined: 27 Jan 2014 Posts: 11

Sorry for the delay.

It looks like things are pretty good. I went ahead and purchased an Apple Airport and it looks like the behaviour of Apple's PCP implementation is fairly consistent with miniupnpd's implementation. The only discrepancy that I came across was that Apple's implementation didn't support PREFER_FAILURE, which I think is a stupid decision on Apple's part Sad

I'm going to switch gears to implementing a upnp client. What version of upnpigd does miniupnpd currently support? Does miniupnpd's upnpigd implementation support events? I'm mainly interested in getting notified if my IP address changes or if any of my mappings are lost or timed out.

BTW: if you're interested in the client code I wrote, you can find it here:
https://code.google.com/p/peernetic/source/browse/#git%2Frouter-natpmp%2Fsrc%2Fmain%2Fjava%2Fcom%2Foffbynull%2Fpeernetic%2Frouter%253Fstate%253Dclosed

offbynull · Joined: 27 Jan 2014 Posts: 11

I just noticed an issue with IPv6 and UPnP.

SSPD is giving me back the following URL in the LOCATION header: http://[::1]:46466/rootDesc.xml

I think [::1] should be the IPv6 address of my miniupnpd VM.

miniupnp · Site Admin Joined: 14 Apr 2007 Posts: 1587

offbynull · Joined: 27 Jan 2014 Posts: 11

Hey,

Here's what syslog is dumping out...

Mar 8 09:48:05 ubuntu miniupnpd[3109]: HTTP listening on port 55542
Mar 8 09:48:05 ubuntu miniupnpd[3109]: no HTTP IPv6 address
Mar 8 09:48:05 ubuntu miniupnpd[3109]: Listening for NAT-PMP/PCP traffic on port 5351
Mar 8 09:48:06 ubuntu miniupnpd[3109]: SSDP packet sender [fe80::e894:5c7d:16c0:7e18]:64879 not from a LAN, ignoring
Mar 8 09:48:39 miniupnpd[3109]: last message repeated 9 times

It sounds like this is a configuration issue with my VM.

miniupnp · Site Admin Joined: 14 Apr 2007 Posts: 1587

you should have IPv6 addresses for your network interfaces.
And not just the link local ones (fe80::xxxx)
_________________
Main miniUPnP author.
https://miniupnp.tuxfamily.org/