UPnP support

Skud

I've been doing a little more testing and I found that it's working 100% on my LAN interface, but it's not quite working on my WLAN interface.

Quick rundown

WLAN –> Linksys WRT54G being used as an AP. It's UPnP and DHCP are turned off. The WLAN NIC in the pfsense box is connected to port 1 on the Linksys (not the WAN port)

Here is the log output from a MSN Live messenger sign-on from a laptop connected to the WLAN interface. MSN reports it is connected to the internet through a NON-UPnP symmetric NAT router.

Aug 23 23:06:19 	miniupnpd[541]: SSDP M-SEARCH packet received from 192.168.1.200:62964
Aug 23 23:06:19 	miniupnpd[541]: ST: urn:schemas-upnp-org:service:WANPPPConnection:1
Aug 23 23:06:19 	miniupnpd[541]: SSDP M-SEARCH packet received from 192.168.1.200:62964
Aug 23 23:06:19 	miniupnpd[541]: ST: urn:schemas-upnp-org:service:WANIPConnection:1
Aug 23 23:06:18 	miniupnpd[541]: SSDP M-SEARCH packet received from 192.168.1.200:62964
Aug 23 23:06:18 	miniupnpd[541]: ST: urn:schemas-upnp-org:service:WANPPPConnection:1
Aug 23 23:06:18 	miniupnpd[541]: SSDP M-SEARCH packet received from 192.168.1.200:62964
Aug 23 23:06:18 	miniupnpd[541]: ST: urn:schemas-upnp-org:service:WANIPConnection:1
Aug 23 23:06:18 	miniupnpd[541]: SSDP M-SEARCH packet received from 192.168.1.200:62964
Aug 23 23:06:18 	miniupnpd[541]: ST: urn:schemas-upnp-org:service:WANPPPConnection:1
Aug 23 23:06:18 	miniupnpd[541]: SSDP M-SEARCH packet received from 192.168.1.200:62964
Aug 23 23:06:18 	miniupnpd[541]: ST: urn:schemas-upnp-org:service:WANIPConnection:1
Aug 23 23:06:17 	miniupnpd[541]: SSDP M-SEARCH packet received from 192.168.1.200:62964
Aug 23 23:06:17 	miniupnpd[541]: ST: urn:schemas-upnp-org:service:WANPPPConnection:1
Aug 23 23:06:17 	miniupnpd[541]: SSDP M-SEARCH packet received from 192.168.1.200:62964
Aug 23 23:06:17 	miniupnpd[541]: ST: urn:schemas-upnp-org:service:WANIPConnection:1
Aug 23 23:06:17 	miniupnpd[541]: SSDP M-SEARCH packet received from 192.168.1.200:62964
Aug 23 23:06:17 	miniupnpd[541]: ST: urn:schemas-upnp-org:service:WANPPPConnection:1
Aug 23 23:06:17 	miniupnpd[541]: SSDP M-SEARCH packet received from 192.168.1.200:62964
Aug 23 23:06:17 	miniupnpd[541]: ST: urn:schemas-upnp-org:service:WANIPConnection:1
Aug 23 23:06:16 	miniupnpd[541]: SSDP M-SEARCH packet received from 192.168.1.200:62964
Aug 23 23:06:16 	miniupnpd[541]: ST: urn:schemas-upnp-org:service:WANPPPConnection:1
Aug 23 23:06:16 	miniupnpd[541]: SSDP M-SEARCH packet received from 192.168.1.200:62964
Aug 23 23:06:16 	miniupnpd[541]: ST: urn:schemas-upnp-org:service:WANIPConnection:1

Here is a WORKING sample from a MSN Live messenger sign-on from a PC connected to the LAN side. MSN reports it is connected to the internet through a UPnP Symmetric NAT router. As you can see there is quite a bit more output and more stuff going on.

Aug 23 23:16:33 	miniupnpd[2952]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#DeletePortMapping
Aug 23 23:16:33 	miniupnpd[2952]: HTTP REQUEST : POST /control/WANIPConnection (HTTP/1.1)
Aug 23 23:16:33 	miniupnpd[2952]: Port 42193 protocol TCP allready redirected to 10.1.42.100:42193
Aug 23 23:16:33 	miniupnpd[2952]: AddportMapping TCP, for 10.1.42.100, port 42193, description : miniupnpd
Aug 23 23:16:33 	miniupnpd[2952]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Aug 23 23:16:33 	miniupnpd[2952]: HTTP REQUEST : POST /control/WANIPConnection (HTTP/1.1)
Aug 23 23:16:33 	miniupnpd[2952]: GetSpecificPortMappingEntry : rhost='(null)' 42193 TCP found => 10.1.42.100:42193 desc='miniupnpd'
Aug 23 23:16:33 	miniupnpd[2952]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetSpecificPortMappingEntry
Aug 23 23:16:33 	miniupnpd[2952]: HTTP REQUEST : POST /control/WANIPConnection (HTTP/1.1)
Aug 23 23:16:33 	miniupnpd[2952]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
Aug 23 23:16:33 	miniupnpd[2952]: HTTP REQUEST : POST /control/WANIPConnection (HTTP/1.1)
Aug 23 23:16:33 	miniupnpd[2952]: GetSpecificPortMappingEntry : rhost='(null)' 42193 TCP found => 10.1.42.100:42193 desc='miniupnpd'
Aug 23 23:16:33 	miniupnpd[2952]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetSpecificPortMappingEntry
Aug 23 23:16:33 	miniupnpd[2952]: HTTP REQUEST : POST /control/WANIPConnection (HTTP/1.1)
Aug 23 23:16:33 	miniupnpd[2952]: AddportMapping TCP, for 10.1.42.100, port 42193, description : MSGR
Aug 23 23:16:33 	miniupnpd[2952]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
Aug 23 23:16:33 	miniupnpd[2952]: HTTP REQUEST : POST /control/WANIPConnection (HTTP/1.1)
Aug 23 23:16:33 	miniupnpd[2952]: SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetSpecificPortMappingEntry
Aug 23 23:16:33 	miniupnpd[2952]: HTTP REQUEST : POST /control/WANIPConnection (HTTP/1.1)
Aug 23 23:16:33 	miniupnpd[2952]: QueryStateVariable(0"><m:varname>ConnectionStatusAug 23 23:16:33 	miniupnpd[2952]: SOAPAction: urn:schemas-upnp-org:control-1-0#QueryStateVariable
Aug 23 23:16:33 	miniupnpd[2952]: HTTP REQUEST : POST /control/WANIPConnection (HTTP/1.1)
Aug 23 23:16:33 	miniupnpd[2952]: QueryStateVariable(0"><m:varname>ConnectionStatusAug 23 23:16:33 	miniupnpd[2952]: SOAPAction: urn:schemas-upnp-org:control-1-0#QueryStateVariable
Aug 23 23:16:33 	miniupnpd[2952]: HTTP REQUEST : POST /control/WANIPConnection (HTTP/1.1)
Aug 23 23:16:33 	miniupnpd[2952]: SSDP M-SEARCH packet received from 10.1.42.100:47879
Aug 23 23:16:33 	miniupnpd[2952]: ST: urn:schemas-upnp-org:service:WANPPPConnection:1
Aug 23 23:16:33 	miniupnpd[2952]: SSDP M-SEARCH packet received from 10.1.42.100:47879
Aug 23 23:16:33 	miniupnpd[2952]: ST: urn:schemas-upnp-org:service:WANIPConnection:1
Aug 23 23:16:33 	miniupnpd[2952]: SSDP M-SEARCH packet received from 10.1.42.100:47879
Aug 23 23:16:33 	miniupnpd[2952]: ST: urn:schemas-upnp-org:service:WANPPPConnection:1
Aug 23 23:16:33 	miniupnpd[2952]: SSDP M-SEARCH packet received from 10.1.42.100:47879
Aug 23 23:16:33 	miniupnpd[2952]: ST: urn:schemas-upnp-org:service:WANIPConnection:1
Aug 23 23:16:32 	miniupnpd[2952]: SSDP M-SEARCH packet received from 10.1.42.100:47879
Aug 23 23:16:32 	miniupnpd[2952]: ST: urn:schemas-upnp-org:service:WANPPPConnection:1
Aug 23 23:16:32 	miniupnpd[2952]: SSDP M-SEARCH packet received from 10.1.42.100:47879
Aug 23 23:16:32 	miniupnpd[2952]: ST: urn:schemas-upnp-org:service:WANIPConnection:1
Aug 23 23:16:32 	miniupnpd[2952]: SSDP M-SEARCH packet received from 10.1.42.100:47879
Aug 23 23:16:32 	miniupnpd[2952]: ST: urn:schemas-upnp-org:service:WANPPPConnection:1
Aug 23 23:16:32 	miniupnpd[2952]: SSDP M-SEARCH packet received from 10.1.42.100:47879
Aug 23 23:16:32 	miniupnpd[2952]: ST: urn:schemas-upnp-org:service:WANIPConnection:1
Aug 23 23:16:31 	miniupnpd[2952]: SSDP M-SEARCH packet received from 10.1.42.100:47879
Aug 23 23:16:31 	miniupnpd[2952]: ST: urn:schemas-upnp-org:service:WANPPPConnection:1
Aug 23 23:16:31 	miniupnpd[2952]: SSDP M-SEARCH packet received from 10.1.42.100:47879
Aug 23 23:16:31 	miniupnpd[2952]: ST: urn:schemas-upnp-org:service:WANIPConnection:1
Aug 23 23:16:31 	miniupnpd[2952]: SSDP M-SEARCH packet received from 10.1.42.100:47879
Aug 23 23:16:31 	miniupnpd[2952]: ST: urn:schemas-upnp-org:service:WANPPPConnection:1
Aug 23 23:16:31 	miniupnpd[2952]: SSDP M-SEARCH packet received from 10.1.42.100:47879
Aug 23 23:16:31 	miniupnpd[2952]: ST: urn:schemas-upnp-org:service:WANIPConnection:1</m:varname></m:varname>

I will do a little bit more testing in case it might actually be the Linksys that I am using as an AP. Maybe it is trying to proxy the UPnP packets even though it's UPnP is turned off.

I was originally using my pfsense box as an AP with a wireless card, but it started dropping packets tonight and I needed it. So I hooked up the linksys to use as an AP instead.

Thanks!!
Riley

sullrich

Unfortunately right now the package is limited to LAN.  We can expand it down the road once we verify it works correctly on the LAN interface.

Skud

@sullrich:

Unfortunately right now the package is limited to LAN.  We can expand it down the road once we verify it works correctly on the LAN interface.

Gotcha..

Riley

sullrich

Anyone else tested UPnP?

Superman

I have it running!

It's been working fine since I got direction how to enable it. The few applications I use that employ it have worked fine so far. But without more extensive logging (I have the package version) I'm unable to tell if Microsoft Live Messenger is working or not, or if any communication is being made. My client works fine, it always did, uPnP or not.

Anyway all seems well so far!

Thanks! :D

Superman

Okay a further update.

I could not get Windows Live Messenger to work properly. Just regular chat works fine, but video/audio doesn't. I saw in the status page that port 0 had been opened to my internal IP, which of course didn't work. Nothing more was in the regular system log, so I don't have any more information to give.

Just that when I received an invite and accepted it didn't show that I had on the other end, when I made an invite the invite wasn't even showing on the other end…

Thanks.

ZPrime

Can you try nuking the package and installing the standalone by hand?  there have been some updates made to the miniupnpd binary and it's possible that whoever made the original package didn't update it when DB (i can't spell his handle right now) updated the binary on his site… ?

Superman

Interestingly, just as I was about to try the above suggestion, a new version of Windows Live Messenger came down the pipe. It still opens port "0" in miniupnpd but it works. At least it worked when testing it out talking to my brother who interestingly is also behind a pfSense firewall, but without miniupnpd installed! I'll have to try it out with some of my friends who are behind Linksys/D-Link or whatever variety of home routers and see if it works with them too. I think M$ must of fixed/changed something with it's upnp protocol in the newest client…

(Just in case I wasn't clear enough, this is still with the package version installed.)

databeestje

joy!

rsw686

@sullrich:

Anyone else tested UPnP?

I tested it out on my embedded box. I used the links for the files on page 1 and 2 but those files appeared out of date. After some diff comparisons I changed the files on my RC2h box and got it working. Azerus successfully works with upnp. Only thing is I'm not seeing any logs in the system log and my firewall log is filled with accepted packets.

Its late here so tomorrow if I get some free time I'm going to try and figure this out better. Anybody have the correct files for RC2h. I just don't want to overwrite bug fixes. I'll make a list of the upnp changes I found and made and see if I missed something.

ZPrime

databeestje, any changes/updates in response to my XBox problems?

ollopa

@bradenmcg:

databeestje, any changes/updates in response to my XBox problems?

I'm working on UPnP as well now.  I'm not an expert but I think I understand your xbox problem a little bit.

You said you're seeing SSDP (discovery protocol) go out over multicast to port 1900 (UDP) and you're getting a reply from miniupnpd.
At this point the xbox should go to the returned Location: address via TCP but you noticed that it's not happening.

I have a utility that I normally use to manually open ports through UPnP and it's displaying the same behavior–it's failing to understand the SSDP reply.

I'm gonna work on this all day and if I get it fixed I'll post an updated miniupnpd daemon for you to try.

Also I'll just put this information out there:  It's possible to do a workaround to get UPnP to function on both wireless and LAN interfaces.  Here's what I did:
My wireless interface is bridged to my LAN interface (this is probably the usual setup...).  My lan interface's IP address is 192.168.1.5 and the wireless interface doesn't have an address.

To get UPnP working, I set an arbitrary address on the wireless interface (ifconfig ath0 192.168.1.4).

Next I manually started miniupnpd like so: 
miniupnpd -i ng0 -a 192.168.1.5 -a 192.168.1.4 -p 5000

That allows miniunpd to bind to both interfaces and reply to multicast SSDP packets.

I don't know enough about bridging/multicast/socket programming to understand why this is neccessary to make it work, or how to fix it in miniupnpd.

ollopa

I understand what the problem is now with the Xbox (and potentially other applications/devices as well).

miniupnpd is an incomplete implementation of UPnP.  It's lacking a lot of features that would make it a much more robust UPnP solution.

I just spent some time sniffing packets and reading some (of the waay waaay too many) UPnP specs.  I'm going to add the missing functionality to miniupnpd and submit some patches to the original author.

This is non-trivial.  I'd like to collect a bounty upon completion of this.  Is anyone willing to offer up a few $$?

sullrich

If you can get this working then pfSense can send 25$.  If others have some money please help out as well.

jonr800

If you can get miniupnp to work with the Xbox 360, I will chip in $15. :)

ZPrime

I sent half of my bounty to databiestje ($50) since he got the ball rolling, but I had asked for an implementation that works with 360 as one of my requirements.  I'll send the other $50 to whoever makes it work with the 360, and again, I'm embedded so I need it to not be package-only.  Skud also wants to donate to the bounty and he will do it through me…

Developers, should I just send the rest of the bounty money to Scott (both my remaining and the stuff from Skud/Riley) and Scott can distribute from there as appropriate?

hshh

Will upnp break traffic shape?

nsumner

I upgraded to RC2i. Obviously in doing so UPnP was broken. I decided to install the package. I installed the package and it doesn't even begin to work. If I enable it on the LAN interface when I hit save I get the following error.

Fatal error: Call to undefined function: system_start_upnp_daemon() in /usr/local/www/interfaces_lan.php on line 118

I am going to remove the package and then install it manually (and I am guessing it will work). But perhaps the package should be removed until things are a little more settled.

ollopa

I just noticed the author of miniupnpd posted a new version of the source that already has most of the changes I worked all night to implement…

Well there goes one day of hard slave labor :(

Here's a binary version that should work on the embedded platforms:  www.sloservers.com/miniupnpd

Try that out with your xboxes--it should work.

ZPrime

@hshh:

Will upnp break traffic shape?

I don't see why it would…  The biggest issue would be that if you have certain ports shaped and a workstation decides to use one of those ports for UPnP it will get shaped.  I.e. you have the range 5000-5100 shaped to low priority as ports for IRC DCC sending, and then an XBox decides to use 5051 or something, it is going to be put in the low priority queue.

ollopa - I'll give that new binary a try tonight.  Any other changes I need to make?  Also, I'm still running RC2e, will this matter?