UPnP support
-
Anyone else tested UPnP?
I tested it out on my embedded box. I used the links for the files on page 1 and 2 but those files appeared out of date. After some diff comparisons I changed the files on my RC2h box and got it working. Azerus successfully works with upnp. Only thing is I'm not seeing any logs in the system log and my firewall log is filled with accepted packets.
Its late here so tomorrow if I get some free time I'm going to try and figure this out better. Anybody have the correct files for RC2h. I just don't want to overwrite bug fixes. I'll make a list of the upnp changes I found and made and see if I missed something.
-
databeestje, any changes/updates in response to my XBox problems?
-
@bradenmcg:
databeestje, any changes/updates in response to my XBox problems?
I'm working on UPnP as well now. I'm not an expert but I think I understand your xbox problem a little bit.
You said you're seeing SSDP (discovery protocol) go out over multicast to port 1900 (UDP) and you're getting a reply from miniupnpd.
At this point the xbox should go to the returned Location: address via TCP but you noticed that it's not happening.I have a utility that I normally use to manually open ports through UPnP and it's displaying the same behavior–it's failing to understand the SSDP reply.
I'm gonna work on this all day and if I get it fixed I'll post an updated miniupnpd daemon for you to try.
Also I'll just put this information out there: It's possible to do a workaround to get UPnP to function on both wireless and LAN interfaces. Here's what I did:
My wireless interface is bridged to my LAN interface (this is probably the usual setup...). My lan interface's IP address is 192.168.1.5 and the wireless interface doesn't have an address.To get UPnP working, I set an arbitrary address on the wireless interface (ifconfig ath0 192.168.1.4).
Next I manually started miniupnpd like so:
miniupnpd -i ng0 -a 192.168.1.5 -a 192.168.1.4 -p 5000That allows miniunpd to bind to both interfaces and reply to multicast SSDP packets.
I don't know enough about bridging/multicast/socket programming to understand why this is neccessary to make it work, or how to fix it in miniupnpd.
-
I understand what the problem is now with the Xbox (and potentially other applications/devices as well).
miniupnpd is an incomplete implementation of UPnP. It's lacking a lot of features that would make it a much more robust UPnP solution.
I just spent some time sniffing packets and reading some (of the waay waaay too many) UPnP specs. I'm going to add the missing functionality to miniupnpd and submit some patches to the original author.
This is non-trivial. I'd like to collect a bounty upon completion of this. Is anyone willing to offer up a few $$?
-
If you can get this working then pfSense can send 25$. If others have some money please help out as well.
-
If you can get miniupnp to work with the Xbox 360, I will chip in $15. :)
-
I sent half of my bounty to databiestje ($50) since he got the ball rolling, but I had asked for an implementation that works with 360 as one of my requirements. I'll send the other $50 to whoever makes it work with the 360, and again, I'm embedded so I need it to not be package-only. Skud also wants to donate to the bounty and he will do it through me…
Developers, should I just send the rest of the bounty money to Scott (both my remaining and the stuff from Skud/Riley) and Scott can distribute from there as appropriate?
-
Will upnp break traffic shape?
-
I upgraded to RC2i. Obviously in doing so UPnP was broken. I decided to install the package. I installed the package and it doesn't even begin to work. If I enable it on the LAN interface when I hit save I get the following error.
Fatal error: Call to undefined function: system_start_upnp_daemon() in /usr/local/www/interfaces_lan.php on line 118
I am going to remove the package and then install it manually (and I am guessing it will work). But perhaps the package should be removed until things are a little more settled.
-
I just noticed the author of miniupnpd posted a new version of the source that already has most of the changes I worked all night to implement…
Well there goes one day of hard slave labor :(
Here's a binary version that should work on the embedded platforms: www.sloservers.com/miniupnpd
Try that out with your xboxes--it should work.
-
Will upnp break traffic shape?
I don't see why it would… The biggest issue would be that if you have certain ports shaped and a workstation decides to use one of those ports for UPnP it will get shaped. I.e. you have the range 5000-5100 shaped to low priority as ports for IRC DCC sending, and then an XBox decides to use 5051 or something, it is going to be put in the low priority queue.
ollopa - I'll give that new binary a try tonight. Any other changes I need to make? Also, I'm still running RC2e, will this matter?
-
@bradenmcg:
ollopa - I'll give that new binary a try tonight. Any other changes I need to make? Also, I'm still running RC2e, will this matter?
All the previous patches still have to be applied to for UPnP. Just use the binary I posted instead of the other one. If you've already installed miniupnpd on your RC2e then just replace the miniupnpd binary and try it out.
I found a smarter way to enable UPnP on bridged interfaces, BTW (LAN+WIRELESS for example). I'm going to try patch my pfSense install to use this method. I'll report back later.
Is anybody working on GUI pages for UPnP? I don't want to duplicate another person's efforts (again).
-
I saw your email re: wireless… I do not have a wireless card in my pf box. I have one AP (wired) hanging off a switch that is on the LAN - that AP runs WPA2/AES and I consider it to be as secured as any of my wired PCs.
I have a second AP that is wide open, and it is on its own interface on the soekris/pfsense, but it's routed on its own subnet. I used to use bridge mode between my LAN and WAN (pfsense as a bridging firewall) but that was only so I could use a different router for UPnP. ;)
-
Well I updated the latest release of miniupnpd. It's possible to pass the uuid string to the device with the -u parameter now (this is only to support multiple instances of miniupnpd on the same network). I also implemented SSDP announcements and fixed a minor bug in the SSDP implementation.
The lastest binary (compiled for 486 and up) is on my website here www.sloservers.com/miniupnpd
Can anybody test it out and report results?
-
Well, the latest miniupnp daemon is working with the xbox 360, or at least, the 360 says (During the xbox live test) that my NAT status is "open." Open is the best, the other two options are "filtered" and "strict". PF was showing as "strict" before.
-
Sweet, could you post diff's or possibly contribute the code back to http://miniupnp.free.fr/ ? I'm unfortunately currently running OpenBSD. Of course I promised the $15 bounty, so just let me know where to send it.
bradenmcg, you'll have to add me to your Friends list so we can try a voice chat or game.
-
I did send a patch back to the original author but I'm not sure how much of it he's going to accept or when he'll get it merged and posted online.
I'll give up my source and the latest compiled binary (for 486 and up) here: http://www.sloservers.com/miniupnp
(note the lack of a d on miniupnp this time).The source is is in a tgz. Compile on *BSD with gmake or just link the object files by hand…
Paypal contributions to rick@sloservers.com would be appreciated. I will continue work on the daemon if there are any bugs, features, etc.
-
FWIW, it's still not perfect as when the Xbox 360 starts, miniupnpd is confused by something and it logs a few "unknown packet" errors. However, it's implementing enough of the protocol to satisfy the xbox so it will map ports OK… If you want pcap-style network dumps of the conversation between the 360 and your current build of miniupnpd i can provide... also if you want to give me a debug version of the daemon that spits out more on the log that is cool too.
-
Actually I saw the startup capture you posted previously.
What's going on is that the Xbox is announcing its presense and miniupnpd is ignoring the packet and logging that it received something other than an M-SEARCH.
miniupnpd doesn't need to act on this information but it also shouldn't give an error message.
I will patch miniupnpd to handle notifies from other devices without giving an error message.Look back here in 10 minutes.Done.
Try the version that is in this folder: http://www.sloservers.com/miniupnp
Right-click miniupnpd and save-as. -
Thanks for your work on this. the pfSense team will be sending 25$ as promised.