UPnP support
-
Current 20060924 upstream merged. This should have the XML fixes.
If you want the latest, reinstall the package.
The queues is just simply a pain. Although I am pretty sure you can attach a queue to it I think it's a bit of a problem.
We can not assume it's a p2p either. If you have a XBOX you want the game to have a higher priority. Making a choice in the shaper configuration to dump it into either p2p or games or skype or voipbuster or MSN.
pondering…
For now it is as it is. The good thing is that rules ahead of it match. So stick your p2p thingie in a normal user rule and it will apply to the right queue. All the rest of the random ports for MSN skype and Xbox would "just work" although no specific priority would be applied. Which would still be above p2p.
Yep. I think you have to know what queue number the queue is to add it. You can't just call SIOCADDRULE (or whatever the ioctl is…don't recall the exact name) with the character array representation of the queue, it's gotta be whatever pfctl numbered it.
--Bill
-
I'd be nice to have a page showing the current upnp forwarded ports and the ability to close them off. When I was testing out upnp I had a case were the application didn't close the port due to a crash and then when the app was opened and closed again since the port was already forwarded it wouldn't close it.
-
There is a page that does this, IIRC.
-
Ok, with the latest version, it works perfectly from MSN, but I cant see Internet Connection anymore as shown above.
-
package updated. it should install again.
Cheers,
Seth
-
package updated. it should install again.
Cheers,
Seth
Thanks for all the hard work on this package. I finally got around to making a custom image with the miniupnpd files and my config so I could just write it to the compact flash card and start the box up.
Happy to say that the miniupnpd package is outstanding. Azereus maps/unmaps ports correctly. I was even surprised that the Internet Connection Advaced Services tab in WinXP Network Connections is able to map/unmap ports as well. Really satisified.
Only minor thing I see is in the system logs
miniupnpd[787]: Unknown soap method
Also clicking on the miniupnpd on the pfsense admin pages shows the settings, would perfer it to show the status first as that will be used more than the settings for which interface its configured on. Also the tabs are missing on the status page.
Both those are minor issues.
–---
Note: I used the words attached files in writing the below. Well I can't attach files with extensions sh, xml, tar.gz. So instead I provided links to them at the end of the text. I would've renamed the extensions to txt but I thought that might get confusing.
For anybody else wanting to make a custom image to flash for the embedded platform its quite simple.
I use FreeSBIE in VMware. However you can use any freebsd platform of your choice.
Either use the attached miniupnpd.tar.gz file or follow the steps below to create one with the newest version of the files.
Grab the latest files from http://www.pfsense.com/packages/config/miniupnpd/. This should include miniupnpd, miniupnpd.inc, miniupnpd.xml, status_upnp.php.
Put the files above and the miniupnpd.sh file attached in a directory you create named miniupnpd. Tar the directory using
"tar cfz miniupnpd.tar.gz miniupnpd/"
Now use the attached script sh-add-miniupnpd.sh to add the miniupnpd files to the pfSense.img file (successfully used on snapshot 9-27-06). The script uses the miniupnpd.tar.gz file to extract and add those to the pfSense.img file. You will need to chmod +x sh-add-miniupnpd.sh to give it execute permissions.
Yes, you could modify the script so you wouldn't have to tar the files and just stick them all in the script directory. However, since I use this in VMware I find its easier to keep track of fewer files when copying them back and forth. Plus I can name the miniupnpd tar file so I know which one is the working version and which is the one containing the new files I just grabbed from the web. ;)
"chmod +x sh-add-miniupnpd.sh"
"./sh-add-miniupnpd.sh miniupnpd.tar.gz pfSense.img"Replace the <installedpackages>section in your personalized config you downloaded from your current pfsense box with the supplied <installedpackages>section in the attached cfg-add-miniupnpd.xml file.
Use the attached script sh-replace-config.sh to replace the default config in the pfSense.img file with the config you just created.
"chmod +x sh-replace-config.sh"
"./sh-replace-config.sh yourconfig.xml pfSense.img"Your image is ready. Flash it to the device and enjoy.
Thanks to Seth for helping me out getting this to work. He gave me the <installedpackages>section of the config along answering multiple questions I had about miniupnpd.
Files:
http://wgnrs.dynalias.com:81/pfsense/cfg-add-miniupnpd.xml
http://wgnrs.dynalias.com:81/pfsense/miniupnpd.sh
http://wgnrs.dynalias.com:81/pfsense/miniupnpd.tar.gz
http://wgnrs.dynalias.com:81/pfsense/sh-add-miniupnpd.sh
http://wgnrs.dynalias.com:81/pfsense/sh-replace-config.sh</installedpackages></installedpackages></installedpackages> -
I have just commited these changes.
-
Added -o WAN override option
-
Now defaults to status page
-
If not setup prior, redirects to settings tab
-
Removed Status entry. Now defaults to Services -> Miniupnpd
-
-
I have just commited these changes.
-
Added -o WAN override option
-
Now defaults to status page
-
If not setup prior, redirects to settings tab
What flags the page to know if its setup prior or not. I just grabbed the latest files again and reflashed my device. Now on the status page it shows the tabs and on the settings page I have the wan override box. However it still shows the settings page when clicking miniupnpd, even hitting change on the settings page.
I see this line
['installedpackages']['miniupnpd']['config']
Does that point to the config xml file? I'm almost positive it does. I just did a backup of the config file from the webgui and I have the miniupnpd config section sepcifing the interface_arry.
-
-
Go to System -> Packages -> Installed -> Click reinstall for miniupnpd.
I just commited something a few minutes ago.
-
Okay will do that. Is there a way to kill the firewall log entries for the upnp mapped ports. Azereus fills up the log real quick.
-
Looks like the logging flag is being enabled in the rule. It should be trivial to turn off but the binary will need to be recompiled, etc.
pass in log quick on fxp0 inet proto udp from any to any port = 30492 keep state label "Azureus UPnP 30492 UDP"
Seth, is this something you want to handle?
-
Looks like the logging flag is being enabled in the rule. It should be trivial to turn off but the binary will need to be recompiled, etc.
pass in log quick on fxp0 inet proto udp from any to any port = 30492 keep state label "Azureus UPnP 30492 UDP"
Seth, is this something you want to handle?
While your recompiling the binary the other issue is that no nat reflection rules are being created eventhough i have the disable nat reflection box unchecked. This would be really nice to have fixed. As with Azereus if I want to host trackers I can't check them from my house. It also makes Azereus think its behind a "firewall" due to it not being able to see itself.
-
While your recompiling the binary the other issue is that no nat reflection rules are being created eventhough i have the disable nat reflection box unchecked. This would be really nice to have fixed. As with Azereus if I want to host trackers I can't check them from my house. It also makes Azereus think its behind a "firewall" due to it not being able to see itself.
Really sorry but this will not be fixed. Reflection is a mess as it is and I am not adding that complexity to something like this since we are on the road to being released.
-
While your recompiling the binary the other issue is that no nat reflection rules are being created eventhough i have the disable nat reflection box unchecked. This would be really nice to have fixed. As with Azereus if I want to host trackers I can't check them from my house. It also makes Azereus think its behind a "firewall" due to it not being able to see itself.
Really sorry but this will not be fixed. Reflection is a mess as it is and I am not adding that complexity to something like this since we are on the road to being released.
I understand the focus is on clearing up whatever bugs are left. Let me ask this though, if nat reflection was to be added to upnp it would be in the miniupnpd binary, correct? Since I have some free time (college student) I would like to attempt to make the modifications my self for my own learning. Is the source available for this binary and where? Thanks for your help.
-
No, that would be in the pfSense code which is frozen. The only reason your even seeing this package is because its a package and doesnt touch the main code besides a simple table.
-
That's weird. Cause it works for me.
-
There definately is some race conditions present in miniupnpd:
82817 root 1 130 0 1892K 416K RUN 544:53 44.78% miniupnpd
I should note that nothing is even using it right now!
-
I just happened to be quickly browsing the miniupnpd homepage, and noticed that this updated source is now available: miniupnpd20060930.tar.gz.
Here's the changelog since 20060919:
2006/09/29: Improved compliance of the XML Descriptions pretty print for testupnpdescgen 2006/09/25: improved the Error 404 response. Better serviceType and serviceId for dummy service... 2006/09/24: updating the XML description generator
Just in case anyone needed this info.
I would like to compile the binary and try it out myself, but not being a developer I don't know exactly how to go about it. I tried the few things I know but I couldn't get it to compile properly.
-
Well miniupnpd is broken in RC3 now. I installed it clean and the package and I get this error in the log.
Oct 2 22:11:51 miniupnpd[977]: Failed to open socket for SSDP. EXITING
Oct 2 22:11:51 miniupnpd[977]: bind(udp): Address already in use
Oct 2 22:11:49 php: : Resyncing configuration for all packages.Anything changed that would affect this between the 09-27-06 snapshot and RC3. It worked then just fine.
-
Oct 2 22:11:51 miniupnpd[977]: Failed to open socket for SSDP. EXITING
Oct 2 22:11:51 miniupnpd[977]: bind(udp): Address already in use
Oct 2 22:11:49 php: : Resyncing configuration for all packages.That looks like you still had a copy of miniupnpd running in memory when you installed the package.
Did you try rebooting the router yet?
-
Oct 2 22:11:51 miniupnpd[977]: bind(udp): Address already in use
It's already running, I bet. Kill it before starting it again.
Either that or our code is not killing it correctly.
-
Oct 2 22:11:51 miniupnpd[977]: bind(udp): Address already in use
It's already running, I bet. Kill it before starting it again.
Either that or our code is not killing it correctly.
I tried rebooting the system. Played around with this some more in VMware installing RC3 and then the package. Same thing happens. Only thing that comes to mind is that it runs the rc.d startup script before it syncs the package and then runs it again.
Not only that but now when I run Azereus it still talks to miniupnpd and sets up the port forwarding but it doesn't actually open them up in the firewall. Azereus shows DHT firewalled and before the firewall logs would fill with accepted packets and now it doesn't.
-
When I run
pfctl -aminiupnpd -sn
rdr on fxp1 inet proto udp from any to any port = 6881 label "Azureus UPnP 6881 UDP" -> 10.10.1.150 port 6881
rdr on fxp1 inet proto tcp from any to any port = 6881 label "Azureus UPnP 6881 TCP" -> 10.10.1.150 port 6881pfctl -aminiupnpd -sr
pass in log quick on fxp1 inet proto udp from any to any port = 6881 keep state label "Azureus UPnP 6881 UDP"
pass in log quick on fxp1 inet proto tcp from any to any port = 6881 keep state label "Azureus UPnP 6881 TCP"However status.php only shows
pfctl -sn
rdr-anchor "miniupnpd" allpfctl -sr
anchor "miniupnpd" all
block drop in quick all label "Default block all just to be sure."
block drop out quick all label "Default block all just to be sure." -
I did have this problem with RC3 as well but I did an uninstall reboot and install then a reboot and that has seemed to wrok
-
I have not researched it yet, but it does seem like it is starting the package twice. It's probably not checking if it is started allready. or something along those lines.
With regards to the port mapping missing, I have no clue whatsoever.
-
I have not researched it yet, but it does seem like it is starting the package twice. It's probably not checking if it is started allready. or something along those lines.
With regards to the port mapping missing, I have no clue whatsoever.
Okay wanted to give some more information on this. Miniupnpd works now. I had to click change on the miniupnpd settings page and then clear and the status page. This seemed to kill both processes and get it started correctly. The rules are working and Azereus passes the firewall test. The firewall log fills with accepted packets. As you can see below both running instances closed out.
Oct 4 02:24:42 miniupnpd[1319]: Unknown soap method
Oct 4 02:24:38 miniupnpd[1298]: received signal 15, exiting
Oct 4 02:24:35 miniupnpd[804]: received signal 15, exitingThere is defiantly 2 instances of minupnpd being started. Happens everytime I reboot. Looks at the log below. It resyncs the package configuration twice and on the 2nd time miniupnpd fails because it is already started. Not only does it do the package resync twice but the RRD graphs and some other items as well. This all appeared after the 09-27-06 snapshot. First showed up in RC3 and still around in RC3b, which is what I'm running.
Oct 4 02:23:11 check_reload_status: reloading filter
Oct 4 02:23:11 miniupnpd[1010]: Failed to open socket for SSDP. EXITING
Oct 4 02:23:11 miniupnpd[1010]: bind(udp): Address already in use
Oct 4 02:23:10 php: : Resyncing configuration for all packages.
Oct 4 02:23:05 php: : Creating rrd graph index
Oct 4 02:23:05 php: : Creating rrd update script
Oct 4 02:23:05 php: : Informational: DHClient spawned /etc/rc.newwanip and the new ip is wan - 68.100.53.135.
Oct 4 02:22:58 login: login on console as root
Oct 4 02:22:48 sshlockout[840]: sshlockout starting up
Oct 4 02:22:48 sshlockout[840]: sshlockout starting up
Oct 4 02:22:48 login: login on console as root
Oct 4 02:22:39 dnsmasq[579]: reading /var/dhcpd/var/db/dhcpd.leases
Oct 4 02:22:37 check_reload_status: rc.newwanip starting
Oct 4 02:22:37 check_reload_status: check_reload_status is starting
Oct 4 02:22:37 last message repeated 4 times
Oct 4 02:22:36 miniupnpd[804]: Unknown soap method
Oct 4 02:22:34 php: : Resyncing configuration for all packages.
Oct 4 02:22:30 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Oct 4 02:22:30 dhcpd: All rights reserved.
Oct 4 02:22:30 dhcpd: Copyright 2004-2006 Internet Systems Consortium.
Oct 4 02:22:30 dhcpd: Internet Systems Consortium DHCP Server V3.0.4
Oct 4 06:22:29 php: : Creating rrd graph index
Oct 4 06:22:29 php: : Creating rrd update script
Oct 4 06:22:29 php: : Create RRD database /var/db/rrd/wan-quality.rrd
Oct 4 06:22:29 php: : Create RRD database /var/db/rrd/wan-packets.rrd
Oct 4 06:22:29 php: : Create RRD database /var/db/rrd/wan-traffic.rrd
Oct 4 06:22:28 php: : Create RRD database /var/db/rrd/lan-packets.rrd
Oct 4 06:22:28 php: : Create RRD database /var/db/rrd/lan-traffic.rrd
Oct 4 02:22:28 dnsmasq[579]: reading /var/dhcpd/var/db/dhcpd.leases -
I dug into this further. Due to the following added changelogs miniupnpd starts three times.
[14721] Add rc.start_packages file
[14722] Use /etc/rc.start_packagesFirstly, the packages are being synced twice evident in dmesg and the logs where RRD is starting twice and then the below code in miniupnpd.inc starts the package. Then the rc.start_packages files starts it a third time.
start_service("miniupnpd");
restart_service("miniupnpd");In my previous posts look at the process ids. There are three different ones.
Oct 4 02:24:38 miniupnpd[1298]: received signal 15, exiting
Oct 4 02:24:35 miniupnpd[804]: received signal 15, exiting
Oct 4 02:23:11 miniupnpd[1010]: bind(udp): Address already in use
Oct 4 02:22:36 miniupnpd[804]: Unknown soap method -
I just fixed these issues. Please reinstall the miniupnpd package.
-
I just fixed these issues. Please reinstall the miniupnpd package.
Thanks alot. The changes work great.
-
miniupnpd version 20060930 commited, reinstall package to get to it.
Cheers.
-
miniupnpd version 20060930 commited, reinstall package to get to it.
Cheers.
Wow …
Oct 5 17:09:05 last message repeated 23845 times
Oct 5 17:08:34 miniupnpd[1359]: Unsupported HTTP Command SUBSCRIBE
Oct 5 17:08:34 miniupnpd[1359]: recv (state0): Connection reset by peer
Oct 5 17:08:34 last message repeated 5583 times
Oct 5 17:08:27 miniupnpd[1359]: Unsupported HTTP Command SUBSCRIBE
Oct 5 17:08:27 miniupnpd[1359]: recv (state0): Connection reset by peerIs this a new error or is the error just being displayed now. It has completely filled my system log in 15 min. Also the firewall log still fills with accepted packets.
-
Wow …
Oct 5 17:09:05 last message repeated 23845 times
Oct 5 17:08:34 miniupnpd[1359]: Unsupported HTTP Command SUBSCRIBE
Oct 5 17:08:34 miniupnpd[1359]: recv (state0): Connection reset by peer
Oct 5 17:08:34 last message repeated 5583 times
Oct 5 17:08:27 miniupnpd[1359]: Unsupported HTTP Command SUBSCRIBE
Oct 5 17:08:27 miniupnpd[1359]: recv (state0): Connection reset by peerIs this a new error or is the error just being displayed now. It has completely filled my system log in 15 min. Also the firewall log still fills with accepted packets.
What is UPNP communicating with? XBOX?
-
Wow …
Oct 5 17:09:05 last message repeated 23845 times
Oct 5 17:08:34 miniupnpd[1359]: Unsupported HTTP Command SUBSCRIBE
Oct 5 17:08:34 miniupnpd[1359]: recv (state0): Connection reset by peer
Oct 5 17:08:34 last message repeated 5583 times
Oct 5 17:08:27 miniupnpd[1359]: Unsupported HTTP Command SUBSCRIBE
Oct 5 17:08:27 miniupnpd[1359]: recv (state0): Connection reset by peerIs this a new error or is the error just being displayed now. It has completely filled my system log in 15 min. Also the firewall log still fills with accepted packets.
What is UPNP communicating with? XBOX?
Nope I just had Azereus open. Just like in the past with the older version. This is a clean RC3 install with a,b,c patches and the miniupnpd package.
-
Ruh roh. Looks like the new miniupnpd binary has added a regression then.
-
Ruh roh. Looks like the new miniupnpd binary has added a regression then.
I'd say so. I loaded the old binary version back and the error is gone.
-
Embedded users interested in this package have a look at http://forum.pfsense.org/index.php/topic,1788.msg13490.html#msg13490 :)
-
Upgraded and …
Oct 4 08:09:40 miniupnpd[1423]: Unknown soap method Oct 4 08:25:08 miniupnpd[1423]: Unknown soap method Oct 4 08:47:17 miniupnpd[1423]: Unknown soap method Oct 4 09:26:39 miniupnpd[1423]: Unknown soap method
-
Looks like something is dirty if it needs soap… ;D
-
From my post referenced above about adding miniupnpd on embedded.
http://forum.pfsense.org/index.php/topic,1788.msg13498.html#msg13498
Miniupnpd uses the miniupnp.sh script to start the service. This file contains your ip address and nic interface hardcoded. Not a big deal as the sync_package_miniupnpd() recreates it. However it doesn't seem to run this when syncing packages at startup. I looked in the code and it looks like the miniupnpd.xml file should have a custom_php_resync_config_command section which calles sync_package_miniupnpd(). I think the thought was that once its configured theres really no need to keep recreating the same startup file.
Shouldn't the below be added to the miniupnpd.xml file so the package is resynced at startup. Wouldn't hardly add any extra time to boot and would insure the package is configured properly.
<custom_php_resync_config_command>sync_package_miniupnpd();</custom_php_resync_config_command>
I could be wrong but I looked into the pfsense-utils.inc file and don't see how this would get called without the above xml section.
-
Hmm I have the latest version with that has the custom_php_resync_config_command added in the xml file. I receive the following error.
Syncing packages:
miniupnpdFatal error: Call to undefined function: get_real_wan_interface() in /usr/local/pkg/miniupnpd.inc on line 13
Executing rc.d items…
Starting /usr/local/etc/rc.d/*.sh...