Choose style:

Author Topic: Exploding number of UPnP entries  (Read 2341 times)

0 Members and 1 Guest are viewing this topic.

Offline habeatgenmoint

  • Backer
  • *
  • Posts: 11
  • Thanks: 1
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Exploding number of UPnP entries
« on: April 21, 2015, 03:16:02 pm »
My Almond+ stopped accepting new UPnP entries a few days ago, so I did a bit of troubleshooting. Turns out there are a huge amount of duplicate ipfilter entries created by MINIUPNPD. The list is so huge I didn't manage to find out how long it is, but the number is more than 30000 (yes, 30000.) The Almond+ has been up for 19 days.

It goes like this:

Chain MINIUPNPD (1 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             192.168.1.234        udp dpt:12345
ACCEPT     udp  --  anywhere             192.168.1.234        udp dpt:12345
....
ACCEPT     udp  --  anywhere             192.168.1.234        udp dpt:12345

Apparently, the UPnP deamon never checks for duplicate entries when adding new ones into the IP table. Please fix this  :'(

Edit: I'm on R072.
« Last Edit: April 21, 2015, 03:22:59 pm by habeatgenmoint »

LGNilsson

  • Guest
Re: Exploding number of UPnP entries
« Reply #1 on: April 21, 2015, 10:43:32 pm »
Thanks for the heads up, I've reported it to the software team.

Offline habeatgenmoint

  • Backer
  • *
  • Posts: 11
  • Thanks: 1
  • Registered : 02/08/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: Exploding number of UPnP entries
« Reply #2 on: April 22, 2015, 08:52:16 am »
Just in case anyone finds this useful, I'm now running a dirty script periodically to work around this bug at the moment:

Code: [Select]
iptables-save|uniq > /tmp/iptables.rules &&\
iptables --flush MINIUPNPD &&\
(echo \*nat; echo ":MINIUPNPD - [0:0]"; cat /tmp/iptables.rules|grep "\-A MINIUPNPD"|sort|grep DNAT|uniq; echo COMMIT; echo \*filter; echo ":MINIUPNPD - [0:0]"; cat /tmp/iptables.rules|grep "\-A MINIUPNPD"|sort|grep ACCEPT|uniq; echo COMMIT)|iptables-restore --noflush &&\
rm /tmp/iptables.rules

It seems to me that simply using "iptables -C" when adding new entries from miniupnpd would fix most of the problem though.

 

Page created in 0.057 seconds with 18 queries.