* Matthew Toseland <toad at amphibian.dyndns.org> [2007-05-24 20:52:41]:
> On Thursday 24 May 2007 13:30, Florent Daigni?re wrote: > > Hi, > > > > Just to keep people posted, I've written a plugin to provide basic upnp > > support to the node... Currently it uses two features of the protocol: > > > > 1) external IP address reporting > > I'm confident that it works in "simple" cases > > > > 2) port forwarding of the FNP port > > Should work, might not persist, might have some forgotten border cases > > > > More work has to be done to make it behave "properly", and handle > > border cases (more than one IGD on the LAN, external IP changes, IGD > > reboot, ...) but I don't think that it worths the effort. > > Thanks for building this. We should support the more common cases IMHO - > rebooting the IGD, the external IP changing. I might do it, but not now :) > If it's easy to support two IGDs > then it might be nice to do so, but generally that suggests trouble; it may > be sensible to leave it as disabled, or it may be better to tell the user > about it. We tell the user about it and disable the plugin (if they are two gateways I dunno how to detect which one we are using). > > Also I think UP&P should run on every startup, unless we are directly > connected to the inet. The ip detection and the port-forwarding parts are separated. If the plugin is loaded the port will be forwarded. > Anything that improves connectivity and reduces reliance on STUN servers (an > obvious thing for an attacker to watch) has to be a good thing. up&p doesn't replace stun... imho we can't rely only on upnp. > Have you implemented the "my LAN is reasonably secure" option? Not yet, it will be in the FirstTimeWizardToadlet. NextGen$ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20070524/61e62260/attachment.pgp>
