Behind CGNAT: "Found a (not connected?) IGD : http://192.168.1.254:5000/ctl/IPConn" ... command line options order does matter

[sanderjo]

I'm behind CGNAT (so: a 100.64.x.y address on the WAN-interface of my router / NAT).

I get this:

$ upnpc -l
upnpc : miniupnpc library test client, version 2.2.3.
 (c) 2005-2021 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://192.168.1.254:5000/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found a (not connected?) IGD : http://192.168.1.254:5000/ctl/IPConn
No valid UPNP Internet Gateway Device found.

So based on the source code:

			case 2:
				printf("Found a (not connected?) IGD : %s\n", urls.controlURL);
				if (ignore) printf("Trying to continue anyway\n");
				break;

... I tried with the "-i" ignore option, but still an error:

$ upnpc -l -i
upnpc : miniupnpc library test client, version 2.2.3.
 (c) 2005-2021 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :


 desc: http://192.168.1.254:5000/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found a (not connected?) IGD : http://192.168.1.254:5000/ctl/IPConn
No valid UPNP Internet Gateway Device found.

Still "No valid UPNP Internet Gateway Device found.". Is that correct? Port forwarding can still be useful behind CGNAT.

Is this something miniupnp decides ("no public WAN IP, so no Internet Gateway Device"?)? Or does my NAT decide that?

[sanderjo]

Changelog:

2013/10/07:
  fixed potential buffer overrun in miniwget.c
  Modified UPNP_GetValidIGD() to check for ExternalIpAddress

sourcecode:

/* UPNP_GetValidIGD() :
 * return values :
 *     0 = NO IGD found
 *     1 = A valid connected IGD has been found
 *     2 = A valid IGD has been found but it reported as
 *         not connected
 *     3 = an UPnP device has been found but was not recognized as an IGD

[sanderjo]

Ugly hack: rewriting i from 2 to 1:

		if( (rootdescurl && UPNP_GetIGDFromUrl(rootdescurl, &urls, &data, lanaddr, sizeof(lanaddr)))
		  || (i = UPNP_GetValidIGD(devlist, &urls, &data, lanaddr, sizeof(lanaddr))))
		{
			if (i == 2) {
				printf("SJ: rewriting i from 2 to 1\n");
				i = 1;
			}
			switch(i) {
			case 1:
				printf("Found valid IGD : %s\n", urls.controlURL);
				break;
			case 2:
				printf("Found a (not connected?) IGD : %s\n", urls.controlURL);
				if (ignore) printf("Trying to continue anyway\n");
				break;

... and I have it working, including ExternalIPAddress = 100.64.192.10 (which is true & correct):

sander@zwart2204:~/git/miniupnp/miniupnpc$ ./build/upnpc-shared -i
upnpc : miniupnpc library test client, version 2.2.4.
 (c) 2005-2023 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://192.168.1.254:5000/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

SJ: rewriting i from 2 to 1
Found valid IGD : http://192.168.1.254:5000/ctl/IPConn
Local LAN ip address : 192.168.1.91
Connection Type : IP_Routed
Status : Connected, uptime=324015s, LastConnectionError : ERROR_NONE
  Time started : Thu Feb  9 19:05:29 2023
MaxBitRateDown : 4200000 bps (4.2 Mbps)   MaxBitRateUp 4200000 bps (4.2 Mbps)
ExternalIPAddress = 100.64.192.10
 i protocol exPort->inAddr:inPort description remoteHost leaseTime
 0 TCP   443->192.168.1.3:443   'libminiupnpc' '' 0
 1 TCP 44433->192.168.1.3:22    'libminiupnpc' '' 0
GetGenericPortMappingEntry() returned 713 (SpecifiedArrayIndexInvalid)

So ... maybe use the "-i" ignore to ignore the i == 2?

[sanderjo]

Ah ... ? The ignore should already do that ... but the order on the commandline matters? With plain, stock upnpc:

• upnpc -i -l does work
• upnpc -l -i does not work

Good order:

$ upnpc  -i -l
upnpc : miniupnpc library test client, version 2.2.3.
 (c) 2005-2021 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://192.168.1.254:5000/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found a (not connected?) IGD : http://192.168.1.254:5000/ctl/IPConn
Trying to continue anyway
Local LAN ip address : 192.168.1.91
Connection Type : IP_Routed
Status : Connected, uptime=324674s, LastConnectionError : ERROR_NONE
  Time started : Thu Feb  9 19:05:29 2023
MaxBitRateDown : 4200000 bps (4.2 Mbps)   MaxBitRateUp 4200000 bps (4.2 Mbps)
ExternalIPAddress = 100.64.192.10
 i protocol exPort->inAddr:inPort description remoteHost leaseTime
 0 TCP   443->192.168.1.3:443   'libminiupnpc' '' 0
 1 TCP 44433->192.168.1.3:22    'libminiupnpc' '' 0
GetGenericPortMappingEntry() returned 713 (SpecifiedArrayIndexInvalid)

Bad (?) order:

$ upnpc  -l -i
upnpc : miniupnpc library test client, version 2.2.3.
 (c) 2005-2021 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://192.168.1.217:80/description.xml
 st: urn:schemas-upnp-org:device:basic:1

 desc: http://192.168.1.217:80/description.xml
 st: uuid:2f402f80-da50-11e1-9b23-001788721f4f

 desc: http://192.168.1.217:80/description.xml
 st: upnp:rootdevice

 desc: http://192.168.1.254:5000/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found a (not connected?) IGD : http://192.168.1.254:5000/ctl/IPConn
No valid UPNP Internet Gateway Device found.

[sanderjo]

Ah, not a bug, but ... as specified?

       	./build/upnpc-shared [options] -l
		List redirections

• -i is an option, and must come first
• -l is a command, and must come last

A bit confusing for a noob like me. It would be nice if upnpc would detect & warn for wrong order. Or even just handle it nicely.

[sanderjo]

With a few lines of code, I now have a Warning: Found -i after command. Put option(s) before command if I put options after the command.

@miniupnp Thomas, are you interested in a PR?

sander@zwart2204:~/git/mini_3/miniupnpc$ ./build/upnpc-shared  -l -i
upnpc : miniupnpc library test client, version 2.2.4.
 (c) 2005-2023 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
Warning: Found -i after command. Put option(s) before command
List of UPNP devices found on the network :
 desc: http://192.168.1.254:5000/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found a (not connected?) IGD : http://192.168.1.254:5000/ctl/IPConn
No valid UPNP Internet Gateway Device found.

[sanderjo]

... or print the standard usage error message if there is a option parameter after a command

sander@zwart2204:~/git/mini_3/miniupnpc$ ./build/upnpc-shared  -l -i
upnpc : miniupnpc library test client, version 2.2.4.
 (c) 2005-2023 Thomas Bernard.
Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
for more information.
Usage :	./build/upnpc-shared [options] -a ip port external_port protocol [duration] [remote host]
		Add port redirection
       	./build/upnpc-shared [options] -d external_port protocol [remote host]
		Delete port redirection
       	./build/upnpc-shared [options] -s
		Get Connection status
       	./build/upnpc-shared [options] -l
		List redirections
       	./build/upnpc-shared [options] -L
		List redirections (using GetListOfPortMappings (for IGD:2 only)
       	./build/upnpc-shared [options] -n ip port external_port protocol [duration] [remote host]
		Add (any) port redirection allowing IGD to use alternative external_port (for IGD:2 only)
       	./build/upnpc-shared [options] -N external_port_start external_port_end protocol [manage]
		Delete range of port redirections (for IGD:2 only)
       	./build/upnpc-shared [options] -r port1 [external_port1] protocol1 [port2 [external_port2] protocol2] [...]
		Add all redirections to the current host
       	./build/upnpc-shared [options] -A remote_ip remote_port internal_ip internal_port protocol lease_time
		Add Pinhole (for IGD:2 only)
       	./build/upnpc-shared [options] -U uniqueID new_lease_time
		Update Pinhole (for IGD:2 only)
       	./build/upnpc-shared [options] -C uniqueID
		Check if Pinhole is Working (for IGD:2 only)
       	./build/upnpc-shared [options] -K uniqueID
		Get Number of packets going through the rule (for IGD:2 only)
       	./build/upnpc-shared [options] -D uniqueID
		Delete Pinhole (for IGD:2 only)
       	./build/upnpc-shared [options] -S
		Get Firewall status (for IGD:2 only)
       	./build/upnpc-shared [options] -G remote_ip remote_port internal_ip internal_port protocol
		Get Outbound Pinhole Timeout (for IGD:2 only)
       	./build/upnpc-shared [options] -P
		Get Presentation url

protocol is UDP or TCP
@ can be used in option -a, -n, -A and -G to represent local LAN address.
Options:
  -e description : set description for port mapping.
  -6 : use ip v6 instead of ip v4.
  -u url : bypass discovery process by providing the XML root description url.
  -m address/interface : provide ip address (ip v4) or interface name (ip v4 or v6) to use for sending SSDP multicast packets.
  -z localport : SSDP packets local (source) port (1024-65535).
  -p path : use this path for MiniSSDPd socket.
  -t ttl : set multicast TTL. Default value is 2.
  -i : ignore errors and try to use also disconnected IGD or non-IGD device.

[miniupnp]

In almost 18 years, you are the first to make such a bug report 😆
Yes, the command line parsing of upnpc is not very good and could be rewritten with getopt or equivalent.

Please note that the upnpc was designed as an example program...

[sanderjo]

Please note that the upnpc was designed as an example program...

Hahaha. Just like a certain Linus Torvals said in 1991: "a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones.". And see how that evolved! ;-)