Re: can the UPnP media port for gupnp-av-cp be configured?

From: Jussi Kukkonen <jussi kukkonen intel com>
To: gupnp-list gnome org
Subject: Re: can the UPnP media port for gupnp-av-cp be configured?
Date: Mon, 11 Mar 2013 11:49:04 +0200

On 10 March 2013 23:17, Jim Snyder <jhsnyder gmail com> wrote:

Many UPnP devices generate port numbers dynamically on startup.

E.g. rygel's config file defaults the media / SOAP / ??? port to dynamic
assignment.

Conventionally UPnP devices seem to use either dynamic ports or a trivnet
port (8200-8202) for media transfers.

gupnp-av-cp uses dynamic ports by default.

1) is it possible to configure the gupnp-av-cp dynamic port to a one-time
static assignment (er, 8200)? ...

... and if so, how?

I've poked around online for documentation, done the Google thing, and
grepped through system files ... no joy.


It's not possible without modifying gupnp-av-cp source.
    context_manager = gupnp_context_manager_new (NULL, 0);
The second argument is port, '0' meaning "I don't care, any port is
fine". In the end this is handled by libsoup, which will choose a
random unused non-system port.

2) Whether or not gupnp-av-cp can be so configured, how does a network admin
configure static firewalls on nodes on a local LAN (no router traversal /
IGD) to deal with dynamic ports?
I see that Mac OS X relies on blocking application sockets rather than port
blocking, so no problem for Macs.

Dunno about Windows.

Linux, however ...

... I've been looking at packet traces from UPnP sessions with minidlna,
rygel-as-UPnP renderers, gupnp-av-cp, etc, and I don't see how conventional
iptables port-based firewalls can be compatible with UPnP dynamic ports.

Seems like a local node would have to probe the remote node (eg SSDP or
WSDP) to discover the media port, then inject local firewall rules to
open/close ports ...

... which is putting a lot of trust in the local discovery agent.

Not sure what I'm missing here... appreciate any explanations / advice.


I don't think you're missing anything. If you block all ports on the
local network, then software that requires dynamic ports is ... not
going to work.

I don't really have good advice for you but I have to wonder, is
blocking (non-system) ports really beneficial at that level?
Basically, how is 8080 (defined in a config file somewhere, creating
possibility of conflict) safer than random port?

- Jussi

Follow-Ups:
- Re: can the UPnP media port for gupnp-av-cp be configured?
  - From: Jim Snyder

References:
- can the UPnP media port for gupnp-av-cp be configured?
  - From: Jim Snyder

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]