Opened 5 years ago

Closed 4 years ago

Last modified 4 years ago

#12305 closed Bug Report - General (Fixed)

mythupnp broken with commit 52cb0b5679a5b20a55ba5cbe6b1064b72c66576f

Reported by: bib_aab@… Owned by: dblain
Priority: minor Milestone: unknown
Component: MythTV - UPnP Version: Master Head
Severity: medium Keywords:
Cc: Ticket locked: yes

Description

The above commit assumes MythTV runs on private networks only.

I have news for you, I like many others run an public IP addresses.

This commit spews out packets from the non-existent IP address 192.168.0.1:1900.

It also logs the following:

SSDP Request from WAN IP address (0.0.0.0). Possible SSDP Reflection attempt. Ignoring as security risk.

It must only send these packets out from directly connected networks and should not under any circumstances make any bad assumptions about which network it is running on.

Change History (15)

comment:1 Changed 5 years ago by stuartm

Resolution: Won't Fix
Status: newclosed

UPnP (and MythTV) is not secure on a public network.

comment:2 Changed 4 years ago by ggjunker@…

I don't run on a public network and I am spammed by this message anyway. I have all services from the WAN-connected router disabled, so nothing is being forwarded to my private network. The router confirms that nothing I don't know about is connected to the network either, whether wired or wireless. The only devices on the network that are involved in UPnP are the mythtv backend (ubuntu on a Corei7 box), the frontend (running mythbuntu on a NUC) and the HRHomeRun device.

If the message is harmless in this environment that's fine, but it would be great if it would go away if it's not saying anything useful.

This is after the update to fixes/0.27-4 (for the SchedulesDirect? issue).

comment:3 Changed 4 years ago by ggjunker@…

(I should add that I am spammed only by the "SSDP Request from WAN IP address (0.0.0.0)." message)

comment:4 Changed 4 years ago by ggjunker@…

(I should add that I am spammed only by the "SSDP Request from WAN IP address (0.0.0.0)." message)

comment:5 Changed 4 years ago by ryan15309470@…

Getting the same messages. Loaded up wireshark. Seems to be caused by any UPNP SSDP discover message on the local network sent to the 239.255.255.250 SSDP broadcast address . Possibly because the local subnet address is different from the standard 192.168.1.1? Haven't tried changing my networks subnet but only other solution seems to be disabling UPNP. Seems to be a harmless warning but annoying because it fills up the logs fast... any other possible solutions?

comment:6 Changed 4 years ago by stuartm

I'll suppress the warning if the source IP address is missing (0.0.0.0).

comment:7 Changed 4 years ago by matt.r.parrish@…

I am seeing these same errors and upnp is no longer working for me after upgrading to 0.27.4 (on Mac / Yosemite). I'm not sure what the issue is as it was working fine with 0.27.1. Is it related to these SSDP error messages I'm seeing in the logs that is mentioned in this thread? My entire home network is on 192.168.1.* network, so I'm not sure why these messages are showing up, indicating that the IP address is from the WAN. Any ideas?

comment:8 Changed 4 years ago by Stuart Morgan <smorgan@…>

In d20c163ee82c38f9d8fe4652b7a811af61925de7/mythtv:

SSDP: Check that the peer address is available before doing the local network check.

Refs #12305

comment:9 Changed 4 years ago by Stuart Morgan <smorgan@…>

In 65d92fd36ecf796d8e8a18b3196286d31b28501e/mythtv:

SSDP: Check that the peer address is available before doing the local network check.

Refs #12305

(cherry picked from commit d20c163ee82c38f9d8fe4652b7a811af61925de7)

comment:10 Changed 4 years ago by dave@…

Resolution: Won't Fix
Status: closednew

Could this be related to multiple network interfaces being available on the host?

I've tried blocking the IPv4 traffic to port 1900 on the INPUT rule in my firewall for all interfaces and I'm still getting the SSDP request error and the firewall is not logging any SSDP packets inbound on any connections either through tcp or udp protocols. Could mythtv somehow be looping back into itself?

These messages propagate in blocks of 8 every couple of seconds - myth somehow has started 8 IPv6 connections correlating to each of my active NICs on the device. This is a little too coincidental.

comment:11 Changed 4 years ago by stuartm

Resolution: Fixed
Status: newclosed

The code in question has been completely reverted, so you can't still be getting the same error unless you haven't yet upgraded.

comment:12 Changed 4 years ago by dave@…

Once I disabled IPv6 in the kernel, all the SSDP messages went away. If you are having this issue and waiting for a fix to mythtv to accomodate IPv6, you should disable IPv6 in your kernel to eliminate these messages.

comment:13 Changed 4 years ago by dave@…

I've been running mythtv for 10 years and started using stock distributions about 5 years back - I don't download and compile apps unless absolutely necessary. The Fedora Core 19 package has not picked up the updates yet - so anyone who is not into compiling the code should just turn off IPv6 until the new version is repackaged and distributed.

comment:14 in reply to:  13 Changed 4 years ago by brian@…

Replying to dave@…:

anyone who is not into compiling the code should just turn off IPv6 until the new version is repackaged and distributed.

That doesn't seem to be a viable solution for networks which are built with IPv6. It is the 21st century now. IPv4 should be getting turned off and IPv6 should be getting turned on.

Any software not properly supporting IPv6 needs to catch up, really quickly.

comment:15 Changed 4 years ago by stuartm

Ticket locked: set
Note: See TracTickets for help on using tickets.