laanwj
commented
1 month ago Apparently this is due to the PF implementation of pinholing in miniupnpd not implementing update_pinhole at all https://github.com/miniupnp/miniupnp/blob/master/miniupnpd/pf/pfpinhole.c#L379
This will also affect UPnP as it uses the same underlying function.
It doesn't affect Linux iptables on openwrt because that functionality is implemented for that: https://github.com/miniupnp/miniupnp/blob/master/miniupnpd/netfilter/iptpinhole.c#L379.
Sjors
Important notices Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
I'm able to open an IPv6 pinhole. I'm also able to close it, by renewing with a lease time of 0. But when I attempt to do a regular renewal it fails with
NO_RESOURCES.For more details and things I tried, see: https://github.com/bitcoin/bitcoin/pull/30043#issuecomment-2133381489
Someone else tried it with TurrisOS (openwrt) with the miniupnpd 2.3.3 and could not reproduce. This suggest the problem may not be in upstream miniupnpd. Though it might be in upstream FreeBSD.
(I'll update this issue later with more details, have to leave now)
To Reproduce
Probably not the easiest way, but you could compile https://github.com/bitcoin/bitcoin/pull/30043 start
src/bitcoind -signet -natpmp -debug=net -nomempool, watch as it opens a pinhole, wait 10-15 minutes and then watch as the renewal fails. Optionally changePORT_MAPPING_REANNOUNCE_PERIODto2minsto see it faster.It's best to turn on verbose logging #4004
If there's an easier tool to debug this behavior let me know, that way I can also rule out a client implementation error.
Expected behavior Pinhole should renew
Screenshots
Relevant log files
Plugin starts:
Adding PCP mapping on port 1234:
(will expand later)
Additional context
Environment
OPNsense 24.1.7_4-amd64 FreeBSD 13.2-RELEASE-p11 OpenSSL 3.0.13
Client: most testing done from Intel macOS 14.5, but I've observed the same on Ubuntu and Windows.