What library or protocol do we need for IPv6 port opening?

[anthonyryan1]

When I use pshs and --bind 192.168.x.x to my internal IPv4 address, it correctly engages UPnP and allows traffic in to the randomly selected port.

If I use it with the default settings however, it'll try and pass the IPv6 address to UPnP, causing miniupnpc to throw the following error:

ioctl(...SIOCGIFADDR...): No such device

And port is never opened in upnpc -l.

We don't need NAT for IPV6, but we still need some way of telling the router to open the port when we're using an IPv6 address.

I found some documentation on using raw upnpc commands with IPv6 on the internet, but I also found an abundance of information saying that it shouldn't be used outside of IPv4. Similarly if I run upnpc -6 -l it can't find any support on my network.

So, what library or protocol should we be using to open IPv6 ports for pshs to share a file with the WAN?

[mgorny]

I'm afraid I've got no clue. My WAN router doesn't support IPv6 (or doesn't expose its config to me, it's ISP-controlled, sigh). Normally, if using IPv6 at all, you're supposed to have a public address, I've never really heard of NAT over IPv6 but I suppose it's technically possible.

[anthonyryan1]

I poked one of my network engineer colleagues and pieced together the missing pieces.

UPnP IGD:2 introduces IPv6 router firewall control. So miniupnpc is still the correct library to open these ports. The upnpc commands are defined in the help and as an application we would use these methods:

• UPNP_GetFirewallStatus
• UPNP_AddPinhole
• UPNP_UpdatePinhole
• UPNP_DeletePinhole

Unfortunately for me, I'm personally doomed until I replace my router at some point in the future. My router has IPv6 but only supports IGD:1, so these API calls to open the firewall for IPv6 aren't supported.

I think the best way to solve this would be to call UPNP_GetIGDFromUrl and detect the IGD version when running in UPnP mode.

• If the router is IGD:1, then we should prefer IPv4 by default, since IPv6 will be firewalled and we have no way to control that firewall.
• If the router is IGD:2, then we need to use UPNP_AddPinhole()
• No changes if we're running --no-upnp or USE="-upnp"

Given my hardware limitations, if this seems like an acceptable path forward to you. I will (eventually) get a patch together for the IGD:1 path and leave a placeholder message for IGD:2 path pointing to this issue. I don't feel it would be appropriate for me to send a patch containing a code path I don't have hardware to test.

[mgorny]

Hmm, doesn't binding to :: involve both IPv4 and IPv6 though? Or am I mixing things up?

[anthonyryan1]

It does bind to both, but we don't return both in the terminal, and we don't seem to setup the IPv4 UPnP NAT.

Right now I can still use this by explicitly binding to my local IPv4 address, but if I don't do that:

• pshs returns an IPv6 address that is firewalled by my router
• pshs doesn't setup UPnP for my public IPv4 address

In short, no link it generates with default arguments can be opened from outside my LAN.

If we detect both the IPv4 and IPv6 separately, and setup the IPv4 UPnP even when IPv6 is available, that's another viable strategy. Returning two valid links by default for dual stack machines.

[mgorny]

Hmm, I think the upnpDiscover() call is the problem. That's the only call there using bindip.