https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162021-07-06T11:58:51ZpfSense bugtrackerpfSense Plus - Regression #11995: UPnP/NAT-PMP not functioning on 32-bit ARMhttps://redmine.pfsense.org/issues/11995?journal_id=549042021-07-06T11:58:51ZJim Pingle
<ul></ul><p>This still happens on current 21.09 snapshots (21.09.a.20210706.0500):</p>
<pre>
Jul 6 12:56:31 miniupnpd 68462 ioctl(dev, DIOCGETADDRS, ...): Device busy
Jul 6 12:56:31 miniupnpd 68462 ioctl(dev, DIOCGETADDRS, ...): Device busy
Jul 6 12:56:31 miniupnpd 68462 ioctl(dev, DIOCGETADDRS, ...): Device busy
</pre> pfSense Plus - Regression #11995: UPnP/NAT-PMP not functioning on 32-bit ARMhttps://redmine.pfsense.org/issues/11995?journal_id=549072021-07-06T13:22:22ZJim Pingle
<ul><li><strong>File</strong> <a href="/attachments/3758">kdump-out.txt</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/3758/kdump-out.txt">kdump-out.txt</a> added</li></ul><p>It's also noteworthy that it IS adding some rules, but they are <code>block return</code> firewall rules and not the <code>nat</code> and <code>rdr</code> rules we expect to see.</p>
<pre>
miniupnpd rules/nat contents:
block return quick on ! mvneta2 from any to any port = 55784 label "NAT-PMP 55784 tcp" rtable 0
block return quick on ! mvneta2 from any to any port = 4433 label "NAT-PMP 4433 tcp" rtable 0
block return quick on ! mvneta2 from any to any port = 55784 label "NAT-PMP 55784 udp" rtable 0
block return-icmp(0, 0) quick on ! mvneta2 from ?/32 port = 55784 to any label "NAT-PMP 55784 udp" rtable 0
block return quick on ! mvneta2 from any to any port = 55784 label "Deluge 1.3.15 at 10.21.0.10:55784" rtable 0
block return quick on ! mvneta2 from any to any port = 4433 label "Deluge 1.3.15 at 10.21.0.10:4433" rtable 0
block return quick on ! mvneta2 from any to any port = 55784 label "Deluge 1.3.15 at 10.21.0.10:55784" rtable 0
block return-icmp(0, 0) quick on ! mvneta2 from ?/32 port = 55784 to any label "Deluge 1.3.15 at 10.21.0.10:55784" rtable 0
</pre>
<p>After some debugging with Mateusz, he says: "the error stems from NULL returned by pf_get_kpool"</p>
<p>Loaded a special kernel with some printfs around the error and saw:</p>
<pre>
debug_pf_get_kpool: pid 90992 line 404
debug_pf_get_kpool: pid 90992 line 446
pfioctl: pid 90992 line 3161
</pre>
<p>That was repeated once for each error in the log.</p>
<p>Ran a krace on the process as well:</p>
<pre>
ktrace -p 90992
<start a UPnP-aware client and wait for the errors in the log>
ktrace -C
kdump > out.txt
</pre>
<p>Results of that are attached.</p> pfSense Plus - Regression #11995: UPnP/NAT-PMP not functioning on 32-bit ARMhttps://redmine.pfsense.org/issues/11995?journal_id=549222021-07-06T16:05:34ZJim Pingle
<ul><li><strong>File</strong> <a href="/attachments/3760">miniupnp-debug-amd64.txt</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/3760/miniupnp-debug-amd64.txt">miniupnp-debug-amd64.txt</a> added</li><li><strong>File</strong> <a href="/attachments/3761">miniupnp-debug-sg3100.txt</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/3761/miniupnp-debug-sg3100.txt">miniupnp-debug-sg3100.txt</a> added</li></ul><p>It doesn't appear to be due to a change in the ports, as 21.02.2 works and has <code>miniupnpd-2.2.1,1</code> while 21.05 fails and has the exact same version, <code>miniupnpd-2.2.1,1</code></p>
<p>Both contain the same OPTIONS:<br /><pre>
Options :
CHECK_PORTINUSE: on
IPV6 : on
LEASEFILE : off
PF_FILTER_RULES: on
UPNP_IGDV2 : off
UPNP_STRICT : off
</pre></p>
<p>I attached the output of one working and one non-working UPnP session from the same client. The working one against amd64, failing one against SG-3100, both on the latest 21.09 snapshot. There are quite a few more errors on the SG-3100 file, though none point to anything obvious to me. It appears to want to add the rule, but it fails, and then has errors resulting from that failure.</p> pfSense Plus - Regression #11995: UPnP/NAT-PMP not functioning on 32-bit ARMhttps://redmine.pfsense.org/issues/11995?journal_id=549372021-07-07T13:14:06ZJim Pingle
<ul><li><strong>Assignee</strong> set to <i>Renato Botelho</i></li></ul><p>It looks like this may be from a change in the FreeBSD kernel between versions that required a new build of miniupnpd, but the version number of miniupnpd didn't increase so it didn't get reinstalled.</p>
<p>You should be able to fix this with:</p>
<pre>
killall -9 miniupnpd
pkg upgrade -fy miniupnpd
</pre>
<p>And then click Save on the miniupnpd settings.</p> pfSense Plus - Regression #11995: UPnP/NAT-PMP not functioning on 32-bit ARMhttps://redmine.pfsense.org/issues/11995?journal_id=549382021-07-08T07:20:33ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li></ul><p>I've bumped miniupnpd package to `2.2.1_1,1` on 2.6.0/2.5.2 CE and 21.09/21.05 Plus</p> pfSense Plus - Regression #11995: UPnP/NAT-PMP not functioning on 32-bit ARMhttps://redmine.pfsense.org/issues/11995?journal_id=559142021-08-24T07:46:51ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Closed</i></li><li><strong>Target version</strong> changed from <i>64</i> to <i>21.05.1</i></li></ul><p>This was fixed before 21.05.1</p>