Project

General

Profile

Bug #6926

Miniupnp advertising expired IPv6 address

Added by Leland Roach over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
uPNP
Target version:
-
Start date:
11/13/2016
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

Version 2.3.2_1

With WAN set to DHCP6 and LAN set to track interface, the miniupnp service does not get notified if and when the LAN IPv6 address changes, even after the DHCP6 valid lifetime had elapsed. This leads to miniupnp advertising SSDP packets originating from the correct LAN IPv6 address but with an expired (and potentially re-assigned elsewhere) IPv6 address in the rootDesc.xml LOCATION. Such behavior wreaks havoc on local DLNA devices, and is a security nightmare if a BOFH gets assigned the prefix next.

The simple workaround seems to be to manually restart miniupnp whenever a prefix change has been detected.

I've attached a pcap showing this issue occurring in the field (although I think the DHCP6 lifetime is still valid in this instance). Packet #23 in particular shows the correct source address, but the old LOCATION URL.

miniupnp - old ipv6.pcap (46.3 KB) miniupnp - old ipv6.pcap Leland Roach, 11/13/2016 12:17 PM

Also available in: Atom PDF