Why is Miniupnpc in Bitcoin-Qt?

[phelix]

AFAIK the miniupnpc library that is included in the official Bitcoin-Qt versions tries to communicate to the router to automatically configure port forwarding.

Is that really necessary? Most people don't need this and for those who do it should be easy enough to either configure their routers manually or use a patched version.

Why would I like to remove it? In my opinion everything that is not necessary should be removed to keep complexity at a minimum.

There seem to have popped up a couple of security risks with Upnp router configuration so most people will have this deactivated in their routers anyway. Also I am not sure even the lousy windows firewall prevents this from working.

If you think otherwise, please explain.


Edit:
Answer that convinced me of the contrary:

Prior to UPNP being integrated and enabled by default the network was beginning to fail from a lack of listening peers, this was remedied by the deployment of UPNP. Your assumptions seem to have been previously proven incorrect.

OK. That is a strong argument.

[1715116825]

1715116825

[1715116825]

1715116825

[1715116825]

1715116825

[kokjo]

upnp is the future.

[TierNolan]

Why would I like to remove it? In my opinion everything that is not necessary should be removed to keep complexity at a minimum.

That is to binary a choice.  The added complexity needs to be compared to to the benefit.

If most people are behind routers, then the peer to peer effect is lost.  Users would connect to a small number of super-nodes, since they couldn't connect to each other.

[gmaxwell]

Prior to UPNP being integrated and enabled by default the network was beginning to fail from a lack of listening peers, this was remedied by the deployment of UPNP. Your assumptions seem to have been previously proven incorrect.

If you don't want UPNP you can easily disable it (and/or disable listening for incoming connections entirely).

[Schleicher]

Also I am not sure even the lousy windows firewall prevents this from working.

At least the Windows 7 firewall complains every time when a listening port is being opened and there's no matching firewall rule.

[DeathAndTaxes]

Is that really necessary? Most people don't need this and for those who do it should be easy enough to either configure their routers manually or use a patched version.

Most people (as in 99.999% of the planet and rising) have absolutely no idea how to configure a router.  There is a reason why just about all networked software uses upnp.  Now if you are a power user, or want complete control just disable upnp and config port forwarding manually.

There seem to have popped up a couple of security risks with Upnp router configuration so most people will have this deactivated in their routers anyway.

Once again you massively overestimate the networking knowledge of "most people".  Most people if offered a $1,000 reward couldn't show you how to disable upnp on their own router.   When routers shipped with (paper weak security) WEP by default and WPA as an option the overwhelming majority of routers were never changed.  Hell most people wouldn't know how to configure a SSID or security key ("the wireless internet password") if it wasn't for wizards.   Most routers for home use now have windows install programs which find and configure the router because the concept of going to an IP address 192.168.0.1 results in too many tech support calls.

[phelix]

Why would I like to remove it? In my opinion everything that is not necessary should be removed to keep complexity at a minimum.

That is to binary a choice.  The added complexity needs to be compared to to the benefit.

Yeah, of course.

If most people are behind routers, then the peer to peer effect is lost.  Users would connect to a small number of super-nodes, since they couldn't connect to each other.

Prior to UPNP being integrated and enabled by default the network was beginning to fail from a lack of listening peers, this was remedied by the deployment of UPNP. Your assumptions seem to have been previously proven incorrect.

OK. That is a strong argument.

Is that really necessary? Most people don't need this and for those who do it should be easy enough to either configure their routers manually or use a patched version.

Most people (as in 99.999% of the planet and rising) have absolutely no idea how to configure a router.  There is a reason why just about all networked software uses upnp.  Now if you are a power user, or want complete control just disable upnp and config port forwarding manually.

There seem to have popped up a couple of security risks with Upnp router configuration so most people will have this deactivated in their routers anyway.

Once again you massively overestimate the networking knowledge of "most people".  Most people if offered a $1,000 reward couldn't show you how to disable upnp on their own router.   When routers shipped with (paper weak security) WEP by default and WPA as an option the overwhelming majority of routers were never changed.  Hell most people wouldn't know how to configure a SSID or security key ("the wireless internet password") if it wasn't for wizards.  Most routers for home use now have windows install programs which find and configure the router because the concept of going to an IP address 192.168.0.1 results in too many tech support calls.

Hmm I assumed normal people would not have to configure anything.

[domob]

Personally I don't have libminiupnpc installed on my system and manually disable building with it each time I compile bitcoin, since I don't want my router to "automatically" open ports to me for security reasons.  Since I run bitcoin over Tor anyway, it wouldn't matter though even if I did open the port.  So I can understand the OPs ideas very well.  (Note that to help the network, I'm running a full node with 50-100 connections on my VPS.)

But I can also understand very well that probably without that most users wouldn't even know about opening their ports, so I think we can keep the current behaviour.

[Remember remember the 5th of November]

AFAIK the miniupnpc library that is included in the official Bitcoin-Qt versions tries to communicate to the router to automatically configure port forwarding.

Is that really necessary? Most people don't need this and for those who do it should be easy enough to either configure their routers manually or use a patched version.

Why would I like to remove it? In my opinion everything that is not necessary should be removed to keep complexity at a minimum.

There seem to have popped up a couple of security risks with Upnp router configuration so most people will have this deactivated in their routers anyway. Also I am not sure even the lousy windows firewall prevents this from working.

If you think otherwise, please explain.


Edit:
Answer that convinced me of the contrary:

Prior to UPNP being integrated and enabled by default the network was beginning to fail from a lack of listening peers, this was remedied by the deployment of UPNP. Your assumptions seem to have been previously proven incorrect.

OK. That is a strong argument.

Well, I am currently on a Wireless connection, and I mean via a Nanostation that communicates to the main antenna of my ISP and this Nanostation M5 has a built-in router, but I have access neither to the router OR Nanostation control panel. Even UpnP does not forward my ports.

[Diapolo]

Well, I am currently on a Wireless connection, and I mean via a Nanostation that communicates to the main antenna of my ISP and this Nanostation M5 has a built-in router, but I have access neither to the router OR Nanostation control panel. Even UpnP does not forward my ports.

When the router has UPnP disabled you can't do anything about that.

Dia

[TierNolan]

When the router has UPnP disabled you can't do anything about that.

There are NAT punching techniques that could help.  However, if most of the network has upnp, then it doesn't cause that much of a problem.  All connections have to be outbound.

[piotr_n]

No wonder that there was a lack of listening peers, since the satoshi client version 2013 still does not work with any TCP port except 8333.
It wont even connect to a different port, despite of the port number being an actual part of the protocol's addr structure - I guess it's to make the competition look equally bad

If you have a huge network behind NAT, only one PC is entitled to run a listening node, no matter how good you are in configuring your router, or how big was the upnp lib that you have liked it with.
Moreover, if you want to stop someone from using bitcoin, all you need to do is to block TCP port 8333 on your firewall and he won't be able to circumvent such a blockade, otherwise than by using Tor or VPN, which will be either slow or expensive.

But don't mind me - I'm always complaining about not an issues

[Schleicher]

No wonder that there was a lack of listening peers, since the satoshi client version 2013 still does not work with any TCP port except 8333.
It wont even connect to a different port, despite of the port number being an actual part of the protocol's addr structure - I guess it's to make the competition look equally bad

You mean version 0.8.3 ?
Lol, yeah, right. 

[piotr_n]

You mean version 0.8.3 ?
Lol, yeah, right. 

Hmm.. OK, sorry - let me retest then.. last time I checked it wasn't working.
Are you sure that these are connections from an actual satoshi nodes?
They shouldn't connect twice, you know...

[Schleicher]

Hm. I didn't check that.
Ok, there's no "subver":

Code:

"addr" : "78.129.173.144:64907",
"services" : "00000001",
"lastsend" : 1373915264,
"lastrecv" : 1373915014,
"bytessent" : 25472,
"bytesrecv" : 243,
"conntime" : 1373914413,
"version" : 60000,
"subver" : "",
"inbound" : true,
"startingheight" : 246738,
"banscore" : 0
},
{
"addr" : "95.154.230.108:59716",
"services" : "00000001",
"lastsend" : 1373915277,
"lastrecv" : 1373915017,
"bytessent" : 24923,
"bytesrecv" : 243,
"conntime" : 1373914414,
"version" : 60000,
"subver" : "",
"inbound" : true,
"startingheight" : 246738,
"banscore" : 0

[Schleicher]

Ok, I found one with Satoshi subver, but I guess that doesn't mean it's really a Satoshi client.

Code:

"addr" : "54.226.201.93:48905",
"services" : "00000001",
"lastsend" : 1373915589,
"lastrecv" : 1373915589,
"bytessent" : 1080771,
"bytesrecv" : 85632,
"conntime" : 1373914434,
"version" : 70001,
"subver" : "/Satoshi:0.8.1/",
"inbound" : true,
"startingheight" : 246738,
"banscore" : 90

[piotr_n]

Ok, I found one with Satoshi subver, but I guess that doesn't mean it's really a Satoshi client.

Especially with a banscore of 90

As I said, I will re-check it and let you know again.

[piotr_n]

OK - I know already.

Maybe indeed I should not had said that it did not work with other port numbers than 8333, since it's not entirely true.

But I was right that it was not an issue - it's obviously a feature:

Code:

// do not allow non-default ports, unless after 50 invalid addresses selected already
if (addr.GetPort() != GetDefaultPort() && nTries < 50)                               
    continue;                                                                        

Even if it was an issue for someone, he does not need to change the source code to solve it - not at all.
He only needs to convince everyone else to setup a non-default TCP port in their clients - and then he should finally get some incoming satoshi connections...

[Schleicher]

But I was right that it was not an issue - it's obviously a feature:

The obvious question now would be:
WTF? Why?

[piotr_n]

But I was right that it was not an issue - it's obviously a feature:

The obvious question now would be:
WTF? Why?

Why the first 50 addresses with non-default port number are considered same as invalid?
To be honest, I have no idea. Just like I have no idea about a purpose of many things this s/w does, also spotted BTW.
But my personal experience advises me to not ask these kind of questions, because they don't like it.
It's a feature, not an issue - that's all you need to know.
The bitcoin elite is an actual elite, so if they made an effort to add a line of code - who are we to question it?