Bitcoin Forum
November 12, 2024, 06:28:01 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Why is Miniupnpc in Bitcoin-Qt?  (Read 2024 times)
phelix (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1020



View Profile
July 14, 2013, 10:16:11 PM
Last edit: July 15, 2013, 06:46:32 AM by phelix
 #1

AFAIK the miniupnpc library that is included in the official Bitcoin-Qt versions tries to communicate to the router to automatically configure port forwarding.

Is that really necessary? Most people don't need this and for those who do it should be easy enough to either configure their routers manually or use a patched version.

Why would I like to remove it? In my opinion everything that is not necessary should be removed to keep complexity at a minimum.

There seem to have popped up a couple of security risks with Upnp router configuration so most people will have this deactivated in their routers anyway. Also I am not sure even the lousy windows firewall prevents this from working.

If you think otherwise, please explain.


Edit:
Answer that convinced me of the contrary:
Prior to UPNP being integrated and enabled by default the network was beginning to fail from a lack of listening peers, this was remedied by the deployment of UPNP. Your assumptions seem to have been previously proven incorrect.
OK. That is a strong argument.
kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
July 14, 2013, 10:17:20 PM
 #2

upnp is the future.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
TierNolan
Legendary
*
Offline Offline

Activity: 1232
Merit: 1104


View Profile
July 14, 2013, 10:29:37 PM
 #3

Why would I like to remove it? In my opinion everything that is not necessary should be removed to keep complexity at a minimum.

That is to binary a choice.  The added complexity needs to be compared to to the benefit.

If most people are behind routers, then the peer to peer effect is lost.  Users would connect to a small number of super-nodes, since they couldn't connect to each other.

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4270
Merit: 8805



View Profile WWW
July 14, 2013, 10:30:36 PM
 #4

Prior to UPNP being integrated and enabled by default the network was beginning to fail from a lack of listening peers, this was remedied by the deployment of UPNP. Your assumptions seem to have been previously proven incorrect.

If you don't want UPNP you can easily disable it (and/or disable listening for incoming connections entirely).
Schleicher
Hero Member
*****
Offline Offline

Activity: 675
Merit: 514



View Profile
July 15, 2013, 04:23:15 AM
 #5

Also I am not sure even the lousy windows firewall prevents this from working.
At least the Windows 7 firewall complains every time when a listening port is being opened and there's no matching firewall rule.

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
July 15, 2013, 04:31:32 AM
 #6

Is that really necessary? Most people don't need this and for those who do it should be easy enough to either configure their routers manually or use a patched version.

Most people (as in 99.999% of the planet and rising) have absolutely no idea how to configure a router.  There is a reason why just about all networked software uses upnp.  Now if you are a power user, or want complete control just disable upnp and config port forwarding manually.

Quote
There seem to have popped up a couple of security risks with Upnp router configuration so most people will have this deactivated in their routers anyway.

Once again you massively overestimate the networking knowledge of "most people".  Most people if offered a $1,000 reward couldn't show you how to disable upnp on their own router.   When routers shipped with (paper weak security) WEP by default and WPA as an option the overwhelming majority of routers were never changed.  Hell most people wouldn't know how to configure a SSID or security key ("the wireless internet password") if it wasn't for wizards.   Most routers for home use now have windows install programs which find and configure the router because the concept of going to an IP address 192.168.0.1 results in too many tech support calls.
phelix (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1020



View Profile
July 15, 2013, 06:44:21 AM
 #7

Why would I like to remove it? In my opinion everything that is not necessary should be removed to keep complexity at a minimum.

That is to binary a choice.  The added complexity needs to be compared to to the benefit.
Yeah, of course.

Quote
If most people are behind routers, then the peer to peer effect is lost.  Users would connect to a small number of super-nodes, since they couldn't connect to each other.

Prior to UPNP being integrated and enabled by default the network was beginning to fail from a lack of listening peers, this was remedied by the deployment of UPNP. Your assumptions seem to have been previously proven incorrect.
OK. That is a strong argument.

Is that really necessary? Most people don't need this and for those who do it should be easy enough to either configure their routers manually or use a patched version.

Most people (as in 99.999% of the planet and rising) have absolutely no idea how to configure a router.  There is a reason why just about all networked software uses upnp.  Now if you are a power user, or want complete control just disable upnp and config port forwarding manually.

Quote
There seem to have popped up a couple of security risks with Upnp router configuration so most people will have this deactivated in their routers anyway.

Once again you massively overestimate the networking knowledge of "most people".  Most people if offered a $1,000 reward couldn't show you how to disable upnp on their own router.   When routers shipped with (paper weak security) WEP by default and WPA as an option the overwhelming majority of routers were never changed.  Hell most people wouldn't know how to configure a SSID or security key ("the wireless internet password") if it wasn't for wizards.  Most routers for home use now have windows install programs which find and configure the router because the concept of going to an IP address 192.168.0.1 results in too many tech support calls.
Hmm I assumed normal people would not have to configure anything.
domob
Legendary
*
Offline Offline

Activity: 1135
Merit: 1170


View Profile WWW
July 15, 2013, 07:07:59 AM
 #8

Personally I don't have libminiupnpc installed on my system and manually disable building with it each time I compile bitcoin, since I don't want my router to "automatically" open ports to me for security reasons.  Since I run bitcoin over Tor anyway, it wouldn't matter though even if I did open the port.  So I can understand the OPs ideas very well.  (Note that to help the network, I'm running a full node with 50-100 connections on my VPS.)

But I can also understand very well that probably without that most users wouldn't even know about opening their ports, so I think we can keep the current behaviour.

Use your Namecoin identity as OpenID: https://nameid.org/
Donations: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS | GPG 0xA7330737
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1011

Reverse engineer from time to time


View Profile
July 15, 2013, 09:19:23 AM
 #9

AFAIK the miniupnpc library that is included in the official Bitcoin-Qt versions tries to communicate to the router to automatically configure port forwarding.

Is that really necessary? Most people don't need this and for those who do it should be easy enough to either configure their routers manually or use a patched version.

Why would I like to remove it? In my opinion everything that is not necessary should be removed to keep complexity at a minimum.

There seem to have popped up a couple of security risks with Upnp router configuration so most people will have this deactivated in their routers anyway. Also I am not sure even the lousy windows firewall prevents this from working.

If you think otherwise, please explain.


Edit:
Answer that convinced me of the contrary:
Prior to UPNP being integrated and enabled by default the network was beginning to fail from a lack of listening peers, this was remedied by the deployment of UPNP. Your assumptions seem to have been previously proven incorrect.
OK. That is a strong argument.
Well, I am currently on a Wireless connection, and I mean via a Nanostation that communicates to the main antenna of my ISP and this Nanostation M5 has a built-in router, but I have access neither to the router OR Nanostation control panel. Even UpnP does not forward my ports.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
Diapolo
Hero Member
*****
Offline Offline

Activity: 772
Merit: 500



View Profile WWW
July 15, 2013, 11:25:37 AM
 #10

Well, I am currently on a Wireless connection, and I mean via a Nanostation that communicates to the main antenna of my ISP and this Nanostation M5 has a built-in router, but I have access neither to the router OR Nanostation control panel. Even UpnP does not forward my ports.

When the router has UPnP disabled you can't do anything about that.

Dia

Liked my former work for Bitcoin Core? Drop me a donation via:
1PwnvixzVAKnAqp8LCV8iuv7ohzX2pbn5x
bitcoin:1PwnvixzVAKnAqp8LCV8iuv7ohzX2pbn5x?label=Diapolo
TierNolan
Legendary
*
Offline Offline

Activity: 1232
Merit: 1104


View Profile
July 15, 2013, 11:34:05 AM
 #11

When the router has UPnP disabled you can't do anything about that.

There are NAT punching techniques that could help.  However, if most of the network has upnp, then it doesn't cause that much of a problem.  All connections have to be outbound.

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
July 15, 2013, 04:50:45 PM
 #12

No wonder that there was a lack of listening peers, since the satoshi client version 2013 still does not work with any TCP port except 8333.
It wont even connect to a different port, despite of the port number being an actual part of the protocol's addr structure - I guess it's to make the competition look equally bad Wink

If you have a huge network behind NAT, only one PC is entitled to run a listening node, no matter how good you are in configuring your router, or how big was the upnp lib that you have liked it with.
Moreover, if you want to stop someone from using bitcoin, all you need to do is to block TCP port 8333 on your firewall and he won't be able to circumvent such a blockade, otherwise than by using Tor or VPN, which will be either slow or expensive.

But don't mind me - I'm always complaining about not an issues Smiley

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Schleicher
Hero Member
*****
Offline Offline

Activity: 675
Merit: 514



View Profile
July 15, 2013, 07:00:00 PM
 #13

No wonder that there was a lack of listening peers, since the satoshi client version 2013 still does not work with any TCP port except 8333.
It wont even connect to a different port, despite of the port number being an actual part of the protocol's addr structure - I guess it's to make the competition look equally bad Wink
You mean version 0.8.3 ?
Lol, yeah, right.  Grin

piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
July 15, 2013, 07:01:22 PM
 #14

You mean version 0.8.3 ?
Lol, yeah, right.  Grin
Hmm.. OK, sorry - let me retest then.. last time I checked it wasn't working.
Are you sure that these are connections from an actual satoshi nodes?
They shouldn't connect twice, you know...

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Schleicher
Hero Member
*****
Offline Offline

Activity: 675
Merit: 514



View Profile
July 15, 2013, 07:11:08 PM
 #15

Hm. I didn't check that.
Ok, there's no "subver":
Code:
"addr" : "78.129.173.144:64907",
"services" : "00000001",
"lastsend" : 1373915264,
"lastrecv" : 1373915014,
"bytessent" : 25472,
"bytesrecv" : 243,
"conntime" : 1373914413,
"version" : 60000,
"subver" : "",
"inbound" : true,
"startingheight" : 246738,
"banscore" : 0
},
{
"addr" : "95.154.230.108:59716",
"services" : "00000001",
"lastsend" : 1373915277,
"lastrecv" : 1373915017,
"bytessent" : 24923,
"bytesrecv" : 243,
"conntime" : 1373914414,
"version" : 60000,
"subver" : "",
"inbound" : true,
"startingheight" : 246738,
"banscore" : 0

Schleicher
Hero Member
*****
Offline Offline

Activity: 675
Merit: 514



View Profile
July 15, 2013, 07:16:19 PM
 #16

Ok, I found one with Satoshi subver, but I guess that doesn't mean it's really a Satoshi client.

Code:
"addr" : "54.226.201.93:48905",
"services" : "00000001",
"lastsend" : 1373915589,
"lastrecv" : 1373915589,
"bytessent" : 1080771,
"bytesrecv" : 85632,
"conntime" : 1373914434,
"version" : 70001,
"subver" : "/Satoshi:0.8.1/",
"inbound" : true,
"startingheight" : 246738,
"banscore" : 90

piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
July 15, 2013, 07:25:27 PM
 #17

Ok, I found one with Satoshi subver, but I guess that doesn't mean it's really a Satoshi client.
Especially with a banscore of 90 Smiley

As I said, I will re-check it and let you know again.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
July 15, 2013, 08:38:30 PM
 #18

OK - I know already.

Maybe indeed I should not had said that it did not work with other port numbers than 8333, since it's not entirely true.

But I was right that it was not an issue - it's obviously a feature:
Code:
// do not allow non-default ports, unless after 50 invalid addresses selected already
if (addr.GetPort() != GetDefaultPort() && nTries < 50)                               
    continue;                                                                       

Even if it was an issue for someone, he does not need to change the source code to solve it - not at all.
He only needs to convince everyone else to setup a non-default TCP port in their clients - and then he should finally get some incoming satoshi connections... Smiley

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Schleicher
Hero Member
*****
Offline Offline

Activity: 675
Merit: 514



View Profile
July 15, 2013, 09:03:20 PM
 #19

But I was right that it was not an issue - it's obviously a feature:
The obvious question now would be:
WTF? Why?

piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
July 15, 2013, 09:11:27 PM
 #20

But I was right that it was not an issue - it's obviously a feature:
The obvious question now would be:
WTF? Why?
Why the first 50 addresses with non-default port number are considered same as invalid?
To be honest, I have no idea. Just like I have no idea about a purpose of many things this s/w does, also spotted BTW.
But my personal experience advises me to not ask these kind of questions, because they don't like it.
It's a feature, not an issue - that's all you need to know.
The bitcoin elite is an actual elite, so if they made an effort to add a line of code - who are we to question it? Smiley

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!