Add UPnP support to tincd.
This commit makes tincd capable of discovering UPnP-IGD devices on the local network, and add mappings (port redirects) for its TCP and/or UDP port. The goal is to improve reliability and performance of tinc with nodes sitting behind home routers that support UPnP, by making it less reliant on UDP Hole Punching, which is prone to failure when "hostile" NATs are involved. The way this is implemented is by leveraging the libminiupnpc library, which we have just added a new dependency on. We use pthread to run the UPnP client code in a dedicated thread; we can't use the tinc event loop because libminiupnpc doesn't have a non-blocking API.
This commit is contained in:
Etienne Dechamps
parent
2bb567c6a3
commit
513bffe1fe
8 changed files with 220 additions and 1 deletions
|
|
@ -510,6 +510,17 @@ Note: this setting can have a significant impact on performance, especially raw
|
|||
Sets the socket send buffer size for the UDP socket, in bytes.
|
||||
If set to zero, the default buffer size will be used by the operating system.
|
||||
Note: this setting can have a significant impact on performance, especially raw throughput.
|
||||
.It Va UPnP Li = yes | udponly | no Po no Pc
|
||||
If this option is enabled then tinc will search for UPnP-IGD devices on the local network.
|
||||
It will then create and maintain port mappings for tinc's listening TCP and UDP ports.
|
||||
If set to "udponly", tinc will only create a mapping for its UDP (data) port, not for its TCP (metaconnection) port.
|
||||
Note that tinc must have been built with miniupnpc support for this feature to be available.
|
||||
Furthermore, be advised that enabling this can have security implications, because the miniupnpc library that
|
||||
tinc uses might not be well-hardened with regard to malicious UPnP replies.
|
||||
.It Va UPnPDiscoverWait Li = Ar seconds Pq 5
|
||||
The amount of time to wait for replies when probing the local network for UPnP devices.
|
||||
.It Va UPnPRefreshPeriod Li = Ar seconds Pq 60
|
||||
How often tinc will re-add the port mapping, in case it gets reset on the UPnP device. This also controls the duration of the port mapping itself, which will be set to twice that duration.
|
||||
.El
|
||||
.Sh HOST CONFIGURATION FILES
|
||||
The host configuration files contain all information needed
|
||||
|
|
|
|||
|
|
@ -1269,6 +1269,24 @@ Sets the socket send buffer size for the UDP socket, in bytes.
|
|||
If set to zero, the default buffer size will be used by the operating system.
|
||||
Note: this setting can have a significant impact on performance, especially raw throughput.
|
||||
|
||||
@cindex UPnP
|
||||
@item UPnP = <yes|udponly|no> (no)
|
||||
If this option is enabled then tinc will search for UPnP-IGD devices on the local network.
|
||||
It will then create and maintain port mappings for tinc's listening TCP and UDP ports.
|
||||
If set to "udponly", tinc will only create a mapping for its UDP (data) port, not for its TCP (metaconnection) port.
|
||||
Note that tinc must have been built with miniupnpc support for this feature to be available.
|
||||
Furthermore, be advised that enabling this can have security implications, because the miniupnpc library that
|
||||
tinc uses might not be well-hardened with regard to malicious UPnP replies.
|
||||
|
||||
@cindex UPnPDiscoverWait
|
||||
@item UPnPDiscoverWait = <seconds> (5)
|
||||
The amount of time to wait for replies when probing the local network for UPnP devices.
|
||||
|
||||
@cindex UPnPRefreshPeriod
|
||||
@item UPnPRefreshPeriod = <seconds> (5)
|
||||
How often tinc will re-add the port mapping, in case it gets reset on the UPnP device.
|
||||
This also controls the duration of the port mapping itself, which will be set to twice that duration.
|
||||
|
||||
@end table
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue