Posted: Tue Mar 29, 2011 21:47 Post subject: UPnP list on NVRAM overflow?
Hi,
I have UPnP enabled on my ASUS RT-N16 router flashed with DD-WRT Build 16214 Mega and I noticed that UPnP is saved to the NVRAM and sometimes it looks like it's going to overflow ... is there a command that I can issue in a cron that I can program to clear the UPnP list at like 5 AM every morning? Usually I have to clear the NVRAM so that my router wouldn't crash from NVRAM exhaustion.
Also, why is the UPnP list saved on NVRAM, wouldn't it make more sense to just store it in regular memory as it should constantly fill and automatically delete entries that are no longer active?
Joined: 24 Feb 2009 Posts: 2026 Location: Sol System > Earth > USA > Arkansas
Posted: Tue Mar 29, 2011 22:25 Post subject: Re: UPnP list on NVRAM overflow?
deltatux wrote:
Also, why is the UPnP list saved on NVRAM, wouldn't it make more sense to just store it in regular memory as it should constantly fill and automatically delete entries that are no longer active?
Cheers,
deltatux
Well now ... that is an option that I would not mind seeing. The developers would have to get involved to make it happen though.
As for the clearing, there is an option to remove UPnP port forwards on startup. You could have the router reboot once a day in the early morning. It may not be the best solution, but it would work.
Another solution that came to mind would be finding out the exact commands to stop and start the UPnP service. Then that could be run as a cron job. _________________ E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]
Try Dropbox for syncing files - get 2.5gb online for free by signing up.
Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.
My ttraff variable cleaner script modified for UPnP:
for i in `nvram show | grep forward_port | cut -f1 -d=""`; do nvram unset $i; done
I don't know how well this will actually work though. I'm not sure whether the UPnP daemon or just the GUI uses the variables, but unseting them does make them disappear from the GUI. You might end up having the UPnP daemon forget about them but then have programs re-requesting the mapping even though this will not remove the actual forwards from iptables. ie. you could flood iptables with lots of duplicate rules. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Ya, that's what I'm afraid of ... is there no commands to unset UPnP? How does the GUI do it when you press the Delete All button? Does it execute commands on the router?
If so, what command is it?
EDIT: I kind of understand that nvram command but if it's only cosmetic then it's kind of useless no?
I guess you could also add this to clear the port forwards from iptables after you delete the nvram variables.
startservice wan _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
Any way to do a for loop that detects how many "forward_port" are there, and then delete them one by one? the script you suggested I think deletes all the forwarded ports.
This isn't ideal as I have static ports that forwards to my home server services.
uPnP is not only contaminating the nvram space but the FORWARD chain as well.
It should be just 1 entry in the FORWARD chain just like the "Access Restrictions".
Netfilter (iptables) should be used how it is intended! _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
I guess writing the UPNP data optionally to jffs instead of nvram would be a good idea. i also had a case where upnp overflowed the nvram (over 100 rules caused by a misconfigured client) _________________ Router: WNDR3300 (wl0: n-Only 5Ghz, WPA2-AES, wl1: g-Only, WPA-Mixed-Mixed)
WDS Node 1: WNDR3300 (wl0: n-Only 5Ghz, WPA2-AES, WDS-connected Router, wl1: g-Only WPA-Mixed-Mixed)
WDS Node 2: WRT54GL (g-Only, WPA-Mixed-Mixed WDS-connected to Router)
Modem: Cisco EPC3202
clients: Notebook 1, D-Link 323, PS3 Slim, Kathrein UFC960 connected to WDS Node 1 via Gigabit Switch. Notebook 2, Deskjet 6980 connected to WDS Node 2
@deltatux - It starts all the services for the WAN, including rebuilding the firewall which will wipe out the removed UPnP forwards.
The script only deletes UPnP forwards, it doesn't touch the static ones made in the GUI.
@frater - Yes, yes it should... But surely you remember that they tried many different UPnP daemons when the k2.6 builds were introduced and had many more serious problems with them. Right now they're using Broadcom's UPnP daemon which does some bad things but is the lesser of evils that they tried.
@oxygenx - UPnP forwards should only be saved in RAM. There's absolutely no reason to save them on persistent storage because UPnP clients are responsible for making sure their ports stay mapped by the UPnP server. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
@oxygenx - UPnP forwards should only be saved in RAM. There's absolutely no reason to save them on persistent storage because UPnP clients are responsible for making sure their ports stay mapped by the UPnP server.
Are you sure about this? it sounds reseasonable, but i know that in reality it does not work like that.
Applications like Skype or Bittorrent only notice a dropped upnp record after they are restarted and not on-the-fly. _________________ Router: WNDR3300 (wl0: n-Only 5Ghz, WPA2-AES, wl1: g-Only, WPA-Mixed-Mixed)
WDS Node 1: WNDR3300 (wl0: n-Only 5Ghz, WPA2-AES, WDS-connected Router, wl1: g-Only WPA-Mixed-Mixed)
WDS Node 2: WRT54GL (g-Only, WPA-Mixed-Mixed WDS-connected to Router)
Modem: Cisco EPC3202
clients: Notebook 1, D-Link 323, PS3 Slim, Kathrein UFC960 connected to WDS Node 1 via Gigabit Switch. Notebook 2, Deskjet 6980 connected to WDS Node 2
@oxygenx - UPnP forwards should only be saved in RAM. There's absolutely no reason to save them on persistent storage because UPnP clients are responsible for making sure their ports stay mapped by the UPnP server.
Are you sure about this? it sounds reseasonable, but i know that in reality it does not work like that.
Applications like Skype or Bittorrent only notice a dropped upnp record after they are restarted and not on-the-fly.
DD-WRT is set up in a way that restarting the firewall means it will flush all the tables and then completely rebuild it based on statically saved parameters (hardcoded, nvram, /tmp/etc/config files).
A better way would be a file in /tmp for these entries. But that's not how it is setup now. _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
@oxygenx - UPnP forwards should only be saved in RAM. There's absolutely no reason to save them on persistent storage because UPnP clients are responsible for making sure their ports stay mapped by the UPnP server.
Are you sure about this? it sounds reseasonable, but i know that in reality it does not work like that.
Applications like Skype or Bittorrent only notice a dropped upnp record after they are restarted and not on-the-fly.
DD-WRT is set up in a way that restarting the firewall means it will flush all the tables and then completely rebuild it based on statically save parameters (hardcoded, nvram, /tmp/etc/config files).
A better way would be a file in /tmp for these entries. But that's not how it is setup now.
Should we raise this up with BrainSlayer and see if he's willing to move it off the nvram and put it into the /tmp folder RAMDISK instead?
@frater: I had that idea when I started messing with iptables. According to official netfilter's faq, using a file with iptables-restore format is safer than scripts that calls iptables on every line. I second your idea of having iptables-save, iptables-save plus iptables-restore would make loading faster and also easier to maintain.
I am using iptables-restore with files stored in /opt/etc and symbolic links in /tmp/etc/config
This works great. I have written a lot of scripts (asiablock, worldblock, fixtables, stophack, stophammer,asterisk) that manipulate the DD-WRT firewall dynamically and they all work flawless.
A uPnP-daemon should use a seperate chain and by maintaining a special file in /tmp these entries can be easily managed.
Although oxygenx is correct that /tmp would not be suitable because it doesn't survive a reboot, I think this is going too far. A router reboot should be something that rarely occurs and restoring all these uPnP-entries is really the responsability of the application that initiated them.
nvram-overflow is a serious problem.
losing upnp entries after a reboot is an inconvenience. _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
