Pro/Con list agreed with nextgens for UP&P: PRO: 1) IT LETS US PORT FORWARD !!!!!! 2) it may let us detect our ip addresses 3) There is a library; this should minimize the possibilities of fingerprinting
CON: 1) a lot of people are double NATed 2) it's blocked by default on winXPSP2, but we can probably turn it on 3) it may be blocked or flagged by firewall type software 4) multicast discovery packets may be forwarded to the ISP, if the router doesn't support UP&P 5) some/most implementations are crappy and simply won't work; buggy out of date firmwares etc, no way to detect short of blacklisting. 6) Azureus (I think) tried it and had a 50% success rate - when UP&P was detected, there was a 50% chance of a port forward actually working. 7) Have to ask a user whether they are on a potentially hostile LAN in the installer. Trying to use UP&P on a university LAN for example would be bad; it can be spoofed, and may cause/be seen as flooding. And for STUN: PRO: 1) It will let us detect our IP address, and whether we are directly connected, and whether UDP is blocked. 2) There is a library; this should minimize the possibilities of fingerprinting. CON: 1) It uses a standard list of servers. It might be possible to fingerprint, or to spoof. We will implement STUN if possible. The library appears to use java 1.5 features, but can easily be converted. On Tue, Jun 20, 2006 at 03:19:59AM +0100, Matthew Toseland wrote: > Do we need to implement UP&P support? It would help in many areas: > - It would allow us to forward ports and detect our real IP address! > - It would make connection work more reliably on dynamic IPs, especially > with nodes with poor uptime. > - It would expand the range of nodes which can be seednodes on opennet. > (To be a seednode you need to be directly connected or port > forwarded). > - It would allow us to implement something like the distribution > servlet. > - It would allow us to usefully implement support for "invitations", one > use darknet references which come with authorization to add the other > side. > > Unfortunately: > - It is grossly insecure if run on a LAN with untrusted users. We would > have to ask the user during setup. > - It is blocked by default on Windows XP SP2. > - Stats on another p2p app which supported UP&P showed it only working > successfully about 50% of the time even when detected... That may have > been bugs in their implementation of course... > > So is it a panacea or a nightmare? Do we want UP&P support? > -- > Matthew J Toseland - toad at amphibian.dyndns.org > Freenet Project Official Codemonkey - http://freenetproject.org/ > ICTHUS - Nothing is impossible. Our Boss says so. > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060621/eab56fda/attachment.pgp>
