Does the webrtc team have a plan to add UPnP support for gathering candidates?

[Dongyang Li]

Hi,all

I want to figure out whether or not the webrtc team have a plan to take UPnP to webrtc.

If not,would they accept a contribution to that?

Thanks

Andrew Li

[Jeremy Noring]

On Friday, June 26, 2015 at 12:41:41 AM UTC-6, Dongyang Li wrote:

Hi,all

I want to figure out whether or not the webrtc team have a plan to take UPnP to webrtc.

If not,would they accept a contribution to that?

There is no good reason to do this, and plenty of reasons not to.  WebRTC already has very good P2P connectivity via ICE.  And UPnP as a standard is a steaming pile of crap (I am sorry, there is no nice way to say it), the implementation in SOHO routers is generally terrible and many users consider it a security vulnerability (the notion that a client behind a NAT device can open and configure ports is a weird and questionable practice).  I would sincerely hope they would not accept a contribution to do this, if for no other reason than the security of UPnP is questionable.

https://en.wikipedia.org/wiki/Universal_Plug_and_Play#Problems_with_UPnP

[Ben Schwartz]

UPnP is indeed problematic, but the IETF has proposed a modern standard mechanism for the kind of NAT control that Andrew is interested in: NAT-PCP.  That might be a good place to start.

There's no way we can guarantee that a particular patch will be accepted, but I think some research into NAT-PCP for WebRTC would be welcome.

--

---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/85ad1040-82b0-4740-bef4-1e764059906f%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Jeremy Noring]

On Friday, June 26, 2015 at 10:05:29 AM UTC-6, Ben Schwartz wrote:

UPnP is indeed problematic, but the IETF has proposed a modern standard mechanism for the kind of NAT control that Andrew is interested in: NAT-PCP.  That might be a good place to start.

There's no way we can guarantee that a particular patch will be accepted, but I think some research into NAT-PCP for WebRTC would be welcome.

PCP is just a slightly more recent version of Bonjour, and suffers from a lot of the same design flaws as UPnP does (clear inversion of security, poor auth model, numerous avenues for abuse, and extremely inconsistent router implementations).  Also I'd think WebRTC would want to avoid any more potential security threats (be they legitimate or sort of silly, like the public IP address leak the internet was in a huff about earlier); every time that happens some number of users literally disable UPnP in Chrome and FireFox.

But the biggest reason these technologies aren't compelling is ICE is already pretty effective in SOHO environments.  It's least effective in larger enterprise settings, but neither UPnP nor PCP are even remotely effective in those environments.  Is there some evidence this technology would improve P2P connection rates?  Because that's kinda where the rubber hits the road...

Of course research is always a good thing, but honestly I don't think either of these technologies are compelling.  My $.02, having worked with both of them in the past.

[Jeremy Noring]

On Friday, June 26, 2015 at 5:30:39 PM UTC-6, Jeremy Noring wrote:

some number of users literally disable UPnP in Chrome and FireFox.

*disable WebRTC.  Sorry.  Brain tired.

 

[Dongyang Li]

Thanks Ben.Seems UPnP is a security risk.But there are still many applications using UPnP for automatically  port forwarding.I think they’re prepared to give up some security for the convenience.

Well,I'll do more research on new standard NAT-PCP.

[Dongyang Li]

Thanks Jeremy.It's  UPnP’s security.

[Eugene Maliavskyy]

Almost all modern routers support UPnP. If this was supported by WebRTC - then WebRTC applications would require significantly less amount of TURN server traffic.

[shakeeb nazmus]

Hi all,

Is there any branch or patch of libjingle library which has implementation of UPnP related stuff ? 

Thanks,

Shakeeb