firewall blocking incoming udp packets...how to fix?

924 views
Skip to first unread message

sc...@collobos.com

unread,
Aug 4, 2015, 3:18:50 PM8/4/15
to Native-Client-Discuss
Hello all.  My packaged app needs to discover a server on the local link of a network.  To do that, the app creates a udp socket and sends a message to a multicast endpoint.  This works...the server side receives the message and attempts to send back a unicast response to the Chrome app that sent the multicast message.

This works on Chrome running on Mac/Windows, but fails on a ChromeBook.  I'm assuming it's because the firewall is blocking the incoming packet, as the app sent the outgoing packet to a multicast address, not a unicast address.  That's annoying, but I thought I'd get it to work by having the server also send the response back to the multicast address.

I cannot seem to get this to work either...it also looks like the firewall is blocking this packet.

I'm using pepper_45 running on ChromeOS 45.0.2454.15 beta.

This is a huge blocker for us, and any help would be greatly appreciated.

Thanks,

Scott

Victor Khimenko

unread,
Aug 4, 2015, 3:55:03 PM8/4/15
to Native Client Discuss, Chromium OS discuss
On Tue, Aug 4, 2015 at 10:18 PM, <sc...@collobos.com> wrote:
Hello all.  My packaged app needs to discover a server on the local link of a network.  To do that, the app creates a udp socket and sends a message to a multicast endpoint.  This works...the server side receives the message and attempts to send back a unicast response to the Chrome app that sent the multicast message.

This works on Chrome running on Mac/Windows, but fails on a ChromeBook.

If your app works on Mac/Windows then it's most likely ChromeOS firewall and I'm just afraid that few NaCl developers understand the peculiarities of ChromeOS firewall.
 
I'm assuming it's because the firewall is blocking the incoming packet, as the app sent the outgoing packet to a multicast address, not a unicast address.  That's annoying, but I thought I'd get it to work by having the server also send the response back to the multicast address.

I cannot seem to get this to work either...it also looks like the firewall is blocking this packet.

I'm using pepper_45 running on ChromeOS 45.0.2454.15 beta.

This is a huge blocker for us, and any help would be greatly appreciated.

I think you'll need to move that discussion to cros-discuss. I remember that one of our tentative ARC launch partners needed similar capability, but it was not possible to provide it because of ChromeOS firewall. After discussion with ChromeOS team they were stricken from the list of launch partners and their app still does not work. You are in somewhat better position: you apparently could modify the server side, thus there's hope.


Derek Schuff

unread,
Aug 4, 2015, 5:39:33 PM8/4/15
to Native Client Discuss, Chromium OS discuss
Does this (very recently-fixed) bug describe your situation? https://code.google.com/p/chromium/issues/detail?id=489853

--
You received this message because you are subscribed to the Google Groups "Native-Client-Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to native-client-di...@googlegroups.com.
To post to this group, send email to native-cli...@googlegroups.com.
Visit this group at http://groups.google.com/group/native-client-discuss.
For more options, visit https://groups.google.com/d/optout.

sc...@collobos.com

unread,
Aug 4, 2015, 5:52:36 PM8/4/15
to Native-Client-Discuss, chromium-...@chromium.org, dsc...@google.com
It's close.  If I'm parsing that thread correctly, they're talking about punching a hole in the firewall for TCP sockets that listen for network connections.  We're using UDP sockets.  But...this sounded pretty good in the ensuing discussion:

"Sounds fair. I'm already adding hole punching to the Udp bind call."

If they do that, I think that'd solve the problem.

Thanks for the link!

Take care,

Scott

On Tuesday, August 4, 2015 at 2:39:33 PM UTC-7, Derek Schuff wrote:
Does this (very recently-fixed) bug describe your situation? https://code.google.com/p/chromium/issues/detail?id=489853

On Tue, Aug 4, 2015 at 12:55 PM Victor Khimenko <kh...@chromium.org> wrote:
On Tue, Aug 4, 2015 at 10:18 PM, <sc...@collobos.com> wrote:
Hello all.  My packaged app needs to discover a server on the local link of a network.  To do that, the app creates a udp socket and sends a message to a multicast endpoint.  This works...the server side receives the message and attempts to send back a unicast response to the Chrome app that sent the multicast message.

This works on Chrome running on Mac/Windows, but fails on a ChromeBook.

If your app works on Mac/Windows then it's most likely ChromeOS firewall and I'm just afraid that few NaCl developers understand the peculiarities of ChromeOS firewall.
 
I'm assuming it's because the firewall is blocking the incoming packet, as the app sent the outgoing packet to a multicast address, not a unicast address.  That's annoying, but I thought I'd get it to work by having the server also send the response back to the multicast address.

I cannot seem to get this to work either...it also looks like the firewall is blocking this packet.

I'm using pepper_45 running on ChromeOS 45.0.2454.15 beta.

This is a huge blocker for us, and any help would be greatly appreciated.

I think you'll need to move that discussion to cros-discuss. I remember that one of our tentative ARC launch partners needed similar capability, but it was not possible to provide it because of ChromeOS firewall. After discussion with ChromeOS team they were stricken from the list of launch partners and their app still does not work. You are in somewhat better position: you apparently could modify the server side, thus there's hope.


--
You received this message because you are subscribed to the Google Groups "Native-Client-Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to native-client-discuss+unsub...@googlegroups.com.

Derek Schuff

unread,
Aug 4, 2015, 7:15:52 PM8/4/15
to sc...@collobos.com, Native-Client-Discuss, bbu...@google.com, chromium-...@chromium.org
If I'm interpreting https://codereview.chromium.org/1213203004 correctly, I think it works for UDP too.

To unsubscribe from this group and stop receiving emails from it, send an email to native-client-di...@googlegroups.com.

sc...@collobos.com

unread,
Aug 4, 2015, 8:02:31 PM8/4/15
to Native-Client-Discuss, sc...@collobos.com, bbu...@google.com, chromium-...@chromium.org, dsc...@google.com
That's the way it's looking to me too.
To unsubscribe from this group and stop receiving emails from it, send an email to native-client-discuss+unsub...@googlegroups.com.

sc...@collobos.com

unread,
Aug 5, 2015, 8:09:09 PM8/5/15
to Native-Client-Discuss, sc...@collobos.com, bbu...@google.com, chromium-...@chromium.org, dsc...@google.com
Just for anyone looking at this thread.  I installed the latest from dev channel on my ChromeBook this morning.  I verified that the dev channel had the fixes referenced in this thread.  

And sure enough, this problem has been resolved.  When a UDP socket is bound, it punches a hole in the firewall so it can receive packets from the network w/o having to send a packet out first.

Scott
Reply all
Reply to author
Forward
0 new messages