On Sat, Feb 15, 2014 at 08:35:06AM +0100, Lunar wrote:
David Fifield:
Alternatively, we could specify a static port (:9000 instead of :0 in the ClientTransportPlugin line). Then at least it would be just *one* port open permanently. But one of the nice things about automatic port forwarding was that it would be possible not to use a fixed (more easily blockable) port number.
That would prevent multiple users of the Flashproxy bundle on the same network. This makes some little yellow warning lights blink in my head. They are labelled “support headache ahead”.
That's a good point. Nevertheless I'm going to do another set of bundles with port 9000 set. That's because for now, I'm trying to judge the fraction of users for whom UPnP works at all, in order to see if it's worth working on more. Because of the difficulties we've found, it seems bundles with automatic port forwarding are at least several weeks away, if we do them at all. If we do such bundles, we must make sure they use ephemeral ports, and the port forwardings don't last forever.
At least, I think tor-fw-helper should have a default timeout that is slightly longer than tor's default interval for calling it, and optionally should take an argument controlling how long the timeout should be.
Ximin started looking at writing a replacement in a memory-safe language, which would dispel some of the concern about using a third-party C library (and incidentally work around the API compatibility between miniupnpc 1.5 and 1.6).
David Fifield