Apart from the real grave bugs there are also a few bugs that are maybe somewhat less evil, but can still annoy the hell out of ordinary users. A few of them are presented below.
Broadcom and nvram
Many Broadcom devices (such as Linksys WRT54G routers) store the UPnP mappings
in nvram. The reason for this is when the device is rebooted the stored
mappings will be there, as if nothing happened. This is very convenient, as
long as the programs you have behave properly. But what happens if they are
As it turns out, Broadcom based devices can handle a maximum of 32 mappings in nvram. For a normal home network this should be plenty. The amazing part is that as soon as you have added 32 mappings and add another one the UPnP stack will still allow you to do this and never present you an error. In fact, it will return a valid response code. Programs will think that the mapping was made and try to use the connection (for example, for file transfers) and it will fail. The following "hack" will irritate the hell out of people and render a router useless for normal people, who don't know how to delete portmappings:
- add 32 portmappings to a port that is never used, like port 1 or 9
There are two fixes to this problem that Broadcom should implement:
- return an error if there are too many port mappings
- let a user remove the mappings through a web
'Router' and maximum mappings
Devices using the 'Router' UPnP stack have a maximum of 160 mappings. After
this no new mappings will be accepted, but no warning will be given either. The
mappings can easily be erased by disabling and reenabling UPnP in the
With the 4.21.1 firmware of a Linksys WRT54G it is fairly easy to annoy the
hell out of users.
One of the methods in the WANIPConnection subprofile is the ForceTermination method. With this method it is possible to terminate the WAN connection of the router immediately. Its counterpart to enable it using UPnP is the RequestConnection method. Needless to say, this is hard to debug for an end user, especially since you can't see it on the router, because the LEDs don't change, so it appears the WAN connection is just working fine. There are a few possibilities for an unknowing user to restore the connection:
- powercycle the router
- use the webinterface to restart the connection
In other routers it is often enough to simply renew the DHCP release of the router. Many Linux IGD based routers don't even have the functionality, since it has never been implemented in that stack (yet).
A few devices, such as the Linksys WRT350Nv2, have made ForceTermination a configurable option. In the management interface under Administration there is the option "Allow Users to Disable Internet Access" and it is disabled by default.