The code then calls the Call() subroutine for each property listed in the %UPNP_SERVICE_PROPERTIES hash for the appropriate service type. The code at callout F shows how the Call() subroutine works. UPnP lets an application call a function on the remote device, passing parameters and receiving result values. The Call() subroutine tells a specific service on the remote device to call the function that the $Name variable specifies. The subroutine passes the $Args hash reference, which specifies parameters to pass to the function. The script performs this work by calling the service's postcontrol() method. The result of calling this method is an object ($Result) that represents the information that the remote device's service returned to the application.
After calling postcontrol(), the script queries the $Result object to determine whether the function call was successful. UPnP uses the HTTP protocol to submit the request and receive the result. When a call to getstatuscontrol() returns a value of 200 (HTTP's success result code), the function call was successful. A successful request is followed by a call to the $Result object's getargumentlist() method, which returns XML code that identifies a list of items that the device service's function call returned. The script parses out any items in the XML list and stores them in the $ResultList hash reference.
The code at callout G shows how the GetList() subroutine works. GetList() calls a specified function in a device service for a specified number of times or until the call fails. The script uses this subroutine to collect a list of all mapped ports and displays the list for your review.
Tightening Security
It's a good security practice to periodically check that hackers haven't broken into your network and taken control of it. This is especially true for networks that use UPnP devices, which can be programmatically configured to let hackers and spyware through the front door.
Sometimes such holes are acceptable, such as when you're streaming music or videos. However, if you don't recognize a port mapping, you should log on to your IGD and reconfigure it to close the security hole. QueryPortMap.pl helps you interrogate your routers and firewalls to see what holes have been opened. You can easily modify the script to send email alerts if it finds suspicious port mappings.
With the programmatic-configuration convenience of UPnP comes an added burden of monitoring who or what might be changing IGD settings and why. Using Perl is a great way to monitor such events and tighten your network's security.