UPNP issues, discovery replies going to multicast?

[vvuk]

I'm trying to get UPNP set up (yep, I know it's a security risk) and am confused by the behaviour I'm seeing.  I've got the plugin installed, upnp turned on, correct interfaces set.  On 22.7.

If I do a M-SEARCH broadcast (to 239.255.255.250:1900, using a simple python script like the one in https://www.electricmonk.nl/log/2016/07/05/exploring-upnp-with-python/), I never see replies from the router.  But if I watch tcpdump on the same interface, I do see the router sending back replies -- but sending them to the multicast address (239.255.255.250).  Is that correct?  I thought replies were supposed to be unicast back to the requesting ip/port.  I see other devices on my network doing the same thing, and they are also not being seen by the script.

Same thing happens if I just try to use upnpc -s -- it can't find the IGD amongst the replies (instead it optimistically picks the one device on my network that has a broken xml.  Same results on both a Linux client and a Windows client.

Any suggestions on what to try?  Is the reply address being the multicast address the issue, or is that a red herring? Nothing interesting in the logs for upnpd on the router.  To add -- I do see general upnp multicast traffic.  But I see the router reply multiple times directly in response to me sending a broadcast query.  (And I mean multiple -- I get ~20 identical messages)
  Scratch that.  I _don't_ see the router actually reply; what I was seeing was just its normal broadcasts.

So looks like packets are maybe being dropped on the router.

[vvuk]

Actually.. so my vlan setup might be to blame.  I've got a network where I use untagged packets, plus 2 VLANs (110 and 120).  Some machines are connected to trunk ports on my switch, because they both send untagged traffic as well as tagged VLAN traffic.  My router is one of these, as are each of the machines I did a SSDP mutlicast query from.

Is it possible my switch (Unifi USW-24) is seeing an untagged multicast packet and just deciding to drop it?  I'm not sure what the rules are normally for untagged multicast traffic on trunk ports; plus wouldn't surprise me if Unifi is doing something weird here.  I have IGMP snooping turned off everywhere.  Then again, I do see untagged multicast packets coming the other direction (i.e. the router's SSDP upnp broadcasts to multicast) and it's the same config on both switch ports, so this might not be an issue.