SSDP: use receiving interface index to check if from LAN

This commit is contained in:
Thomas Bernard 2017-05-25 00:20:03 +02:00
parent d5ecf04fa3
commit 11a3e84b3d
4 changed files with 32 additions and 13 deletions

View File

@ -914,10 +914,10 @@ ProcessSSDPRequest(int s, unsigned short http_port)
} }
#endif /* defined(IP_RECVIF) || defined(IP_PKTINFO) */ #endif /* defined(IP_RECVIF) || defined(IP_PKTINFO) */
#ifdef ENABLE_HTTPS #ifdef ENABLE_HTTPS
ProcessSSDPData(s, bufr, n, (struct sockaddr *)&sendername, ProcessSSDPData(s, bufr, n, (struct sockaddr *)&sendername, source_ifindex,
http_port, https_port); http_port, https_port);
#else #else
ProcessSSDPData(s, bufr, n, (struct sockaddr *)&sendername, ProcessSSDPData(s, bufr, n, (struct sockaddr *)&sendername, source_ifindex,
http_port); http_port);
#endif #endif
@ -926,12 +926,12 @@ ProcessSSDPRequest(int s, unsigned short http_port)
#ifdef ENABLE_HTTPS #ifdef ENABLE_HTTPS
void void
ProcessSSDPData(int s, const char *bufr, int n, ProcessSSDPData(int s, const char *bufr, int n,
const struct sockaddr * sender, const struct sockaddr * sender, int source_if,
unsigned short http_port, unsigned short https_port) unsigned short http_port, unsigned short https_port)
#else #else
void void
ProcessSSDPData(int s, const char *bufr, int n, ProcessSSDPData(int s, const char *bufr, int n,
const struct sockaddr * sender, const struct sockaddr * sender, int source_if,
unsigned short http_port) unsigned short http_port)
#endif #endif
{ {
@ -965,10 +965,31 @@ ProcessSSDPData(int s, const char *bufr, int n,
/* get the string representation of the sender address */ /* get the string representation of the sender address */
sockaddr_to_string(sender, sender_str, sizeof(sender_str)); sockaddr_to_string(sender, sender_str, sizeof(sender_str));
lan_addr = get_lan_for_peer(sender); lan_addr = get_lan_for_peer(sender);
if(source_if >= 0)
{
if(lan_addr != NULL)
{
if(lan_addr->index != (unsigned)source_if)
{
syslog(LOG_WARNING, "interface index not matching %u != %d", lan_addr->index, source_if);
}
}
else
{
/* use the interface index */
for(lan_addr = lan_addrs.lh_first;
lan_addr != NULL;
lan_addr = lan_addr->list.le_next)
{
if(lan_addr->index == (unsigned)source_if)
break;
}
}
}
if(lan_addr == NULL) if(lan_addr == NULL)
{ {
syslog(LOG_WARNING, "SSDP packet sender %s not from a LAN, ignoring", syslog(LOG_WARNING, "SSDP packet sender %s (if_index=%d) not from a LAN, ignoring",
sender_str); sender_str, source_if);
return; return;
} }

View File

@ -1,7 +1,7 @@
/* $Id: minissdp.h,v 1.12 2014/04/09 07:20:59 nanard Exp $ */ /* $Id: minissdp.h,v 1.12 2014/04/09 07:20:59 nanard Exp $ */
/* MiniUPnP project /* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2006-2014 Thomas Bernard * (c) 2006-2017 Thomas Bernard
* This software is subject to the conditions detailed * This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */ * in the LICENCE file provided within the distribution */
#ifndef MINISSDP_H_INCLUDED #ifndef MINISSDP_H_INCLUDED
@ -39,12 +39,12 @@ ProcessSSDPRequest(int s, unsigned short http_port);
#ifdef ENABLE_HTTPS #ifdef ENABLE_HTTPS
void void
ProcessSSDPData(int s, const char *bufr, int n, ProcessSSDPData(int s, const char *bufr, int n,
const struct sockaddr * sendername, const struct sockaddr * sendername, int source_if,
unsigned short http_port, unsigned short https_port); unsigned short http_port, unsigned short https_port);
#else #else
void void
ProcessSSDPData(int s, const char *bufr, int n, ProcessSSDPData(int s, const char *bufr, int n,
const struct sockaddr * sendername, const struct sockaddr * sendername, int source_if,
unsigned short http_port); unsigned short http_port);
#endif #endif

View File

@ -631,7 +631,7 @@ static int nfqueue_cb(
/* printf("pkt found %s\n",dd);*/ /* printf("pkt found %s\n",dd);*/
ProcessSSDPData (sudp, dd, size - x, ProcessSSDPData (sudp, dd, size - x,
&sendername, (unsigned short) 5555); &sendername, -1, (unsigned short) 5555);
} }
} }
} }
@ -984,7 +984,6 @@ parselanaddr(struct lan_addr_s * lan_addr, const char * str)
} }
} }
#endif #endif
#ifdef ENABLE_IPV6
if(lan_addr->ifname[0] != '\0') if(lan_addr->ifname[0] != '\0')
{ {
lan_addr->index = if_nametoindex(lan_addr->ifname); lan_addr->index = if_nametoindex(lan_addr->ifname);
@ -992,6 +991,7 @@ parselanaddr(struct lan_addr_s * lan_addr, const char * str)
fprintf(stderr, "Cannot get index for network interface %s", fprintf(stderr, "Cannot get index for network interface %s",
lan_addr->ifname); lan_addr->ifname);
} }
#ifdef ENABLE_IPV6
else else
{ {
fprintf(stderr, fprintf(stderr,

View File

@ -16,9 +16,7 @@
* with ascii representation and mask */ * with ascii representation and mask */
struct lan_addr_s { struct lan_addr_s {
char ifname[IFNAMSIZ]; /* example: eth0 */ char ifname[IFNAMSIZ]; /* example: eth0 */
#ifdef ENABLE_IPV6
unsigned int index; /* use if_nametoindex() */ unsigned int index; /* use if_nametoindex() */
#endif
char str[16]; /* example: 192.168.0.1 */ char str[16]; /* example: 192.168.0.1 */
struct in_addr addr, mask; /* ip/mask */ struct in_addr addr, mask; /* ip/mask */
#ifdef MULTIPLE_EXTERNAL_IP #ifdef MULTIPLE_EXTERNAL_IP