status-im
/
miniupnp
mirror of https://github.com/status-im/miniupnp.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

miniupnpd: Added ENABLE_UPNPPINHOLE macro 

using ENABLE_UPNPPINHOLE to compile in the support for IPv6 Firewall pinholes.
It is enabled by either ENABLE_6CF_SERVICE or ENABLE_PCP + ENABLE_IPV6.
This commit is contained in:
Markus Stenberg 2014-05-10 13:09:48 +02:00 committed by Thomas Bernard
parent ba97c9b238
commit 3e03562b77
11 changed files with 101 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
miniupnpd/Makefile.macosx
View File

@ -33,10 +33,11 @@ STD_OBJS = miniupnpd.o upnphttp.o upnpdescgen.o upnpsoap.o \
upnpredirect.o getifaddr.o daemonize.o upnpglobalvars.o \
options.o upnppermissions.o minissdp.o natpmp.o \
upnpevents.o getconnstatus.o upnputils.o \
asyncsendto.o portinuse.o pcpserver.o
MAC_OBJS = mac/getifstats.o bsd/ifacewatcher.o
upnppinhole.o asyncsendto.o portinuse.o pcpserver.o
MAC_OBJS = mac/getifstats.o bsd/ifacewatcher.o bsd/getroute.o
IPFW_OBJS = ipfw/ipfwrdr.o ipfw/ipfwaux.o
PF_OBJS = pf/obsdrdr.o pf/pfpinhole.o
PF_OBJS = pf/obsdrdr.o
# pf/pfpinhole.o # SHOULD be used, but doesn't compile on e.g. OS X 10.9.
MISC_OBJS = upnpreplyparse.o minixml.o
ALL_OBJS = $(STD_OBJS) $(MISC_OBJS) $(MAC_OBJS)
@ -52,7 +53,7 @@ TEST_GETIFSTATS_OBJS = testgetifstats.o mac/getifstats.o
TEST_UPNPPERMISSIONS_OBJS = testupnppermissions.o upnppermissions.o
TEST_GETIFADDR_OBJS = testgetifaddr.o getifaddr.o
TEST_PORTINUSE_OBJS = testportinuse.o portinuse.o getifaddr.o
TEST_ASYNCSENDTO_OBJS = testasyncsendto.o asyncsendto.o upnputils.o
TEST_ASYNCSENDTO_OBJS = testasyncsendto.o asyncsendto.o upnputils.o bsd/getroute.o
MINIUPNPDCTL_OBJS = miniupnpdctl.o
EXECUTABLES = miniupnpd testupnpdescgen testgetifstats \

7
miniupnpd/genconfig.sh
View File

@ -510,6 +510,13 @@ else
fi
echo "" >> ${CONFIGFILE}
cat >> ${CONFIGFILE} <<EOF
#if defined(ENABLE_6FC_SERVICE) || (defined(ENABLE_PCP) && defined(ENABLE_IPV6))
#define ENABLE_UPNPPINHOLE
#endif
EOF
echo "#endif /* ${CONFIGMACRO} */" >> ${CONFIGFILE}
${MV} ${CONFIGFILE} ${CONFIGFILE_FINAL}

10
miniupnpd/miniupnpd.c
View File

@ -77,7 +77,7 @@
#ifdef USE_IFACEWATCHER
#include "ifacewatcher.h"
#endif
#ifdef ENABLE_6FC_SERVICE
#ifdef ENABLE_UPNPPINHOLE
#ifdef USE_NETFILTER
void init_iptpinhole(void);
#endif
@ -1381,7 +1381,7 @@ init(int argc, char * * argv, struct runtime_vars * v)
syslog(LOG_ERR, "Failed to init redirection engine. EXITING");
return 1;
}
#ifdef ENABLE_6FC_SERVICE
#ifdef ENABLE_UPNPPINHOLE
#ifdef USE_NETFILTER
init_iptpinhole();
#endif
@ -1522,7 +1522,7 @@ main(int argc, char * * argv)
struct rule_state * rule_list = 0;
struct timeval checktime = {0, 0};
struct lan_addr_s * lan_addr;
#ifdef ENABLE_6FC_SERVICE
#ifdef ENABLE_UPNPPINHOLE
unsigned int next_pinhole_ts;
#endif
@ -1853,7 +1853,7 @@ main(int argc, char * * argv)
syslog(LOG_DEBUG, "setting timeout to %u sec",
(unsigned)timeout.tv_sec);
}
#ifdef ENABLE_6FC_SERVICE
#ifdef ENABLE_UPNPPINHOLE
/* Clean up expired IPv6 PinHoles */
next_pinhole_ts = 0;
upnp_clean_expired_pinholes(&next_pinhole_ts);
@ -1862,7 +1862,7 @@ main(int argc, char * * argv)
timeout.tv_sec = next_pinhole_ts - timeofday.tv_sec;
timeout.tv_usec = 0;
}
#endif
#endif /* ENABLE_UPNPPINHOLE */
/* select open sockets (SSDP, HTTP listen, and all HTTP soap sockets) */
FD_ZERO(&readset);

26
miniupnpd/netfilter/iptpinhole.c
View File

@ -16,7 +16,7 @@
#include "iptpinhole.h"
#include "../upnpglobalvars.h"
#ifdef ENABLE_6FC_SERVICE
#ifdef ENABLE_UPNPPINHOLE
#include <xtables.h>
#include <libiptc/libip6tc.h>
@ -40,6 +40,7 @@ struct pinhole_t {
unsigned short dport;
unsigned short uid;
unsigned char proto;
char desc[];
};
void init_iptpinhole(void)
@ -56,15 +57,16 @@ void shutdown_iptpinhole(void)
static int
add_to_pinhole_list(struct in6_addr * saddr, unsigned short sport,
struct in6_addr * daddr, unsigned short dport,
int proto, unsigned int timestamp)
int proto, const char *desc, unsigned int timestamp)
{
struct pinhole_t * p;
p = calloc(1, sizeof(struct pinhole_t));
p = calloc(1, sizeof(struct pinhole_t) + strlen(desc) + 1);
if(!p) {
syslog(LOG_ERR, "add_to_pinhole_list calloc() error");
return -1;
}
strcpy(p->desc, desc);
memcpy(&p->saddr, saddr, sizeof(struct in6_addr));
p->sport = sport;
memcpy(&p->daddr, daddr, sizeof(struct in6_addr));
@ -195,7 +197,7 @@ ip6tables -t raw -I PREROUTING %d -p %s -i %s --sport %hu -d %s --dport %hu -j T
int add_pinhole(const char * ifname,
const char * rem_host, unsigned short rem_port,
const char * int_client, unsigned short int_port,
int proto, unsigned int timestamp)
int proto, const char * desc, unsigned int timestamp)
{
int uid;
struct ip6t_entry * e;
@ -238,7 +240,7 @@ int add_pinhole(const char * ifname,
}
uid = add_to_pinhole_list(&e->ipv6.src, rem_port,
&e->ipv6.dst, int_port,
proto, timestamp);
proto, desc, timestamp);
free(e);
return uid;
}
@ -318,9 +320,12 @@ update_pinhole(unsigned short uid, unsigned int timestamp)
int
get_pinhole_info(unsigned short uid,
char * rem_host, int rem_hostlen, unsigned short * rem_port,
char * int_client, int int_clientlen, unsigned short * int_port,
int * proto, unsigned int * timestamp,
char * rem_host, int rem_hostlen,
unsigned short * rem_port,
char * int_client, int int_clientlen,
unsigned short * int_port,
int * proto, char * desc, int desclen,
unsigned int * timestamp,
u_int64_t * packets, u_int64_t * bytes)
{
struct pinhole_t * p;
@ -344,6 +349,8 @@ get_pinhole_info(unsigned short uid,
*proto = p->proto;
if(timestamp)
*timestamp = p->timestamp;
if (desc)
strncpy(desc, p->desc, desclen);
if(packets || bytes) {
/* theses informations need to be read from netfilter */
IP6TC_HANDLE h;
@ -407,5 +414,4 @@ clean_pinhole_list(unsigned int * next_timestamp)
return n;
}
#endif
#endif /* ENABLE_UPNPPINHOLE */

13
miniupnpd/netfilter/iptpinhole.h
View File

@ -7,11 +7,12 @@
#ifndef IPTPINHOLE_H_INCLUDED
#define IPTPINHOLE_H_INCLUDED
#ifdef ENABLE_6FC_SERVICE
#ifdef ENABLE_UPNPPINHOLE
int add_pinhole(const char * ifname,
const char * rem_host, unsigned short rem_port,
const char * int_client, unsigned short int_port,
int proto, unsigned int timestamp);
int proto, const char *desc, unsigned int timestamp);
int update_pinhole(unsigned short uid, unsigned int timestamp);
@ -20,12 +21,14 @@ int delete_pinhole(unsigned short uid);
int
get_pinhole_info(unsigned short uid,
char * rem_host, int rem_hostlen, unsigned short * rem_port,
char * int_client, int int_clientlen, unsigned short * int_port,
int * proto, unsigned int * timestamp,
char * int_client, int int_clientlen,
unsigned short * int_port,
int * proto, char * desc, int desclen,
unsigned int * timestamp,
u_int64_t * packets, u_int64_t * bytes);
int clean_pinhole_list(unsigned int * next_timestamp);
#endif
#endif /* ENABLE_UPNPPINHOLE */
#endif

15
miniupnpd/pf/pfpinhole.c
View File

@ -15,6 +15,9 @@
#ifdef __DragonFly__
#include <net/pf/pfvar.h>
#else
#ifdef MACOSX
#define PRIVATE 1
#endif
#include <net/pfvar.h>
#endif
#include <fcntl.h>
@ -39,7 +42,8 @@
* with the label "pinhole-$uid ts-$timestamp"
*/
#ifdef ENABLE_6FC_SERVICE
#ifdef ENABLE_UPNPPINHOLE
/* /dev/pf when opened */
extern int dev;
@ -50,7 +54,7 @@ static int next_uid = 1;
int add_pinhole(const char * ifname,
const char * rem_host, unsigned short rem_port,
const char * int_client, unsigned short int_port,
int proto, unsigned int timestamp)
int proto, const char * desc, unsigned int timestamp)
{
int uid;
struct pfioc_rule pcr;
@ -206,7 +210,8 @@ int
get_pinhole_info(unsigned short uid,
char * rem_host, int rem_hostlen, unsigned short * rem_port,
char * int_client, int int_clientlen, unsigned short * int_port,
int * proto, unsigned int * timestamp,
int * proto, char * desc, int desclen,
unsigned int * timestamp,
u_int64_t * packets, u_int64_t * bytes)
{
int i, n;
@ -219,6 +224,7 @@ get_pinhole_info(unsigned short uid,
syslog(LOG_ERR, "pf device is not open");
return -1;
}
if (desc) *desc = 0; /* XXX - use label for storing it? */
snprintf(label_start, sizeof(label_start),
"pinhole-%hu", uid);
memset(&pr, 0, sizeof(pr));
@ -363,5 +369,4 @@ int clean_pinhole_list(unsigned int * next_timestamp)
return n; /* number of rules removed */
}
#endif /* ENABLE_IPV6 */
#endif /* ENABLE_UPNPPINHOLE */

10
miniupnpd/pf/pfpinhole.h
View File

@ -8,11 +8,12 @@
#ifndef PFPINHOLE_H_INCLUDED
#define PFPINHOLE_H_INCLUDED
#ifdef ENABLE_6FC_SERVICE
#ifdef ENABLE_UPNPPINHOLE
int add_pinhole(const char * ifname,
const char * rem_host, unsigned short rem_port,
const char * int_client, unsigned short int_port,
int proto, unsigned int timestamp);
int proto, const char * desc, unsigned int timestamp);
int delete_pinhole(unsigned short uid);
@ -20,14 +21,15 @@ int
get_pinhole_info(unsigned short uid,
char * rem_host, int rem_hostlen, unsigned short * rem_port,
char * int_client, int int_clientlen, unsigned short * int_port,
int * proto, unsigned int * timestamp,
int * proto, char * desc, int desclen,
unsigned int * timestamp,
u_int64_t * packets, u_int64_t * bytes);
int update_pinhole(unsigned short uid, unsigned int timestamp);
int clean_pinhole_list(unsigned int * next_timestamp);
#endif
#endif /* ENABLE_UPNPPINHOLE */
#endif

2
miniupnpd/upnpglobalvars.c
View File

@ -95,7 +95,7 @@ const char * tag = 0;
const char * miniupnpd_nat_chain = "MINIUPNPD";
const char * miniupnpd_peer_chain = "MINIUPNPD-PCP-PEER";
const char * miniupnpd_forward_chain = "MINIUPNPD";
#ifdef ENABLE_6FC_SERVICE
#ifdef ENABLE_UPNPPINHOLE
const char * miniupnpd_v6_filter_chain = "MINIUPNPD";
#endif

2
miniupnpd/upnpglobalvars.h
View File

@ -123,7 +123,7 @@ extern const char * tag;
extern const char * miniupnpd_nat_chain;
extern const char * miniupnpd_peer_chain;
extern const char * miniupnpd_forward_chain;
#ifdef ENABLE_6FC_SERVICE
#ifdef ENABLE_UPNPPINHOLE
extern const char * miniupnpd_v6_filter_chain;
#endif
#endif

35
miniupnpd/upnppinhole.c
View File

@ -23,6 +23,14 @@
#include "upnpredirect.h"
#include "upnpglobalvars.h"
#include "upnpevents.h"
#include "upnppinhole.h"
#ifdef __APPLE__
/* XXX - Apple version of PF API seems to differ from what
* pf/pfpinhole.c expects so don't use that at least.. */
#ifdef USE_PF
#undef USE_PF
#endif /* USE_PF */
#endif /* __APPLE__ */
#if defined(USE_NETFILTER)
#include "netfilter/iptpinhole.h"
#endif
@ -34,7 +42,8 @@
#if defined(USE_IPFW)
#endif
#ifdef ENABLE_6FC_SERVICE
#ifdef ENABLE_UPNPPINHOLE
#if 0
int
upnp_check_outbound_pinhole(int proto, int * timeout)
@ -121,7 +130,7 @@ upnp_add_inboundpinhole(const char * raddr,
{
#if defined(USE_PF) || defined(USE_NETFILTER)
*uid = add_pinhole (0/*ext_if_name*/, raddr, rport,
iaddr, iport, proto, timestamp);
iaddr, iport, proto, ""/*desc*/, timestamp);
return 1;
#else
return -42; /* not implemented */
@ -203,7 +212,7 @@ upnp_add_inboundpinhole_internal(const char * raddr, unsigned short rport,
* 0 OK
* -1 Internal error
* -2 NOT FOUND (no such entry)
* ..
* ..
* -42 Not implemented
*/
int
@ -212,7 +221,7 @@ upnp_get_pinhole_info(unsigned short uid,
unsigned short * rport,
char * iaddr, int iaddrlen,
unsigned short * iport,
int * proto,
int * proto, char * desc, int desclen,
unsigned int * leasetime,
unsigned int * packets)
{
@ -225,6 +234,7 @@ upnp_get_pinhole_info(unsigned short uid,
r = get_pinhole_info(uid, raddr, raddrlen, rport,
iaddr, iaddrlen, iport, proto,
desc, desclen,
leasetime ? &timestamp : NULL,
packets ? &packets_tmp : NULL,
NULL/*&bytes_tmp*/);
@ -245,11 +255,24 @@ upnp_get_pinhole_info(unsigned short uid,
UNUSED(uid);
UNUSED(raddr); UNUSED(raddrlen); UNUSED(rport);
UNUSED(iaddr); UNUSED(iaddrlen); UNUSED(iport);
UNUSED(proto); UNUSED(leasetime); UNUSED(packets);
UNUSED(proto); UNUSED(desc); UNUSED(desclen);
UNUSED(leasetime); UNUSED(packets);
return -42; /* not implemented */
#endif
}
int
upnp_get_pinhole_uid_by_index(int index)
{
#if defined (USE_NETFILTER)
return -1;
#else
UNUSED(index);
return -42;
#endif /* defined (USE_NETFILTER) */
}
int
upnp_update_inboundpinhole(unsigned short uid, unsigned int leasetime)
{
@ -507,5 +530,5 @@ upnp_clean_expired_pinholes(unsigned int * next_timestamp)
return 0; /* nothing to do */
#endif
}
#endif
#endif /* ENABLE_UPNPPINHOLE */

19
miniupnpd/upnppinhole.h
View File

@ -10,7 +10,8 @@
#include "config.h"
#ifdef ENABLE_6FC_SERVICE
#ifdef ENABLE_UPNPPINHOLE
/* functions to be used by WANIPv6_FirewallControl implementation */
#if 0
@ -39,10 +40,18 @@ upnp_get_pinhole_info(unsigned short uid,
unsigned short * rport,
char * iaddr, int iaddrlen,
unsigned short * iport,
int * proto,
int * proto, char * desc, int desclen,
unsigned int * leasetime,
unsigned int * packets);
/*
* return values:
* -1 = not found
* 0 .. 65535 = uid of the rule for the index
*/
int
upnp_get_pinhole_uid_by_index(int index);
/* update the lease time */
int
upnp_update_inboundpinhole(unsigned short uid, unsigned int leasetime);
@ -63,8 +72,6 @@ upnp_check_pinhole_working(const char * uid, char * eaddr, char * iaddr, unsigne
int
upnp_clean_expired_pinholes(unsigned int * next_timestamp);
#endif /* ENABLE_6FC_SERVICE */
#endif
#endif /* ENABLE_UPNPPINHOLE */
#endif /* !UPNPPINHOLE_H_INCLUDED */