SSDP: use receiving interface index to check if from LAN

miniupnpd/minissdp.c

@@ -915,10 +915,10 @@ ProcessSSDPRequest(int s, unsigned short http_port)
 	}
 #endif /* defined(IP_RECVIF) || defined(IP_PKTINFO) */
 #ifdef ENABLE_HTTPS
-	ProcessSSDPData(s, bufr, n, (struct sockaddr *)&sendername,
+	ProcessSSDPData(s, bufr, n, (struct sockaddr *)&sendername, source_ifindex,
 	                http_port, https_port);
 #else
-	ProcessSSDPData(s, bufr, n, (struct sockaddr *)&sendername,
+	ProcessSSDPData(s, bufr, n, (struct sockaddr *)&sendername, source_ifindex,
 	                http_port);
 #endif
 
@@ -927,12 +927,12 @@ ProcessSSDPRequest(int s, unsigned short http_port)
 #ifdef ENABLE_HTTPS
 void
 ProcessSSDPData(int s, const char *bufr, int n,
-                const struct sockaddr * sender,
+                const struct sockaddr * sender, int source_if,
                 unsigned short http_port, unsigned short https_port)
 #else
 void
 ProcessSSDPData(int s, const char *bufr, int n,
-                const struct sockaddr * sender,
+                const struct sockaddr * sender, int source_if,
                 unsigned short http_port)
 #endif
 {
@@ -966,10 +966,31 @@ ProcessSSDPData(int s, const char *bufr, int n,
 	/* get the string representation of the sender address */
 	sockaddr_to_string(sender, sender_str, sizeof(sender_str));
 	lan_addr = get_lan_for_peer(sender);
+	if(source_if >= 0)
+	{
+		if(lan_addr != NULL)
+		{
+			if(lan_addr->index != (unsigned)source_if)
+			{
+				syslog(LOG_WARNING, "interface index not matching %u != %d", lan_addr->index, source_if);
+			}
+		}
+		else
+		{
+			/* use the interface index */
+			for(lan_addr = lan_addrs.lh_first;
+			    lan_addr != NULL;
+			    lan_addr = lan_addr->list.le_next)
+			{
+				if(lan_addr->index == (unsigned)source_if)
+					break;
+			}
+		}
+	}
 	if(lan_addr == NULL)
 	{
-		syslog(LOG_WARNING, "SSDP packet sender %s not from a LAN, ignoring",
-		       sender_str);
+		syslog(LOG_WARNING, "SSDP packet sender %s (if_index=%d) not from a LAN, ignoring",
+		       sender_str, source_if);
 		return;
 	}
 

miniupnpd/minissdp.h

@@ -1,7 +1,7 @@
 /* $Id: minissdp.h,v 1.12 2014/04/09 07:20:59 nanard Exp $ */
 /* MiniUPnP project
  * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
- * (c) 2006-2014 Thomas Bernard
+ * (c) 2006-2017 Thomas Bernard
  * This software is subject to the conditions detailed
  * in the LICENCE file provided within the distribution */
 #ifndef MINISSDP_H_INCLUDED
@@ -39,12 +39,12 @@ ProcessSSDPRequest(int s, unsigned short http_port);
 #ifdef ENABLE_HTTPS
 void
 ProcessSSDPData(int s, const char *bufr, int n,
-                const struct sockaddr * sendername,
+                const struct sockaddr * sendername, int source_if,
                 unsigned short http_port, unsigned short https_port);
 #else
 void
 ProcessSSDPData(int s, const char *bufr, int n,
-                const struct sockaddr * sendername,
+                const struct sockaddr * sendername, int source_if,
                 unsigned short http_port);
 #endif
 

miniupnpd/miniupnpd.c

@@ -631,7 +631,7 @@ static int nfqueue_cb(
 
 					/* printf("pkt found %s\n",dd);*/
 					ProcessSSDPData (sudp, dd, size - x,
-					                 &sendername, (unsigned short) 5555);
+					                 &sendername, -1, (unsigned short) 5555);
 				}
 			}
 		}
@@ -984,7 +984,6 @@ parselanaddr(struct lan_addr_s * lan_addr, const char * str)
 		}
 	}
 #endif
-#ifdef ENABLE_IPV6
 	if(lan_addr->ifname[0] != '\0')
 	{
 		lan_addr->index = if_nametoindex(lan_addr->ifname);
@@ -992,6 +991,7 @@ parselanaddr(struct lan_addr_s * lan_addr, const char * str)
 			fprintf(stderr, "Cannot get index for network interface %s",
 			        lan_addr->ifname);
 	}
+#ifdef ENABLE_IPV6
 	else
 	{
 		fprintf(stderr,

miniupnpd/miniupnpdtypes.h

@@ -16,9 +16,7 @@
  * with ascii representation and mask */
 struct lan_addr_s {
 	char ifname[IFNAMSIZ];	/* example: eth0 */
-#ifdef ENABLE_IPV6
 	unsigned int index;		/* use if_nametoindex() */
-#endif
 	char str[16];	/* example: 192.168.0.1 */
 	struct in_addr addr, mask;	/* ip/mask */
 #ifdef MULTIPLE_EXTERNAL_IP