diff --git a/miniupnpd/Changelog.txt b/miniupnpd/Changelog.txt index 16f6b31..83841cc 100644 --- a/miniupnpd/Changelog.txt +++ b/miniupnpd/Changelog.txt @@ -1,4 +1,7 @@ -$Id: Changelog.txt,v 1.446 2019/04/09 20:04:32 nanard Exp $ +$Id: Changelog.txt,v 1.448 2019/05/21 08:39:42 nanard Exp $ + +2019/05/21: + Allow to use two different network interfaces for IPv4 and IPv6 internet 2019/05/02: Fix ssdp notify on unrelated interfaces diff --git a/miniupnpd/INSTALL b/miniupnpd/INSTALL index c79cd61..d22f6bc 100644 --- a/miniupnpd/INSTALL +++ b/miniupnpd/INSTALL @@ -152,6 +152,10 @@ UPNP requests forwarding is not implemented. It is however possible to use STUN. See the ext_perform_stun / ext_stun_host / ext_stun_port options. +it is also possible to set a different interface for IPv6 WAN +ext_ifname=eth0 +ext_ifname6=sit0 + miniupnpd supports some kind of security check for allowing or disallowing redirection to be made. The UPnP permission rules are read from the miniupnpd.conf configuration file. diff --git a/miniupnpd/miniupnpd.c b/miniupnpd/miniupnpd.c index b56c7d7..3f09e81 100644 --- a/miniupnpd/miniupnpd.c +++ b/miniupnpd/miniupnpd.c @@ -1,4 +1,4 @@ -/* $Id: miniupnpd.c,v 1.232 2018/07/06 12:35:26 nanard Exp $ */ +/* $Id: miniupnpd.c,v 1.235 2019/05/21 08:39:43 nanard Exp $ */ /* vim: tabstop=4 shiftwidth=4 noexpandtab * MiniUPnP project * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ @@ -1178,6 +1178,11 @@ init(int argc, char * * argv, struct runtime_vars * v) case UPNPEXT_IFNAME: ext_if_name = ary_options[i].value; break; +#ifdef ENABLE_IPV6 + case UPNPEXT_IFNAME6: + ext_if_name6 = ary_options[i].value; + break; +#endif case UPNPEXT_IP: use_ext_ip_addr = ary_options[i].value; break; @@ -1501,6 +1506,14 @@ init(int argc, char * * argv, struct runtime_vars * v) else fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]); break; +#ifdef ENABLE_IPV6 + case 'I': + if(i+1 < argc) + ext_if_name6 = argv[++i]; + else + fprintf(stderr, "Option -%c takes one argument.\n", argv[i][1]); + break; +#endif #ifdef USE_PF case 'q': if(i+1 < argc) @@ -1672,12 +1685,17 @@ init(int argc, char * * argv, struct runtime_vars * v) fprintf(stderr, "Unknown option: %s\n", argv[i]); } } - if(!ext_if_name || !lan_addrs.lh_first) - { + if(!ext_if_name || !lan_addrs.lh_first) { /* bad configuration */ goto print_usage; } + /* IPv6 ifname is defaulted to same as IPv4 */ +#ifdef ENABLE_IPV6 + if(!ext_if_name6) + ext_if_name6 = ext_if_name; +#endif + if (use_ext_ip_addr && GETFLAG(PERFORMSTUNMASK)) { fprintf(stderr, "Error: options ext_ip= and ext_perform_stun=yes cannot be specified together\n"); return 1; @@ -1825,7 +1843,11 @@ print_usage: #ifndef DISABLE_CONFIG_FILE "[-f config_file] " #endif - "[-i ext_ifname] [-o ext_ip]\n" + "[-i ext_ifname] " +#ifdef ENABLE_IPV6 + "[-I ext_ifname6] " +#endif + "[-o ext_ip]\n" #ifndef MULTIPLE_EXTERNAL_IP "\t\t[-a listening_ip]" #else @@ -2011,6 +2033,11 @@ main(int argc, char * * argv) #endif GETFLAG(ENABLEUPNPMASK) ? "UPnP-IGD " : "", ext_if_name, upnp_bootid); +#ifdef ENABLE_IPV6 + if (ext_if_name6 != ext_if_name) { + syslog(LOG_INFO, "specific IPv6 ext if %s", ext_if_name6); + } +#endif if(GETFLAG(PERFORMSTUNMASK)) { diff --git a/miniupnpd/miniupnpd.conf b/miniupnpd/miniupnpd.conf index 12bb3c0..0e0a008 100644 --- a/miniupnpd/miniupnpd.conf +++ b/miniupnpd/miniupnpd.conf @@ -1,6 +1,9 @@ # WAN network interface #ext_ifname=eth1 #ext_ifname=xl1 +# if the WAN network interface for IPv6 is different than for IPv4, +# set ext_ifname6 +#ext_ifname6=eth2 # If the WAN interface has several IP addresses, you # can specify the one to use below #ext_ip= diff --git a/miniupnpd/options.c b/miniupnpd/options.c index 47c53b1..757250c 100644 --- a/miniupnpd/options.c +++ b/miniupnpd/options.c @@ -1,9 +1,9 @@ -/* $Id: options.c,v 1.36 2018/07/06 12:05:48 nanard Exp $ */ +/* $Id: options.c,v 1.37 2019/05/21 08:39:44 nanard Exp $ */ /* vim: tabstop=4 shiftwidth=4 noexpandtab * MiniUPnP project * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * author: Ryan Wagoner - * (c) 2006-2018 Thomas Bernard + * (c) 2006-2019 Thomas Bernard * This software is subject to the conditions detailed * in the LICENCE file provided within the distribution */ @@ -30,6 +30,9 @@ static const struct { const char * name; } optionids[] = { { UPNPEXT_IFNAME, "ext_ifname" }, +#ifdef ENABLE_IPV6 + { UPNPEXT_IFNAME6, "ext_ifname6" }, +#endif { UPNPEXT_IP, "ext_ip" }, { UPNPEXT_PERFORM_STUN, "ext_perform_stun" }, { UPNPEXT_STUN_HOST, "ext_stun_host" }, diff --git a/miniupnpd/options.h b/miniupnpd/options.h index a149756..f1e5294 100644 --- a/miniupnpd/options.h +++ b/miniupnpd/options.h @@ -1,9 +1,9 @@ -/* $Id: options.h,v 1.29 2018/07/06 12:05:48 nanard Exp $ */ +/* $Id: options.h,v 1.30 2019/05/21 08:39:44 nanard Exp $ */ /* vim: tabstop=4 shiftwidth=4 noexpandtab * MiniUPnP project * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ * author: Ryan Wagoner - * (c) 2006-2018 Thomas Bernard + * (c) 2006-2019 Thomas Bernard * This software is subject to the conditions detailed * in the LICENCE file provided within the distribution */ @@ -17,6 +17,9 @@ enum upnpconfigoptions { UPNP_INVALID = 0, UPNPEXT_IFNAME = 1, /* ext_ifname */ +#ifdef ENABLE_IPV6 + UPNPEXT_IFNAME6, /* ext_ifname6 */ +#endif UPNPEXT_IP, /* ext_ip */ UPNPEXT_PERFORM_STUN, /* ext_perform_stun */ UPNPEXT_STUN_HOST, /* ext_stun_host */ diff --git a/miniupnpd/pcpserver.c b/miniupnpd/pcpserver.c index a964aa9..aee6e45 100644 --- a/miniupnpd/pcpserver.c +++ b/miniupnpd/pcpserver.c @@ -1,5 +1,6 @@ -/* $Id: pcpserver.c,v 1.47 2018/03/13 10:21:19 nanard Exp $ */ -/* MiniUPnP project +/* $Id: pcpserver.c,v 1.51 2019/05/21 08:39:44 nanard Exp $ */ +/* vim: tabstop=4 shiftwidth=4 noexpandtab + * MiniUPnP project * Website : http://miniupnp.free.fr/ * Author : Peter Tatrai @@ -590,6 +591,17 @@ static int CheckExternalAddress(pcp_info_t* pcp_msg_info) pcp_msg_info->result_code = PCP_ERR_NETWORK_FAILURE; return -1; } +#ifdef ENABLE_IPV6 + } else if ((af == AF_INET6) && (ext_if_name6 != ext_if_name)) { + if(!ext_if_name6 || ext_if_name6[0]=='\0') { + pcp_msg_info->result_code = PCP_ERR_NETWORK_FAILURE; + return -1; + } + if(getifaddr_in6(ext_if_name6, af, &external_addr) < 0) { + pcp_msg_info->result_code = PCP_ERR_NETWORK_FAILURE; + return -1; + } +#endif } else { if(!ext_if_name || ext_if_name[0]=='\0') { pcp_msg_info->result_code = PCP_ERR_NETWORK_FAILURE; @@ -686,6 +698,7 @@ static int CreatePCPPeer_NAT(pcp_info_t *pcp_msg_info) char peerip_s[INET6_ADDRSTRLEN], extip_s[INET6_ADDRSTRLEN]; time_t timestamp = upnp_time() + pcp_msg_info->lifetime; int r; + const char * ext_if = ext_if_name; FillSA((struct sockaddr*)&intip, pcp_msg_info->mapped_ip, pcp_msg_info->int_port); @@ -718,9 +731,14 @@ static int CreatePCPPeer_NAT(pcp_info_t *pcp_msg_info) eport = pcp_msg_info->int_port; } +#ifdef ENABLE_IPV6 + if (ret_extip.ss_family == AF_INET6) { + ext_if = ext_if_name6; + } +#endif #ifdef PCP_FLOWP if (pcp_msg_info->flowp_present && pcp_msg_info->dscp_up) { - if (add_peer_dscp_rule2(ext_if_name, peerip_s, + if (add_peer_dscp_rule2(ext_if, peerip_s, pcp_msg_info->peer_port, pcp_msg_info->dscp_up, pcp_msg_info->mapped_str, pcp_msg_info->int_port, proto, pcp_msg_info->desc, timestamp) < 0 ) { @@ -735,7 +753,7 @@ static int CreatePCPPeer_NAT(pcp_info_t *pcp_msg_info) } if (pcp_msg_info->flowp_present && pcp_msg_info->dscp_down) { - if (add_peer_dscp_rule2(ext_if_name, pcp_msg_info->mapped_str, + if (add_peer_dscp_rule2(ext_if, pcp_msg_info->mapped_str, pcp_msg_info->int_port, pcp_msg_info->dscp_down, peerip_s, pcp_msg_info->peer_port, proto, pcp_msg_info->desc, timestamp) < 0 ) { @@ -751,7 +769,7 @@ static int CreatePCPPeer_NAT(pcp_info_t *pcp_msg_info) } #endif - r = add_peer_redirect_rule2(ext_if_name, + r = add_peer_redirect_rule2(ext_if, peerip_s, pcp_msg_info->peer_port, extip_s, diff --git a/miniupnpd/upnpglobalvars.c b/miniupnpd/upnpglobalvars.c index b222c01..c970c06 100644 --- a/miniupnpd/upnpglobalvars.c +++ b/miniupnpd/upnpglobalvars.c @@ -1,4 +1,4 @@ -/* $Id: upnpglobalvars.c,v 1.43 2018/07/06 12:05:48 nanard Exp $ */ +/* $Id: upnpglobalvars.c,v 1.44 2019/05/21 08:39:45 nanard Exp $ */ /* vim: tabstop=4 shiftwidth=4 noexpandtab * MiniUPnP project * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ @@ -16,6 +16,11 @@ /* network interface for internet */ const char * ext_if_name = 0; +#ifdef ENABLE_IPV6 +/* network interface for internet - IPv6 */ +const char * ext_if_name6 = 0; +#endif + /* stun host/port configuration */ const char * ext_stun_host = 0; uint16_t ext_stun_port = 0; diff --git a/miniupnpd/upnpglobalvars.h b/miniupnpd/upnpglobalvars.h index a042388..ec34e0e 100644 --- a/miniupnpd/upnpglobalvars.h +++ b/miniupnpd/upnpglobalvars.h @@ -1,8 +1,8 @@ -/* $Id: upnpglobalvars.h,v 1.47 2018/07/06 12:05:48 nanard Exp $ */ +/* $Id: upnpglobalvars.h,v 1.48 2019/05/21 08:39:45 nanard Exp $ */ /* vim: tabstop=4 shiftwidth=4 noexpandtab * MiniUPnP project * http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/ - * (c) 2006-2018 Thomas Bernard + * (c) 2006-2019 Thomas Bernard * This software is subject to the conditions detailed * in the LICENCE file provided within the distribution */ @@ -17,6 +17,11 @@ /* name of the network interface used to access internet */ extern const char * ext_if_name; +#ifdef ENABLE_IPV6 +/* name of the network interface used to access internet - for IPv6*/ +extern const char * ext_if_name6; +#endif + /* stun host/port configuration */ extern const char * ext_stun_host; extern uint16_t ext_stun_port; diff --git a/miniupnpd/upnppinhole.c b/miniupnpd/upnppinhole.c index 00a74b0..8a49dde 100644 --- a/miniupnpd/upnppinhole.c +++ b/miniupnpd/upnppinhole.c @@ -1,7 +1,8 @@ -/* $Id: upnppinhole.c,v 1.13 2018/03/13 10:49:13 nanard Exp $ */ -/* MiniUPnP project +/* $Id: upnppinhole.c,v 1.14 2019/05/21 08:39:45 nanard Exp $ */ +/* vim: tabstop=4 shiftwidth=4 noexpandtab + * MiniUPnP project * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/ - * (c) 2006-2018 Thomas Bernard + * (c) 2006-2019 Thomas Bernard * This software is subject to the conditions detailed * in the LICENCE file provided within the distribution */ @@ -142,7 +143,7 @@ upnp_add_inboundpinhole(const char * raddr, return (r >= 0) ? 1 : r; } #if defined(USE_PF) || defined(USE_NETFILTER) - *uid = add_pinhole (ext_if_name, raddr, rport, + *uid = add_pinhole (ext_if_name6, raddr, rport, iaddr, iport, proto, desc, timestamp); return *uid >= 0 ? 1 : -1; #else