From ff397acf8fd0125e811a71d8e067264a54ded961 Mon Sep 17 00:00:00 2001
From: Thomas Bernard <miniupnp@free.fr>
Date: Tue, 8 May 2012 22:51:23 +0200
Subject: [PATCH] Clean expired IPv6 pinholes correctly. and also with
 linux/netfilter

---
 miniupnpd/Changelog.txt          |  5 +++-
 miniupnpd/miniupnpd.c            | 13 +++++++++--
 miniupnpd/netfilter/iptpinhole.c | 40 +++++++++++++++++++++++++++++++-
 miniupnpd/netfilter/iptpinhole.h |  4 +++-
 miniupnpd/upnppinhole.c          |  4 ++--
 5 files changed, 59 insertions(+), 7 deletions(-)

diff --git a/miniupnpd/Changelog.txt b/miniupnpd/Changelog.txt
index 53da3bc..9481a3c 100644
--- a/miniupnpd/Changelog.txt
+++ b/miniupnpd/Changelog.txt
@@ -1,4 +1,7 @@
-$Id: Changelog.txt,v 1.281 2012/05/07 15:40:03 nanard Exp $
+$Id: Changelog.txt,v 1.282 2012/05/08 20:41:44 nanard Exp $
+
+2012/05/08:
+  Clean expired IPv6 pinholes correctly. and also with linux/netfilter.
 
 2012/05/07:
   Finalizing netfilter version of get_pinhole_info()
diff --git a/miniupnpd/miniupnpd.c b/miniupnpd/miniupnpd.c
index bad25aa..46e856e 100644
--- a/miniupnpd/miniupnpd.c
+++ b/miniupnpd/miniupnpd.c
@@ -1,4 +1,4 @@
-/* $Id: miniupnpd.c,v 1.155 2012/05/01 20:13:35 nanard Exp $ */
+/* $Id: miniupnpd.c,v 1.156 2012/05/08 20:41:45 nanard Exp $ */
 /* MiniUPnP project
  * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
  * (c) 2006-2012 Thomas Bernard
@@ -1169,6 +1169,9 @@ main(int argc, char * * argv)
 	struct rule_state * rule_list = 0;
 	struct timeval checktime = {0, 0};
 	struct lan_addr_s * lan_addr;
+#ifdef ENABLE_6FC_SERVICE
+	unsigned int next_pinhole_ts;
+#endif
 
 	if(init(argc, argv, &v) != 0)
 		return 1;
@@ -1424,7 +1427,13 @@ main(int argc, char * * argv)
 #endif
 #ifdef ENABLE_6FC_SERVICE
 		/* Clean up expired IPv6 PinHoles */
-		upnp_clean_expired_pinholes(NULL);
+		next_pinhole_ts = 0;
+		upnp_clean_expired_pinholes(&next_pinhole_ts);
+		if(next_pinhole_ts &&
+		   timeout.tv_sec >= (next_pinhole_ts - timeofday.tv_sec)) {
+			timeout.tv_sec = next_pinhole_ts - timeofday.tv_sec;
+			timeout.tv_usec = 0;
+		}
 #endif
 
 		/* select open sockets (SSDP, HTTP listen, and all HTTP soap sockets) */
diff --git a/miniupnpd/netfilter/iptpinhole.c b/miniupnpd/netfilter/iptpinhole.c
index 9705632..19d86f9 100644
--- a/miniupnpd/netfilter/iptpinhole.c
+++ b/miniupnpd/netfilter/iptpinhole.c
@@ -1,4 +1,4 @@
-/* $Id: iptpinhole.c,v 1.6 2012/05/07 15:40:04 nanard Exp $ */
+/* $Id: iptpinhole.c,v 1.7 2012/05/08 20:41:45 nanard Exp $ */
 /* MiniUPnP project
  * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
  * (c) 2012 Thomas Bernard
@@ -28,6 +28,9 @@ static int next_uid = 1;
 
 static LIST_HEAD(pinhole_list_t, pinhole_t) pinhole_list;
 
+static struct pinhole_t *
+get_pinhole(unsigned short uid);
+
 struct pinhole_t {
 	struct in6_addr saddr;
 	struct in6_addr daddr;
@@ -69,6 +72,11 @@ add_to_pinhole_list(struct in6_addr * saddr, unsigned short sport,
 	p->timestamp = timestamp;
 	p->proto = (unsigned char)proto;
 	LIST_INSERT_HEAD(&pinhole_list, p, entries);
+	while(get_pinhole(next_uid) != NULL) {
+		next_uid++;
+		if(next_uid > 65535)
+			next_uid = 1;
+	}
 	p->uid = next_uid;
 	next_uid++;
 	if(next_uid > 65535)
@@ -369,5 +377,35 @@ get_pinhole_info(unsigned short uid,
 	return 0;
 }
 
+int
+clean_pinhole_list(unsigned int * next_timestamp)
+{
+	unsigned int min_ts = UINT_MAX;
+	struct pinhole_t * p;
+	time_t current_time;
+	int n = 0;
+
+	current_time = time(NULL);
+	p = pinhole_list.lh_first;
+	while(p != NULL) {
+		if(p->timestamp <= (unsigned int)current_time) {
+			unsigned short uid = p->uid;
+			syslog(LOG_INFO, "removing expired pinhole with uid=%hu", uid);
+			p = p->entries.le_next;
+			if(delete_pinhole(uid) == 0)
+				n++;
+			else
+				break;
+		} else {
+			if(p->timestamp < min_ts)
+				min_ts = p->timestamp;
+			p = p->entries.le_next;
+		}
+	}
+	if(next_timestamp)
+		*next_timestamp = min_ts;
+	return n;
+}
+
 #endif
 
diff --git a/miniupnpd/netfilter/iptpinhole.h b/miniupnpd/netfilter/iptpinhole.h
index e611480..d132712 100644
--- a/miniupnpd/netfilter/iptpinhole.h
+++ b/miniupnpd/netfilter/iptpinhole.h
@@ -1,4 +1,4 @@
-/* $Id: iptpinhole.h,v 1.4 2012/05/01 22:37:53 nanard Exp $ */
+/* $Id: iptpinhole.h,v 1.5 2012/05/08 20:41:45 nanard Exp $ */
 /* MiniUPnP project
  * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
  * (c) 2012 Thomas Bernard
@@ -24,6 +24,8 @@ get_pinhole_info(unsigned short uid,
                  int * proto, unsigned int * timestamp,
                  u_int64_t * packets, u_int64_t * bytes);
 
+int clean_pinhole_list(unsigned int * next_timestamp);
+
 #endif
 
 #endif
diff --git a/miniupnpd/upnppinhole.c b/miniupnpd/upnppinhole.c
index 2609fbb..31c2183 100644
--- a/miniupnpd/upnppinhole.c
+++ b/miniupnpd/upnppinhole.c
@@ -1,4 +1,4 @@
-/* $Id: upnppinhole.c,v 1.3 2012/05/07 15:40:04 nanard Exp $ */
+/* $Id: upnppinhole.c,v 1.4 2012/05/08 20:41:45 nanard Exp $ */
 /* MiniUPnP project
  * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
  * (c) 2006-2012 Thomas Bernard
@@ -499,7 +499,7 @@ upnp_check_pinhole_working(const char * uid,
 int
 upnp_clean_expired_pinholes(unsigned int * next_timestamp)
 {
-#ifdef USE_PF
+#if defined(USE_PF) || defined(USE_NETFILTER)
 	return clean_pinhole_list(next_timestamp);
 #else
 	UNUSED(next_timestamp);