Thomas Bernard
207d1849e4
miniupnpd.c: typo and ip -> IP
2021-01-15 19:33:29 +01:00
Pali Rohár
e6bf74a691
Add check that miniupnpd is not going to listen on WAN interface with public IP address
...
Option listen= is used for LAN interface/address and option ext_addr= is
used for public IP address. If users by mistake swap WAN and LAN interface
or public and private IP addresses then miniupnpd obviously would not work
and instead of hacking miniupnpd code users should rather check their
miniupnpd configuration or local firewall settings.
So add checks and hints which prevents security issues like swapping LAN
and WAN interfaces/addresses and therefore prevent exposing port forwarding
and firewall configuration on public Internet.
2020-12-30 11:23:29 +01:00
Pali Rohár
304ff79dc5
Update and extend description from STUN output
...
People sometimes do not understand where is the problem, so include also
hints what they needs to check, change and re-configure.
2020-12-30 11:22:12 +01:00
Thomas Bernard
68cc35156e
fix nftables shutdown_redirect()
...
see #481
2020-10-22 21:19:37 +02:00
Thomas Bernard
f9908a788b
Move chain name variables to netfilter/*
2020-09-28 22:44:24 +02:00
Thomas Bernard
7a9452fca9
miniupnpd: make sure "runtime_vars" are initialized
2020-06-20 17:02:19 +02:00
Thomas Bernard
5bbcc0bb65
miniupnpd --help shows usage
2020-06-20 17:01:01 +02:00
Thomas Bernard
417b496617
miniupnpd: add -v/-vv command line argument to enable more logs
...
fixes #477
2020-06-20 17:00:10 +02:00
Thomas Bernard
8a665a1c8e
configure --disable-fork to disable going to background
...
fixes #468
2020-06-03 23:43:58 +02:00
Thomas Bernard
194566a5bd
support for libcap-ng
...
fixes #405
2020-05-10 15:34:45 +02:00
Thomas Bernard
5abb714d34
drop linux capabilities
2020-05-10 15:34:44 +02:00
Thomas Bernard
7800de9429
miniupnpd: fix for bridges
...
you now can setup :
listening_ip=igb1 bridge0 xxx0 xxx1 ...
miniupnpd will use igd1 address, but will not complain when receiving
packets from either igb1, bridge0, xxx0 or xxx1
fixes #379
see also #408
2020-04-29 00:03:54 +02:00
Thomas Bernard
c51c5b7d58
miniupnpd: be more explicit about usage of ext_ip= in double nat setups
2020-04-12 19:44:27 +02:00
Thomas Bernard
a774830fe0
miniupnpd: Option to disable IPv6 at runtime : -4 / ipv6_disable=yes
2020-04-09 21:12:20 +02:00
Thomas Bernard
aa08b09068
miniupnpd version prints backend
2019-10-22 20:11:02 +02:00
Thomas Bernard
49d3b57441
miniupnpd: Add --version commandline option
...
fixes #370
2019-10-05 22:44:31 +02:00
Thomas Bernard
22223da9a1
use OpenBSD pledge() to drop privileges
...
To be tested
see #405
2019-10-03 23:23:53 +02:00
Paul Chambers
7ea314412c
make rdr_name_type enum values more unique
2019-10-02 23:42:15 +02:00
Paul Chambers
75bdb777cf
rework nft-specific globals, create & destroy tables/chains at init & shutdown
2019-09-30 00:12:08 -07:00
Thomas Bernard
a1ceec3dba
miniupnpd: Allow to use two different network interfaces for IPv4 and IPv6 internet
...
-i / -I
ext_ifname= / ext_ifname6=
see :
df906367be
/
thanks to "sfstudio"
2019-05-21 10:42:40 +02:00
Thomas Bernard
510a6e9630
fix check of valid HTTPS socket
2019-01-23 09:25:10 +01:00
Thomas Bernard
efe5d87103
LOG_WARNING if behind restrictive NAT
2018-07-06 14:41:04 +02:00
Pali Rohár
e6011dc534
miniupnpd: Allow to specify also port number in -o STUN: option
...
Also update help for -o STUN: option, it can take stun hostname too.
2018-07-06 14:38:37 +02:00
Thomas Bernard
810cb665c2
Merge branch 'pr_307'
...
see #307
2018-07-06 13:40:18 +02:00
Thomas Bernard
15b6f3e9c2
fixes in update_ext_ip_addr_from_stun()
...
Signed-off-by: Thomas Bernard <miniupnp@free.fr>
2018-07-06 13:29:33 +02:00
Thomas Bernard
8bc6d6f556
PERFORMSTUN => PERFORMSTUNMASK. allow to specify stun using -o option
2018-07-06 13:23:22 +02:00
Thomas Bernard
ef179a45e3
do not check empty string with strlen(s) == 0
...
see #292
2018-06-01 10:55:45 +02:00
Pali Rohár
8c97654d70
miniupnpd: When enabled perform STUN to learn external IP address and NAT type
...
Also enable port forwarding when direct (non-NAT) connection or unrestricted NAT 1:1 (without any filtering) is detected.
2018-05-19 13:32:42 +02:00
Pali Rohár
8e10a1aeab
miniupnpd: Disable port forwarding when we are behind restrictive nat with reserved / private IP address
...
In this case port forwarding is impossible, so rather return error code to the client instead of silently trying to do something and informing clients that port forwarding is enabled.
2018-05-19 13:32:04 +02:00
Pali Rohár
cce19781e6
miniupnpd: Add validation that public ip address is not reserved and is really public
...
This ensures that all requests for getting public IP address (either via UPnP IGD or PCP/PMP) would contain correct public IP address or an error (instead of some invalid private/reserved IP address).
2018-05-19 13:31:26 +02:00
Thomas Bernard
e11bbf0bc0
miniupnpd/pcp: Send PCP announcment at startup
...
fixes #254
2018-05-08 23:06:19 +02:00
Thomas Bernard
a92138345b
add option LEASEFILE_USE_REMAINING_TIME
...
new function lease_file_rewrite()
that is called just before exiting, and when SIGUSR2 is received
see #295
2018-05-02 09:40:12 +02:00
Thomas Bernard
1fe8d21cf2
fixes #272
2018-04-12 10:49:53 +02:00
Thomas Bernard
eaaf4f10ae
miniupnpd: introduce upnp_gettimeofday() which is monotonic :)
...
fixes #288
2018-04-12 10:07:11 +02:00
Thomas Bernard
dd2aa84204
miniupnpd: use monotonic clock for timeouts, etc.
...
fixes #288
also changed set_startup_time()
2018-03-13 11:43:07 +01:00
Thomas Bernard
f0511d761b
miniupnpd: Add -1 option
...
fixes #277
see #282
2018-02-22 14:02:52 +01:00
Thomas Bernard
80779ff4f7
Fix commit 6cbf0ba
...
Use the "flags" global variable to store the option value
Save a lot of complexity.
2018-02-22 13:47:48 +01:00
Nye Liu
c6bf0ba6f3
Allow runtime override of igd to v1 for people running binaries with v2 enabled
...
Towards miniupnp/miniupnp#277
2018-02-19 22:14:05 -08:00
Thomas Bernard
7492fe42c2
pcpserver.c: send ANNOUNCE when IP changed
...
see #254
2017-11-27 23:04:51 +01:00
Thomas Bernard
6ce6a70973
PCP : reset epoch after address change
...
see #254
2017-11-02 17:27:24 +01:00
Thomas Bernard
5923d5de6f
=> 2017
2017-05-27 10:25:53 +02:00
Thomas Bernard
11fcf5a008
Merge branch 'master' into randomize_url
2017-05-26 17:30:18 +02:00
Thomas Bernard
50d21a38d0
SSDP: use receiving interface index to check if from LAN
2017-05-25 00:44:29 +02:00
Thomas Bernard
57a74f2739
Merge branch 'master' into randomize_url
2017-04-21 11:33:25 +02:00
Thomas Bernard
2c77721888
do not split conditional statement #184
...
closes #184
2016-12-28 11:58:21 +01:00
Thomas Bernard
32855b854c
dot not try to find IPv6 address if IPv6 is disabled
...
see #49
2016-12-16 09:39:19 +01:00
Thomas Bernard
2a1cc8d798
do not try to call OpenAndConfPCPv6Socket() when IPv6 is off
...
see #49
2016-12-16 09:32:41 +01:00
Thomas Bernard
144eeefd19
Merge branch 'master' into randomize_url
...
Conflicts:
miniupnpd/genconfig.sh
miniupnpd/testupnpdescgen.c
miniupnpd/upnpdescgen.c
miniupnpd/upnpglobalvars.c
miniupnpd/upnpglobalvars.h
2016-11-11 18:01:35 +01:00
Thomas Bernard
1579f4a2af
2015 => 2016
2016-10-07 11:16:03 +02:00
Thomas Bernard
9a5eaaa767
remove extra curly brace in tomato_load()
...
fixes #195 which was introduced in 6532b02cab
2016-04-24 22:20:14 +02:00