1249 Commits

Author SHA1 Message Date
Thomas Bernard
215091b546
nftpinhole.c: fix get_pinhole_info() and log inet_ntop() errors 2024-03-13 00:14:26 +01:00
Thomas Bernard
90fb7801eb
netfilter_nft: rule_t: have src/dst/nat addresses and ports
instead of guessing if it is remote host / external or internal address...
2024-03-13 00:14:20 +01:00
Thomas Bernard
25206a7a3f
testnftpinhole: call init_redirect() / shutdown_redirect() 2024-03-13 00:12:52 +01:00
Thomas Bernard
b3b5dd16d2
more tests in testnftpinhole.c 2024-03-13 00:12:52 +01:00
Thomas Bernard
80d628fa59
netfilter_nft: improve testnftpinhole.c to test find_pinhole() 2024-03-13 00:12:51 +01:00
Thomas Bernard
2e7bfb1e31
netfilter_nft: change debug output for add_pinhole() 2024-03-13 00:12:51 +01:00
Thomas Bernard
e2be9e1571
add comments to rule_set_filter6() and rule_set_filter_common() 2024-03-13 00:12:51 +01:00
Thomas Bernard
4c68985304
netfilter_nft/nftnlrdr_misc.c: comments and warning in parse_rule_payload() 2024-03-13 00:12:51 +01:00
Thomas Bernard
424f5c259f
fix find_pinhole()
see #663
2024-03-13 00:12:51 +01:00
Thomas Bernard
025f0f502b
NFT: check inet_pton() errors in find_pinhole() 2024-03-13 00:12:50 +01:00
Thomas Bernard
4dda6d8820
update (c) lines 2024-03-12 00:37:21 +01:00
Thomas Bernard
9292d251ac
Changelog for https://github.com/miniupnp/miniupnp/pull/711
NFTables: add upnp_nftables_family_split option to use NFPROTO_IPV4/IPV6
instead of the generic NFPROTO_INET

thank you @svenauhagen
2024-03-05 22:52:20 +01:00
Thomas Bernard
ba68624f55
Merge remote-tracking branch 'svenauhagen/feature/nftablesinit'
fixes #710

https://github.com/miniupnp/miniupnp/issues/710
https://github.com/miniupnp/miniupnp/pull/711
2024-03-05 00:33:12 +01:00
Sven Auhagen
2c9a645b10 NFTables: Add backwards compatibility for IPv4 NAT
NFtables uses the INET table for NAT which combines IPv4 and IPv6.
Older systems might not have this option and use the ip table instead.

This adds a flag to fall back to the ip table style.

Signed-Off-By: Sven Auhagen <sven.auhagen@voleatech.de>
2024-03-04 06:18:41 +01:00
Thomas Bernard
cd7cbb59a3
miniupnpd version 2.3.5 2024-03-02 12:09:11 +01:00
Thomas Bernard
65a6cdb92e
miniupnpd: add miniupnpd version in XML descriptions
closes #709
2024-03-02 11:51:52 +01:00
Thomas Bernard
55e650b125
fix IGDv2 WANIPConnection XML service description for AddAnyPortMapping
out argument is NewReservedPort, not NewExternalPort.

Changelog + check precisely lenth of 12
2024-02-25 01:40:25 +01:00
Thomas Bernard
f79e20d17d
miniupnpd: fix IGDv2 WANIPConnection XML service description
was :

<argument>
  <name>NewExternalPort</name>
  <direction>out</direction>
  <relatedStateVariable>ExternalPort</relatedStateVariable>
</argument>

Should be:

<argument>
  <name>NewReservedPort</name>
  <direction>out</direction>
  <relatedStateVariable>ExternalPort</relatedStateVariable>
</argument>

ExternalPort is 12 characters long !
fixes #708
2024-02-25 01:29:54 +01:00
Thomas Bernard
420bd685cf make it more clear that clean_ruleset_interval=0 disables the check
see #699
2024-01-31 05:24:57 +01:00
Thomas Bernard
1a49233fe7
fix typo 2024-01-27 00:35:56 +01:00
Thomas Bernard
0306f6974b
configure: reformat --help 2024-01-26 01:30:16 +01:00
Thomas Bernard
3c02d79b40 configure: DeviceProtection service implementation is incomplete 2024-01-26 01:24:15 +01:00
Thomas Bernard
2355c108db
configure: Fix Caps/spaces... 2024-01-26 01:23:21 +01:00
Thomas Bernard
4b0ff229d8
default to /etc/miniupnpd/miniupnpd.conf under linux
it is still /etc/miniupnpd.conf under BSD.

closes #695
2024-01-17 00:49:32 +01:00
Thomas Bernard
604ca0b82a Changelog.txt: update (2024/01/15) 2024-01-15 01:02:08 +01:00
Thomas Bernard
bbe7d1355e minissdp.c: 2024 2024-01-15 01:01:16 +01:00
Thomas Bernard
b8d9f66890 miniupnpd.c: 2024 2024-01-15 00:59:33 +01:00
Thomas Bernard
8f53b12f81 upnphttp.c: 2024 2024-01-15 00:54:13 +01:00
Thomas Bernard
bfd51459fe pfpinhole.c: 2024 2024-01-15 00:50:55 +01:00
Thomas Bernard
53d4cdd2da
CACHE-CONTROL: max-age=1800 in M-SEARCH response
to be compliant with UPnP UDA 1.0, 1.1 and 2.0

fixes #698

UDA 1.0 1.2.3 Discovery: Search: Response (p21) :
CACHE-CONTROL
Required. Must have max-age directive that specifies number of seconds
the advertisement is valid. After this duration, control points should
assume the device (or service) is no longer available. Should be greater
than or equal to 1800 seconds (30 minutes), although exceptions are defined
in the text above. Specified by UPnP vendor. Integer.

UDA 1.1 1.3.3 Search response (p34) :
CACHE-CONTROL
REQUIRED. Field value MUST have the max-age directive (“max-age=”) followed
by an integer that specifies the number of seconds the advertisement
is valid. After this duration, control points SHOULD assume the device
(or service) is no longer available; as long as a control point has
received at least one advertisement that is still valid from a root
device, any of its embedded devices or any of its services, then the
control point can assume that all are available. The number of seconds
SHOULD be greater than or equal to 1800 seconds (30 minutes), although
exceptions are defined in the text above. Specified by UPnP vendor.
Other directives MUST NOT be sent and MUST be ignored when received.

UDA 2.0 1.3.3 Search response (p40) :
CACHE-CONTROL
Required. Field value shall have the max-age directive (“max-age=”) followed
by an integer that specifies the number of seconds the advertisement
is valid. After this duration, control points should assume the device
(or service) is no longer available; as long as a control point has
received at least one advertisement that is still valid from a root
device, any of its embedded devices or any of its services, then the
control point can assume that all are available. The number of seconds
should be greater than or equal to 1800 seconds (30 minutes), although
exceptions are defined in the text above. Specified by UPnP vendor.
Other directives shall not be sent and shall be ignored when received.
2024-01-15 00:15:32 +01:00
Self-Hosting-Group
30baf316b4
miniupnpd: Fix UPnP UDA 1.1 subscribe timeout compliance
SHOULD be greater than or equal to 1800 seconds (30 minutes).
http://upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf
4.1.2 p91.

see https://github.com/miniupnp/miniupnp/pull/686
2024-01-14 17:49:50 +01:00
Thomas Bernard
e98515ac5e
miniupnpd.conf: document pcp_allow_thirdparty option
this option was introduced by c801138c6355f2744f2c09d5e71aeefed1b84527

fixes #679
2024-01-08 00:27:00 +01:00
Thomas Bernard
aefebb18cb
miniupnpd.c: fix enforcing min_lifetime minimum of 120secs 2024-01-08 00:24:07 +01:00
Thomas Bernard
e0fd153469
Changelog.txt: Fix for OpenBSD 7.4
see #674 (and #676)
2024-01-07 01:25:57 +01:00
Thomas Bernard
0a8224d2fe Merge branch 'pull-request-674'
see #674
2024-01-07 01:24:05 +01:00
Thomas Bernard
0206bc0051 obsdrdr.c: fixes to 6e8b02b715407846b16ecde572c1b6d0d2d8287a
two missing `break` statements, a missed goto and a missed return -1
see https://github.com/miniupnp/miniupnp/pull/674#issuecomment-1877957466
2024-01-06 20:12:17 +01:00
Self-Hosting-Group
c91689cfcd Use the HTTPS-enabled URL of the project website and a small update to
the Python client library description.
2024-01-04 15:09:42 +01:00
Thomas Bernard
1e608d8fd5
Deny secure mode violation with 606 action not authorized if supported
606 was added in IGDv2.

closes #677
2024-01-04 02:36:38 +01:00
Self-Hosting-Group
d995a37598 correct 501, 715 and 716 error descriptions 2024-01-04 02:30:35 +01:00
Thomas Bernard
f22a96b469 miniupnpd version 2.3.4 2024-01-04 01:54:52 +01:00
Thomas Bernard
d135bd3f6d
move definition of release_ticket() to rtickets.h 2023-12-30 00:30:06 +01:00
Thomas Bernard
6e8b02b715
obsdrdr.c: replace a few goto by break
see https://github.com/miniupnp/miniupnp/pull/674
2023-12-30 00:23:30 +01:00
Thomas Bernard
ee89fb5fa3
obsdrdr.c: check errors of inet_ntop() 2023-12-29 23:59:28 +01:00
Thomas Bernard
5380a08693
upnpsoap.c: fix ExecuteSoapAction
do not use strchr() to locate the " character at the end of the
string.

fixes #675
2023-12-29 18:24:50 +01:00
Thomas Bernard
84cd9e6289
upnpsoap.c: ExecuteSoapAction() use memchr() instead of strchr() 2023-12-29 18:22:38 +01:00
Michael Nickerson
b16787cd5f Fix for OpenBSD 7.4
Fixes a change made in OpenBSD 7.4
2023-12-07 19:12:11 -05:00
Thomas Bernard
096478dce1 fix getifaddr() error case
see #670
2023-11-14 21:15:58 +01:00
yangfl
2c0c73a081 Quote paths in nft scripts to prevent word splitting. 2023-08-07 05:30:41 +08:00
Thomas Bernard
46bcbff321 Do not advertise DeviceProtection if it is disabled 2023-06-29 11:36:49 +02:00
Thomas Bernard
e8f8208e24
miniupnpd: Disable DeviceProtection service by default 2023-06-29 02:08:02 +02:00