45 Commits

Author SHA1 Message Date
yangfl
2ff8cb17da miniupnpd: Add option to match rules with regex
Some reports that a certain app is abusing UPnP for exploiting upload
bandwidth. This commit adds support to restrict UPnP rules to a regex.
By matching requester's description string against rule's regex, this
will make some obstacles for that app.
2022-10-21 21:26:39 +02:00
Thomas Bernard
a4e12c01c4
miniupnpd: move READNU32/WRITENU32/etc. to rw_unaligned.h 2022-10-16 07:54:38 +02:00
Thomas Bernard
2917d99c58 2019 2019-09-24 16:05:44 +02:00
Pali Rohár
cce19781e6 miniupnpd: Add validation that public ip address is not reserved and is really public
This ensures that all requests for getting public IP address (either via UPnP IGD or PCP/PMP) would contain correct public IP address or an error (instead of some invalid private/reserved IP address).
2018-05-19 13:31:26 +02:00
Thomas Bernard
dd2aa84204 miniupnpd: use monotonic clock for timeouts, etc.
fixes #288

also changed set_startup_time()
2018-03-13 11:43:07 +01:00
Thomas Bernard
cc0fad78d7 miniupnpd: use epoch_origin for NAT-PMP as well
see #254
2017-11-27 23:02:34 +01:00
Thomas Bernard
ba9315b9b4 natpmp.c: improve error logging 2017-11-05 11:10:13 +01:00
Thomas Bernard
a6b947e0ca move READNUxx/WRITENUxx macros to macros.h 2015-09-21 23:58:00 +02:00
Thomas Bernard
a43beeccf1 fix minor typo 2015-05-27 15:31:49 +02:00
Thomas Bernard
c7d7efd230 fix realloc failure issues detected thanks to cppcheck 2015-02-08 10:23:22 +01:00
Thomas Bernard
bbb6df523d miniupnpd/natpmp.c: #if IPV6_PKTINFO => #ifdef IPV6_PKTINFO 2014-12-31 01:38:15 +01:00
Thomas Bernard
fb1aba3c9a miniupnpd/natpmp.c: fix walktrough of mapping "list" for NATPMP removal 2014-10-23 18:00:24 +02:00
Thomas Bernard
350ca199c4 miniupnpd/natpmp.c: Properly implements NAT-PMP mapping removal
fixes #97
2014-10-23 17:57:31 +02:00
sbyx
ef408d0857 Fix typo in byte conversion & writing in NAT-PMP
This fixes https://github.com/miniupnp/miniupnp/issues/89.

Signed-off-by: Steven Barth <cyrus@openwrt.org>
2014-07-31 08:43:48 +02:00
Thomas Bernard
d851ad4c25 miniupnpd: Retreive PCP packed IPV6 destination address 2014-05-19 15:27:34 +02:00
Thomas Bernard
d31badae7d miniupnpd/natpmp.c: replace macros by functions
see commit 67c28e7f8b39717f1ed5489cef7caeafe3422d44 (and comments)
2014-04-21 21:36:45 +02:00
Thomas Bernard
67c28e7f8b miniupnpd/natpmp.c: Remove pointer casting, avoid possibility of unaligned memory access 2014-04-14 22:50:11 +02:00
Thomas Bernard
08127b85d4 Merge branch 'portinuse'
Conflicts:
	miniupnpd/Makefile.linux
2014-03-28 12:52:18 +01:00
Thomas Bernard
ad88cc0819 miniupnpd: start work to enable IPv6 PCP operations 2014-03-24 12:07:31 +01:00
Thomas Bernard
6419602e14 miniupnpd/portinuse: port_in_use() returns -1 in case of error 2014-03-20 13:49:10 +01:00
Thomas Bernard
c4e63048c4 miniupnpd: add CHECK_PORTINUSE to enable/disable port_in_use() 2014-03-13 14:48:52 +01:00
Thomas Bernard
06764123fb Merge remote branch 'origin/master' into portinuse
Conflicts:
	miniupnpd/Makefile.linux
	miniupnpd/natpmp.c
2014-03-13 14:19:44 +01:00
Thomas Bernard
210876f2a7 miniupnpd/natpmp.c: make indentation consistant and add a comment 2014-03-11 09:47:09 +01:00
Daniel Becker
4f160366bd miniupnpd/natpmp.c: remove obsolete assignment
The eport_first variable now gets initialized in the first
iteration of the while loop; the assignment right before the
loop should have been removed in the previous commit.
2014-03-10 11:14:49 -07:00
Daniel Becker
f4f4573f53 miniupnpd: fix eport selection and error handling
The find_available_eport function that was intended to check if
at least one eport is allowed for a given iaddr/iport does not
work as intended; for example, it does not properly handle rule
precedence (i.e., it considers allow rules even if they are
effectively masked by earlier deny rules), and it also does not
handle the case where no rules are specified at all (which
should default to accept in order to be consistent with
check_upnp_rule_against_permissions). The present change removes
this function and instead integrates the check into the existing
while loop that iterates over all eports.
2014-03-10 00:32:23 -07:00
Thomas BERNARD
0ff8e67c26 Merge pull request #57 from razzfazz/natpmp_avoid_port_zero
miniupnpd/natpmp.c: skip port zero when finding free eport
2014-03-08 01:03:43 +01:00
Daniel Becker
1db670d6ff miniupnpd/natpmp.c: skip port zero when finding free eport
When skipping ports that are in use or not allowed, the existing
NAT-PMP code will consider port zero as a candidate eport after
wraparound occurs. Since this is not a legal port, we skip over it.

port zero as an eport value.
2014-03-07 11:02:04 -08:00
Daniel Becker
ba04327bb0 miniupnpd/natpmp.c: remove redundant break statements
These two break statements are redundant: The subsequent continue
statement will cause the loop condition to be re-evaluated, at which
point the loop will terminate if resp[3] != 0.
2014-03-07 07:42:40 -08:00
Thomas Bernard
e385db03b9 miniupnpd: improved permission checking for NAT-PMP
NAT-PMP now searches an allowed eport if the one from
request is not, instead of returning an error
2014-03-07 11:48:17 +01:00
Daniel Becker
edd501f59c miniupnpd/natpmp.c: return correct error code when all external ports in use
Instead of returning code 3 ("Network Failure"), we should the
more appropriate code 4 ("Out of resources") when no external
port is available for a mapping.
2014-02-28 14:47:53 -08:00
Thomas Bernard
3c90f6a30d miniupnpd/natpmp.c: avoid hang when all external ports in use
reorganize a bit
2014-02-28 13:34:46 +01:00
Daniel Becker
c6a8879c87 miniupnpd/natpmp.c: avoid hang when all external ports in use
The NAT-PMP code attempts to find a different eport if the
requested one is already in use. If all eports are in use, that
would previously cause the code to iterate through the range of
eports forever. To avoid this case, we keep track of the first
eport we attempted to use and abort the loop once we've cycled
through all possible values exactly once (which takes us back
to the initial eport).
2014-02-28 00:00:26 -08:00
Thomas Bernard
c1e624ecd4 miniupnpd: use asyncsendto 2014-02-25 11:15:30 +01:00
Thomas Bernard
3712118bc4 miniupnpd: removed unused code
ScanNATPMPforExpiration() CleanExpiredNATPMP() are not used anymore
2014-02-03 10:45:59 +01:00
Thomas Bernard
f774a54bac remove C++ style comments 2013-12-13 17:01:41 +01:00
Thomas Bernard
9b72af6f36 Merge branch 'master' into portinuse 2013-12-13 12:29:01 +01:00
Peter Tatrai
9e1ffd5cd9 Add initial PCP support 2013-07-11 09:38:55 +02:00
Thomas Bernard
961e1c35d3 miniupnpd: autodetect LAN interface netmask instead of defaulting to /24
Fix #23
2013-03-23 11:50:57 +01:00
Thomas Bernard
013b0df388 miniupnpd: detect port in use / already forwarded
Patch submitted by David Kerr
2012-07-10 23:25:29 +02:00
Thomas Bernard
4cdc0b762e set natpmp socket non blocking 2012-05-28 01:18:06 +02:00
Thomas Bernard
ad95793e93 Add UNUSED(arg) macro to remove unused argument warning. 2012-05-01 11:49:23 +02:00
Shawn Landen
5c224accbf remove trailing whitespace from miniupnpd 2012-02-29 17:48:41 -08:00
Thomas Bernard
9ee74defc8 Compile miniupnpd OK with -ansi flag. 2012-02-05 00:40:50 +01:00
Thomas Bernard
73ef11624a always handle EAGAIN, EWOULDBLOCK and EINTR after recv()/recvfrom() calls 2012-02-02 18:45:43 +01:00
Thomas Bernard
0d96346588 Adding miniupnpd 2011-09-28 21:13:20 +02:00