Commit Graph

907 Commits

Author SHA1 Message Date
Thomas Bernard 585a1d64e2
getifaddr.c: properly use strncpy()
silent a gcc8 warning
2019-05-20 21:55:17 +02:00
Vladislav Grishenko 08b80d5abd miniupnpd: fix ssdp notify on unrelated interfaces
If several different interfaces share same ipv4 address on different
subnets (i.e. eth0 192.168.1.1/24 + eth1 192.168.1.1/16), miniupnpd
may pick any one of them, possibly wrong one w/o respecting exact
listening_ip interface.

syslog will contain something similar to:
    miniupnpd: sendto(udp_notify=6, 192.168.1.1): No such device
    miniupnpd: sendto(udp_notify=6, 192.168.1.1): No such device
    miniupnpd: try_sendto(sock=6, len=464, dest=239.255.255.250:1900): sendto: No such device
    miniupnpd: try_sendto(sock=6, len=464, dest=239.255.255.250:1900): sendto: No such device
    miniupnpd: try_sendto failed to send 11 packets

Fix that with specifying exact outgoing mcast interface for each
notify socket with help of IP_MULTICAST_IF/mreqn struct.
Since OpenAndConfSSDPNotifySocket() now takes lan_addr_s struct,
OpenAndConfSSDPNotifySocketIPv6() was similary changed for api
consistency.
2019-05-02 15:36:06 +05:00
Thomas Bernard 2ffc7afae9 minissdp.c: fix indentation 2019-05-02 12:09:28 +02:00
Thomas Bernard 1ef1deec01
upnpevents.c: properly handle urls in the form http://ip:port
Fix buffer over-read in upnpevents.c with urls in the form http://ip:port
(without path).
Assume / when the path is empty

fixes #361
2019-04-09 22:06:21 +02:00
Thomas Bernard 922372bff3 2019 2019-04-08 14:46:11 +02:00
Thomas Bernard 2f16cf7387
AddPortMapping supports error 606 in IGDv2
see #359
2019-04-07 23:01:51 +02:00
Thomas Bernard e1b4f25bba
upnpreplyparse.c: Fix memory leak
If there are multiple  NewPortListing tags,
there is a malloc() for each one.

fixes #357
2019-04-05 10:30:10 +02:00
Thomas Bernard a9a764cea9 update Changlogs. 2019-04-03 17:38:33 +02:00
Thomas Bernard 8f403ae8ae Makefile.linux: clean testminissdp.o and testssdppktgen.o 2019-03-22 15:36:58 +01:00
Thomas Bernard 2d873ce908 miniupnpd_functions.sh parsing fix.
both MINIUPNPD and MINIUPNPD-PREROUTING were matched by
/$CHAIN/.
2019-03-22 15:35:23 +01:00
Thomas Bernard 476974ab52 use iptables -I instead of -A to add rules
So the rules are added at the head of the chains, taking
priority over the preloaded rules.

should fix #354
2019-03-22 15:33:57 +01:00
Thomas Bernard c3f752db4a
miniupnpd/netfilter: fix iptables_init.sh for postrouting chain
should fix #334
2019-03-09 16:16:00 +01:00
Steven Mestdagh dedbee16b1 AddAnyPortMapping: check against NULL
this avoids a crash in strcasecmp by passing an empty protocol argument
2019-03-09 10:24:38 +01:00
Thomas Bernard a613992892 update Changelog 2019-03-07 23:37:11 +01:00
Rodrigo Osorio e0ddc97997 Update portinuse code to reflect changes made in FreeBSD 12.0
Structures xtcpcb and xinpcb returned by the kernel
hide now part of its members after r315662. The fix
was inspired by changes made in usr.bin/systat/netstat.c
tool.
2019-03-07 17:22:36 +01:00
Thomas Bernard e0b5b4efe6 linux/getifstats.c: use custom strtoul() implementation to roll over after 2^32-1
fixes #349

http://upnp.org/specs/gw/UPnP-gw-WANCommonInterfaceConfig-v1-Service.pdf
 2.2.9 2.2.10 2.2.11 2.2.12 :

    This variable represents the cumulative counter for total number
    of bytes sent upstream across all connection service instances on
    WANDevice. The count rolls over to 0 after it reaching the maximum
    value (2^32) –1
2019-02-12 15:10:49 +01:00
Thomas Bernard 08e955de40 Update Changelogs + 2019 2019-02-10 16:11:16 +01:00
Thomas Bernard 30a89be85e
update miniupnpd/minixml.h 2019-02-10 16:10:07 +01:00
Thomas Bernard e94a724ae5 Merge remote-tracking branch 'sorz/install-nft-script'
see pull request #345
2019-02-04 19:39:35 +01:00
Shachar Menashe 51b5e09e04 miniupnpd: add secure compilation flags for Linux 2019-02-04 17:23:42 +02:00
Thomas Bernard f7d65cdaad
miniupnpd/netfilter/ipctcrdr.c: conditionnaly use NFC_UNKNOWN as well
fix #346
2019-02-03 19:04:44 +01:00
Thomas Bernard 6106111972
miniupnpd/netfilter: build with linux kernel 5.0
should fix #346
2019-02-03 13:26:27 +01:00
Thomas Bernard 510a6e9630
fix check of valid HTTPS socket 2019-01-23 09:25:10 +01:00
sorz 031915f856
Install nftables scripts 2019-01-18 16:21:25 +08:00
Thomas Bernard 86030db849
fix error from commit 13585f15c7 2018-12-18 23:47:54 +01:00
Thomas Bernard cb8a02af7a
pcpserver.c: copyIPv6IfDifferent() check for NULL src argument 2018-12-18 23:04:14 +01:00
Thomas Bernard f321c2066b upnp_redirect(): accept NULL desc argument 2018-12-18 22:59:18 +01:00
Thomas Bernard 13585f15c7
GetOutboundPinholeTimeout: check args 2018-12-18 22:54:51 +01:00
Thomas Bernard bec6ccec63 upnp_event_prepare(): check the return value of snprintf() 2018-12-18 22:37:14 +01:00
Thomas Bernard 6b4e9bd855
upnpstun.c: fix generate_transaction_id() 2018-12-15 18:02:46 +01:00
Steven Mestdagh f6fc66ee41
avoid off-by-one buffer overread
similar to commit 9fcc0a72f0
2018-12-06 00:11:21 +01:00
Thomas Bernard e7fa40f60b
update INSTALL about running a NAT behind NAT setup.
also update 2017->2018
2018-10-31 18:33:56 +01:00
Thomas Bernard bde31cd4f1 update miniupnpd/Changelog.txt 2018-09-07 17:28:42 +02:00
Thomas Bernard 95d707a71f
pcpserver.c: properly fill the opcode field of response
fixes #327
2018-09-07 17:24:43 +02:00
Pali Rohár a2baa36312 Fix compilation with nftables
Fixes #324
2018-09-06 17:44:41 +02:00
Thomas Bernard 11785205f1 Merge remote-tracking branch 'Lochnair/fix_nftables' into travis-ci-nftables 2018-07-15 12:59:25 +02:00
Nils Andreas Svee 181428e843 miniupnpd: add update_portmappings functions for nft 2018-07-14 19:59:26 +02:00
Thomas Bernard ac796a4077 linux: add -lrt when building for glibc < 2.17 2018-07-14 14:23:13 +02:00
Thomas Bernard d27a3152bd fix generate_transaction_id() 2018-07-06 15:29:15 +02:00
Thomas Bernard efe5d87103 LOG_WARNING if behind restrictive NAT 2018-07-06 14:41:04 +02:00
Pali Rohár e6011dc534 miniupnpd: Allow to specify also port number in -o STUN: option
Also update help for -o STUN: option, it can take stun hostname too.
2018-07-06 14:38:37 +02:00
Thomas Bernard 6e5a88098d fix file headers (=>2018)
Signed-off-by: Thomas Bernard <miniupnp@free.fr>
2018-07-06 14:16:49 +02:00
Thomas Bernard d84e004849 Fix upnpstun.o dependencies 2018-07-06 14:16:07 +02:00
Thomas Bernard 810cb665c2 Merge branch 'pr_307'
see #307
2018-07-06 13:40:18 +02:00
Thomas Bernard 012cad4111 Makefile.linux: fix depends 2018-07-06 13:36:23 +02:00
Thomas Bernard b2343c87a7 Add STUN support
see #307
2018-07-06 13:33:33 +02:00
Thomas Bernard 18ec4e88e7 asyncsendto.c: 2018 2018-07-06 13:31:44 +02:00
Thomas Bernard 1da39554c7 fixes in upnpstun.c
Signed-off-by: Thomas Bernard <miniupnp@free.fr>
2018-07-06 13:31:26 +02:00
Thomas Bernard 15b6f3e9c2 fixes in update_ext_ip_addr_from_stun()
Signed-off-by: Thomas Bernard <miniupnp@free.fr>
2018-07-06 13:29:33 +02:00
Thomas Bernard 8bc6d6f556 PERFORMSTUN => PERFORMSTUNMASK. allow to specify stun using -o option 2018-07-06 13:23:22 +02:00
Thomas Bernard 8c91ff515e reserved[] is const 2018-07-06 13:20:30 +02:00
Nils Andreas Svee 5262990d8e miniupnpd: support newer libnftnl versions 2018-07-01 23:50:12 +02:00
Thomas Bernard ef179a45e3 do not check empty string with strlen(s) == 0
see #292
2018-06-01 10:55:45 +02:00
Thomas Bernard 72005ce86a add -w option to iptables.
see https://miniupnp.tuxfamily.org/forum/viewtopic.php?p=5113

Signed-off-by: Thomas Bernard <miniupnp@free.fr>
2018-05-29 12:26:33 +02:00
Pali Rohár c1472ffe4e miniupnpd: GetExternalIPAddress(): Instead of invalid IP address 0.0.0.0 returns error 501
IP address 0.0.0.0 is filled when it is not possible to retrieve IP address. According to specification, GetExternalIPAddress() can return error 501 when action failed.
2018-05-19 17:28:43 +02:00
Pali Rohár 8c97654d70 miniupnpd: When enabled perform STUN to learn external IP address and NAT type
Also enable port forwarding when direct (non-NAT) connection or unrestricted NAT 1:1 (without any filtering) is detected.
2018-05-19 13:32:42 +02:00
Pali Rohár 8e10a1aeab miniupnpd: Disable port forwarding when we are behind restrictive nat with reserved / private IP address
In this case port forwarding is impossible, so rather return error code to the client instead of silently trying to do something and informing clients that port forwarding is enabled.
2018-05-19 13:32:04 +02:00
Pali Rohár cce19781e6 miniupnpd: Add validation that public ip address is not reserved and is really public
This ensures that all requests for getting public IP address (either via UPnP IGD or PCP/PMP) would contain correct public IP address or an error (instead of some invalid private/reserved IP address).
2018-05-19 13:31:26 +02:00
Pali Rohár c35935c61d miniupnpd: Add function addr_is_reserved() to check if address is private/reserved and therefore not for public port forwarding 2018-05-19 13:31:14 +02:00
Pali Rohár 4f53b322fd miniupnpd: Add function perform_stun() for detecting external IP address and restrictive NAT via STUN protocol
It automatically unblock selected UDP ports for incoming responses and after finishing ports unblock is removed.
2018-05-19 13:31:08 +02:00
Pali Rohár cd7284785b miniupnpd: Add function delete_filter_rule() also for PF and Linux Netfilter
It is needed for STUN implementation.
2018-05-19 13:31:02 +02:00
Thomas Bernard 582375b64f
miniupnpd: VERSION 2.1 2018-05-08 23:40:27 +02:00
Thomas Bernard e11bbf0bc0
miniupnpd/pcp: Send PCP announcment at startup
fixes #254
2018-05-08 23:06:19 +02:00
yangfl b3849ef311 Fix OS detection for Debian kFreeBSD 2018-05-08 21:59:15 +08:00
Thomas Bernard d2bbdee995 fix typo introduced in 00abd9e6c8 2018-05-03 09:54:02 +02:00
Thomas Bernard a92138345b add option LEASEFILE_USE_REMAINING_TIME
new function lease_file_rewrite()
that is called just before exiting, and when SIGUSR2 is received
see #295
2018-05-02 09:40:12 +02:00
Thomas Bernard d0e7958617 lease_file_remove(): replace strncpy/strncat by snprintf() 2018-05-01 13:04:20 +02:00
Thomas Bernard f6ac854f0f miniupnpd: fix storing of unlimited lease time in lease_file
see #295
2018-05-01 11:26:49 +02:00
Thomas Bernard 17773f0a72 if LEASEFILE_USE_REMAINING_TIME is defined, only the remaining time is stored
see #295
2018-04-30 17:25:26 +02:00
Thomas Bernard 00abd9e6c8 miniupnpd: store UNIX time in lease_file
fixes #295
2018-04-30 16:59:40 +02:00
Thomas Bernard 491ee9f8bf miniupnpd/upnpevents.c: Add log when error 2018-04-27 00:08:06 +02:00
Thomas Bernard 239d048489 Merge branch 'pf_use_ext_ip_addr' 2018-04-22 21:27:44 +02:00
Thomas Bernard 5dcd40aece netfilter/iptpinhole.c: remove warning: implicit declaration of function 'upnp_time'
fixes ef94635100
2018-04-22 21:24:30 +02:00
Thomas Bernard 0366cd0ba0 replace strlen(s) > 0 by s[0] != '\0'
see #292
2018-04-22 21:21:58 +02:00
Thomas Bernard 2b6fa0839f no more strlen(xxx) == 0.
Fixes #292
2018-04-20 17:19:52 +02:00
Thomas Bernard 53e8185725 miniupnpd/pf: set dst address in rule if use_ext_ip_addr is set
fixes #231
2018-04-12 11:36:12 +02:00
Thomas Bernard 1fe8d21cf2 fixes #272 2018-04-12 10:49:53 +02:00
Thomas Bernard eaaf4f10ae miniupnpd: introduce upnp_gettimeofday() which is monotonic :)
fixes #288
2018-04-12 10:07:11 +02:00
Thomas Bernard 0bbff2bb0f miniupnpd: update Changelog
see 82ec7bc3df
2018-04-06 13:00:23 +02:00
yangfl 82ec7bc3df miniupnpd: Add options for netfilter scripts 2018-03-16 23:57:39 +08:00
Thomas Bernard ef94635100 miniupnpd: time() => upnp_time()
I had forgotten some
see #288
2018-03-14 00:09:42 +01:00
Thomas Bernard 9516c9a007 miniupnpd: fix warnings 2018-03-13 11:53:33 +01:00
Thomas Bernard dd2aa84204 miniupnpd: use monotonic clock for timeouts, etc.
fixes #288

also changed set_startup_time()
2018-03-13 11:43:07 +01:00
Thomas Bernard f0511d761b miniupnpd: Add -1 option
fixes #277
see #282
2018-02-22 14:02:52 +01:00
Thomas Bernard 9efd7fda66 ChangeLog for #282 2018-02-22 13:53:39 +01:00
Thomas Bernard 80779ff4f7 Fix commit 6cbf0ba
Use the "flags" global variable to store the option value
Save a lot of complexity.
2018-02-22 13:47:48 +01:00
Nye Liu c6bf0ba6f3 Allow runtime override of igd to v1 for people running binaries with v2 enabled
Towards miniupnp/miniupnp#277
2018-02-19 22:14:05 -08:00
Thomas Bernard 7f17837253 miniupnpd/minissdp.c: Fix submission of services to minissdpd
Version was hardcoded to 1 in "ST:"
2018-02-03 18:14:31 +01:00
yangfl 3158862058 miniupnpd/miniupnpd.8: update man page 2018-02-03 01:46:09 +08:00
Thomas Bernard 718deea11e Update file headers. 2017 => 2018 etc. 2018-01-16 02:06:46 +01:00
Thomas Bernard ed35fc6cd4 miniupnpd/testminissdp.c: int => size_t. 2018 2018-01-15 17:47:22 +01:00
yangfl d492fa39ef fix typo 2018-01-09 09:33:31 +08:00
Thomas Bernard a55234d806 upnpreplyparse.c: NameValueParserEndElt() rename arg to avoid confusion 2017-12-12 12:47:33 +01:00
Thomas Bernard bf4f616f58 miniupnpd/Makefile.linux: add testminissdp 2017-12-12 12:46:59 +01:00
Thomas Bernard a4d6939193 miniupnpd: update Changelog.txt 2017-12-12 10:51:36 +01:00
Thomas Bernard 9fcc0a72f0 minissdpc.c: Fix buffer overrun in SSDP packet parsing
fixes #267

there were several errors in ProcessSSDPData()
in the parsing of ST: MX: and MAN: headers
so a few bytes could be read after the end of the buffer.
2017-12-12 10:42:54 +01:00
Thomas Bernard 256b93e5d3 miniupnpd: add a test for ProcessSSDPData()
see #267
2017-12-12 10:08:44 +01:00
Thomas Bernard a0573e2518 minixml.c: fix heap buffer overflow
should fix #268
2017-12-11 14:59:29 +01:00
Thomas Bernard 7aeb624b44 properly initialize data structure for SOAP parsing in ParseNameValue()
topelt field was not properly initialized.

should fix #268
2017-12-11 14:27:27 +01:00
Thomas Bernard 7492fe42c2 pcpserver.c: send ANNOUNCE when IP changed
see #254
2017-11-27 23:04:51 +01:00