Commit Graph

698 Commits

Author SHA1 Message Date
Tomofumi Hayashi af780b8255 Fix to get NAT port as uint16_t. 2015-03-16 19:38:28 +09:00
Tomofumi Hayashi d2bc556733 In case of remove filter, just remove one rule. 2015-03-16 19:35:23 +09:00
Tomofumi Hayashi 939b3262c3 Add expr_set_reg_val_u16 for network port num. 2015-03-16 18:02:07 +09:00
Tomofumi Hayashi 75fd37e958 Fix NAT issue (cannot snat/dnat actually).
Port number endian is failed.
2015-03-16 17:29:20 +09:00
Tomofumi Hayashi c19b87ee07 Add egress if index val and rename ifidx to ingress_ifidx. 2015-03-16 17:28:03 +09:00
Tomofumi Hayashi 3e635dbe17 Changes init script (only add chains). 2015-03-16 17:24:31 +09:00
Tomofumi Hayashi f7288efb5e Fix init script. 2015-03-12 15:17:33 +09:00
Tomofumi Hayashi 7065b0040f Add README. 2015-03-11 22:18:26 +09:00
Tomofumi Hayashi dcf218c452 Initial commit to support nftables. 2015-03-11 21:10:25 +09:00
Thomas Bernard b137df30d9 Merge remote-tracking branch 's1061123/fix_range1' 2015-03-09 10:59:49 +01:00
Tomofumi Hayashi 3b472b59e0 Fix get_portmappings_in_range() in non-expand case.
In get_portmappings_in_range(), array[] is not updated when
realloc() is not called, hence get_portmappings_in_range() is
always null. This fix changes to fill array[].
2015-03-09 17:33:10 +09:00
Thomas Bernard 85841abd5f miniupnpd/Changelog.txt: eb72ab5330 2015-03-07 16:57:40 +01:00
Thomas Bernard eb72ab5330 miniupnpd.c: don't die when IPv6 is enabled and interface has no IPv4 address 2015-02-20 18:31:55 +01:00
Thomas Bernard e896e298f3 miniupnpd: remove warnings 2015-02-16 22:41:40 +01:00
Thomas Bernard e13525c3e7 miniupnpd: UPnP/1.1 => UPnP/2.0 2015-02-16 11:23:05 +01:00
Thomas BERNARD d5ccd5e86e Merge pull request #101 from pyzhu/master
avoid compile warning
2015-02-11 23:33:47 +01:00
Thomas Bernard 6e5d8ce954 miniupnpd: Allow wildcard (empty string) remote host for AddPinhole() 2015-02-10 16:04:10 +01:00
Thomas Bernard 5df35db6ab fix c7d7efd230 2015-02-08 10:46:13 +01:00
Thomas Bernard 7c1a04ab30 upnpsoap.c: 2014 => 2015 2015-02-08 10:23:54 +01:00
Thomas Bernard c7d7efd230 fix realloc failure issues detected thanks to cppcheck 2015-02-08 10:23:22 +01:00
Thomas Bernard 241ede9ddf miniupnpd: improve (some) logs 2015-01-20 14:13:18 +01:00
Thomas Bernard f795af5f54 2014 => 2015 2015-01-20 14:12:10 +01:00
Thomas Bernard bbb6df523d miniupnpd/natpmp.c: #if IPV6_PKTINFO => #ifdef IPV6_PKTINFO 2014-12-31 01:38:15 +01:00
Thomas Bernard c336b23706 miniupnpd/upnpglobalvars.c: documentation about CONFIGID.UPNP.ORG 2014-12-15 12:02:42 +01:00
Thomas Bernard c4b167537f miniupnpd/Makefile.linux: fix clean (testporinuse.o) 2014-12-15 11:59:17 +01:00
Thomas Bernard 22bc695f91 remove unused bsdqueue.h 2014-12-15 11:58:57 +01:00
Thomas Bernard 2d89a05982 miniupnpd/miniupnpd.c: minor fixes in usage output 2014-12-10 10:44:32 +01:00
Thomas Bernard 99a1bafc1f miniupnpd: use time for BOOTID.UPNP.ORG value 2014-12-10 10:41:10 +01:00
Thomas Bernard 00d878eba3 miniupnpd: configurable BOOTID.UPNP.ORG SSDP header 2014-12-10 10:40:41 +01:00
Thomas Bernard 2d52890608 miniupnpd/upnpglobalvars.c: document BOOTID.UPNP.ORG and CONFIGID.UPNP.ORG 2014-12-10 10:03:13 +01:00
Thomas Bernard e283270274 miniupnpd/pf/pfpinhole.c: reduce log verbosity
also remove a "argument not used" warning
2014-12-10 09:46:57 +01:00
Thomas Bernard e013870cca miniupnpd/upnpsoap.c: remove an unneeded \n in log 2014-12-09 18:32:31 +01:00
Thomas Bernard 181850ad1f miniupnpd/upnphttp.c: check ':' in HTTP header names 2014-12-09 18:28:23 +01:00
Thomas Bernard 98cc73a372 miniupnpd/upnphttp: Checking Host: HTTP request header to prevent DNS rebinding attack 2014-12-09 17:49:02 +01:00
Thomas Bernard 31986d8190 miniupnpd/upnphttp.c: fix 526e1dcd40 2014-12-09 17:48:14 +01:00
Thomas Bernard 9e30117cac miniupnpd/upnphttp.c: fix ec94c5663f
thanks to Stephen Röttger
2014-12-09 11:44:28 +01:00
Thomas Bernard 526e1dcd40 miniupnpd/upnphttp.c: skip only spaces and tab (stop on CR and LF) 2014-12-09 11:38:50 +01:00
Thomas Bernard 064c78730c miniupnpd/upnphttp.c: cosmetical changes 2014-12-09 11:04:38 +01:00
Thomas Bernard ec94c5663f miniupnpd: check if BuildHeader_upnphttp() failed to allocate memory 2014-12-09 11:04:15 +01:00
Thomas Bernard dd39ecaa93 miniupnpd/upnphttp.c: fix buffer overrun in ParseHttpHeaders() if Content-Length doesn't contain any digit
Credits goes to Stephen Röttger of the Google Security Team for identifying
the vulnerabilities
2014-12-09 11:02:57 +01:00
Thomas Bernard e6bc04aa06 miniupnpd/upnpsoap.c: fix potential memory corruption in upnpsoap.c/GetListOfPortMappings()
Credits goes to Stephen Röttger of the Google Security Team for identifying
the vulnerabilities
2014-12-09 11:01:37 +01:00
Thomas Bernard 7c91c4e933 miniupnpd/upnpredirect.c: check inet_aton() return 2014-12-09 10:53:52 +01:00
Thomas Bernard d00b75782e miniupnpd/upnppinhole.c: fix upnp_add_inboundpinhole() : check inet_pton() return 2014-12-09 10:52:26 +01:00
Thomas Bernard 3b71766493 miniupnpd/genconfig.sh: check net.ipv6.bindv6only under LINUX 2014-12-04 11:23:56 +01:00
Thomas Bernard c14788a13a miniupnpd: fixes ExecuteSoapAction() for missing " around SOAPAction 2014-11-28 14:29:24 +01:00
Thomas Bernard 33a5ebf367 miniupnpd/upnpsoap.c: make WANAccessType easier to configure 2014-11-27 13:25:45 +01:00
Thomas Bernard eef94da7e0 miniupnpd/upnpreplyparse.c: fix DisplayNameValueList() 2014-11-12 17:05:15 +01:00
Thomas Bernard bfab1e2094 miniupnpd/upnputils.c: sockaddr_to_string() includes scope in IPv6 addresses 2014-11-07 12:54:33 +01:00
Thomas Bernard 27d4d10a3e miniupnpd/miniupnpd.c: fix PCP third party mode (in IPv4)
fixes problem introduced in commit 16389fda3c
2014-10-30 20:37:35 +01:00
Thomas Bernard 50f7611227 miniupnpd/TODO: updated TODO (a bit) 2014-10-30 20:35:36 +01:00
Thomas Bernard 510bff06ba miniupnpd: VERSION 1.9 2014-10-27 17:39:28 +01:00
Thomas Bernard 067aa01856 miniupnpd/pcpserver.c: remove unused argument warning 2014-10-27 17:39:01 +01:00
Thomas Bernard a80c87fb8d remove need of sys/queue.h or bsdqueue.h in upnpreplyparse.c/.h 2014-10-27 17:38:26 +01:00
Thomas Bernard fb1aba3c9a miniupnpd/natpmp.c: fix walktrough of mapping "list" for NATPMP removal 2014-10-23 18:00:24 +02:00
Thomas Bernard 350ca199c4 miniupnpd/natpmp.c: Properly implements NAT-PMP mapping removal
fixes #97
2014-10-23 17:57:31 +02:00
Thomas Bernard 8baf8d351a miniupnpd/minissdp.c: Remove warning (caused by double const) 2014-10-22 13:57:24 +02:00
Thomas Bernard 88b6386f55 miniupnpd/Changelog.txt: catch up (mcast_ssdp) 2014-10-22 13:41:35 +02:00
Thomas Bernard 447bad32c9 miniupnpd/minissdp.c: Add documentation to SSDPNotify* functions 2014-10-22 12:11:34 +02:00
Thomas Bernard aef2c0a3b4 miniupnpd/minissdp.c: fix 50e370abcd
while() => for() / reindent/etc
2014-10-22 12:10:30 +02:00
Thomas Bernard ac816e91f9 Merge branch 'master' into mcast_ssdp 2014-10-22 11:47:46 +02:00
Thomas Bernard 9194b02071 miniupnpd/minissdp.c: comments about binding "notify" sockets
Explain why bind() is called in functions
OpenAndConfSSDPNotifySocket and OpenAndConfSSDPNotifySocketIPV6
2014-10-22 11:43:42 +02:00
Thomas Bernard e810903443 miniupnpd/upnputils.c: do something in case inet_ntop() fails 2014-10-22 11:14:48 +02:00
Thomas Bernard bedbf88fc6 miniupnpd/upnputils.c: compile some debug output only when needed 2014-10-22 11:13:48 +02:00
Thomas Bernard 16389fda3c miniupnpd: Discard NAT-PMP packets coming from the WAN 2014-10-22 10:54:07 +02:00
Thomas Bernard f183e2b436 miniupnpd/Changelog.txt: catch up 2014-10-22 10:53:30 +02:00
sbyx 4cbcdc34d2 UPNP pinholing: add missing sys/types.h include
sys/types.h is necessary to declare u_int64_t for some c libraries, so include it.

Signed-off-by: Steven Barth <cyrus@openwrt.org>
2014-10-21 15:54:02 +02:00
sbyx 47b77fabb6 Remove unnecessary sysctl.h include for linux
miniupnpd on Linux unnecessarily includes sys/sysctl.h which breaks builds with musl-libc.

Signed-off-by: Steven Barth <cyrus@openwrt.org>
2014-10-21 10:56:34 +02:00
Thomas Bernard 82604ec5d0 miniupnpd/miniupnpd.conf: add comments regarding security
comment values, to force people to configure themselves
2014-10-13 18:03:53 +02:00
Markus Stenberg 17dabcc708 Use -f with gzip, to prevent interactive promots when running make install multiple times. 2014-10-08 14:24:01 +03:00
Thomas Bernard 97c001d464 add use(less ?)ful comments 2014-10-06 14:44:45 +02:00
Thomas Bernard 55c959247b miniupnpd/minissdp.c: remove warning if ipv6 is disabled 2014-10-06 14:44:23 +02:00
Thomas Bernard c79c17115c miniupnpd/upnpsoap.c: DeletePortMapping now checks for client IP in Securemode 2014-09-25 11:47:16 +02:00
Thomas Bernard 9885060d5c miniupnpd/bsd/getifstats.c: make it compile with OpenBSD 4.3
see commit 7f6cf3680e
2014-09-15 17:12:31 +02:00
Gleb Smirnoff 7f6cf3680e Use BSD libc API to fetch data about interface statistics instead
of nosing in kernel memory. This API should work on all versions
of FreeBSD/NetBSD/OpenBSD/Dragonfly.

This fixes compilation on FreeBSD 11, where kernel structures
have changed and protects against future breakages. It also
make the file much simplier.

Tested by:	Daniel Engberg <daniel.engberg.lists pyret.net>
2014-09-14 13:41:49 +04:00
Thomas Bernard 05cc5daf14 update Changelog.txt files 2014-09-06 10:37:08 +02:00
Thomas Bernard 1961868cd5 miniupnpd/minissdp.c: add a default delay before SSDP response
fixes #084
2014-08-01 12:30:55 +02:00
sbyx ef408d0857 Fix typo in byte conversion & writing in NAT-PMP
This fixes https://github.com/miniupnp/miniupnp/issues/89.

Signed-off-by: Steven Barth <cyrus@openwrt.org>
2014-07-31 08:43:48 +02:00
Daniel Becker dcf658c55e miniupnpd/Makefile: make firewall detection consistent with genconfig.sh; assume PF if /etc/rc.subr and/or /etc/rc.conf not found on *BSD 2014-06-20 23:23:16 -07:00
Thomas Bernard 78d32ba012 Merge remote branch 'mikedld/remove-macosx-macro' 2014-06-16 10:54:03 +02:00
Mike Gelfand c08833f9e8 Use _WIN32 instead of WIN32 to check for Windows
MinGW defines both _WIN32 and WIN32 (and may even be the only compiler
doing so). Microsoft and Intel compilers only define _WIN32. Use the
common one to eliminate the need in defining WIN32 explicitly.
2014-06-15 09:37:13 +03:00
Mike Gelfand 920845b107 Use built-in __APPLE__ macro instead of MACOSX
GCC and Clang on Mac OS have a built-in __APPLE__ macro. Use it instead of
manually-defined MACOSX.
2014-06-15 04:14:43 +03:00
Markus Stenberg 5aaac2c6f5 miniupnpd/pcpserver.c: ext_port field was not set in the (IPv6) firewall reply packet. Now setting it to int_port. 2014-06-02 19:39:06 +03:00
Markus Stenberg 3eb71223b4 For some reason, rules without ipv6.flags set (and proto set?) do not match at all at least on Linux 3.10. So with this patch, they do (and it took me a while to find out, sigh) 2014-05-29 17:56:48 +03:00
Thomas Bernard 50e370abcd miniupnpd/minissdp.c: Send SSDP announces to IPv6 link-local, site-local and global multicast addresses 2014-05-23 17:05:15 +02:00
Thomas Bernard 4069d9633c miniupnpd/minissdp.c: bind the SSDP IPv6 sending socket 2014-05-23 17:03:56 +02:00
Thomas Bernard 6bf84dc834 miniupnpd/minissdp.c: clean SendSSDPbyebye() 2014-05-23 12:07:39 +02:00
Thomas Bernard c4c2f79c12 miniupnpd/minissdp.c: Add IPV6 multicast membership only on selected "LAN" interfaces 2014-05-22 10:22:04 +02:00
Thomas Bernard 00fbdb70cf miniupnpd/minissdp.c: AddMulticastMembershipIPv6() targets specific interface 2014-05-22 10:17:06 +02:00
Thomas Bernard 165aeef129 miniupnpd/minissdp.c: clean SendSSDPNotify() code 2014-05-22 10:12:26 +02:00
Thomas Bernard 0d32445f57 miniupnpd/Changelog.txt: catch up :) 2014-05-22 09:57:59 +02:00
Thomas Bernard d916ce286a miniupnpd/miniupnpd.c: be more strict when parsing LAN addresses / interface names 2014-05-22 09:42:05 +02:00
Thomas Bernard 72463253dc miniupnpd: disable IPV6 if socket(PF_INET6) returns EAFNOSUPPORT 2014-05-22 01:38:18 +02:00
Thomas Bernard 9f78015a5b miniupnpd/minissdp.c: also listen on global SSDP multicast address FF0E::C
Add comments about also sending the NOTIFY to this address
2014-05-22 01:12:06 +02:00
Markus Stenberg c038146cee Added ipv6_listening_ip option to override it from in6addr_any.
This way IPv6 services can be selectively enabled on one IP too.
2014-05-20 15:55:35 +03:00
Thomas Bernard 93d7bb6ae2 miniupnpd/asyncsendto.c: allow setting of source address (IPV6_PKTINFO) 2014-05-19 16:27:55 +02:00
Thomas Bernard d851ad4c25 miniupnpd: Retreive PCP packed IPV6 destination address 2014-05-19 15:27:34 +02:00
Markus Stenberg 83c103bc3f Internal address check is mandatory even if third party option is set. 2014-05-19 13:23:21 +03:00
Thomas Bernard b9c20cecab miniupnpd/pf/pfpinhole.c: use label to store pinhole description 2014-05-15 23:27:51 +02:00
Thomas Bernard 7154d30adc miniupnpd/pcpserver.c: prevent compiling with PCP_PEER on if not applicable 2014-05-15 12:29:10 +02:00
Thomas Bernard 653bc79292 miniupnpd/upnpsoap.c: Follow change in upnp_get_pinhole_info() 2014-05-15 12:11:42 +02:00
Markus Stenberg c8ec092693 Added pcp_ prefix to allow_thirdparty option (options parsing reserved allow for it's own use). 2014-05-15 12:04:03 +02:00
Markus Stenberg 6b3ff0242d Made failed pinhole request actually fail in terms of return value too. 2014-05-15 12:03:18 +02:00
Markus Stenberg 924b6d1613 Checking lan only in non-thirdparty mode. 2014-05-15 12:02:46 +02:00
Markus Stenberg 28b3afbb8f Added TODO about IPv6 permission handling. 2014-05-15 12:02:12 +02:00
Markus Stenberg 3a457092ce Split Peer/Map logic to NAT- and FW specific parts. Updated TODO to include proxying.
+ fixes
2014-05-15 12:01:22 +02:00
Markus Stenberg be6db5995d miniupnpd: work in progress on PCP pinhole support 2014-05-15 11:58:17 +02:00
Markus Stenberg 7c7407099e Added Linux get_pinhole_uid_by_index. 2014-05-15 11:45:37 +02:00
Markus Stenberg e907d7bba6 miniupnpd: Some initial effort at actually adding pinhole support to PCP code. 2014-05-15 11:45:33 +02:00
Markus Stenberg c000a00508 Fixed PEER supporting PCP to compile too. 2014-05-15 11:29:01 +02:00
Markus Stenberg 3e03562b77 miniupnpd: Added ENABLE_UPNPPINHOLE macro
using ENABLE_UPNPPINHOLE to compile in the support for IPv6 Firewall pinholes.
It is enabled by either ENABLE_6CF_SERVICE or ENABLE_PCP + ENABLE_IPV6.
2014-05-15 11:26:54 +02:00
Thomas Bernard ba97c9b238 miniupnpd/pcpserver.c: fix ProcessPCPRequest()
fix commit 620af3737c8beffe87e08b7e0c34ab1661251695
2014-05-15 10:57:10 +02:00
Markus Stenberg 3f9000db76 Added unified description production, and also enforcing that desc matches in MAP/PEER delete (=> following RFC6887). Yay. 2014-05-15 10:51:00 +02:00
Thomas Bernard de96dd47d5 update Changelog.txt files 2014-05-15 10:42:08 +02:00
Thomas Bernard 4dbbf34032 miniupnpd/upnpsoap.c: improve ExecuteSoapAction()
improve commit 20f1e070a1
2014-05-15 10:35:27 +02:00
Arran Cudbard-Bell f27dd45973 Return 730 error where appropriate, and output helpful debug 2014-05-13 21:50:16 +01:00
Arran Cudbard-Bell 20f1e070a1 Don't call deletePortMapping method for deletePortMappingRange
Length of strings needs to match before doing comparison, else we can stop early on a substring of the one were trying to match.
2014-05-13 21:50:16 +01:00
Thomas Bernard 98109ea92e miniupnpd/getifaddr.c: fix when IPV6 is not enabled 2014-05-06 15:15:07 +02:00
Markus Stenberg 338a533a09 miniupnpd/pcpserver.c: Preliminary work for PCP fw control
Added preliminary is_fw flag, and added af to getifaddr_in6. Made
option parsing follow the RFC and also made it bit more paranoid
(there were some security problems with length checks not being done
at right place all the time; simplified flow, should be easier to
verify now that it does nothing untoward).
2014-05-06 15:12:42 +02:00
Markus Stenberg d058fd3f36 miniupnpd/pcpserver.c: Added checks for third-party allowed for it to be used.
If allowed, checking it against source address,
with inverse logic from that of non-thirdparty case.
2014-05-06 13:30:04 +02:00
Markus Stenberg 5e5a9d39eb Added missing check for int_ip. 2014-05-06 13:27:42 +02:00
Markus Stenberg 2f5c3ce959 miniupnpd/pcpserver.c: Some IPv6 related work on PCP. 2014-05-06 13:26:06 +02:00
Thomas Bernard 0e49fe7e94 miniupnpd: change "allow_thirdparty" PCP option to a bit flag 2014-05-06 13:15:24 +02:00
Markus Stenberg c801138c63 Added PCP third party option and made it's use an option. 2014-05-06 13:10:09 +02:00
Mike Frysinger 9f687cef9c use CPPFLAGS for -D/-I flags
The standard variable for preprocessor flags (e.g. -I and -D) is
CPPFLAGS.  The default Makefile rules already use this variable
when compiling code, so we only need to convert the name.
2014-04-29 16:56:24 -04:00
Mike Frysinger 30e510ac79 convert to LDLIBS
The standard variable for adding -l flags is LDLIBS, not LIBS.
The default Makefile rules (which this code already relies on)
will use that when linking.

This also fixes a problem where we do not want to list -l flags
in the dependency of make targets.  When you do that, make will
do a file search in /lib and /usr/lib (hardcoded) and expand the
path to those absolute files.  This breaks when you try to cross-
compile miniupnpd for other platforms.
2014-04-29 16:53:29 -04:00
Mike Frysinger 77a2ce69b6 respect standard $PKG_CONFIG env var
Rather than hardcode `pkg-config`, allow people to set PKG_CONFIG to
point to a version customized for their build.
2014-04-29 16:47:01 -04:00
Thomas Bernard 13037e57b7 miniupnpd/miniupnpd.conf: add a comment 2014-04-22 10:53:58 +02:00
Thomas Bernard 80713ba39a miniupnpd/Changelog.txt: catch up 2014-04-22 10:53:18 +02:00
Thomas Bernard 7a2bafd071 miniupnpd/miniupnpd.conf: add https_port option and rename port to http_port 2014-04-22 00:44:37 +02:00
Thomas Bernard d31badae7d miniupnpd/natpmp.c: replace macros by functions
see commit 67c28e7f8b (and comments)
2014-04-21 21:36:45 +02:00
Thomas Bernard ca9b8217b4 miniupnpd/pcpserver.c: Fix CheckExternalAddress() for working with 0 IPv4 mapped address
fixes #69
2014-04-21 19:32:09 +02:00
Thomas Bernard 8be1cc55c2 miniupnpd/pcpserver.c: Add comments to CheckExternalAddress() 2014-04-21 19:31:32 +02:00
Thomas Bernard 743dfef265 miniupnpd/miniupnpd.c: display HTTP / HTTPS in logs 2014-04-20 18:40:26 +02:00
Thomas Bernard 589b792873 miniupnpd/minissdp.c: comment about WFA. 2014-04-20 18:39:40 +02:00
Thomas Bernard 1dd48971b9 Merge branch 'https'
Conflicts:
	miniupnpd/Makefile
	miniupnpd/pf/obsdrdr.c
2014-04-20 18:12:04 +02:00
Thomas Bernard 1ff20069a1 miniupnpd/options.c: fix potential end of array access 2014-04-20 18:10:44 +02:00
Thomas Bernard 415d14fbe9 miniupnpd/options.c: Add https_port= option
also add http_port= as a synonym to port=
2014-04-20 18:06:00 +02:00
Thomas Bernard 7f85648277 miniupnpd/minissdp.c: clean up : port => http_port 2014-04-20 18:05:22 +02:00
Thomas Bernard a310b3a0dc miniupnpd/bsd/ifacewatcher.c: RTM_ADD RTM_DELETE RTM_CHANGE 2014-04-18 10:26:58 +02:00
Thomas Bernard 848218fe2d miniupnpd/Makefile: fix for OpenBSD 2014-04-18 10:26:09 +02:00
Thomas Bernard dee1fbe394 miniupnpd/bsd/ifacewatcher.c: add case RTM_GET 2014-04-18 10:12:31 +02:00
Thomas Bernard a75719677a miniupnpd/Makefile: comment out crappy pf/ipf detection 2014-04-17 12:54:14 +02:00
Thomas Bernard ed962213e8 miniupnpd/pf/obsdrdr.c: check that USE_PF is defined
also fix a warning
2014-04-16 09:59:49 +02:00
Thomas Bernard 204a3db655 miniupnpd/Makefile: link testportinuse with $LIBS 2014-04-16 01:20:34 +02:00
Thomas Bernard 1b8ed0b59d miniupnpd/upnpsoap.c: DeviceProtection has to check peer certificate 2014-04-15 15:40:03 +02:00
Dmitry Mostovenko 9e3547cdec miniupnpd/netfilter/iptables_*.sh: less usage of deprecated net-tools. Use iproute2 instead. 2014-04-15 15:57:10 +04:00
Thomas Bernard 67c28e7f8b miniupnpd/natpmp.c: Remove pointer casting, avoid possibility of unaligned memory access 2014-04-14 22:50:11 +02:00
Thomas BERNARD db6de93f34 Merge pull request #65 from razzfazz/pcp_portinuse
miniupnpd/pcpserver.c: add PCP support for CHECK_PORTINUSE
2014-04-14 09:20:49 +02:00
Thomas Bernard 1140e1bddb miniupnpd/portinuse.c: minor cosmetic changes 2014-04-14 09:17:10 +02:00
Daniel Becker eea9188eef miniupnpd/portinuse.c: whitespace cleanup 2014-04-13 04:28:47 -07:00
Daniel Becker 90cc5ad3e7 miniupnpd/portinuse.c: add FreeBSD support for CHECK_PORTINUSE 2014-04-13 04:15:58 -07:00
Daniel Becker b4e00165a0 miniupnpd/pcpserver.c: add PCP support for CHECK_PORTINUSE 2014-04-12 23:14:11 -07:00
Thomas BERNARD 974692e7ac miniupnpd/Makefile.macosx: fix a typo 2014-04-12 09:37:06 +02:00
Thomas Bernard 11e71207c8 miniupnpd/upnphttp.c: log OpenSSL version used 2014-04-11 09:48:50 +02:00
Thomas Bernard e8aca7a943 miniupnpd/genconfig.sh: adding HTTPS_CERTFILE / HTTPS_KEYFILE 2014-04-11 09:48:41 +02:00
Thomas Bernard 4f230c809b miniupnpd/asyncsendto.c: improve error handling in try_sendto()
to help investigate issue #64
2014-04-11 09:31:02 +02:00
Thomas Bernard f789a3bab7 miniupnpd/getifaddr.c: check if interface is up 2014-04-11 00:03:13 +02:00
Thomas Bernard 947be5aafc upnphttp.c: Configure OpenSSL client cert verification 2014-04-10 23:28:41 +02:00
Thomas Bernard e26174d05d miniupnpd: free OpenSSL memory 2014-04-09 16:09:31 +02:00
Thomas Bernard e91bda48d7 upnpsoap.c: fix GetAssignedRoles() 2014-04-09 15:43:39 +02:00
Thomas Bernard b4be392156 miniupnpd/portinuse.c: fix display in case of error 2014-04-09 15:38:54 +02:00
Thomas Bernard e5757cdc45 miniupnpd.c: nothing important :) 2014-04-09 15:37:37 +02:00
Thomas Bernard 974c05c7be miniupnpd/pf/obsdrdr.c: remove compilation warning 2014-04-09 15:37:16 +02:00
Thomas Bernard 123eca279c upnpd/minissdp.c: enlarge SSDP packet buffer for sending 2014-04-09 15:36:38 +02:00
Thomas Bernard 6794650f5a miniupnpd/upnpsoap.c: Adding skeleton of DeviceProtection:1 implementation 2014-04-09 15:35:55 +02:00
Thomas Bernard bbe96a15b6 miniupnpd: adding HTTPS support 2014-04-09 15:35:06 +02:00
Thomas Bernard 29e951c1e5 miniupnpd/Makefile: improve ipfw detection 2014-04-07 12:39:05 +02:00
Thomas Bernard c4d99670e7 miniupnpd: Use SA_LEN consistently 2014-04-01 11:44:39 +02:00
Thomas Bernard 3491535854 miniupnpd/Makefile: Link test programs with LIBS 2014-04-01 11:44:08 +02:00
Thomas Bernard 3bd2388d4f miniupnpd/Makefile: remove -ansi flag 2014-04-01 11:43:31 +02:00
Thomas Bernard 6a194ffcfb miniupnpd/testportinuse.c: fix compilation with CHECK_PORTINUSE undefined 2014-03-28 13:15:09 +01:00
Thomas Bernard 08127b85d4 Merge branch 'portinuse'
Conflicts:
	miniupnpd/Makefile.linux
2014-03-28 12:52:18 +01:00
Thomas Bernard f6f4e56bdf miniupnpd/portinuse: cleanup 2014-03-28 12:50:42 +01:00
Thomas Bernard 0decb351e9 miniupnpd/pcpserver.c: check source address of PCP request 2014-03-24 15:03:12 +01:00
Thomas Bernard d233655630 miniupnpd/pcpserver.c: fix for IPv6 2014-03-24 12:15:50 +01:00
Thomas Bernard ad88cc0819 miniupnpd: start work to enable IPv6 PCP operations 2014-03-24 12:07:31 +01:00
Thomas Bernard f70484f27f miniupnpd/minissdp.c: reduce syslog() verbosity
LOG_INFO => LOG_DEBUG
2014-03-24 10:33:52 +01:00
Thomas Bernard ba1875b52c miniupnpd/pcpserver.c: add comments 2014-03-24 10:24:41 +01:00
Thomas Bernard 7137665101 miniupnpd/pcpserver.c: prepare code to be able to manage more than just TCP and UDP 2014-03-24 10:24:19 +01:00
Thomas Bernard 814a6b253a miniupnpd/pcpserver.c: use const where useful 2014-03-24 10:23:07 +01:00
Thomas Bernard b1fb9cfdc4 miniupnpd/pcpserver.c: take care of "nonce" value 2014-03-24 10:21:26 +01:00
Thomas Bernard 4a7f97c7f3 miniupnpd/pcp_msg_struct.h: comments 2014-03-22 13:12:10 +01:00
Thomas Bernard 6eab849b2e miniupnpd/portinuse.c: Improve error handling in DragonFly BSD code 2014-03-20 14:07:52 +01:00
Thomas Bernard 6419602e14 miniupnpd/portinuse: port_in_use() returns -1 in case of error 2014-03-20 13:49:10 +01:00
Thomas Bernard aea062a7ba miniupnpd/portinuse.c: Add DragonFly BSD implementation
Thanks to YONETANI Tomokazu.
2014-03-20 13:40:53 +01:00
Thomas Bernard 5a3a670e89 miniupnpd/bsd/getifstats.c: fix for DragonFly BSD
struct ifnet is private to kernel code and is hidden from the userland
code unless you define a macro _KERNEL_STRUCTURES.  Although other people
argue that it should be exposed as it is on other BSDs, that's the way
it is on DragonFly BSD.

Thanks to YONETANI Tomokazu for DragonFly BSD patches
2014-03-19 12:25:52 +01:00
Thomas Bernard 75cb38edda miniupnpd/Makefile: allow to override FWNAME 2014-03-19 12:23:48 +01:00
Thomas Bernard 601bd2618b miniupnpd/Makefile: fix for DragonFly BSD
TYPE : chechyesno => checkyesno
2014-03-18 10:17:19 +01:00
Thomas Bernard f7b6b1ec19 miniupnpd/Makefile: Mac OS X switched from ipfw to pf
OS X 10.7 Lion switched to pf
2014-03-18 09:34:25 +01:00
Thomas Bernard 708c83d873 miniupnpd/Makefile: fix for DragonFly BSD 2014-03-18 09:33:33 +01:00
Thomas BERNARD e657211157 miniupnpd/Makefile.macosx: update for testasyncsendto and testportinuse 2014-03-17 15:36:10 +01:00
Thomas BERNARD ba448fd7dd miniupnpd/testasyncsendto.c: remove warning if struct timeval fields are not long int 2014-03-17 15:35:18 +01:00
Thomas Bernard a959e9e7de miniupnpd/upnpevents.c: comments/logs/etc. 2014-03-15 10:54:23 +01:00
Thomas Bernard 76170e5413 miniupnpd/upnphttp.c: Support for multiple URL in Callback: header (SUBSCRIBE) 2014-03-15 10:52:39 +01:00
Thomas Bernard 19261b6fef reject renewal of subscribtion that already timeouted 2014-03-15 10:51:32 +01:00
Thomas Bernard 3629b10ff5 miniupnpd: add port_in_use() implementation for OpenBSD 2014-03-14 12:08:13 +01:00
Thomas Bernard dcce22647d miniupnpd: add testportinuse test program 2014-03-14 12:07:03 +01:00
Thomas Bernard 7cb493919f miniupnpd/getifaddr.c: don't use getifaddrs() in IPv4 only
should fix #62 :
Don't use getifaddrs() in IPv4 only
so we avoid problems if getifaddrs() implementation is buggy
2014-03-14 10:04:49 +01:00
Thomas Bernard 09bbaac63a miniupnpd/portinuse.c: add #ifdef __linux__
TODO : BSD Code
2014-03-13 14:58:36 +01:00
Thomas Bernard 15a2320c86 miniupnpd/portinuse.c/iptcrdr.c: cosmetic changes 2014-03-13 14:49:05 +01:00
Thomas Bernard c4e63048c4 miniupnpd: add CHECK_PORTINUSE to enable/disable port_in_use() 2014-03-13 14:48:52 +01:00
Thomas Bernard 06764123fb Merge remote branch 'origin/master' into portinuse
Conflicts:
	miniupnpd/Makefile.linux
	miniupnpd/natpmp.c
2014-03-13 14:19:44 +01:00
Thomas Bernard a7d9071c5a miniupnpd/upnpevents.c: fix upnp_event_notify_connect() when ENABLE_IPV6 is set 2014-03-13 11:56:28 +01:00
Thomas Bernard 8d93ddb076 miniupnpd: change IP change msg from LOG_DEBUG to LOG_INFO 2014-03-13 11:34:34 +01:00
Thomas Bernard 9f665b572f miniupnpd: fix BSD Makefile 2014-03-13 11:34:34 +01:00
Thomas Bernard 62d6c860ce catch up Changelog.txt
see commit 3ed3478398
2014-03-13 11:34:34 +01:00
Thomas Bernard 7b13adafbd miniupnpd: reduce number of global variables by using more runtime_flags
change ipv6_enabled/ipv6fc_inbound_pinhole_allowed/ipv6fc_firewall_enabled
global vars to flags in runtime_flags
2014-03-13 11:34:33 +01:00
Thomas Bernard 15682180a5 miniupnpd: Work in IPv6 on system where PF_INET6 are restricted to IPv6 only 2014-03-13 11:34:08 +01:00
Thomas Bernard 2a48074f45 miniupnpd: Enable PCP by default. 2014-03-13 11:24:04 +01:00
Thomas Bernard 3ed3478398 miniupnpd/getifaddr.c: clean up and fix getifaddr_in6() 2014-03-13 10:42:07 +01:00
Thomas Bernard 81fa1bcd57 miniupnpd/getifaddr.c: getifaddr_in6() only return IPv4 address when IPV6 disabled
see if it can help for issue #62
pcp/CheckAddress() is likely to need more changes.
2014-03-13 10:00:42 +01:00
Thomas Bernard d397d73628 miniupnpd/getifaddr.c: fix getifaddr_in6()
-1 is returned if no address is found
2014-03-13 09:56:34 +01:00
Thomas Bernard 081c46338c miniupnpd/upnppermissions.c: disable match_permission_internal() 2014-03-13 09:53:44 +01:00
Daniel Becker 408a0b55f6 miniupnpd/pcpserver.c: return error code if PCP mapping fails
This change causes CreatePCPMap to return a PCP_ERR_NO_RESOURCES
response when upnp_redirect_internal does not succeed;
previously, no error code was returned in this case.
2014-03-11 02:06:38 -07:00
Daniel Becker efbb95aa10 miniupnpd/pcpserver.c: port NAT-PMP updates to PCP
This change ports the recent updates to the permissions checking
and eport selection code for NAT-PMP to the PCP MAP handler.
2014-03-11 01:54:10 -07:00
Thomas Bernard 210876f2a7 miniupnpd/natpmp.c: make indentation consistant and add a comment 2014-03-11 09:47:09 +01:00
Daniel Becker 4f160366bd miniupnpd/natpmp.c: remove obsolete assignment
The eport_first variable now gets initialized in the first
iteration of the while loop; the assignment right before the
loop should have been removed in the previous commit.
2014-03-10 11:14:49 -07:00
Daniel Becker f4f4573f53 miniupnpd: fix eport selection and error handling
The find_available_eport function that was intended to check if
at least one eport is allowed for a given iaddr/iport does not
work as intended; for example, it does not properly handle rule
precedence (i.e., it considers allow rules even if they are
effectively masked by earlier deny rules), and it also does not
handle the case where no rules are specified at all (which
should default to accept in order to be consistent with
check_upnp_rule_against_permissions). The present change removes
this function and instead integrates the check into the existing
while loop that iterates over all eports.
2014-03-10 00:32:23 -07:00
Thomas Bernard ecf414e160 miniupnpd/Changelog.txt: Catch up changes... 2014-03-10 00:12:20 +01:00
Thomas Bernard a27979afde Merge branch 'fix_pf_redirect'
Conflicts:
	miniupnpd/pf/testobsdrdr.c
2014-03-10 00:03:06 +01:00
Thomas BERNARD 0ff8e67c26 Merge pull request #57 from razzfazz/natpmp_avoid_port_zero
miniupnpd/natpmp.c: skip port zero when finding free eport
2014-03-08 01:03:43 +01:00
Daniel Becker 1db670d6ff miniupnpd/natpmp.c: skip port zero when finding free eport
When skipping ports that are in use or not allowed, the existing
NAT-PMP code will consider port zero as a candidate eport after
wraparound occurs. Since this is not a legal port, we skip over it.

port zero as an eport value.
2014-03-07 11:02:04 -08:00
Daniel Becker ba04327bb0 miniupnpd/natpmp.c: remove redundant break statements
These two break statements are redundant: The subsequent continue
statement will cause the loop condition to be re-evaluated, at which
point the loop will terminate if resp[3] != 0.
2014-03-07 07:42:40 -08:00
Thomas Bernard e385db03b9 miniupnpd: improved permission checking for NAT-PMP
NAT-PMP now searches an allowed eport if the one from
request is not, instead of returning an error
2014-03-07 11:48:17 +01:00
Thomas Bernard b7ee469980 miniupnpd/pf: update testobsdrdr.c 2014-03-06 14:24:58 +01:00
Thomas Bernard 60e129d131 miniupnpd/pf: delete_redirect_and_filter_rules() now take internal address into account 2014-03-06 14:24:10 +01:00
Thomas Bernard acc149ee99 miniupnpd/pf: fix add_filter_rule2() by adding internal address 2014-03-06 14:23:13 +01:00
Thomas Bernard 65b776f1ed miniupnpd/pf: add clear_filter_rules() for testing
also add a --clear / -c argument to testobsdrdr programm
2014-03-06 14:21:39 +01:00
Thomas Bernard f49a70aab0 miniupnpd/testgetifaddr.c: also test find_ipv6_addr() 2014-03-03 12:37:01 +01:00
Thomas Bernard e5146cdf24 miniupnpd/Makefile.linux: fixes for testasyncsendto
also update dependencies
2014-03-03 12:35:12 +01:00
Daniel Becker edd501f59c miniupnpd/natpmp.c: return correct error code when all external ports in use
Instead of returning code 3 ("Network Failure"), we should the
more appropriate code 4 ("Out of resources") when no external
port is available for a mapping.
2014-02-28 14:47:53 -08:00
Thomas Bernard 5512d022ac miniupnpd/pf/obsdrdr.c: add UNUSED() when necessary 2014-02-28 21:28:12 +01:00
Thomas Bernard 9d23b88cef miniupnpd/pf: replace delete_filter_rule()
now use delete_redirect_and_filter_rules()
2014-02-28 21:26:52 +01:00
Thomas Bernard 37208eecae miniupnpd/pf/obsdrdr.c: improve documentation 2014-02-28 21:22:52 +01:00
Thomas Bernard 9c7df04b13 miniupnpd/pcpserver.c: fix defines
with OpenBSD,  <netinet/in.h> must be included before <arpa/inet.h>
2014-02-28 20:26:02 +01:00
Thomas Bernard 56aca98164 miniupnpd/pf: catch up test programs 2014-02-28 20:20:51 +01:00
Thomas Bernard 802ad22f4d miniupnpd: minor stuff (remove warning, add debug log) 2014-02-28 16:40:20 +01:00
Thomas Bernard dbdad6a79b miniupnpd: improve finalize_sendto() 2014-02-28 16:39:59 +01:00
Thomas Bernard b71e0c028f Merge branch 'limit_eport_search' 2014-02-28 13:36:28 +01:00
Thomas Bernard 3c90f6a30d miniupnpd/natpmp.c: avoid hang when all external ports in use
reorganize a bit
2014-02-28 13:34:46 +01:00
Thomas Bernard 8fc7f0b5e1 miniupnpd: log message when shutting down 2014-02-28 13:16:22 +01:00
Thomas Bernard 6dff4263bd miniupnpd/Changelog.txt catch up... 2014-02-28 13:16:06 +01:00
Daniel Becker c6a8879c87 miniupnpd/natpmp.c: avoid hang when all external ports in use
The NAT-PMP code attempts to find a different eport if the
requested one is already in use. If all eports are in use, that
would previously cause the code to iterate through the range of
eports forever. To avoid this case, we keep track of the first
eport we attempted to use and abort the loop once we've cycled
through all possible values exactly once (which takes us back
to the initial eport).
2014-02-28 00:00:26 -08:00
hashiz 1efb4cc03c * fix incorrect filter port in pf redirect. 2014-02-28 11:28:07 +09:00
Thomas Bernard c492b6f56f minissdp.c: try again write after EINTR in SubmitServicesToMiniSSDPD() 2014-02-26 02:02:34 +01:00
Thomas Bernard 34d0954718 Merge branch 'sendto_schedule' 2014-02-25 11:47:30 +01:00
Thomas Bernard ec1686f29f miniupnpd/minissdp: Introduce SSDP_RESPOND_SAME_VERSION
changes something when compiled as IGDv2.
2014-02-25 11:45:51 +01:00
Thomas Bernard 9832adc456 miniupnpd/minissdp.c: send ssdp:alive packets more than once
fixes #35
2014-02-25 11:37:36 +01:00
Thomas Bernard a06c695fe3 miniupnpd/asyncsendto: finalize_sendto() 2014-02-25 11:36:58 +01:00
Thomas Bernard 02165b70dc minissdp.c: wait for a delay before answering M-SEARCH 2014-02-25 11:16:34 +01:00