Commit Graph

1241 Commits

Author SHA1 Message Date
Thomas Bernard 66c4921758
miniupnpd.conf: comments improvement 2023-05-27 11:24:03 +02:00
Thomas Bernard 02da7055fc
option enable_natpmp => enable_pcp_pmp
for backward compatibility, enable_natpmp is stick recognized
2023-05-27 11:21:21 +02:00
Thomas Bernard ab57f7ca3a
miniupnpd.c: improve comments about SETFLAG(ENABLENATPMPMASK) 2023-05-27 11:20:29 +02:00
MoonlightWave-12 49991e00f6
miniupnpd.conf: Update the address of a STUN-server
See: https://stunprotocol.org/

Also: Adding more newlines for better readability.
2023-05-15 01:00:56 +02:00
Thomas Bernard 214deacb11
improve debug output in ProcessSSDPRequest()
see #655
2023-05-11 01:19:22 +02:00
Thomas Bernard 861298fa24
avoid realloc(p, 0) whose behavior is implementation-defined
fixes #652

see https://github.com/miniupnp/miniupnp/issues/652#issuecomment-1518922139
2023-04-23 11:51:11 +02:00
Thomas Bernard 5ca1a82f7f
zero the permission structure before parsing
should fix #652
2023-04-05 16:03:13 +02:00
Thomas Bernard e439318cf7
miniupnpd 2.3.3 2023-02-17 04:09:33 +01:00
Thomas Bernard 6e8d0fa161
upnppermissions.h: fix build, because #define ENABLE_REGEX is in config.h 2023-02-11 23:53:38 +01:00
Thomas Bernard ec48e04cd5
PinholeVerification(): use memcpy() to compare structures
fix 99fc9941aa
2023-02-11 23:36:56 +01:00
Thomas Bernard 99fc9941aa
Fix PinholeVerification()
see https://miniupnp.tuxfamily.org/forum/viewtopic.php?p=5847
2023-02-04 11:32:29 +01:00
Thomas Bernard 72b33d7145
update Changelog.txt ;)
see 7bd0877b8f
2023-01-28 16:43:25 +01:00
Thomas Bernard 8d3986f82c upnppinhole.c: (c)2023 and https 2023-01-28 16:00:47 +01:00
Thomas Bernard 7bd0877b8f
upnp_add_inboundpinhole(): fix updating of leasetime for existing pinholes
upnp_update_inboundpinhole() takes the leasetime as an argument,
not the timestamp (= current_time + leasetime).

That was resulting in havin a timestamp very far in the future

see https://miniupnp.tuxfamily.org/forum/viewtopic.php?p=5840#
2023-01-28 15:58:57 +01:00
Thomas Bernard 57ae40fe10
miniupnpd: reject AddPinhole when InternalPort or RemortePort is empty
https://miniupnp.tuxfamily.org/forum/viewtopic.php?p=5839
2023-01-28 15:49:53 +01:00
Thomas Bernard 8ced59d384
2022 => 2023 2023-01-26 23:53:58 +01:00
Thomas Bernard 98cc9f1b43
miniupnpd.init.d.script: also run ip6tables_init/ip6tables_removeall scripts
for support of IPv6
see https://miniupnp.tuxfamily.org/forum/viewtopic.php?t=2338
2023-01-21 13:00:03 +01:00
Thomas Bernard f4a739d730
miniupnpd version 2.3.2 2023-01-20 00:25:03 +01:00
Thomas Bernard 62e2ea175f miniupnpd/Changelog.txt: Fix NFTables again (RULE_HANDLE using more than 32 bits)
see #582
2023-01-15 18:43:09 +01:00
Thomas Bernard 904dda47ed
nftnlrdr_misc.c: replace nftnl_rule_get_data() usage with specific nftnl_rule_get_*() functions
nftnl_rule_get_u32()
nftnl_rule_get_u64()
nftnl_rule_get_str()

closes #641
should fix #582
2023-01-14 19:18:37 +01:00
Thomas Bernard 67ea8c8bc3 nftnlrdr_misc.c: debug message about proto_min_reg/proto_min_val 2023-01-14 19:16:40 +01:00
Thomas Bernard a1535b0488 2022 2022-10-21 21:36:05 +02:00
Thomas Bernard fd62384959 miniupnpd: add option to match rules description with regex 2022-10-21 21:35:50 +02:00
yangfl 2ff8cb17da miniupnpd: Add option to match rules with regex
Some reports that a certain app is abusing UPnP for exploiting upload
bandwidth. This commit adds support to restrict UPnP rules to a regex.
By matching requester's description string against rule's regex, this
will make some obstacles for that app.
2022-10-21 21:26:39 +02:00
Thomas Bernard eb07f0c466 miniupnpd 2.3.1 2022-10-16 08:03:35 +02:00
Thomas Bernard a4e12c01c4
miniupnpd: move READNU32/WRITENU32/etc. to rw_unaligned.h 2022-10-16 07:54:38 +02:00
Thomas Bernard c13a4b15f1
upnpdescgen.c: include macros.h for UNUSED
fixes 3a2b15af4c
2022-10-16 07:43:42 +02:00
Thomas BERNARD 3f6350da6a
Merge pull request #630 from miniupnp/issue-628
fixes Issue 628 - bug on big endian
2022-10-16 07:33:19 +02:00
Thomas Bernard 3a2b15af4c
miniupnpd: fix warnings when compiling with IGD_V2 disabled
fixes #617

./upnpdescgen.c:946:1: warning: unused label 'unstack' [-Wunused-label]
unstack:
^~~~~~~~
./upnpdescgen.c:891:12: warning: unused parameter 'force_igd1' [-Wunused-parameter]
       int force_igd1)
           ^
./upnpdescgen.c:1035:61: warning: unused parameter 'force_igd1' [-Wunused-parameter]
genServiceDesc(int * len, const struct serviceDesc * s, int force_igd1)
                                                            ^
3 warnings generated.
2022-10-15 13:09:36 +02:00
Thomas Bernard 61127ca0be
nftnlrdr_misc.c: expr_set_reg_val_u16() has uint16_t arg 2022-10-10 02:33:04 +02:00
Thomas Bernard 890e4ec218
nftnlrdr_misc.c: fix parse_rule_immediate()
so it works correctly on both little endian and big endian CPUs
should fix #628
2022-10-10 02:32:58 +02:00
Thomas Bernard 8bbe1c1339 remove useless UNUSED() 2022-10-10 01:23:26 +02:00
Thomas Bernard fa190f294a
pcpserver.c: fix type LOG_WARN => LOG_WARNING
fixes #620
2022-08-25 23:52:23 +02:00
Thomas Bernard 7b45ec940a
update changelog.
fixes #611
2022-08-06 11:27:35 +02:00
Thomas Bernard b8d66c5f7c
pcpserver.c: rewrite DeletePCPMap() to work with netfilter_nft
try to fix #611
2022-07-01 07:15:36 +02:00
Thomas Bernard 16366f5db4 add debug logs in DeletePCPMap 2022-06-19 19:41:32 +02:00
Thomas Bernard 0cc037f8b0 update miniupnpd/Changelog.txt 2022-06-02 01:26:37 +02:00
Thomas Bernard 1cdf9ba744 Merge branch '529-port-triggering-openbsd'
fixes #529
2022-06-02 01:19:53 +02:00
Thomas Bernard b734f94bdf pcpserver.c: improve DeletePCPMap() error message 2022-05-18 11:25:32 +02:00
Thomas Bernard 047fe367dd
miniupnpd: improve configure script for cross builds 2022-05-18 09:55:52 +02:00
Thomas Bernard 2ede47be46
pf/obsdrdr.c: better document PFRULE_INOUT_COUNTS and PF_NEWSTYLE 2022-05-18 08:34:16 +02:00
Thomas Bernard a255df2488
Dont create nat rule for Port Triggering, but a pass rule
should fix #529
2022-05-18 08:32:42 +02:00
Thomas Bernard a6ca2b14c5
miniupnpd/nftnldr.c: init local var in update_portmapping()
see https://github.com/miniupnp/miniupnp/pull/607
rhost is not currently in use, but it might be some day.
2022-04-21 00:19:45 +02:00
Thomas Bernard fda61180e0
iptpinhole.c: check inet_pton() return values 2022-03-19 18:50:58 +01:00
Thomas Bernard c8476e6f16
miniupnpd.init.d.script: support nftables
fixes #594
2022-02-19 23:49:18 +01:00
Thomas Bernard 89c6556338
miniupnpd/ipfw: make it clear it is not working under FreeBSD 2022-02-19 22:49:14 +01:00
Thomas Bernard c0d3a17650
pf: Use private WAN IP for NAT in double NAT setups
fixes #598
2022-02-19 20:19:34 +01:00
Thomas Bernard 5231397bd6
update Changelog and comments about commit 9500253 2022-02-19 20:03:30 +01:00
Thomas BERNARD 9e042264fa
Merge pull request #599 from jow-/master
Expose `USE_GETIFADDRS` and tweak `getifaddr()` behaviour
2022-02-19 18:50:39 +01:00
Sergey Ponomarev af812c8775
Refine LICENSE so github can understand it ;)
see #592
also replace project specific files to symbolic link
2022-02-19 18:38:48 +01:00
Jo-Philipp Wich 95002535b3 getifaddr.c: prefer non-reserved over reserved addresses in `getifaddr()`
When iterating interface addresses obtained via `getifaddrs()`, don't
stop at the first found IPv4 address but continue checking all IPv4
addresses and prefer to use a non-reserved one in case an interface
has both reserved (private) and non-reserved (public) addresses
assigned.

After this fix, miniupnpd on OpenWrt is able to properly detect the
external IP address of an external interface with both a private
RFC1918 and a public IP assigned regardless of whether `getifaddrs()`
happens to return the private or the public IPv4 address first.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-16 17:58:42 +01:00
Jo-Philipp Wich a28dec3c2d configure: expose USE_GETIFADDRS configuration
The miniupnpd sources contain a working getifaddrs() based implementation
to fetch the IP address of an interface but that implementation is guarded
by a USE_GETIFADDRS define which can only be passed manually via CFLAGS.

Introduce a new `--getifaddrs` option to the configure script which can be
used to explicitly enable `getifaddrs()` usage.

Also extend the OpenWrt configuration case to enable `getifaddrs()` since
OpenWrt ships with a working implementation of it since several years
already.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-16 17:54:01 +01:00
Sergey Ponomarev 1479881003 minixml.c sync sources
In the commit a0573e2518
was fixed a buffer overflow in the minixml.c but it wasn't copied to upnpc-async.
To make comparison simpler the header was also synced
2022-01-27 11:29:16 +02:00
Thomas Bernard 9df2f43e08 miniupnpd: VERSION 2.3.0 2022-01-23 01:25:49 +01:00
Thomas Bernard 6576eb611b version 2.3.0 2022-01-23 01:19:01 +01:00
Thomas Bernard 545d2b421c 2022 2022-01-23 01:18:49 +01:00
Brian John 87776e8345 Split "NAT" and "TABLE" for consistency 2022-01-01 16:58:55 -06:00
Brian John 8d061ecf65 Fix typo: should check for `$NAT_TABLE` 2022-01-01 16:17:31 -06:00
Brian John 69f01ffcc8 Spelling fix: routeing --> routing 2022-01-01 16:15:54 -06:00
Thomas Bernard 78823d762e
README.md: updated. fix titles 2021-12-16 00:29:39 +01:00
Thomas Bernard 2bfed34e8c
README.md: reformat chain/tables setup
fix 3129683cb3
2021-12-16 00:27:57 +01:00
Thomas Bernard 1a5cdc0a13 remove space before eol 2021-12-02 00:35:51 +01:00
Thomas Bernard af0ee582d9
commonrdr.h: 2021 2021-12-02 00:06:24 +01:00
Thomas Bernard 97aa00f076
miniupnpd/Changelog.txt: update regarding #584 / 3129683c 2021-12-02 00:06:24 +01:00
Thomas Bernard 46ecef1365
miniupnpd.conf: default table name changed with #584 / 3129683c 2021-12-02 00:06:23 +01:00
Sven Auhagen 3129683cb3 NFTables use scripts to create tables and chains
To hardcode table and chain creation and deletion makes it impossible
for existing firewall infrastructures to integrate miniupnpd.
NFTables will either reevaluate packets through miniupnpd or
it will delete existing tables when there are already custom chains in it.

Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-11-28 08:08:37 +01:00
Thomas Bernard d4849fa08e
miniupnpd.conf: comments about netfilter table/chain names 2021-11-27 21:49:25 +01:00
Sven Auhagen 0b3f3e4029
NFTables make tables name configurable
Right now the table names are hardcoded and do not integrate with an overall
firewall strategy.
NFTables has restrictions on how packets are evaluated against chains.
For example if multiple forward chains are evaluated with different prioity,
all packets that pass the first one will be reevaluated again in the second chain.
To have an overall firewall concept with miniupnpd it is necessary to use existing
tables and hence to configure them in miniupnpd.

Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-11-27 21:49:21 +01:00
Thomas Bernard 9eb826a7eb
miniupnpd/Changelog.txt: update regarding merge of #562
see https://github.com/miniupnp/miniupnp/pull/562
2021-11-17 12:37:02 +01:00
Thomas BERNARD 9a5215c54a
Merge pull request #562 from svenauhagen/feature/nftablesnat
NFTables use nat chain for inet (instead of specific IPv4 chain)
2021-11-17 12:36:19 +01:00
Stijn Tintel 51a422407b miniupnpd/configure: don't hardcode iptables
The OpenWrt Makefile that builds miniupnpd passes the firewall argument
to the configure script, so this is not needed and it is blocking us
from using nftables instead, which will be the default backend for
firewall4 to be used in the next OpenWrt stable release.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-11-07 20:24:29 +02:00
Stijn Tintel 2b00c461fb treewide: s/OpenWRT/OpenWrt/
The correct spelling is OpenWrt.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-11-07 20:21:25 +02:00
Thomas Bernard 7634920f3c
Makefile.linux_nft: fix DEPFLAGS and make install 2021-09-30 23:20:52 +02:00
Thomas Bernard a933c76be4
Makefile.linux: fix install dependencies 2021-09-30 23:20:25 +02:00
Thomas Bernard 881ba06bc1
configure: warning when no libiptc pkg-config found 2021-09-30 01:49:30 +02:00
Thomas Bernard d2f558f659
configure: use 'command -v' instead of 'which' 2021-09-30 01:49:30 +02:00
Thomas Bernard 6e16650bc2
miniupnpd/configure: fix comparaison
[ "$IPTABLES_143" -eq 1 ]
doesn't work if $ITABLES_143 is empty
using instead :
 [ "$IPTABLES_143" = "1" ]
2021-09-30 01:49:30 +02:00
Thomas Bernard c88178650e
replace 'which' with 'command -v' 2021-09-30 01:49:30 +02:00
Thomas Bernard 5d315359aa
gitrev.mk: use gitlab-ci predefined variables 2021-09-30 01:49:29 +02:00
Thomas Bernard 50950a3520
iptcrdr.c: fix a potential double iptc_free(h)
closes #566
2021-09-28 22:47:05 +02:00
Pali Rohár 200d6c2509 miniupnpd: Add some missing checks when update_ext_ip_addr_from_stun() or getifaddr() fails
There is missing corner case check when these functions return failure.
Network in this case does not work, so disable port forwarding to prevent
returning incorrect response about port forwarding state.

Also explicitly set disable_port_forwarding to 0 on success to make code
more readable.
2021-08-31 21:34:27 +02:00
Michał Górny 2087e14b8e testgetifaddr.sh: Always use the first IP addr from 'ip -4 addr'
Terminate the awk after getting the first interface name and IP address
from 'ip -4 addr' output.  Otherwise, the test fails if the interface
in question has multiple IP addresses, as the test program returns
the first address, while awk prints all.
2021-08-22 09:53:31 +02:00
Michał Górny 8c1e5f9500 testgetifaddr.sh: Implement EXTIF fallback to 'ip -4 addr'
Fall back to getting the interface name from 'ip -4 addr' when there
is no default route.  In this case, the test simply uses the interface
providing the IP address for 'ip -4 addr' (since the command is
implicitly called with no interface argument).
2021-08-22 09:50:25 +02:00
Thomas Bernard df0fbf08b8 miniupnpd version 2.2.3 2021-08-21 11:17:30 +02:00
Thomas Bernard 92cf5c2f95 nftnlrdr_misc.c: 2021 2021-08-21 10:26:31 +02:00
Thomas Bernard 23edb7e5eb options.c: 2021 2021-08-21 10:24:22 +02:00
Thomas Bernard fec7d87f00 pcplearndscp.h: "new" website 2021-08-21 10:22:26 +02:00
Thomas Bernard 9dbee950ad
upnppinhole.c/.h: 2021 2021-08-21 10:14:28 +02:00
Thomas BERNARD 2115b8f8f0
Merge pull request #553 from ncopa/musl-libc-fix
miniupnpd: don't check for glibc version with musl
2021-08-21 09:52:06 +02:00
Sven Auhagen acc3bcb0a3 NFTables use inet nat chain
NFTables supports inet in the nat chain as well.
Use it instead of IPv4 chain so it is consistent with the filter chain.

Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-08-18 16:58:50 +01:00
Thomas Bernard 5d5a06c206
Changelog.txt: lease file for IPv6 pinholes
closes #18
2021-08-18 12:38:04 +02:00
Sven Auhagen 74dbad5ab0 IPv6 pinholes lease file
This patch adds a lease file for IPv6 pinholes.
The leases are maintained and readded when miniupnpd restarts.
Currently all IPv6 leases are lost on restart.

Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-08-18 11:06:12 +01:00
Thomas Bernard 46fedcbc32
update Changelog.txt
see #539
2021-08-12 23:19:14 +02:00
Thomas Bernard 32f1d4cd1a
upnpdescgen.c: rootDesc.xml skip DeviceProtection and WANIPv6FirewallControl when force_igd1
see #539
2021-08-12 23:19:14 +02:00
Thomas Bernard 4d4121bf40
upnpdescgen.c: move a variable declaration 2021-08-12 23:19:14 +02:00
Thomas Bernard 2f2685af97
upnphttp.c: detecting MS client and forcing IGD v1
should fix #539
2021-08-12 23:19:14 +02:00
Thomas Bernard d8e5659c7b
upnpdescgen.c: add force_igd1 param to XML description generation functions 2021-08-12 23:19:13 +02:00
Thomas Bernard 7c112e2b39 Merge commit '7ee554d31b47a7227ab85aa919792597ce78c81e' 2021-08-11 14:49:06 +02:00
Thomas Bernard f1388717af
miniupnpd.c: fix 1aa46b5a2c 2021-08-11 12:19:30 +02:00
Pali Rohár 7ee554d31b miniupnpd: Disable port forwarding when upstream interface is down
Obviously port forwarding cannot work when upstream interface is down. So
correctly report status code for port forwarding requests to clients in
this case.
2021-08-06 16:13:25 +02:00