dec239d340
pfpinhole.c: fix includes
2019-09-02 02:03:41 +02:00
5ab641e9e6
update Changelog
2019-09-02 01:01:43 +02:00
d1d7059e75
fix file modes for nft_display.sh (chmod +x)
2019-09-02 00:57:49 +02:00
62d62e4f88
Applied patch to OpenWRT compatibility
2019-09-02 00:28:45 +02:00
f24ca07640
Fix the error messages produced by nft_init.sh in normal operation. Simplify the script.
2019-08-31 23:22:30 -07:00
60b57a442a
Rework nft_removeall.sh to preserve nftables structures miniupnpd didn't add. Important for firewalld and sshguard co-existance.
2019-08-31 20:47:11 -07:00
6317e73342
iptpinhole.c: fix ressource leak in ip6tc_init_verify_append()
...
fixes #393
2019-08-24 10:55:33 +02:00
a77d1ff9d3
iptcrdr.c: memory allocation fix in get_portmappings_in_range()
...
fixes #394
2019-08-24 10:54:46 +02:00
4f8a4abcd1
nftnlrdr: list_redirect_rule() only in DEBUG
2019-06-30 22:23:36 +02:00
4e480a7c4e
nftnlrdr_misc.c: use syslog() instead of perror()
...
do not exit()
2019-06-30 22:02:15 +02:00
9402b49456
update headers
2019-06-30 21:51:15 +02:00
d8368f7651
test_nfct_get.c: openlog()
2019-06-30 21:50:55 +02:00
9070e175d4
Merge remote-tracking branch 'svenauhagen/fixes/nftablesipv6'
2019-06-30 21:25:01 +02:00
b377305db0
This commits fixes an error setting the NFT Chain in DNAT instead of Filter
2019-06-30 19:46:35 +02:00
b581b5d8af
pinhole fixes
2019-06-28 11:02:19 +02:00
3cf6efa912
miniupnpd/Changelog.txt update
2019-06-25 23:30:12 +02:00
f67f6ae5f0
NFTables fixes and scripts
...
This commit fixes the list detection and uses the inet chain for ipv4.
The scripts got reworked as well and a display script was added.
2019-06-25 09:44:51 +02:00
ee84a3949d
Update nftnlrdr_misc.h
...
Fix compiler warnings
2019-06-13 21:34:52 +02:00
00ff23c428
This commit fixes IPv4 and adds IPv6 pinhole to nftables.
...
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2019-06-12 23:09:20 +02:00
765156b04a
nftnlrdr.c: fix indent and spaces before eol
2019-06-04 23:02:52 +02:00
a1ceec3dba
miniupnpd: Allow to use two different network interfaces for IPv4 and IPv6 internet
...
-i / -I
ext_ifname= / ext_ifname6=
see :
df906367be
2019-05-21 10:42:40 +02:00
f89d01d06a
silent warning in GCC 7 (switch/case fallthrough)
2019-05-20 21:59:41 +02:00
585a1d64e2
getifaddr.c: properly use strncpy()
...
silent a gcc8 warning
2019-05-20 21:55:17 +02:00
08b80d5abd
miniupnpd: fix ssdp notify on unrelated interfaces
...
If several different interfaces share same ipv4 address on different
subnets (i.e. eth0 192.168.1.1/24 + eth1 192.168.1.1/16), miniupnpd
may pick any one of them, possibly wrong one w/o respecting exact
listening_ip interface.
syslog will contain something similar to:
miniupnpd: sendto(udp_notify=6, 192.168.1.1): No such device
miniupnpd: sendto(udp_notify=6, 192.168.1.1): No such device
miniupnpd: try_sendto(sock=6, len=464, dest=239.255.255.250:1900): sendto: No such device
miniupnpd: try_sendto(sock=6, len=464, dest=239.255.255.250:1900): sendto: No such device
miniupnpd: try_sendto failed to send 11 packets
Fix that with specifying exact outgoing mcast interface for each
notify socket with help of IP_MULTICAST_IF/mreqn struct.
Since OpenAndConfSSDPNotifySocket() now takes lan_addr_s struct,
OpenAndConfSSDPNotifySocketIPv6() was similary changed for api
consistency.
2019-05-02 15:36:06 +05:00
2ffc7afae9
minissdp.c: fix indentation
2019-05-02 12:09:28 +02:00
1ef1deec01
upnpevents.c: properly handle urls in the form http://ip:port
...
Fix buffer over-read in upnpevents.c with urls in the form http://ip:port
(without path).
Assume / when the path is empty
fixes #361
2019-04-09 22:06:21 +02:00
922372bff3
2019
2019-04-08 14:46:11 +02:00
2f16cf7387
AddPortMapping supports error 606 in IGDv2
...
see #359
2019-04-07 23:01:51 +02:00
e1b4f25bba
upnpreplyparse.c: Fix memory leak
...
If there are multiple NewPortListing tags,
there is a malloc() for each one.
fixes #357
2019-04-05 10:30:10 +02:00
a9a764cea9
update Changlogs.
2019-04-03 17:38:33 +02:00
8f403ae8ae
Makefile.linux: clean testminissdp.o and testssdppktgen.o
2019-03-22 15:36:58 +01:00
2d873ce908
miniupnpd_functions.sh parsing fix.
...
both MINIUPNPD and MINIUPNPD-PREROUTING were matched by
/$CHAIN/.
2019-03-22 15:35:23 +01:00
476974ab52
use iptables -I instead of -A to add rules
...
So the rules are added at the head of the chains, taking
priority over the preloaded rules.
should fix #354
2019-03-22 15:33:57 +01:00
c3f752db4a
miniupnpd/netfilter: fix iptables_init.sh for postrouting chain
...
should fix #334
2019-03-09 16:16:00 +01:00
dedbee16b1
AddAnyPortMapping: check against NULL
...
this avoids a crash in strcasecmp by passing an empty protocol argument
2019-03-09 10:24:38 +01:00
a613992892
update Changelog
2019-03-07 23:37:11 +01:00
e0ddc97997
Update portinuse code to reflect changes made in FreeBSD 12.0
...
Structures xtcpcb and xinpcb returned by the kernel
hide now part of its members after r315662. The fix
was inspired by changes made in usr.bin/systat/netstat.c
tool.
2019-03-07 17:22:36 +01:00
e0b5b4efe6
linux/getifstats.c: use custom strtoul() implementation to roll over after 2^32-1
...
fixes #349
http://upnp.org/specs/gw/UPnP-gw-WANCommonInterfaceConfig-v1-Service.pdf
2.2.9 2.2.10 2.2.11 2.2.12 :
This variable represents the cumulative counter for total number
of bytes sent upstream across all connection service instances on
WANDevice. The count rolls over to 0 after it reaching the maximum
value (2^32) –1
2019-02-12 15:10:49 +01:00
08e955de40
Update Changelogs + 2019
2019-02-10 16:11:16 +01:00
30a89be85e
update miniupnpd/minixml.h
2019-02-10 16:10:07 +01:00
e94a724ae5
Merge remote-tracking branch 'sorz/install-nft-script'
...
see pull request #345
2019-02-04 19:39:35 +01:00
51b5e09e04
miniupnpd: add secure compilation flags for Linux
2019-02-04 17:23:42 +02:00
f7d65cdaad
miniupnpd/netfilter/ipctcrdr.c: conditionnaly use NFC_UNKNOWN as well
...
fix #346
2019-02-03 19:04:44 +01:00
6106111972
miniupnpd/netfilter: build with linux kernel 5.0
...
should fix #346
2019-02-03 13:26:27 +01:00
510a6e9630
fix check of valid HTTPS socket
2019-01-23 09:25:10 +01:00
031915f856
Install nftables scripts
2019-01-18 16:21:25 +08:00
86030db849
fix error from commit 13585f15c7
2018-12-18 23:47:54 +01:00
cb8a02af7a
pcpserver.c: copyIPv6IfDifferent() check for NULL src argument
2018-12-18 23:04:14 +01:00
f321c2066b
upnp_redirect(): accept NULL desc argument
2018-12-18 22:59:18 +01:00
13585f15c7
GetOutboundPinholeTimeout: check args
2018-12-18 22:54:51 +01:00
bec6ccec63
upnp_event_prepare(): check the return value of snprintf()
2018-12-18 22:37:14 +01:00
6b4e9bd855
upnpstun.c: fix generate_transaction_id()
2018-12-15 18:02:46 +01:00
f6fc66ee41
avoid off-by-one buffer overread
...
similar to commit 9fcc0a72f0
2018-12-06 00:11:21 +01:00
e7fa40f60b
update INSTALL about running a NAT behind NAT setup.
...
also update 2017->2018
2018-10-31 18:33:56 +01:00
bde31cd4f1
update miniupnpd/Changelog.txt
2018-09-07 17:28:42 +02:00
95d707a71f
pcpserver.c: properly fill the opcode field of response
...
fixes #327
2018-09-07 17:24:43 +02:00
a2baa36312
Fix compilation with nftables
...
Fixes #324
2018-09-06 17:44:41 +02:00
11785205f1
Merge remote-tracking branch 'Lochnair/fix_nftables' into travis-ci-nftables
2018-07-15 12:59:25 +02:00
181428e843
miniupnpd: add update_portmappings functions for nft
2018-07-14 19:59:26 +02:00
ac796a4077
linux: add -lrt when building for glibc < 2.17
2018-07-14 14:23:13 +02:00
d27a3152bd
fix generate_transaction_id()
2018-07-06 15:29:15 +02:00
efe5d87103
LOG_WARNING if behind restrictive NAT
2018-07-06 14:41:04 +02:00
e6011dc534
miniupnpd: Allow to specify also port number in -o STUN: option
...
Also update help for -o STUN: option, it can take stun hostname too.
2018-07-06 14:38:37 +02:00
6e5a88098d
fix file headers (=>2018)
...
Signed-off-by: Thomas Bernard <miniupnp@free.fr>
2018-07-06 14:16:49 +02:00
d84e004849
Fix upnpstun.o dependencies
2018-07-06 14:16:07 +02:00
810cb665c2
Merge branch 'pr_307'
...
see #307
2018-07-06 13:40:18 +02:00
012cad4111
Makefile.linux: fix depends
2018-07-06 13:36:23 +02:00
b2343c87a7
Add STUN support
...
see #307
2018-07-06 13:33:33 +02:00
18ec4e88e7
asyncsendto.c: 2018
2018-07-06 13:31:44 +02:00
1da39554c7
fixes in upnpstun.c
...
Signed-off-by: Thomas Bernard <miniupnp@free.fr>
2018-07-06 13:31:26 +02:00
15b6f3e9c2
fixes in update_ext_ip_addr_from_stun()
...
Signed-off-by: Thomas Bernard <miniupnp@free.fr>
2018-07-06 13:29:33 +02:00
8bc6d6f556
PERFORMSTUN => PERFORMSTUNMASK. allow to specify stun using -o option
2018-07-06 13:23:22 +02:00
8c91ff515e
reserved[] is const
2018-07-06 13:20:30 +02:00
5262990d8e
miniupnpd: support newer libnftnl versions
2018-07-01 23:50:12 +02:00
ef179a45e3
do not check empty string with strlen(s) == 0
...
see #292
2018-06-01 10:55:45 +02:00
72005ce86a
add -w option to iptables.
...
see https://miniupnp.tuxfamily.org/forum/viewtopic.php?p=5113
Signed-off-by: Thomas Bernard <miniupnp@free.fr>
2018-05-29 12:26:33 +02:00
c1472ffe4e
miniupnpd: GetExternalIPAddress(): Instead of invalid IP address 0.0.0.0 returns error 501
...
IP address 0.0.0.0 is filled when it is not possible to retrieve IP address. According to specification, GetExternalIPAddress() can return error 501 when action failed.
2018-05-19 17:28:43 +02:00
8c97654d70
miniupnpd: When enabled perform STUN to learn external IP address and NAT type
...
Also enable port forwarding when direct (non-NAT) connection or unrestricted NAT 1:1 (without any filtering) is detected.
2018-05-19 13:32:42 +02:00
8e10a1aeab
miniupnpd: Disable port forwarding when we are behind restrictive nat with reserved / private IP address
...
In this case port forwarding is impossible, so rather return error code to the client instead of silently trying to do something and informing clients that port forwarding is enabled.
2018-05-19 13:32:04 +02:00
cce19781e6
miniupnpd: Add validation that public ip address is not reserved and is really public
...
This ensures that all requests for getting public IP address (either via UPnP IGD or PCP/PMP) would contain correct public IP address or an error (instead of some invalid private/reserved IP address).
2018-05-19 13:31:26 +02:00
c35935c61d
miniupnpd: Add function addr_is_reserved() to check if address is private/reserved and therefore not for public port forwarding
2018-05-19 13:31:14 +02:00
4f53b322fd
miniupnpd: Add function perform_stun() for detecting external IP address and restrictive NAT via STUN protocol
...
It automatically unblock selected UDP ports for incoming responses and after finishing ports unblock is removed.
2018-05-19 13:31:08 +02:00
cd7284785b
miniupnpd: Add function delete_filter_rule() also for PF and Linux Netfilter
...
It is needed for STUN implementation.
2018-05-19 13:31:02 +02:00
582375b64f
miniupnpd: VERSION 2.1
2018-05-08 23:40:27 +02:00
e11bbf0bc0
miniupnpd/pcp: Send PCP announcment at startup
...
fixes #254
2018-05-08 23:06:19 +02:00
b3849ef311
Fix OS detection for Debian kFreeBSD
2018-05-08 21:59:15 +08:00
d2bbdee995
fix typo introduced in 00abd9e6c8
2018-05-03 09:54:02 +02:00
a92138345b
add option LEASEFILE_USE_REMAINING_TIME
...
new function lease_file_rewrite()
that is called just before exiting, and when SIGUSR2 is received
see #295
2018-05-02 09:40:12 +02:00
d0e7958617
lease_file_remove(): replace strncpy/strncat by snprintf()
2018-05-01 13:04:20 +02:00
f6ac854f0f
miniupnpd: fix storing of unlimited lease time in lease_file
...
see #295
2018-05-01 11:26:49 +02:00
17773f0a72
if LEASEFILE_USE_REMAINING_TIME is defined, only the remaining time is stored
...
see #295
2018-04-30 17:25:26 +02:00
00abd9e6c8
miniupnpd: store UNIX time in lease_file
...
fixes #295
2018-04-30 16:59:40 +02:00
491ee9f8bf
miniupnpd/upnpevents.c: Add log when error
2018-04-27 00:08:06 +02:00
239d048489
Merge branch 'pf_use_ext_ip_addr'
2018-04-22 21:27:44 +02:00
5dcd40aece
netfilter/iptpinhole.c: remove warning: implicit declaration of function 'upnp_time'
...
fixes ef94635100
2018-04-22 21:24:30 +02:00
0366cd0ba0
replace strlen(s) > 0 by s[0] != '\0'
...
see #292
2018-04-22 21:21:58 +02:00
2b6fa0839f
no more strlen(xxx) == 0.
...
Fixes #292
2018-04-20 17:19:52 +02:00
53e8185725
miniupnpd/pf: set dst address in rule if use_ext_ip_addr is set
...
fixes #231
2018-04-12 11:36:12 +02:00
1fe8d21cf2
fixes #272
2018-04-12 10:49:53 +02:00
eaaf4f10ae
miniupnpd: introduce upnp_gettimeofday() which is monotonic :)
...
fixes #288
2018-04-12 10:07:11 +02:00
Thomas Bernard
Guilherme Senges
Paul Chambers
Sven Auhagen
Vladislav Grishenko
Steven Mestdagh
Rodrigo Osorio
Shachar Menashe
sorz
Pali Rohár
Nils Andreas Svee
yangfl