Thomas Bernard
d135bd3f6d
move definition of release_ticket() to rtickets.h
2023-12-30 00:30:06 +01:00
Thomas Bernard
6e8b02b715
obsdrdr.c: replace a few goto by break
...
see https://github.com/miniupnp/miniupnp/pull/674
2023-12-30 00:23:30 +01:00
Thomas Bernard
ee89fb5fa3
obsdrdr.c: check errors of inet_ntop()
2023-12-29 23:59:28 +01:00
Thomas Bernard
5380a08693
upnpsoap.c: fix ExecuteSoapAction
...
do not use strchr() to locate the " character at the end of the
string.
fixes #675
2023-12-29 18:24:50 +01:00
Thomas Bernard
84cd9e6289
upnpsoap.c: ExecuteSoapAction() use memchr() instead of strchr()
2023-12-29 18:22:38 +01:00
Michael Nickerson
b16787cd5f
Fix for OpenBSD 7.4
...
Fixes a change made in OpenBSD 7.4
2023-12-07 19:12:11 -05:00
Thomas Bernard
096478dce1
fix getifaddr() error case
...
see #670
2023-11-14 21:15:58 +01:00
yangfl
2c0c73a081
Quote paths in nft scripts to prevent word splitting.
2023-08-07 05:30:41 +08:00
Thomas Bernard
46bcbff321
Do not advertise DeviceProtection if it is disabled
2023-06-29 11:36:49 +02:00
Thomas Bernard
e8f8208e24
miniupnpd: Disable DeviceProtection service by default
2023-06-29 02:08:02 +02:00
Thomas Bernard
a1ade4532e
fix get_portmappings_in_range()
2023-06-27 01:50:31 +02:00
Thomas Bernard
ad3a610748
error 709 = NoTrafficReceived
2023-06-27 01:12:20 +02:00
Thomas Bernard
3a6feb49c0
configure: http => https
2023-06-27 01:00:07 +02:00
Thomas Bernard
8381867faf
Detect FDSSDP as a microsoft client
...
fixes 2f2685af97
so FDSSDP.dll (Function Discovery Simple Service Discovery Protocol)
client is properly detected.
2023-06-23 01:08:06 +02:00
Thomas Bernard
2ffaaba012
upnppermissions.c: fix compilation when DEBUG is defined
2023-06-12 00:04:56 +02:00
Thomas Bernard
f91a32ff02
miniupnpd: enable secure mode by default
2023-05-27 18:42:18 +02:00
Thomas Bernard
19aa26df7e
miniupnpd: add a short list of build-time options in --version output
2023-05-27 11:56:19 +02:00
Thomas Bernard
37c29a3716
miniupnpd: mention PCP in usage
2023-05-27 11:26:45 +02:00
Thomas Bernard
66c4921758
miniupnpd.conf: comments improvement
2023-05-27 11:24:03 +02:00
Thomas Bernard
02da7055fc
option enable_natpmp => enable_pcp_pmp
...
for backward compatibility, enable_natpmp is stick recognized
2023-05-27 11:21:21 +02:00
Thomas Bernard
ab57f7ca3a
miniupnpd.c: improve comments about SETFLAG(ENABLENATPMPMASK)
2023-05-27 11:20:29 +02:00
MoonlightWave-12
49991e00f6
miniupnpd.conf: Update the address of a STUN-server
...
See: https://stunprotocol.org/
Also: Adding more newlines for better readability.
2023-05-15 01:00:56 +02:00
Thomas Bernard
214deacb11
improve debug output in ProcessSSDPRequest()
...
see #655
2023-05-11 01:19:22 +02:00
Thomas Bernard
861298fa24
avoid realloc(p, 0) whose behavior is implementation-defined
...
fixes #652
see https://github.com/miniupnp/miniupnp/issues/652#issuecomment-1518922139
2023-04-23 11:51:11 +02:00
Thomas Bernard
5ca1a82f7f
zero the permission structure before parsing
...
should fix #652
2023-04-05 16:03:13 +02:00
Thomas Bernard
e439318cf7
miniupnpd 2.3.3
2023-02-17 04:09:33 +01:00
Thomas Bernard
6e8d0fa161
upnppermissions.h: fix build, because #define ENABLE_REGEX is in config.h
2023-02-11 23:53:38 +01:00
Thomas Bernard
ec48e04cd5
PinholeVerification(): use memcpy() to compare structures
...
fix 99fc9941aa
2023-02-11 23:36:56 +01:00
Thomas Bernard
99fc9941aa
Fix PinholeVerification()
...
see https://miniupnp.tuxfamily.org/forum/viewtopic.php?p=5847
2023-02-04 11:32:29 +01:00
Thomas Bernard
72b33d7145
update Changelog.txt ;)
...
see 7bd0877b8f
2023-01-28 16:43:25 +01:00
Thomas Bernard
8d3986f82c
upnppinhole.c: (c)2023 and https
2023-01-28 16:00:47 +01:00
Thomas Bernard
7bd0877b8f
upnp_add_inboundpinhole(): fix updating of leasetime for existing pinholes
...
upnp_update_inboundpinhole() takes the leasetime as an argument,
not the timestamp (= current_time + leasetime).
That was resulting in havin a timestamp very far in the future
see https://miniupnp.tuxfamily.org/forum/viewtopic.php?p=5840#
2023-01-28 15:58:57 +01:00
Thomas Bernard
57ae40fe10
miniupnpd: reject AddPinhole when InternalPort or RemortePort is empty
...
https://miniupnp.tuxfamily.org/forum/viewtopic.php?p=5839
2023-01-28 15:49:53 +01:00
Thomas Bernard
8ced59d384
2022 => 2023
2023-01-26 23:53:58 +01:00
Thomas Bernard
98cc9f1b43
miniupnpd.init.d.script: also run ip6tables_init/ip6tables_removeall scripts
...
for support of IPv6
see https://miniupnp.tuxfamily.org/forum/viewtopic.php?t=2338
2023-01-21 13:00:03 +01:00
Thomas Bernard
f4a739d730
miniupnpd version 2.3.2
2023-01-20 00:25:03 +01:00
Thomas Bernard
62e2ea175f
miniupnpd/Changelog.txt: Fix NFTables again (RULE_HANDLE using more than 32 bits)
...
see #582
2023-01-15 18:43:09 +01:00
Thomas Bernard
904dda47ed
nftnlrdr_misc.c: replace nftnl_rule_get_data() usage with specific nftnl_rule_get_*() functions
...
nftnl_rule_get_u32()
nftnl_rule_get_u64()
nftnl_rule_get_str()
closes #641
should fix #582
2023-01-14 19:18:37 +01:00
Thomas Bernard
67ea8c8bc3
nftnlrdr_misc.c: debug message about proto_min_reg/proto_min_val
2023-01-14 19:16:40 +01:00
Thomas Bernard
a1535b0488
2022
2022-10-21 21:36:05 +02:00
Thomas Bernard
fd62384959
miniupnpd: add option to match rules description with regex
2022-10-21 21:35:50 +02:00
yangfl
2ff8cb17da
miniupnpd: Add option to match rules with regex
...
Some reports that a certain app is abusing UPnP for exploiting upload
bandwidth. This commit adds support to restrict UPnP rules to a regex.
By matching requester's description string against rule's regex, this
will make some obstacles for that app.
2022-10-21 21:26:39 +02:00
Thomas Bernard
eb07f0c466
miniupnpd 2.3.1
2022-10-16 08:03:35 +02:00
Thomas Bernard
a4e12c01c4
miniupnpd: move READNU32/WRITENU32/etc. to rw_unaligned.h
2022-10-16 07:54:38 +02:00
Thomas Bernard
c13a4b15f1
upnpdescgen.c: include macros.h for UNUSED
...
fixes 3a2b15af4c
2022-10-16 07:43:42 +02:00
Thomas BERNARD
3f6350da6a
Merge pull request #630 from miniupnp/issue-628
...
fixes Issue 628 - bug on big endian
2022-10-16 07:33:19 +02:00
Thomas Bernard
3a2b15af4c
miniupnpd: fix warnings when compiling with IGD_V2 disabled
...
fixes #617
./upnpdescgen.c:946:1: warning: unused label 'unstack' [-Wunused-label]
unstack:
^~~~~~~~
./upnpdescgen.c:891:12: warning: unused parameter 'force_igd1' [-Wunused-parameter]
int force_igd1)
^
./upnpdescgen.c:1035:61: warning: unused parameter 'force_igd1' [-Wunused-parameter]
genServiceDesc(int * len, const struct serviceDesc * s, int force_igd1)
^
3 warnings generated.
2022-10-15 13:09:36 +02:00
Thomas Bernard
61127ca0be
nftnlrdr_misc.c: expr_set_reg_val_u16() has uint16_t arg
2022-10-10 02:33:04 +02:00
Thomas Bernard
890e4ec218
nftnlrdr_misc.c: fix parse_rule_immediate()
...
so it works correctly on both little endian and big endian CPUs
should fix #628
2022-10-10 02:32:58 +02:00
Thomas Bernard
8bbe1c1339
remove useless UNUSED()
2022-10-10 01:23:26 +02:00
Thomas Bernard
fa190f294a
pcpserver.c: fix type LOG_WARN => LOG_WARNING
...
fixes #620
2022-08-25 23:52:23 +02:00
Thomas Bernard
7b45ec940a
update changelog.
...
fixes #611
2022-08-06 11:27:35 +02:00
Thomas Bernard
b8d66c5f7c
pcpserver.c: rewrite DeletePCPMap() to work with netfilter_nft
...
try to fix #611
2022-07-01 07:15:36 +02:00
Thomas Bernard
16366f5db4
add debug logs in DeletePCPMap
2022-06-19 19:41:32 +02:00
Thomas Bernard
0cc037f8b0
update miniupnpd/Changelog.txt
2022-06-02 01:26:37 +02:00
Thomas Bernard
1cdf9ba744
Merge branch '529-port-triggering-openbsd'
...
fixes #529
2022-06-02 01:19:53 +02:00
Thomas Bernard
b734f94bdf
pcpserver.c: improve DeletePCPMap() error message
2022-05-18 11:25:32 +02:00
Thomas Bernard
047fe367dd
miniupnpd: improve configure script for cross builds
2022-05-18 09:55:52 +02:00
Thomas Bernard
2ede47be46
pf/obsdrdr.c: better document PFRULE_INOUT_COUNTS and PF_NEWSTYLE
2022-05-18 08:34:16 +02:00
Thomas Bernard
a255df2488
Dont create nat rule for Port Triggering, but a pass rule
...
should fix #529
2022-05-18 08:32:42 +02:00
Thomas Bernard
a6ca2b14c5
miniupnpd/nftnldr.c: init local var in update_portmapping()
...
see https://github.com/miniupnp/miniupnp/pull/607
rhost is not currently in use, but it might be some day.
2022-04-21 00:19:45 +02:00
Thomas Bernard
fda61180e0
iptpinhole.c: check inet_pton() return values
2022-03-19 18:50:58 +01:00
Thomas Bernard
c8476e6f16
miniupnpd.init.d.script: support nftables
...
fixes #594
2022-02-19 23:49:18 +01:00
Thomas Bernard
89c6556338
miniupnpd/ipfw: make it clear it is not working under FreeBSD
2022-02-19 22:49:14 +01:00
Thomas Bernard
c0d3a17650
pf: Use private WAN IP for NAT in double NAT setups
...
fixes #598
2022-02-19 20:19:34 +01:00
Thomas Bernard
5231397bd6
update Changelog and comments about commit 9500253
2022-02-19 20:03:30 +01:00
Thomas BERNARD
9e042264fa
Merge pull request #599 from jow-/master
...
Expose `USE_GETIFADDRS` and tweak `getifaddr()` behaviour
2022-02-19 18:50:39 +01:00
Sergey Ponomarev
af812c8775
Refine LICENSE so github can understand it ;)
...
see #592
also replace project specific files to symbolic link
2022-02-19 18:38:48 +01:00
Jo-Philipp Wich
95002535b3
getifaddr.c: prefer non-reserved over reserved addresses in `getifaddr()`
...
When iterating interface addresses obtained via `getifaddrs()`, don't
stop at the first found IPv4 address but continue checking all IPv4
addresses and prefer to use a non-reserved one in case an interface
has both reserved (private) and non-reserved (public) addresses
assigned.
After this fix, miniupnpd on OpenWrt is able to properly detect the
external IP address of an external interface with both a private
RFC1918 and a public IP assigned regardless of whether `getifaddrs()`
happens to return the private or the public IPv4 address first.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-16 17:58:42 +01:00
Jo-Philipp Wich
a28dec3c2d
configure: expose USE_GETIFADDRS configuration
...
The miniupnpd sources contain a working getifaddrs() based implementation
to fetch the IP address of an interface but that implementation is guarded
by a USE_GETIFADDRS define which can only be passed manually via CFLAGS.
Introduce a new `--getifaddrs` option to the configure script which can be
used to explicitly enable `getifaddrs()` usage.
Also extend the OpenWrt configuration case to enable `getifaddrs()` since
OpenWrt ships with a working implementation of it since several years
already.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-02-16 17:54:01 +01:00
Sergey Ponomarev
1479881003
minixml.c sync sources
...
In the commit a0573e2518
was fixed a buffer overflow in the minixml.c but it wasn't copied to upnpc-async.
To make comparison simpler the header was also synced
2022-01-27 11:29:16 +02:00
Thomas Bernard
9df2f43e08
miniupnpd: VERSION 2.3.0
2022-01-23 01:25:49 +01:00
Thomas Bernard
6576eb611b
version 2.3.0
2022-01-23 01:19:01 +01:00
Thomas Bernard
545d2b421c
2022
2022-01-23 01:18:49 +01:00
Brian John
87776e8345
Split "NAT" and "TABLE" for consistency
2022-01-01 16:58:55 -06:00
Brian John
8d061ecf65
Fix typo: should check for `$NAT_TABLE`
2022-01-01 16:17:31 -06:00
Brian John
69f01ffcc8
Spelling fix: routeing --> routing
2022-01-01 16:15:54 -06:00
Thomas Bernard
78823d762e
README.md: updated. fix titles
2021-12-16 00:29:39 +01:00
Thomas Bernard
2bfed34e8c
README.md: reformat chain/tables setup
...
fix 3129683cb3
2021-12-16 00:27:57 +01:00
Thomas Bernard
1a5cdc0a13
remove space before eol
2021-12-02 00:35:51 +01:00
Thomas Bernard
af0ee582d9
commonrdr.h: 2021
2021-12-02 00:06:24 +01:00
Thomas Bernard
97aa00f076
miniupnpd/Changelog.txt: update regarding #584 / 3129683c
2021-12-02 00:06:24 +01:00
Thomas Bernard
46ecef1365
miniupnpd.conf: default table name changed with #584 / 3129683c
2021-12-02 00:06:23 +01:00
Sven Auhagen
3129683cb3
NFTables use scripts to create tables and chains
...
To hardcode table and chain creation and deletion makes it impossible
for existing firewall infrastructures to integrate miniupnpd.
NFTables will either reevaluate packets through miniupnpd or
it will delete existing tables when there are already custom chains in it.
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-11-28 08:08:37 +01:00
Thomas Bernard
d4849fa08e
miniupnpd.conf: comments about netfilter table/chain names
2021-11-27 21:49:25 +01:00
Sven Auhagen
0b3f3e4029
NFTables make tables name configurable
...
Right now the table names are hardcoded and do not integrate with an overall
firewall strategy.
NFTables has restrictions on how packets are evaluated against chains.
For example if multiple forward chains are evaluated with different prioity,
all packets that pass the first one will be reevaluated again in the second chain.
To have an overall firewall concept with miniupnpd it is necessary to use existing
tables and hence to configure them in miniupnpd.
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-11-27 21:49:21 +01:00
Thomas Bernard
9eb826a7eb
miniupnpd/Changelog.txt: update regarding merge of #562
...
see https://github.com/miniupnp/miniupnp/pull/562
2021-11-17 12:37:02 +01:00
Thomas BERNARD
9a5215c54a
Merge pull request #562 from svenauhagen/feature/nftablesnat
...
NFTables use nat chain for inet (instead of specific IPv4 chain)
2021-11-17 12:36:19 +01:00
Stijn Tintel
51a422407b
miniupnpd/configure: don't hardcode iptables
...
The OpenWrt Makefile that builds miniupnpd passes the firewall argument
to the configure script, so this is not needed and it is blocking us
from using nftables instead, which will be the default backend for
firewall4 to be used in the next OpenWrt stable release.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-11-07 20:24:29 +02:00
Stijn Tintel
2b00c461fb
treewide: s/OpenWRT/OpenWrt/
...
The correct spelling is OpenWrt.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-11-07 20:21:25 +02:00
Thomas Bernard
7634920f3c
Makefile.linux_nft: fix DEPFLAGS and make install
2021-09-30 23:20:52 +02:00
Thomas Bernard
a933c76be4
Makefile.linux: fix install dependencies
2021-09-30 23:20:25 +02:00
Thomas Bernard
881ba06bc1
configure: warning when no libiptc pkg-config found
2021-09-30 01:49:30 +02:00
Thomas Bernard
d2f558f659
configure: use 'command -v' instead of 'which'
2021-09-30 01:49:30 +02:00
Thomas Bernard
6e16650bc2
miniupnpd/configure: fix comparaison
...
[ "$IPTABLES_143" -eq 1 ]
doesn't work if $ITABLES_143 is empty
using instead :
[ "$IPTABLES_143" = "1" ]
2021-09-30 01:49:30 +02:00
Thomas Bernard
c88178650e
replace 'which' with 'command -v'
2021-09-30 01:49:30 +02:00
Thomas Bernard
5d315359aa
gitrev.mk: use gitlab-ci predefined variables
2021-09-30 01:49:29 +02:00
Thomas Bernard
50950a3520
iptcrdr.c: fix a potential double iptc_free(h)
...
closes #566
2021-09-28 22:47:05 +02:00
Pali Rohár
200d6c2509
miniupnpd: Add some missing checks when update_ext_ip_addr_from_stun() or getifaddr() fails
...
There is missing corner case check when these functions return failure.
Network in this case does not work, so disable port forwarding to prevent
returning incorrect response about port forwarding state.
Also explicitly set disable_port_forwarding to 0 on success to make code
more readable.
2021-08-31 21:34:27 +02:00
Michał Górny
2087e14b8e
testgetifaddr.sh: Always use the first IP addr from 'ip -4 addr'
...
Terminate the awk after getting the first interface name and IP address
from 'ip -4 addr' output. Otherwise, the test fails if the interface
in question has multiple IP addresses, as the test program returns
the first address, while awk prints all.
2021-08-22 09:53:31 +02:00