Thomas Bernard
|
70b9526834
|
remove unecessary if in flush_nft_cache()
|
2020-06-07 19:58:48 +02:00 |
Thomas Bernard
|
7245a68e5c
|
improve error handling in nft_mnl_connect()
|
2020-06-07 19:57:29 +02:00 |
Thomas Bernard
|
ed48113355
|
refresh_nft_cache() return error status
fixes 037639c07a
|
2020-06-07 19:56:03 +02:00 |
Thomas Bernard
|
037639c07a
|
improve error handling in refresh_nft_cache() and send_batch()
to help debug #474
|
2020-06-07 19:29:22 +02:00 |
Thomas Bernard
|
409ba9c0f2
|
nftpinhole.c: fix get_pinhole_info()
this whole file should be reviewed carefully
fixes #459
|
2020-06-05 10:36:17 +02:00 |
Thomas Bernard
|
45191081f1
|
fix 9b32a523bf
|
2020-06-04 00:46:41 +02:00 |
Thomas Bernard
|
9b32a523bf
|
improve get_redirect_rule_count() for netfilter_nft too
|
2020-06-04 00:37:17 +02:00 |
Thomas Bernard
|
e1f3478519
|
miniupnpd/netfilter_nft: fix get_redirect_rule_by_index()
should fix #462
|
2020-06-03 00:30:14 +02:00 |
Thomas Bernard
|
c8cbf9f6ce
|
miniupnpd/netfilter_nft: replace calls to inet_ntoa by inet_ntop()
|
2020-06-03 00:30:09 +02:00 |
Thomas Bernard
|
b8c8cec26b
|
fix bug introduced in c3d71b97ab
see #459
|
2020-06-02 09:02:45 +02:00 |
Thomas Bernard
|
fb63cf3455
|
miniupnpd/netfilter_nft: properly store timestamps
should fix #466
|
2020-06-02 01:00:04 +02:00 |
Thomas Bernard
|
7b9489fb84
|
the buffer passed to mnl_nlmsg_batch_start() must be double of MNL_SOCKET_BUFFER_SIZE
see https://www.netfilter.org/projects/libmnl/doxygen/html/group__batch.html
http://www.lt.netfilter.org/projects/libmnl/doxygen/group__batch.html#ga28488fc4dee4c3e9eda5918f049db2af
|
2020-06-02 00:07:39 +02:00 |
Thomas Bernard
|
5dbdc50aa7
|
check return value of nftnl_expr_get()
|
2020-06-01 20:20:29 +02:00 |
Thomas Bernard
|
1e37a9f7b5
|
improve parse_rule_cmp()
see #459
|
2020-06-01 20:14:20 +02:00 |
Thomas Bernard
|
c09f485482
|
nftnlrdr.c: fix writing to iaddr instead of rhost
fixes #462
https://github.com/miniupnp/miniupnp/issues/462
https://github.com/miniupnp/miniupnp/issues/459#issuecomment-636402954
|
2020-06-01 17:56:38 +02:00 |
Thomas Bernard
|
c3d71b97ab
|
nftnlrdr_misc.c: malloc/memcpy instead of strndup()
see #466
|
2020-06-01 17:35:26 +02:00 |
Thomas Bernard
|
a30e3de4ba
|
miniupnpd/netfilter_nft: add debug messages about lease timestamps/duration
in order to debug issue #466
|
2020-05-30 10:09:22 +02:00 |
Thomas Bernard
|
6cd5ca6e9a
|
call nftnl_rule_is_set(NFTNL_RULE_USERDATA) before nftnl_rule_get_data(NFTNL_RULE_USERDATA)
see #459 and #461
|
2020-05-29 18:10:30 +02:00 |
Thomas Bernard
|
e166f541e8
|
=> 2020
|
2020-05-10 20:00:37 +02:00 |
Thomas Bernard
|
2b4d9f5ee5
|
miniupnpd: fix build for nftables
|
2020-05-07 00:47:26 +02:00 |
Thomas Bernard
|
0d7ccf1388
|
2019
|
2019-10-06 22:53:20 +02:00 |
Thomas Bernard
|
f200b1b7e8
|
netfilter_nft/nftpinhole.c: fix after function renames
nft_send_request() => nft_send_rule()
reflesh_nft_cache_filter() => refresh_nft_cache_filter()
|
2019-10-06 22:30:36 +02:00 |
Paul Chambers
|
913194cf75
|
Move print_rule to the file it's used in.
|
2019-10-06 21:47:50 +02:00 |
Paul Chambers
|
9d1680455e
|
cleanup some formatting inconsistencies
|
2019-10-06 21:38:58 +02:00 |
Thomas Bernard
|
4ac428cbc9
|
netfilter_nft: remove dead code
|
2019-10-06 21:25:03 +02:00 |
Paul Chambers
|
35fa178ec8
|
encapsulate debug printing of rules. keeps stack layout the same between debug & non-debug builds.
|
2019-10-06 21:15:25 +02:00 |
Paul Chambers
|
123e589266
|
establish persistent mnl/netlink socket at init_redirect (needs elevated privileges)
|
2019-10-05 22:39:05 +02:00 |
Thomas Bernard
|
174db857f8
|
fix end of file
|
2019-10-03 00:15:50 +02:00 |
Paul Chambers
|
7ea314412c
|
make rdr_name_type enum values more unique
|
2019-10-02 23:42:15 +02:00 |
Paul Chambers
|
b36a6e94f8
|
NFT_RULE_USERDATA is sized, not null-terminated. Must use strndup()
|
2019-10-02 23:42:15 +02:00 |
Paul Chambers
|
fda82bceef
|
remove lingering debug stuff, add my name to file headers
|
2019-10-02 13:08:22 -07:00 |
Paul Chambers
|
dcad93615f
|
set the family attribute on the chain
|
2019-10-01 01:12:10 -07:00 |
Paul Chambers
|
2a496a1c1c
|
Minimize attributes set if chain_op is not NFT_MSG_NEWCHAIN
|
2019-10-01 00:40:05 -07:00 |
Paul Chambers
|
6a53e6e765
|
use the same name for all three tables, like sshguard does
|
2019-09-30 11:20:16 -07:00 |
Paul Chambers
|
13b63da3fb
|
bump the priority of miniupnpd's forward chain, so it processes packets before other filter chains
|
2019-09-30 09:40:40 -07:00 |
Paul Chambers
|
75bdb777cf
|
rework nft-specific globals, create & destroy tables/chains at init & shutdown
|
2019-09-30 00:12:08 -07:00 |
Paul Chambers
|
48f2339759
|
parse_rule_cmp: promote repeated code in cases outside the switch
|
2019-09-27 21:25:34 -07:00 |
Paul Chambers
|
dbdaabd21e
|
insert omitted break statements causing compiler warnings
|
2019-09-27 21:00:28 -07:00 |
Thomas Bernard
|
d1d7059e75
|
fix file modes for nft_display.sh (chmod +x)
|
2019-09-02 00:57:49 +02:00 |
Paul Chambers
|
f24ca07640
|
Fix the error messages produced by nft_init.sh in normal operation. Simplify the script.
|
2019-08-31 23:22:30 -07:00 |
Paul Chambers
|
60b57a442a
|
Rework nft_removeall.sh to preserve nftables structures miniupnpd didn't add. Important for firewalld and sshguard co-existance.
|
2019-08-31 20:47:11 -07:00 |
Thomas Bernard
|
4f8a4abcd1
|
nftnlrdr: list_redirect_rule() only in DEBUG
|
2019-06-30 22:23:36 +02:00 |
Thomas Bernard
|
4e480a7c4e
|
nftnlrdr_misc.c: use syslog() instead of perror()
do not exit()
|
2019-06-30 22:02:15 +02:00 |
Thomas Bernard
|
9402b49456
|
update headers
|
2019-06-30 21:51:15 +02:00 |
Thomas Bernard
|
d8368f7651
|
test_nfct_get.c: openlog()
|
2019-06-30 21:50:55 +02:00 |
Thomas Bernard
|
9070e175d4
|
Merge remote-tracking branch 'svenauhagen/fixes/nftablesipv6'
|
2019-06-30 21:25:01 +02:00 |
Sven Auhagen
|
b377305db0
|
This commits fixes an error setting the NFT Chain in DNAT instead of Filter
|
2019-06-30 19:46:35 +02:00 |
Sven Auhagen
|
b581b5d8af
|
pinhole fixes
|
2019-06-28 11:02:19 +02:00 |
Sven Auhagen
|
f67f6ae5f0
|
NFTables fixes and scripts
This commit fixes the list detection and uses the inet chain for ipv4.
The scripts got reworked as well and a display script was added.
|
2019-06-25 09:44:51 +02:00 |
sven
|
ee84a3949d
|
Update nftnlrdr_misc.h
Fix compiler warnings
|
2019-06-13 21:34:52 +02:00 |