563576878c
Merge branch 'pf-nat-rules'
2020-06-06 19:39:08 +02:00
0af141d9c5
miniupnpd: fix processing of v4 M-SEARCH received on v6 socket
...
So we don't answer with the v6 LOCATION to v4 clients anymore !
should fix #467
see #461
2020-06-05 22:39:59 +02:00
409ba9c0f2
nftpinhole.c: fix get_pinhole_info()
...
this whole file should be reviewed carefully
fixes #459
2020-06-05 10:36:17 +02:00
3716381308
improve syslog in PinholeVerification()
2020-06-05 10:19:15 +02:00
d5ba9c368e
fix memroy leak in PinholeVerification()
...
see #459
2020-06-05 10:13:13 +02:00
f151cc1dd4
minor checks on PCPSendUnsolicitedAnnounce()
2020-06-04 00:56:16 +02:00
45191081f1
fix 9b32a523bf
2020-06-04 00:46:41 +02:00
9b32a523bf
improve get_redirect_rule_count() for netfilter_nft too
2020-06-04 00:37:17 +02:00
95d611e7a0
fix 67465c3cc0
2020-06-04 00:30:01 +02:00
26c46e5a49
improve upnp_get_portmapping_number_of_entries()
2020-06-04 00:27:49 +02:00
ddf328845a
keep memory of ./configure parameters
2020-06-03 23:54:24 +02:00
8a665a1c8e
configure --disable-fork to disable going to background
...
fixes #468
2020-06-03 23:43:58 +02:00
eaf23f0d10
fix bug introduced in d458f1a222
...
dev is also used in pfpinhole.c and should be global
2020-06-03 23:15:28 +02:00
67465c3cc0
OpenBSD: Disable pledge()
...
see #455
2020-06-03 23:11:15 +02:00
e1f3478519
miniupnpd/netfilter_nft: fix get_redirect_rule_by_index()
...
should fix #462
2020-06-03 00:30:14 +02:00
c8cbf9f6ce
miniupnpd/netfilter_nft: replace calls to inet_ntoa by inet_ntop()
2020-06-03 00:30:09 +02:00
bc645c108d
same fix as 827fc6f04 for SendSSDPGoodbye()
...
see #459
2020-06-02 09:08:59 +02:00
b8c8cec26b
fix bug introduced in c3d71b97ab
...
see #459
2020-06-02 09:02:45 +02:00
fb63cf3455
miniupnpd/netfilter_nft: properly store timestamps
...
should fix #466
2020-06-02 01:00:04 +02:00
c0ea7926c0
upnpdescgen.c: error message when memory alloc fails
2020-06-02 00:24:15 +02:00
7b9489fb84
the buffer passed to mnl_nlmsg_batch_start() must be double of MNL_SOCKET_BUFFER_SIZE
...
see https://www.netfilter.org/projects/libmnl/doxygen/html/group__batch.html
http://www.lt.netfilter.org/projects/libmnl/doxygen/group__batch.html#ga28488fc4dee4c3e9eda5918f049db2af
2020-06-02 00:07:39 +02:00
5dbdc50aa7
check return value of nftnl_expr_get()
2020-06-01 20:20:29 +02:00
1e37a9f7b5
improve parse_rule_cmp()
...
see #459
2020-06-01 20:14:20 +02:00
c09f485482
nftnlrdr.c: fix writing to iaddr instead of rhost
...
fixes #462
https://github.com/miniupnp/miniupnp/issues/462
https://github.com/miniupnp/miniupnp/issues/459#issuecomment-636402954
2020-06-01 17:56:38 +02:00
c3d71b97ab
nftnlrdr_misc.c: malloc/memcpy instead of strndup()
...
see #466
2020-06-01 17:35:26 +02:00
3b20182c86
miniupnpd/upnpdescgen.c: check string length before memcmp() in genServiceDesc()
...
see https://github.com/miniupnp/miniupnp/issues/459
2020-05-30 11:06:24 +02:00
a711165e6e
miniupnpd: improve AddAnyPortMapping()
...
try with next port when -3 permission check failed
see #465
2020-05-30 10:29:24 +02:00
a30e3de4ba
miniupnpd/netfilter_nft: add debug messages about lease timestamps/duration
...
in order to debug issue #466
2020-05-30 10:09:22 +02:00
f97367c87d
miniupnpd/p: delete_nat_rule()
...
also clear_nat_rules()
2020-05-30 00:32:29 +02:00
6cd5ca6e9a
call nftnl_rule_is_set(NFTNL_RULE_USERDATA) before nftnl_rule_get_data(NFTNL_RULE_USERDATA)
...
see #459 and #461
2020-05-29 18:10:30 +02:00
827fc6f041
miniupnpd: prevent buffer overread of known_devices_types
...
should fix #459
2020-05-29 18:01:39 +02:00
7be0b48022
fix GetExternalIPAddress()
...
a bug was introduced by cce19781e6fix #460
2020-05-29 08:55:44 +02:00
e3395f12fc
miniupnpd/pf: minor changes
2020-05-21 02:24:59 +02:00
2cf50c57fa
miniupnpd/pf: add_nat_rule()
2020-05-21 02:24:39 +02:00
abefb6c6d0
miniupnpd/pf: fix test
2020-05-21 02:21:49 +02:00
d458f1a222
minor stuff
2020-05-17 23:16:45 +02:00
e823722b5d
some cp implementations do not support the -v option
2020-05-11 23:31:53 +02:00
02e41f7346
miniupnpd: BSD: allow to build from another directory
...
$ cd miniupnpd
$ mkdir build
$ cd build
$ ../configure && make
2020-05-11 23:30:19 +02:00
384f6592a8
miniupnpd: update Changelog
2020-05-10 20:01:30 +02:00
f9002bfaa7
https://miniupnp.tuxfamily.org/
2020-05-10 20:01:24 +02:00
a04d6d405d
miniupnpd/Makefile.linux_nft: update CFLAGS / LDFLAGS
2020-05-10 20:00:50 +02:00
e166f541e8
=> 2020
2020-05-10 20:00:37 +02:00
194566a5bd
support for libcap-ng
...
fixes #405
2020-05-10 15:34:45 +02:00
5abb714d34
drop linux capabilities
2020-05-10 15:34:44 +02:00
9e41cad6a8
upnpstun.c: TEST: Require root user
...
New version of /sbin/iptables binary prints nonsense error message when is
called by ordinary non-root user:
iptables v1.8.2 (nf_tables): unknown option "--dport"
Under root user it works correctly and understands --dport argument.
/sbin/iptables binary obviously does not work without root user, so rather
print error message as debugging why /sbin/iptables printed that nonsense
error message about unknown option.
2020-05-08 16:32:16 +02:00
0cad5296c6
upnpstun.c: TEST: Redirect syslog() call to printf()
...
When compiling Testing Linux application, replace syslog() call by
printf(). openlog() does not honor LOG_CONS flag, it works only when
application cannot connect to syslog (which is rare). There is way to force
syslog() call to print to stdout, so replace openlog() and syslog() calls
by normal printf() call via preprocessor macro when compiling Testing Linux
application.
2020-05-08 16:29:31 +02:00
d7f60e3fdf
upnpstun.c: Show more debug information
2020-05-08 16:26:39 +02:00
92a1ee9a7d
upnpstun.c: Parse more fields from STUN packet
...
These fields are sent by e.g. stun.ekiga.net
2020-05-08 16:25:43 +02:00
420cfaf208
upnpstun.c: Do not stop processing STUN packet when XOR-MAPPED-ADDRESS is found
2020-05-08 16:23:58 +02:00
388d93d678
minipnpd: move check target to check.mk
2020-05-07 01:02:48 +02:00
2b4d9f5ee5
miniupnpd: fix build for nftables
2020-05-07 00:47:26 +02:00
44c30b0a4e
miniupnpd: fix build for nftables
2020-05-07 00:41:59 +02:00
1cdc352788
miniupnpd/testupnppermissions.sh: do not require bash or ksh anymore
2020-05-07 00:34:44 +02:00
ea90d39892
miniupnpd: update linux makefiles
2020-05-07 00:34:44 +02:00
4f67061e08
miniupnpd: allow to build in another directory. use .d for depends
2020-05-07 00:34:40 +02:00
9ffc336b5c
linux: detect libcap-ng or libcap
2020-05-04 00:09:42 +02:00
ca0a3b30ba
miniupnpd: update Changelog.txt
2020-05-04 00:08:50 +02:00
55d2535a6f
miniupnpd: move many scripts from Makefile.linux to configure
2020-05-02 18:28:05 +02:00
1833a538ef
miniupnpd/Makefile.linux: move some compile config to configure script
2020-05-02 18:28:00 +02:00
125030132e
genconfig.sh -> configure
2020-05-02 18:26:45 +02:00
69137442fb
Makefile => Makefile.bsd
...
copy the right Makefile to "Makefile"
TODO : rename genconfig.sh to configure
2020-05-02 18:26:36 +02:00
2a8368a2de
gitrev.mk: CFLAGS => CPPFLAGS
2020-05-02 18:25:48 +02:00
7800de9429
miniupnpd: fix for bridges
...
you now can setup :
listening_ip=igb1 bridge0 xxx0 xxx1 ...
miniupnpd will use igd1 address, but will not complain when receiving
packets from either igb1, bridge0, xxx0 or xxx1
fixes #379
see also #408
2020-04-29 00:03:54 +02:00
a965520085
fix warning (int promotion)
...
also add (c) Thomas Bernard
2020-04-29 00:01:44 +02:00
fcac8b9690
upnpstun.c: support for more attributes types
...
0x0009: /* ERROR-CODE */
0x0020: /* XOR-MAPPED-ADDRESS (RFC 5389) */
0x802b: /* RESPONSE-ORIGIN (RFC 5780) */
0x802c: /* OTHER-ADDRESS (RFC 5780) */
2020-04-21 23:25:17 +02:00
78956a97df
upnpstun.c: improve error and debug log
2020-04-21 23:24:58 +02:00
38c3419ea5
miniupnpd/Changelog.txt: update about e49d44f700
2020-04-21 18:38:09 +02:00
e49d44f700
miniupnpd: set SNAT to support bidirectional mapping
...
we cannot expect that iport == eport on all the case in firewall.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2020-04-21 07:41:58 +08:00
db82286683
genconfig.sh: allow --firewall option on BSD's too
2020-04-21 00:24:11 +02:00
89e63507ac
Remove FW API detecting code from Makefile (BSD)
...
generate bsdmake.inc
2020-04-21 00:24:07 +02:00
07abee862c
miniupnpd: Fix "IGD2 Port Triggering" in update_portmapping()
2020-04-20 23:37:24 +02:00
7662088603
miniupnpd: fix typo
...
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2020-04-20 15:05:13 +08:00
93c89c209c
miniupnpd: update snat rules on update_portmapping
...
We forget to update the snat rule when update the
portmapping.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2020-04-20 15:05:00 +08:00
c51c5b7d58
miniupnpd: be more explicit about usage of ext_ip= in double nat setups
2020-04-12 19:44:27 +02:00
3f04f7992c
miniupnpd/pf: disabled setting dst address in rule by default
...
see #433
was introduced by 53e8185725fix #231
2020-04-12 19:30:37 +02:00
a774830fe0
miniupnpd: Option to disable IPv6 at runtime : -4 / ipv6_disable=yes
2020-04-09 21:12:20 +02:00
040fbc40f8
miniupnpd/Makefile: fix FreeBSD firewall detection
...
see 5e11ef3245fixes #431
2020-04-06 12:00:09 +02:00
c3fab25f86
update Changelog.txt
2020-03-29 11:08:15 +02:00
5e11ef3245
miniupnpd: fix FreeBSD Firewall detection
...
fixes #431
2020-03-29 10:54:26 +02:00
05e09f9e6d
fix build for macos
2020-03-21 17:38:46 +08:00
5eaf3ec0fe
Correct typo
2020-03-05 22:46:01 +09:00
927e2f3666
miniupnpd/Changelog.txt: update
2019-12-24 01:38:55 +01:00
351b28c5ad
Fix PCPSendUnsolicitedAnnounce() when IPv6 is not available
...
IPV6 can be enabled at compile time but unavailable at runtime
see https://miniupnp.tuxfamily.org/forum/viewtopic.php?t=2395
2019-12-18 01:18:56 +01:00
533f46cb7e
Add OpenEmbedded cross compile case
...
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-11-01 08:24:51 -07:00
aa08b09068
miniupnpd version prints backend
2019-10-22 20:11:02 +02:00
1876efc823
https://miniupnp.tuxfamily.org/
2019-10-22 20:11:02 +02:00
733c3c25f7
INSTALL: update about apt-get packages to install for nftables
2019-10-22 17:49:48 +02:00
0d7ccf1388
2019
2019-10-06 22:53:20 +02:00
d17912b95b
ignore validateversion
2019-10-06 22:44:32 +02:00
ce9cf89f07
Makefile.linux_nft: fix depends
2019-10-06 22:41:47 +02:00
f200b1b7e8
netfilter_nft/nftpinhole.c: fix after function renames
...
nft_send_request() => nft_send_rule()
reflesh_nft_cache_filter() => refresh_nft_cache_filter()
2019-10-06 22:30:36 +02:00
8ac3784fe2
Merge branch 'version'
2019-10-06 22:17:25 +02:00
913194cf75
Move print_rule to the file it's used in.
2019-10-06 21:47:50 +02:00
9d1680455e
cleanup some formatting inconsistencies
2019-10-06 21:38:58 +02:00
4ac428cbc9
netfilter_nft: remove dead code
2019-10-06 21:25:03 +02:00
35fa178ec8
encapsulate debug printing of rules. keeps stack layout the same between debug & non-debug builds.
2019-10-06 21:15:25 +02:00
a87011f933
fix checking of "~Man:" header"
...
bug introduced in 3571a41d1b
2019-10-06 00:17:52 +02:00
b747e222a8
miniupnpd/.gitignore: dox/
2019-10-05 23:55:44 +02:00
0a35f97db7
Makefile.linux: validate version
2019-10-05 22:44:36 +02:00
49d3b57441
miniupnpd: Add --version commandline option
...
fixes #370
2019-10-05 22:44:31 +02:00
700b86eeda
compatibility with OpenSSL 1.1.x
...
Use OpenSSL TLS_server_method() instead of TLSv1_server_method()
Also fix ERR_remove_state(0) call
2019-10-05 22:44:31 +02:00
123e589266
establish persistent mnl/netlink socket at init_redirect (needs elevated privileges)
2019-10-05 22:39:05 +02:00
22223da9a1
use OpenBSD pledge() to drop privileges
...
To be tested
see #405
2019-10-03 23:23:53 +02:00
174db857f8
fix end of file
2019-10-03 00:15:50 +02:00
49a60028e7
2019
2019-10-03 00:15:32 +02:00
6f4057ee82
update Changelog.txt
2019-10-03 00:15:13 +02:00
57bc67f72a
2019
2019-10-02 23:42:55 +02:00
7ea314412c
make rdr_name_type enum values more unique
2019-10-02 23:42:15 +02:00
b36a6e94f8
NFT_RULE_USERDATA is sized, not null-terminated. Must use strndup()
2019-10-02 23:42:15 +02:00
fda82bceef
remove lingering debug stuff, add my name to file headers
2019-10-02 13:08:22 -07:00
dcad93615f
set the family attribute on the chain
2019-10-01 01:12:10 -07:00
2a496a1c1c
Minimize attributes set if chain_op is not NFT_MSG_NEWCHAIN
2019-10-01 00:40:05 -07:00
6a53e6e765
use the same name for all three tables, like sshguard does
2019-09-30 11:20:16 -07:00
13b63da3fb
bump the priority of miniupnpd's forward chain, so it processes packets before other filter chains
2019-09-30 09:40:40 -07:00
75bdb777cf
rework nft-specific globals, create & destroy tables/chains at init & shutdown
2019-09-30 00:12:08 -07:00
d5773600f9
add --firewall=<name> to genconfig.sh & tweak Makefiles to match
2019-09-28 22:17:51 -07:00
48f2339759
parse_rule_cmp: promote repeated code in cases outside the switch
2019-09-27 21:25:34 -07:00
dbdaabd21e
insert omitted break statements causing compiler warnings
2019-09-27 21:00:28 -07:00
b5021ef57f
suppress warnings for some intentional fallthrough cases in switch statements
2019-09-27 20:47:53 -07:00
2c45b0793e
fix genconfig.sh for OpenBSD
...
see 70a215d693
2019-09-26 23:46:24 +02:00
ace2250533
cast time_t to long long instead of long
2019-09-24 16:07:42 +02:00
70a215d693
net.inet6.ip6.v6only has been removed in recent OpenBSD versions
2019-09-24 16:06:38 +02:00
8c00d0747a
include <sys/select.h> for fd_set
2019-09-24 16:06:12 +02:00
2917d99c58
2019
2019-09-24 16:05:44 +02:00
a6291ca391
update miniupnpd/Changelog.txt and README
2019-09-24 13:02:20 +02:00
1976452125
handle both IP_PKTINFO and IP_RECVIF defined.
...
fixes #391
2019-09-24 12:26:57 +02:00
8cb006c538
macros.h: add FALL_THROUGH macro
2019-09-24 12:04:40 +02:00
ed9ef746a0
Distinguish between iptables and nftables in genconfig.sh, adding USE_IPTABLES or USE_NFTABLES defines.
2019-09-24 11:57:39 +02:00
81e0d83403
build doc with Doxygen
2019-09-24 11:57:27 +02:00
8a56bb50cf
add 'dox' make target for nftables, which generates docs using doxygen. Also modify the uuid in the installed copy of miniupnpd.conf, not the pristine local copy that is under revision control.
2019-09-17 18:22:11 -07:00
dec239d340
pfpinhole.c: fix includes
2019-09-02 02:03:41 +02:00
5ab641e9e6
update Changelog
2019-09-02 01:01:43 +02:00
d1d7059e75
fix file modes for nft_display.sh (chmod +x)
2019-09-02 00:57:49 +02:00
62d62e4f88
Applied patch to OpenWRT compatibility
2019-09-02 00:28:45 +02:00
f24ca07640
Fix the error messages produced by nft_init.sh in normal operation. Simplify the script.
2019-08-31 23:22:30 -07:00
60b57a442a
Rework nft_removeall.sh to preserve nftables structures miniupnpd didn't add. Important for firewalld and sshguard co-existance.
2019-08-31 20:47:11 -07:00
6317e73342
iptpinhole.c: fix ressource leak in ip6tc_init_verify_append()
...
fixes #393
2019-08-24 10:55:33 +02:00
a77d1ff9d3
iptcrdr.c: memory allocation fix in get_portmappings_in_range()
...
fixes #394
2019-08-24 10:54:46 +02:00
4f8a4abcd1
nftnlrdr: list_redirect_rule() only in DEBUG
2019-06-30 22:23:36 +02:00
4e480a7c4e
nftnlrdr_misc.c: use syslog() instead of perror()
...
do not exit()
2019-06-30 22:02:15 +02:00
9402b49456
update headers
2019-06-30 21:51:15 +02:00
d8368f7651
test_nfct_get.c: openlog()
2019-06-30 21:50:55 +02:00
9070e175d4
Merge remote-tracking branch 'svenauhagen/fixes/nftablesipv6'
2019-06-30 21:25:01 +02:00
b377305db0
This commits fixes an error setting the NFT Chain in DNAT instead of Filter
2019-06-30 19:46:35 +02:00
b581b5d8af
pinhole fixes
2019-06-28 11:02:19 +02:00
3cf6efa912
miniupnpd/Changelog.txt update
2019-06-25 23:30:12 +02:00
f67f6ae5f0
NFTables fixes and scripts
...
This commit fixes the list detection and uses the inet chain for ipv4.
The scripts got reworked as well and a display script was added.
2019-06-25 09:44:51 +02:00
ee84a3949d
Update nftnlrdr_misc.h
...
Fix compiler warnings
2019-06-13 21:34:52 +02:00
00ff23c428
This commit fixes IPv4 and adds IPv6 pinhole to nftables.
...
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2019-06-12 23:09:20 +02:00
765156b04a
nftnlrdr.c: fix indent and spaces before eol
2019-06-04 23:02:52 +02:00
Thomas Bernard
Pali Rohár
Chen Minqiang
Blink
HanJong Jang
Khem Raj
Paul Chambers
Guilherme Senges
Sven Auhagen