121 Commits

Author SHA1 Message Date
Thomas Bernard
8bbe1c1339 remove useless UNUSED() 2022-10-10 01:23:26 +02:00
Thomas Bernard
a6ca2b14c5
miniupnpd/nftnldr.c: init local var in update_portmapping()
see https://github.com/miniupnp/miniupnp/pull/607
rhost is not currently in use, but it might be some day.
2022-04-21 00:19:45 +02:00
Brian John
87776e8345 Split "NAT" and "TABLE" for consistency 2022-01-01 16:58:55 -06:00
Brian John
8d061ecf65 Fix typo: should check for $NAT_TABLE 2022-01-01 16:17:31 -06:00
Brian John
69f01ffcc8 Spelling fix: routeing --> routing 2022-01-01 16:15:54 -06:00
Thomas Bernard
78823d762e
README.md: updated. fix titles 2021-12-16 00:29:39 +01:00
Thomas Bernard
2bfed34e8c
README.md: reformat chain/tables setup
fix 3129683cb335fa8559928d4b8557248f3bc1bc51
2021-12-16 00:27:57 +01:00
Thomas Bernard
1a5cdc0a13 remove space before eol 2021-12-02 00:35:51 +01:00
Sven Auhagen
3129683cb3 NFTables use scripts to create tables and chains
To hardcode table and chain creation and deletion makes it impossible
for existing firewall infrastructures to integrate miniupnpd.
NFTables will either reevaluate packets through miniupnpd or
it will delete existing tables when there are already custom chains in it.

Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-11-28 08:08:37 +01:00
Sven Auhagen
0b3f3e4029
NFTables make tables name configurable
Right now the table names are hardcoded and do not integrate with an overall
firewall strategy.
NFTables has restrictions on how packets are evaluated against chains.
For example if multiple forward chains are evaluated with different prioity,
all packets that pass the first one will be reevaluated again in the second chain.
To have an overall firewall concept with miniupnpd it is necessary to use existing
tables and hence to configure them in miniupnpd.

Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-11-27 21:49:21 +01:00
Thomas BERNARD
9a5215c54a
Merge pull request #562 from svenauhagen/feature/nftablesnat
NFTables use nat chain for inet (instead of specific IPv4 chain)
2021-11-17 12:36:19 +01:00
Thomas Bernard
92cf5c2f95 nftnlrdr_misc.c: 2021 2021-08-21 10:26:31 +02:00
Sven Auhagen
acc3bcb0a3 NFTables use inet nat chain
NFTables supports inet in the nat chain as well.
Use it instead of IPv4 chain so it is consistent with the filter chain.

Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-08-18 16:58:50 +01:00
Thomas Bernard
97b7ec1ad2
normalize use of __STDC_VERSION__ 2021-06-17 09:25:26 +02:00
Thomas Bernard
f50f00b5ea
errno.h not sys/errno.h 2020-11-11 13:24:48 +01:00
Thomas Bernard
5e7f8b5183 netfilter_nft/nftnlrdr_misc.h: comment 2020-10-22 21:39:41 +02:00
Thomas Bernard
3a17dea056 pass rule type to the private arg of mnl_cb_run() callback
should fix #481
2020-10-17 23:20:29 +02:00
Thomas Bernard
2595275eb5 netfilter_nft: build testing 2020-10-17 22:52:34 +02:00
Thomas Bernard
992565201b fix testnftnlrdr.c 2020-09-29 01:00:29 +02:00
BERNARD Thomas
91ff44c9d2 netfilter_nft: fix test stuff 2020-09-29 00:43:55 +02:00
Thomas Bernard
11dec5b25c fix log 2020-09-29 00:17:58 +02:00
Thomas Bernard
61d4aecb6e fix warning 2020-09-28 21:58:08 +02:00
Thomas Bernard
7db8ef0921 fix c9f6ddd 2020-09-28 21:57:50 +02:00
Thomas Bernard
c9f6ddd102
miniupnpd/netfilter_nft: more logs in set_rdr_name()
see #481
2020-09-26 17:42:26 +02:00
Thomas Bernard
d7b40010d5
nftnlrdr_misc.c: add log in case of send_batch() failure
useful for #481
2020-07-09 11:16:47 +02:00
Thomas Bernard
86b6aad797
ido not use depreacted nftnl_rule_set() and nftnl_chain_set()
now uses nftnl_rule_set_str() and nftnl_chain_set_str()
fixes #476
2020-06-10 11:55:42 +02:00
Thomas Bernard
92ec4d05ab
nftnlrdr_misc.c: fix a memory leak in table_cb() 2020-06-08 10:08:44 +02:00
Thomas Bernard
5f66d1852d
rewrite send_batch() for clarity 2020-06-07 21:43:03 +02:00
Thomas Bernard
f23c3e68aa fix previous commit 2020-06-07 21:30:12 +02:00
Thomas Bernard
8ad596d846
fix previous commit
fixes a7eeb5938f11e034d1035843d2923872107e96d4
2020-06-07 21:02:51 +02:00
Thomas Bernard
a7eeb5938f
improved error handling in parse_rule_nat() 2020-06-07 20:58:25 +02:00
Thomas Bernard
d41aceffb5
improve table_cb() to remove memory leak 2020-06-07 20:12:12 +02:00
Thomas Bernard
a64d4f937b
rewrite table_cb() to better handle errors 2020-06-07 20:00:52 +02:00
Thomas Bernard
70b9526834
remove unecessary if in flush_nft_cache() 2020-06-07 19:58:48 +02:00
Thomas Bernard
7245a68e5c improve error handling in nft_mnl_connect() 2020-06-07 19:57:29 +02:00
Thomas Bernard
ed48113355
refresh_nft_cache() return error status
fixes 037639c07a3b4a72ec4606f96774f9b6a8c4be69
2020-06-07 19:56:03 +02:00
Thomas Bernard
037639c07a
improve error handling in refresh_nft_cache() and send_batch()
to help debug #474
2020-06-07 19:29:22 +02:00
Thomas Bernard
409ba9c0f2
nftpinhole.c: fix get_pinhole_info()
this whole file should be reviewed carefully

fixes #459
2020-06-05 10:36:17 +02:00
Thomas Bernard
45191081f1
fix 9b32a523bf284a661310b22b3fe8716ab31294ca 2020-06-04 00:46:41 +02:00
Thomas Bernard
9b32a523bf
improve get_redirect_rule_count() for netfilter_nft too 2020-06-04 00:37:17 +02:00
Thomas Bernard
e1f3478519
miniupnpd/netfilter_nft: fix get_redirect_rule_by_index()
should fix #462
2020-06-03 00:30:14 +02:00
Thomas Bernard
c8cbf9f6ce
miniupnpd/netfilter_nft: replace calls to inet_ntoa by inet_ntop() 2020-06-03 00:30:09 +02:00
Thomas Bernard
b8c8cec26b
fix bug introduced in c3d71b97abf943eb3c4937cb50db549e6ad74f05
see #459
2020-06-02 09:02:45 +02:00
Thomas Bernard
fb63cf3455
miniupnpd/netfilter_nft: properly store timestamps
should fix #466
2020-06-02 01:00:04 +02:00
Thomas Bernard
7b9489fb84
the buffer passed to mnl_nlmsg_batch_start() must be double of MNL_SOCKET_BUFFER_SIZE
see https://www.netfilter.org/projects/libmnl/doxygen/html/group__batch.html
http://www.lt.netfilter.org/projects/libmnl/doxygen/group__batch.html#ga28488fc4dee4c3e9eda5918f049db2af
2020-06-02 00:07:39 +02:00
Thomas Bernard
5dbdc50aa7 check return value of nftnl_expr_get() 2020-06-01 20:20:29 +02:00
Thomas Bernard
1e37a9f7b5
improve parse_rule_cmp()
see #459
2020-06-01 20:14:20 +02:00
Thomas Bernard
c09f485482
nftnlrdr.c: fix writing to iaddr instead of rhost
fixes #462
https://github.com/miniupnp/miniupnp/issues/462
https://github.com/miniupnp/miniupnp/issues/459#issuecomment-636402954
2020-06-01 17:56:38 +02:00
Thomas Bernard
c3d71b97ab nftnlrdr_misc.c: malloc/memcpy instead of strndup()
see #466
2020-06-01 17:35:26 +02:00
Thomas Bernard
a30e3de4ba
miniupnpd/netfilter_nft: add debug messages about lease timestamps/duration
in order to debug issue #466
2020-05-30 10:09:22 +02:00