Thomas Bernard
f200b1b7e8
netfilter_nft/nftpinhole.c: fix after function renames
...
nft_send_request() => nft_send_rule()
reflesh_nft_cache_filter() => refresh_nft_cache_filter()
2019-10-06 22:30:36 +02:00
Thomas Bernard
8ac3784fe2
Merge branch 'version'
2019-10-06 22:17:25 +02:00
Paul Chambers
913194cf75
Move print_rule to the file it's used in.
2019-10-06 21:47:50 +02:00
Paul Chambers
9d1680455e
cleanup some formatting inconsistencies
2019-10-06 21:38:58 +02:00
Thomas Bernard
4ac428cbc9
netfilter_nft: remove dead code
2019-10-06 21:25:03 +02:00
Paul Chambers
35fa178ec8
encapsulate debug printing of rules. keeps stack layout the same between debug & non-debug builds.
2019-10-06 21:15:25 +02:00
Thomas Bernard
a87011f933
fix checking of "~Man:" header"
...
bug introduced in 3571a41d1b
2019-10-06 00:17:52 +02:00
Thomas Bernard
b747e222a8
miniupnpd/.gitignore: dox/
2019-10-05 23:55:44 +02:00
Thomas Bernard
0a35f97db7
Makefile.linux: validate version
2019-10-05 22:44:36 +02:00
Thomas Bernard
49d3b57441
miniupnpd: Add --version commandline option
...
fixes #370
2019-10-05 22:44:31 +02:00
Thomas Bernard
700b86eeda
compatibility with OpenSSL 1.1.x
...
Use OpenSSL TLS_server_method() instead of TLSv1_server_method()
Also fix ERR_remove_state(0) call
2019-10-05 22:44:31 +02:00
Paul Chambers
123e589266
establish persistent mnl/netlink socket at init_redirect (needs elevated privileges)
2019-10-05 22:39:05 +02:00
Thomas Bernard
22223da9a1
use OpenBSD pledge() to drop privileges
...
To be tested
see #405
2019-10-03 23:23:53 +02:00
Thomas Bernard
174db857f8
fix end of file
2019-10-03 00:15:50 +02:00
Thomas Bernard
49a60028e7
2019
2019-10-03 00:15:32 +02:00
Thomas Bernard
6f4057ee82
update Changelog.txt
2019-10-03 00:15:13 +02:00
Thomas Bernard
57bc67f72a
2019
2019-10-02 23:42:55 +02:00
Paul Chambers
7ea314412c
make rdr_name_type enum values more unique
2019-10-02 23:42:15 +02:00
Paul Chambers
b36a6e94f8
NFT_RULE_USERDATA is sized, not null-terminated. Must use strndup()
2019-10-02 23:42:15 +02:00
Paul Chambers
fda82bceef
remove lingering debug stuff, add my name to file headers
2019-10-02 13:08:22 -07:00
Paul Chambers
dcad93615f
set the family attribute on the chain
2019-10-01 01:12:10 -07:00
Paul Chambers
2a496a1c1c
Minimize attributes set if chain_op is not NFT_MSG_NEWCHAIN
2019-10-01 00:40:05 -07:00
Paul Chambers
6a53e6e765
use the same name for all three tables, like sshguard does
2019-09-30 11:20:16 -07:00
Paul Chambers
13b63da3fb
bump the priority of miniupnpd's forward chain, so it processes packets before other filter chains
2019-09-30 09:40:40 -07:00
Paul Chambers
75bdb777cf
rework nft-specific globals, create & destroy tables/chains at init & shutdown
2019-09-30 00:12:08 -07:00
Paul Chambers
d5773600f9
add --firewall=<name> to genconfig.sh & tweak Makefiles to match
2019-09-28 22:17:51 -07:00
Paul Chambers
48f2339759
parse_rule_cmp: promote repeated code in cases outside the switch
2019-09-27 21:25:34 -07:00
Paul Chambers
dbdaabd21e
insert omitted break statements causing compiler warnings
2019-09-27 21:00:28 -07:00
Paul Chambers
b5021ef57f
suppress warnings for some intentional fallthrough cases in switch statements
2019-09-27 20:47:53 -07:00
Thomas Bernard
2c45b0793e
fix genconfig.sh for OpenBSD
...
see 70a215d693
2019-09-26 23:46:24 +02:00
Thomas Bernard
ace2250533
cast time_t to long long instead of long
2019-09-24 16:07:42 +02:00
Thomas Bernard
70a215d693
net.inet6.ip6.v6only has been removed in recent OpenBSD versions
2019-09-24 16:06:38 +02:00
Thomas Bernard
8c00d0747a
include <sys/select.h> for fd_set
2019-09-24 16:06:12 +02:00
Thomas Bernard
2917d99c58
2019
2019-09-24 16:05:44 +02:00
Thomas Bernard
a6291ca391
update miniupnpd/Changelog.txt and README
2019-09-24 13:02:20 +02:00
Thomas Bernard
1976452125
handle both IP_PKTINFO and IP_RECVIF defined.
...
fixes #391
2019-09-24 12:26:57 +02:00
Thomas Bernard
8cb006c538
macros.h: add FALL_THROUGH macro
2019-09-24 12:04:40 +02:00
Paul Chambers
ed9ef746a0
Distinguish between iptables and nftables in genconfig.sh, adding USE_IPTABLES or USE_NFTABLES defines.
2019-09-24 11:57:39 +02:00
Thomas Bernard
81e0d83403
build doc with Doxygen
2019-09-24 11:57:27 +02:00
Paul Chambers
8a56bb50cf
add 'dox' make target for nftables, which generates docs using doxygen. Also modify the uuid in the installed copy of miniupnpd.conf, not the pristine local copy that is under revision control.
2019-09-17 18:22:11 -07:00
Thomas Bernard
dec239d340
pfpinhole.c: fix includes
2019-09-02 02:03:41 +02:00
Thomas Bernard
5ab641e9e6
update Changelog
2019-09-02 01:01:43 +02:00
Thomas Bernard
d1d7059e75
fix file modes for nft_display.sh (chmod +x)
2019-09-02 00:57:49 +02:00
Guilherme Senges
62d62e4f88
Applied patch to OpenWRT compatibility
2019-09-02 00:28:45 +02:00
Paul Chambers
f24ca07640
Fix the error messages produced by nft_init.sh in normal operation. Simplify the script.
2019-08-31 23:22:30 -07:00
Paul Chambers
60b57a442a
Rework nft_removeall.sh to preserve nftables structures miniupnpd didn't add. Important for firewalld and sshguard co-existance.
2019-08-31 20:47:11 -07:00
Thomas Bernard
6317e73342
iptpinhole.c: fix ressource leak in ip6tc_init_verify_append()
...
fixes #393
2019-08-24 10:55:33 +02:00
Thomas Bernard
a77d1ff9d3
iptcrdr.c: memory allocation fix in get_portmappings_in_range()
...
fixes #394
2019-08-24 10:54:46 +02:00
Thomas Bernard
4f8a4abcd1
nftnlrdr: list_redirect_rule() only in DEBUG
2019-06-30 22:23:36 +02:00
Thomas Bernard
4e480a7c4e
nftnlrdr_misc.c: use syslog() instead of perror()
...
do not exit()
2019-06-30 22:02:15 +02:00
Thomas Bernard
9402b49456
update headers
2019-06-30 21:51:15 +02:00
Thomas Bernard
d8368f7651
test_nfct_get.c: openlog()
2019-06-30 21:50:55 +02:00
Thomas Bernard
9070e175d4
Merge remote-tracking branch 'svenauhagen/fixes/nftablesipv6'
2019-06-30 21:25:01 +02:00
Sven Auhagen
b377305db0
This commits fixes an error setting the NFT Chain in DNAT instead of Filter
2019-06-30 19:46:35 +02:00
Sven Auhagen
b581b5d8af
pinhole fixes
2019-06-28 11:02:19 +02:00
Thomas Bernard
3cf6efa912
miniupnpd/Changelog.txt update
2019-06-25 23:30:12 +02:00
Sven Auhagen
f67f6ae5f0
NFTables fixes and scripts
...
This commit fixes the list detection and uses the inet chain for ipv4.
The scripts got reworked as well and a display script was added.
2019-06-25 09:44:51 +02:00
sven
ee84a3949d
Update nftnlrdr_misc.h
...
Fix compiler warnings
2019-06-13 21:34:52 +02:00
Sven Auhagen
00ff23c428
This commit fixes IPv4 and adds IPv6 pinhole to nftables.
...
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2019-06-12 23:09:20 +02:00
Thomas Bernard
765156b04a
nftnlrdr.c: fix indent and spaces before eol
2019-06-04 23:02:52 +02:00
Thomas Bernard
a1ceec3dba
miniupnpd: Allow to use two different network interfaces for IPv4 and IPv6 internet
...
-i / -I
ext_ifname= / ext_ifname6=
see :
df906367be
/
thanks to "sfstudio"
2019-05-21 10:42:40 +02:00
Thomas Bernard
f89d01d06a
silent warning in GCC 7 (switch/case fallthrough)
2019-05-20 21:59:41 +02:00
Thomas Bernard
585a1d64e2
getifaddr.c: properly use strncpy()
...
silent a gcc8 warning
2019-05-20 21:55:17 +02:00
Vladislav Grishenko
08b80d5abd
miniupnpd: fix ssdp notify on unrelated interfaces
...
If several different interfaces share same ipv4 address on different
subnets (i.e. eth0 192.168.1.1/24 + eth1 192.168.1.1/16), miniupnpd
may pick any one of them, possibly wrong one w/o respecting exact
listening_ip interface.
syslog will contain something similar to:
miniupnpd: sendto(udp_notify=6, 192.168.1.1): No such device
miniupnpd: sendto(udp_notify=6, 192.168.1.1): No such device
miniupnpd: try_sendto(sock=6, len=464, dest=239.255.255.250:1900): sendto: No such device
miniupnpd: try_sendto(sock=6, len=464, dest=239.255.255.250:1900): sendto: No such device
miniupnpd: try_sendto failed to send 11 packets
Fix that with specifying exact outgoing mcast interface for each
notify socket with help of IP_MULTICAST_IF/mreqn struct.
Since OpenAndConfSSDPNotifySocket() now takes lan_addr_s struct,
OpenAndConfSSDPNotifySocketIPv6() was similary changed for api
consistency.
2019-05-02 15:36:06 +05:00
Thomas Bernard
2ffc7afae9
minissdp.c: fix indentation
2019-05-02 12:09:28 +02:00
Thomas Bernard
1ef1deec01
upnpevents.c: properly handle urls in the form http://ip:port
...
Fix buffer over-read in upnpevents.c with urls in the form http://ip:port
(without path).
Assume / when the path is empty
fixes #361
2019-04-09 22:06:21 +02:00
Thomas Bernard
922372bff3
2019
2019-04-08 14:46:11 +02:00
Thomas Bernard
2f16cf7387
AddPortMapping supports error 606 in IGDv2
...
see #359
2019-04-07 23:01:51 +02:00
Thomas Bernard
e1b4f25bba
upnpreplyparse.c: Fix memory leak
...
If there are multiple NewPortListing tags,
there is a malloc() for each one.
fixes #357
2019-04-05 10:30:10 +02:00
Thomas Bernard
a9a764cea9
update Changlogs.
2019-04-03 17:38:33 +02:00
Thomas Bernard
8f403ae8ae
Makefile.linux: clean testminissdp.o and testssdppktgen.o
2019-03-22 15:36:58 +01:00
Thomas Bernard
2d873ce908
miniupnpd_functions.sh parsing fix.
...
both MINIUPNPD and MINIUPNPD-PREROUTING were matched by
/$CHAIN/.
2019-03-22 15:35:23 +01:00
Thomas Bernard
476974ab52
use iptables -I instead of -A to add rules
...
So the rules are added at the head of the chains, taking
priority over the preloaded rules.
should fix #354
2019-03-22 15:33:57 +01:00
Thomas Bernard
c3f752db4a
miniupnpd/netfilter: fix iptables_init.sh for postrouting chain
...
should fix #334
2019-03-09 16:16:00 +01:00
Steven Mestdagh
dedbee16b1
AddAnyPortMapping: check against NULL
...
this avoids a crash in strcasecmp by passing an empty protocol argument
2019-03-09 10:24:38 +01:00
Thomas Bernard
a613992892
update Changelog
2019-03-07 23:37:11 +01:00
Rodrigo Osorio
e0ddc97997
Update portinuse code to reflect changes made in FreeBSD 12.0
...
Structures xtcpcb and xinpcb returned by the kernel
hide now part of its members after r315662. The fix
was inspired by changes made in usr.bin/systat/netstat.c
tool.
2019-03-07 17:22:36 +01:00
Thomas Bernard
e0b5b4efe6
linux/getifstats.c: use custom strtoul() implementation to roll over after 2^32-1
...
fixes #349
http://upnp.org/specs/gw/UPnP-gw-WANCommonInterfaceConfig-v1-Service.pdf
2.2.9 2.2.10 2.2.11 2.2.12 :
This variable represents the cumulative counter for total number
of bytes sent upstream across all connection service instances on
WANDevice. The count rolls over to 0 after it reaching the maximum
value (2^32) –1
2019-02-12 15:10:49 +01:00
Thomas Bernard
08e955de40
Update Changelogs + 2019
2019-02-10 16:11:16 +01:00
Thomas Bernard
30a89be85e
update miniupnpd/minixml.h
2019-02-10 16:10:07 +01:00
Thomas Bernard
e94a724ae5
Merge remote-tracking branch 'sorz/install-nft-script'
...
see pull request #345
2019-02-04 19:39:35 +01:00
Shachar Menashe
51b5e09e04
miniupnpd: add secure compilation flags for Linux
2019-02-04 17:23:42 +02:00
Thomas Bernard
f7d65cdaad
miniupnpd/netfilter/ipctcrdr.c: conditionnaly use NFC_UNKNOWN as well
...
fix #346
2019-02-03 19:04:44 +01:00
Thomas Bernard
6106111972
miniupnpd/netfilter: build with linux kernel 5.0
...
should fix #346
2019-02-03 13:26:27 +01:00
Thomas Bernard
510a6e9630
fix check of valid HTTPS socket
2019-01-23 09:25:10 +01:00
sorz
031915f856
Install nftables scripts
2019-01-18 16:21:25 +08:00
Thomas Bernard
86030db849
fix error from commit 13585f15c7
2018-12-18 23:47:54 +01:00
Thomas Bernard
cb8a02af7a
pcpserver.c: copyIPv6IfDifferent() check for NULL src argument
2018-12-18 23:04:14 +01:00
Thomas Bernard
f321c2066b
upnp_redirect(): accept NULL desc argument
2018-12-18 22:59:18 +01:00
Thomas Bernard
13585f15c7
GetOutboundPinholeTimeout: check args
2018-12-18 22:54:51 +01:00
Thomas Bernard
bec6ccec63
upnp_event_prepare(): check the return value of snprintf()
2018-12-18 22:37:14 +01:00
Thomas Bernard
6b4e9bd855
upnpstun.c: fix generate_transaction_id()
2018-12-15 18:02:46 +01:00
Steven Mestdagh
f6fc66ee41
avoid off-by-one buffer overread
...
similar to commit 9fcc0a72f0
2018-12-06 00:11:21 +01:00
Thomas Bernard
e7fa40f60b
update INSTALL about running a NAT behind NAT setup.
...
also update 2017->2018
2018-10-31 18:33:56 +01:00
Thomas Bernard
bde31cd4f1
update miniupnpd/Changelog.txt
2018-09-07 17:28:42 +02:00
Thomas Bernard
95d707a71f
pcpserver.c: properly fill the opcode field of response
...
fixes #327
2018-09-07 17:24:43 +02:00
Pali Rohár
a2baa36312
Fix compilation with nftables
...
Fixes #324
2018-09-06 17:44:41 +02:00
Thomas Bernard
11785205f1
Merge remote-tracking branch 'Lochnair/fix_nftables' into travis-ci-nftables
2018-07-15 12:59:25 +02:00
Nils Andreas Svee
181428e843
miniupnpd: add update_portmappings functions for nft
2018-07-14 19:59:26 +02:00
Thomas Bernard
ac796a4077
linux: add -lrt when building for glibc < 2.17
2018-07-14 14:23:13 +02:00