Commit Graph

45 Commits

Author SHA1 Message Date
yangfl 2ff8cb17da miniupnpd: Add option to match rules with regex
Some reports that a certain app is abusing UPnP for exploiting upload
bandwidth. This commit adds support to restrict UPnP rules to a regex.
By matching requester's description string against rule's regex, this
will make some obstacles for that app.
2022-10-21 21:26:39 +02:00
Thomas Bernard a4e12c01c4
miniupnpd: move READNU32/WRITENU32/etc. to rw_unaligned.h 2022-10-16 07:54:38 +02:00
Thomas Bernard 2917d99c58 2019 2019-09-24 16:05:44 +02:00
Pali Rohár cce19781e6 miniupnpd: Add validation that public ip address is not reserved and is really public
This ensures that all requests for getting public IP address (either via UPnP IGD or PCP/PMP) would contain correct public IP address or an error (instead of some invalid private/reserved IP address).
2018-05-19 13:31:26 +02:00
Thomas Bernard dd2aa84204 miniupnpd: use monotonic clock for timeouts, etc.
fixes 

also changed set_startup_time()
2018-03-13 11:43:07 +01:00
Thomas Bernard cc0fad78d7 miniupnpd: use epoch_origin for NAT-PMP as well
see 
2017-11-27 23:02:34 +01:00
Thomas Bernard ba9315b9b4 natpmp.c: improve error logging 2017-11-05 11:10:13 +01:00
Thomas Bernard a6b947e0ca move READNUxx/WRITENUxx macros to macros.h 2015-09-21 23:58:00 +02:00
Thomas Bernard a43beeccf1 fix minor typo 2015-05-27 15:31:49 +02:00
Thomas Bernard c7d7efd230 fix realloc failure issues detected thanks to cppcheck 2015-02-08 10:23:22 +01:00
Thomas Bernard bbb6df523d miniupnpd/natpmp.c: #if IPV6_PKTINFO => #ifdef IPV6_PKTINFO 2014-12-31 01:38:15 +01:00
Thomas Bernard fb1aba3c9a miniupnpd/natpmp.c: fix walktrough of mapping "list" for NATPMP removal 2014-10-23 18:00:24 +02:00
Thomas Bernard 350ca199c4 miniupnpd/natpmp.c: Properly implements NAT-PMP mapping removal
fixes 
2014-10-23 17:57:31 +02:00
sbyx ef408d0857 Fix typo in byte conversion & writing in NAT-PMP
This fixes https://github.com/miniupnp/miniupnp/issues/89.

Signed-off-by: Steven Barth <cyrus@openwrt.org>
2014-07-31 08:43:48 +02:00
Thomas Bernard d851ad4c25 miniupnpd: Retreive PCP packed IPV6 destination address 2014-05-19 15:27:34 +02:00
Thomas Bernard d31badae7d miniupnpd/natpmp.c: replace macros by functions
see commit 67c28e7f8b (and comments)
2014-04-21 21:36:45 +02:00
Thomas Bernard 67c28e7f8b miniupnpd/natpmp.c: Remove pointer casting, avoid possibility of unaligned memory access 2014-04-14 22:50:11 +02:00
Thomas Bernard 08127b85d4 Merge branch 'portinuse'
Conflicts:
	miniupnpd/Makefile.linux
2014-03-28 12:52:18 +01:00
Thomas Bernard ad88cc0819 miniupnpd: start work to enable IPv6 PCP operations 2014-03-24 12:07:31 +01:00
Thomas Bernard 6419602e14 miniupnpd/portinuse: port_in_use() returns -1 in case of error 2014-03-20 13:49:10 +01:00
Thomas Bernard c4e63048c4 miniupnpd: add CHECK_PORTINUSE to enable/disable port_in_use() 2014-03-13 14:48:52 +01:00
Thomas Bernard 06764123fb Merge remote branch 'origin/master' into portinuse
Conflicts:
	miniupnpd/Makefile.linux
	miniupnpd/natpmp.c
2014-03-13 14:19:44 +01:00
Thomas Bernard 210876f2a7 miniupnpd/natpmp.c: make indentation consistant and add a comment 2014-03-11 09:47:09 +01:00
Daniel Becker 4f160366bd miniupnpd/natpmp.c: remove obsolete assignment
The eport_first variable now gets initialized in the first
iteration of the while loop; the assignment right before the
loop should have been removed in the previous commit.
2014-03-10 11:14:49 -07:00
Daniel Becker f4f4573f53 miniupnpd: fix eport selection and error handling
The find_available_eport function that was intended to check if
at least one eport is allowed for a given iaddr/iport does not
work as intended; for example, it does not properly handle rule
precedence (i.e., it considers allow rules even if they are
effectively masked by earlier deny rules), and it also does not
handle the case where no rules are specified at all (which
should default to accept in order to be consistent with
check_upnp_rule_against_permissions). The present change removes
this function and instead integrates the check into the existing
while loop that iterates over all eports.
2014-03-10 00:32:23 -07:00
Thomas BERNARD 0ff8e67c26 Merge pull request from razzfazz/natpmp_avoid_port_zero
miniupnpd/natpmp.c: skip port zero when finding free eport
2014-03-08 01:03:43 +01:00
Daniel Becker 1db670d6ff miniupnpd/natpmp.c: skip port zero when finding free eport
When skipping ports that are in use or not allowed, the existing
NAT-PMP code will consider port zero as a candidate eport after
wraparound occurs. Since this is not a legal port, we skip over it.

port zero as an eport value.
2014-03-07 11:02:04 -08:00
Daniel Becker ba04327bb0 miniupnpd/natpmp.c: remove redundant break statements
These two break statements are redundant: The subsequent continue
statement will cause the loop condition to be re-evaluated, at which
point the loop will terminate if resp[3] != 0.
2014-03-07 07:42:40 -08:00
Thomas Bernard e385db03b9 miniupnpd: improved permission checking for NAT-PMP
NAT-PMP now searches an allowed eport if the one from
request is not, instead of returning an error
2014-03-07 11:48:17 +01:00
Daniel Becker edd501f59c miniupnpd/natpmp.c: return correct error code when all external ports in use
Instead of returning code 3 ("Network Failure"), we should the
more appropriate code 4 ("Out of resources") when no external
port is available for a mapping.
2014-02-28 14:47:53 -08:00
Thomas Bernard 3c90f6a30d miniupnpd/natpmp.c: avoid hang when all external ports in use
reorganize a bit
2014-02-28 13:34:46 +01:00
Daniel Becker c6a8879c87 miniupnpd/natpmp.c: avoid hang when all external ports in use
The NAT-PMP code attempts to find a different eport if the
requested one is already in use. If all eports are in use, that
would previously cause the code to iterate through the range of
eports forever. To avoid this case, we keep track of the first
eport we attempted to use and abort the loop once we've cycled
through all possible values exactly once (which takes us back
to the initial eport).
2014-02-28 00:00:26 -08:00
Thomas Bernard c1e624ecd4 miniupnpd: use asyncsendto 2014-02-25 11:15:30 +01:00
Thomas Bernard 3712118bc4 miniupnpd: removed unused code
ScanNATPMPforExpiration() CleanExpiredNATPMP() are not used anymore
2014-02-03 10:45:59 +01:00
Thomas Bernard f774a54bac remove C++ style comments 2013-12-13 17:01:41 +01:00
Thomas Bernard 9b72af6f36 Merge branch 'master' into portinuse 2013-12-13 12:29:01 +01:00
Peter Tatrai 9e1ffd5cd9 Add initial PCP support 2013-07-11 09:38:55 +02:00
Thomas Bernard 961e1c35d3 miniupnpd: autodetect LAN interface netmask instead of defaulting to /24
Fix 
2013-03-23 11:50:57 +01:00
Thomas Bernard 013b0df388 miniupnpd: detect port in use / already forwarded
Patch submitted by David Kerr
2012-07-10 23:25:29 +02:00
Thomas Bernard 4cdc0b762e set natpmp socket non blocking 2012-05-28 01:18:06 +02:00
Thomas Bernard ad95793e93 Add UNUSED(arg) macro to remove unused argument warning. 2012-05-01 11:49:23 +02:00
Shawn Landen 5c224accbf remove trailing whitespace from miniupnpd 2012-02-29 17:48:41 -08:00
Thomas Bernard 9ee74defc8 Compile miniupnpd OK with -ansi flag. 2012-02-05 00:40:50 +01:00
Thomas Bernard 73ef11624a always handle EAGAIN, EWOULDBLOCK and EINTR after recv()/recvfrom() calls 2012-02-02 18:45:43 +01:00
Thomas Bernard 0d96346588 Adding miniupnpd 2011-09-28 21:13:20 +02:00