Thomas Bernard
92cf5c2f95
nftnlrdr_misc.c: 2021
2021-08-21 10:26:31 +02:00
Thomas Bernard
23edb7e5eb
options.c: 2021
2021-08-21 10:24:22 +02:00
Thomas Bernard
fec7d87f00
pcplearndscp.h: "new" website
2021-08-21 10:22:26 +02:00
Thomas Bernard
9dbee950ad
upnppinhole.c/.h: 2021
2021-08-21 10:14:28 +02:00
Thomas BERNARD
2115b8f8f0
Merge pull request #553 from ncopa/musl-libc-fix
...
miniupnpd: don't check for glibc version with musl
2021-08-21 09:52:06 +02:00
Sven Auhagen
acc3bcb0a3
NFTables use inet nat chain
...
NFTables supports inet in the nat chain as well.
Use it instead of IPv4 chain so it is consistent with the filter chain.
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-08-18 16:58:50 +01:00
Thomas Bernard
5d5a06c206
Changelog.txt: lease file for IPv6 pinholes
...
closes #18
2021-08-18 12:38:04 +02:00
Sven Auhagen
74dbad5ab0
IPv6 pinholes lease file
...
This patch adds a lease file for IPv6 pinholes.
The leases are maintained and readded when miniupnpd restarts.
Currently all IPv6 leases are lost on restart.
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-08-18 11:06:12 +01:00
Thomas Bernard
46fedcbc32
update Changelog.txt
...
see #539
2021-08-12 23:19:14 +02:00
Thomas Bernard
32f1d4cd1a
upnpdescgen.c: rootDesc.xml skip DeviceProtection and WANIPv6FirewallControl when force_igd1
...
see #539
2021-08-12 23:19:14 +02:00
Thomas Bernard
4d4121bf40
upnpdescgen.c: move a variable declaration
2021-08-12 23:19:14 +02:00
Thomas Bernard
2f2685af97
upnphttp.c: detecting MS client and forcing IGD v1
...
should fix #539
2021-08-12 23:19:14 +02:00
Thomas Bernard
d8e5659c7b
upnpdescgen.c: add force_igd1 param to XML description generation functions
2021-08-12 23:19:13 +02:00
Thomas Bernard
7c112e2b39
Merge commit '7ee554d31b47a7227ab85aa919792597ce78c81e'
2021-08-11 14:49:06 +02:00
Thomas Bernard
f1388717af
miniupnpd.c: fix 1aa46b5a2c
2021-08-11 12:19:30 +02:00
Pali Rohár
7ee554d31b
miniupnpd: Disable port forwarding when upstream interface is down
...
Obviously port forwarding cannot work when upstream interface is down. So
correctly report status code for port forwarding requests to clients in
this case.
2021-08-06 16:13:25 +02:00
Natanael Copa
ebaa69b313
miniupnpd: don't check for glibc version with musl
...
Test that ldd is from GLIBC before exctracting the GLIBC_VERSION. This
is not needed with musl libc.
2021-07-21 10:38:35 +02:00
Natanael Copa
1aa46b5a2c
miniupnpd: improve error message for bad config
...
Improve error message so users don't need read the source to figure out
why miniupnpd refuses to start even if the usage is correct.
2021-07-15 12:23:26 +02:00
Thomas Bernard
6f848ae082
2021
2021-06-18 00:37:27 +02:00
Thomas Bernard
7fcbcd35b9
fix commit 5567e7c7e0
2021-06-18 00:31:27 +02:00
Thomas Bernard
5567e7c7e0
miniupnpd: improves error handling during init.
...
- Fails on config parsing and init errors.
- print errors during init to both syslog and stderr.
fixes #551
2021-06-18 00:21:16 +02:00
Thomas Bernard
97b7ec1ad2
normalize use of __STDC_VERSION__
2021-06-17 09:25:26 +02:00
Thomas Bernard
7783ac1545
upnphttp.c: Code factorization : use SendResp_upnphttp() in SendRespAndClose_upnphttp()
2021-05-22 23:54:32 +02:00
Thomas Bernard
acca60a365
miniupnpd: Better comment snprintf() used to build HTTP headers
2021-05-22 23:30:05 +02:00
Thomas Bernard
08ae9e9e71
miniupnpd: dynamically retrieve `uname -r`
...
fixes #547
2021-05-22 00:16:40 +02:00
Thomas Bernard
982f47a8b6
miniupnpd: version 2.2.2
2021-05-13 13:33:02 +02:00
SeaEagle1
1713f4b9b4
Add SO_REUSEPORT option for SSDP
...
fixes #541
2021-05-12 00:15:02 +02:00
Thomas Bernard
57e9a52b95
miniupnpd/Changelog.txt: update
2021-05-11 23:58:35 +02:00
Thomas Bernard
3a87be33e7
upnpsoap.c: comment and improve GetExternalIPAddress()
...
GetExternalIPAddress returns empty string when the External IP address can
not be retrieved.
2021-03-31 09:43:28 +02:00
Pali Rohár
79ca440f73
miniupnpd: When ExternalIPAddress is unknown returns empty string in GetExternalIPAddress
...
IGD v2.0 specification for WANIPConnection:2 says:
When the external IP address could not be retrieved by the gateway (for
example, because the interface is down or because there was a failure in
the last connection setup attempt), then the ExternalIPAddress MUST be
equal to the empty string.
So instead of Error 501 "Action Failed" returns empty string to be
compliant with IGD v2.0 specification.
2021-03-28 17:20:34 +02:00
Thomas Bernard
9239cf28c1
Fix the cleanup of PREROUTING mangle chain
...
it was changed iby mistake to FORWARD by 82ec7bc3df
see discussion in PR #530
2021-02-26 15:15:09 +01:00
Thomas Bernard
3b6b0ba1e3
INSTALL: update
2021-02-26 15:14:03 +01:00
Thomas Bernard
207d1849e4
miniupnpd.c: typo and ip -> IP
2021-01-15 19:33:29 +01:00
Pali Rohár
e6bf74a691
Add check that miniupnpd is not going to listen on WAN interface with public IP address
...
Option listen= is used for LAN interface/address and option ext_addr= is
used for public IP address. If users by mistake swap WAN and LAN interface
or public and private IP addresses then miniupnpd obviously would not work
and instead of hacking miniupnpd code users should rather check their
miniupnpd configuration or local firewall settings.
So add checks and hints which prevents security issues like swapping LAN
and WAN interfaces/addresses and therefore prevent exposing port forwarding
and firewall configuration on public Internet.
2020-12-30 11:23:29 +01:00
Pali Rohár
304ff79dc5
Update and extend description from STUN output
...
People sometimes do not understand where is the problem, so include also
hints what they needs to check, change and re-configure.
2020-12-30 11:22:12 +01:00
Thomas Bernard
9ef311d235
miniupnpd: version 2.2.1
2020-12-20 19:12:47 +01:00
Tim Gates
341d0f51a2
docs: fix simple typo, decription -> description
...
There is a small typo in miniupnpd/commonrdr.h, miniupnpd/ipf/ipfrdr.c, miniupnpd/pf/obsdrdr.c.
Should read `description` rather than `decription`.
2020-12-10 05:26:04 +11:00
Thomas Bernard
22c1386351
protocol[] can be "UDPLITE"
...
fixes #5034
2020-11-12 08:59:47 +01:00
Thomas Bernard
f50f00b5ea
errno.h not sys/errno.h
2020-11-11 13:24:48 +01:00
Thomas Bernard
ab544c3a0e
asyncsendto.c: use named enum.
...
see #502
2020-11-11 13:16:14 +01:00
Thomas Bernard
30c27967ae
fix error message for IPV6. 2020
2020-11-05 21:59:25 +01:00
Thomas Bernard
97fd716bd0
2020
2020-11-04 22:32:14 +01:00
Thomas Bernard
057368701e
fix warning
2020-11-04 22:31:47 +01:00
Thomas Bernard
32164d27d2
fix a couple of warnings
2020-11-02 00:26:13 +01:00
Thomas Bernard
c41094c2af
exact same declaration for random_url[]
...
see #498
2020-11-01 23:29:08 +01:00
Thomas Bernard
29797cf607
2019 => 2020
2020-10-31 11:36:06 +01:00
Thomas Bernard
01d686078e
use tag as GITREF if available
2020-10-31 10:56:02 +01:00
Thomas Bernard
56c66b5472
miniupnpd version 2.2.0
2020-10-31 10:23:44 +01:00
Thomas Bernard
1331b42410
fix dd99f0eb75
2020-10-31 10:05:50 +01:00
Thomas Bernard
dd99f0eb75
sysctl is not always in /sbin
2020-10-30 23:11:44 +01:00
Thomas Bernard
72ec9e1943
update changelog / comments
2020-10-30 22:44:02 +01:00
Thomas Bernard
c9939cc01e
fix portinuse.c for OpenBSD 5.5+
...
all CIRCLEQ have been replaced by TAILQ
fixes #496
2020-10-30 22:14:45 +01:00
Thomas Bernard
1008ed1117
Merge branch 'issue-465' into master
2020-10-28 19:38:52 +01:00
Thomas Bernard
90259ae803
Fix undefined behaviour: shifting signed int by 31 place
...
see #465
#0 0x555719469ec5 in AddAnyPortMapping.cfi /home/ryutaroh/miniupnpd-1018/miniupnp/miniupnpd/upnpsoap.c:703:42
#1 0x5557194705a7 in ExecuteSoapAction /home/ryutaroh/miniupnpd-1018/miniupnp/miniupnpd/upnpsoap.c:2335:5
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior upnpsoap.c:703:42 in
2020-10-26 08:46:37 +01:00
Thomas Bernard
85f8123504
Merge branch 'issue-495' into master
2020-10-24 15:23:26 +02:00
Thomas Bernard
946f6c19bb
fix Makefile.bsd
...
fixes #495
2020-10-24 15:17:59 +02:00
Thomas Bernard
92ff8a6a7e
in_addr_t instead of struct in_addr
2020-10-22 23:20:50 +02:00
Thomas Bernard
6b2070c6e9
fix 18a6ab0201
2020-10-22 23:19:59 +02:00
Thomas Bernard
5e7f8b5183
netfilter_nft/nftnlrdr_misc.h: comment
2020-10-22 21:39:41 +02:00
Thomas Bernard
1b5cab1e87
update Changelog.txt
2020-10-22 21:27:04 +02:00
Thomas Bernard
68cc35156e
fix nftables shutdown_redirect()
...
see #481
2020-10-22 21:19:37 +02:00
Thomas Bernard
04e245258e
For FreeBSD ports
...
see #495
2020-10-22 20:45:15 +02:00
Thomas Bernard
18a6ab0201
AddAnyPortMapping(): Only try allowed ports
...
build an array of all allowed ports.
should fix #465
2020-10-18 00:20:24 +02:00
Thomas Bernard
3a17dea056
pass rule type to the private arg of mnl_cb_run() callback
...
should fix #481
2020-10-17 23:20:29 +02:00
Thomas Bernard
a3522723ae
fix .gitignore
2020-10-17 22:55:12 +02:00
Thomas Bernard
2595275eb5
netfilter_nft: build testing
2020-10-17 22:52:34 +02:00
Thomas Bernard
992565201b
fix testnftnlrdr.c
2020-09-29 01:00:29 +02:00
BERNARD Thomas
91ff44c9d2
netfilter_nft: fix test stuff
2020-09-29 00:43:55 +02:00
Thomas Bernard
11dec5b25c
fix log
2020-09-29 00:17:58 +02:00
Thomas Bernard
f9908a788b
Move chain name variables to netfilter/*
2020-09-28 22:44:24 +02:00
Thomas Bernard
61d4aecb6e
fix warning
2020-09-28 21:58:08 +02:00
Thomas Bernard
7db8ef0921
fix c9f6ddd
2020-09-28 21:57:50 +02:00
Thomas Bernard
c9f6ddd102
miniupnpd/netfilter_nft: more logs in set_rdr_name()
...
see #481
2020-09-26 17:42:26 +02:00
Pali Rohár
dbb821a7c9
getifaddr.c: Fix mask for RFC7534 Direct Delegation AS112 Service
2020-07-12 13:45:30 +02:00
Thomas Bernard
d7b40010d5
nftnlrdr_misc.c: add log in case of send_batch() failure
...
useful for #481
2020-07-09 11:16:47 +02:00
Chen Minqiang
b44e5e7a83
fix update_portmapping() missing target when update filter table
2020-06-27 11:31:08 +08:00
Thomas Bernard
24df04fc1b
update
2020-06-20 17:49:19 +02:00
Thomas Bernard
7a9452fca9
miniupnpd: make sure "runtime_vars" are initialized
2020-06-20 17:02:19 +02:00
Thomas Bernard
5bbcc0bb65
miniupnpd --help shows usage
2020-06-20 17:01:01 +02:00
Thomas Bernard
417b496617
miniupnpd: add -v/-vv command line argument to enable more logs
...
fixes #477
2020-06-20 17:00:10 +02:00
Thomas Bernard
686b41fc52
AddAnyPortMapping(): support wildcard in NewExternalPort
...
supported wildcard is either 0 or *
2020-06-20 16:38:14 +02:00
Thomas Bernard
de71eef493
miniupnpd: AddAnyPortMapping() tries port above and below requested port
...
fixes #465
if the requested port is n, it will tries successively :
n, n+1, n-1, n+2, n-2, n+3, n-3, etc.
2020-06-20 16:38:14 +02:00
Thomas BERNARD
1e7fb305b6
Merge pull request #475 from miniupnp/issue-474
...
improve netfilter_nft code
2020-06-11 14:53:38 +02:00
Renato Botelho
1baa95277d
Fix manpage installation on BSD
...
Respect MANPREFIX when it's set, when not, use PREFIX
2020-06-10 14:38:23 -03:00
Thomas Bernard
86b6aad797
ido not use depreacted nftnl_rule_set() and nftnl_chain_set()
...
now uses nftnl_rule_set_str() and nftnl_chain_set_str()
fixes #476
2020-06-10 11:55:42 +02:00
Thomas Bernard
acbb9f09d7
update Changelog.txt 2.2.0-RC1
2020-06-08 12:10:17 +02:00
Thomas Bernard
92ec4d05ab
nftnlrdr_misc.c: fix a memory leak in table_cb()
2020-06-08 10:08:44 +02:00
Thomas Bernard
5f66d1852d
rewrite send_batch() for clarity
2020-06-07 21:43:03 +02:00
Thomas Bernard
f23c3e68aa
fix previous commit
2020-06-07 21:30:12 +02:00
Thomas Bernard
8ad596d846
fix previous commit
...
fixes a7eeb5938f
2020-06-07 21:02:51 +02:00
Thomas Bernard
a7eeb5938f
improved error handling in parse_rule_nat()
2020-06-07 20:58:25 +02:00
Thomas Bernard
d41aceffb5
improve table_cb() to remove memory leak
2020-06-07 20:12:12 +02:00
Thomas Bernard
a64d4f937b
rewrite table_cb() to better handle errors
2020-06-07 20:00:52 +02:00
Thomas Bernard
70b9526834
remove unecessary if in flush_nft_cache()
2020-06-07 19:58:48 +02:00
Thomas Bernard
7245a68e5c
improve error handling in nft_mnl_connect()
2020-06-07 19:57:29 +02:00
Thomas Bernard
ed48113355
refresh_nft_cache() return error status
...
fixes 037639c07a
2020-06-07 19:56:03 +02:00
Thomas Bernard
037639c07a
improve error handling in refresh_nft_cache() and send_batch()
...
to help debug #474
2020-06-07 19:29:22 +02:00
Thomas Bernard
61ce33a51b
Changelog.txt: pf symetric nat implementation
2020-06-06 19:39:49 +02:00
Thomas Bernard
563576878c
Merge branch 'pf-nat-rules'
2020-06-06 19:39:08 +02:00
Thomas Bernard
0af141d9c5
miniupnpd: fix processing of v4 M-SEARCH received on v6 socket
...
So we don't answer with the v6 LOCATION to v4 clients anymore !
should fix #467
see #461
2020-06-05 22:39:59 +02:00
Thomas Bernard
409ba9c0f2
nftpinhole.c: fix get_pinhole_info()
...
this whole file should be reviewed carefully
fixes #459
2020-06-05 10:36:17 +02:00
Thomas Bernard
3716381308
improve syslog in PinholeVerification()
2020-06-05 10:19:15 +02:00
Thomas Bernard
d5ba9c368e
fix memroy leak in PinholeVerification()
...
see #459
2020-06-05 10:13:13 +02:00
Thomas Bernard
f151cc1dd4
minor checks on PCPSendUnsolicitedAnnounce()
2020-06-04 00:56:16 +02:00
Thomas Bernard
45191081f1
fix 9b32a523bf
2020-06-04 00:46:41 +02:00
Thomas Bernard
9b32a523bf
improve get_redirect_rule_count() for netfilter_nft too
2020-06-04 00:37:17 +02:00
Thomas Bernard
95d611e7a0
fix 67465c3cc0
2020-06-04 00:30:01 +02:00
Thomas Bernard
26c46e5a49
improve upnp_get_portmapping_number_of_entries()
2020-06-04 00:27:49 +02:00
Thomas Bernard
ddf328845a
keep memory of ./configure parameters
2020-06-03 23:54:24 +02:00
Thomas Bernard
8a665a1c8e
configure --disable-fork to disable going to background
...
fixes #468
2020-06-03 23:43:58 +02:00
Thomas Bernard
eaf23f0d10
fix bug introduced in d458f1a222
...
dev is also used in pfpinhole.c and should be global
2020-06-03 23:15:28 +02:00
Thomas Bernard
67465c3cc0
OpenBSD: Disable pledge()
...
see #455
2020-06-03 23:11:15 +02:00
Thomas Bernard
e1f3478519
miniupnpd/netfilter_nft: fix get_redirect_rule_by_index()
...
should fix #462
2020-06-03 00:30:14 +02:00
Thomas Bernard
c8cbf9f6ce
miniupnpd/netfilter_nft: replace calls to inet_ntoa by inet_ntop()
2020-06-03 00:30:09 +02:00
Thomas Bernard
bc645c108d
same fix as 827fc6f04
for SendSSDPGoodbye()
...
see #459
2020-06-02 09:08:59 +02:00
Thomas Bernard
b8c8cec26b
fix bug introduced in c3d71b97ab
...
see #459
2020-06-02 09:02:45 +02:00
Thomas Bernard
fb63cf3455
miniupnpd/netfilter_nft: properly store timestamps
...
should fix #466
2020-06-02 01:00:04 +02:00
Thomas Bernard
c0ea7926c0
upnpdescgen.c: error message when memory alloc fails
2020-06-02 00:24:15 +02:00
Thomas Bernard
7b9489fb84
the buffer passed to mnl_nlmsg_batch_start() must be double of MNL_SOCKET_BUFFER_SIZE
...
see https://www.netfilter.org/projects/libmnl/doxygen/html/group__batch.html
http://www.lt.netfilter.org/projects/libmnl/doxygen/group__batch.html#ga28488fc4dee4c3e9eda5918f049db2af
2020-06-02 00:07:39 +02:00
Thomas Bernard
5dbdc50aa7
check return value of nftnl_expr_get()
2020-06-01 20:20:29 +02:00
Thomas Bernard
1e37a9f7b5
improve parse_rule_cmp()
...
see #459
2020-06-01 20:14:20 +02:00
Thomas Bernard
c09f485482
nftnlrdr.c: fix writing to iaddr instead of rhost
...
fixes #462
https://github.com/miniupnp/miniupnp/issues/462
https://github.com/miniupnp/miniupnp/issues/459#issuecomment-636402954
2020-06-01 17:56:38 +02:00
Thomas Bernard
c3d71b97ab
nftnlrdr_misc.c: malloc/memcpy instead of strndup()
...
see #466
2020-06-01 17:35:26 +02:00
Thomas Bernard
3b20182c86
miniupnpd/upnpdescgen.c: check string length before memcmp() in genServiceDesc()
...
see https://github.com/miniupnp/miniupnp/issues/459
2020-05-30 11:06:24 +02:00
Thomas Bernard
a711165e6e
miniupnpd: improve AddAnyPortMapping()
...
try with next port when -3 permission check failed
see #465
2020-05-30 10:29:24 +02:00
Thomas Bernard
a30e3de4ba
miniupnpd/netfilter_nft: add debug messages about lease timestamps/duration
...
in order to debug issue #466
2020-05-30 10:09:22 +02:00
Thomas Bernard
f97367c87d
miniupnpd/p: delete_nat_rule()
...
also clear_nat_rules()
2020-05-30 00:32:29 +02:00
Thomas Bernard
6cd5ca6e9a
call nftnl_rule_is_set(NFTNL_RULE_USERDATA) before nftnl_rule_get_data(NFTNL_RULE_USERDATA)
...
see #459 and #461
2020-05-29 18:10:30 +02:00
Thomas Bernard
827fc6f041
miniupnpd: prevent buffer overread of known_devices_types
...
should fix #459
2020-05-29 18:01:39 +02:00
Thomas Bernard
7be0b48022
fix GetExternalIPAddress()
...
a bug was introduced by cce19781e6
may fix #460
2020-05-29 08:55:44 +02:00
Thomas Bernard
e3395f12fc
miniupnpd/pf: minor changes
2020-05-21 02:24:59 +02:00
Thomas Bernard
2cf50c57fa
miniupnpd/pf: add_nat_rule()
2020-05-21 02:24:39 +02:00
Thomas Bernard
abefb6c6d0
miniupnpd/pf: fix test
2020-05-21 02:21:49 +02:00
Thomas Bernard
d458f1a222
minor stuff
2020-05-17 23:16:45 +02:00
Thomas Bernard
e823722b5d
some cp implementations do not support the -v option
2020-05-11 23:31:53 +02:00
Thomas Bernard
02e41f7346
miniupnpd: BSD: allow to build from another directory
...
$ cd miniupnpd
$ mkdir build
$ cd build
$ ../configure && make
2020-05-11 23:30:19 +02:00
Thomas Bernard
384f6592a8
miniupnpd: update Changelog
2020-05-10 20:01:30 +02:00
Thomas Bernard
f9002bfaa7
https://miniupnp.tuxfamily.org/
2020-05-10 20:01:24 +02:00
Thomas Bernard
a04d6d405d
miniupnpd/Makefile.linux_nft: update CFLAGS / LDFLAGS
2020-05-10 20:00:50 +02:00
Thomas Bernard
e166f541e8
=> 2020
2020-05-10 20:00:37 +02:00
Thomas Bernard
194566a5bd
support for libcap-ng
...
fixes #405
2020-05-10 15:34:45 +02:00
Thomas Bernard
5abb714d34
drop linux capabilities
2020-05-10 15:34:44 +02:00
Pali Rohár
9e41cad6a8
upnpstun.c: TEST: Require root user
...
New version of /sbin/iptables binary prints nonsense error message when is
called by ordinary non-root user:
iptables v1.8.2 (nf_tables): unknown option "--dport"
Under root user it works correctly and understands --dport argument.
/sbin/iptables binary obviously does not work without root user, so rather
print error message as debugging why /sbin/iptables printed that nonsense
error message about unknown option.
2020-05-08 16:32:16 +02:00
Pali Rohár
0cad5296c6
upnpstun.c: TEST: Redirect syslog() call to printf()
...
When compiling Testing Linux application, replace syslog() call by
printf(). openlog() does not honor LOG_CONS flag, it works only when
application cannot connect to syslog (which is rare). There is way to force
syslog() call to print to stdout, so replace openlog() and syslog() calls
by normal printf() call via preprocessor macro when compiling Testing Linux
application.
2020-05-08 16:29:31 +02:00
Pali Rohár
d7f60e3fdf
upnpstun.c: Show more debug information
2020-05-08 16:26:39 +02:00
Pali Rohár
92a1ee9a7d
upnpstun.c: Parse more fields from STUN packet
...
These fields are sent by e.g. stun.ekiga.net
2020-05-08 16:25:43 +02:00
Pali Rohár
420cfaf208
upnpstun.c: Do not stop processing STUN packet when XOR-MAPPED-ADDRESS is found
2020-05-08 16:23:58 +02:00
Thomas Bernard
388d93d678
minipnpd: move check target to check.mk
2020-05-07 01:02:48 +02:00
Thomas Bernard
2b4d9f5ee5
miniupnpd: fix build for nftables
2020-05-07 00:47:26 +02:00
Thomas Bernard
44c30b0a4e
miniupnpd: fix build for nftables
2020-05-07 00:41:59 +02:00