Commit Graph

143 Commits

Author SHA1 Message Date
Thomas Bernard ef5a1e1abc
testnftnlrdr.c: comments + debug output 2024-03-13 00:14:27 +01:00
Thomas Bernard 1bde68cc9e
nftpinhole.c: fix get_pinhole_info() to return the description
see #663
2024-03-13 00:14:27 +01:00
Thomas Bernard 358f430924
nftpinhole.c: update_pinhole() uses strchr() instead of strsep 2024-03-13 00:14:27 +01:00
Thomas Bernard c3f1a2cb30
always nul terminate string after strncpy()
see #663
2024-03-13 00:14:27 +01:00
Thomas Bernard 215091b546
nftpinhole.c: fix get_pinhole_info() and log inet_ntop() errors 2024-03-13 00:14:26 +01:00
Thomas Bernard 90fb7801eb
netfilter_nft: rule_t: have src/dst/nat addresses and ports
instead of guessing if it is remote host / external or internal address...
2024-03-13 00:14:20 +01:00
Thomas Bernard 25206a7a3f
testnftpinhole: call init_redirect() / shutdown_redirect() 2024-03-13 00:12:52 +01:00
Thomas Bernard b3b5dd16d2
more tests in testnftpinhole.c 2024-03-13 00:12:52 +01:00
Thomas Bernard 80d628fa59
netfilter_nft: improve testnftpinhole.c to test find_pinhole() 2024-03-13 00:12:51 +01:00
Thomas Bernard 2e7bfb1e31
netfilter_nft: change debug output for add_pinhole() 2024-03-13 00:12:51 +01:00
Thomas Bernard e2be9e1571
add comments to rule_set_filter6() and rule_set_filter_common() 2024-03-13 00:12:51 +01:00
Thomas Bernard 4c68985304
netfilter_nft/nftnlrdr_misc.c: comments and warning in parse_rule_payload() 2024-03-13 00:12:51 +01:00
Thomas Bernard 424f5c259f
fix find_pinhole()
see #663
2024-03-13 00:12:51 +01:00
Thomas Bernard 025f0f502b
NFT: check inet_pton() errors in find_pinhole() 2024-03-13 00:12:50 +01:00
Thomas Bernard 4dda6d8820
update (c) lines 2024-03-12 00:37:21 +01:00
Sven Auhagen 2c9a645b10 NFTables: Add backwards compatibility for IPv4 NAT
NFtables uses the INET table for NAT which combines IPv4 and IPv6.
Older systems might not have this option and use the ip table instead.

This adds a flag to fall back to the ip table style.

Signed-Off-By: Sven Auhagen <sven.auhagen@voleatech.de>
2024-03-04 06:18:41 +01:00
yangfl 2c0c73a081 Quote paths in nft scripts to prevent word splitting. 2023-08-07 05:30:41 +08:00
Thomas Bernard a1ade4532e
fix get_portmappings_in_range() 2023-06-27 01:50:31 +02:00
Thomas Bernard 904dda47ed
nftnlrdr_misc.c: replace nftnl_rule_get_data() usage with specific nftnl_rule_get_*() functions
nftnl_rule_get_u32()
nftnl_rule_get_u64()
nftnl_rule_get_str()

closes #641
should fix #582
2023-01-14 19:18:37 +01:00
Thomas Bernard 67ea8c8bc3 nftnlrdr_misc.c: debug message about proto_min_reg/proto_min_val 2023-01-14 19:16:40 +01:00
Thomas Bernard 61127ca0be
nftnlrdr_misc.c: expr_set_reg_val_u16() has uint16_t arg 2022-10-10 02:33:04 +02:00
Thomas Bernard 890e4ec218
nftnlrdr_misc.c: fix parse_rule_immediate()
so it works correctly on both little endian and big endian CPUs
should fix #628
2022-10-10 02:32:58 +02:00
Thomas Bernard 8bbe1c1339 remove useless UNUSED() 2022-10-10 01:23:26 +02:00
Thomas Bernard a6ca2b14c5
miniupnpd/nftnldr.c: init local var in update_portmapping()
see https://github.com/miniupnp/miniupnp/pull/607
rhost is not currently in use, but it might be some day.
2022-04-21 00:19:45 +02:00
Brian John 87776e8345 Split "NAT" and "TABLE" for consistency 2022-01-01 16:58:55 -06:00
Brian John 8d061ecf65 Fix typo: should check for `$NAT_TABLE` 2022-01-01 16:17:31 -06:00
Brian John 69f01ffcc8 Spelling fix: routeing --> routing 2022-01-01 16:15:54 -06:00
Thomas Bernard 78823d762e
README.md: updated. fix titles 2021-12-16 00:29:39 +01:00
Thomas Bernard 2bfed34e8c
README.md: reformat chain/tables setup
fix 3129683cb3
2021-12-16 00:27:57 +01:00
Thomas Bernard 1a5cdc0a13 remove space before eol 2021-12-02 00:35:51 +01:00
Sven Auhagen 3129683cb3 NFTables use scripts to create tables and chains
To hardcode table and chain creation and deletion makes it impossible
for existing firewall infrastructures to integrate miniupnpd.
NFTables will either reevaluate packets through miniupnpd or
it will delete existing tables when there are already custom chains in it.

Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-11-28 08:08:37 +01:00
Sven Auhagen 0b3f3e4029
NFTables make tables name configurable
Right now the table names are hardcoded and do not integrate with an overall
firewall strategy.
NFTables has restrictions on how packets are evaluated against chains.
For example if multiple forward chains are evaluated with different prioity,
all packets that pass the first one will be reevaluated again in the second chain.
To have an overall firewall concept with miniupnpd it is necessary to use existing
tables and hence to configure them in miniupnpd.

Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-11-27 21:49:21 +01:00
Thomas BERNARD 9a5215c54a
Merge pull request #562 from svenauhagen/feature/nftablesnat
NFTables use nat chain for inet (instead of specific IPv4 chain)
2021-11-17 12:36:19 +01:00
Thomas Bernard 92cf5c2f95 nftnlrdr_misc.c: 2021 2021-08-21 10:26:31 +02:00
Sven Auhagen acc3bcb0a3 NFTables use inet nat chain
NFTables supports inet in the nat chain as well.
Use it instead of IPv4 chain so it is consistent with the filter chain.

Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-08-18 16:58:50 +01:00
Thomas Bernard 97b7ec1ad2
normalize use of __STDC_VERSION__ 2021-06-17 09:25:26 +02:00
Thomas Bernard f50f00b5ea
errno.h not sys/errno.h 2020-11-11 13:24:48 +01:00
Thomas Bernard 5e7f8b5183 netfilter_nft/nftnlrdr_misc.h: comment 2020-10-22 21:39:41 +02:00
Thomas Bernard 3a17dea056 pass rule type to the private arg of mnl_cb_run() callback
should fix #481
2020-10-17 23:20:29 +02:00
Thomas Bernard 2595275eb5 netfilter_nft: build testing 2020-10-17 22:52:34 +02:00
Thomas Bernard 992565201b fix testnftnlrdr.c 2020-09-29 01:00:29 +02:00
BERNARD Thomas 91ff44c9d2 netfilter_nft: fix test stuff 2020-09-29 00:43:55 +02:00
Thomas Bernard 11dec5b25c fix log 2020-09-29 00:17:58 +02:00
Thomas Bernard 61d4aecb6e fix warning 2020-09-28 21:58:08 +02:00
Thomas Bernard 7db8ef0921 fix c9f6ddd 2020-09-28 21:57:50 +02:00
Thomas Bernard c9f6ddd102
miniupnpd/netfilter_nft: more logs in set_rdr_name()
see #481
2020-09-26 17:42:26 +02:00
Thomas Bernard d7b40010d5
nftnlrdr_misc.c: add log in case of send_batch() failure
useful for #481
2020-07-09 11:16:47 +02:00
Thomas Bernard 86b6aad797
ido not use depreacted nftnl_rule_set() and nftnl_chain_set()
now uses nftnl_rule_set_str() and nftnl_chain_set_str()
fixes #476
2020-06-10 11:55:42 +02:00
Thomas Bernard 92ec4d05ab
nftnlrdr_misc.c: fix a memory leak in table_cb() 2020-06-08 10:08:44 +02:00
Thomas Bernard 5f66d1852d
rewrite send_batch() for clarity 2020-06-07 21:43:03 +02:00