Commit Graph

597 Commits

Author SHA1 Message Date
Thomas BERNARD f841aa9e56 Merge pull request #75 from fingon/fix-linux3.10-ipv6-pinhole
netfilter: Linux 3.10(?) IPv6 firewall pinhole fix
2014-05-30 13:05:06 +02:00
Markus Stenberg 3eb71223b4 For some reason, rules without ipv6.flags set (and proto set?) do not match at all at least on Linux 3.10. So with this patch, they do (and it took me a while to find out, sigh) 2014-05-29 17:56:48 +03:00
Thomas Bernard 6bf84dc834 miniupnpd/minissdp.c: clean SendSSDPbyebye() 2014-05-23 12:07:39 +02:00
Thomas Bernard c4c2f79c12 miniupnpd/minissdp.c: Add IPV6 multicast membership only on selected "LAN" interfaces 2014-05-22 10:22:04 +02:00
Thomas Bernard 00fbdb70cf miniupnpd/minissdp.c: AddMulticastMembershipIPv6() targets specific interface 2014-05-22 10:17:06 +02:00
Thomas Bernard 165aeef129 miniupnpd/minissdp.c: clean SendSSDPNotify() code 2014-05-22 10:12:26 +02:00
Thomas Bernard 0d32445f57 miniupnpd/Changelog.txt: catch up :) 2014-05-22 09:57:59 +02:00
Thomas Bernard d916ce286a miniupnpd/miniupnpd.c: be more strict when parsing LAN addresses / interface names 2014-05-22 09:42:05 +02:00
Thomas Bernard 72463253dc miniupnpd: disable IPV6 if socket(PF_INET6) returns EAFNOSUPPORT 2014-05-22 01:38:18 +02:00
Thomas Bernard 9f78015a5b miniupnpd/minissdp.c: also listen on global SSDP multicast address FF0E::C
Add comments about also sending the NOTIFY to this address
2014-05-22 01:12:06 +02:00
Thomas BERNARD a2effc1535 Merge pull request #74 from fingon/ipv6-listening-ip
Added ipv6_listening_ip option to override it from in6addr_any.
2014-05-20 15:09:51 +02:00
Markus Stenberg c038146cee Added ipv6_listening_ip option to override it from in6addr_any.
This way IPv6 services can be selectively enabled on one IP too.
2014-05-20 15:55:35 +03:00
Thomas Bernard 1213033912 => 2014 2014-05-20 00:25:35 +02:00
Thomas Bernard 126bf58d23 miniupnpc: add more info to python packages 2014-05-20 00:24:59 +02:00
Thomas Bernard 93d7bb6ae2 miniupnpd/asyncsendto.c: allow setting of source address (IPV6_PKTINFO) 2014-05-19 16:27:55 +02:00
Thomas Bernard d851ad4c25 miniupnpd: Retreive PCP packed IPV6 destination address 2014-05-19 15:27:34 +02:00
Thomas BERNARD 5f288bf804 Merge pull request #73 from fingon/pcp-int-check-mandatory-always
Internal address check is mandatory even if third party option is set.
2014-05-19 12:28:29 +02:00
Markus Stenberg 83c103bc3f Internal address check is mandatory even if third party option is set. 2014-05-19 13:23:21 +03:00
Thomas Bernard b9c20cecab miniupnpd/pf/pfpinhole.c: use label to store pinhole description 2014-05-15 23:27:51 +02:00
Thomas Bernard 7154d30adc miniupnpd/pcpserver.c: prevent compiling with PCP_PEER on if not applicable 2014-05-15 12:29:10 +02:00
Thomas Bernard 653bc79292 miniupnpd/upnpsoap.c: Follow change in upnp_get_pinhole_info() 2014-05-15 12:11:42 +02:00
Markus Stenberg c8ec092693 Added pcp_ prefix to allow_thirdparty option (options parsing reserved allow for it's own use). 2014-05-15 12:04:03 +02:00
Markus Stenberg 6b3ff0242d Made failed pinhole request actually fail in terms of return value too. 2014-05-15 12:03:18 +02:00
Markus Stenberg 924b6d1613 Checking lan only in non-thirdparty mode. 2014-05-15 12:02:46 +02:00
Markus Stenberg 28b3afbb8f Added TODO about IPv6 permission handling. 2014-05-15 12:02:12 +02:00
Markus Stenberg 3a457092ce Split Peer/Map logic to NAT- and FW specific parts. Updated TODO to include proxying.
+ fixes
2014-05-15 12:01:22 +02:00
Markus Stenberg be6db5995d miniupnpd: work in progress on PCP pinhole support 2014-05-15 11:58:17 +02:00
Markus Stenberg 7c7407099e Added Linux get_pinhole_uid_by_index. 2014-05-15 11:45:37 +02:00
Markus Stenberg e907d7bba6 miniupnpd: Some initial effort at actually adding pinhole support to PCP code. 2014-05-15 11:45:33 +02:00
Markus Stenberg c000a00508 Fixed PEER supporting PCP to compile too. 2014-05-15 11:29:01 +02:00
Markus Stenberg 3e03562b77 miniupnpd: Added ENABLE_UPNPPINHOLE macro
using ENABLE_UPNPPINHOLE to compile in the support for IPv6 Firewall pinholes.
It is enabled by either ENABLE_6CF_SERVICE or ENABLE_PCP + ENABLE_IPV6.
2014-05-15 11:26:54 +02:00
Thomas Bernard ba97c9b238 miniupnpd/pcpserver.c: fix ProcessPCPRequest()
fix commit 620af3737c8beffe87e08b7e0c34ab1661251695
2014-05-15 10:57:10 +02:00
Markus Stenberg 3f9000db76 Added unified description production, and also enforcing that desc matches in MAP/PEER delete (=> following RFC6887). Yay. 2014-05-15 10:51:00 +02:00
Thomas Bernard de96dd47d5 update Changelog.txt files 2014-05-15 10:42:08 +02:00
Thomas Bernard 4dbbf34032 miniupnpd/upnpsoap.c: improve ExecuteSoapAction()
improve commit 20f1e070a1
2014-05-15 10:35:27 +02:00
Thomas BERNARD 8fa9446d65 Merge pull request #71 from arr2036/master
Add support for IGD2 AddAnyPortMapping DeletePortMappingRange
2014-05-15 10:32:17 +02:00
Arran Cudbard-Bell f27dd45973 Return 730 error where appropriate, and output helpful debug 2014-05-13 21:50:16 +01:00
Arran Cudbard-Bell 20f1e070a1 Don't call deletePortMapping method for deletePortMappingRange
Length of strings needs to match before doing comparison, else we can stop early on a substring of the one were trying to match.
2014-05-13 21:50:16 +01:00
Arran Cudbard-Bell 0490d16221 Don't print garbage values on failure 2014-05-13 21:50:16 +01:00
Arran Cudbard-Bell b9362f32a7 Add support for IGD2 AddAnyPortMapping and DeletePortMappingRange
Added python bindings for both AddAnyPortMapping and DeletePortMappingRange
2014-05-13 21:50:07 +01:00
Arran Cudbard-Bell be9584d156 Fix formatting in areas the next commit will touch 2014-05-13 21:49:51 +01:00
Thomas Bernard 5724b6b8b5 add Markus Stenberg 2014-05-06 15:17:15 +02:00
Thomas Bernard 98109ea92e miniupnpd/getifaddr.c: fix when IPV6 is not enabled 2014-05-06 15:15:07 +02:00
Markus Stenberg 338a533a09 miniupnpd/pcpserver.c: Preliminary work for PCP fw control
Added preliminary is_fw flag, and added af to getifaddr_in6. Made
option parsing follow the RFC and also made it bit more paranoid
(there were some security problems with length checks not being done
at right place all the time; simplified flow, should be easier to
verify now that it does nothing untoward).
2014-05-06 15:12:42 +02:00
Markus Stenberg d058fd3f36 miniupnpd/pcpserver.c: Added checks for third-party allowed for it to be used.
If allowed, checking it against source address,
with inverse logic from that of non-thirdparty case.
2014-05-06 13:30:04 +02:00
Markus Stenberg 5e5a9d39eb Added missing check for int_ip. 2014-05-06 13:27:42 +02:00
Markus Stenberg 2f5c3ce959 miniupnpd/pcpserver.c: Some IPv6 related work on PCP. 2014-05-06 13:26:06 +02:00
Thomas Bernard 0e49fe7e94 miniupnpd: change "allow_thirdparty" PCP option to a bit flag 2014-05-06 13:15:24 +02:00
Markus Stenberg c801138c63 Added PCP third party option and made it's use an option. 2014-05-06 13:10:09 +02:00
Thomas Bernard 6d379d54f5 minissdpd/openssdpsocket.c: listen on only 1 IPv4 if only 1 interface is specified 2014-05-02 09:52:43 +02:00