status-im/miniupnp
2
0
Fork 0
mirror of https://github.com/status-im/miniupnp.git synced 2025-01-09 05:42:41 +00:00
Code Issues Projects Releases Wiki Activity
miniupnp/miniupnpd/upnppermissions.h
Daniel Becker f4f4573f53 miniupnpd: fix eport selection and error handling 
The find_available_eport function that was intended to check if
at least one eport is allowed for a given iaddr/iport does not
work as intended; for example, it does not properly handle rule
precedence (i.e., it considers allow rules even if they are
effectively masked by earlier deny rules), and it also does not
handle the case where no rules are specified at all (which
should default to accept in order to be consistent with
check_upnp_rule_against_permissions). The present change removes
this function and instead integrates the check into the existing
while loop that iterates over all eports.
2014-03-10 00:32:23 -07:00

56 lines
1.6 KiB
C
Raw Blame History

/* $Id: upnppermissions.h,v 1.10 2014/03/07 10:43:29 nanard Exp $ */
/* MiniUPnP project
* http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
* (c) 2006-2014 Thomas Bernard
* This software is subject to the conditions detailed
* in the LICENCE file provided within the distribution */
#ifndef UPNPPERMISSIONS_H_INCLUDED
#define UPNPPERMISSIONS_H_INCLUDED
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include "config.h"
/* UPnP permission rule samples:
* allow 1024-65535 192.168.3.0/24 1024-65535
* deny 0-65535 192.168.1.125/32 0-65535 */
struct upnpperm {
enum {UPNPPERM_ALLOW=1, UPNPPERM_DENY=2 } type;
/* is it an allow or deny permission rule ? */
u_short eport_min, eport_max; /* external port range */
struct in_addr address, mask; /* ip/mask */
u_short iport_min, iport_max; /* internal port range */
};
/* read_permission_line()
* returns: 0 line read okay
* -1 error reading line
*
* line sample :
* allow 1024-65535 192.168.3.0/24 1024-65535
* allow 22 192.168.4.33/32 22
* deny 0-65535 0.0.0.0/0 0-65535 */
int
read_permission_line(struct upnpperm * perm,
char * p);
/* check_upnp_rule_against_permissions()
* returns: 0 if the upnp rule should be rejected,
* 1 if it could be accepted */
int
check_upnp_rule_against_permissions(const struct upnpperm * permary,
int n_perms,
u_short eport, struct in_addr address,
u_short iport);
#ifdef USE_MINIUPNPDCTL
void
write_permlist(int fd, const struct upnpperm * permary,
int nperms);
#endif
#endif
Reference in New Issue View Git Blame Copy Permalink