miniupnp: Update rule timeout on request (nft ipv6)

Building with iptables package

sblagodatskikh@sblagodatskikh-pc:~$ upnpc -6 -m eth1 -A 2001:777:1:0:ac00:0:13:bf4b 2222 2001:888:0:88:4aee:cff:febb:1c25 6666 TCP 1000
upnpc : miniupnpc library test client. (c) 2005-2014 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://[2001:888:0:88::1]:41639/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://[2001:888:0:88::1]:41639/
Local LAN ip address : 2001:888:0:88:4aee:cff:febb:1c25
AddPinhole: ([2001:777:1:0:ac00:0:13:bf4b]:2222 -> [2001:888:0:88:4aee:cff:febb:1c25]:6666) / Pinhole ID = 2
sblagodatskikh@sblagodatskikh-pc:~$
---
~ # ip6tables -nvL MINIUPNPD1
Chain MINIUPNPD1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp      pppoe_1 *       2001:777:1:0:ac00:0:13:bf4b  2001:888:0:88:4aee:cff:febb:1c25  tcp spt:2222 dpt:6666
~ # 
---
sblagodatskikh@sblagodatskikh-pc:~$ upnpc -6 -m eth1 -A 2001:777:1:0:ac00:0:13:bf4b 2222 2001:888:0:88:4aee:cff:febb:1c25 6666 TCP 10
upnpc : miniupnpc library test client. (c) 2005-2014 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://[2001:888:0:88::1]:41639/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://[2001:888:0:88::1]:41639/
Local LAN ip address : 2001:888:0:88:4aee:cff:febb:1c25
AddPinhole: ([2001:777:1:0:ac00:0:13:bf4b]:2222 -> [2001:888:0:88:4aee:cff:febb:1c25]:6666) / Pinhole ID = 2
sblagodatskikh@sblagodatskikh-pc:~$

The message appears in the logs: ~ # Jun 26 16:09:00 [ ERR] miniupnpd[1385]: unrecognized data in lease file, and the record timeout is updated, its OK But if you use an assembly with the nftables package, then a new rule will be added, and the timeout of the old rule will not be updated:

sblagodatskikh@sblagodatskikh-pc:~$ upnpc -6 -m eth1 -A 2001:777:1:0:ac00:0:13:bf4b 2222 2001:888:0:89:4aee:cff:febb:1c25 6666 TCP 1000
upnpc : miniupnpc library test client. (c) 2005-2014 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://[2001:888:0:89::1]:44149/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://[2001:888:0:89::1]:44149/
Local LAN ip address : 2001:888:0:89:4aee:cff:febb:1c25
AddPinhole: ([2001:777:1:0:ac00:0:13:bf4b]:2222 -> [2001:888:0:89:4aee:cff:febb:1c25]:6666) / Pinhole ID = 1
sblagodatskikh@sblagodatskikh-pc:~$ upnpc -6 -m eth1 -A 2001:777:1:0:ac00:0:13:bf4b 2222 2001:888:0:89:4aee:cff:febb:1c25 6666 TCP 15
upnpc : miniupnpc library test client. (c) 2005-2014 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
 desc: http://[2001:888:0:89::1]:44149/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://[2001:888:0:89::1]:44149/
Local LAN ip address : 2001:888:0:89:4aee:cff:febb:1c25
AddPinhole: ([2001:777:1:0:ac00:0:13:bf4b]:2222 -> [2001:888:0:89:4aee:cff:febb:1c25]:6666) / Pinhole ID = 2
sblagodatskikh@sblagodatskikh-pc:~$
---
~ # nft list chain ip6 filter MINIUPNPD1
table ip6 filter {
	chain MINIUPNPD1 {
		iif "pppoe_1" th dport 6666 th sport 2222 ip6 daddr 2001:888:0:89:4aee:cff:febb:1c25 ip6 saddr 2001:777:1:0:ac00:0:13:bf4b ip6 nexthdr tcp accept
		iif "pppoe_1" th dport 6666 th sport 2222 ip6 daddr 2001:888:0:89:4aee:cff:febb:1c25 ip6 saddr 2001:777:1:0:ac00:0:13:bf4b ip6 nexthdr tcp accept
	}
}
~ #

About this issue

Original URL
State: open
Created a year ago
Comments: 30 (30 by maintainers)

Commits related to this issue

fix find_pinhole() see #663 — committed to miniupnp/miniupnp by miniupnp 8 months ago
fix find_pinhole() see #663 — committed to miniupnp/miniupnp by miniupnp 8 months ago
always nul terminate string after strncpy() see #663 — committed to miniupnp/miniupnp by miniupnp 7 months ago
nftpinhole.c: fix get_pinhole_info() to return the description see #663 — committed to miniupnp/miniupnp by miniupnp 7 months ago
fix find_pinhole() see #663 — committed to miniupnp/miniupnp by miniupnp 8 months ago
always nul terminate string after strncpy() see #663 — committed to miniupnp/miniupnp by miniupnp 7 months ago
nftpinhole.c: fix get_pinhole_info() to return the description see #663 — committed to miniupnp/miniupnp by miniupnp 7 months ago
fix find_pinhole() see #663 — committed to miniupnp/miniupnp by miniupnp 8 months ago
always nul terminate string after strncpy() see #663 — committed to miniupnp/miniupnp by miniupnp 7 months ago
nftpinhole.c: fix get_pinhole_info() to return the description see #663 — committed to miniupnp/miniupnp by miniupnp 7 months ago

Most upvoted comments

@miniupnp sorry for the delay on this. I have tested the latest tagged version and it work fine in my nftables setup.

svenauhagen on Mar 1, 2024

@miniupnp here is the new output:

testnftpinhole: mnl_socket bound, port_id=10479 add_pinhole(eth0, 2a00::dead:beaf, 1911, fe80::1023:4095, 34952, 6, dummy description, 1036608) rule_set_filter6[1105]: inet filter miniupnpd [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00008888 ] [ payload load 2b @ transport header + 0 => reg 1 ] [ cmp eq reg 1 0x00007707 ] [ payload load 16b @ network header + 24 => reg 1 ] [ cmp eq reg 1 0x000080fe 0x00000000 0x00000000 0x95402310 ] [ payload load 16b @ network header + 8 => reg 1 ] [ cmp eq reg 1 0x0000002a 0x00000000 0x00000000 0xafbeadde ] [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ immediate reg 0 accept ] testnftpinhole: add_pinhole(): uid=1 userdata = { pinholeget_pinhole_info() testnftpinhole: table_cb(0xbe89f618, 0xbe8a062c) filter miniupnpd 2 testnftpinhole: table_cb(0xbe89f8fc, 0xbe8a062c) filter miniupnpd 2 end_pinhole_info() testnftpinhole: get_pinhole_info(1) : 2a00::dead:beaf:1911 => fe80::1023:4095:34952 tcp testnftpinhole: desc “dummy description” ts=1036608 packets=0 0 find_pinhole() testnftpinhole: find_pinhole(): uid=1 desc=“dummy description” timestamp=1036608 get_pinhole_info() end_pinhole_info() testnftpinhole: get_pinhole_info(1) : 2a00::dead:beaf:1911 => fe80::1023:4095:34952 tcp testnftpinhole: desc “dummy description” ts=1036608 packets=0 0 update_pinhole() update add_pinhole(eth0, 2a00::dead:beaf, fe80::1023:4095, 1911, 34952, 6, pinhole-1 ts-1040148: dummy description) rule_set_filter6[1105]: inet filter miniupnpd [ meta load iif => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00008888 ] [ payload load 2b @ transport header + 0 => reg 1 ] [ cmp eq reg 1 0x00007707 ] [ payload load 16b @ network header + 24 => reg 1 ] [ cmp eq reg 1 0x000080fe 0x00000000 0x00000000 0x95402310 ] [ payload load 16b @ network header + 8 => reg 1 ] [ cmp eq reg 1 0x0000002a 0x00000000 0x00000000 0xafbeadde ] [ payload load 1b @ network header + 6 => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ immediate reg 0 accept ] testnftpinhole: update_pinhole(1, …) returned 0 userdata = { pinholeget_pinhole_info() testnftpinhole: table_cb(0xbe89f618, 0xbe8a062c) filter miniupnpd 2 testnftpinhole: table_cb(0xbe89f8fc, 0xbe8a062c) filter miniupnpd 2 end_pinhole_info() testnftpinhole: get_pinhole_info(1) : 2a00::dead:beaf:1911 => fe80::1023:4095:34952 tcp testnftpinhole: desc “dummy description” ts=1040148 packets=0 0 delete_pinhole() testnftpinhole: delete_pinhole(1) returned 0

svenauhagen on Nov 27, 2023