Hi List!
Whilst working on IPFilter/miniupnpd I came across the Microsoft
Internet Connectivity Evaluation Tool [1]. NetBSD-5 with IPFilter and
miniupnpd passes all tests, except for uPNP.
Now, with miniupnpd patched so it can delete redirects ok, it still
fails the test suit. This is because it expects to be able to store and
retrieve descriptions against each rule. Of course, this does not affect
actual uPNP itself but there are reasons why storing this would be handy
aside from just passing the test.
Anyway, a look at the structs shows this
typedef struct ipnat {
ipfmutex_t in_lock;
...
char *in_comment;
...
} ipnat_t;
I cannot find any reference to in_comment in the code for IPFilter and I
don't see how storying a pointer would work either. I propose something
like this instead
Index: ip_nat.h
===================================================================
RCS file: /cvsroot/src/sys/dist/ipf/netinet/ip_nat.h,v
retrieving revision 1.15
diff -u -p -r1.15 ip_nat.h
--- ip_nat.h 19 Aug 2009 08:36:11 -0000 1.15
+++ ip_nat.h 24 Sep 2009 12:08:38 -0000
@@ -77,6 +77,9 @@
#ifndef APR_LABELLEN
#define APR_LABELLEN 16
#endif
+#ifndef USR_LABELLEN
+#define USR_LABELLEN 64
+#endif
#define NAT_HW_CKSUM 0x80000000
#define DEF_NAT_AGE 1200 /* 10 minutes (600 seconds) */
@@ -209,6 +212,7 @@ typedef struct ipnat {
char in_ifnames[2][LIFNAMSIZ];
char in_plabel[APR_LABELLEN]; /* proxy label. */
ipftag_t in_tag;
+ char in_label[USR_LABELLEN]; /* user defined label. */
} ipnat_t;
#define in_pmin in_port[0] /* Also holds static
redir port
*/
We could do the same for filter rules as well (there's another comment
pointer there). If this is considered OK, I'll supply patches for ipf,
ipfstat and ipnat as well so they can be set and displayed in the userland.
With the above patch, and miniupnpd storing the description in the
label, the Microsoft Internet Connectivity Evaluation Tool passes 100% :)
Thanks
Roy
[1] http://www.microsoft.com/windows/using/tools/igd/default.mspx
Requires IE
