diff options
| -rw-r--r-- | changes/bug2749 | 8 | ||||
| -rw-r--r-- | changes/bug4438 | 6 | ||||
| -rw-r--r-- | changes/bug4528 | 6 | ||||
| -rw-r--r-- | changes/bug4572 | 6 | ||||
| -rw-r--r-- | changes/bug5103 | 3 | ||||
| -rw-r--r-- | changes/bug5112 | 5 | ||||
| -rw-r--r-- | changes/bug5434 | 3 | ||||
| -rw-r--r-- | changes/bug5537 | 5 | ||||
| -rw-r--r-- | configure.in | 44 | ||||
| -rw-r--r-- | doc/tor.1.txt | 4 | ||||
| -rw-r--r-- | src/common/compat.c | 135 | ||||
| -rw-r--r-- | src/or/buffers.c | 3 | ||||
| -rw-r--r-- | src/or/config.c | 3 | ||||
| -rw-r--r-- | src/or/connection.c | 65 | ||||
| -rw-r--r-- | src/or/dirserv.c | 3 | ||||
| -rw-r--r-- | src/or/or.h | 6 | ||||
| -rw-r--r-- | src/or/router.c | 20 | ||||
| -rw-r--r-- | src/or/routerlist.c | 2 | ||||
| -rw-r--r-- | src/tools/tor-fw-helper/tor-fw-helper-upnp.c | 8 |
19 files changed, 239 insertions, 96 deletions
diff --git a/changes/bug2749 b/changes/bug2749 new file mode 100644 index 0000000000..964a828859 --- /dev/null +++ b/changes/bug2749 @@ -0,0 +1,8 @@ + o Changed parameters (authorities): + - Authorities are now a little more lenient at accepting older + router descriptors, or newer router descriptors that don't make + big changes. This should help ameliorate past and future issues + where routers think they have uploaded valid descriptors, but the + authorities don't think so. Fix for ticket 2479. + + diff --git a/changes/bug4438 b/changes/bug4438 new file mode 100644 index 0000000000..94690e18e0 --- /dev/null +++ b/changes/bug4438 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Fix a dirauth-only exit on sighup that could happen during some + configuration state transitions. We now don't treat it as a fatal + error when the new descriptor we just generated in init_keys + isn't accepted. Fixes bug 4438; bugfix on 0.2.1.9-alpha. + diff --git a/changes/bug4528 b/changes/bug4528 new file mode 100644 index 0000000000..8703d6a010 --- /dev/null +++ b/changes/bug4528 @@ -0,0 +1,6 @@ + + o Minor bugfixes: + - Make sure that there are no unhandled pending TLS errors before + reading from a TLS stream. We had checks in 0.1.0.3-rc, but + lost them in 0.1.0.5-rc when we refactored read_to_buf_tls(). + Bugfix on 0.1.0.5-rc; fixes bug 4528. diff --git a/changes/bug4572 b/changes/bug4572 new file mode 100644 index 0000000000..3107bf9135 --- /dev/null +++ b/changes/bug4572 @@ -0,0 +1,6 @@ + o Removed features + - Remove the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays option; + authorities needed to use it for a while to keep the network working + as people upgraded to 0.2.1.31, 0.2.2.34, or 0.2.3.6-alpha, but that + was six months ago. As of now, it should no longer be needed or used. + diff --git a/changes/bug5103 b/changes/bug5103 new file mode 100644 index 0000000000..dbc462ca79 --- /dev/null +++ b/changes/bug5103 @@ -0,0 +1,3 @@ + o Minor bugfixes (build): + - When building with --enable-static-tor on OpenBSD, do not + erroneously attempt to link -lrt. diff --git a/changes/bug5112 b/changes/bug5112 new file mode 100644 index 0000000000..9607a928b9 --- /dev/null +++ b/changes/bug5112 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - When Tor is built with kernel headers from a recent (last few + years) Linux kernel, do not fail to run on older (pre-2.6.28 + Linux kernels). Fixes bug 5112; bugfix on 0.2.3.1-alpha. + diff --git a/changes/bug5434 b/changes/bug5434 new file mode 100644 index 0000000000..31c02d700d --- /dev/null +++ b/changes/bug5434 @@ -0,0 +1,3 @@ + o Minor bugfixes: + - Fix compilation with miniupnpc version 1.6; patch from + Anthony G. Basile. Fixes bug 5434. diff --git a/changes/bug5537 b/changes/bug5537 new file mode 100644 index 0000000000..bcad2a29bd --- /dev/null +++ b/changes/bug5537 @@ -0,0 +1,5 @@ + o Minor features: + - Make the code that clients use to detect an address change be + IPv6-aware, so that it won't fill clients' logs with error + messages when trying to get the IPv4 address of an IPv6 + connection. Implements ticket 5537. diff --git a/configure.in b/configure.in index e2dc0f12fb..e6f379c23d 100644 --- a/configure.in +++ b/configure.in @@ -280,7 +280,12 @@ AC_SEARCH_LIBS(socket, [socket network]) AC_SEARCH_LIBS(gethostbyname, [nsl]) AC_SEARCH_LIBS(dlopen, [dl]) AC_SEARCH_LIBS(inet_aton, [resolv]) -AC_SEARCH_LIBS([clock_gettime], [rt], [have_rt=yes]) +saved_LIBS="$LIBS" +AC_SEARCH_LIBS([clock_gettime], [rt]) +if test "$LIBS" != "$saved_LIBS"; then + # Looks like we need -lrt for clock_gettime(). + have_rt=yes +fi if test "$enable_threads" = "yes"; then AC_SEARCH_LIBS(pthread_create, [pthread]) @@ -592,15 +597,34 @@ dnl There are no packages for Debian or Redhat as of this patch if test "$upnp" = "true"; then AC_DEFINE(MINIUPNPC, 1, [Define to 1 if we are building with UPnP.]) - TOR_SEARCH_LIBRARY(libminiupnpc, $trylibminiupnpcdir, [-lminiupnpc $TOR_LIB_WS32 $TOR_LIB_IPHLPAPI], - [#include <miniupnpc/miniwget.h> - #include <miniupnpc/miniupnpc.h> - #include <miniupnpc/upnpcommands.h>], - [void upnpDiscover(int delay, const char * multicastif, - const char * minissdpdsock, int sameport);], - [upnpDiscover(1, 0, 0, 0); exit(0);], - [--with-libminiupnpc-dir], - [/usr/lib/]) + + dnl Before we call TOR_SEARCH_LIBRARY we'll do a quick compile test + dnl to see if we have miniupnpc-1.5 or -1.6 + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <miniupnpc/miniupnpc.h>], + [upnpDiscover(1, 0, 0, 0);exit(0);])],[miniupnpc15="true"],[miniupnpc15="false"]) + + if test "$miniupnpc15" = "true" ; then + AC_DEFINE([MINIUPNPC15],[1],[libminiupnpc version 1.5 found]) + TOR_SEARCH_LIBRARY(libminiupnpc, $trylibminiupnpcdir, [-lminiupnpc $TOR_LIB_WS32 $TOR_LIB_IPHLPAPI], + [#include <miniupnpc/miniwget.h> + #include <miniupnpc/miniupnpc.h> + #include <miniupnpc/upnpcommands.h>], + [void upnpDiscover(int delay, const char * multicastif, + const char * minissdpdsock, int sameport);], + [upnpDiscover(1, 0, 0, 0); exit(0);], + [--with-libminiupnpc-dir], + [/usr/lib/]) + else + TOR_SEARCH_LIBRARY(libminiupnpc, $trylibminiupnpcdir, [-lminiupnpc $TOR_LIB_WS32 $TOR_LIB_IPHLPAPI], + [#include <miniupnpc/miniwget.h> + #include <miniupnpc/miniupnpc.h> + #include <miniupnpc/upnpcommands.h>], + [void upnpDiscover(int delay, const char * multicastif, + const char * minissdpdsock, int sameport, int ipv6, int * error);], + [upnpDiscover(1, 0, 0, 0, 0, 0); exit(0);], + [--with-libminiupnpc-dir], + [/usr/lib/]) + fi fi AC_SYS_LARGEFILE diff --git a/doc/tor.1.txt b/doc/tor.1.txt index e73377bdfd..98c97e717a 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1610,10 +1610,6 @@ DIRECTORY AUTHORITY SERVER OPTIONS votes on whether to accept relays as hidden service directories. (Default: 1) -GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays **0**|**1**:: - When this option is set to 0, do not vote to give the Guard flag to any - version of Tor vulnerable to CVE-2011-2769. (Default: 0) - HIDDEN SERVICE OPTIONS ---------------------- diff --git a/src/common/compat.c b/src/common/compat.c index 30bde3d1ca..0e8d144f56 100644 --- a/src/common/compat.c +++ b/src/common/compat.c @@ -123,16 +123,24 @@ int tor_open_cloexec(const char *path, int flags, unsigned mode) { + int fd; #ifdef O_CLOEXEC - return open(path, flags|O_CLOEXEC, mode); -#else - int fd = open(path, flags, mode); + fd = open(path, flags|O_CLOEXEC, mode); + if (fd >= 0) + return fd; + /* If we got an error, see if it is EINVAL. EINVAL might indicate that, + * event though we were built on a system with O_CLOEXEC support, we + * are running on one without. */ + if (errno != EINVAL) + return -1; +#endif + + fd = open(path, flags, mode); #ifdef FD_CLOEXEC if (fd >= 0) fcntl(fd, F_SETFD, FD_CLOEXEC); #endif return fd; -#endif } /** DOCDOC */ @@ -968,19 +976,31 @@ tor_open_socket(int domain, int type, int protocol) { tor_socket_t s; #ifdef SOCK_CLOEXEC -#define LINUX_CLOEXEC_OPEN_SOCKET - type |= SOCK_CLOEXEC; -#endif + s = socket(domain, type|SOCK_CLOEXEC, protocol); + if (SOCKET_OK(s)) + goto socket_ok; + /* If we got an error, see if it is EINVAL. EINVAL might indicate that, + * event though we were built on a system with SOCK_CLOEXEC support, we + * are running on one without. */ + if (errno != EINVAL) + return s; +#endif /* SOCK_CLOEXEC */ + s = socket(domain, type, protocol); - if (SOCKET_OK(s)) { -#if !defined(LINUX_CLOEXEC_OPEN_SOCKET) && defined(FD_CLOEXEC) - fcntl(s, F_SETFD, FD_CLOEXEC); + if (! SOCKET_OK(s)) + return s; + +#if defined(FD_CLOEXEC) + fcntl(s, F_SETFD, FD_CLOEXEC); #endif - socket_accounting_lock(); - ++n_sockets_open; - mark_socket_open(s); - socket_accounting_unlock(); - } + + goto socket_ok; /* So that socket_ok will not be unused. */ + + socket_ok: + socket_accounting_lock(); + ++n_sockets_open; + mark_socket_open(s); + socket_accounting_unlock(); return s; } @@ -990,20 +1010,31 @@ tor_accept_socket(tor_socket_t sockfd, struct sockaddr *addr, socklen_t *len) { tor_socket_t s; #if defined(HAVE_ACCEPT4) && defined(SOCK_CLOEXEC) -#define LINUX_CLOEXEC_ACCEPT s = accept4(sockfd, addr, len, SOCK_CLOEXEC); -#else - s = accept(sockfd, addr, len); + if (SOCKET_OK(s)) + goto socket_ok; + /* If we got an error, see if it is EINVAL. EINVAL might indicate that, + * event though we were built on a system with accept4 support, we + * are running on one without. */ + if (errno != EINVAL) + return s; #endif - if (SOCKET_OK(s)) { -#if !defined(LINUX_CLOEXEC_ACCEPT) && defined(FD_CLOEXEC) - fcntl(s, F_SETFD, FD_CLOEXEC); + + s = accept(sockfd, addr, len); + if (!SOCKET_OK(s)) + return s; + +#if defined(FD_CLOEXEC) + fcntl(s, F_SETFD, FD_CLOEXEC); #endif - socket_accounting_lock(); - ++n_sockets_open; - mark_socket_open(s); - socket_accounting_unlock(); - } + + goto socket_ok; /* So that socket_ok will not be unused. */ + + socket_ok: + socket_accounting_lock(); + ++n_sockets_open; + mark_socket_open(s); + socket_accounting_unlock(); return s; } @@ -1054,29 +1085,43 @@ tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2]) //don't use win32 socketpairs (they are always bad) #if defined(HAVE_SOCKETPAIR) && !defined(_WIN32) int r; + #ifdef SOCK_CLOEXEC - type |= SOCK_CLOEXEC; + r = socketpair(family, type|SOCK_CLOEXEC, protocol, fd); + if (r == 0) + goto sockets_ok; + /* If we got an error, see if it is EINVAL. EINVAL might indicate that, + * event though we were built on a system with SOCK_CLOEXEC support, we + * are running on one without. */ + if (errno != EINVAL) + return -errno; #endif + r = socketpair(family, type, protocol, fd); - if (r == 0) { -#if !defined(SOCK_CLOEXEC) && defined(FD_CLOEXEC) - if (SOCKET_OK(fd[0])) - fcntl(fd[0], F_SETFD, FD_CLOEXEC); - if (SOCKET_OK(fd[1])) - fcntl(fd[1], F_SETFD, FD_CLOEXEC); -#endif - socket_accounting_lock(); - if (SOCKET_OK(fd[0])) { - ++n_sockets_open; - mark_socket_open(fd[0]); - } - if (SOCKET_OK(fd[1])) { - ++n_sockets_open; - mark_socket_open(fd[1]); - } - socket_accounting_unlock(); + if (r < 0) + return -errno; + +#if defined(FD_CLOEXEC) + if (SOCKET_OK(fd[0])) + fcntl(fd[0], F_SETFD, FD_CLOEXEC); + if (SOCKET_OK(fd[1])) + fcntl(fd[1], F_SETFD, FD_CLOEXEC); +#endif + goto sockets_ok; /* So that sockets_ok will not be unused. */ + + sockets_ok: + socket_accounting_lock(); + if (SOCKET_OK(fd[0])) { + ++n_sockets_open; + mark_socket_open(fd[0]); } - return r < 0 ? -errno : r; + if (SOCKET_OK(fd[1])) { + ++n_sockets_open; + mark_socket_open(fd[1]); + } + socket_accounting_unlock(); + + return 0; #else /* This socketpair does not work when localhost is down. So * it's really not the same thing at all. But it's close enough diff --git a/src/or/buffers.c b/src/or/buffers.c index d4fc44ba9f..d60e54e87a 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -744,6 +744,9 @@ read_to_buf_tls(tor_tls_t *tls, size_t at_most, buf_t *buf) { int r = 0; size_t total_read = 0; + + check_no_tls_errors(); + check(); while (at_most > total_read) { diff --git a/src/or/config.c b/src/or/config.c index 696bbd0440..bfed4e5db4 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -295,8 +295,7 @@ static config_var_t _option_vars[] = { V(GeoIPFile, FILENAME, SHARE_DATADIR PATH_SEPARATOR "tor" PATH_SEPARATOR "geoip"), #endif - V(GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays, - BOOL, "0"), + OBSOLETE("GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays"), OBSOLETE("Group"), V(HardwareAccel, BOOL, "0"), V(HeartbeatPeriod, INTERVAL, "6 hours"), diff --git a/src/or/connection.c b/src/or/connection.c index 1c034c655b..d379533494 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -74,10 +74,14 @@ static void connection_send_socks5_connect(connection_t *conn); static const char *proxy_type_to_string(int proxy_type); static int get_proxy_type(void); -/** The last IPv4 address that our network interface seemed to have been - * binding to, in host order. We use this to detect when our IP changes. */ -static uint32_t last_interface_ip = 0; -/** A list of uint32_ts for addresses we've used in outgoing connections. +/** The last addresses that our network interface seemed to have been + * binding to. We use this as one way to detect when our IP changes. + * + * XXX024 We should really use the entire list of interfaces here. + **/ +static tor_addr_t *last_interface_ipv4 = NULL; +static tor_addr_t *last_interface_ipv6 = NULL; +/** A list of tor_addr_t for addresses we've used in outgoing connections. * Used to detect IP address changes. */ static smartlist_t *outgoing_addrs = NULL; @@ -3694,47 +3698,62 @@ alloc_http_authenticator(const char *authenticator) static void client_check_address_changed(tor_socket_t sock) { - uint32_t iface_ip, ip_out; /* host order */ - struct sockaddr_in out_addr; - socklen_t out_addr_len = (socklen_t) sizeof(out_addr); - uint32_t *ip; /* host order */ + struct sockaddr_storage out_sockaddr; + socklen_t out_addr_len = (socklen_t) sizeof(out_sockaddr); + tor_addr_t out_addr, iface_addr; + tor_addr_t **last_interface_ip_ptr; + sa_family_t family; - if (!last_interface_ip) - get_interface_address(LOG_INFO, &last_interface_ip); if (!outgoing_addrs) outgoing_addrs = smartlist_new(); - if (getsockname(sock, (struct sockaddr*)&out_addr, &out_addr_len)<0) { + if (getsockname(sock, (struct sockaddr*)&out_sockaddr, &out_addr_len)<0) { int e = tor_socket_errno(sock); log_warn(LD_NET, "getsockname() to check for address change failed: %s", tor_socket_strerror(e)); return; } + tor_addr_from_sockaddr(&out_addr, (struct sockaddr*)&out_sockaddr, NULL); + family = tor_addr_family(&out_addr); + + if (family == AF_INET) + last_interface_ip_ptr = &last_interface_ipv4; + else if (family == AF_INET6) + last_interface_ip_ptr = &last_interface_ipv6; + else + return; + + if (! *last_interface_ip_ptr) { + tor_addr_t *a = tor_malloc_zero(sizeof(tor_addr_t)); + if (get_interface_address6(LOG_INFO, family, a)==0) { + *last_interface_ip_ptr = a; + } else { + tor_free(a); + } + } /* If we've used this address previously, we're okay. */ - ip_out = ntohl(out_addr.sin_addr.s_addr); - SMARTLIST_FOREACH(outgoing_addrs, uint32_t*, ip_ptr, - if (*ip_ptr == ip_out) return; + SMARTLIST_FOREACH(outgoing_addrs, const tor_addr_t *, a_ptr, + if (tor_addr_eq(a_ptr, &out_addr)) + return; ); /* Uh-oh. We haven't connected from this address before. Has the interface * address changed? */ - if (get_interface_address(LOG_INFO, &iface_ip)<0) + if (get_interface_address6(LOG_INFO, family, &iface_addr)<0) return; - ip = tor_malloc(sizeof(uint32_t)); - *ip = ip_out; - if (iface_ip == last_interface_ip) { + if (tor_addr_eq(&iface_addr, *last_interface_ip_ptr)) { /* Nope, it hasn't changed. Add this address to the list. */ - smartlist_add(outgoing_addrs, ip); + smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t))); } else { /* The interface changed. We're a client, so we need to regenerate our * keys. First, reset the state. */ log(LOG_NOTICE, LD_NET, "Our IP address has changed. Rotating keys..."); - last_interface_ip = iface_ip; - SMARTLIST_FOREACH(outgoing_addrs, void*, ip_ptr, tor_free(ip_ptr)); + tor_addr_copy(*last_interface_ip_ptr, &iface_addr); + SMARTLIST_FOREACH(outgoing_addrs, tor_addr_t*, a_ptr, tor_free(a_ptr)); smartlist_clear(outgoing_addrs); - smartlist_add(outgoing_addrs, ip); + smartlist_add(outgoing_addrs, tor_memdup(&out_addr, sizeof(tor_addr_t))); /* Okay, now change our keys. */ ip_address_changed(1); } @@ -4234,7 +4253,7 @@ connection_free_all(void) SMARTLIST_FOREACH(conns, connection_t *, conn, _connection_free(conn)); if (outgoing_addrs) { - SMARTLIST_FOREACH(outgoing_addrs, void*, addr, tor_free(addr)); + SMARTLIST_FOREACH(outgoing_addrs, tor_addr_t *, addr, tor_free(addr)); smartlist_free(outgoing_addrs); outgoing_addrs = NULL; } diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 11f235caf4..1c2579865f 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -2417,8 +2417,7 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, routerbw >= options->AuthDirGuardBWGuarantee) || routerbw >= MIN(guard_bandwidth_including_exits, guard_bandwidth_excluding_exits)) && - (options->GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays || - is_router_version_good_for_possible_guard(ri->platform))) { + is_router_version_good_for_possible_guard(ri->platform)) { long tk = rep_hist_get_weighted_time_known( node->identity, now); double wfu = rep_hist_get_weighted_fractional_uptime( diff --git a/src/or/or.h b/src/or/or.h index c323595f1e..b8fee649ea 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -187,7 +187,7 @@ #define ROUTER_MAX_AGE (60*60*48) /** How old can a router get before we (as a server) will no longer * consider it live? In seconds. */ -#define ROUTER_MAX_AGE_TO_PUBLISH (60*60*20) +#define ROUTER_MAX_AGE_TO_PUBLISH (60*60*24) /** How old do we let a saved descriptor get before force-removing it? */ #define OLD_ROUTER_DESC_MAX_AGE (60*60*24*5) @@ -3270,10 +3270,6 @@ typedef struct { * number of servers per IP address shared * with an authority. */ - /** Should we assign the Guard flag to relays which would allow - * exploitation of CVE-2011-2768 against their clients? */ - int GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays; - /** If non-zero, always vote the Fast flag for any relay advertising * this amount of capacity or more. */ uint64_t AuthDirFastGuarantee; diff --git a/src/or/router.c b/src/or/router.c index eb201f4bc9..4cdfd02e56 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -651,15 +651,27 @@ init_keys(void) return -1; } if (mydesc) { + was_router_added_t added; ri = router_parse_entry_from_string(mydesc, NULL, 1, 0, NULL); if (!ri) { log_err(LD_GENERAL,"Generated a routerinfo we couldn't parse."); return -1; } - if (!WRA_WAS_ADDED(dirserv_add_descriptor(ri, &m, "self"))) { - log_err(LD_GENERAL,"Unable to add own descriptor to directory: %s", - m?m:"<unknown error>"); - return -1; + added = dirserv_add_descriptor(ri, &m, "self"); + if (!WRA_WAS_ADDED(added)) { + if (!WRA_WAS_OUTDATED(added)) { + log_err(LD_GENERAL, "Unable to add own descriptor to directory: %s", + m?m:"<unknown error>"); + return -1; + } else { + /* If the descriptor was outdated, that's ok. This can happen + * when some config options are toggled that affect workers, but + * we don't really need new keys yet so the descriptor doesn't + * change and the old one is still fresh. */ + log_info(LD_GENERAL, "Couldn't add own descriptor to directory " + "after key init: %s. This is usually not a problem.", + m?m:"<unknown error>"); + } } } } diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 160f340dcf..a64b93f3a9 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -5082,7 +5082,7 @@ router_reset_descriptor_download_failures(void) /** Any changes in a router descriptor's publication time larger than this are * automatically non-cosmetic. */ -#define ROUTER_MAX_COSMETIC_TIME_DIFFERENCE (12*60*60) +#define ROUTER_MAX_COSMETIC_TIME_DIFFERENCE (2*60*60) /** We allow uptime to vary from how much it ought to be by this much. */ #define ROUTER_ALLOW_UPTIME_DRIFT (6*60*60) diff --git a/src/tools/tor-fw-helper/tor-fw-helper-upnp.c b/src/tools/tor-fw-helper/tor-fw-helper-upnp.c index 442eae514e..ee56f71628 100644 --- a/src/tools/tor-fw-helper/tor-fw-helper-upnp.c +++ b/src/tools/tor-fw-helper/tor-fw-helper-upnp.c @@ -78,7 +78,11 @@ tor_upnp_init(tor_fw_options_t *options, void *backend_state) memset(&(state->data), 0, sizeof(struct IGDdatas)); state->init = 0; +#ifdef MINIUPNPC15 devlist = upnpDiscover(UPNP_DISCOVER_TIMEOUT, NULL, NULL, 0); +#else + devlist = upnpDiscover(UPNP_DISCOVER_TIMEOUT, NULL, NULL, 0, 0, NULL); +#endif if (NULL == devlist) { fprintf(stderr, "E: upnpDiscover returned: NULL\n"); return UPNP_ERR_NODEVICESFOUND; @@ -178,7 +182,11 @@ tor_upnp_add_tcp_mapping(tor_fw_options_t *options, void *backend_state) r = UPNP_AddPortMapping(state->urls.controlURL, state->data.first.servicetype, external_port_str, internal_port_str, +#ifdef MINIUPNPC15 state->lanaddr, UPNP_DESC, "TCP", 0); +#else + state->lanaddr, UPNP_DESC, "TCP", 0, 0); +#endif if (r != UPNPCOMMAND_SUCCESS) return UPNP_ERR_ADDPORTMAPPING; |