include $(TOPDIR)/rules.mk
PKG_NAME:=miniupnpd
-PKG_VERSION:=2.2.3
-PKG_RELEASE:=$(AUTORELEASE)
-PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=f89c310ce9575183af3fec61af65e548f85114133df8caaaa9e204c13b7a9da5
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/miniupnp/miniupnp.git
+PKG_SOURCE_DATE:=2022-08-06
+PKG_SOURCE_VERSION:=fa42d8f9316bf9c1ca14317e5a6e0d4a21365629
+PKG_MIRROR_HASH:=06662c7cf8f553f625cd968d12ea732db4193706510ed0db6e8bdd1c6b935c50
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)/miniupnpd
PKG_MAINTAINER:=
PKG_LICENSE:=BSD-3-Clause
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/version.mk
+TAR_OPTIONS+= --strip-components 1
+TAR_CMD=$(HOST_TAR) -C $(1)/.. $(TAR_OPTIONS)
+
define Package/miniupnpd/Default
SECTION:=net
CATEGORY:=Network
external_iface=$(uci -q get upnpd.config.external_iface)
external_iface6=$(uci -q get upnpd.config.external_iface6)
external_zone=$(uci -q get upnpd.config.external_zone)
+[ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3"
. /lib/functions/network.sh
network_get_device ifname "$external_iface"
else
if [ -n "$external_zone" ] ; then
- ifname=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+ ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
else
network_find_wan external_iface && \
network_get_device ifname "$external_iface"
network_get_device ifname6 "$external_iface6"
else
if [ -n "$external_zone" ] ; then
- ifname6=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+ ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
else
network_find_wan6 external_iface6 && \
network_get_device ifname6 "$external_iface6"
STOP=15
USE_PROCD=1
PROG=/usr/sbin/miniupnpd
+[ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3"
upnpd_get_port_range() {
local var="$1"; shift
network_get_device ifname "$external_iface"
else
if [ -n "$external_zone" ] ; then
- ifname=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+ ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
else
network_find_wan external_iface && \
network_get_device ifname "$external_iface"
network_get_device ifname6 "$external_iface6"
else
if [ -n "$external_zone" ] ; then
- ifname6=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+ ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
else
network_find_wan6 external_iface6 && \
network_get_device ifname6 "$external_iface6"
config_foreach conf_rule_add perm_rule
+ if [ "Z$FW" = "Zfw4" ]; then
+ #When using nftables configure miniupnpd to use its own table and chains
+ echo "upnp_table_name=miniupnpd"
+ echo "upnp_nat_table_name=miniupnpd"
+ echo "upnp_forward_chain=forward"
+ echo "upnp_nat_chain=prerouting"
+ echo "upnp_nat_postrouting_chain=postrouting"
+ fi
+
} > "$tmpconf"
fi
if [ -n "$ifname" ]; then
# start firewall
- iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
+ if [ "Z$FW" = "Zfw4" ]; then
+ #Add a miniupnpd table so that when fw4 reloads port-forwadings aren't lost, also give it priority so that port-forwards are considered before standard firewall rules
+ nft add table inet miniupnpd
+ nft add chain inet miniupnpd forward { type filter hook forward priority -20 \; policy accept \; comment \"Miniupnpd forwarding table\" \; }
+ nft add chain inet miniupnpd prerouting { type nat hook prerouting priority dstnat -20 \; policy accept \; comment \"Miniupnpd prerouting table\" \; }
+ nft add chain inet miniupnpd postrouting { type nat hook postrouting priority srcnat -20 \; policy accept \; comment \"Miniupnpd postrouting table\" \; }
+ else
+ iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
+ fi
else
logger -t "upnp daemon" "external interface not found, not starting"
fi
}
stop_service() {
- iptables -t nat -F MINIUPNPD 2>/dev/null
- iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
- iptables -t filter -F MINIUPNPD 2>/dev/null
-
- [ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
+ if [ "Z$FW" = "Zfw3" ]; then
+ iptables -t nat -F MINIUPNPD 2>/dev/null
+ iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
+ iptables -t filter -F MINIUPNPD 2>/dev/null
+ [ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
+ else
+ #delete the table removing port-forwardings when exiting
+ nft delete table inet miniupnpd
+ fi
}
start_service() {
service_triggers() {
procd_add_reload_trigger "upnpd"
-}
+}
\ No newline at end of file
+++ /dev/null
-From 51a422407b22f0cb7188ea4bfb3867b2bbfcfe68 Mon Sep 17 00:00:00 2001
-From: Stijn Tintel <stijn@linux-ipv6.be>
-Date: Sun, 7 Nov 2021 20:24:29 +0200
-Subject: [PATCH] miniupnpd/configure: don't hardcode iptables
-
-The OpenWrt Makefile that builds miniupnpd passes the firewall argument
-to the configure script, so this is not needed and it is blocking us
-from using nftables instead, which will be the default backend for
-firewall4 to be used in the next OpenWrt stable release.
-
-Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
----
- configure | 1 -
- 1 file changed, 1 deletion(-)
-
---- a/configure
-+++ b/configure
-@@ -387,7 +387,6 @@ case $OS_NAME in
- OpenWRT)
- OS_URL=http://www.openwrt.org/
- echo "#define USE_IFACEWATCHER 1" >> ${CONFIGFILE}
-- FW=iptables
- ;;
- OpenEmbedded)
- OS_URL=http://www.openembedded.org/
projects / feed / packages.git / commitdiff