miniupnpd: bump to latest git source

Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>

diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile
index 2a1372755e29a110ec4342aef0887b5a947bea7c..45950ccc9dd06912b12a93c387a6092ef17846e6 100644 (file)
--- a/net/miniupnpd/Makefile
+++ b/net/miniupnpd/Makefile
@@ -8,12 +8,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=miniupnpd
-PKG_VERSION:=2.2.3
+PKG_VERSION:=2.3.0
 PKG_RELEASE:=$(AUTORELEASE)
 
-PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=f89c310ce9575183af3fec61af65e548f85114133df8caaaa9e204c13b7a9da5
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/miniupnp/miniupnp.git
+PKG_SOURCE_DATE:=2022-03-20
+PKG_SOURCE_VERSION:=fda61180e07abd222623e54b9239557bbffbc21d
+PKG_MIRROR_HASH:=f81a5b920f1bddb5673a2455461d4dca20d17138f5488713c5a759f2a64e9f18
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)/miniupnpd
 
 PKG_MAINTAINER:=
 PKG_LICENSE:=BSD-3-Clause
@@ -26,6 +29,9 @@ PKG_BUILD_PARALLEL:=1
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/version.mk
 
+TAR_OPTIONS+= --strip-components 1
+TAR_CMD=$(HOST_TAR) -C $(1)/.. $(TAR_OPTIONS)
+
 define Package/miniupnpd/Default
   SECTION:=net
   CATEGORY:=Network
@@ -109,6 +115,10 @@ endef
 
 define Package/miniupnpd-nftables/install
        $(call Package/miniupnpd/install/Default,$1)
+       $(INSTALL_DIR) $(1)/usr/share/miniupnpd
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/etc/miniupnpd/miniupnpd_functions.sh $(1)/usr/share/miniupnpd/miniupnpd_functions.sh
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/etc/miniupnpd/nft_init.sh $(1)/usr/share/miniupnpd/nft_init.sh
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/etc/miniupnpd/nft_removeall.sh $(1)/usr/share/miniupnpd/nft_removeall.sh
 endef
 
 $(eval $(call BuildPackage,miniupnpd-iptables))

diff --git a/net/miniupnpd/files/miniupnpd.hotplug b/net/miniupnpd/files/miniupnpd.hotplug
index 63d6114b6ca2ca24b1c998ef71c31558b82e563d..607a32bdc6885b2ecfceb5b77b7eca0b5efca174 100644 (file)
--- a/net/miniupnpd/files/miniupnpd.hotplug
+++ b/net/miniupnpd/files/miniupnpd.hotplug
@@ -13,6 +13,7 @@ tmpconf="/var/etc/miniupnpd.conf"
 external_iface=$(uci -q get upnpd.config.external_iface)
 external_iface6=$(uci -q get upnpd.config.external_iface6)
 external_zone=$(uci -q get upnpd.config.external_zone)
+[ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3"
 
 . /lib/functions/network.sh
 
@@ -20,7 +21,7 @@ if [ -n "$external_iface" ] ; then
        network_get_device ifname "$external_iface"
 else
        if [ -n "$external_zone" ] ; then
-               ifname=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+               ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
        else
                network_find_wan external_iface && \
                        network_get_device ifname "$external_iface"
@@ -30,7 +31,7 @@ if [ -n "$external_iface6" ] ; then
        network_get_device ifname6 "$external_iface6"
 else
        if [ -n "$external_zone" ] ; then
-               ifname6=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+               ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
        else
                network_find_wan6 external_iface6 && \
                        network_get_device ifname6 "$external_iface6"

diff --git a/net/miniupnpd/files/miniupnpd.init b/net/miniupnpd/files/miniupnpd.init
index cc13e04407414d3400021fa03eb02c40f99bd9b4..1b0466672bea7ccbd527570455c234ccb0f1894b 100644 (file)
--- a/net/miniupnpd/files/miniupnpd.init
+++ b/net/miniupnpd/files/miniupnpd.init
@@ -5,6 +5,8 @@ START=94
 STOP=15
 USE_PROCD=1
 PROG=/usr/sbin/miniupnpd
+NFT_SCRIPTS_DIR=/usr/share/miniupnpd
+[ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3"
 
 upnpd_get_port_range() {
        local var="$1"; shift
@@ -98,7 +100,7 @@ upnpd() {
                network_get_device ifname "$external_iface"
        else
                if [ -n "$external_zone" ] ; then
-                       ifname=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+                       ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
                else
                        network_find_wan external_iface && \
                                network_get_device ifname "$external_iface"
@@ -108,7 +110,7 @@ upnpd() {
                network_get_device ifname6 "$external_iface6"
        else
                if [ -n "$external_zone" ] ; then
-                       ifname6=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+                       ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
                else
                        network_find_wan6 external_iface6 && \
                                network_get_device ifname6 "$external_iface6"
@@ -176,7 +178,12 @@ upnpd() {
 
        if [ -n "$ifname" ]; then
                # start firewall
-               iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
+               if [ "Z$FW" = "Zfw4" ]; then
+                       $NFT_SCRIPTS_DIR/nft_init.sh 2>/dev/null
+                       fw4 reload
+               else
+                       iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
+               fi
        else
                logger -t "upnp daemon" "external interface not found, not starting"
        fi
@@ -189,11 +196,16 @@ upnpd() {
 }
 
 stop_service() {
-       iptables -t nat -F MINIUPNPD 2>/dev/null
-       iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
-       iptables -t filter -F MINIUPNPD 2>/dev/null
+       if [ "Z$FW" = "Zfw4" ]; then
+               $NFT_SCRIPTS_DIR/nft_removeall.sh 2>/dev/null
+               fw4 reload
+       else
+               iptables -t nat -F MINIUPNPD 2>/dev/null
+               iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
+               iptables -t filter -F MINIUPNPD 2>/dev/null
 
-       [ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
+               [ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
+       fi
 }
 
 start_service() {

diff --git a/net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch b/net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch
deleted file mode 100644 (file)
index c6f24b2..0000000
--- a/net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 51a422407b22f0cb7188ea4bfb3867b2bbfcfe68 Mon Sep 17 00:00:00 2001
-From: Stijn Tintel <stijn@linux-ipv6.be>
-Date: Sun, 7 Nov 2021 20:24:29 +0200
-Subject: [PATCH] miniupnpd/configure: don't hardcode iptables
-
-The OpenWrt Makefile that builds miniupnpd passes the firewall argument
-to the configure script, so this is not needed and it is blocking us
-from using nftables instead, which will be the default backend for
-firewall4 to be used in the next OpenWrt stable release.
-
-Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
----
- configure | 1 -
- 1 file changed, 1 deletion(-)
-
---- a/configure
-+++ b/configure
-@@ -387,7 +387,6 @@ case $OS_NAME in
-       OpenWRT)
-               OS_URL=http://www.openwrt.org/
-               echo "#define USE_IFACEWATCHER 1" >> ${CONFIGFILE}
--              FW=iptables
-               ;;
-       OpenEmbedded)
-               OS_URL=http://www.openembedded.org/

diff --git a/net/miniupnpd/patches/201-change-default-chain-rule-to-accept.patch b/net/miniupnpd/patches/201-change-default-chain-rule-to-accept.patch
new file mode 100644 (file)
index 0000000..2ca00a7
--- /dev/null
+++ b/net/miniupnpd/patches/201-change-default-chain-rule-to-accept.patch
@@ -0,0 +1,13 @@
+--- a/netfilter_nft/scripts/nft_init.sh
++++ b/netfilter_nft/scripts/nft_init.sh
+@@ -19,8 +19,8 @@ echo "Creating nftables structure"
+ cat > /tmp/miniupnpd.nft <<EOF
+ table inet $TABLE {
+     chain forward {
+-        type filter hook forward priority 0;
+-        policy drop;
++        type filter hook forward priority -25;
++        policy accept;
+ 
+         # miniupnpd
+         jump $CHAIN