diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile index 2a1372755..4eebdd825 100644 --- a/net/miniupnpd/Makefile +++ b/net/miniupnpd/Makefile @@ -8,12 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=miniupnpd -PKG_VERSION:=2.2.3 -PKG_RELEASE:=$(AUTORELEASE) -PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_HASH:=f89c310ce9575183af3fec61af65e548f85114133df8caaaa9e204c13b7a9da5 +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/miniupnp/miniupnp.git +PKG_SOURCE_DATE:=2022-08-06 +PKG_SOURCE_VERSION:=fa42d8f9316bf9c1ca14317e5a6e0d4a21365629 +PKG_MIRROR_HASH:=06662c7cf8f553f625cd968d12ea732db4193706510ed0db6e8bdd1c6b935c50 +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)/miniupnpd PKG_MAINTAINER:= PKG_LICENSE:=BSD-3-Clause @@ -26,6 +27,9 @@ PKG_BUILD_PARALLEL:=1 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/version.mk +TAR_OPTIONS+= --strip-components 1 +TAR_CMD=$(HOST_TAR) -C $(1)/.. $(TAR_OPTIONS) + define Package/miniupnpd/Default SECTION:=net CATEGORY:=Network diff --git a/net/miniupnpd/files/miniupnpd.hotplug b/net/miniupnpd/files/miniupnpd.hotplug index 63d6114b6..607a32bdc 100644 --- a/net/miniupnpd/files/miniupnpd.hotplug +++ b/net/miniupnpd/files/miniupnpd.hotplug @@ -13,6 +13,7 @@ tmpconf="/var/etc/miniupnpd.conf" external_iface=$(uci -q get upnpd.config.external_iface) external_iface6=$(uci -q get upnpd.config.external_iface6) external_zone=$(uci -q get upnpd.config.external_zone) +[ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3" . /lib/functions/network.sh @@ -20,7 +21,7 @@ if [ -n "$external_iface" ] ; then network_get_device ifname "$external_iface" else if [ -n "$external_zone" ] ; then - ifname=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1) + ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1) else network_find_wan external_iface && \ network_get_device ifname "$external_iface" @@ -30,7 +31,7 @@ if [ -n "$external_iface6" ] ; then network_get_device ifname6 "$external_iface6" else if [ -n "$external_zone" ] ; then - ifname6=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1) + ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1) else network_find_wan6 external_iface6 && \ network_get_device ifname6 "$external_iface6" diff --git a/net/miniupnpd/files/miniupnpd.init b/net/miniupnpd/files/miniupnpd.init index cc13e0440..1caa03d84 100644 --- a/net/miniupnpd/files/miniupnpd.init +++ b/net/miniupnpd/files/miniupnpd.init @@ -5,6 +5,7 @@ START=94 STOP=15 USE_PROCD=1 PROG=/usr/sbin/miniupnpd +[ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3" upnpd_get_port_range() { local var="$1"; shift @@ -98,7 +99,7 @@ upnpd() { network_get_device ifname "$external_iface" else if [ -n "$external_zone" ] ; then - ifname=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1) + ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1) else network_find_wan external_iface && \ network_get_device ifname "$external_iface" @@ -108,7 +109,7 @@ upnpd() { network_get_device ifname6 "$external_iface6" else if [ -n "$external_zone" ] ; then - ifname6=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1) + ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1) else network_find_wan6 external_iface6 && \ network_get_device ifname6 "$external_iface6" @@ -171,12 +172,29 @@ upnpd() { config_foreach conf_rule_add perm_rule + if [ "Z$FW" = "Zfw4" ]; then + #When using nftables configure miniupnpd to use its own table and chains + echo "upnp_table_name=miniupnpd" + echo "upnp_nat_table_name=miniupnpd" + echo "upnp_forward_chain=forward" + echo "upnp_nat_chain=prerouting" + echo "upnp_nat_postrouting_chain=postrouting" + fi + } > "$tmpconf" fi if [ -n "$ifname" ]; then # start firewall - iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload + if [ "Z$FW" = "Zfw4" ]; then + #Add a miniupnpd table so that when fw4 reloads port-forwadings aren't lost, also give it priority so that port-forwards are considered before standard firewall rules + nft add table inet miniupnpd + nft add chain inet miniupnpd forward { type filter hook forward priority -20 \; policy accept \; comment \"Miniupnpd forwarding table\" \; } + nft add chain inet miniupnpd prerouting { type nat hook prerouting priority dstnat -20 \; policy accept \; comment \"Miniupnpd prerouting table\" \; } + nft add chain inet miniupnpd postrouting { type nat hook postrouting priority srcnat -20 \; policy accept \; comment \"Miniupnpd postrouting table\" \; } + else + iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload + fi else logger -t "upnp daemon" "external interface not found, not starting" fi @@ -189,11 +207,15 @@ upnpd() { } stop_service() { - iptables -t nat -F MINIUPNPD 2>/dev/null - iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null - iptables -t filter -F MINIUPNPD 2>/dev/null - - [ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null + if [ "Z$FW" = "Zfw3" ]; then + iptables -t nat -F MINIUPNPD 2>/dev/null + iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null + iptables -t filter -F MINIUPNPD 2>/dev/null + [ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null + else + #delete the table removing port-forwardings when exiting + nft delete table inet miniupnpd + fi } start_service() { @@ -203,4 +225,4 @@ start_service() { service_triggers() { procd_add_reload_trigger "upnpd" -} +} \ No newline at end of file diff --git a/net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch b/net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch deleted file mode 100644 index c6f24b282..000000000 --- a/net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 51a422407b22f0cb7188ea4bfb3867b2bbfcfe68 Mon Sep 17 00:00:00 2001 -From: Stijn Tintel -Date: Sun, 7 Nov 2021 20:24:29 +0200 -Subject: [PATCH] miniupnpd/configure: don't hardcode iptables - -The OpenWrt Makefile that builds miniupnpd passes the firewall argument -to the configure script, so this is not needed and it is blocking us -from using nftables instead, which will be the default backend for -firewall4 to be used in the next OpenWrt stable release. - -Signed-off-by: Stijn Tintel ---- - configure | 1 - - 1 file changed, 1 deletion(-) - ---- a/configure -+++ b/configure -@@ -387,7 +387,6 @@ case $OS_NAME in - OpenWRT) - OS_URL=http://www.openwrt.org/ - echo "#define USE_IFACEWATCHER 1" >> ${CONFIGFILE} -- FW=iptables - ;; - OpenEmbedded) - OS_URL=http://www.openembedded.org/