#!/bin/sh /etc/rc.common # Copyright (C) 2006-2014 OpenWrt.org START=94 STOP=15 SERVICE_USE_PID=1 upnpd_get_port_range() { local var="$1"; shift local val config_get val "$@" case "$val" in [0-9]*[:-][0-9]*) export -n -- "${var}_start=${val%%[:-]*}" export -n -- "${var}_end=${val##*[:-]}" ;; [0-9]*) export -n -- "${var}_start=$val" export -n -- "${var}_end=" ;; esac } conf_rule_add() { local cfg="$1" local tmpconf="$2" local action external_port_start external_port_end int_addr local internal_port_start internal_port_end comment config_get action "$cfg" action "deny" # allow or deny upnpd_get_port_range "ext" "$cfg" ext_ports "0-65535" # external ports: x, x-y, x:y config_get int_addr "$cfg" int_addr "0.0.0.0/0" # ip or network and subnet mask (internal) upnpd_get_port_range "int" "$cfg" int_ports "0-65535" # internal ports: x, x-y, x:y or range config_get comment "$cfg" comment "ACL" # comment # Make a single IP IP/32 so that miniupnpd.conf can use it. [ "${int_addr%/*}" = "$int_addr" ] && int_addr="$int_addr/32" echo "$action $ext_start${ext_end:+-}$ext_end $int_addr $int_start${int_end:+-}$int_end #$comment" >>$tmpconf } upnpd_write_bool() { local opt="$1" local def="${2:-0}" local alt="${3:-$opt}" local val config_get_bool val config "$opt" "$def" if [ "$val" -eq 0 ]; then echo "$alt=no" >> $tmpconf else echo "$alt=yes" >> $tmpconf fi } boot() { return } start() { config_load "upnpd" local extiface intiface upload download logging secure enabled natpmp local extip port usesysuptime conffile serial_number model_number local uuid notify_interval presentation_url enable_upnp local upnp_lease_file clean_ruleset_threshold clean_ruleset_interval local ipv6_listening_ip enabled config_get_bool enabled config enabled 1 [ "$enabled" -eq 0 ] && return 1 config_get extiface config external_iface config_get extzone config external_zone config_get intiface config internal_iface config_get extip config external_ip config_get port config port 5000 config_get upload config upload config_get download config download config_get_bool logging config log_output 0 config_get conffile config config_file config_get serial_number config serial_number config_get model_number config model_number config_get uuid config uuid config_get notify_interval config notify_interval config_get presentation_url config presentation_url config_get upnp_lease_file config upnp_lease_file config_get clean_ruleset_threshold config clean_ruleset_threshold config_get clean_ruleset_interval config clean_ruleset_interval config_get ipv6_listening_ip config ipv6_listening_ip local args ifname . /lib/functions/network.sh # manual external interface overrides everything if [ -z "$extiface" ] ; then # manual external zone (if dynamically find interfaces # belonging to it) overrides network_find_wan* if [ -n "$extzone" ] ; then ifname=$(fw3 -q zone $extzone | head -1) fi [ -n "$extiface" ] || network_find_wan extiface [ -n "$extiface" ] || network_find_wan6 extiface fi [ -n "$ifname" ] || network_get_device ifname $extiface if [ -n "$conffile" ]; then args="-f $conffile" else local tmpconf="/var/etc/miniupnpd.conf" args="-f $tmpconf" mkdir -p /var/etc echo "ext_ifname=$ifname" >$tmpconf [ -n "$extip" ] && \ echo "ext_ip=$extip" >>$tmpconf local iface for iface in ${intiface:-lan}; do local device network_get_device device "$iface" && { echo "listening_ip=$device" >>$tmpconf } done [ "$port" != "auto" ] && \ echo "port=$port" >>$tmpconf config_load "upnpd" upnpd_write_bool enable_natpmp 1 upnpd_write_bool enable_upnp 1 upnpd_write_bool secure_mode 1 upnpd_write_bool pcp_allow_thirdparty 0 upnpd_write_bool system_uptime 1 upnpd_write_bool igdv1 0 force_igd_desc_v1 [ -n "$upnp_lease_file" ] && \ echo "lease_file=$upnp_lease_file" >>$tmpconf [ -n "$upload" -a -n "$download" ] && { echo "bitrate_down=$(($download * 1024 * 8))" >>$tmpconf echo "bitrate_up=$(($upload * 1024 * 8))" >>$tmpconf } [ -n "${presentation_url}" ] && \ echo "presentation_url=${presentation_url}" >>$tmpconf [ -n "${notify_interval}" ] && \ echo "notify_interval=${notify_interval}" >>$tmpconf [ -n "${clean_ruleset_threshold}" ] && \ echo "clean_ruleset_threshold=${clean_ruleset_threshold}" >>$tmpconf [ -n "${clean_ruleset_interval}" ] && \ echo "clean_ruleset_interval=${clean_ruleset_interval}" >>$tmpconf [ -n "${ipv6_listening_ip}" ] && \ echo "ipv6_listening_ip=${ipv6_listening_ip}" >>$tmpconf [ -z "$uuid" ] && { uuid="$(cat /proc/sys/kernel/random/uuid)" uci set upnpd.config.uuid=$uuid uci commit upnpd } [ "$uuid" = "nocli" ] || \ echo "uuid=$uuid" >>$tmpconf [ -n "${serial_number}" ] && \ echo "serial=${serial_number}" >>$tmpconf [ -n "${model_number}" ] && \ echo "model_number=${model_number}" >>$tmpconf config_foreach conf_rule_add perm_rule "$tmpconf" fi if [ -n "$ifname" ]; then # start firewall iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload if [ "$logging" = "1" ]; then SERVICE_DAEMONIZE=1 \ service_start /usr/sbin/miniupnpd $args -d else SERVICE_DAEMONIZE= \ service_start /usr/sbin/miniupnpd $args fi else logger -t "upnp daemon" "external interface not found, not starting" fi } stop() { service_stop /usr/sbin/miniupnpd iptables -t nat -F MINIUPNPD 2>/dev/null iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null iptables -t filter -F MINIUPNPD 2>/dev/null [ -x /usr/sbin/ip6tables ] && { ip6tables -t filter -F MINIUPNPD 2>/dev/null } }