PKG_NAME:=miniupnpd
PKG_VERSION:=2.2.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/version.mk
-define Package/miniupnpd
+define Package/miniupnpd/Default
SECTION:=net
CATEGORY:=Network
DEPENDS:= \
- +IPV6:ip6tables \
- +IPV6:libip6tc \
- +iptables \
+libcap-ng \
- +libip4tc \
+libmnl \
- +libnetfilter-conntrack \
+libuuid
+ PROVIDES:=miniupnpd
TITLE:=Lightweight UPnP IGD, NAT-PMP & PCP daemon
SUBMENU:=Firewall
URL:=https://miniupnp.tuxfamily.org/
endef
-define Package/miniupnpd/conffiles
+define Package/miniupnpd-iptables
+ $(call Package/miniupnpd/Default)
+ CONFLICTS:=miniupnpd-nftables
+ DEPENDS+= \
+ +IPV6:ip6tables \
+ +IPV6:libip6tc \
+ +iptables \
+ +libip4tc \
+ +libnetfilter-conntrack
+ TITLE+= (iptables)
+ VARIANT:=iptables
+endef
+
+define Package/miniupnpd-nftables
+ $(call Package/miniupnpd/Default)
+ DEPENDS+= \
+ +libnftnl
+ TITLE+= (nftables)
+ VARIANT:=nftables
+endef
+
+define Package/miniupnpd/conffiles/Default
/etc/config/upnpd
endef
+Package/miniupnpd-iptables/conffiles = $(Package/miniupnpd/conffiles/Default)
+Package/miniupnpd-nftables/conffiles = $(Package/miniupnpd/conffiles/Default)
+
define Build/Prepare
$(call Build/Prepare/Default)
echo "$(VERSION_NUMBER)" | tr '() ' '_' >$(PKG_BUILD_DIR)/os.openwrt
--igd2 \
--leasefile \
--portinuse \
- --firewall=iptables \
+ --firewall=$(BUILD_VARIANT) \
--disable-fork
-TARGET_CFLAGS += $(FPIC) -flto
+TARGET_CFLAGS += $(FPIC)
TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
-define Package/miniupnpd/install
+ifeq ($(BUILD_VARIANT),iptables)
+ TARGET_CFLAGS += -flto
+endif
+
+define Package/miniupnpd/install/Default
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
- $(INSTALL_DIR) $(1)/etc/uci-defaults
- $(INSTALL_DIR) $(1)/usr/share/miniupnpd
-
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/miniupnpd $(1)/usr/sbin/miniupnpd
$(INSTALL_BIN) ./files/miniupnpd.init $(1)/etc/init.d/miniupnpd
$(INSTALL_CONF) ./files/upnpd.config $(1)/etc/config/upnpd
$(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/iface/50-miniupnpd
- $(INSTALL_BIN) ./files/miniupnpd.defaults $(1)/etc/uci-defaults/99-miniupnpd
- $(INSTALL_DATA) ./files/firewall.include $(1)/usr/share/miniupnpd/firewall.include
endef
-$(eval $(call BuildPackage,miniupnpd))
+define Package/miniupnpd-iptables/install
+ $(call Package/miniupnpd/install/Default,$1)
+ $(INSTALL_DIR) $(1)/etc/uci-defaults
+ $(INSTALL_DIR) $(1)/usr/share/miniupnpd
+ $(INSTALL_BIN) ./files/miniupnpd.defaults.iptables $(1)/etc/uci-defaults/99-miniupnpd
+ $(INSTALL_DATA) ./files/firewall3.include $(1)/usr/share/miniupnpd/firewall.include
+endef
+
+define Package/miniupnpd-nftables/install
+ $(call Package/miniupnpd/install/Default,$1)
+endef
+
+$(eval $(call BuildPackage,miniupnpd-iptables))
+$(eval $(call BuildPackage,miniupnpd-nftables))
+++ /dev/null
-#!/bin/sh
-# miniupnpd integration for firewall3
-
-IPTABLES="/usr/sbin/iptables"
-IP6TABLES="/usr/sbin/ip6tables"
-IPTARGS="-w 1"
-
-$IPTABLES -t filter -N MINIUPNPD 2>/dev/null
-$IPTABLES -t nat -N MINIUPNPD 2>/dev/null
-$IPTABLES -t nat -N MINIUPNPD-POSTROUTING 2>/dev/null
-
-[ -x $IP6TABLES ] && $IP6TABLES -t filter -N MINIUPNPD 2>/dev/null
-
-. /lib/functions/network.sh
-
-# helper to insert in chain as penultimate
-iptables_prepend_rule() {
- local iptables="$1"
- local table="$2"
- local chain="$3"
- local target="$4"
-
- $iptables "$IPTARGS" -t "$table" -I "$chain" $($iptables "$IPTARGS" -t "$table" --line-numbers -nL "$chain" | \
- sed -ne '$s/[^0-9].*//p') -j "$target"
-}
-
-ADDED=0
-
-add_extzone_rules() {
- local ext_zone="$1"
-
- [ -z "$ext_zone" ] && return
-
- # IPv4 - due to NAT, need to add both to nat and filter table
- # need to insert as penultimate rule for input & forward & postrouting since final rule might be a fw3 REJECT
- iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_input" MINIUPNPD
- iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
- $IPTABLES -t nat -A "zone_${ext_zone}_prerouting" -j MINIUPNPD
- iptables_prepend_rule "$IPTABLES" nat "zone_${ext_zone}_postrouting" MINIUPNPD-POSTROUTING
-
- # IPv6 if available - filter only
- [ -x $IP6TABLES ] && {
- iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_input" MINIUPNPD
- iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
- }
- ADDED=$(($ADDED + 1))
-}
-
-# By default, user configuration is king.
-
-for ext_iface in $(uci -q get upnpd.config.external_iface); do
- add_extzone_rules $(fw3 -q network "$ext_iface")
-done
-
-add_extzone_rules $(uci -q get upnpd.config.external_zone)
-
-[ "$ADDED" -ne 0 ] && exit 0
-
-# If really nothing is available, resort to network_find_wan{,6} and
-# assume external interfaces all have same firewall zone.
-
-# (This heuristic may fail horribly, in case of e.g. multihoming, so
-# please set external_zone in that case!)
-
-network_find_wan wan_iface
-network_find_wan6 wan6_iface
-
-for ext_iface in $wan_iface $wan6_iface; do
- # fw3 -q network fails on sub-interfaces => map to device first
- network_get_device ext_device $ext_iface
- add_extzone_rules $(fw3 -q device "$ext_device")
-done
--- /dev/null
+#!/bin/sh
+# miniupnpd integration for firewall3
+
+IPTABLES="/usr/sbin/iptables"
+IP6TABLES="/usr/sbin/ip6tables"
+IPTARGS="-w 1"
+
+$IPTABLES -t filter -N MINIUPNPD 2>/dev/null
+$IPTABLES -t nat -N MINIUPNPD 2>/dev/null
+$IPTABLES -t nat -N MINIUPNPD-POSTROUTING 2>/dev/null
+
+[ -x $IP6TABLES ] && $IP6TABLES -t filter -N MINIUPNPD 2>/dev/null
+
+. /lib/functions/network.sh
+
+# helper to insert in chain as penultimate
+iptables_prepend_rule() {
+ local iptables="$1"
+ local table="$2"
+ local chain="$3"
+ local target="$4"
+
+ $iptables "$IPTARGS" -t "$table" -I "$chain" $($iptables "$IPTARGS" -t "$table" --line-numbers -nL "$chain" | \
+ sed -ne '$s/[^0-9].*//p') -j "$target"
+}
+
+ADDED=0
+
+add_extzone_rules() {
+ local ext_zone="$1"
+
+ [ -z "$ext_zone" ] && return
+
+ # IPv4 - due to NAT, need to add both to nat and filter table
+ # need to insert as penultimate rule for input & forward & postrouting since final rule might be a fw3 REJECT
+ iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_input" MINIUPNPD
+ iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
+ $IPTABLES -t nat -A "zone_${ext_zone}_prerouting" -j MINIUPNPD
+ iptables_prepend_rule "$IPTABLES" nat "zone_${ext_zone}_postrouting" MINIUPNPD-POSTROUTING
+
+ # IPv6 if available - filter only
+ [ -x $IP6TABLES ] && {
+ iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_input" MINIUPNPD
+ iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
+ }
+ ADDED=$(($ADDED + 1))
+}
+
+# By default, user configuration is king.
+
+for ext_iface in $(uci -q get upnpd.config.external_iface); do
+ add_extzone_rules $(fw3 -q network "$ext_iface")
+done
+
+add_extzone_rules $(uci -q get upnpd.config.external_zone)
+
+[ "$ADDED" -ne 0 ] && exit 0
+
+# If really nothing is available, resort to network_find_wan{,6} and
+# assume external interfaces all have same firewall zone.
+
+# (This heuristic may fail horribly, in case of e.g. multihoming, so
+# please set external_zone in that case!)
+
+network_find_wan wan_iface
+network_find_wan6 wan6_iface
+
+for ext_iface in $wan_iface $wan6_iface; do
+ # fw3 -q network fails on sub-interfaces => map to device first
+ network_get_device ext_device $ext_iface
+ add_extzone_rules $(fw3 -q device "$ext_device")
+done
+++ /dev/null
-#!/bin/sh
-
-uci -q batch <<-EOT
- delete firewall.miniupnpd
- set firewall.miniupnpd=include
- set firewall.miniupnpd.type=script
- set firewall.miniupnpd.path=/usr/share/miniupnpd/firewall.include
- set firewall.miniupnpd.family=any
- set firewall.miniupnpd.reload=1
- commit firewall
-EOT
-
-exit 0
--- /dev/null
+#!/bin/sh
+
+uci -q batch <<-EOT
+ delete firewall.miniupnpd
+ set firewall.miniupnpd=include
+ set firewall.miniupnpd.type=script
+ set firewall.miniupnpd.path=/usr/share/miniupnpd/firewall.include
+ set firewall.miniupnpd.family=any
+ set firewall.miniupnpd.reload=1
+ commit firewall
+EOT
+
+exit 0
--- /dev/null
+From 51a422407b22f0cb7188ea4bfb3867b2bbfcfe68 Mon Sep 17 00:00:00 2001
+From: Stijn Tintel <stijn@linux-ipv6.be>
+Date: Sun, 7 Nov 2021 20:24:29 +0200
+Subject: [PATCH] miniupnpd/configure: don't hardcode iptables
+
+The OpenWrt Makefile that builds miniupnpd passes the firewall argument
+to the configure script, so this is not needed and it is blocking us
+from using nftables instead, which will be the default backend for
+firewall4 to be used in the next OpenWrt stable release.
+
+Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
+---
+ configure | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/configure
++++ b/configure
+@@ -387,7 +387,6 @@ case $OS_NAME in
+ OpenWRT)
+ OS_URL=http://www.openwrt.org/
+ echo "#define USE_IFACEWATCHER 1" >> ${CONFIGFILE}
+- FW=iptables
+ ;;
+ OpenEmbedded)
+ OS_URL=http://www.openembedded.org/
projects / feed / packages.git / commitdiff