luci-app-upnp: make nftables compatible
authorJo-Philipp Wich <jo@mein.io>
Tue, 6 Sep 2022 21:51:19 +0000 (23:51 +0200)
committerJo-Philipp Wich <jo@mein.io>
Tue, 6 Sep 2022 21:53:15 +0000 (23:53 +0200)
Make luci.upnp rpcd backend plugin compatible with miniupnpd-nftables.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
applications/luci-app-upnp/root/usr/libexec/rpcd/luci.upnp

index a122360c61e8c37f1e5862c41ab931303fc458b4..37768f972a175c54954c7a3f0b16b06703262796 100755 (executable)
@@ -62,6 +62,58 @@ local methods = {
                                ipt:close()
                        end
 
+                       local nft = io.popen("nft --handle list chain inet fw4 upnp_prerouting")
+                       if nft then
+                               local num = 1
+                               local upnpf = lease_file and io.open(lease_file, "r")
+                               while true do
+                                       local ln = nft:read("*l")
+                                       if not ln then
+                                               break
+                                       elseif ln:match("iif ") then
+                                               local proto, extport, intaddr, intport =
+                                                       ln:match('^\t\tiif ".-" @nh,72,8 (0x[0-9a-f]+) th dport ([0-9]+) dnat ip to ([0-9%.]+):([0-9]+)')
+                                               local descr = ""
+
+                                               if (proto == "0x6" or proto == "0x11") and extport and intaddr and intport then
+                                                       proto = (proto == "0x6") and "TCP" or "UDP"
+                                                       extport = tonumber(extport)
+                                                       intport = tonumber(intport)
+
+                                                       if upnpf then
+                                                               local uln = upnpf:read("*l")
+                                                               if uln then descr = uln:match(string.format("^%s:%d:%s:%d:%%d*:(.*)$", proto, extport, intaddr, intport)) end
+                                                               if not descr then descr = "" end
+                                                       end
+
+                                                       local host_hint, _, e
+
+                                                       for _,e in pairs(ipv4_hints) do
+                                                               if e[1] == intaddr then
+                                                                       host_hint = e[2]
+                                                                       break
+                                                               end
+                                                       end
+
+                                                       rule[#rule+1] = {
+                                                               num = tostring(num),
+                                                               proto   = proto,
+                                                               extport = extport,
+                                                               intaddr = intaddr,
+                                                               host_hint = host_hint,
+                                                               intport = intport,
+                                                               descr = descr
+                                                       }
+
+                                                       num = num + 1
+                                               end
+                                       end
+                               end
+
+                               if upnpf then upnpf:close() end
+                               nft:close()
+                       end
+
                        return { rules = rule }
                end
        },
@@ -75,12 +127,10 @@ local methods = {
                        if idx and idx > 0 then
                                local uci = UCI.cursor()
 
-                               sys.call("iptables -t filter -D MINIUPNPD %d 2>/dev/null" % idx)
-                               sys.call("iptables -t nat -D MINIUPNPD %d 2>/dev/null" % idx)
-
                                local lease_file = uci:get("upnpd", "config", "upnp_lease_file")
                                if lease_file and fs.access(lease_file) then
                                        sys.call("sed -i -e '%dd' %s" %{ idx, util.shellquote(lease_file) })
+                                       sys.call("/etc/init.d/miniupnpd restart")
                                end
 
                                uci.unload()
@@ -152,4 +202,4 @@ elseif arg[1] == "call" then
        local result, code = method.call(args)
        print((json.stringify(result):gsub("^%[%]$", "{}")))
        os.exit(code or 0)
-end
\ No newline at end of file
+end