miniupnpd: - better integration with uci firewall - add options to configure external...

SVN-Revision: 13742

diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile
index 68b18b4295bfd5d777abfcc9dbe803da245baa47..6cfde473860cef2833d51dd8a9373ec53e2fcbba 100644 (file)
--- a/net/miniupnpd/Makefile
+++ b/net/miniupnpd/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=miniupnpd
 PKG_VERSION:=1.1
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 PKG_MD5SUM:=a0f6651476721db9b554668c8c83b151
 
 PKG_SOURCE_URL:=http://miniupnp.free.fr/files
@@ -36,12 +36,12 @@ define Build/Compile
 endef
 
 define Package/miniupnpd/install
-       $(INSTALL_DIR) $(1)/usr/bin $(1)/etc/init.d $(1)/etc/config $(1)/etc/hotplug.d/iface
+       $(INSTALL_DIR) $(1)/usr/bin $(1)/etc/init.d $(1)/etc/config $(1)/etc/hotplug.d/iface $(1)/lib/miniupnpd
        $(INSTALL_BIN) $(PKG_BUILD_DIR)/miniupnpd $(1)/usr/bin/
-       $(INSTALL_BIN) $(PKG_BUILD_DIR)/netfilter/*.sh $(1)/usr/bin/
        $(INSTALL_BIN) ./files/miniupnpd.init $(1)/etc/init.d/miniupnpd
        $(INSTALL_DATA) ./files/upnpd.config $(1)/etc/config/upnpd
        $(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/iface/20-miniupnpd
+       $(INSTALL_DATA) ./files/miniupnpd.firewall $(1)/lib/miniupnpd/firewall.sh
 endef
 
 $(eval $(call BuildPackage,miniupnpd))

diff --git a/net/miniupnpd/files/miniupnpd.firewall b/net/miniupnpd/files/miniupnpd.firewall
new file mode 100644 (file)
index 0000000..df1f6f7
--- /dev/null
+++ b/net/miniupnpd/files/miniupnpd.firewall
@@ -0,0 +1,77 @@
+. /etc/functions.sh
+include /lib/network
+scan_interfaces
+
+upnp_ipt() {
+       iptables "$@" 2>/dev/null
+}
+
+upnp_firewall_addif() {
+       local intif
+       local intip
+       local coldplug="$1"
+
+       config_load upnpd
+       config_get intif config internal_iface
+
+       config_load network
+
+       for iface in ${intif:-lan}; do
+               if [ -n "$coldplug" -o "$iface" == "$INTERFACE" ]; then
+                       config_get intip "$iface" ipaddr
+                       config_get intif "$iface" ifname
+
+                       [ -n "$intif" -a -n "$intip" ] && {
+                               logger -t "upnp firewall" "adding interface $iface($intip)"
+
+                               upnp_ipt -t nat -N MINIUPNPD
+                               upnp_ipt -t nat -N miniupnpd_${iface}_rule
+                               upnp_ipt -t nat -A miniupnpd_${iface}_rule -i $intif -d $intip -j MINIUPNPD 
+                               upnp_ipt -t nat -A prerouting_rule -j miniupnpd_${iface}_rule
+
+                               upnp_ipt -t filter -N MINIUPNPD
+                               upnp_ipt -t filter -N miniupnpd_${iface}_rule
+                               upnp_ipt -t filter -A miniupnpd_${iface}_rule -i $intif -o ! $intif -j MINIUPNPD
+                               upnp_ipt -t filter -A forwarding_rule -j miniupnpd_${iface}_rule
+                       }
+               fi
+       done
+}
+
+upnp_firewall_delif() {
+       local iface="${1:-$INTERFACE}"
+
+       if [ -n "$iface" ]; then
+               logger -t "upnp firewall" "removing interface $iface"
+
+               upnp_ipt -t nat -D prerouting_rule -j miniupnpd_${iface}_rule
+               upnp_ipt -t nat -F miniupnpd_${iface}_rule
+               upnp_ipt -t nat -X miniupnpd_${iface}_rule
+
+               upnp_ipt -t filter -D forwarding_rule -j miniupnpd_${iface}_rule
+               upnp_ipt -t filter -F miniupnpd_${iface}_rule
+               upnp_ipt -t filter -X miniupnpd_${iface}_rule
+       fi
+}
+
+upnp_firewall_start() {
+       logger -t "upnp firewall" "starting ..."
+       upnp_firewall_addif coldplug
+}
+
+upnp_firewall_stop() {
+       local intif
+       config_load upnpd
+       config_get intif config internal_iface
+
+       logger -t "upnp firewall" "stopping ..."
+
+       for iface in ${intif:-lan}; do
+               upnp_firewall_delif "$iface"
+       done
+
+       upnp_ipt -t nat -F MINIUPNPD
+       upnp_ipt -t nat -X MINIUPNPD
+       upnp_ipt -t filter -F MINIUPNPD
+       upnp_ipt -t filter -X MINIUPNPD
+}

diff --git a/net/miniupnpd/files/miniupnpd.hotplug b/net/miniupnpd/files/miniupnpd.hotplug
index 7bcab5a703e86b8226b0c6e7155e735872a1c7c1..1e7648002c7aea7beee451eb2cba7f577263edfe 100644 (file)
--- a/net/miniupnpd/files/miniupnpd.hotplug
+++ b/net/miniupnpd/files/miniupnpd.hotplug
@@ -1,2 +1,14 @@
 #!/bin/sh
-[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && /etc/init.d/miniupnpd enabled && /etc/init.d/miniupnpd restart
+
+/etc/init.d/miniupnpd enabled && killall -0 miniupnpd 2>/dev/null && {
+       . /lib/miniupnpd/firewall.sh
+
+       [ "$ACTION" = "ifup" ] && {
+               upnp_firewall_delif
+               upnp_firewall_addif
+       }
+
+       [ "$ACTION" = "ifdown" ] && {
+               upnp_firewall_delif
+       }
+}

diff --git a/net/miniupnpd/files/miniupnpd.init b/net/miniupnpd/files/miniupnpd.init
index 446a37cecbff775f069b12f072334a893fdd9006..1131fd84be853688397e19aedf021474b1e425f7 100644 (file)
--- a/net/miniupnpd/files/miniupnpd.init
+++ b/net/miniupnpd/files/miniupnpd.init
@@ -1,36 +1,55 @@
 #!/bin/sh /etc/rc.common
 START=95
+
+include /lib/miniupnpd
+
 start() {
+       local extif
+       local intif
+       local upload
+       local download
+       local logging
+
        config_load "upnpd"
-       include /lib/network
+       config_get extif    config external_iface
+       config_get intif    config internal_iface
+       config_get upload   config upload
+       config_get download config download
+       config_get_bool logging config log_output 0
+
        scan_interfaces
-       config_get ifname wan ifname
-       config_get ipaddr lan ipaddr
+       config_get extif ${extif:-wan} ifname
        
-       echo "miniupnpd starting ..."
-       stop
-       iptables_init.sh
-       # get bitspeed information, if provided
-       config_get upnp_up_bitspeed config upload
-       config_get upnp_down_bitspeed config download
-       bitspeed_str=""
-       [ -n "$upnpd_up_bitspeed" ] && [ -n "$upnpd_down_bitspeed" ] && {
-               # covert to bytespeed
-               upnpd_up_bytespeed=$(($upnpd_up_bitspeed * 1024 / 8))
-               upnpd_down_bytespeed=$(($upnpd_down_bitspeed * 1024 / 8))
-               bitspeed_str="-B $upnpd_down_bytespeed $upnpd_up_bytespeed"
-       }
-       config_get log_output config log_output
-       if [ "$log_output" = "1" ]; then
-               miniupnpd -i "$ifname" -a "$ipaddr" -p 5000 -U $bitspeed_str -d | logger -t miniupnpd &
+       if [ -n "$extif" ]; then
+               logger -t "upnp daemon" "starting ..."
+
+               upnp_firewall_start
+
+               local args="-i $extif"
+
+               for iface in ${intif:-lan}; do
+                       local ipaddr
+                       config_get ipaddr "$iface" ipaddr
+                       [ -n "$ipaddr" ] && append args "-a $ipaddr"
+               done
+
+               append args "-p 5000 -U"
+
+               [ -n "$upload" -a -n "$download" ] && \
+                       append args "-B $(($upload * 1024 / 8)) $(($download * 1024 / 8))"
+
+               if [ "$logging" = "1" ]; then
+                       eval start-stop-daemon -S -x miniupnpd -- $args -d | logger -t miniupnpd &
+               else
+                       eval start-stop-daemon -S -x miniupnpd -- $args
+               fi
        else
-               miniupnpd -i "$ifname" -a "$ipaddr" -p 5000 -U $bitspeed_str
+               logger -t "upnp daemon" "external interface not found, not starting"
        fi
 }
 
 stop() {
-       pnpd_pid=$(cat /var/run/miniupnpd.pid) 2>&- >&-
-       iptables_flush.sh 2>&- >&-
-       kill $pnpd_pid 2>&-
-       iptables_removeall.sh 2>&- >&-
+       logger -t "upnp daemon" "stopping ..."
+       start-stop-daemon -K -q -x miniupnpd -p /var/run/miniupnpd.pid
+       upnp_firewall_stop
 }

diff --git a/net/miniupnpd/files/upnpd.config b/net/miniupnpd/files/upnpd.config
index 75dcb9ac4af630795dbbcedfbb469f9a45d3b247..2aee8224a6c8bb2e8fec21ef937c8a63cc442416 100644 (file)
--- a/net/miniupnpd/files/upnpd.config
+++ b/net/miniupnpd/files/upnpd.config
@@ -2,3 +2,5 @@ config upnpd config
        option log_output       0
        option download         1024
        option upload           512
+       option external_iface   wan
+       option internal_iface   lan