From d7ee37f2ab672ee93e149f28a4772528e173a81f Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Thu, 25 Dec 2008 03:25:13 +0000 Subject: [PATCH] miniupnpd: - better integration with uci firewall - add options to configure external and internal interface - trigger add/remove of upnp rules with hotplug - use start-stop-daemon in initscript - drop miniupnpd iptables heler scripts SVN-Revision: 13742 --- net/miniupnpd/Makefile | 6 +- net/miniupnpd/files/miniupnpd.firewall | 77 ++++++++++++++++++++++++++ net/miniupnpd/files/miniupnpd.hotplug | 14 ++++- net/miniupnpd/files/miniupnpd.init | 67 ++++++++++++++-------- net/miniupnpd/files/upnpd.config | 2 + 5 files changed, 138 insertions(+), 28 deletions(-) create mode 100644 net/miniupnpd/files/miniupnpd.firewall diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile index 68b18b4295..6cfde47386 100644 --- a/net/miniupnpd/Makefile +++ b/net/miniupnpd/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=miniupnpd PKG_VERSION:=1.1 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_MD5SUM:=a0f6651476721db9b554668c8c83b151 PKG_SOURCE_URL:=http://miniupnp.free.fr/files @@ -36,12 +36,12 @@ define Build/Compile endef define Package/miniupnpd/install - $(INSTALL_DIR) $(1)/usr/bin $(1)/etc/init.d $(1)/etc/config $(1)/etc/hotplug.d/iface + $(INSTALL_DIR) $(1)/usr/bin $(1)/etc/init.d $(1)/etc/config $(1)/etc/hotplug.d/iface $(1)/lib/miniupnpd $(INSTALL_BIN) $(PKG_BUILD_DIR)/miniupnpd $(1)/usr/bin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/netfilter/*.sh $(1)/usr/bin/ $(INSTALL_BIN) ./files/miniupnpd.init $(1)/etc/init.d/miniupnpd $(INSTALL_DATA) ./files/upnpd.config $(1)/etc/config/upnpd $(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/iface/20-miniupnpd + $(INSTALL_DATA) ./files/miniupnpd.firewall $(1)/lib/miniupnpd/firewall.sh endef $(eval $(call BuildPackage,miniupnpd)) diff --git a/net/miniupnpd/files/miniupnpd.firewall b/net/miniupnpd/files/miniupnpd.firewall new file mode 100644 index 0000000000..df1f6f7843 --- /dev/null +++ b/net/miniupnpd/files/miniupnpd.firewall @@ -0,0 +1,77 @@ +. /etc/functions.sh +include /lib/network +scan_interfaces + +upnp_ipt() { + iptables "$@" 2>/dev/null +} + +upnp_firewall_addif() { + local intif + local intip + local coldplug="$1" + + config_load upnpd + config_get intif config internal_iface + + config_load network + + for iface in ${intif:-lan}; do + if [ -n "$coldplug" -o "$iface" == "$INTERFACE" ]; then + config_get intip "$iface" ipaddr + config_get intif "$iface" ifname + + [ -n "$intif" -a -n "$intip" ] && { + logger -t "upnp firewall" "adding interface $iface($intip)" + + upnp_ipt -t nat -N MINIUPNPD + upnp_ipt -t nat -N miniupnpd_${iface}_rule + upnp_ipt -t nat -A miniupnpd_${iface}_rule -i $intif -d $intip -j MINIUPNPD + upnp_ipt -t nat -A prerouting_rule -j miniupnpd_${iface}_rule + + upnp_ipt -t filter -N MINIUPNPD + upnp_ipt -t filter -N miniupnpd_${iface}_rule + upnp_ipt -t filter -A miniupnpd_${iface}_rule -i $intif -o ! $intif -j MINIUPNPD + upnp_ipt -t filter -A forwarding_rule -j miniupnpd_${iface}_rule + } + fi + done +} + +upnp_firewall_delif() { + local iface="${1:-$INTERFACE}" + + if [ -n "$iface" ]; then + logger -t "upnp firewall" "removing interface $iface" + + upnp_ipt -t nat -D prerouting_rule -j miniupnpd_${iface}_rule + upnp_ipt -t nat -F miniupnpd_${iface}_rule + upnp_ipt -t nat -X miniupnpd_${iface}_rule + + upnp_ipt -t filter -D forwarding_rule -j miniupnpd_${iface}_rule + upnp_ipt -t filter -F miniupnpd_${iface}_rule + upnp_ipt -t filter -X miniupnpd_${iface}_rule + fi +} + +upnp_firewall_start() { + logger -t "upnp firewall" "starting ..." + upnp_firewall_addif coldplug +} + +upnp_firewall_stop() { + local intif + config_load upnpd + config_get intif config internal_iface + + logger -t "upnp firewall" "stopping ..." + + for iface in ${intif:-lan}; do + upnp_firewall_delif "$iface" + done + + upnp_ipt -t nat -F MINIUPNPD + upnp_ipt -t nat -X MINIUPNPD + upnp_ipt -t filter -F MINIUPNPD + upnp_ipt -t filter -X MINIUPNPD +} diff --git a/net/miniupnpd/files/miniupnpd.hotplug b/net/miniupnpd/files/miniupnpd.hotplug index 7bcab5a703..1e7648002c 100644 --- a/net/miniupnpd/files/miniupnpd.hotplug +++ b/net/miniupnpd/files/miniupnpd.hotplug @@ -1,2 +1,14 @@ #!/bin/sh -[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && /etc/init.d/miniupnpd enabled && /etc/init.d/miniupnpd restart + +/etc/init.d/miniupnpd enabled && killall -0 miniupnpd 2>/dev/null && { + . /lib/miniupnpd/firewall.sh + + [ "$ACTION" = "ifup" ] && { + upnp_firewall_delif + upnp_firewall_addif + } + + [ "$ACTION" = "ifdown" ] && { + upnp_firewall_delif + } +} diff --git a/net/miniupnpd/files/miniupnpd.init b/net/miniupnpd/files/miniupnpd.init index 446a37cecb..1131fd84be 100644 --- a/net/miniupnpd/files/miniupnpd.init +++ b/net/miniupnpd/files/miniupnpd.init @@ -1,36 +1,55 @@ #!/bin/sh /etc/rc.common START=95 + +include /lib/miniupnpd + start() { + local extif + local intif + local upload + local download + local logging + config_load "upnpd" - include /lib/network + config_get extif config external_iface + config_get intif config internal_iface + config_get upload config upload + config_get download config download + config_get_bool logging config log_output 0 + scan_interfaces - config_get ifname wan ifname - config_get ipaddr lan ipaddr + config_get extif ${extif:-wan} ifname - echo "miniupnpd starting ..." - stop - iptables_init.sh - # get bitspeed information, if provided - config_get upnp_up_bitspeed config upload - config_get upnp_down_bitspeed config download - bitspeed_str="" - [ -n "$upnpd_up_bitspeed" ] && [ -n "$upnpd_down_bitspeed" ] && { - # covert to bytespeed - upnpd_up_bytespeed=$(($upnpd_up_bitspeed * 1024 / 8)) - upnpd_down_bytespeed=$(($upnpd_down_bitspeed * 1024 / 8)) - bitspeed_str="-B $upnpd_down_bytespeed $upnpd_up_bytespeed" - } - config_get log_output config log_output - if [ "$log_output" = "1" ]; then - miniupnpd -i "$ifname" -a "$ipaddr" -p 5000 -U $bitspeed_str -d | logger -t miniupnpd & + if [ -n "$extif" ]; then + logger -t "upnp daemon" "starting ..." + + upnp_firewall_start + + local args="-i $extif" + + for iface in ${intif:-lan}; do + local ipaddr + config_get ipaddr "$iface" ipaddr + [ -n "$ipaddr" ] && append args "-a $ipaddr" + done + + append args "-p 5000 -U" + + [ -n "$upload" -a -n "$download" ] && \ + append args "-B $(($upload * 1024 / 8)) $(($download * 1024 / 8))" + + if [ "$logging" = "1" ]; then + eval start-stop-daemon -S -x miniupnpd -- $args -d | logger -t miniupnpd & + else + eval start-stop-daemon -S -x miniupnpd -- $args + fi else - miniupnpd -i "$ifname" -a "$ipaddr" -p 5000 -U $bitspeed_str + logger -t "upnp daemon" "external interface not found, not starting" fi } stop() { - pnpd_pid=$(cat /var/run/miniupnpd.pid) 2>&- >&- - iptables_flush.sh 2>&- >&- - kill $pnpd_pid 2>&- - iptables_removeall.sh 2>&- >&- + logger -t "upnp daemon" "stopping ..." + start-stop-daemon -K -q -x miniupnpd -p /var/run/miniupnpd.pid + upnp_firewall_stop } diff --git a/net/miniupnpd/files/upnpd.config b/net/miniupnpd/files/upnpd.config index 75dcb9ac4a..2aee8224a6 100644 --- a/net/miniupnpd/files/upnpd.config +++ b/net/miniupnpd/files/upnpd.config @@ -2,3 +2,5 @@ config upnpd config option log_output 0 option download 1024 option upload 512 + option external_iface wan + option internal_iface lan -- 2.30.2