natpmp package

http://savannah.nongnu.org/projects/natpmp

This is a daemon implementing NAT-PMP. NAT-PMP is a protocol for
handling port forwarding requests from clients behind a NAT.

Signed-off-by: Lorenz Schori <lorenz.schori@gmx.ch>
SVN-Revision: 10062

diff --git a/natpmp/Makefile b/natpmp/Makefile
new file mode 100644 (file)
index 0000000..dd124ab
--- /dev/null
+++ b/natpmp/Makefile
@@ -0,0 +1,57 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=natpmp
+PKG_VERSION:=0.2.1
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL:=http://download.savannah.nongnu.org/releases/natpmp/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_MD5SUM:=b0b1fea34ecd2c99f75c01a6728c9a7b
+
+PKG_CAT:=zcat
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/natpmp
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+ip
+  TITLE:=A daemon implementing NAT-PMP
+  URL:=http://savannah.nongnu.org/projects/natpmp
+endef
+
+define Package/natpmp/description
+  stunnel replacement based on xyssl
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+       rm -rf $(PKG_INSTALL_DIR)
+       $(MAKE) -C $(PKG_BUILD_DIR) \
+               $(TARGET_CONFIGURE_OPTS) \
+               CC=$(TARGET_CC) \
+               LD=$(TARGET_CC) \
+               CFLAGS="$(strip $(TARGET_CFLAGS))" \
+               CPPFLAGS="$$$$CPPFLAGS -I$(STAGING_DIR)/usr/include" \
+               LDFLAGS="-L$(STAGING_DIR)/usr/lib" \
+               prefix="$(PKG_INSTALL_DIR)/usr"
+       mkdir -p $(PKG_INSTALL_DIR)/usr/sbin
+       $(CP) $(PKG_BUILD_DIR)/natpmp $(PKG_INSTALL_DIR)/usr/sbin
+endef
+
+define Package/natpmp/install
+       $(INSTALL_DIR) $(1)/usr/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/natpmp $(1)/usr/sbin
+       $(RSTRIP) $(1)/usr/sbin/natpmp
+
+       $(INSTALL_DIR) $(1)/etc/config
+       $(INSTALL_DATA) ./files/natpmp.config $(1)/etc/config/natpmp
+       $(INSTALL_DIR) $(1)/etc/init.d
+       $(INSTALL_BIN) ./files/natpmp.init $(1)/etc/init.d/natpmp
+endef
+
+$(eval $(call BuildPackage,natpmp))

diff --git a/natpmp/files/natpmp.config b/natpmp/files/natpmp.config
new file mode 100644 (file)
index 0000000..a01867e
--- /dev/null
+++ b/natpmp/files/natpmp.config
@@ -0,0 +1,4 @@
+config natpmp
+       option outbound_interface       vlan0
+       option inbound_interfaces       br-lan eth1
+       option iptables_chain           natpmp

diff --git a/natpmp/files/natpmp.init b/natpmp/files/natpmp.init
new file mode 100644 (file)
index 0000000..289a63d
--- /dev/null
+++ b/natpmp/files/natpmp.init
@@ -0,0 +1,63 @@
+#!/bin/sh /etc/rc.common
+
+START=70
+
+IP=$(which ip)
+IPTABLES=$(which iptables)
+NATPMP=/usr/sbin/natpmp
+PIDFILE=/var/run/natpmp.pid
+
+natpmp_config() {
+       local cfg="$1"
+       
+       config_get PUBLIC_IF "$cfg" outbound_interface
+       config_get PRIVATE_IFS "$cfg" inbound_interfaces
+       config_get IPTABLES_CHAIN "$cfg" iptables_chain
+}
+
+start() {
+       config_load natpmp
+       config_foreach natpmp_config natpmp
+       
+    # Flush all the rules in the natpmp chain, or create it, if it doesn't exists.
+    $IPTABLES -t nat -F $IPTABLES_CHAIN 2>/dev/null || \
+    $IPTABLES -t nat -N $IPTABLES_CHAIN
+
+    # Handle all incoming connections in the natpmp chain.
+    $IPTABLES -t nat -D PREROUTING -j $IPTABLES_CHAIN 2>/dev/null || true
+    $IPTABLES -t nat -A PREROUTING -j $IPTABLES_CHAIN
+
+    # Iterate through the private interfaces.
+    BIND_ARGS=""
+    for IF in $PRIVATE_IFS; do
+            # Get the IP address of this interface.
+            ADDR=`$IP addr show dev $IF 2>/dev/null | grep "^ *inet .* $IF\$" | cut -d " " -f 6 | cut -d / -f 1`
+            if [ -n "$ADDR" ] ; then
+                    # Add the IP address to the argument list.
+                    BIND_ARGS="$BIND_ARGS -a $ADDR"
+            else
+                    echo "Could not get IP address of interface $IF. Skipping." >&2
+            fi
+    done
+
+    if [ -z "$BIND_ARGS" ] ; then
+            echo "No IP addresses to bind to. Exiting." >&2
+            exit 1
+    fi
+
+    $NATPMP -p $PIDFILE -b -i "$PUBLIC_IF" $BIND_ARGS -- "$IPTABLES_CHAIN"
+}
+
+stop() {
+    config_load natpmp
+    config_foreach natpmp_config natpmp
+
+    # Unlink chain
+    $IPTABLES -t nat -D PREROUTING -j $IPTABLES_CHAIN 2>/dev/null || true
+
+    # Flush all the rules in the natpmp chain
+    $IPTABLES -t nat -F $IPTABLES_CHAIN 2>/dev/null && \
+    $IPTABLES -t nat -X $IPTABLES_CHAIN
+
+    kill $(cat $PIDFILE)
+}