From 0f629322ff16e274fe447a2a7fbb2cfbea691c00 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Wed, 23 Sep 2009 00:54:55 +0000 Subject: [PATCH] [8.09] merge r17680 SVN-Revision: 17681 --- net/miniupnpd/Makefile | 9 ++-- net/miniupnpd/files/miniupnpd.firewall | 65 ---------------------- net/miniupnpd/files/miniupnpd.hotplug | 48 +++++++++++++---- net/miniupnpd/files/miniupnpd.init | 75 +++++++++++++++++--------- 4 files changed, 91 insertions(+), 106 deletions(-) delete mode 100644 net/miniupnpd/files/miniupnpd.firewall diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile index 91b006b271..f48d7e22f8 100644 --- a/net/miniupnpd/Makefile +++ b/net/miniupnpd/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=miniupnpd PKG_VERSION:=1.1 -PKG_RELEASE:=5 +PKG_RELEASE:=6 PKG_MD5SUM:=a0f6651476721db9b554668c8c83b151 PKG_SOURCE_URL:=http://miniupnp.free.fr/files @@ -36,12 +36,11 @@ define Build/Compile endef define Package/miniupnpd/install - $(INSTALL_DIR) $(1)/usr/bin $(1)/etc/init.d $(1)/etc/config $(1)/etc/hotplug.d/iface $(1)/lib/miniupnpd - $(INSTALL_BIN) $(PKG_BUILD_DIR)/miniupnpd $(1)/usr/bin/ + $(INSTALL_DIR) $(1)/usr/bin $(1)/etc/init.d $(1)/etc/config $(1)/etc/hotplug.d/firewall + $(INSTALL_BIN) $(PKG_BUILD_DIR)/miniupnpd $(1)/usr/bin/miniupnpd $(INSTALL_BIN) ./files/miniupnpd.init $(1)/etc/init.d/miniupnpd $(INSTALL_DATA) ./files/upnpd.config $(1)/etc/config/upnpd - $(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/iface/20-miniupnpd - $(INSTALL_DATA) ./files/miniupnpd.firewall $(1)/lib/miniupnpd/firewall.sh + $(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/firewall/50-miniupnpd endef $(eval $(call BuildPackage,miniupnpd)) diff --git a/net/miniupnpd/files/miniupnpd.firewall b/net/miniupnpd/files/miniupnpd.firewall deleted file mode 100644 index 4761a6352c..0000000000 --- a/net/miniupnpd/files/miniupnpd.firewall +++ /dev/null @@ -1,65 +0,0 @@ -. /etc/functions.sh -include /lib/network -scan_interfaces - -upnp_ipt() { - iptables "$@" 2>/dev/null -} - -upnp_firewall_addif() { - local extif - local extip - local iface - - config_load upnpd - config_get iface config external_iface - - [ -n "$INTERFACE" -a "$INTERFACE" != "$iface" ] && return - - config_load network - config_get extip "${iface:-wan}" ipaddr - config_get extif "${iface:-wan}" ifname - - logger -t "upnp firewall" "adding wan interface $extif($extip)" - - upnp_ipt -t nat -N miniupnpd_${iface:-wan}_rule - upnp_ipt -t nat -A miniupnpd_${iface:-wan}_rule -i $extif -d $extip -j MINIUPNPD - upnp_ipt -t nat -A prerouting_rule -j miniupnpd_${iface:-wan}_rule - - upnp_ipt -t filter -N miniupnpd_${iface:-wan}_rule - upnp_ipt -t filter -A miniupnpd_${iface:-wan}_rule -i $extif -o ! $extif -j MINIUPNPD - upnp_ipt -t filter -A forwarding_rule -j miniupnpd_${iface:-wan}_rule -} - -upnp_firewall_delif() { - local iface - - config_load upnpd - config_get iface config external_iface - - [ -n "$INTERFACE" -a "$INTERFACE" != "$iface" ] && return - - logger -t "upnp firewall" "removing wan interface" - - upnp_ipt -t nat -D prerouting_rule -j miniupnpd_${iface:-wan}_rule - upnp_ipt -t nat -F miniupnpd_${iface:-wan}_rule - upnp_ipt -t nat -X miniupnpd_${iface:-wan}_rule - - upnp_ipt -t filter -D forwarding_rule -j miniupnpd_${iface:-wan}_rule - upnp_ipt -t filter -F miniupnpd_${iface:-wan}_rule - upnp_ipt -t filter -X miniupnpd_${iface:-wan}_rule -} - -upnp_firewall_start() { - upnp_ipt -t nat -N MINIUPNPD - upnp_ipt -t filter -N MINIUPNPD - upnp_firewall_addif -} - -upnp_firewall_stop() { - upnp_firewall_delif - upnp_ipt -t nat -F MINIUPNPD - upnp_ipt -t nat -X MINIUPNPD - upnp_ipt -t filter -F MINIUPNPD - upnp_ipt -t filter -X MINIUPNPD -} diff --git a/net/miniupnpd/files/miniupnpd.hotplug b/net/miniupnpd/files/miniupnpd.hotplug index 2d4a4076e1..dfd4e53e7e 100644 --- a/net/miniupnpd/files/miniupnpd.hotplug +++ b/net/miniupnpd/files/miniupnpd.hotplug @@ -1,18 +1,46 @@ #!/bin/sh /etc/init.d/miniupnpd enabled && { - killall -0 miniupnpd 2>/dev/null && { - . /lib/miniupnpd/firewall.sh - [ "$ACTION" = "ifup" ] && { - upnp_firewall_delif - upnp_firewall_addif + local state="${ZONE}_${INTERFACE}" + local extif initifs + + config_load upnpd + config_get extif config external_iface + + if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "$extif" ]; then + + local active + config_get active "$state" ifname + + [ -z "$active" ] && { + local ipaddr + config_get ipaddr "$extif" ipaddr + + logger -t "upnp" "adding $INTERFACE ($DEVICE - $ipaddr) to firewall" + + iptables -t nat -N MINIUPNPD 2>/dev/null + iptables -t nat -A prerouting_rule -i $DEVICE -d $ipaddr -j MINIUPNPD + iptables -t filter -N MINIUPNPD 2>/dev/null + iptables -t filter -A forwarding_rule -i $DEVICE ! -o $DEVICE -j MINIUPNPD + + uci_set_state upnpd "$state" "" "firewall" + uci_set_state upnpd "$state" ifname "$DEVICE" + uci_set_state upnpd "$state" ipaddr "$ipaddr" } + + elif [ "$ACTION" = "remove" ] && [ "$INTERFACE" = "$extif" ]; then - [ "$ACTION" = "ifdown" ] && { - upnp_firewall_delif + local ifname ipaddr + config_get ifname "$state" ifname + config_get ipaddr "$state" ipaddr + + [ -n "$ifname" ] && [ -n "$ipaddr" ] && { + logger -t "upnp" "removing $INTERFACE ($ifname - $ipaddr) from firewall" + iptables -t nat -D prerouting_rule -i $ifname -d $ipaddr -j MINIUPNPD + iptables -t filter -D forwarding_rule -i $DEVICE ! -o $DEVICE -j MINIUPNPD + uci_revert_state upnpd "$state" } - } || { - /etc/init.d/miniupnpd restart - } + fi } + diff --git a/net/miniupnpd/files/miniupnpd.init b/net/miniupnpd/files/miniupnpd.init index f2cc7391b3..5bcf8bc99e 100644 --- a/net/miniupnpd/files/miniupnpd.init +++ b/net/miniupnpd/files/miniupnpd.init @@ -1,40 +1,28 @@ #!/bin/sh /etc/rc.common START=95 -include /lib/miniupnpd - -boot() { - # On boot, there's a race condition with hotplug, - # therfore do nothing here - return -} - start() { - local extif - local intif - local extiface - local upload - local download - local logging - local secure - config_load "upnpd" - config_get extif config external_iface - config_get intif config internal_iface + local extiface intiface upload download logging secure + + config_get extiface config external_iface + config_get intiface config internal_iface config_get upload config upload config_get download config download config_get_bool logging config log_output 0 config_get_bool secure config secure_mode 0 - config_load "network" - config_get extiface ${extif:-wan} ifname - - if [ -n "$extiface" ]; then - upnp_firewall_start + include /lib/network + scan_interfaces + + local ifname + config_get ifname ${extiface:-wan} ifname - local args="-i $extiface" + if [ -n "$ifname" ]; then + local args="-i $ifname" + local iface - for iface in ${intif:-lan}; do + for iface in ${intiface:-lan}; do local ipaddr config_get ipaddr "$iface" ipaddr [ -n "$ipaddr" ] && append args "-a $ipaddr" @@ -53,12 +41,47 @@ start() { else eval start-stop-daemon -S -x miniupnpd -- $args 2>/dev/null fi + + # start firewall + local zone + config_load firewall + config_get zone core "${extiface:-wan}_zone" + [ -n "$zone" ] && \ + ACTION="add" ZONE="$zone" INTERFACE="${extiface:-wan}" DEVICE="$ifname" \ + . /etc/hotplug.d/firewall/50-miniupnpd else logger -t "upnp daemon" "external interface not found, not starting" fi } +clear_rule() { + local state="$1" + local ifname ipaddr + + config_get ifname "$state" ifname + config_get ipaddr "$state" ipaddr + + [ -n "$ifname" ] && [ -n "$ipaddr" ] && { + iptables -t nat -D prerouting_rule -i $ifname -d $ipaddr -j MINIUPNPD + iptables -t filter -D forwarding_rule -i $ifname ! -o $ifname -j MINIUPNPD + uci_revert_state upnpd "$state" + unset "CONFIG_${state}_ifname" + unset "CONFIG_${state}_ipaddr" + } +} + stop() { start-stop-daemon -K -q -x miniupnpd -p /var/run/miniupnpd.pid - upnp_firewall_stop + rm -f /var/run/miniupnpd.pid + + logger -t "upnp" "removing firewall rules" + + config_load upnpd + config_foreach clear_rule firewall + + iptables -t nat -F MINIUPNPD 2>/dev/null + iptables -t nat -X MINIUPNPD 2>/dev/null + iptables -t filter -F MINIUPNPD 2>/dev/null + iptables -t filter -X MINIUPNPD 2>/dev/null } + -- 2.30.2