Update the package to a commit that fixes an issue with removing PCP
mappings from nftables.
This also allows us to fix the nftables miniupnpd implementation on
openwrt.
In this new implementation, a table is created at the start of miniupnpd
and it is dedicated to miniupnpd with a priority above the firewall4
table. This allows miniupnpd to go ahead of the drop rules of firewall4
and forward traffic as needed. There was the possibility of adding a
chain inside the firewall4 table, but this would raise an issue where
if firewall4 was reloaded the port forwardings would be lost and
miniupnpd could be out of sync. When miniupnpd is stopped the table is
deleted, taking the port forwardings with it.
Some of this commit is based of msylgj's work, mainly the logic of the
init/hotplug scripts and the makefile build parameters.
Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Unlike ipv4, this option is supposed to be an IP address, otherwise, an
error occurs on startup:
can't parse "br-lan" as valid IPv6 listening address
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
The existing interface selection/detection code was incomprehensible at
worst and convoluted at best. The uci config file suggested it
understood an external ipv6 interface but in reality the init script
took no notice. Re-work it so it is at least comprehendible and takes
notice of ipv6 interface details if specified.
Update the hotplug script to use the same interface selection/detection
code as the init script and take note of ipv6 interface selection, only
restarting miniupnpd on interface up events and only if that interface
isn't already known (for that ip class) by miniupnpd.
For me this has solved numerous 'flaky' startup problems, especially
with regard to ipv6.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Import miniupnpd from routing repo and bump to 20180422.
Drop 102-ipv6-ext-port.patch as this looks upstreamed in the pinhole
code to me.
Consolidate all other patches & update with a view to sending upstream.
Add support for runtime IGDv1 mode switch (default to IGDv2)
(not extensively) Tested-on: ar71xx Archer C7 v2 in IGDv1 compatibility
mode. A variety of devices/applications appear to be able to create
mappings.
Have an attempt at resolving https://github.com/openwrt-routing/packages/issues/286
TL;DR miniupnpd rules get processed before fw3 rules and thus can
override existing/intended redirects. Ideally the miniupnpd rules would
be last in the relevant chains, unfortunately fw3 can sometimes use the
last rule as a REJECT. Put miniupnpd rules as penultimate.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
