* remove firewall4.include file as it is not needed and procuces a firewall
error on service miniupnpd restart
* remove the uci-defaults file as its sole purpose was to install the
firewall include file
* modify the Makefile to reflect the deleted files
Signed-off-by: Stan Grishin <stangri@melmac.ca>
- Bump to the latest Git version in order to increase the package version
for simpler opkg upgrade of the broken version
- (Re-)Introduce PKG_RELEASE into the package, omitting it may lead to
opkg segmentation faults under certain circumstances
- Utilize automatic include hooks to drop the isolated miniupnpd table
in favor to chains within the main inet fw4 table, otherwise PCP is
unreliable as the upnp table might accept traffic which is later
rejected by fw4
- Install a fw4 script hook to restart miniupnpd on fw4 restarts and
reloads in order to repopulate the upnp chains with forward rules
- Register the used miniupnpd configuration file and the firewall uci
configuration as change sources, otherwise `/etc/init.d/miniupnpd reload`
has no effect if the firewall or upnpd config was changed
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update the package to a commit that fixes an issue with removing PCP
mappings from nftables.
This also allows us to fix the nftables miniupnpd implementation on
openwrt.
In this new implementation, a table is created at the start of miniupnpd
and it is dedicated to miniupnpd with a priority above the firewall4
table. This allows miniupnpd to go ahead of the drop rules of firewall4
and forward traffic as needed. There was the possibility of adding a
chain inside the firewall4 table, but this would raise an issue where
if firewall4 was reloaded the port forwardings would be lost and
miniupnpd could be out of sync. When miniupnpd is stopped the table is
deleted, taking the port forwardings with it.
Some of this commit is based of msylgj's work, mainly the logic of the
init/hotplug scripts and the makefile build parameters.
Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
The next OpenWrt stable release aims to use firewall4 by default. As
this uses nftables as backend, miniupnpd will no longer work. Create an
iptables and nftables variant of the miniupnpd package so that miniupnpd
can be used with either firewall variant.
See #16818 for more info.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Occasionally, mostly at startup, miniupnpd reports "Another app is
currently holding the xtables lock. Perhaps you want to use the -w
option?"
Take iptables' advice and wait up to 1 second before giving up.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Unlike ipv4, this option is supposed to be an IP address, otherwise, an
error occurs on startup:
can't parse "br-lan" as valid IPv6 listening address
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
It seems even modern stuff doesn't support v2 correctly. The miniupnp
suite does but other stacks seem to lack support. Default to v1 to
avoid the headache.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
If miniupnpd is installed but disabled or not running, the hotplug
script will query uci for keys that don't exist and grep a temporary
config file that doesn't exist, resulting in the following errors:
uci: Entry not found
grep: /var/etc/miniupnd.conf: No such file or directory
These would arise when an interface is brought up or down, and are
more confusing than helpful, especially when miniupnpd is disabled.
Suppress these errors.
Signed-off-by: David Ehrmann <ehrmann@gmail.com>
The existing interface selection/detection code was incomprehensible at
worst and convoluted at best. The uci config file suggested it
understood an external ipv6 interface but in reality the init script
took no notice. Re-work it so it is at least comprehendible and takes
notice of ipv6 interface details if specified.
Update the hotplug script to use the same interface selection/detection
code as the init script and take note of ipv6 interface selection, only
restarting miniupnpd on interface up events and only if that interface
isn't already known (for that ip class) by miniupnpd.
For me this has solved numerous 'flaky' startup problems, especially
with regard to ipv6.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
hotplug scripts are sourced not exec'd so #!/bin/sh /etc/rc.common
doesn't pull in the functions defined in /etc/rc.common thus since
'enabled' isn't defined the following sequence always fails:
enabled miniupnpd || exit 0
Unfortunately sourcing /etc/rc.common doesn't appear to work so come up
with some alternatives.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Move default leasefile location from /var to /var/run.
Also rename from upnp.leases to miniupnpd.leases
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Import miniupnpd from routing repo and bump to 20180422.
Drop 102-ipv6-ext-port.patch as this looks upstreamed in the pinhole
code to me.
Consolidate all other patches & update with a view to sending upstream.
Add support for runtime IGDv1 mode switch (default to IGDv2)
(not extensively) Tested-on: ar71xx Archer C7 v2 in IGDv1 compatibility
mode. A variety of devices/applications appear to be able to create
mappings.
Have an attempt at resolving https://github.com/openwrt-routing/packages/issues/286
TL;DR miniupnpd rules get processed before fw3 rules and thus can
override existing/intended redirects. Ideally the miniupnpd rules would
be last in the relevant chains, unfortunately fw3 can sometimes use the
last rule as a REJECT. Put miniupnpd rules as penultimate.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
