disable MINIUNPND IPv6 and IGD v2 support

net/miniupnpd/Makefile

@@ -8,18 +8,17 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=miniupnpd
-PKG_VERSION:=2.1
+PKG_VERSION:=2.0.20170421
 PKG_RELEASE:=2
 
 PKG_SOURCE_URL:=http://miniupnp.free.fr/files
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=950894779661197fe093855fda29a728f434b5756eb4fa6cb5f7b9bff7ffe0c1
+PKG_HASH:=9677aeccadf73b4bf8bb9d832c32b5da8266b4d58eed888f3fd43d7656405643
 
-PKG_MAINTAINER:=Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
+PKG_MAINTAINER:=Markus Stenberg <fingon@iki.fi>
 PKG_LICENSE:=BSD-3-Clause
 
 include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/version.mk
 
 define Package/miniupnpd
   SECTION:=net
@@ -30,38 +29,51 @@ define Package/miniupnpd
   URL:=http://miniupnp.free.fr/
 endef
 
+define Package/miniupnpd/config
+config MINIUPNPD_IGDv2
+	bool
+	default n
+	prompt "Enable IGDv2"
+endef
+
 define Package/miniupnpd/conffiles
 /etc/config/upnpd
 endef
 
-define Build/Prepare
-	$(call Build/Prepare/Default)
-	echo "$(VERSION_NUMBER)" | tr '() ' '_' >$(PKG_BUILD_DIR)/os.openwrt
+define Package/miniupnpd/postinst
+#!/bin/sh
+
+if [ -z "$$IPKG_INSTROOT" ]; then
+  ( . /etc/uci-defaults/99-miniupnpd )
+  rm -f /etc/uci-defaults/99-miniupnpd
+fi
+
+exit 0
+endef
+
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	echo "OpenWrt" | tr \(\)\  _ >$(PKG_BUILD_DIR)/os.openwrt
 endef
 
-TARGET_CFLAGS += -flto -ffunction-sections -fdata-sections
-TARGET_LDFLAGS += -flto -Wl,--gc-sections
 MAKE_FLAGS += \
-	TARGET_OPENWRT=1 TEST=0 LIBS="" \
-	CC="$(TARGET_CC) -DIPTABLES_143 -lip4tc -luuid \
-		$(if $(CONFIG_IPV6),-lip6tc)" \
-	CONFIG_OPTIONS="--portinuse --leasefile --igd2 \
-		$(if $(CONFIG_IPV6),--ipv6)" \
-	-f Makefile.linux miniupnpd
+	TARGET_OPENWRT=1 TEST=0 \
+	LIBS="" \
+	CC="$(TARGET_CC) -DIPTABLES_143 \
+		-lip4tc -luuid" \
+	CONFIG_OPTIONS="--portinuse --leasefile \
+		$(if $(CONFIG_MINIUPNPD_IGDv2),--igd2)" \
+	-f Makefile.linux \
+	miniupnpd
+
 
 define Package/miniupnpd/install
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_DIR) $(1)/usr/share/miniupnpd
-
+	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config $(1)/etc/uci-defaults $(1)/etc/hotplug.d/iface $(1)/usr/share/miniupnpd
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/miniupnpd $(1)/usr/sbin/miniupnpd
 	$(INSTALL_BIN) ./files/miniupnpd.init $(1)/etc/init.d/miniupnpd
 	$(INSTALL_CONF) ./files/upnpd.config $(1)/etc/config/upnpd
 	$(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/iface/50-miniupnpd
-	$(INSTALL_BIN) ./files/miniupnpd.defaults $(1)/etc/uci-defaults/99-miniupnpd
+	$(INSTALL_DATA) ./files/miniupnpd.defaults $(1)/etc/uci-defaults/99-miniupnpd
 	$(INSTALL_DATA) ./files/firewall.include $(1)/usr/share/miniupnpd/firewall.include
 endef
 

net/miniupnpd/files/firewall.include

@@ -1,44 +1,31 @@
 #!/bin/sh
 # miniupnpd integration for firewall3
 
-IPTABLES=/usr/sbin/iptables
 IP6TABLES=/usr/sbin/ip6tables
 
-$IPTABLES -t filter -N MINIUPNPD 2>/dev/null
-$IPTABLES -t nat -N MINIUPNPD 2>/dev/null
-$IPTABLES -t nat -N MINIUPNPD-POSTROUTING 2>/dev/null
+iptables -t filter -N MINIUPNPD 2>/dev/null
+iptables -t nat -N MINIUPNPD 2>/dev/null
+iptables -t nat -N MINIUPNPD-POSTROUTING 2>/dev/null
 
 [ -x $IP6TABLES ] && $IP6TABLES -t filter -N MINIUPNPD 2>/dev/null
 
 . /lib/functions/network.sh
 
-# helper to insert in chain as penultimate
-iptables_prepend_rule() {
-	local iptables="$1"
-	local table="$2"
-	local chain="$3"
-	local target="$4"
-
-	$iptables -t "$table" -I "$chain" $($iptables -t "$table" --line-numbers -nL "$chain" | \
-		sed -ne '$s/[^0-9].*//p') -j "$target"
-}
-
 ADDED=0
 
 add_extzone_rules() {
-    local ext_zone="$1"
+    local ext_zone=$1
 
     [ -z "$ext_zone" ] && return
 
     # IPv4 - due to NAT, need to add both to nat and filter table
-    # need to insert as penultimate rule for forward & postrouting since final rule might be a fw3 REJECT
-    iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
-    $IPTABLES -t nat -A "zone_${ext_zone}_prerouting"  -j MINIUPNPD
-    iptables_prepend_rule "$IPTABLES" nat "zone_${ext_zone}_postrouting" MINIUPNPD-POSTROUTING
+    iptables -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
+    iptables -t nat -I zone_${ext_zone}_prerouting -j MINIUPNPD
+    iptables -t nat -I zone_${ext_zone}_postrouting -j MINIUPNPD-POSTROUTING
 
     # IPv6 if available - filter only
     [ -x $IP6TABLES ] && {
-	iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
+        $IP6TABLES -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
     }
     ADDED=$(($ADDED + 1))
 }
@@ -51,7 +38,8 @@ done
 
 add_extzone_rules $(uci -q get upnpd.config.external_zone)
 
-[ "$ADDED" -ne 0 ] && exit 0
+[ ! $ADDED = 0 ] && exit 0
+
 
 # If really nothing is available, resort to network_find_wan{,6} and
 # assume external interfaces all have same firewall zone.

net/miniupnpd/files/miniupnpd.hotplug

@@ -11,7 +11,7 @@
 # - check only on ifup (otherwise lease updates etc would cause
 #   miniupnpd state loss)
 
-[ "$ACTION" != "ifup" ] && service_check /usr/sbin/miniupnpd && exit 0
+[ ! "$ACTION" = "ifup" ] && service_check /usr/sbin/miniupnpd && exit 0
 
 tmpconf="/var/etc/miniupnpd.conf"
 extiface=$(uci get upnpd.config.external_iface)
@@ -19,6 +19,12 @@ extzone=$(uci get upnpd.config.external_zone)
 
 . /lib/functions/network.sh
 
+for iface in $(uci get upnpd.config.internal_iface); do
+    network_get_device device $iface
+    [ "$DEVICE" = "$device" ] && /etc/init.d/miniupnpd restart && exit 0
+done
+
+
 if [ -z "$extiface" ] ; then
   # manual external zone (if dynamically find interfaces
   # belonging to it) overrides network_find_wan*
@@ -29,5 +35,5 @@ if [ -z "$extiface" ] ; then
   [ -n "$extiface" ] || network_find_wan6 extiface
 fi
 
-[ -n "$ifname" ] || network_get_device ifname "$extiface"
-grep -q "ext_ifname=$ifname" "$tmpconf" || /etc/init.d/miniupnpd restart
+[ -n "$ifname" ] || network_get_device ifname ${extiface}
+grep -q "ext_ifname=$ifname" $tmpconf || /etc/init.d/miniupnpd restart

net/miniupnpd/files/miniupnpd.init

@@ -7,19 +7,19 @@ STOP=15
 SERVICE_USE_PID=1
 
 upnpd_get_port_range() {
-	local var="$1"; shift
-	local val
+	local _var="$1"; shift
+	local _val
 
-	config_get val "$@"
+	config_get _val "$@"
 
-	case "$val" in
+	case "$_val" in
 		[0-9]*[:-][0-9]*)
-			export -n -- "${var}_start=${val%%[:-]*}"
-			export -n -- "${var}_end=${val##*[:-]}"
+			export -n -- "${_var}_start=${_val%%[:-]*}"
+			export -n -- "${_var}_end=${_val##*[:-]}"
 		;;
 		[0-9]*)
-			export -n -- "${var}_start=$val"
-			export -n -- "${var}_end="
+			export -n -- "${_var}_start=$_val"
+			export -n -- "${_var}_end="
 		;;
 	esac
 }
@@ -28,31 +28,33 @@ conf_rule_add() {
 	local cfg="$1"
 	local tmpconf="$2"
 	local action external_port_start external_port_end int_addr
-	local internal_port_start internal_port_end comment
+	local internal_port_start internal_port_end
 
-	config_get action "$cfg" action "deny"                # allow or deny
+	config_get action "$cfg" action "deny"               # allow or deny
 	upnpd_get_port_range "ext" "$cfg" ext_ports "0-65535" # external ports: x, x-y, x:y
 	config_get int_addr "$cfg" int_addr "0.0.0.0/0"       # ip or network and subnet mask (internal)
 	upnpd_get_port_range "int" "$cfg" int_ports "0-65535" # internal ports: x, x-y, x:y or range
-	config_get comment "$cfg" comment "ACL"		      # comment
 
 	# Make a single IP IP/32 so that miniupnpd.conf can use it.
-	[ "${int_addr%/*}" = "$int_addr" ] && int_addr="$int_addr/32"
+	case "$int_addr" in
+		*/*) ;;
+		*) int_addr="$int_addr/32" ;;
+	esac
 
-	echo "$action $ext_start${ext_end:+-}$ext_end $int_addr $int_start${int_end:+-}$int_end #$comment" >>$tmpconf
+	echo "${action} ${ext_start}${ext_end:+-}${ext_end} ${int_addr} ${int_start}${int_end:+-}${int_end}" >>$tmpconf
 }
 
 upnpd_write_bool() {
 	local opt="$1"
 	local def="${2:-0}"
-	local alt="${3:-$opt}"
+	local alt="$3"
 	local val
 
 	config_get_bool val config "$opt" "$def"
 	if [ "$val" -eq 0 ]; then
-		echo "$alt=no" >> $tmpconf
+		echo "${alt:-$opt}=no" >> $tmpconf
 	else
-		echo "$alt=yes" >> $tmpconf
+		echo "${alt:-$opt}=yes" >> $tmpconf
 	fi
 }
 
@@ -66,18 +68,18 @@ start() {
 	local extip port usesysuptime conffile serial_number model_number
 	local uuid notify_interval presentation_url enable_upnp
 	local upnp_lease_file clean_ruleset_threshold clean_ruleset_interval
-	local ipv6_listening_ip enabled
+        local ipv6_listening_ip enabled
 
 	config_get_bool enabled config enabled 1
 
-	[ "$enabled" -eq 0 ] && return 1
+	[ "$enabled" -gt 0 ] || return 1
 
 	config_get extiface config external_iface
 	config_get extzone config external_zone
 	config_get intiface config internal_iface
 	config_get extip config external_ip
 	config_get port config port 5000
-	config_get upload config upload
+	config_get upload   config upload
 	config_get download config download
 	config_get_bool logging config log_output 0
 	config_get conffile config config_file
@@ -91,10 +93,12 @@ start() {
 	config_get clean_ruleset_interval config clean_ruleset_interval
 	config_get ipv6_listening_ip config ipv6_listening_ip
 
-	local args ifname
+	local args
 
 	. /lib/functions/network.sh
 
+	local ifname
+
         # manual external interface overrides everything
         if [ -z "$extiface" ] ; then
             # manual external zone (if dynamically find interfaces
@@ -106,7 +110,7 @@ start() {
             [ -n "$extiface" ] || network_find_wan6 extiface
         fi
 
-	[ -n "$ifname" ] || network_get_device ifname $extiface
+	[ -n "$ifname" ] || network_get_device ifname ${extiface}
 
 	if [ -n "$conffile" ]; then
 		args="-f $conffile"
@@ -137,7 +141,6 @@ start() {
 		upnpd_write_bool secure_mode 1
 		upnpd_write_bool pcp_allow_thirdparty 0
 		upnpd_write_bool system_uptime 1
-		upnpd_write_bool igdv1 0 force_igd_desc_v1
 
 		[ -n "$upnp_lease_file" ] && \
 			echo "lease_file=$upnp_lease_file" >>$tmpconf
@@ -177,13 +180,13 @@ start() {
 		[ -n "${model_number}" ] && \
 			echo "model_number=${model_number}" >>$tmpconf
 
-		config_foreach conf_rule_add perm_rule "$tmpconf"
+	    config_foreach conf_rule_add perm_rule "$tmpconf"
 	fi
 
 
 	if [ -n "$ifname" ]; then
 		# start firewall
-		iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
+		iptables -L MINIUPNPD >/dev/null 2>/dev/null || fw3 reload
 
 		if [ "$logging" = "1" ]; then
 			SERVICE_DAEMONIZE=1 \
@@ -201,7 +204,6 @@ stop() {
 	service_stop /usr/sbin/miniupnpd
 
 	iptables -t nat -F MINIUPNPD 2>/dev/null
-	iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
 	iptables -t filter -F MINIUPNPD 2>/dev/null
 
         [ -x /usr/sbin/ip6tables ] && {

net/miniupnpd/files/upnpd.config

@@ -6,12 +6,11 @@ config upnpd config
 	option log_output	0
 	option download 	1024
 	option upload   	512
-#by default, looked up dynamically from ubus
-#	option external_iface	wan
+        #by default, looked up dynamically from ubus
+	#option external_iface	wan
 	option internal_iface	lan
 	option port		5000
-	option upnp_lease_file	/var/run/miniupnpd.leases
-	option igdv1		0
+	option upnp_lease_file	/var/upnp.leases
 	
 config perm_rule
 	option action		allow
@@ -21,8 +20,8 @@ config perm_rule
 	option comment		"Allow high ports"
 
 config perm_rule
-	option action		deny
-	option ext_ports	0-65535
-	option int_addr		0.0.0.0/0
-	option int_ports	0-65535
-	option comment		"Default deny"
+       option action		deny
+       option ext_ports		0-65535
+       option int_addr		0.0.0.0/0
+       option int_ports		0-65535
+       option comment		"Default deny"

net/miniupnpd/patches/100-build-on-OpenWrt.patch

@@ -1,58 +0,0 @@
---- a/genconfig.sh
-+++ b/genconfig.sh
-@@ -379,12 +379,19 @@ case $FW in
- esac
- 
- # UUID API
--if grep uuid_create /usr/include/uuid.h > /dev/null 2>&1 ; then
--	echo "#define BSD_UUID" >> ${CONFIGFILE}
--fi
--if grep uuid_generate /usr/include/uuid/uuid.h > /dev/null 2>&1 ; then
--	echo "#define LIB_UUID" >> ${CONFIGFILE}
--fi
-+case $OS_NAME in
-+	OpenWRT)
-+		echo "#define LIB_UUID" >> ${CONFIGFILE}
-+		;;
-+	*)
-+		if grep uuid_create /usr/include/uuid.h > /dev/null 2>&1 ; then
-+			echo "#define BSD_UUID" >> ${CONFIGFILE}
-+		fi
-+		if grep uuid_generate /usr/include/uuid/uuid.h > /dev/null 2>&1 ; then
-+			echo "#define LIB_UUID" >> ${CONFIGFILE}
-+		fi
-+		;;
-+esac
- 
- # set V6SOCKETS_ARE_V6ONLY to 0 if it was not set above
- if [ -z "$V6SOCKETS_ARE_V6ONLY" ] ; then
---- a/Makefile.linux
-+++ b/Makefile.linux
-@@ -73,7 +73,10 @@ CPPFLAGS += -DIPTABLES_143
- endif
- 
- CFLAGS  += $(shell $(PKG_CONFIG) --cflags libiptc)
-+#OpenWrt packager passes correct libraries
-+ifeq ($(TARGET_OPENWRT),)
- LDLIBS  += $(shell $(PKG_CONFIG) --static --libs-only-l libiptc)
-+endif
- LDFLAGS += $(shell $(PKG_CONFIG) --libs-only-L libiptc)
- LDFLAGS += $(shell $(PKG_CONFIG) --libs-only-other libiptc)
- else
-@@ -153,6 +156,8 @@ LDLIBS += $(shell $(PKG_CONFIG) --static
- LDLIBS += $(shell $(PKG_CONFIG) --static --libs-only-l libnetfilter_conntrack)
- endif # ($(TEST),1)
- 
-+# OpenWrt packager disables https server for IGD v2 and hardcodes libuuid support
-+ifeq ($(TARGET_OPENWRT),)
- LDLIBS += $(shell $(PKG_CONFIG) --static --libs-only-l libssl)
- 
- TEST := $(shell $(PKG_CONFIG) --exists uuid && echo 1)
-@@ -161,6 +166,7 @@ LDLIBS += $(shell $(PKG_CONFIG) --static
- else
- $(info please install uuid-dev package / libuuid)
- endif # ($(TEST),1)
-+endif # ($(TARGET_OPENWRT,)
- 
- TESTUPNPDESCGENOBJS = testupnpdescgen.o upnpdescgen.o
- 

net/miniupnpd/patches/101-no-ssl-uuid.patch

@@ -0,0 +1,23 @@
+We do not need to autodetect SSL/UUID; SSL we do not support, UUID we always do.
+
+--- a/Makefile.linux
++++ b/Makefile.linux
+@@ -153,14 +153,18 @@ LDLIBS += $(shell $(PKG_CONFIG) --static
+ LDLIBS += $(shell $(PKG_CONFIG) --static --libs-only-l libnetfilter_conntrack)
+ endif # ($(TEST),1)
+ 
++ifeq ($(TARGET_OPENWRT),)
++# n/a - we don't enable https server for IGD v2 anyway in OpenWrt
+ LDLIBS += $(shell $(PKG_CONFIG) --static --libs-only-l libssl)
+ 
++# n/a - we hardcodedly support libuuid
+ TEST := $(shell $(PKG_CONFIG) --exists uuid && echo 1)
+ ifeq ($(TEST),1)
+ LDLIBS += $(shell $(PKG_CONFIG) --static --libs-only-l uuid)
+ else
+ $(info please install uuid-dev package / libuuid)
+ endif # ($(TEST),1)
++endif
+ 
+ TESTUPNPDESCGENOBJS = testupnpdescgen.o upnpdescgen.o
+ 

net/miniupnpd/patches/102-ipv6-ext-port.patch

@@ -0,0 +1,10 @@
+--- a/pcpserver.c
++++ b/pcpserver.c
+@@ -982,6 +982,7 @@ static int CreatePCPMap_NAT(pcp_info_t *
+ 				   timestamp);
+ 	if (r < 0)
+ 		return PCP_ERR_NO_RESOURCES;
++	pcp_msg_info->ext_port = pcp_msg_info->int_port;
+ 	return PCP_SUCCESS;
+ }
+ 

net/miniupnpd/patches/103-no-ipv6-autodetection.patch

@@ -0,0 +1,27 @@
+The miniupnpd makefile tries to autodetect iptables capabilities.
+This will incorrectly detect capabilities such as ipv6 support even though it is disabled for the target build.
+
+As the OpenWRT buildsystem already passes the right compile flags, we can skip the autodetection.
+
+
+--- a/netfilter/Makefile
++++ b/netfilter/Makefile
+@@ -38,8 +38,6 @@ endif
+ endif
+ endif
+ 
+-LIBS +=  /lib/libip4tc.so /lib/libip6tc.so
+-
+ all:	iptcrdr.o testiptcrdr iptpinhole.o \
+         testiptcrdr_peer testiptcrdr_dscp test_nfct_get
+ #        testiptpinhole
+--- a/Makefile.linux
++++ b/Makefile.linux
+@@ -73,7 +73,6 @@ CPPFLAGS += -DIPTABLES_143
+ endif
+ 
+ CFLAGS  += $(shell $(PKG_CONFIG) --cflags libiptc)
+-LDLIBS  += $(shell $(PKG_CONFIG) --static --libs-only-l libiptc)
+ LDFLAGS += $(shell $(PKG_CONFIG) --libs-only-L libiptc)
+ LDFLAGS += $(shell $(PKG_CONFIG) --libs-only-other libiptc)
+ else

net/miniupnpd/patches/104-always-libuuid.patch

@@ -0,0 +1,20 @@
+As it turns out, the 'magic' libuuid/bsd uuid check just checks
+outside buildtree altogether for the uuid_generate. So we just
+hardcode it.
+
+--- a/genconfig.sh
++++ b/genconfig.sh
+@@ -367,12 +367,7 @@ case $FW in
+ esac
+ 
+ # UUID API
+-if grep uuid_create /usr/include/uuid.h > /dev/null 2>&1 ; then
+-	echo "#define BSD_UUID" >> ${CONFIGFILE}
+-fi
+-if grep uuid_generate /usr/include/uuid/uuid.h > /dev/null 2>&1 ; then
+-	echo "#define LIB_UUID" >> ${CONFIGFILE}
+-fi
++echo "#define LIB_UUID" >> ${CONFIGFILE}
+ 
+ # set V6SOCKETS_ARE_V6ONLY to 0 if it was not set above
+ if [ -z "$V6SOCKETS_ARE_V6ONLY" ] ; then