miniupnpd: enable IGDv2

2025-05-01 15:22:43 +08:00 · 2020-03-25 23:57:41 +08:00 · 2020-03-25 23:57:41 +08:00 · a8e2ba3d7a
commit a8e2ba3d7a
parent 3c4c5b53cc
11 changed files with 273 additions and 214 deletions
--- a/net/miniupnpd/Makefile
+++ b/net/miniupnpd/Makefile
@ -8,19 +8,17 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=miniupnpd
-PKG_VERSION:=2.1.20191006
+PKG_VERSION:=2.0.20170421
-PKG_RELEASE:=5
+PKG_RELEASE:=3
-PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files
+PKG_SOURCE_URL:=http://miniupnp.free.fr/files
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=218fad7af31f3c22fb4c9db28a55a2a8b5067d41f5b38f52008a057a00d2206d
+PKG_HASH:=9677aeccadf73b4bf8bb9d832c32b5da8266b4d58eed888f3fd43d7656405643
 PKG_MAINTAINER:=Markus Stenberg <fingon@iki.fi>
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
 PKG_CPE_ID:=cpe:/a:miniupnp_project:miniupnpd
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/version.mk
 define Package/miniupnpd
  SECTION:=net
@ -28,40 +26,54 @@ define Package/miniupnpd
  DEPENDS:=+iptables +libip4tc +libuuid
  TITLE:=Lightweight UPnP IGD, NAT-PMP & PCP daemon
  SUBMENU:=Firewall
-  URL:=https://miniupnp.tuxfamily.org/
+  URL:=http://miniupnp.free.fr/
 endef
 define Package/miniupnpd/config
 config MINIUPNPD_IGDv2
 	bool
 	default y
 	prompt "Enable IGDv2"
 endef
 define Package/miniupnpd/conffiles
 /etc/config/upnpd
 endef
-define Build/Prepare
+define Package/miniupnpd/postinst
-	$(call Build/Prepare/Default)
+#!/bin/sh
-	echo "$(VERSION_NUMBER)" | tr '() ' '_' >$(PKG_BUILD_DIR)/os.openwrt
+
 if [ -z "$$IPKG_INSTROOT" ]; then
  ( . /etc/uci-defaults/99-miniupnpd )
  rm -f /etc/uci-defaults/99-miniupnpd
 fi
 exit 0
 endef
-TARGET_CFLAGS += $(FPIC) -flto
+define Build/Prepare
-TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
+	$(call Build/Prepare/Default)
 	echo "OpenWrt" | tr \(\)\  _ >$(PKG_BUILD_DIR)/os.openwrt
 endef
 MAKE_FLAGS += \
-	TARGET_OPENWRT=1 TEST=0 LIBS="" \
+	TARGET_OPENWRT=1 TEST=0 \
-	CC="$(TARGET_CC) -DIPTABLES_143 -lip4tc -luuid" \
+	LIBS="" \
-	CONFIG_OPTIONS="--portinuse --leasefile --igd2" \
+	CC="$(TARGET_CC) -DIPTABLES_143 \
-	-f Makefile.linux miniupnpd
+		-lip4tc -luuid" \
 	CONFIG_OPTIONS="--portinuse --leasefile \
 		$(if $(CONFIG_MINIUPNPD_IGDv2),--igd2)" \
 	-f Makefile.linux \
 	miniupnpd
 define Package/miniupnpd/install
-	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config $(1)/etc/uci-defaults $(1)/etc/hotplug.d/iface $(1)/usr/share/miniupnpd
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_DIR) $(1)/usr/share/miniupnpd
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/miniupnpd $(1)/usr/sbin/miniupnpd
 	$(INSTALL_BIN) ./files/miniupnpd.init $(1)/etc/init.d/miniupnpd
 	$(INSTALL_CONF) ./files/upnpd.config $(1)/etc/config/upnpd
 	$(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/iface/50-miniupnpd
-	$(INSTALL_BIN) ./files/miniupnpd.defaults $(1)/etc/uci-defaults/99-miniupnpd
+	$(INSTALL_DATA) ./files/miniupnpd.defaults $(1)/etc/uci-defaults/99-miniupnpd
 	$(INSTALL_DATA) ./files/firewall.include $(1)/usr/share/miniupnpd/firewall.include
 endef
--- a/net/miniupnpd/files/firewall.include
+++ b/net/miniupnpd/files/firewall.include
@ -1,44 +1,31 @@
 #!/bin/sh
 # miniupnpd integration for firewall3
 IPTABLES=/usr/sbin/iptables
 IP6TABLES=/usr/sbin/ip6tables
-$IPTABLES -t filter -N MINIUPNPD 2>/dev/null
+iptables -t filter -N MINIUPNPD 2>/dev/null
-$IPTABLES -t nat -N MINIUPNPD 2>/dev/null
+iptables -t nat -N MINIUPNPD 2>/dev/null
-$IPTABLES -t nat -N MINIUPNPD-POSTROUTING 2>/dev/null
+iptables -t nat -N MINIUPNPD-POSTROUTING 2>/dev/null
 [ -x $IP6TABLES ] && $IP6TABLES -t filter -N MINIUPNPD 2>/dev/null
 . /lib/functions/network.sh
 # helper to insert in chain as penultimate
 iptables_prepend_rule() {
 	local iptables="$1"
 	local table="$2"
 	local chain="$3"
 	local target="$4"
 	$iptables -t "$table" -I "$chain" $($iptables -t "$table" --line-numbers -nL "$chain" | \
 		sed -ne '$s/[^0-9].*//p') -j "$target"
 }
 ADDED=0
 add_extzone_rules() {
-    local ext_zone="$1"
+    local ext_zone=$1
    [ -z "$ext_zone" ] && return
    # IPv4 - due to NAT, need to add both to nat and filter table
-    # need to insert as penultimate rule for forward & postrouting since final rule might be a fw3 REJECT
+    iptables -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
-    iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
+    iptables -t nat -I zone_${ext_zone}_prerouting -j MINIUPNPD
-    $IPTABLES -t nat -A "zone_${ext_zone}_prerouting"  -j MINIUPNPD
+    iptables -t nat -I zone_${ext_zone}_postrouting -j MINIUPNPD-POSTROUTING
    iptables_prepend_rule "$IPTABLES" nat "zone_${ext_zone}_postrouting" MINIUPNPD-POSTROUTING
    # IPv6 if available - filter only
    [ -x $IP6TABLES ] && {
-	iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
+        $IP6TABLES -t filter -I zone_${ext_zone}_forward -j MINIUPNPD
    }
    ADDED=$(($ADDED + 1))
 }
@ -51,7 +38,8 @@ done
 add_extzone_rules $(uci -q get upnpd.config.external_zone)
-[ "$ADDED" -ne 0 ] && exit 0
+[ ! $ADDED = 0 ] && exit 0
 # If really nothing is available, resort to network_find_wan{,6} and
 # assume external interfaces all have same firewall zone.
--- a/net/miniupnpd/files/miniupnpd.hotplug
+++ b/net/miniupnpd/files/miniupnpd.hotplug
@ -1,6 +1,8 @@
-#!/bin/sh /etc/rc.common
+#!/bin/sh
-enabled miniupnpd || exit 0
+/etc/init.d/miniupnpd enabled || exit 0
 . /lib/functions/service.sh
 # If miniupnpd is not running:
 # - check on _any_ event (even updates may contribute to network_find_wan*)
@ -9,7 +11,7 @@ enabled miniupnpd || exit 0
 # - check only on ifup (otherwise lease updates etc would cause
 #   miniupnpd state loss)
-[ "$ACTION" != "ifup" ] && service_running miniupnpd && exit 0
+[ ! "$ACTION" = "ifup" ] && service_check /usr/sbin/miniupnpd && exit 0
 tmpconf="/var/etc/miniupnpd.conf"
 extiface=$(uci get upnpd.config.external_iface)
@ -17,13 +19,21 @@ extzone=$(uci get upnpd.config.external_zone)
 . /lib/functions/network.sh
-[ -z "$extiface" ] && {
+for iface in $(uci get upnpd.config.internal_iface); do
    network_get_device device $iface
    [ "$DEVICE" = "$device" ] && /etc/init.d/miniupnpd restart && exit 0
 done
 if [ -z "$extiface" ] ; then
  # manual external zone (if dynamically find interfaces
  # belonging to it) overrides network_find_wan*
-  [ -n "$extzone" ] && ifname=$(fw3 -q zone "$extzone" | head -1)
+  if [ -n "$extzone" ] ; then
-  [ -z "$extiface" ] && network_find_wan extiface
+    ifname=$(fw3 -q zone $extzone | head -1)
-  [ -z "$extiface" ] && network_find_wan6 extiface
+  fi
-}
+  [ -n "$extiface" ] || network_find_wan extiface
  [ -n "$extiface" ] || network_find_wan6 extiface
 fi
-[ -z "$ifname" ] && network_get_device ifname "$extiface"
+[ -n "$ifname" ] || network_get_device ifname ${extiface}
-grep -q "ext_ifname=$ifname" "$tmpconf" || /etc/init.d/miniupnpd restart
+grep -q "ext_ifname=$ifname" $tmpconf || /etc/init.d/miniupnpd restart
--- a/net/miniupnpd/files/miniupnpd.init
+++ b/net/miniupnpd/files/miniupnpd.init
@ -3,191 +3,210 @@
 START=94
 STOP=15
-USE_PROCD=1
+
-PROG=/usr/sbin/miniupnpd
+SERVICE_USE_PID=1
 upnpd_get_port_range() {
-	local var="$1"; shift
+	local _var="$1"; shift
-	local val
+	local _val
-	config_get val "$@"
+	config_get _val "$@"
-	case "$val" in
+	case "$_val" in
 		[0-9]*[:-][0-9]*)
-			export -n -- "${var}_start=${val%%[:-]*}"
+			export -n -- "${_var}_start=${_val%%[:-]*}"
-			export -n -- "${var}_end=${val##*[:-]}"
+			export -n -- "${_var}_end=${_val##*[:-]}"
 		;;
 		[0-9]*)
-			export -n -- "${var}_start=$val"
+			export -n -- "${_var}_start=$_val"
-			export -n -- "${var}_end="
+			export -n -- "${_var}_end="
 		;;
 	esac
 }
 conf_rule_add() {
 	local cfg="$1"
-	local action int_addr
+	local tmpconf="$2"
-	local ext_start ext_end int_start int_end comment
+	local action external_port_start external_port_end int_addr
 	local internal_port_start internal_port_end
-	config_get action "$cfg" action "deny"                # allow or deny
+	config_get action "$cfg" action "deny"               # allow or deny
 	upnpd_get_port_range "ext" "$cfg" ext_ports "0-65535" # external ports: x, x-y, x:y
 	config_get int_addr "$cfg" int_addr "0.0.0.0/0"       # ip or network and subnet mask (internal)
 	upnpd_get_port_range "int" "$cfg" int_ports "0-65535" # internal ports: x, x-y, x:y or range
 	config_get comment "$cfg" comment "ACL"		      # comment
 	# Make a single IP IP/32 so that miniupnpd.conf can use it.
-	[ "${int_addr%/*}" = "$int_addr" ] && int_addr="$int_addr/32"
+	case "$int_addr" in
 		*/*) ;;
 		*) int_addr="$int_addr/32" ;;
 	esac
-	echo "$action $ext_start${ext_end:+-}$ext_end $int_addr $int_start${int_end:+-}$int_end #$comment"
+	echo "${action} ${ext_start}${ext_end:+-}${ext_end} ${int_addr} ${int_start}${int_end:+-}${int_end}" >>$tmpconf
 }
 upnpd_write_bool() {
 	local opt="$1"
 	local def="${2:-0}"
-	local alt="${3:-$opt}"
+	local alt="$3"
 	local val
 	config_get_bool val config "$opt" "$def"
 	if [ "$val" -eq 0 ]; then
-		echo "$alt=no"
+		echo "${alt:-$opt}=no" >> $tmpconf
 	else
-		echo "$alt=yes"
+		echo "${alt:-$opt}=yes" >> $tmpconf
 	fi
 }
-upnpd() {
+boot() {
 	return
 }
 start() {
 	config_load "upnpd"
-	local external_iface external_iface6 external_zone external_ip internal_iface
+	local extiface intiface upload download logging secure enabled natpmp
-	local upload download log_output port config_file serial_number model_number
+	local extip port usesysuptime conffile serial_number model_number
-	local use_stun stun_host stun_port uuid notify_interval presentation_url
+	local uuid notify_interval presentation_url enable_upnp
 	local upnp_lease_file clean_ruleset_threshold clean_ruleset_interval
        local ipv6_listening_ip enabled
 	local enabled
 	config_get_bool enabled config enabled 1
 	[ "$enabled" -eq 0 ] && return 1
-	config_get external_iface config external_iface
+	[ "$enabled" -gt 0 ] || return 1
-	config_get external_zone config external_zone
+
-	config_get external_ip config external_ip
+	config_get extiface config external_iface
-	config_get internal_iface config internal_iface
+	config_get extzone config external_zone
 	config_get intiface config internal_iface
 	config_get extip config external_ip
 	config_get port config port 5000
-	config_get upload config upload
+	config_get upload   config upload
 	config_get download config download
-	config_get_bool log_output config log_output 0
+	config_get_bool logging config log_output 0
-	config_get config_file config config_file
+	config_get conffile config config_file
 	config_get serial_number config serial_number
 	config_get model_number config model_number
 	config_get uuid config uuid
 	config_get stun_host config stun_host
 	config_get stun_port config stun_port
 	config_get notify_interval config notify_interval
 	config_get presentation_url config presentation_url
 	config_get upnp_lease_file config upnp_lease_file
 	config_get clean_ruleset_threshold config clean_ruleset_threshold
 	config_get clean_ruleset_interval config clean_ruleset_interval
 	config_get ipv6_listening_ip config ipv6_listening_ip
-	local conf ifname ifname6
+	local args
 	. /lib/functions/network.sh
-	# manual external interface overrides everything
+	local ifname
 	[ -z "$external_iface" ] && {
 		# manual external zone (if dynamically find interfaces
 		# belonging to it) overrides network_find_wan*
 		[ -n "$external_zone" ] && ifname=$(fw3 -q zone "$external_zone" | head -1)
 		[ -z "$external_iface" ] && network_find_wan external_iface
 		[ -z "$external_iface6" ] && network_find_wan6 external_iface6
 	}
-	[ -z "$ifname" ] && network_get_device ifname "$external_iface"
+        # manual external interface overrides everything
-	[ -z "$ifname6" ] && network_get_device ifname6 "$external_iface6"
+        if [ -z "$extiface" ] ; then
            # manual external zone (if dynamically find interfaces
            # belonging to it) overrides network_find_wan*
            if [ -n "$extzone" ] ; then
                ifname=$(fw3 -q zone $extzone | head -1)
            fi
            [ -n "$extiface" ] || network_find_wan extiface
            [ -n "$extiface" ] || network_find_wan6 extiface
        fi
-	if [ -n "$config_file" ]; then
+	[ -n "$ifname" ] || network_get_device ifname ${extiface}
-		conf="$config_file"
+
 	if [ -n "$conffile" ]; then
 		args="-f $conffile"
 	else
 		local tmpconf="/var/etc/miniupnpd.conf"
-		conf="$tmpconf"
+		args="-f $tmpconf"
 		mkdir -p /var/etc
-		{
+		echo "ext_ifname=$ifname" >$tmpconf
-		echo "ext_ifname=$ifname"
+
-		echo "ext_ifname6=$ifname6"
+		[ -n "$extip" ] && \
-		[ -n "$external_ip" ] && echo "ext_ip=$external_ip"
+			echo "ext_ip=$extip" >>$tmpconf
 		local iface
-		for iface in ${internal_iface:-lan}; do
+		for iface in ${intiface:-lan}; do
 			local device
-			network_get_device device "$iface" && echo "listening_ip=$device"
+			network_get_device device "$iface" && {
-			network_get_device device "$iface" && echo "ipv6_listening_ip=$device"
+				echo "listening_ip=$device" >>$tmpconf
 			}
 		done
 		[ "$port" != "auto" ] && \
 			echo "port=$port" >>$tmpconf
 		config_load "upnpd"
 		upnpd_write_bool enable_natpmp 1
 		upnpd_write_bool enable_upnp 1
 		upnpd_write_bool secure_mode 1
 		upnpd_write_bool pcp_allow_thirdparty 0
 		upnpd_write_bool system_uptime 1
 		upnpd_write_bool igdv1 0 force_igd_desc_v1
 		upnpd_write_bool use_stun 0 ext_perform_stun
-		[ "$use_stun" == "0" ] || {
+		[ -n "$upnp_lease_file" ] && \
-			[ -n "$stun_host" ] && echo "ext_stun_host=$stun_host"
+			echo "lease_file=$upnp_lease_file" >>$tmpconf
-			[ -n "$stun_port" ] && echo "ext_stun_port=$stun_port"
+
 		[ -n "$upload" -a -n "$download" ] && {
 			echo "bitrate_down=$(($download * 1024 * 8))" >>$tmpconf
 			echo "bitrate_up=$(($upload * 1024 * 8))" >>$tmpconf
 		}
-		[ -n "$upload" ] && [ -n "$download" ] && {
+		[ -n "${presentation_url}" ] && \
-			echo "bitrate_down=$((download * 1024 * 8))"
+			echo "presentation_url=${presentation_url}" >>$tmpconf
 			echo "bitrate_up=$((upload * 1024 * 8))"
 		}
-		[ -n "$upnp_lease_file" ] && touch "$upnp_lease_file" && echo "lease_file=$upnp_lease_file"
+		[ -n "${notify_interval}" ] && \
-		[ -n "$presentation_url" ] && echo "presentation_url=$presentation_url"
+			echo "notify_interval=${notify_interval}" >>$tmpconf
-		[ -n "$notify_interval" ] && echo "notify_interval=$notify_interval"
+
-		[ -n "$clean_ruleset_threshold" ] && echo "clean_ruleset_threshold=$clean_ruleset_threshold"
+		[ -n "${clean_ruleset_threshold}" ] && \
-		[ -n "$clean_ruleset_interval" ] && echo "clean_ruleset_interval=$clean_ruleset_interval"
+			echo "clean_ruleset_threshold=${clean_ruleset_threshold}" >>$tmpconf
-		[ -n "$serial_number" ] && echo "serial=$serial_number"
+
-		[ -n "$model_number" ] && echo "model_number=$model_number"
+		[ -n "${clean_ruleset_interval}" ] && \
-		[ -n "$port" ] && echo "port=$port"
+			echo "clean_ruleset_interval=${clean_ruleset_interval}" >>$tmpconf
 		[ -n "${ipv6_listening_ip}" ] && \
 			echo "ipv6_listening_ip=${ipv6_listening_ip}" >>$tmpconf
 		[ -z "$uuid" ] && {
 			uuid="$(cat /proc/sys/kernel/random/uuid)"
-			uci set upnpd.config.uuid="$uuid"
+			uci set upnpd.config.uuid=$uuid
 			uci commit upnpd
 		}
-		[ "$uuid" = "nocli" ] || echo "uuid=$uuid"
+		[ "$uuid" = "nocli" ] || \
 			echo "uuid=$uuid" >>$tmpconf
-		config_foreach conf_rule_add perm_rule
+		[ -n "${serial_number}" ] && \
 			echo "serial=${serial_number}" >>$tmpconf
-		} > "$tmpconf"
+		[ -n "${model_number}" ] && \
 			echo "model_number=${model_number}" >>$tmpconf
 	    config_foreach conf_rule_add perm_rule "$tmpconf"
 	fi
 	if [ -n "$ifname" ]; then
 		# start firewall
-		iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
+		iptables -L MINIUPNPD >/dev/null 2>/dev/null || fw3 reload
 		if [ "$logging" = "1" ]; then
 			SERVICE_DAEMONIZE=1 \
 			service_start /usr/sbin/miniupnpd $args -d
 		else
 			SERVICE_DAEMONIZE= \
 			service_start /usr/sbin/miniupnpd $args
 		fi
 	else
 		logger -t "upnp daemon" "external interface not found, not starting"
 	fi
 	procd_open_instance
 	procd_set_param command "$PROG"
 	procd_append_param command -f "$conf"
 	[ "$log_output" = "1" ] && procd_append_param command -d
 	procd_close_instance
 }
-stop_service() {
+stop() {
 	service_stop /usr/sbin/miniupnpd
 	iptables -t nat -F MINIUPNPD 2>/dev/null
 	iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
 	iptables -t filter -F MINIUPNPD 2>/dev/null
-	[ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
+        [ -x /usr/sbin/ip6tables ] && {
-}
+	    ip6tables -t filter -F MINIUPNPD 2>/dev/null
-
+        }
 start_service() {
 	config_load "upnpd"
 	config_foreach upnpd "upnpd"
 }
 service_triggers() {
 	procd_add_reload_trigger "upnpd"
 }
--- a/net/miniupnpd/files/upnpd.config
+++ b/net/miniupnpd/files/upnpd.config
@ -1,17 +1,16 @@
 config upnpd config
-	option enabled		1
+	option enabled		0
 	option enable_natpmp	1
 	option enable_upnp	1
 	option secure_mode	1
 	option log_output	0
-	option download		1024
+	option download 	1024
-	option upload		512
+	option upload   	512
-#by default, looked up dynamically from ubus
+        #by default, looked up dynamically from ubus
-#	option external_iface	wan
+	#option external_iface	wan
 	option internal_iface	lan
 	option port		5000
-	option upnp_lease_file	/var/run/miniupnpd.leases
+	option upnp_lease_file	/var/upnp.leases
 	option igdv1		0
 config perm_rule
 	option action		allow
@ -21,8 +20,8 @@ config perm_rule
 	option comment		"Allow high ports"
 config perm_rule
-	option action		deny
+       option action		deny
-	option ext_ports	0-65535
+       option ext_ports		0-65535
-	option int_addr		0.0.0.0/0
+       option int_addr		0.0.0.0/0
-	option int_ports	0-65535
+       option int_ports		0-65535
-	option comment		"Default deny"
+       option comment		"Default deny"
--- a/net/miniupnpd/patches/100-no-daemon.patch
+++ b/net/miniupnpd/patches/100-no-daemon.patch
@ -1,25 +0,0 @@
 --- a/miniupnpd.c
 +++ b/miniupnpd.c
@@ -1727,21 +1727,7 @@ init(int argc, char * * argv, struct runtime_vars * v)
 		}
 	}
 -	if(debug_flag)
 -	{
 -		pid = getpid();
 -	}
 -	else
 -	{
 -#ifdef USE_DAEMON
 -		if(daemon(0, 0)<0) {
 -			perror("daemon()");
 -		}
 -		pid = getpid();
 -#else
 -		pid = daemonize();
 -#endif
 -	}
 +	pid = getpid();
 	openlog_option = LOG_PID|LOG_CONS;
 	if(debug_flag)
--- a/net/miniupnpd/patches/101-no-ssl-uuid.patch
+++ b/net/miniupnpd/patches/101-no-ssl-uuid.patch
@ -0,0 +1,23 @@
 We do not need to autodetect SSL/UUID; SSL we do not support, UUID we always do.
 --- a/Makefile.linux
 +++ b/Makefile.linux
@@ -153,14 +153,18 @@ LDLIBS += $(shell $(PKG_CONFIG) --static
 LDLIBS += $(shell $(PKG_CONFIG) --static --libs-only-l libnetfilter_conntrack)
 endif # ($(TEST),1)
 +ifeq ($(TARGET_OPENWRT),)
 +# n/a - we don't enable https server for IGD v2 anyway in OpenWrt
 LDLIBS += $(shell $(PKG_CONFIG) --static --libs-only-l libssl)
 +# n/a - we hardcodedly support libuuid
 TEST := $(shell $(PKG_CONFIG) --exists uuid && echo 1)
 ifeq ($(TEST),1)
 LDLIBS += $(shell $(PKG_CONFIG) --static --libs-only-l uuid)
 else
 $(info please install uuid-dev package / libuuid)
 endif # ($(TEST),1)
 +endif
 TESTUPNPDESCGENOBJS = testupnpdescgen.o upnpdescgen.o
--- a/net/miniupnpd/patches/102-ipv6-ext-port.patch
+++ b/net/miniupnpd/patches/102-ipv6-ext-port.patch
@ -0,0 +1,10 @@
 --- a/pcpserver.c
 +++ b/pcpserver.c
@@ -982,6 +982,7 @@ static int CreatePCPMap_NAT(pcp_info_t *
 				   timestamp);
 	if (r < 0)
 		return PCP_ERR_NO_RESOURCES;
 +	pcp_msg_info->ext_port = pcp_msg_info->int_port;
 	return PCP_SUCCESS;
 }
--- a/net/miniupnpd/patches/103-no-ipv6-autodetection.patch
+++ b/net/miniupnpd/patches/103-no-ipv6-autodetection.patch
@ -0,0 +1,27 @@
 The miniupnpd makefile tries to autodetect iptables capabilities.
 This will incorrectly detect capabilities such as ipv6 support even though it is disabled for the target build.
 As the OpenWRT buildsystem already passes the right compile flags, we can skip the autodetection.
 --- a/netfilter/Makefile
 +++ b/netfilter/Makefile
@@ -38,8 +38,6 @@ endif
 endif
 endif
 -LIBS +=  /lib/libip4tc.so /lib/libip6tc.so
 -
 all:	iptcrdr.o testiptcrdr iptpinhole.o \
         testiptcrdr_peer testiptcrdr_dscp test_nfct_get
 #        testiptpinhole
 --- a/Makefile.linux
 +++ b/Makefile.linux
@@ -73,7 +73,6 @@ CPPFLAGS += -DIPTABLES_143
 endif
 CFLAGS  += $(shell $(PKG_CONFIG) --cflags libiptc)
 -LDLIBS  += $(shell $(PKG_CONFIG) --static --libs-only-l libiptc)
 LDFLAGS += $(shell $(PKG_CONFIG) --libs-only-L libiptc)
 LDFLAGS += $(shell $(PKG_CONFIG) --libs-only-other libiptc)
 else
--- a/net/miniupnpd/patches/104-always-libuuid.patch
+++ b/net/miniupnpd/patches/104-always-libuuid.patch
@ -0,0 +1,20 @@
 As it turns out, the 'magic' libuuid/bsd uuid check just checks
 outside buildtree altogether for the uuid_generate. So we just
 hardcode it.
 --- a/genconfig.sh
 +++ b/genconfig.sh
@@ -367,12 +367,7 @@ case $FW in
 esac
 # UUID API
 -if grep uuid_create /usr/include/uuid.h > /dev/null 2>&1 ; then
 -	echo "#define BSD_UUID" >> ${CONFIGFILE}
 -fi
 -if grep uuid_generate /usr/include/uuid/uuid.h > /dev/null 2>&1 ; then
 -	echo "#define LIB_UUID" >> ${CONFIGFILE}
 -fi
 +echo "#define LIB_UUID" >> ${CONFIGFILE}
 # set V6SOCKETS_ARE_V6ONLY to 0 if it was not set above
 if [ -z "$V6SOCKETS_ARE_V6ONLY" ] ; then
--- a/net/miniupnpd/patches/200-remove-default-cflags.patch
+++ b/net/miniupnpd/patches/200-remove-default-cflags.patch
@ -1,24 +0,0 @@
 --- a/Makefile.linux
 +++ b/Makefile.linux
@@ -24,16 +24,16 @@
 CONFIG_OPTIONS += --firewall=iptables
 #CFLAGS = -O -g -DDEBUG
 CFLAGS ?= -Os
 -CFLAGS += -fno-strict-aliasing
 -CFLAGS += -fno-common
 -CFLAGS += -fstack-protector -fPIE
 -CFLAGS += -D_FORTIFY_SOURCE=2
 +#CFLAGS += -fno-strict-aliasing
 +#CFLAGS += -fno-common
 +#CFLAGS += -fstack-protector -fPIE
 +#CFLAGS += -D_FORTIFY_SOURCE=2
 CPPFLAGS += -D_GNU_SOURCE
 CFLAGS += -Wall
 CFLAGS += -Wextra -Wstrict-prototypes -Wdeclaration-after-statement
 #CFLAGS += -Wno-missing-field-initializers
 #CFLAGS += -ansi	# iptables headers does use typeof which is a gcc extension
 -LDFLAGS += -Wl,-z,now -Wl,-z,relro -pie
 +LDFLAGS ?= -Wl,-z,now -Wl,-z,relro -pie
 CC ?= gcc
 RM = rm -f
 INSTALL = install