[packages] miniupnpd:

- use firewall hotplug calls to configure rules
	- properly clean and rebuild rules on restart
	- cope with ifdown/ifup events on external iface (#4669)
	- bump pkg revision


git-svn-id: svn://svn.openwrt.org/openwrt/packages@17680 3c298f89-4303-0410-b956-a3cf2f4a3e73

net/miniupnpd/Makefile

@@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=miniupnpd
 PKG_VERSION:=1.3
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 PKG_MD5SUM:=b5e70e80dcf45b424b8fe3c966bdc613
 
 PKG_SOURCE_URL:=http://miniupnp.free.fr/files
@@ -36,12 +36,11 @@ define Build/Compile
 endef
 
 define Package/miniupnpd/install
-	$(INSTALL_DIR) $(1)/usr/bin $(1)/etc/init.d $(1)/etc/config $(1)/etc/hotplug.d/iface $(1)/lib/miniupnpd
+	$(INSTALL_DIR) $(1)/usr/bin $(1)/etc/init.d $(1)/etc/config $(1)/etc/hotplug.d/firewall
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/miniupnpd $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/miniupnpd $(1)/usr/bin/miniupnpd
 	$(INSTALL_BIN) ./files/miniupnpd.init $(1)/etc/init.d/miniupnpd
 	$(INSTALL_DATA) ./files/upnpd.config $(1)/etc/config/upnpd
-	$(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/iface/20-miniupnpd
+	$(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/firewall/50-miniupnpd
-	$(INSTALL_DATA) ./files/miniupnpd.firewall $(1)/lib/miniupnpd/firewall.sh
 endef
 
 $(eval $(call BuildPackage,miniupnpd))

net/miniupnpd/files/miniupnpd.firewall

@@ -1,65 +0,0 @@
-. /etc/functions.sh
-include /lib/network
-scan_interfaces
-
-upnp_ipt() {
-	iptables "$@" 2>/dev/null
-}
-
-upnp_firewall_addif() {
-	local extif
-	local extip
-	local iface
-
-	config_load upnpd
-	config_get iface config external_iface
-
-	[ -n "$INTERFACE" -a "$INTERFACE" != "$iface" ] && return
-
-	config_load network
-	config_get extip "${iface:-wan}" ipaddr
-	config_get extif "${iface:-wan}" ifname
-
-	logger -t "upnp firewall" "adding wan interface $extif($extip)"
-
-	upnp_ipt -t nat -N miniupnpd_${iface:-wan}_rule
-	upnp_ipt -t nat -A miniupnpd_${iface:-wan}_rule -i $extif -d $extip -j MINIUPNPD
-	upnp_ipt -t nat -A prerouting_rule -j miniupnpd_${iface:-wan}_rule
-
-	upnp_ipt -t filter -N miniupnpd_${iface:-wan}_rule
-	upnp_ipt -t filter -A miniupnpd_${iface:-wan}_rule -i $extif -o ! $extif -j MINIUPNPD
-	upnp_ipt -t filter -A forwarding_rule -j miniupnpd_${iface:-wan}_rule
-}
-
-upnp_firewall_delif() {
-	local iface
-
-	config_load upnpd
-	config_get iface config external_iface
-
-	[ -n "$INTERFACE" -a "$INTERFACE" != "$iface" ] && return
-
-	logger -t "upnp firewall" "removing wan interface"
-
-	upnp_ipt -t nat -D prerouting_rule -j miniupnpd_${iface:-wan}_rule
-	upnp_ipt -t nat -F miniupnpd_${iface:-wan}_rule
-	upnp_ipt -t nat -X miniupnpd_${iface:-wan}_rule
-
-	upnp_ipt -t filter -D forwarding_rule -j miniupnpd_${iface:-wan}_rule
-	upnp_ipt -t filter -F miniupnpd_${iface:-wan}_rule
-	upnp_ipt -t filter -X miniupnpd_${iface:-wan}_rule
-}
-
-upnp_firewall_start() {
-	upnp_ipt -t nat -N MINIUPNPD
-	upnp_ipt -t filter -N MINIUPNPD
-	upnp_firewall_addif
-}
-
-upnp_firewall_stop() {
-	upnp_firewall_delif
-	upnp_ipt -t nat -F MINIUPNPD
-	upnp_ipt -t nat -X MINIUPNPD
-	upnp_ipt -t filter -F MINIUPNPD
-	upnp_ipt -t filter -X MINIUPNPD
-}

net/miniupnpd/files/miniupnpd.hotplug

@@ -1,18 +1,46 @@
 #!/bin/sh
 
 /etc/init.d/miniupnpd enabled && {
-	killall -0 miniupnpd 2>/dev/null && {
-		. /lib/miniupnpd/firewall.sh
 
-		[ "$ACTION" = "ifup" ] && {
+	local state="${ZONE}_${INTERFACE}"
-			upnp_firewall_delif
+	local extif initifs
-			upnp_firewall_addif
+
+	config_load upnpd
+	config_get extif config external_iface
+
+	if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "$extif" ]; then
+
+		local active
+		config_get active "$state" ifname
+
+		[ -z "$active" ] && {
+			local ipaddr
+			config_get ipaddr "$extif" ipaddr
+
+			logger -t "upnp" "adding $INTERFACE ($DEVICE - $ipaddr) to firewall"
+
+			iptables -t nat -N MINIUPNPD 2>/dev/null
+			iptables -t nat -A prerouting_rule -i $DEVICE -d $ipaddr -j MINIUPNPD
+			iptables -t filter -N MINIUPNPD 2>/dev/null
+			iptables -t filter -A forwarding_rule -i $DEVICE ! -o $DEVICE -j MINIUPNPD
+
+			uci_set_state upnpd "$state" "" "firewall"
+			uci_set_state upnpd "$state" ifname "$DEVICE"
+			uci_set_state upnpd "$state" ipaddr "$ipaddr"
 		}
 	
-		[ "$ACTION" = "ifdown" ] && {
+	elif [ "$ACTION" = "remove" ] && [ "$INTERFACE" = "$extif" ]; then
-			upnp_firewall_delif
+
+		local ifname ipaddr
+		config_get ifname "$state" ifname
+		config_get ipaddr "$state" ipaddr
+
+		[ -n "$ifname" ] && [ -n "$ipaddr" ] && {
+			logger -t "upnp" "removing $INTERFACE ($ifname - $ipaddr) from firewall"
+			iptables -t nat -D prerouting_rule -i $ifname -d $ipaddr -j MINIUPNPD
+			iptables -t filter -D forwarding_rule -i $DEVICE ! -o $DEVICE -j MINIUPNPD
+			uci_revert_state upnpd "$state"
 		}
-	} || {
+	fi
-		/etc/init.d/miniupnpd restart
-	}
 }
+

net/miniupnpd/files/miniupnpd.init

@@ -1,40 +1,28 @@
 #!/bin/sh /etc/rc.common
 START=95
 
-include /lib/miniupnpd
-
-boot() {
-	# On boot, there's a race condition with hotplug,
-	# therfore do nothing here
-	return
-}
-
 start() {
-	local extif
-	local intif
-	local extiface
-	local upload
-	local download
-	local logging
-	local secure
-
 	config_load "upnpd"
-	config_get extif    config external_iface
+	local extiface intiface upload download logging secure
-	config_get intif    config internal_iface
+
+	config_get extiface config external_iface
+	config_get intiface config internal_iface
 	config_get upload   config upload
 	config_get download config download
 	config_get_bool logging config log_output 0
 	config_get_bool secure config secure_mode 0
 
-	config_load "network"
+	include /lib/network
-	config_get extiface ${extif:-wan} ifname
+	scan_interfaces
 
-	if [ -n "$extiface" ]; then
+	local ifname
-		upnp_firewall_start
+	config_get ifname ${extiface:-wan} ifname
 
-		local args="-i $extiface"
+	if [ -n "$ifname" ]; then
+		local args="-i $ifname"
+		local iface
 
-		for iface in ${intif:-lan}; do
+		for iface in ${intiface:-lan}; do
 			local ipaddr
 			config_get ipaddr "$iface" ipaddr
 			[ -n "$ipaddr" ] && append args "-a $ipaddr"
@@ -53,12 +41,47 @@ start() {
 		else
 			eval start-stop-daemon -S -x miniupnpd -- $args 2>/dev/null
 		fi
+
+		# start firewall
+		local zone
+		config_load firewall
+		config_get zone core "${extiface:-wan}_zone"
+		[ -n "$zone" ] && \
+			ACTION="add" ZONE="$zone" INTERFACE="${extiface:-wan}" DEVICE="$ifname" \
+				. /etc/hotplug.d/firewall/50-miniupnpd 
 	else
 		logger -t "upnp daemon" "external interface not found, not starting"
 	fi
 }
 
+clear_rule() {
+	local state="$1"
+	local ifname ipaddr
+
+	config_get ifname "$state" ifname
+	config_get ipaddr "$state" ipaddr
+
+	[ -n "$ifname" ] && [ -n "$ipaddr" ] && {
+		iptables -t nat -D prerouting_rule -i $ifname -d $ipaddr -j MINIUPNPD
+		iptables -t filter -D forwarding_rule -i $ifname ! -o $ifname -j MINIUPNPD
+		uci_revert_state upnpd "$state"
+		unset "CONFIG_${state}_ifname"
+		unset "CONFIG_${state}_ipaddr"
+	}
+}
+
 stop() {
 	start-stop-daemon -K -q -x miniupnpd -p /var/run/miniupnpd.pid
-	upnp_firewall_stop
+	rm -f /var/run/miniupnpd.pid
+
+	logger -t "upnp" "removing firewall rules"
+
+	config_load upnpd
+	config_foreach clear_rule firewall
+
+	iptables -t nat -F MINIUPNPD 2>/dev/null
+	iptables -t nat -X MINIUPNPD 2>/dev/null
+	iptables -t filter -F MINIUPNPD 2>/dev/null
+	iptables -t filter -X MINIUPNPD 2>/dev/null
 }
+