From 23ba57418ce49df8b91555924f0552b4453b13e5 Mon Sep 17 00:00:00 2001 From: Stijn Tintel Date: Sat, 6 Nov 2021 00:31:12 +0200 Subject: [PATCH 1/2] Revert "miniupnpd: introduce IGDv1 variant" Since version 2.2.3, miniupnpd will detect MS clients and force IGDv1. This reverts commit 7f5534ac7a88124c59b23188bcdc39bd9e92d879. Signed-off-by: Stijn Tintel --- net/miniupnpd/Makefile | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile index 6024d05ab..41113edb9 100644 --- a/net/miniupnpd/Makefile +++ b/net/miniupnpd/Makefile @@ -26,7 +26,7 @@ PKG_BUILD_PARALLEL:=1 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/version.mk -define Package/miniupnpd/Default +define Package/miniupnpd SECTION:=net CATEGORY:=Network DEPENDS:= \ @@ -43,26 +43,10 @@ define Package/miniupnpd/Default URL:=https://miniupnp.tuxfamily.org/ endef -define Package/miniupnpd - $(call Package/miniupnpd/Default) - TITLE+= (IGDv2) - CONFLICTS:=miniupnpd-igdv1 - VARIANT:=igdv2 -endef - -define Package/miniupnpd-igdv1 - $(call Package/miniupnpd/Default) - TITLE+= (IGDv1) - PROVIDES:=miniupnpd - VARIANT:=igdv1 -endef - define Package/miniupnpd/conffiles /etc/config/upnpd endef -Package/miniupnpd-igdv1/conffiles = $(Package/miniupnpd/conffiles) - define Build/Prepare $(call Build/Prepare/Default) echo "$(VERSION_NUMBER)" | tr '() ' '_' >$(PKG_BUILD_DIR)/os.openwrt @@ -70,15 +54,12 @@ endef CONFIGURE_ARGS = \ $(if $(CONFIG_IPV6),--ipv6) \ + --igd2 \ --leasefile \ --portinuse \ --firewall=iptables \ --disable-fork -ifeq ($(BUILD_VARIANT),igdv2) - CONFIGURE_ARGS += --igd2 -endif - TARGET_CFLAGS += $(FPIC) -flto TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed @@ -98,7 +79,4 @@ define Package/miniupnpd/install $(INSTALL_DATA) ./files/firewall.include $(1)/usr/share/miniupnpd/firewall.include endef -Package/miniupnpd-igdv1/install = $(Package/miniupnpd/install) - $(eval $(call BuildPackage,miniupnpd)) -$(eval $(call BuildPackage,miniupnpd-igdv1)) From 7fbc5d4db3c03601bd3865a9e9aa13bb7783d036 Mon Sep 17 00:00:00 2001 From: Stijn Tintel Date: Sat, 6 Nov 2021 00:39:09 +0200 Subject: [PATCH 2/2] miniupnpd: create iptables and nftables variant The next OpenWrt stable release aims to use firewall4 by default. As this uses nftables as backend, miniupnpd will no longer work. Create an iptables and nftables variant of the miniupnpd package so that miniupnpd can be used with either firewall variant. See #16818 for more info. Signed-off-by: Stijn Tintel --- net/miniupnpd/Makefile | 66 ++++++++++++++----- .../{firewall.include => firewall3.include} | 0 ...d.defaults => miniupnpd.defaults.iptables} | 0 ...pd-configure-don-t-hardcode-iptables.patch | 25 +++++++ 4 files changed, 74 insertions(+), 17 deletions(-) rename net/miniupnpd/files/{firewall.include => firewall3.include} (100%) rename net/miniupnpd/files/{miniupnpd.defaults => miniupnpd.defaults.iptables} (100%) create mode 100644 net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile index 41113edb9..deeac1ccd 100644 --- a/net/miniupnpd/Makefile +++ b/net/miniupnpd/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=miniupnpd PKG_VERSION:=2.2.3 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz @@ -26,27 +26,47 @@ PKG_BUILD_PARALLEL:=1 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/version.mk -define Package/miniupnpd +define Package/miniupnpd/Default SECTION:=net CATEGORY:=Network DEPENDS:= \ - +IPV6:ip6tables \ - +IPV6:libip6tc \ - +iptables \ +libcap-ng \ - +libip4tc \ +libmnl \ - +libnetfilter-conntrack \ +libuuid + PROVIDES:=miniupnpd TITLE:=Lightweight UPnP IGD, NAT-PMP & PCP daemon SUBMENU:=Firewall URL:=https://miniupnp.tuxfamily.org/ endef -define Package/miniupnpd/conffiles +define Package/miniupnpd-iptables + $(call Package/miniupnpd/Default) + CONFLICTS:=miniupnpd-nftables + DEPENDS+= \ + +IPV6:ip6tables \ + +IPV6:libip6tc \ + +iptables \ + +libip4tc \ + +libnetfilter-conntrack + TITLE+= (iptables) + VARIANT:=iptables +endef + +define Package/miniupnpd-nftables + $(call Package/miniupnpd/Default) + DEPENDS+= \ + +libnftnl + TITLE+= (nftables) + VARIANT:=nftables +endef + +define Package/miniupnpd/conffiles/Default /etc/config/upnpd endef +Package/miniupnpd-iptables/conffiles = $(Package/miniupnpd/conffiles/Default) +Package/miniupnpd-nftables/conffiles = $(Package/miniupnpd/conffiles/Default) + define Build/Prepare $(call Build/Prepare/Default) echo "$(VERSION_NUMBER)" | tr '() ' '_' >$(PKG_BUILD_DIR)/os.openwrt @@ -57,26 +77,38 @@ CONFIGURE_ARGS = \ --igd2 \ --leasefile \ --portinuse \ - --firewall=iptables \ + --firewall=$(BUILD_VARIANT) \ --disable-fork -TARGET_CFLAGS += $(FPIC) -flto +TARGET_CFLAGS += $(FPIC) TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed -define Package/miniupnpd/install +ifeq ($(BUILD_VARIANT),iptables) + TARGET_CFLAGS += -flto +endif + +define Package/miniupnpd/install/Default $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_DIR) $(1)/etc/config $(INSTALL_DIR) $(1)/etc/hotplug.d/iface - $(INSTALL_DIR) $(1)/etc/uci-defaults - $(INSTALL_DIR) $(1)/usr/share/miniupnpd - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/miniupnpd $(1)/usr/sbin/miniupnpd $(INSTALL_BIN) ./files/miniupnpd.init $(1)/etc/init.d/miniupnpd $(INSTALL_CONF) ./files/upnpd.config $(1)/etc/config/upnpd $(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/iface/50-miniupnpd - $(INSTALL_BIN) ./files/miniupnpd.defaults $(1)/etc/uci-defaults/99-miniupnpd - $(INSTALL_DATA) ./files/firewall.include $(1)/usr/share/miniupnpd/firewall.include endef -$(eval $(call BuildPackage,miniupnpd)) +define Package/miniupnpd-iptables/install + $(call Package/miniupnpd/install/Default,$1) + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_DIR) $(1)/usr/share/miniupnpd + $(INSTALL_BIN) ./files/miniupnpd.defaults.iptables $(1)/etc/uci-defaults/99-miniupnpd + $(INSTALL_DATA) ./files/firewall3.include $(1)/usr/share/miniupnpd/firewall.include +endef + +define Package/miniupnpd-nftables/install + $(call Package/miniupnpd/install/Default,$1) +endef + +$(eval $(call BuildPackage,miniupnpd-iptables)) +$(eval $(call BuildPackage,miniupnpd-nftables)) diff --git a/net/miniupnpd/files/firewall.include b/net/miniupnpd/files/firewall3.include similarity index 100% rename from net/miniupnpd/files/firewall.include rename to net/miniupnpd/files/firewall3.include diff --git a/net/miniupnpd/files/miniupnpd.defaults b/net/miniupnpd/files/miniupnpd.defaults.iptables similarity index 100% rename from net/miniupnpd/files/miniupnpd.defaults rename to net/miniupnpd/files/miniupnpd.defaults.iptables diff --git a/net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch b/net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch new file mode 100644 index 000000000..c6f24b282 --- /dev/null +++ b/net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch @@ -0,0 +1,25 @@ +From 51a422407b22f0cb7188ea4bfb3867b2bbfcfe68 Mon Sep 17 00:00:00 2001 +From: Stijn Tintel +Date: Sun, 7 Nov 2021 20:24:29 +0200 +Subject: [PATCH] miniupnpd/configure: don't hardcode iptables + +The OpenWrt Makefile that builds miniupnpd passes the firewall argument +to the configure script, so this is not needed and it is blocking us +from using nftables instead, which will be the default backend for +firewall4 to be used in the next OpenWrt stable release. + +Signed-off-by: Stijn Tintel +--- + configure | 1 - + 1 file changed, 1 deletion(-) + +--- a/configure ++++ b/configure +@@ -387,7 +387,6 @@ case $OS_NAME in + OpenWRT) + OS_URL=http://www.openwrt.org/ + echo "#define USE_IFACEWATCHER 1" >> ${CONFIGFILE} +- FW=iptables + ;; + OpenEmbedded) + OS_URL=http://www.openembedded.org/