miniupnpd: bump to latest git source

Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>

net/miniupnpd/Makefile

@@ -8,12 +8,15 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=miniupnpd
-PKG_VERSION:=2.2.3
+PKG_VERSION:=2.3.0
 PKG_RELEASE:=$(AUTORELEASE)
 
-PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=f89c310ce9575183af3fec61af65e548f85114133df8caaaa9e204c13b7a9da5
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/miniupnp/miniupnp.git
+PKG_SOURCE_DATE:=2022-03-20
+PKG_SOURCE_VERSION:=fda61180e07abd222623e54b9239557bbffbc21d
+PKG_MIRROR_HASH:=f81a5b920f1bddb5673a2455461d4dca20d17138f5488713c5a759f2a64e9f18
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)/miniupnpd
 
 PKG_MAINTAINER:=
 PKG_LICENSE:=BSD-3-Clause
@@ -26,6 +29,9 @@ PKG_BUILD_PARALLEL:=1
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/version.mk
 
+TAR_OPTIONS+= --strip-components 1
+TAR_CMD=$(HOST_TAR) -C $(1)/.. $(TAR_OPTIONS)
+
 define Package/miniupnpd/Default
   SECTION:=net
   CATEGORY:=Network
@@ -109,6 +115,10 @@ endef
 
 define Package/miniupnpd-nftables/install
 	$(call Package/miniupnpd/install/Default,$1)
+	$(INSTALL_DIR) $(1)/usr/share/miniupnpd
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/etc/miniupnpd/miniupnpd_functions.sh $(1)/usr/share/miniupnpd/miniupnpd_functions.sh
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/etc/miniupnpd/nft_init.sh $(1)/usr/share/miniupnpd/nft_init.sh
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/etc/miniupnpd/nft_removeall.sh $(1)/usr/share/miniupnpd/nft_removeall.sh
 endef
 
 $(eval $(call BuildPackage,miniupnpd-iptables))

net/miniupnpd/files/miniupnpd.hotplug

@@ -13,6 +13,7 @@ tmpconf="/var/etc/miniupnpd.conf"
 external_iface=$(uci -q get upnpd.config.external_iface)
 external_iface6=$(uci -q get upnpd.config.external_iface6)
 external_zone=$(uci -q get upnpd.config.external_zone)
+[ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3"
 
 . /lib/functions/network.sh
 
@@ -20,7 +21,7 @@ if [ -n "$external_iface" ] ; then
 	network_get_device ifname "$external_iface"
 else
 	if [ -n "$external_zone" ] ; then
-		ifname=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+		ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
 	else
 		network_find_wan external_iface && \
 			network_get_device ifname "$external_iface"
@@ -30,7 +31,7 @@ if [ -n "$external_iface6" ] ; then
 	network_get_device ifname6 "$external_iface6"
 else
 	if [ -n "$external_zone" ] ; then
-		ifname6=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+		ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
 	else
 		network_find_wan6 external_iface6 && \
 			network_get_device ifname6 "$external_iface6"

net/miniupnpd/files/miniupnpd.init

@@ -5,6 +5,8 @@ START=94
 STOP=15
 USE_PROCD=1
 PROG=/usr/sbin/miniupnpd
+NFT_SCRIPTS_DIR=/usr/share/miniupnpd
+[ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3"
 
 upnpd_get_port_range() {
 	local var="$1"; shift
@@ -98,7 +100,7 @@ upnpd() {
 		network_get_device ifname "$external_iface"
 	else
 		if [ -n "$external_zone" ] ; then
-			ifname=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+			ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
 		else
 			network_find_wan external_iface && \
 				network_get_device ifname "$external_iface"
@@ -108,7 +110,7 @@ upnpd() {
 		network_get_device ifname6 "$external_iface6"
 	else
 		if [ -n "$external_zone" ] ; then
-			ifname6=$(fw3 -q zone "$external_zone" 2>/dev/null | head -1)
+			ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
 		else
 			network_find_wan6 external_iface6 && \
 				network_get_device ifname6 "$external_iface6"
@@ -176,7 +178,12 @@ upnpd() {
 
 	if [ -n "$ifname" ]; then
 		# start firewall
-		iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
+		if [ "Z$FW" = "Zfw4" ]; then
+			$NFT_SCRIPTS_DIR/nft_init.sh 2>/dev/null
+			fw4 reload
+		else
+			iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
+		fi
 	else
 		logger -t "upnp daemon" "external interface not found, not starting"
 	fi
@@ -189,11 +196,16 @@ upnpd() {
 }
 
 stop_service() {
-	iptables -t nat -F MINIUPNPD 2>/dev/null
-	iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
-	iptables -t filter -F MINIUPNPD 2>/dev/null
+	if [ "Z$FW" = "Zfw4" ]; then
+		$NFT_SCRIPTS_DIR/nft_removeall.sh 2>/dev/null
+		fw4 reload
+	else
+		iptables -t nat -F MINIUPNPD 2>/dev/null
+		iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
+		iptables -t filter -F MINIUPNPD 2>/dev/null
 
-	[ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
+		[ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
+	fi
 }
 
 start_service() {

net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch

@@ -1,25 +0,0 @@
-From 51a422407b22f0cb7188ea4bfb3867b2bbfcfe68 Mon Sep 17 00:00:00 2001
-From: Stijn Tintel <stijn@linux-ipv6.be>
-Date: Sun, 7 Nov 2021 20:24:29 +0200
-Subject: [PATCH] miniupnpd/configure: don't hardcode iptables
-
-The OpenWrt Makefile that builds miniupnpd passes the firewall argument
-to the configure script, so this is not needed and it is blocking us
-from using nftables instead, which will be the default backend for
-firewall4 to be used in the next OpenWrt stable release.
-
-Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
----
- configure | 1 -
- 1 file changed, 1 deletion(-)
-
---- a/configure
-+++ b/configure
-@@ -387,7 +387,6 @@ case $OS_NAME in
- 	OpenWRT)
- 		OS_URL=http://www.openwrt.org/
- 		echo "#define USE_IFACEWATCHER 1" >> ${CONFIGFILE}
--		FW=iptables
- 		;;
- 	OpenEmbedded)
- 		OS_URL=http://www.openembedded.org/

net/miniupnpd/patches/201-change-default-chain-rule-to-accept.patch

@@ -0,0 +1,13 @@
+--- a/netfilter_nft/scripts/nft_init.sh
++++ b/netfilter_nft/scripts/nft_init.sh
+@@ -19,8 +19,8 @@ echo "Creating nftables structure"
+ cat > /tmp/miniupnpd.nft <<EOF
+ table inet $TABLE {
+     chain forward {
+-        type filter hook forward priority 0;
+-        policy drop;
++        type filter hook forward priority -25;
++        policy accept;
+ 
+         # miniupnpd
+         jump $CHAIN