Merge branch 'master' into upnp
authorMichael Tremer <michael.tremer@ipfire.org>
Tue, 23 Nov 2010 21:14:08 +0000 (22:14 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Tue, 23 Nov 2010 21:14:08 +0000 (22:14 +0100)
config/miniupnpd/miniupnpd.conf [new file with mode: 0644]
config/rootfiles/common/initscripts
config/rootfiles/core/43/filelists/files
config/rootfiles/packages/miniupnpd [new file with mode: 0644]
lfs/miniupnpd [new file with mode: 0644]
make.sh
src/initscripts/init.d/firewall
src/initscripts/init.d/miniupnpd [new file with mode: 0644]
src/initscripts/init.d/networking/red.down/10-miniupnpd [new file with mode: 0644]
src/initscripts/init.d/networking/red.up/10-miniupnpd [new file with mode: 0644]
src/patches/miniupnpd-iptcrdr.patch [new file with mode: 0644]

diff --git a/config/miniupnpd/miniupnpd.conf b/config/miniupnpd/miniupnpd.conf
new file mode 100644 (file)
index 0000000..4a9cbc0
--- /dev/null
@@ -0,0 +1,47 @@
+
+# LAN network interfaces IPs / networks
+# there can be multiple listening ips for SSDP traffic.
+# should be under the form nnn.nnn.nnn.nnn/nn
+# HTTP is available on all interfaces
+# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
+port=0
+
+# chain names for netfilter (not used for pf or ipf).
+upnp_forward_chain=UPNPFW
+upnp_nat_chain=UPNPFW
+
+# bitrates reported by daemon in bits per second
+bitrate_up=1000000
+bitrate_down=10000000
+
+# "secure" mode : when enabled, UPnP client are allowed to add mappings only
+# to their IP.
+secure_mode=yes
+
+# report system uptime instead of daemon uptime
+system_uptime=yes
+
+# notify interval in seconds. default is 30 seconds.
+notify_interval=60
+
+# unused rules cleaning.
+# never remove any rule before this threshold for the number
+# of redirections is exceeded. default to 20
+#clean_ruleset_threshold=10
+# clean process work interval in seconds. default to 0 (disabled).
+# a 600 seconds (10 minutes) interval makes sense
+clean_ruleset_interval=600
+
+# serial and model number the daemon will report to clients
+# in its XML description
+serial=12345678
+model_number=1
+
+# UPnP permission rules
+# (allow|deny) (external port range) ip/mask (internal port range)
+# A port range is <min port>-<max port> or <port> if there is only
+# one port in the range.
+# ip/mask format must be nn.nn.nn.nn/nn
+# it is advised to only allow redirection of port above 1024
+# and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
+allow 0-65535 0.0.0.0/0 0-65535
index 0a99dc97a9ca97d533b626c30f4b1785ddd76075..87da362db51c8aef675796253cf57c0399755e4f 100644 (file)
@@ -44,6 +44,7 @@ etc/rc.d/init.d/mISDN
 #etc/rc.d/init.d/mediatomb
 #etc/rc.d/init.d/messagebus
 #etc/rc.d/init.d/miau
+#etc/rc.d/init.d/miniupnpd
 #etc/rc.d/init.d/mldonkey
 etc/rc.d/init.d/modules
 #etc/rc.d/init.d/motion
@@ -63,11 +64,13 @@ etc/rc.d/init.d/networking/red
 #etc/rc.d/init.d/networking/red.down
 etc/rc.d/init.d/networking/red.down/05-RS-dnsmasq
 etc/rc.d/init.d/networking/red.down/10-ipsec
+etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn
 etc/rc.d/init.d/networking/red.down/20-RL-firewall
 etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
 #etc/rc.d/init.d/networking/red.up
 etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
+etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
 etc/rc.d/init.d/networking/red.up/20-RL-firewall
 etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
@@ -207,4 +210,3 @@ etc/sysconfig/firewall.local
 etc/sysconfig/modules
 etc/sysconfig/rc
 etc/sysconfig/rc.local
-etc/init.d
index 0037af183326a74f3cbb5f65b2cf4c007eea7bed..995b690700903b151d24a3d48c03c26133223148 100644 (file)
@@ -1 +1,2 @@
+etc/init.d/firewall
 etc/system-release
diff --git a/config/rootfiles/packages/miniupnpd b/config/rootfiles/packages/miniupnpd
new file mode 100644 (file)
index 0000000..4451347
--- /dev/null
@@ -0,0 +1,6 @@
+etc/init.d/miniupnpd
+etc/init.d/networking/red.down/10-miniupnpd
+etc/init.d/networking/red.up/10-miniupnpd
+etc/miniupnpd
+etc/miniupnpd/miniupnpd.conf
+usr/sbin/miniupnpd
diff --git a/lfs/miniupnpd b/lfs/miniupnpd
new file mode 100644 (file)
index 0000000..470fc28
--- /dev/null
@@ -0,0 +1,87 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.4
+
+THISAPP    = miniupnpd-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+PROG       = miniupnpd
+PAK_VER    = 0
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = ffa33d4ed8732c662bdb7d511e86db76
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+       @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/miniupnpd-iptcrdr.patch
+       cd $(DIR_APP) && make -f Makefile.linux \
+               CFLAGS="$(CFLAGS) -DIPTABLES_143 -I/usr/src/linux/include"
+
+       cd $(DIR_APP) && install -m 755 miniupnpd /usr/sbin
+       -mkdir -pv /etc/miniupnpd
+       cp -vf $(DIR_SRC)/config/miniupnpd/miniupnpd.conf /etc/miniupnpd/miniupnpd.conf
+
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index fc3d9387781db19251a740e04ce1aab97ea7c767..fa13d0d796050a4c70a37f7e346e3d8e01a04757 100755 (executable)
--- a/make.sh
+++ b/make.sh
@@ -659,6 +659,7 @@ buildipfire() {
   ipfiremake minicom
   ipfiremake ddrescue
   ipfiremake imspector
+  ipfiremake miniupnpd
   echo Build on $HOSTNAME > $BASEDIR/build/var/ipfire/firebuild
   cat /proc/version >> $BASEDIR/build/var/ipfire/firebuild
   echo >> $BASEDIR/build/var/ipfire/firebuild
index f4d5611d3694efdbbe059ff91b4dac6b977c8c84..fea8d87e8437a37bf6c7d219368facab5d58dc25 100644 (file)
@@ -250,7 +250,8 @@ case "$1" in
        # upnp chain for our upnp daemon
        /sbin/iptables -t nat -N UPNPFW
        /sbin/iptables -t nat -A PREROUTING -j UPNPFW
-
+       # This chain only contains dummy rules.
+       /sbin/iptables -N UPNPFW
 
        # Custom mangle chain (for port fowarding)
        /sbin/iptables -t mangle -N PORTFWMANGLE
diff --git a/src/initscripts/init.d/miniupnpd b/src/initscripts/init.d/miniupnpd
new file mode 100644 (file)
index 0000000..1fd02a2
--- /dev/null
@@ -0,0 +1,69 @@
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/miniupnpd
+#
+# Description : Miniupnp daemon
+#
+# Authors     : Michael Tremer <michael.tremer@ipfire.org>
+#
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+if [ ! -e /etc/miniupnpd/id ]; then
+       uuidgen > /etc/miniupnpd/id
+fi
+
+UUID=$(cat /etc/miniupnpd/id)
+
+EXT_DEV=$(cat /var/ipfire/red/iface)
+EXT_IP4=$(cat /var/ipfire/red/local-ipaddress)
+
+. /var/ipfire/ethernet/settings
+
+for i in GREEN_ADDRESS BLUE_ADDRESS; do
+       [ -n "${!i}" ] && LISTEN_IP="${LISTEN_IP} -a ${!i}"
+done
+
+function flush_iptables() {
+       # Flush iptables to remove all entries that were left
+       iptables -F UPNPFW
+       iptables -t nat -F UPNPFW
+}
+
+case "${1}" in
+       start)
+               boot_mesg "Starting miniupnpd..."
+
+               flush_iptables
+
+               loadproc miniupnpd -f /etc/miniupnpd/miniupnpd.conf \
+                       -i ${EXT_DEV} -o ${EXT_IP4} ${LISTEN_IP} \
+                       -u ${UUID}
+               ;;
+
+       stop)
+               boot_mesg "Stopping miniupnpd..."
+               killproc miniupnpd
+
+               flush_iptables
+               ;;
+
+       restart)
+               ${0} stop
+               sleep 1
+               ${0} start
+               ;;
+
+       status)
+               statusproc miniupnpd
+               ;;
+
+       *)
+               echo "Usage: ${0} {start|stop|restart|status}"
+               exit 1
+               ;;
+esac
+
+# End $rc_base/init.d/miniupnpd
diff --git a/src/initscripts/init.d/networking/red.down/10-miniupnpd b/src/initscripts/init.d/networking/red.down/10-miniupnpd
new file mode 100644 (file)
index 0000000..eaf2239
--- /dev/null
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+[ -x /etc/init.d/miniupnpd ] && \
+       /etc/init.d/miniupnpd stop &>/dev/null
+
+exit 0
diff --git a/src/initscripts/init.d/networking/red.up/10-miniupnpd b/src/initscripts/init.d/networking/red.up/10-miniupnpd
new file mode 100644 (file)
index 0000000..5443133
--- /dev/null
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+[ -x /etc/init.d/miniupnpd ] && \
+       /etc/init.d/miniupnpd start &>/dev/null
+
+exit 0
diff --git a/src/patches/miniupnpd-iptcrdr.patch b/src/patches/miniupnpd-iptcrdr.patch
new file mode 100644 (file)
index 0000000..677043b
--- /dev/null
@@ -0,0 +1,16 @@
+--- netfilter/iptcrdr.c.old    2010-02-24 14:22:23.000000000 +0100
++++ netfilter/iptcrdr.c        2010-02-24 14:48:00.000000000 +0100
+@@ -20,6 +20,13 @@
+ #if IPTABLES_143
+ /* IPTABLES API version >= 1.4.3 */
++
++#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
++#define __must_be_array(a) \
++      BUILD_BUG_ON_ZERO(__builtin_types_compatible_p(typeof(a), typeof(&a[0])))
++#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
++#define LIST_POISON2  ((void *) 0x00200200 )
++
+ #include <net/netfilter/nf_nat.h>
+ #define ip_nat_multi_range    nf_nat_multi_range
+ #define ip_nat_range          nf_nat_range