From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 23 Nov 2010 21:14:08 +0000 (+0100)
Subject: Merge branch 'master' into upnp
X-Git-Tag: v2.9-beta1~48^2~6
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=1d4b178db05de5f1274009b92037c33c631f2dbf;hp=94571564362b2583f2aed6a4f49c577774fe7928

Merge branch 'master' into upnp
---

diff --git a/config/miniupnpd/miniupnpd.conf b/config/miniupnpd/miniupnpd.conf
new file mode 100644
index 0000000000..4a9cbc086a
--- /dev/null
+++ b/config/miniupnpd/miniupnpd.conf
@@ -0,0 +1,47 @@
+
+# LAN network interfaces IPs / networks
+# there can be multiple listening ips for SSDP traffic.
+# should be under the form nnn.nnn.nnn.nnn/nn
+# HTTP is available on all interfaces
+# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
+port=0
+
+# chain names for netfilter (not used for pf or ipf).
+upnp_forward_chain=UPNPFW
+upnp_nat_chain=UPNPFW
+
+# bitrates reported by daemon in bits per second
+bitrate_up=1000000
+bitrate_down=10000000
+
+# "secure" mode : when enabled, UPnP client are allowed to add mappings only
+# to their IP.
+secure_mode=yes
+
+# report system uptime instead of daemon uptime
+system_uptime=yes
+
+# notify interval in seconds. default is 30 seconds.
+notify_interval=60
+
+# unused rules cleaning.
+# never remove any rule before this threshold for the number
+# of redirections is exceeded. default to 20
+#clean_ruleset_threshold=10
+# clean process work interval in seconds. default to 0 (disabled).
+# a 600 seconds (10 minutes) interval makes sense
+clean_ruleset_interval=600
+
+# serial and model number the daemon will report to clients
+# in its XML description
+serial=12345678
+model_number=1
+
+# UPnP permission rules
+# (allow|deny) (external port range) ip/mask (internal port range)
+# A port range is <min port>-<max port> or <port> if there is only
+# one port in the range.
+# ip/mask format must be nn.nn.nn.nn/nn
+# it is advised to only allow redirection of port above 1024
+# and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
+allow 0-65535 0.0.0.0/0 0-65535
diff --git a/config/rootfiles/common/initscripts b/config/rootfiles/common/initscripts
index 0a99dc97a9..87da362db5 100644
--- a/config/rootfiles/common/initscripts
+++ b/config/rootfiles/common/initscripts
@@ -44,6 +44,7 @@ etc/rc.d/init.d/mISDN
 #etc/rc.d/init.d/mediatomb
 #etc/rc.d/init.d/messagebus
 #etc/rc.d/init.d/miau
+#etc/rc.d/init.d/miniupnpd
 #etc/rc.d/init.d/mldonkey
 etc/rc.d/init.d/modules
 #etc/rc.d/init.d/motion
@@ -63,11 +64,13 @@ etc/rc.d/init.d/networking/red
 #etc/rc.d/init.d/networking/red.down
 etc/rc.d/init.d/networking/red.down/05-RS-dnsmasq
 etc/rc.d/init.d/networking/red.down/10-ipsec
+etc/rc.d/init.d/networking/red.down/10-miniupnpd
 etc/rc.d/init.d/networking/red.down/10-ovpn
 etc/rc.d/init.d/networking/red.down/20-RL-firewall
 etc/rc.d/init.d/networking/red.down/99-D-dialctrl.pl
 #etc/rc.d/init.d/networking/red.up
 etc/rc.d/init.d/networking/red.up/05-RS-dnsmasq
+etc/rc.d/init.d/networking/red.up/10-miniupnpd
 etc/rc.d/init.d/networking/red.up/10-multicast
 etc/rc.d/init.d/networking/red.up/20-RL-firewall
 etc/rc.d/init.d/networking/red.up/22-outgoingfwctrl
@@ -207,4 +210,3 @@ etc/sysconfig/firewall.local
 etc/sysconfig/modules
 etc/sysconfig/rc
 etc/sysconfig/rc.local
-etc/init.d
diff --git a/config/rootfiles/core/43/filelists/files b/config/rootfiles/core/43/filelists/files
index 0037af1833..995b690700 100644
--- a/config/rootfiles/core/43/filelists/files
+++ b/config/rootfiles/core/43/filelists/files
@@ -1 +1,2 @@
+etc/init.d/firewall
 etc/system-release
diff --git a/config/rootfiles/packages/miniupnpd b/config/rootfiles/packages/miniupnpd
new file mode 100644
index 0000000000..44513472bf
--- /dev/null
+++ b/config/rootfiles/packages/miniupnpd
@@ -0,0 +1,6 @@
+etc/init.d/miniupnpd
+etc/init.d/networking/red.down/10-miniupnpd
+etc/init.d/networking/red.up/10-miniupnpd
+etc/miniupnpd
+etc/miniupnpd/miniupnpd.conf
+usr/sbin/miniupnpd
diff --git a/lfs/miniupnpd b/lfs/miniupnpd
new file mode 100644
index 0000000000..470fc28cbe
--- /dev/null
+++ b/lfs/miniupnpd
@@ -0,0 +1,87 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.4
+
+THISAPP    = miniupnpd-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+PROG       = miniupnpd
+PAK_VER    = 0
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = ffa33d4ed8732c662bdb7d511e86db76
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+	@$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/miniupnpd-iptcrdr.patch
+	cd $(DIR_APP) && make -f Makefile.linux \
+		CFLAGS="$(CFLAGS) -DIPTABLES_143 -I/usr/src/linux/include"
+
+	cd $(DIR_APP) && install -m 755 miniupnpd /usr/sbin
+	-mkdir -pv /etc/miniupnpd
+	cp -vf $(DIR_SRC)/config/miniupnpd/miniupnpd.conf /etc/miniupnpd/miniupnpd.conf
+
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/make.sh b/make.sh
index fc3d938778..fa13d0d796 100755
--- a/make.sh
+++ b/make.sh
@@ -659,6 +659,7 @@ buildipfire() {
   ipfiremake minicom
   ipfiremake ddrescue
   ipfiremake imspector
+  ipfiremake miniupnpd
   echo Build on $HOSTNAME > $BASEDIR/build/var/ipfire/firebuild
   cat /proc/version >> $BASEDIR/build/var/ipfire/firebuild
   echo >> $BASEDIR/build/var/ipfire/firebuild
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index f4d5611d36..fea8d87e84 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -250,7 +250,8 @@ case "$1" in
 	# upnp chain for our upnp daemon
 	/sbin/iptables -t nat -N UPNPFW
 	/sbin/iptables -t nat -A PREROUTING -j UPNPFW
-
+	# This chain only contains dummy rules.
+	/sbin/iptables -N UPNPFW
 
 	# Custom mangle chain (for port fowarding)
 	/sbin/iptables -t mangle -N PORTFWMANGLE
diff --git a/src/initscripts/init.d/miniupnpd b/src/initscripts/init.d/miniupnpd
new file mode 100644
index 0000000000..1fd02a25a8
--- /dev/null
+++ b/src/initscripts/init.d/miniupnpd
@@ -0,0 +1,69 @@
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/miniupnpd
+#
+# Description : Miniupnp daemon
+#
+# Authors     : Michael Tremer <michael.tremer@ipfire.org>
+#
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+if [ ! -e /etc/miniupnpd/id ]; then
+	uuidgen > /etc/miniupnpd/id
+fi
+
+UUID=$(cat /etc/miniupnpd/id)
+
+EXT_DEV=$(cat /var/ipfire/red/iface)
+EXT_IP4=$(cat /var/ipfire/red/local-ipaddress)
+
+. /var/ipfire/ethernet/settings
+
+for i in GREEN_ADDRESS BLUE_ADDRESS; do
+	[ -n "${!i}" ] && LISTEN_IP="${LISTEN_IP} -a ${!i}"
+done
+
+function flush_iptables() {
+	# Flush iptables to remove all entries that were left
+	iptables -F UPNPFW
+	iptables -t nat -F UPNPFW
+}
+
+case "${1}" in
+	start)
+		boot_mesg "Starting miniupnpd..."
+
+		flush_iptables
+
+		loadproc miniupnpd -f /etc/miniupnpd/miniupnpd.conf \
+			-i ${EXT_DEV} -o ${EXT_IP4} ${LISTEN_IP} \
+			-u ${UUID}
+		;;
+
+	stop)
+		boot_mesg "Stopping miniupnpd..."
+		killproc miniupnpd
+
+		flush_iptables
+		;;
+
+	restart)
+		${0} stop
+		sleep 1
+		${0} start
+		;;
+
+	status)
+		statusproc miniupnpd
+		;;
+
+	*)
+		echo "Usage: ${0} {start|stop|restart|status}"
+		exit 1
+		;;
+esac
+
+# End $rc_base/init.d/miniupnpd
diff --git a/src/initscripts/init.d/networking/red.down/10-miniupnpd b/src/initscripts/init.d/networking/red.down/10-miniupnpd
new file mode 100644
index 0000000000..eaf2239e96
--- /dev/null
+++ b/src/initscripts/init.d/networking/red.down/10-miniupnpd
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+[ -x /etc/init.d/miniupnpd ] && \
+	/etc/init.d/miniupnpd stop &>/dev/null
+
+exit 0
diff --git a/src/initscripts/init.d/networking/red.up/10-miniupnpd b/src/initscripts/init.d/networking/red.up/10-miniupnpd
new file mode 100644
index 0000000000..54431331ba
--- /dev/null
+++ b/src/initscripts/init.d/networking/red.up/10-miniupnpd
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+[ -x /etc/init.d/miniupnpd ] && \
+	/etc/init.d/miniupnpd start &>/dev/null
+
+exit 0
diff --git a/src/patches/miniupnpd-iptcrdr.patch b/src/patches/miniupnpd-iptcrdr.patch
new file mode 100644
index 0000000000..677043bdc3
--- /dev/null
+++ b/src/patches/miniupnpd-iptcrdr.patch
@@ -0,0 +1,16 @@
+--- netfilter/iptcrdr.c.old	2010-02-24 14:22:23.000000000 +0100
++++ netfilter/iptcrdr.c	2010-02-24 14:48:00.000000000 +0100
+@@ -20,6 +20,13 @@
+ 
+ #if IPTABLES_143
+ /* IPTABLES API version >= 1.4.3 */
++
++#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); }))
++#define __must_be_array(a) \
++	BUILD_BUG_ON_ZERO(__builtin_types_compatible_p(typeof(a), typeof(&a[0])))
++#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
++#define LIST_POISON2  ((void *) 0x00200200 )
++
+ #include <net/netfilter/nf_nat.h>
+ #define ip_nat_multi_range	nf_nat_multi_range
+ #define ip_nat_range		nf_nat_range