miniupnpd: Add uci-defaults script to migrate UCI config options

Signed-off-by: Self Hosting Group <[email protected]>
openwrt · Jan 6, 2025 · 7d41c7d · 7d41c7d
1 parent 74d20e6
commit 7d41c7d
Show file tree

Hide file tree

Showing 3 changed files with 116 additions and 8 deletions.
diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=miniupnpd
 PKG_VERSION:=2.3.7
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -94,8 +94,10 @@ define Package/miniupnpd/install/Default
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/miniupnpd $(1)/usr/sbin/miniupnpd
 	$(INSTALL_BIN) ./files/miniupnpd.init $(1)/etc/init.d/miniupnpd
+	$(INSTALL_BIN) ./files/upnpd-migration.uci-defaults $(1)/etc/uci-defaults/90-miniupnpd
 	$(INSTALL_CONF) ./files/upnpd.config $(1)/etc/config/upnpd
 	$(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/iface/50-miniupnpd
 endef

diff --git a/net/miniupnpd/files/miniupnpd.init b/net/miniupnpd/files/miniupnpd.init
@@ -31,14 +31,11 @@ conf_rule_add() {
 	local ext_start ext_end int_start int_end comment
 
 	config_get action "$cfg" action "deny"                # allow or deny
-	upnpd_get_port_range "ext" "$cfg" ext_ports "0-65535" # external ports: x, x-y, x:y
+	upnpd_get_port_range "ext" "$cfg" ext_ports "1-65535" # external ports: x, x-y, x:y
 	config_get int_addr "$cfg" int_addr "0.0.0.0/0"       # ip or network and subnet mask (internal)
-	upnpd_get_port_range "int" "$cfg" int_ports "0-65535" # internal ports: x, x-y, x:y or range
+	upnpd_get_port_range "int" "$cfg" int_ports "1-65535" # internal ports: x, x-y, x:y or range
 	config_get comment "$cfg" comment "ACL"		      # comment
 
-	# Make a single IP IP/32 so that miniupnpd.conf can use it.
-	[ "${int_addr%/*}" = "$int_addr" ] && int_addr="$int_addr/32"
-
 	echo "$action $ext_start${ext_end:+-}$ext_end $int_addr $int_start${int_end:+-}$int_end #$comment"
 }
 
@@ -175,8 +172,6 @@ upnpd() {
 
 		[ "$uuid" = "nocli" ] || echo "uuid=$uuid"
 
-		config_foreach conf_rule_add perm_rule
-
 		if [ "$FW" = "fw4" ]; then
 			#When using nftables configure miniupnpd to use its own table and chains
 			echo "upnp_table_name=fw4"
@@ -186,6 +181,8 @@ upnpd() {
 			echo "upnp_nat_postrouting_chain=upnp_postrouting"
 		fi
 
+		config_foreach conf_rule_add perm_rule
+
 		} > "$tmpconf"
 	fi
 

diff --git a/net/miniupnpd/files/upnpd-migration.uci-defaults b/net/miniupnpd/files/upnpd-migration.uci-defaults
@@ -0,0 +1,109 @@
+#!/bin/sh
+
+# Remove clean_ruleset_interval and clean_ruleset_threshold as not standard/working
+uci -q batch 2>/dev/null <<-EOF
+	delete upnpd.config.clean_ruleset_interval
+	delete upnpd.config.clean_ruleset_threshold
+	commit upnpd
+EOF
+
+# Rename enable_nat_pmp to enable_pcp_pmp as upstream
+if uci get upnpd.config.enable_natpmp 2>/dev/null; then
+	enable_pcp_pmp="$(uci get upnpd.config.enable_natpmp 2>/dev/null || echo 1)"
+	uci -q batch 2>/dev/null <<-EOF
+		set upnpd.config.enable_pcp_pmp="$enable_pcp_pmp"
+		delete upnpd.config.enable_natpmp
+		commit upnpd
+	EOF
+fi
+
+# Convert download/upload to kbit/s and rename to *_kbps and update default to interface link speed
+if uci get upnpd.config.download 2>/dev/null || uci get upnpd.config.upload 2>/dev/null; then
+	download="$(uci get upnpd.config.download 2>/dev/null || echo 1024)"
+	if [ "$download" != "1024" ]; then
+		download_kbps="$((download * 8 * 1000 / 1024))"
+		uci -q set upnpd.config.download_kbps="$download_kbps" 2>/dev/null
+	fi
+	upload="$(uci get upnpd.config.upload 2>/dev/null || echo 512)"
+	if [ "$upload" != "512" ]; then
+		upload_kbps="$((upload * 8 * 1000 / 1024))"
+		uci -q set upnpd.config.upload="$upload_kbps" 2>/dev/null
+	fi
+	uci -q batch 2>/dev/null <<-EOF
+		delete upnpd.config.download
+		delete upnpd.config.upload
+		commit upnpd
+	EOF
+fi
+
+# Convert igdv1 boolean to upnp_igd_compat string with value igdv1
+if uci get upnpd.config.igdv1 2>/dev/null; then
+	if [ "$(uci get upnpd.config.igdv1 2>/dev/null || echo 1)" = "1" ]; then
+		upnp_igd_compat=igdv1
+	else
+		upnp_igd_compat=igdv2
+	fi
+	uci -q batch 2>/dev/null <<-EOF
+		set upnpd.config.upnp_igd_compat="$upnp_igd_compat"
+		delete upnpd.config.igdv1
+		commit upnpd
+	EOF
+fi
+
+# Rename and invert secure_mode to allow_third_party_mapping
+if uci get upnpd.config.secure_mode 2>/dev/null; then
+	if [ "$(uci get upnpd.config.secure_mode 2>/dev/null || echo 1)" = "0" ]; then
+		allow_third_party_mapping=1
+	else
+		allow_third_party_mapping=0
+	fi
+	uci -q batch 2>/dev/null <<-EOF
+		set upnpd.config.allow_third_party_mapping="$allow_third_party_mapping"
+		delete upnpd.config.secure_mode
+		commit upnpd
+	EOF
+fi
+
+# Remove port if UCI default
+if [ "$(uci get upnpd.config.port 2>/dev/null)" = "5000" ]; then
+	uci -q batch 2>/dev/null <<-EOF
+		delete upnpd.config.port
+		commit upnpd
+	EOF
+fi
+
+# Update access control list defaults
+if [ "$(uci get upnpd.@perm_rule[0].action)" = "allow" ] &&
+[ "$(uci get upnpd.@perm_rule[0].ext_ports)" = "1024-65535" ] &&
+[ "$(uci get upnpd.@perm_rule[0].int_addr)" = "0.0.0.0/0" ] &&
+[ "$(uci get upnpd.@perm_rule[0].int_ports)" = "1024-65535" ] &&
+[ "$(uci get upnpd.@perm_rule[1].action)" = "deny" ] &&
+[ "$(uci get upnpd.@perm_rule[1].ext_ports)" = "0-65535" ] &&
+[ "$(uci get upnpd.@perm_rule[1].int_addr)" = "0.0.0.0/0" ] &&
+[ "$(uci get upnpd.@perm_rule[1].int_ports)" = "0-65535" ] &&
+[ "$(uci get upnpd.@perm_rule[2] 2>/dev/null)" != "perm_rule" ]; then
+	uci -q batch 2>/dev/null <<-EOF
+		set upnpd.@perm_rule[0]=perm_rule
+		set upnpd.@perm_rule[0].action='allow'
+		set upnpd.@perm_rule[0].ext_ports='1024-65535'
+		set upnpd.@perm_rule[0].int_addr='0.0.0.0/0'
+		set upnpd.@perm_rule[0].int_ports='1024-65535'
+		set upnpd.@perm_rule[0].comment='Allow high ports'
+		set upnpd.@perm_rule[1]=perm_rule
+		set upnpd.@perm_rule[1].action='deny'
+		set upnpd.@perm_rule[1].ext_ports='1-1023'
+		set upnpd.@perm_rule[1].int_addr='0.0.0.0/0'
+		set upnpd.@perm_rule[1].int_ports='1-1023'
+		set upnpd.@perm_rule[1].comment='Low ports'
+		add upnpd perm_rule
+		set upnpd.@perm_rule[2]=perm_rule
+		set upnpd.@perm_rule[2].action='deny'
+		set upnpd.@perm_rule[2].ext_ports='1-65535'
+		set upnpd.@perm_rule[2].int_addr='0.0.0.0/0'
+		set upnpd.@perm_rule[2].int_ports='1-65535'
+		set upnpd.@perm_rule[2].comment='Deny by default'
+		commit upnpd
+	EOF
+fi
+
+exit 0