mirror/feed_opensource
1
0
Fork 0
mirror of https://gitlab.com/prpl-foundation/prplos/feeds/feed_opensource.git synced 2025-12-20 01:20:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Issue: HOP-4159 [miniupnpd] Use forked git repo iso patches

Browse Source 
GitOrigin-RevId: 0682a5fcd679f1c374d6d75e5fcfb436190d5aaf
This commit is contained in:
sahbot
2023-08-21 10:11:31 +02:00
committed by Matthias FRANCK
parent ddef833f06
commit 16c2ad994c
4 changed files with 6 additions and 865 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
packages/net/miniupnpd/Makefile
View File

@@ -8,12 +8,15 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=miniupnpd
PKG_VERSION:=2.3.3
PKG_RELEASE:=1
PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files
PKG_VERSION:=gen_miniupnpd_2_3_3_v0.1.1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_HASH:=6fd7019f936ff88c41e7c822f46f10b51bd72d665978f6586483de75b30c36bf
PKG_SOURCE_URL:=https://gitlab.com/soft.at.home/forks/miniupnpd/-/archive/$(PKG_VERSION)
PKG_HASH:=7707e2500f8c2044442229e0319c61fe5125863df090eb0a6795035aa63e9216
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
UNPACK_CMD=$(HOST_TAR) -xf "$(DL_DIR)/$(PKG_SOURCE)" -C $(PKG_BUILD_DIR) --strip-components=2 $(PKG_NAME)-$(PKG_VERSION)/miniupnpd
PKG_MAINTAINER:=
PKG_LICENSE:=BSD-3-Clause

802
packages/net/miniupnpd/patches/0001-Add-amx-as-a-firewall.patch
View File

@@ -1,802 +0,0 @@
From bcad293e03a18f6fbab9d4e83b0c96b2921205ac Mon Sep 17 00:00:00 2001
From: Matteo Ferretti di Castelferretto
<matteo.ferrettidicastelferretto_ext@softathome.com>
Date: Tue, 10 May 2023 17:56:32 +0200
Subject: [PATCH] Add-amx-as-a-firewall
---
Makefile.linux_amx | 203 ++++++++++++++++++++++
amx/amxrdr.c | 408 +++++++++++++++++++++++++++++++++++++++++++++
amx/amxrdr.h | 95 +++++++++++
configure | 11 ++
upnpredirect.c | 3 +
upnpstun.c | 3 +
6 files changed, 723 insertions(+)
create mode 100644 miniupnpd/Makefile.linux_amx
create mode 100644 miniupnpd/amx/amxrdr.c
create mode 100644 miniupnpd/amx/amxrdr.h
diff --git a/Makefile.linux_amx b/Makefile.linux_amx
new file mode 100644
index 0000000..a2bf61d
--- /dev/null
+++ b/Makefile.linux_amx
@@ -0,0 +1,203 @@
+# $Id: Makefile.linux,v 1.108 2020/06/06 17:52:31 nanard Exp $
+# MiniUPnP project
+# (c) 2006-2020 Thomas Bernard
+# http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
+# Author : Thomas Bernard
+# for use with GNU Make
+#
+# options can be passed to configure through CONFIG_OPTIONS :
+# $ CONFIG_OPTIONS="--ipv6 --igd2" make
+#
+# To install use :
+# $ DESTDIR=/dummyinstalldir make install
+# or :
+# $ INSTALLPREFIX=/usr/local make install
+# or :
+# $ make install
+# (default INSTALLPREFIX is /usr)
+#
+# if your system hasn't iptables libiptc headers and binary correctly
+# installed, you need to get iptables sources from http://netfilter.org/
+# ./configure them and build them then miniupnpd will build using :
+# $ IPTABLESPATH=/path/to/iptables-1.4.1 make
+#
+CONFIG_OPTIONS ?= $(cat .configure.cache)
+CONFIG_OPTIONS += --firewall=amx
+#CFLAGS = -O -g -DDEBUG
+CFLAGS ?= -Os
+#CFLAGS += -fno-strict-aliasing
+#CFLAGS += -fno-common
+#CFLAGS += -fstack-protector -fPIE
+#CFLAGS += -D_FORTIFY_SOURCE=2
+CPPFLAGS += -D_GNU_SOURCE
+CFLAGS += -Wall
+CFLAGS += -Wextra -Wstrict-prototypes -Wdeclaration-after-statement
+#CFLAGS += -Wno-missing-field-initializers
+#CFLAGS += -ansi # iptables headers does use typeof which is a gcc extension
+LDFLAGS ?= -Wl,-z,now -Wl,-z,relro -pie
+CC ?= gcc
+RM = rm -f
+INSTALL = install
+STRIP ?= strip
+PKG_CONFIG ?= pkg-config
+CP = cp
+DOXYGEN ?= doxygen
+
+DEPFLAGS = -MM -MG -MT $(patsubst %.d,%.o,$@) -MT $@
+# -M : with system headers, -MM : without
+
+INSTALLPREFIX ?= $(PREFIX)/usr
+SBININSTALLDIR = $(INSTALLPREFIX)/sbin
+ETCINSTALLDIR = $(PREFIX)/etc/miniupnpd
+MANINSTALLDIR = $(INSTALLPREFIX)/share/man/man8
+
+include config.mk
+include $(SRCDIR)/gitrev.mk
+include $(SRCDIR)/objects.mk
+
+# sources in amx/ directory
+AMXOBJS = amxrdr.o
+
+ALLOBJS = $(BASEOBJS) $(LNXOBJS) $(AMXOBJS)
+
+DEP = $(ALLOBJS:.o=.d)
+
+ifneq ($(IPTABLES_PCFILE_FOUND),1)
+
+ifeq "$(wildcard /etc/gentoo-release )" ""
+LDLIBS ?= -liptc
+else # gentoo
+# the following is better, at least on gentoo with iptables 1.4.6
+# see http://miniupnp.tuxfamily.org/forum/viewtopic.php?p=1618
+# and http://miniupnp.tuxfamily.org/forum/viewtopic.php?p=2183
+LDLIBS ?= -lip4tc
+CPPFLAGS := -DIPTABLES_143 $(CPPFLAGS)
+endif
+
+endif # ifneq ($(IPTABLES_PCFILE_FOUND),1)
+
+#LDLIBS += -lnfnetlink
+
+# OpenWrt packager disables https server for IGD v2 and hardcodes libuuid support
+ifeq ($(TARGET_OPENWRT),)
+LDLIBS += $(shell $(PKG_CONFIG) --static --libs-only-l libssl)
+
+TEST := $(shell $(PKG_CONFIG) --exists uuid && echo 1)
+ifeq ($(TEST),1)
+LDLIBS += $(shell $(PKG_CONFIG) --static --libs-only-l uuid)
+else
+$(info please install uuid-dev package / libuuid)
+endif # ($(TEST),1)
+endif # ($(TARGET_OPENWRT,)
+
+GLIBC_VERSION := $(shell ldd --version | head -n 1 | sed 's/^.* //')
+GLIBC_VERSION_MAJOR = $(shell echo $(GLIBC_VERSION) | cut -f 1 -d . )
+GLIBC_VERSION_MINOR = $(shell echo $(GLIBC_VERSION) | cut -f 2 -d . )
+# clock_gettime() needs -lrt when glibc version < 2.17
+LDLIBS += $(shell if [ $(GLIBC_VERSION_MAJOR) -lt 2 ] \
+ || [ \( $(GLIBC_VERSION_MAJOR) -eq 2 \) -a \( $(GLIBC_VERSION_MINOR) -lt 17 \) ] ; \
+ then echo "-lrt" ; fi )
+
+TESTUPNPDESCGENOBJS = testupnpdescgen.o upnpdescgen.o
+
+EXECUTABLES = miniupnpd testupnpdescgen testgetifstats \
+ testupnppermissions miniupnpdctl testgetifaddr \
+ testgetroute testasyncsendto testportinuse \
+ testssdppktgen testminissdp
+
+.PHONY: all clean install depend dox
+
+all: $(EXECUTABLES)
+
+clean:
+ $(RM) config.h
+ $(RM) $(ALLOBJS)
+ $(RM) $(DEP)
+ $(RM) $(EXECUTABLES)
+ $(RM) testupnpdescgen.o testgetifstats.o
+ $(RM) testupnppermissions.o testgetifaddr.o
+ $(RM) testgetroute.o testasyncsendto.o
+ $(RM) testportinuse.o
+ $(RM) testminissdp.o
+ $(RM) testssdppktgen.o
+ $(RM) miniupnpdctl.o
+ $(RM) validateupnppermissions validategetifaddr validatessdppktgen
+ $(RM) -r dox/
+
+install: miniupnpd $(SRCDIR)/miniupnpd.8 miniupnpd.conf \
+ $(SRCDIR)/linux/miniupnpd.init.d.script
+ $(STRIP) miniupnpd
+ $(INSTALL) -d $(DESTDIR)$(SBININSTALLDIR)
+ $(INSTALL) miniupnpd $(DESTDIR)$(SBININSTALLDIR)
+ $(INSTALL) -d $(DESTDIR)$(ETCINSTALLDIR)
+ $(INSTALL) --mode=0644 -b $(SRCDIR)/miniupnpd.conf $(DESTDIR)$(ETCINSTALLDIR)
+ $(INSTALL) -d $(DESTDIR)$(PREFIX)/etc/init.d
+ $(INSTALL) $(SRCDIR)/linux/miniupnpd.init.d.script $(DESTDIR)$(PREFIX)/etc/init.d/miniupnpd
+ $(INSTALL) -d $(DESTDIR)$(MANINSTALLDIR)
+ $(INSTALL) --mode=0644 $(SRCDIR)/miniupnpd.8 $(DESTDIR)$(MANINSTALLDIR)
+ gzip -f $(DESTDIR)$(MANINSTALLDIR)/miniupnpd.8
+
+# genuuid is using the uuidgen CLI tool which is part of libuuid
+# from the e2fsprogs
+# 'cat /proc/sys/kernel/random/uuid' could be also used
+miniupnpd.conf: $(SRCDIR)/miniupnpd.conf
+ifeq ($(TARGET_OPENWRT),)
+ sed -e "s/^uuid=[-0-9a-f]*/uuid=`(genuuid||uuidgen||uuid) 2>/dev/null`/" $< > $@.tmp
+else
+ sed -e "s/^uuid=[-0-9a-f]*/uuid=`($(STAGING_DIR_HOST)/bin/genuuid||$(STAGING_DIR_HOST)/bin/uuidgen||$(STAGING_DIR_HOST)/bin/uuid) 2>/dev/null`/" $< > $@.tmp
+endif
+ mv $@.tmp $@
+
+include $(SRCDIR)/check.mk
+
+miniupnpd: $(BASEOBJS) $(LNXOBJS) $(AMXOBJS)
+
+testupnpdescgen: $(TESTUPNPDESCGENOBJS)
+
+testgetifstats: testgetifstats.o getifstats.o
+
+testupnppermissions: testupnppermissions.o upnppermissions.o
+
+testgetifaddr: testgetifaddr.o getifaddr.o
+
+testgetroute: testgetroute.o getroute.o upnputils.o
+
+testssdppktgen: testssdppktgen.o
+
+testasyncsendto: testasyncsendto.o asyncsendto.o upnputils.o \
+ getroute.o
+
+testportinuse: testportinuse.o portinuse.o getifaddr.o
+
+testminissdp: testminissdp.o minissdp.o upnputils.o upnpglobalvars.o \
+ asyncsendto.o getroute.o
+
+
+miniupnpdctl: miniupnpdctl.o
+
+config.mk config.h: $(SRCDIR)/configure $(SRCDIR)/VERSION
+ $(SHELL) $< $(CONFIG_OPTIONS)
+
+depend: $(DEP)
+
+%.d: $(SRCDIR)/%.c
+ $(CC) $(CPPFLAGS) $(DEPFLAGS) -o $@ $<
+
+dox: $(SRCDIR)/miniupnpd.doxyconf
+ (cat $< ; echo "INPUT=$(SRCDIR)" ) | $(DOXYGEN) -
+
+%.o: $(SRCDIR)/%.c
+ $(CC) -c $(CFLAGS) $(CPPFLAGS) $< -o $@
+
+%.o: $(SRCDIR)/linux/%.c
+ $(CC) -c $(CFLAGS) $(CPPFLAGS) $< -o $@
+
+%.o: $(SRCDIR)/amx/%.c
+ $(CC) -c $(CFLAGS) $(CPPFLAGS) $< -o $@
+
+print-%:
+ @echo "$* = $($*)"
+
+ifneq ($(MAKECMDGOALS),clean)
+-include $(DEP)
+endif
diff --git a/amx/amxrdr.c b/amx/amxrdr.c
new file mode 100644
index 0000000..5c67729
--- /dev/null
+++ b/amx/amxrdr.c
@@ -0,0 +1,408 @@
+/****************************************************************************
+**
+** SPDX-License-Identifier: BSD-2-Clause-Patent
+**
+** SPDX-FileCopyrightText: Copyright (c) 2023 SoftAtHome
+**
+** Redistribution and use in source and binary forms, with or
+** without modification, are permitted provided that the following
+** conditions are met:
+**
+** 1. Redistributions of source code must retain the above copyright
+** notice, this list of conditions and the following disclaimer.
+**
+** 2. Redistributions in binary form must reproduce the above
+** copyright notice, this list of conditions and the following
+** disclaimer in the documentation and/or other materials provided
+** with the distribution.
+**
+** Subject to the terms and conditions of this license, each
+** copyright holder and contributor hereby grants to those receiving
+** rights under this license a perpetual, worldwide, non-exclusive,
+** no-charge, royalty-free, irrevocable (except for failure to
+** satisfy the conditions of this license) patent license to make,
+** have made, use, offer to sell, sell, import, and otherwise
+** transfer this software, where such license applies only to those
+** patent claims, already acquired or hereafter acquired, licensable
+** by such copyright holder or contributor that are necessarily
+** infringed by:
+**
+** (a) their Contribution(s) (the licensed copyrights of copyright
+** holders and non-copyrightable additions of contributors, in
+** source or binary form) alone; or
+**
+** (b) combination of their Contribution(s) with the work of
+** authorship to which such Contribution(s) was added by such
+** copyright holder or contributor, if, at the time the Contribution
+** is added, such addition causes such combination to be necessarily
+** infringed. The patent license shall not apply to any other
+** combinations which include the Contribution.
+**
+** Except as expressly stated above, no rights or licenses from any
+** copyright holder or contributor is granted under this license,
+** whether expressly, by implication, estoppel or otherwise.
+**
+** DISCLAIMER
+**
+** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+** CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+** INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+** MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+** DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR
+** CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+** LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+** USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+** AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+** LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+** ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+** POSSIBILITY OF SUCH DAMAGE.
+**
+****************************************************************************/
+
+#include <syslog.h>
+#include <string.h>
+#include <stdlib.h>
+#include <amxc/amxc.h>
+#include <amxp/amxp.h>
+#include <amxd/amxd_object.h>
+#include <amxb/amxb.h>
+#include "config.h"
+#include "../macros.h"
+#include "../upnpglobalvars.h"
+
+time_t upnp_time(void);
+
+amxb_bus_ctx_t* bus_ctx = NULL;
+bool state_add_rdr = false;
+
+static const char* proto_itoa(int proto) {
+ const char* protocol;
+ switch(proto) {
+ case IPPROTO_UDP:
+ protocol = "UDP";
+ break;
+ case IPPROTO_TCP:
+ protocol = "TCP";
+ break;
+#ifdef IPPROTO_UDPLITE
+ case IPPROTO_UDPLITE:
+ protocol = "UDPLITE";
+ break;
+#endif /* IPPROTO_UDPLITE */
+ default:
+ protocol = "*UNKNOWN*";
+ }
+ return protocol;
+}
+
+/* proto_atoi()
+ * convert the string "UDP" or "TCP" to IPPROTO_UDP and IPPROTO_UDP */
+static int proto_atoi(const char* protocol) {
+ int proto = IPPROTO_TCP;
+ if(strcasecmp(protocol, "UDP") == 0) {
+ proto = IPPROTO_UDP;
+ }
+#ifdef IPPROTO_UDPLITE
+ else if(strcasecmp(protocol, "UDPLITE") == 0) {
+ proto = IPPROTO_UDPLITE;
+ }
+#endif /* IPPROTO_UDPLITE */
+ return proto;
+}
+
+int init_redirect(void) {
+ int r = -1;
+ r = amxb_be_load("/usr/bin/mods/amxb/mod-amxb-ubus.so");
+ if(r == 0) {
+ r = amxb_connect(&bus_ctx, "ubus:/var/run/ubus.sock");
+ }
+ return r;
+}
+
+void shutdown_redirect(void) {
+ amxb_disconnect(bus_ctx);
+ return;
+}
+
+int add_redirect_rule2(const char* ifname, const char* rhost,
+ unsigned short eport, const char* iaddr, unsigned short iport,
+ int proto, const char* desc, unsigned int timestamp) {
+ int r = -1;
+ amxc_var_t rule;
+ amxc_var_t ret;
+ unsigned int lease_duration;
+
+ (void) ifname;
+ lease_duration = (timestamp > 0) ? timestamp - upnp_time() : 0;
+ amxc_var_init(&rule);
+ amxc_var_init(&ret);
+ amxc_var_set_type(&rule, AMXC_VAR_ID_HTABLE);
+ amxc_var_add_key(bool, &rule, "Enable", true);
+ amxc_var_add_key(cstring_t, &rule, "Interface", "IP.Interface.2.");
+ amxc_var_add_key(cstring_t, &rule, "RemoteHost", rhost);
+ amxc_var_add_key(cstring_t, &rule, "InternalClient", iaddr);
+ amxc_var_add_key(uint16_t, &rule, "ExternalPort", eport);
+ amxc_var_add_key(uint16_t, &rule, "InternalPort", iport);
+ amxc_var_add_key(cstring_t, &rule, "Protocol", proto_itoa(proto));
+ amxc_var_add_key(uint32_t, &rule, "LeaseDuration", lease_duration);
+ amxc_var_add_key(cstring_t, &rule, "Description", desc);
+ amxb_add(bus_ctx, "NAT.PortMapping.", 0, NULL, &rule, &ret, 1);
+ if(GETI_ARG(&ret, 0) != NULL) {
+ r = 0;
+ }
+ amxc_var_clean(&rule);
+ amxc_var_clean(&ret);
+ if(r == 0) {
+ state_add_rdr = true;
+ }
+ syslog(LOG_WARNING, "redirecting port %hu to %s:%hu protocol %s for %s: %d", eport, iaddr, iport, proto_itoa(proto), desc, r);
+ return r;
+}
+
+/* get_redirect_rule()
+ * return value : 0 success (found)
+ * -1 = error or rule not found */
+int get_redirect_rule(const char* ifname, unsigned short eport, int proto,
+ char* iaddr, int iaddrlen, unsigned short* iport,
+ char* desc, int desclen,
+ char* rhost, int rhostlen,
+ unsigned int* timestamp,
+ u_int64_t* packets, u_int64_t* bytes) {
+ int r = -1;
+ amxc_var_t ret;
+ amxc_var_t* tmp;
+ amxc_string_t rule;
+
+ (void) ifname;
+ (void) packets;
+ (void) bytes;
+ amxc_var_init(&ret);
+ amxc_string_init(&rule, 0);
+ amxc_string_appendf(&rule, "NAT.PortMapping.[Protocol == \"%s\" && ExternalPort == %hu].", proto_itoa(proto), eport);
+ amxb_get(bus_ctx, amxc_string_get(&rule, 0), 0, &ret, 1);
+ tmp = GETP_ARG(&ret, "0.0.");
+ if(tmp != NULL) {
+ amxc_var_log(tmp);
+ r = 0;
+ *iport = (uint16_t) GET_UINT32(tmp, "InternalPort");
+ if(iaddr) {
+ strncpy(iaddr, GET_CHAR(tmp, "InternalClient"), iaddrlen);
+ }
+ if(desc) {
+ strncpy(desc, GET_CHAR(tmp, "Description"), desclen);
+ }
+ if(timestamp) {
+ *timestamp = GET_UINT32(tmp, "LeaseDuration");
+ }
+ if(rhost) {
+ strncpy(rhost, GET_CHAR(tmp, "RemoteHost"), rhostlen);
+ }
+ }
+ amxc_var_clean(&ret);
+ amxc_string_clean(&rule);
+ syslog(LOG_WARNING, "get_redirect_rule: %d", r);
+ return r;
+}
+
+
+int get_redirect_rule_by_index(int index,
+ char* ifname, unsigned short* eport,
+ char* iaddr, int iaddrlen, unsigned short* iport,
+ int* proto, char* desc, int desclen,
+ char* rhost, int rhostlen,
+ unsigned int* timestamp,
+ u_int64_t* packets, u_int64_t* bytes) {
+ int rv = -1;
+ int i = 0;
+ amxc_var_t ret;
+ amxc_string_t rule;
+
+ (void) ifname;
+ (void) packets;
+ (void) bytes;
+ amxc_var_init(&ret);
+ amxc_string_init(&rule, 0);
+ amxc_string_appendf(&rule, "NAT.PortMapping.*.");
+ amxb_get(bus_ctx, amxc_string_get(&rule, 0), 0, &ret, 1);
+ amxc_var_for_each(r, GETP_ARG(&ret, "0.")) {
+ if(index == i) {
+ rv = 0;
+ *iport = (uint16_t) GET_UINT32(r, "InternalPort");
+ *eport = (uint16_t) GET_UINT32(r, "ExternalPort");
+ *proto = proto_atoi(GET_CHAR(r, "Protocol"));
+ if(iaddr) {
+ strncpy(iaddr, GET_CHAR(r, "InternalClient"), iaddrlen);
+ }
+ if(desc) {
+ strncpy(desc, GET_CHAR(r, "Description"), desclen);
+ }
+ if(timestamp) {
+ *timestamp = GET_UINT32(r, "LeaseDuration");
+ }
+ if(rhost) {
+ strncpy(rhost, GET_CHAR(r, "RemoteHost"), rhostlen);
+ }
+ break;
+ }
+ ++i;
+ }
+ amxc_string_clean(&rule);
+ amxc_var_clean(&ret);
+ syslog(LOG_WARNING, "get_redirect_rule_by_index: %d", rv);
+ return rv;
+}
+
+int delete_redirect_rule(const char* ifname, unsigned short eport, int proto) {
+ int r = -1;
+ amxc_string_t rule;
+ amxc_var_t ret;
+ const char* alias;
+
+ (void) ifname;
+ amxc_var_init(&ret);
+ amxc_string_init(&rule, 0);
+ amxc_string_appendf(&rule, "NAT.PortMapping.[Protocol == \"%s\" && ExternalPort == %hu].", proto_itoa(proto), eport);
+ amxb_del(bus_ctx, amxc_string_get(&rule, 0), 0, NULL, &ret, 1);
+ alias = GETI_CHAR(&ret, 0);
+ if(alias && (alias[0] != '\0')) {
+ r = 0;
+ }
+ amxc_string_clean(&rule);
+ amxc_var_clean(&ret);
+ syslog(LOG_WARNING, "delete_redirect_rule: %d", r);
+ return r;
+}
+
+int add_filter_rule2(const char* ifname, const char* rhost,
+ const char* iaddr, unsigned short eport, unsigned short iport,
+ int proto, const char* desc) {
+ int r = -1;
+ (void) ifname;
+ (void) rhost;
+ (void) iaddr;
+ (void) eport;
+ (void) iport;
+ (void) proto;
+ (void) desc;
+ if(state_add_rdr) {
+ r = 0;
+ state_add_rdr = false;
+ } else {
+ //Add filter rule with amx
+ }
+ syslog(LOG_WARNING, "add_filter_rule2: %d", r);
+ return r;
+}
+
+int delete_filter_rule(const char* ifname, unsigned short eport, int proto) {
+ (void) ifname;
+ (void) eport;
+ (void) proto;
+ syslog(LOG_WARNING, "delete_filter_rule: not implemented");
+ return 0;
+}
+
+unsigned short*
+get_portmappings_in_range(unsigned short startport, unsigned short endport,
+ int proto, unsigned int* number) {
+ unsigned short* array = NULL;
+ unsigned short* tmp;
+ unsigned int capacity = 0;
+ unsigned short eport;
+ amxc_var_t rules;
+
+ *number = 0;
+ amxc_var_init(&rules);
+ amxb_get(bus_ctx, "NAT.PortMapping.", 0, &rules, 1);
+ amxc_var_for_each(rule, &rules) {
+ eport = GET_UINT32(rule, "ExternalPort");
+ if((proto == proto_atoi(GET_CHAR(rule, "Protocol"))) &&
+ (eport >= startport) && (eport <= endport)) {
+ if(*number >= capacity) {
+ capacity += 128;
+ tmp = realloc(array, capacity * sizeof(*array));
+ if(!tmp) {
+ syslog(LOG_ERR, "get_portmappings_in_range() : realloc(%u) error",
+ (unsigned) sizeof(unsigned short) * capacity);
+ *number = 0;
+ free(array);
+ array = NULL;
+ break;
+ }
+ array = tmp;
+ }
+ array[*number] = eport;
+ ++(*number);
+ }
+ }
+ amxc_var_clean(&rules);
+ syslog(LOG_WARNING, "get_portmappings_in_range: %d", *number);
+ return array;
+}
+
+int update_portmapping(const char* ifname, unsigned short eport, int proto,
+ unsigned short iport, const char* desc,
+ unsigned int timestamp) {
+ int r = -1;
+ amxc_var_t rule;
+ amxc_var_t ret;
+ amxc_string_t rule_path;
+ unsigned int lease_duration;
+
+ (void) ifname;
+ amxc_var_init(&ret);
+ amxc_string_init(&rule_path, 0);
+ amxc_string_appendf(&rule_path, "NAT.PortMapping.[Protocol == \"%s\" && ExternalPort == %hu].", proto_itoa(proto), eport);
+ lease_duration = (timestamp > 0) ? timestamp - upnp_time() : 0;
+ amxc_var_init(&rule);
+ amxc_var_init(&ret);
+ amxc_var_set_type(&rule, AMXC_VAR_ID_HTABLE);
+ amxc_var_add_key(uint16_t, &rule, "InternalPort", iport);
+ amxc_var_add_key(uint32_t, &rule, "LeaseDuration", lease_duration);
+ amxc_var_add_key(cstring_t, &rule, "Description", desc);
+ amxb_set(bus_ctx, amxc_string_get(&rule_path, 0), &rule, &ret, 1);
+ if(GETP_ARG(&ret, "0.0.") != NULL) {
+ r = 0;
+ }
+ amxc_string_clean(&rule_path);
+ amxc_var_clean(&rule);
+ amxc_var_clean(&ret);
+ syslog(LOG_ERR, "update_portmapping: %d", r);
+ return r;
+}
+
+int update_portmapping_desc_timestamp(const char* ifname,
+ unsigned short eport, int proto,
+ const char* desc, unsigned int timestamp) {
+ int r = -1;
+ amxc_var_t rule;
+ amxc_var_t ret;
+ amxc_string_t rule_path;
+ unsigned int lease_duration;
+
+ (void) ifname;
+ amxc_var_init(&ret);
+ amxc_string_appendf(&rule_path, "NAT.PortMapping.[Protocol == \"%s\" && ExternalPort == %hu].", proto_itoa(proto), eport);
+ lease_duration = (timestamp > 0) ? timestamp - upnp_time() : 0;
+ amxc_var_init(&rule);
+ amxc_var_init(&ret);
+ amxc_var_set_type(&rule, AMXC_VAR_ID_HTABLE);
+ amxc_var_add_key(uint32_t, &rule, "LeaseDuration", lease_duration);
+ amxc_var_add_key(cstring_t, &rule, "Description", desc);
+ amxb_set(bus_ctx, amxc_string_get(&rule_path, 0), &rule, &ret, 1);
+ amxc_var_log(&ret);
+ amxc_string_clean(&rule_path);
+ amxc_var_clean(&rule);
+ amxc_var_clean(&ret);
+ syslog(LOG_ERR, "update_portmapping_desc_timestamp: %d", r);
+ return r;
+}
+
+int delete_redirect_and_filter_rules(unsigned short eport, int proto) {
+ int r = 0;
+
+ r += delete_redirect_rule(NULL, eport, proto);
+ syslog(LOG_WARNING, "delete_redirect_and_filter_rules: %d", r);
+ return r;
+}
diff --git a/amx/amxrdr.h b/amx/amxrdr.h
new file mode 100644
index 0000000..bd4605a
--- /dev/null
+++ b/amx/amxrdr.h
@@ -0,0 +1,95 @@
+/****************************************************************************
+**
+** SPDX-License-Identifier: BSD-2-Clause-Patent
+**
+** SPDX-FileCopyrightText: Copyright (c) 2023 SoftAtHome
+**
+** Redistribution and use in source and binary forms, with or
+** without modification, are permitted provided that the following
+** conditions are met:
+**
+** 1. Redistributions of source code must retain the above copyright
+** notice, this list of conditions and the following disclaimer.
+**
+** 2. Redistributions in binary form must reproduce the above
+** copyright notice, this list of conditions and the following
+** disclaimer in the documentation and/or other materials provided
+** with the distribution.
+**
+** Subject to the terms and conditions of this license, each
+** copyright holder and contributor hereby grants to those receiving
+** rights under this license a perpetual, worldwide, non-exclusive,
+** no-charge, royalty-free, irrevocable (except for failure to
+** satisfy the conditions of this license) patent license to make,
+** have made, use, offer to sell, sell, import, and otherwise
+** transfer this software, where such license applies only to those
+** patent claims, already acquired or hereafter acquired, licensable
+** by such copyright holder or contributor that are necessarily
+** infringed by:
+**
+** (a) their Contribution(s) (the licensed copyrights of copyright
+** holders and non-copyrightable additions of contributors, in
+** source or binary form) alone; or
+**
+** (b) combination of their Contribution(s) with the work of
+** authorship to which such Contribution(s) was added by such
+** copyright holder or contributor, if, at the time the Contribution
+** is added, such addition causes such combination to be necessarily
+** infringed. The patent license shall not apply to any other
+** combinations which include the Contribution.
+**
+** Except as expressly stated above, no rights or licenses from any
+** copyright holder or contributor is granted under this license,
+** whether expressly, by implication, estoppel or otherwise.
+**
+** DISCLAIMER
+**
+** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+** CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+** INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+** MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+** DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR
+** CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+** LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+** USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+** AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+** LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+** ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+** POSSIBILITY OF SUCH DAMAGE.
+**
+****************************************************************************/
+#ifndef AMXRDR_H_INCLUDED
+#define AMXRDR_H_INCLUDED
+
+#include <sys/types.h>
+#include "../commonrdr.h"
+
+int
+add_redirect_rule2(const char * ifname, const char * rhost, unsigned short eport,
+ const char * iaddr, unsigned short iport, int proto,
+ const char * desc, unsigned int timestamp);
+
+int
+add_filter_rule2(const char * ifname, const char * rhost, const char * iaddr,
+ unsigned short eport, unsigned short iport,
+ int proto, const char * desc);
+
+
+/* delete_redirect_rule()
+ */
+int
+delete_redirect_rule(const char * ifname, unsigned short eport, int proto);
+
+/* delete_filter_rule()
+ */
+int
+delete_filter_rule(const char * ifname, unsigned short eport, int proto);
+
+int
+clear_redirect_rules(void);
+
+int delete_redirect_and_filter_rules(unsigned short eport, int proto);
+
+#endif
+
diff --git a/configure b/configure
index 41144b9..08816e2 100755
--- a/configure
+++ b/configure
@@ -439,6 +439,9 @@ case $OS_NAME in
OS_URL=http://www.openwrt.org/
echo "#define USE_IFACEWATCHER 1" >> ${CONFIGFILE}
GETIFADDRS=1
+ if [ -z "$FW" ] ; then
+ FW=iptables
+ fi
;;
OpenEmbedded)
OS_URL=http://www.openembedded.org/
@@ -589,6 +592,14 @@ case $FW in
echo "#undef IPTABLES_143" >> ${CONFIGFILE}
fi
;;
+ amx)
+ MAKEFILE=Makefile.linux_amx
+ echo "#define USE_AMX 1" >> ${CONFIGFILE}
+ echo "# generated by $0 on `date`" > config.mk
+ echo "SRCDIR = ${BASEDIR}" >> config.mk
+ echo "CPPFLAGS += -I." >> config.mk
+ echo "LDLIBS += -lamxc -lamxp -lamxd -lamxb -lamxo" >> config.mk
+ ;;
nftables)
MAKEFILE=Makefile.linux_nft
echo "#define USE_NETFILTER 1" >> ${CONFIGFILE}
diff --git a/upnpredirect.c b/upnpredirect.c
index 272a981..65d6508 100644
--- a/upnpredirect.c
+++ b/upnpredirect.c
@@ -38,6 +38,9 @@
#if defined(USE_IPFW)
#include "ipfw/ipfwrdr.h"
#endif
+#if defined(USE_AMX)
+#include "amx/amxrdr.h"
+#endif
#ifdef USE_MINIUPNPDCTL
#include <stdio.h>
#include <unistd.h>
diff --git a/upnpstun.c b/upnpstun.c
index f1b03f3..7e9c957 100644
--- a/upnpstun.c
+++ b/upnpstun.c
@@ -39,6 +39,9 @@
#if defined(USE_IPFW)
#include "ipfw/ipfwrdr.h"
#endif
+#if defined(USE_AMX)
+#include "amx/amxrdr.h"
+#endif
#ifdef TEST_LINUX_DEBUG_APP
static int add_filter_rule2(const char *ifname, const char *rhost, const char *iaddr, unsigned short eport, unsigned short iport, int proto, const char *desc);
--
2.34.1

24
packages/net/miniupnpd/patches/200-remove-default-cflags.patch
View File

@@ -1,24 +0,0 @@
--- a/Makefile.linux
+++ b/Makefile.linux
@@ -25,16 +25,16 @@ CONFIG_OPTIONS ?= $(cat .configure.cache
CONFIG_OPTIONS += --firewall=iptables
#CFLAGS = -O -g -DDEBUG
CFLAGS ?= -Os
-CFLAGS += -fno-strict-aliasing
-CFLAGS += -fno-common
-CFLAGS += -fstack-protector -fPIE
-CFLAGS += -D_FORTIFY_SOURCE=2
+#CFLAGS += -fno-strict-aliasing
+#CFLAGS += -fno-common
+#CFLAGS += -fstack-protector -fPIE
+#CFLAGS += -D_FORTIFY_SOURCE=2
CPPFLAGS += -D_GNU_SOURCE
CFLAGS += -Wall
CFLAGS += -Wextra -Wstrict-prototypes -Wdeclaration-after-statement
#CFLAGS += -Wno-missing-field-initializers
#CFLAGS += -ansi # iptables headers does use typeof which is a gcc extension
-LDFLAGS += -Wl,-z,now -Wl,-z,relro -pie
+LDFLAGS ?= -Wl,-z,now -Wl,-z,relro -pie
CC ?= gcc
RM = rm -f
INSTALL = install

36
packages/net/miniupnpd/patches/300-macos-compat.patch
View File

@@ -1,36 +0,0 @@
--- a/Makefile.linux
+++ b/Makefile.linux
@@ -96,13 +96,13 @@ endif # ($(TEST),1)
endif # ($(TARGET_OPENWRT,)
ifneq ($(shell ldd --version | grep GLIBC),)
-GLIBC_VERSION := $(shell ldd --version | head -n 1 | sed 's/^.* //')
-GLIBC_VERSION_MAJOR = $(shell echo $(GLIBC_VERSION) | cut -f 1 -d . )
-GLIBC_VERSION_MINOR = $(shell echo $(GLIBC_VERSION) | cut -f 2 -d . )
+#GLIBC_VERSION := $(shell ldd --version | head -n 1 | sed 's/^.* //')
+#GLIBC_VERSION_MAJOR = $(shell echo $(GLIBC_VERSION) | cut -f 1 -d . )
+#GLIBC_VERSION_MINOR = $(shell echo $(GLIBC_VERSION) | cut -f 2 -d . )
# clock_gettime() needs -lrt when glibc version < 2.17
-LDLIBS += $(shell if [ $(GLIBC_VERSION_MAJOR) -lt 2 ] \
- || [ \( $(GLIBC_VERSION_MAJOR) -eq 2 \) -a \( $(GLIBC_VERSION_MINOR) -lt 17 \) ] ; \
- then echo "-lrt" ; fi )
+#LDLIBS += $(shell if [ $(GLIBC_VERSION_MAJOR) -lt 2 ] \
+# || [ \( $(GLIBC_VERSION_MAJOR) -eq 2 \) -a \( $(GLIBC_VERSION_MINOR) -lt 17 \) ] ; \
+# then echo "-lrt" ; fi )
endif
TESTUPNPDESCGENOBJS = testupnpdescgen.o upnpdescgen.o
@@ -143,11 +143,11 @@ install: miniupnpd $(SRCDIR)/miniupnpd.8
$(INSTALL) $(SRCDIR)/netfilter/ip6tables_init.sh $(DESTDIR)$(ETCINSTALLDIR)
$(INSTALL) $(SRCDIR)/netfilter/ip6tables_removeall.sh $(DESTDIR)$(ETCINSTALLDIR)
$(INSTALL) $(SRCDIR)/netfilter/miniupnpd_functions.sh $(DESTDIR)$(ETCINSTALLDIR)
- $(INSTALL) --mode=0644 -b $(SRCDIR)/miniupnpd.conf $(DESTDIR)$(ETCINSTALLDIR)
+ $(INSTALL) -m 0644 -b $(SRCDIR)/miniupnpd.conf $(DESTDIR)$(ETCINSTALLDIR)
$(INSTALL) -d $(DESTDIR)$(PREFIX)/etc/init.d
$(INSTALL) $(SRCDIR)/linux/miniupnpd.init.d.script $(DESTDIR)$(PREFIX)/etc/init.d/miniupnpd
$(INSTALL) -d $(DESTDIR)$(MANINSTALLDIR)
- $(INSTALL) --mode=0644 $(SRCDIR)/miniupnpd.8 $(DESTDIR)$(MANINSTALLDIR)
+ $(INSTALL) -m 0644 $(SRCDIR)/miniupnpd.8 $(DESTDIR)$(MANINSTALLDIR)
gzip -f $(DESTDIR)$(MANINSTALLDIR)/miniupnpd.8
# genuuid is using the uuidgen CLI tool which is part of libuuid