miniupnpd: create iptables and nftables variant

The next OpenWrt stable release aims to use firewall4 by default. As this uses nftables as backend, miniupnpd will no longer work. Create an iptables and nftables variant of the miniupnpd package so that miniupnpd can be used with either firewall variant. See openwrt#16818 for more info. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
stintel · Nov 8, 2021 · 0c2bdd3 · 0c2bdd3
1 parent ddcf346
commit 0c2bdd3
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 17 deletions.
diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=miniupnpd
 PKG_VERSION:=2.2.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL:=https://miniupnp.tuxfamily.org/files
 PKG_HASH:=f89c310ce9575183af3fec61af65e548f85114133df8caaaa9e204c13b7a9da5
@@ -26,27 +26,47 @@ PKG_BUILD_PARALLEL:=1
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/version.mk
 
-define Package/miniupnpd
+define Package/miniupnpd/Default
   SECTION:=net
   CATEGORY:=Network
   DEPENDS:= \
-	+IPV6:ip6tables \
-	+IPV6:libip6tc \
-	+iptables \
 	+libcap-ng \
-	+libip4tc \
 	+libmnl \
-	+libnetfilter-conntrack \
 	+libuuid
   TITLE:=Lightweight UPnP IGD, NAT-PMP & PCP daemon
   SUBMENU:=Firewall
   URL:=https://miniupnp.tuxfamily.org/
 endef
 
-define Package/miniupnpd/conffiles
+define Package/miniupnpd-iptables
+  $(call Package/miniupnpd/Default)
+  DEPENDS+= \
+	+IPV6:ip6tables \
+	+IPV6:libip6tc \
+	+iptables \
+	+libip4tc \
+	+libnetfilter-conntrack
+  TITLE+= (iptables)
+  CONFLICTS:=miniupnpd-nftables
+  VARIANT:=iptables
+endef
+
+define Package/miniupnpd-nftables
+  $(call Package/miniupnpd/Default)
+  DEPENDS+= \
+	+libnftnl
+  TITLE+= (nftables)
+  PROVIDES:=miniupnpd
+  VARIANT:=nftables
+endef
+
+define Package/miniupnpd/conffiles/Default
 /etc/config/upnpd
 endef
 
+Package/miniupnpd-iptables/conffiles = $(Package/miniupnpd/conffiles/Default)
+Package/miniupnpd-nftables/conffiles = $(Package/miniupnpd/conffiles/Default)
+
 define Build/Prepare
 	$(call Build/Prepare/Default)
 	echo "$(VERSION_NUMBER)" | tr '() ' '_' >$(PKG_BUILD_DIR)/os.openwrt
@@ -57,26 +77,34 @@ CONFIGURE_ARGS = \
 	--igd2 \
 	--leasefile \
 	--portinuse \
-	--firewall=iptables \
+	--firewall=$(BUILD_VARIANT) \
 	--disable-fork
 
 TARGET_CFLAGS += $(FPIC) -flto
-TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
+TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed -Wl,-flto
 
-define Package/miniupnpd/install
+define Package/miniupnpd/install/Default
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_DIR) $(1)/usr/share/miniupnpd
-
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/miniupnpd $(1)/usr/sbin/miniupnpd
 	$(INSTALL_BIN) ./files/miniupnpd.init $(1)/etc/init.d/miniupnpd
 	$(INSTALL_CONF) ./files/upnpd.config $(1)/etc/config/upnpd
 	$(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/iface/50-miniupnpd
-	$(INSTALL_BIN) ./files/miniupnpd.defaults $(1)/etc/uci-defaults/99-miniupnpd
-	$(INSTALL_DATA) ./files/firewall.include $(1)/usr/share/miniupnpd/firewall.include
 endef
 
-$(eval $(call BuildPackage,miniupnpd))
+define Package/miniupnpd-iptables/install
+	$(call Package/miniupnpd/install/Default,$1)
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DIR) $(1)/usr/share/miniupnpd
+	$(INSTALL_BIN) ./files/miniupnpd.defaults.iptables $(1)/etc/uci-defaults/99-miniupnpd
+	$(INSTALL_DATA) ./files/firewall3.include $(1)/usr/share/miniupnpd/firewall.include
+endef
+
+define Package/miniupnpd-nftables/install
+	$(call Package/miniupnpd/install/Default,$1)
+endef
+
+$(eval $(call BuildPackage,miniupnpd-iptables))
+$(eval $(call BuildPackage,miniupnpd-nftables))
diff --git a/net/miniupnpd/files/firewall.include → net/miniupnpd/files/firewall3.include b/net/miniupnpd/files/firewall.include → net/miniupnpd/files/firewall3.include
diff --git a/net/miniupnpd/files/miniupnpd.defaults → ...niupnpd/files/miniupnpd.defaults.iptables b/net/miniupnpd/files/miniupnpd.defaults → ...niupnpd/files/miniupnpd.defaults.iptables
diff --git a/net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch b/net/miniupnpd/patches/100-miniupnpd-configure-don-t-hardcode-iptables.patch
@@ -0,0 +1,25 @@
+From 51a422407b22f0cb7188ea4bfb3867b2bbfcfe68 Mon Sep 17 00:00:00 2001
+From: Stijn Tintel <stijn@linux-ipv6.be>
+Date: Sun, 7 Nov 2021 20:24:29 +0200
+Subject: [PATCH] miniupnpd/configure: don't hardcode iptables
+
+The OpenWrt Makefile that builds miniupnpd passes the firewall argument
+to the configure script, so this is not needed and it is blocking us
+from using nftables instead, which will be the default backend for
+firewall4 to be used in the next OpenWrt stable release.
+
+Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
+---
+ configure | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/configure
++++ b/configure
+@@ -387,7 +387,6 @@ case $OS_NAME in
+ 	OpenWRT)
+ 		OS_URL=http://www.openwrt.org/
+ 		echo "#define USE_IFACEWATCHER 1" >> ${CONFIGFILE}
+-		FW=iptables
+ 		;;
+ 	OpenEmbedded)
+ 		OS_URL=http://www.openembedded.org/