summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-upnp/root/usr/libexec/rpcd
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2022-09-06 23:51:19 +0200
committerJo-Philipp Wich <jo@mein.io>2022-09-06 23:53:15 +0200
commit82eec98944714c2b61f6e54291bc8f22983bb122 (patch)
treee3fbc552278f6b6bd912737599289fbc80495503 /applications/luci-app-upnp/root/usr/libexec/rpcd
parent10bcb228a7fc02a8e9ecb1ff584fd63b77a55afd (diff)
luci-app-upnp: make nftables compatible
Make luci.upnp rpcd backend plugin compatible with miniupnpd-nftables. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'applications/luci-app-upnp/root/usr/libexec/rpcd')
-rwxr-xr-xapplications/luci-app-upnp/root/usr/libexec/rpcd/luci.upnp58
1 files changed, 54 insertions, 4 deletions
diff --git a/applications/luci-app-upnp/root/usr/libexec/rpcd/luci.upnp b/applications/luci-app-upnp/root/usr/libexec/rpcd/luci.upnp
index a122360c61..37768f972a 100755
--- a/applications/luci-app-upnp/root/usr/libexec/rpcd/luci.upnp
+++ b/applications/luci-app-upnp/root/usr/libexec/rpcd/luci.upnp
@@ -62,6 +62,58 @@ local methods = {
ipt:close()
end
+ local nft = io.popen("nft --handle list chain inet fw4 upnp_prerouting")
+ if nft then
+ local num = 1
+ local upnpf = lease_file and io.open(lease_file, "r")
+ while true do
+ local ln = nft:read("*l")
+ if not ln then
+ break
+ elseif ln:match("iif ") then
+ local proto, extport, intaddr, intport =
+ ln:match('^\t\tiif ".-" @nh,72,8 (0x[0-9a-f]+) th dport ([0-9]+) dnat ip to ([0-9%.]+):([0-9]+)')
+ local descr = ""
+
+ if (proto == "0x6" or proto == "0x11") and extport and intaddr and intport then
+ proto = (proto == "0x6") and "TCP" or "UDP"
+ extport = tonumber(extport)
+ intport = tonumber(intport)
+
+ if upnpf then
+ local uln = upnpf:read("*l")
+ if uln then descr = uln:match(string.format("^%s:%d:%s:%d:%%d*:(.*)$", proto, extport, intaddr, intport)) end
+ if not descr then descr = "" end
+ end
+
+ local host_hint, _, e
+
+ for _,e in pairs(ipv4_hints) do
+ if e[1] == intaddr then
+ host_hint = e[2]
+ break
+ end
+ end
+
+ rule[#rule+1] = {
+ num = tostring(num),
+ proto = proto,
+ extport = extport,
+ intaddr = intaddr,
+ host_hint = host_hint,
+ intport = intport,
+ descr = descr
+ }
+
+ num = num + 1
+ end
+ end
+ end
+
+ if upnpf then upnpf:close() end
+ nft:close()
+ end
+
return { rules = rule }
end
},
@@ -75,12 +127,10 @@ local methods = {
if idx and idx > 0 then
local uci = UCI.cursor()
- sys.call("iptables -t filter -D MINIUPNPD %d 2>/dev/null" % idx)
- sys.call("iptables -t nat -D MINIUPNPD %d 2>/dev/null" % idx)
-
local lease_file = uci:get("upnpd", "config", "upnp_lease_file")
if lease_file and fs.access(lease_file) then
sys.call("sed -i -e '%dd' %s" %{ idx, util.shellquote(lease_file) })
+ sys.call("/etc/init.d/miniupnpd restart")
end
uci.unload()
@@ -152,4 +202,4 @@ elseif arg[1] == "call" then
local result, code = method.call(args)
print((json.stringify(result):gsub("^%[%]$", "{}")))
os.exit(code or 0)
-end \ No newline at end of file
+end