diff options
author | Jo-Philipp Wich <jo@mein.io> | 2022-09-07 19:53:51 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-09-07 19:53:51 +0200 |
commit | d90732843804c0733ad09f38cdee5ae631af5113 (patch) | |
tree | b70553836e06c4cdcccf8be621cb71d16bbca8f4 /applications/luci-app-upnp/root/usr/libexec/rpcd | |
parent | ce2a47c5f36bdc524713a09d539ca4a914c2d0f1 (diff) | |
parent | 82eec98944714c2b61f6e54291bc8f22983bb122 (diff) |
Merge pull request #5961 from jow-/luci-app-upnp-nft-compat
luci-app-upnp: make nftables compatible
Diffstat (limited to 'applications/luci-app-upnp/root/usr/libexec/rpcd')
-rwxr-xr-x | applications/luci-app-upnp/root/usr/libexec/rpcd/luci.upnp | 58 |
1 files changed, 54 insertions, 4 deletions
diff --git a/applications/luci-app-upnp/root/usr/libexec/rpcd/luci.upnp b/applications/luci-app-upnp/root/usr/libexec/rpcd/luci.upnp index a122360c61..37768f972a 100755 --- a/applications/luci-app-upnp/root/usr/libexec/rpcd/luci.upnp +++ b/applications/luci-app-upnp/root/usr/libexec/rpcd/luci.upnp @@ -62,6 +62,58 @@ local methods = { ipt:close() end + local nft = io.popen("nft --handle list chain inet fw4 upnp_prerouting") + if nft then + local num = 1 + local upnpf = lease_file and io.open(lease_file, "r") + while true do + local ln = nft:read("*l") + if not ln then + break + elseif ln:match("iif ") then + local proto, extport, intaddr, intport = + ln:match('^\t\tiif ".-" @nh,72,8 (0x[0-9a-f]+) th dport ([0-9]+) dnat ip to ([0-9%.]+):([0-9]+)') + local descr = "" + + if (proto == "0x6" or proto == "0x11") and extport and intaddr and intport then + proto = (proto == "0x6") and "TCP" or "UDP" + extport = tonumber(extport) + intport = tonumber(intport) + + if upnpf then + local uln = upnpf:read("*l") + if uln then descr = uln:match(string.format("^%s:%d:%s:%d:%%d*:(.*)$", proto, extport, intaddr, intport)) end + if not descr then descr = "" end + end + + local host_hint, _, e + + for _,e in pairs(ipv4_hints) do + if e[1] == intaddr then + host_hint = e[2] + break + end + end + + rule[#rule+1] = { + num = tostring(num), + proto = proto, + extport = extport, + intaddr = intaddr, + host_hint = host_hint, + intport = intport, + descr = descr + } + + num = num + 1 + end + end + end + + if upnpf then upnpf:close() end + nft:close() + end + return { rules = rule } end }, @@ -75,12 +127,10 @@ local methods = { if idx and idx > 0 then local uci = UCI.cursor() - sys.call("iptables -t filter -D MINIUPNPD %d 2>/dev/null" % idx) - sys.call("iptables -t nat -D MINIUPNPD %d 2>/dev/null" % idx) - local lease_file = uci:get("upnpd", "config", "upnp_lease_file") if lease_file and fs.access(lease_file) then sys.call("sed -i -e '%dd' %s" %{ idx, util.shellquote(lease_file) }) + sys.call("/etc/init.d/miniupnpd restart") end uci.unload() @@ -152,4 +202,4 @@ elseif arg[1] == "call" then local result, code = method.call(args) print((json.stringify(result):gsub("^%[%]$", "{}"))) os.exit(code or 0) -end
\ No newline at end of file +end |