miniupnpd: Daemon hotfix for 24.10 and revise several upnpd UCI config options
#24988
Conversation
Self-Hosting-Group
force-pushed
the
miniupnpd-uci-revision
branch
3 times, most recently
from
618ed1f to
6da251a
Compare
|
@Self-Hosting-Group: Nice PR! cc: @systemcrash |
Self-Hosting-Group
force-pushed
the
miniupnpd-uci-revision
branch
from
6da251a to
173ee62
Compare
Self-Hosting-Group
force-pushed
the
miniupnpd-uci-revision
branch
3 times, most recently
from
cfbf68e to
cb7a02d
Compare
and correctly list port maps. See miniupnp/miniupnp#791 and miniupnp/miniupnp#768. Backport commits miniupnp/miniupnp@78fbd18 and miniupnp/miniupnp@792757f Signed-off-by: Self Hosting Group <[email protected]>
Signed-off-by: Self Hosting Group <[email protected]>
as not standard/working Signed-off-by: Self Hosting Group <[email protected]>
as upstream, see miniupnp/miniupnp@02da705 Signed-off-by: Self Hosting Group <[email protected]>
`secure_mode` UCI config option is disabled Signed-off-by: Self Hosting Group <[email protected]>
also for UPnP IGD with IPv6, previously it was always enabled and the behaviour is undocumented. See miniupnp/miniupnp@c79e25a Signed-off-by: Self Hosting Group <[email protected]>
kbit/s and rename to `*_kbps`, and set default to interface link speed (will only be reported) Signed-off-by: Self Hosting Group <[email protected]>
config option accepts `igdv1`/`igdv2`, replacing the current `igdv1` boolean option, allowing future compatibility modes Signed-off-by: Self Hosting Group <[email protected]>
`allow_third_party_mapping` Signed-off-by: Self Hosting Group <[email protected]>
and add (template) ACL entry for low ports (<1024) denied by default, current behaviour Signed-off-by: Self Hosting Group <[email protected]>
Signed-off-by: Self Hosting Group <[email protected]>
Signed-off-by: Self Hosting Group <[email protected]>
workaround no longer included in other implementations since >15y Signed-off-by: Self Hosting Group <[email protected]>
Signed-off-by: Self Hosting Group <[email protected]>
Self-Hosting-Group
force-pushed
the
miniupnpd-uci-revision
branch
2 times, most recently
from
cc180f0 to
86f6935
Compare
Self-Hosting-Group
changed the title
upnpd UCI configuration options and defaultsupnpd UCI config options
|
@systemcrash @Neustradamus: PR updated to include important daemon hotfix for OpenWrt 24.10 package. See updated PR description for details. |
|
A downgrade included in a patchset won't get accepted, since a downgrade may subtly reintroducing bugs for existing users, if we assume that point releases fix bugs only. Better to wait for a new release, and bump to that version. Migrations are probably a more serious matter: those must be carried basically 'forever'. The best way is simply to avoid those. One might introduce a new setting, and deprecate the old one, and change the UI over to use the new one. Still a bit of a bumpy road. I think personally this is minor in the grand scheme of things (rather unimportant settings), but other reviewers may take a much firmer stance on it since you are, after all, changing setting names. |
What do you think about backporting the commit? |
Acceptable. It just breaks compile at the next release bump when it no longer applies. Minor, I guess. |
Self-Hosting-Group
force-pushed
the
miniupnpd-uci-revision
branch
from
86f6935 to
124dd12
Compare
|
Every single test-build failed: Dirty patches detected, please refresh and review the diff |
Self-Hosting-Group
force-pushed
the
miniupnpd-uci-revision
branch
10 times, most recently
from
6eaafdb to
50eda40
Compare
in openwrt/packages#24988 Signed-off-by: Self-Hosting-Group <[email protected]>
in openwrt/packages#24988 Signed-off-by: Self-Hosting-Group <[email protected]>
Self-Hosting-Group
force-pushed
the
miniupnpd-uci-revision
branch
from
50eda40 to
1fb6110
Compare
in openwrt/packages#24988 Signed-off-by: Self-Hosting-Group <[email protected]>
Self-Hosting-Group
force-pushed
the
miniupnpd-uci-revision
branch
from
1fb6110 to
bd6a6f5
Compare
Patches refreshed, corresponding prepared LuCI changes here: openwrt/luci@master...Self-Hosting-Group:luci:adapt-new-uci. Already at 24.10.0-rc7! I think for security reasons (nftable rule removal) and incorrect listing of port maps, IMHO the PR needs to be included in the final 24.10. And it seems that the hotfix is important for X-WRT: x-wrt/packages@220a092 A comment on the following wording would be helpful as it is suggested in OpenWrt and also in another project: Allow third-party mapping |
|
@systemcrash Should I already create the corresponding LuCI PR for the commit in the above branch? |
upnp_forwardand correctly list port maps. See miniupnpd-nftables does not delete forward rules miniupnp/miniupnp#791 and miniupnpd: Port map listing broken since version 2.3.6 miniupnp/miniupnp#768. Backport commits miniupnp/miniupnp@78fbd18 and miniupnp/miniupnp@792757fenabled/igdv1UCI config options defaultclean_ruleset_interval/thresholdUCI config options as not standard/workingenable_nat_pmptoenable_pcp_pmpas upstream, see miniupnp/miniupnp@02da705secure_modeUCI config option is disabledsecure_modeUCI config also for UPnP IGD with IPv6, previously it was always enabled and the behaviour is undocumented. See miniupnp/miniupnp@c79e25adownload/uploadUCI config option from KByte/s to kbit/s and rename to*_kbps, and set default to interface link speed (will only be reported)upnp_igd_compatUCI config option acceptsigdv1/igdv2, replacing the currentigdv1boolean option, allowing future compatibility modessecure_modetoallow_third_party_mappingupnpdUCI config file and add (template) ACL entry for low ports (<1024) denied by default, current behaviour--disable-pppconnto remove legacy workaround no longer included in other implementations since >15yPKG_RELEASEMaintainer:
Compile tested: OpenWrt 24.10.0-rc5
Run tested: daemon init/config generation and uci-defaults migration using OpenWrt 24.10.0-rc5