diff options
Diffstat (limited to 'usr/local/pkg')
-rw-r--r-- | usr/local/pkg/miniupnpd.inc | 171 | ||||
-rw-r--r-- | usr/local/pkg/miniupnpd.xml | 10 |
2 files changed, 108 insertions, 73 deletions
diff --git a/usr/local/pkg/miniupnpd.inc b/usr/local/pkg/miniupnpd.inc index 34fab47..0c816a1 100644 --- a/usr/local/pkg/miniupnpd.inc +++ b/usr/local/pkg/miniupnpd.inc @@ -8,18 +8,24 @@ /* MiniUPnPd */ - function upnp_notice ($msg) { log_error("miniupnpd: {$msg}"); } - function upnp_warn ($msg) { log_error("miniupnpd: {$msg}"); } + function upnp_notice($msg) { + log_error("miniupnpd: {$msg}"); + } + + function upnp_warn($msg) { + log_error("miniupnpd: {$msg}"); + } function upnp_running () { - if((int)exec('/bin/pgrep -a miniupnpd | /usr/bin/wc -l') > 0) + if ((int)exec('/bin/pgrep -a miniupnpd | /usr/bin/wc -l') > 0) { return true; + } return false; } function upnp_write_config($file, $text) { $handle = fopen($file, 'w'); - if(!$handle) { + if (!$handle) { upnp_warn("Could not open {$file} for writing."); return; } @@ -45,30 +51,37 @@ } function upnp_validate_ip($ip, $check_cdir) { - /* validate cidr */ + /* validate cidr */ $ip_array = array(); - if($check_cdir) { + if ($check_cdir) { $ip_array = explode('/', $ip); - if(count($ip_array) == 2) { - if($ip_array[1] < 1 || $ip_array[1] > 32) + if (count($ip_array) == 2) { + if ($ip_array[1] < 1 || $ip_array[1] > 32) { return false; - } else - if(count($ip_array) != 1) + } + } else { + if (count($ip_array) != 1) { return false; - } else + } + } + } else { $ip_array[] = $ip; + } /* validate ip */ - if (!is_ipaddr($ip_array[0])) + if (!is_ipaddr($ip_array[0])) { return false; + } return true; } function upnp_validate_port($port) { - foreach(explode('-', $port) as $sub) - if($sub < 0 || $sub > 65535) + foreach (explode('-', $port) as $sub) { + if ($sub < 0 || $sub > 65535) { return false; - return true; + } + } + return true; } function before_form_miniupnpd(&$pkg) { @@ -77,48 +90,58 @@ } function validate_form_miniupnpd($post, &$input_errors) { - if($post['enable'] && (!$post['enable_upnp'] && !$post['enable_natpmp'])) + if ($post['enable'] && (!$post['enable_upnp'] && !$post['enable_natpmp'])) { $input_errors[] = 'At least one of \'UPnP\' or \'NAT-PMP\' must be allowed'; - if($post['iface_array']) - foreach($post['iface_array'] as $iface) { - if($iface == 'wan') + } + if ($post['iface_array']) { + foreach ($post['iface_array'] as $iface) { + if ($iface == 'wan') { $input_errors[] = 'It is a security risk to specify WAN in the \'Interface\' field'; - elseif ($iface == $post['ext_iface']) + } elseif ($iface == $post['ext_iface']) { $input_errors[] = 'You cannot select the external interface as an internal interface.'; + } } - if($post['overridewanip'] && !upnp_validate_ip($post['overridewanip'],false)) + } + if ($post['overridewanip'] && !upnp_validate_ip($post['overridewanip'],false)) { $input_errors[] = 'You must specify a valid ip address in the \'Override WAN address\' field'; - if(($post['download'] && !$post['upload']) || ($post['upload'] && !$post['download'])) + } + if (($post['download'] && !$post['upload']) || ($post['upload'] && !$post['download'])) { $input_errors[] = 'You must fill in both \'Maximum Download Speed\' and \'Maximum Upload Speed\' fields'; - if($post['download'] && $post['download'] <= 0) + } + if ($post['download'] && $post['download'] <= 0) { $input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Download Speed\' field'; - if($post['upload'] && $post['upload'] <= 0) + } + if ($post['upload'] && $post['upload'] <= 0) { $input_errors[] = 'You must specify a value greater than 0 in the \'Maximum Upload Speed\' field'; - if($post['upnpqueue'] && !upnp_validate_queue($post['upnpqueue'])) + } + if ($post['upnpqueue'] && !upnp_validate_queue($post['upnpqueue'])) { $input_errors[] = 'You must specify a valid traffic shaping queue.'; + } /* user permissions validation */ $j = substr_count(implode(array_keys($post)), "permuser"); for ($i=0; $i<$j; $i++){ - if($post["permuser{$i}"]) { + if ($post["permuser{$i}"]) { $perm = explode(' ',$post["permuser{$i}"]); /* should explode to 4 args */ - if(count($perm) != 4) { + if (count($perm) != 4) { $input_errors[] = "You must follow the specified format in the 'User specified permissions {$i}' field"; } else { /* must with allow or deny */ - if(!($perm[0] == 'allow' || $perm[0] == 'deny')) + if (!($perm[0] == 'allow' || $perm[0] == 'deny')) { $input_errors[] = "You must begin with allow or deny in the 'User specified permissions {$i}' field"; + } /* verify port or port range */ - if(!upnp_validate_port($perm[1]) || !upnp_validate_port($perm[3])) - $input_errors[] = "You must specify a port or port range between 0 and 65535 in the 'User specified - permissions {$i}' field"; + if (!upnp_validate_port($perm[1]) || !upnp_validate_port($perm[3])) { + $input_errors[] = "You must specify a port or port range between 0 and 65535 in the 'User specified permissions {$i}' field"; + } /* verify ip address */ - if(!upnp_validate_ip($perm[2],true)) + if (!upnp_validate_ip($perm[2],true)) { $input_errors[] = "You must specify a valid ip address in the 'User specified permissions {$i}' field"; + } } } - } + } } function sync_package_miniupnpd() { @@ -128,13 +151,13 @@ $upnp_config = $config['installedpackages']['miniupnpd']['config'][0]; $config_file = '/var/etc/miniupnpd.conf'; - if (!isset($upnp_config['ext_iface']) || empty($upnp_config['ext_iface'])) + if (!isset($upnp_config['ext_iface']) || empty($upnp_config['ext_iface'])) { $ext_ifname = get_real_interface(); - else { + } else { $if = convert_friendly_interface_to_real_interface_name($upnp_config['ext_iface']); - if ($if != $upnp_config['ext_iface']) + if ($if != $upnp_config['ext_iface']) { $ext_ifname = $if; - else { + } else { $ext_ifname = get_real_interface(); upnp_warn("Could not resolve real interface for {$upnp_config['ext_iface']}, defaulting to WAN"); } @@ -145,60 +168,68 @@ $ifaces_active = ''; - /* since config is written before this file invoked we don't need to read post data */ - if($upnp_config['enable'] && !empty($upnp_config['iface_array'])) { + /* since config is written before this file is invoked we don't need to read post data */ + if ($upnp_config['enable'] && !empty($upnp_config['iface_array'])) { $iface_array = explode(',', $upnp_config['iface_array']); - foreach($iface_array as $iface) { + foreach ($iface_array as $iface) { /* Setting the same internal and external interface is not allowed. */ - if ($iface == $upnp_config['ext_iface']) + if ($iface == $upnp_config['ext_iface']) { continue; + } $if = convert_friendly_interface_to_real_interface_name($iface); /* above function returns iface if fail */ - if($if!=$iface) { + if ($if!=$iface) { $addr = find_interface_ip($if); $bits = find_interface_subnet($if); /* check that the interface has an ip address before adding parameters */ if (is_ipaddr($addr)) { $config_text .= "listening_ip={$if}\n"; - if(!$ifaces_active) { + if (!$ifaces_active) { $webgui_ip = $addr; $ifaces_active = $iface; - } else + } else { $ifaces_active .= ", {$iface}"; - } else + } + } else { upnp_warn("Interface {$iface} has no ip address, ignoring"); - } else + } + } else { upnp_warn("Could not resolve real interface for {$iface}"); + } } if (!empty($ifaces_active)) { /* override wan ip address, common for carp, etc */ - if($upnp_config['overridewanip']) + if ($upnp_config['overridewanip']) { $config_text .= "ext_ip={$upnp_config['overridewanip']}\n"; + } $download = $upnp_config['download']*1000; $upload = $upnp_config['upload']*1000; /* set upload and download bitrates */ - if(!empty($download) && !empty($upload)) { + if (!empty($download) && !empty($upload)) { $config_text .= "bitrate_down={$download}\n"; $config_text .= "bitrate_up={$upload}\n"; } - + /* enable logging of packets handled by miniupnpd rules */ - if($upnp_config['logpackets']) + if ($upnp_config['logpackets']) { $config_text .= "packet_log=yes\n"; - + } + /* enable system uptime instead of miniupnpd uptime */ - if($upnp_config['sysuptime']) + if ($upnp_config['sysuptime']) { $config_text .= "system_uptime=yes\n"; + } /* set webgui url */ - if(!empty($config['system']['webgui']['protocol'])) { + if (!empty($config['system']['webgui']['protocol'])) { $config_text .= "presentation_url={$config['system']['webgui']['protocol']}://{$webgui_ip}"; - if(!empty($config['system']['webgui']['port'])) + if (!empty($config['system']['webgui']['port'])) { $config_text .= ":{$config['system']['webgui']['port']}"; + } $config_text .= "/\n"; } @@ -208,23 +239,27 @@ /* set model number */ $config_text .= "model_number=".file_get_contents("/etc/version")."\n"; - + /* upnp access restrictions */ foreach($upnp_config['row'] as $row){ - if($row['permuser']) + if($row['permuser']) { $config_text .= "{$row["permuser"]}\n"; + } } - if($upnp_config['permdefault']) + if ($upnp_config['permdefault']) { $config_text .= "deny 0-65535 0.0.0.0/0 0-65535\n"; + } /* Recheck if queue is valid */ - if (!upnp_validate_queue($upnp_config['upnpqueue'])) + if (!upnp_validate_queue($upnp_config['upnpqueue'])) { unset($upnp_config['upnpqueue']); + } /* Add shaper queue */ - if($upnp_config['upnpqueue']) + if($upnp_config['upnpqueue']) { $config_text .= "queue={$upnp_config['upnpqueue']}\n"; + } /* Allow UPnP or NAT-PMP as requested */ $config_text .= "enable_upnp=" . ( $upnp_config['enable_upnp'] ? "yes\n" : "no\n" ); @@ -232,14 +267,13 @@ /* write out the configuration */ upnp_write_config($config_file, $config_text); - + /* if miniupnpd not running start it */ - if(!upnp_running()) { + if (!upnp_running()) { upnp_notice("Starting service on interface: {$ifaces_active}"); - upnp_action('start'); - } - /* or restart miniupnpd if settings were changed */ - else { + upnp_action('start'); + } else { + /* restart miniupnpd if settings were changed */ upnp_notice("Restarting service on interface: {$ifaces_active}"); upnp_action('restart'); } @@ -249,10 +283,11 @@ /* lets stop the service and remove the rc file */ if (file_exists($config_file)) { - if(!$upnp_config['enable']) + if (!$upnp_config['enable']) { upnp_notice('Stopping service: miniupnpd disabled'); - else - upnp_notice('Stopping service: no interfaces selected'); + } else { + upnp_notice('Stopping service: no interfaces selected'); + } upnp_action('stop'); @unlink($config_file); diff --git a/usr/local/pkg/miniupnpd.xml b/usr/local/pkg/miniupnpd.xml index c26587b..e15bbd7 100644 --- a/usr/local/pkg/miniupnpd.xml +++ b/usr/local/pkg/miniupnpd.xml @@ -13,13 +13,13 @@ </menu> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/miniupnpd/miniupnpd.inc</item> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/miniupnpd/status_upnp.php</item> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/sbin/</prefix> @@ -42,7 +42,7 @@ <fieldname>enable</fieldname> <type>checkbox</type> <enablefields>enable_upnp,enable_natpmp,ext_iface,iface_array,download,upload,overridewanip,upnpqueue,logpackets,sysuptime,permdefault</enablefields> - </field> + </field> <field> <fielddescr>Allow UPnP Port Mapping</fielddescr> <fieldname>enable_upnp</fieldname> |