rework nft-specific globals, create & destroy tables/chains at init &…

… shutdown

miniupnpd/Makefile.linux_nft

@@ -41,11 +41,10 @@ MANINSTALLDIR = $(INSTALLPREFIX)/share/man/man8
 
 BASEOBJS = miniupnpd.o upnphttp.o upnpdescgen.o upnpsoap.o \
            upnpreplyparse.o minixml.o portinuse.o \
-           upnpredirect.o getifaddr.o daemonize.o upnpglobalvars.o \
+           upnpredirect.o getifaddr.o daemonize.o \
            options.o upnppermissions.o minissdp.o natpmp.o pcpserver.o \
-           upnpevents.o upnputils.o getconnstatus.o \
-           upnpstun.o \
-           upnppinhole.o pcplearndscp.o asyncsendto.o
+           upnpglobalvars.o upnpevents.o upnputils.o getconnstatus.o \
+           upnpstun.o upnppinhole.o pcplearndscp.o asyncsendto.o
 
 LNXOBJS = linux/getifstats.o linux/ifacewatcher.o linux/getroute.o
 NETFILTEROBJS = netfilter_nft/nftnlrdr.o netfilter_nft/nftpinhole.o \
@@ -233,9 +232,9 @@ linux/ifacewatcher.o: miniupnpdtypes.h getifaddr.h upnpglobalvars.h
 linux/ifacewatcher.o: upnppermissions.h natpmp.h
 linux/getroute.o: getroute.h upnputils.h
 netfilter_nft/nftnlrdr.o: macros.h config.h netfilter_nft/nftnlrdr.h commonrdr.h
-netfilter_nft/nftnlrdr.o: config.h upnpglobalvars.h upnppermissions.h
+netfilter_nft/nftnlrdr.o: config.h upnppermissions.h
 netfilter_nft/nftnlrdr.o: miniupnpdtypes.h
-netfilter_nft/nftpinhole.o: config.h netfilter_nft/nftpinhole.h upnpglobalvars.h
+netfilter_nft/nftpinhole.o: config.h netfilter_nft/nftpinhole.h
 netfilter_nft/nftpinhole.o: upnppermissions.h config.h miniupnpdtypes.h
 testupnpdescgen.o: macros.h config.h upnpdescgen.h upnpdescstrings.h
 testupnpdescgen.o: getifaddr.h

miniupnpd/commonrdr.h

@@ -64,4 +64,20 @@ update_portmapping_desc_timestamp(const char * ifname,
                    unsigned short eport, int proto,
                    const char * desc, unsigned int timestamp);
 
+#ifdef USE_NFTABLES
+/* only provided by nftables implementation at the moment */
+
+typedef enum {
+	TABLE_NAME,
+	TABLE4_NAME,
+	TABLE6_NAME,
+	NAT_CHAIN_NAME,
+	NAT_POSTROUTING_CHAIN_NAME,
+	FORWARD_CHAIN_NAME,
+} rdr_name_type;
+
+int set_rdr_name( rdr_name_type param, const char * string );
+
+#endif
+
 #endif

miniupnpd/miniupnpd.c

@@ -1267,6 +1267,17 @@ init(int argc, char * * argv, struct runtime_vars * v)
 				break;
 #endif	/* ENABLE_MANUFACTURER_INFO_CONFIGURATION */
 #ifdef USE_NETFILTER
+#ifdef USE_NFTABLES
+			case UPNPFORWARDCHAIN:
+				set_rdr_name(FORWARD_CHAIN_NAME, ary_options[i].value);
+				break;
+			case UPNPNATCHAIN:
+				set_rdr_name(NAT_CHAIN_NAME, ary_options[i].value);
+				break;
+			case UPNPNATPOSTCHAIN:
+				set_rdr_name(NAT_POSTROUTING_CHAIN_NAME, ary_options[i].value);
+				break;
+#else
 			case UPNPFORWARDCHAIN:
 				miniupnpd_forward_chain = ary_options[i].value;
 				break;
@@ -1276,7 +1287,8 @@ init(int argc, char * * argv, struct runtime_vars * v)
 			case UPNPNATPOSTCHAIN:
 				miniupnpd_nat_postrouting_chain = ary_options[i].value;
 				break;
-#endif	/* USE_NETFILTER */
+#endif    /* else USE_NFTABLES */
+#endif    /* USE_NETFILTER */
 			case UPNPNOTIFY_INTERVAL:
 				v->notify_interval = atoi(ary_options[i].value);
 				break;
@@ -2901,6 +2913,8 @@ main(int argc, char * * argv)
 	freeoptions();
 #endif
 
+	shutdown_redirect();
+
 	return 0;
 }
 

miniupnpd/netfilter_nft/Makefile

@@ -11,9 +11,9 @@ clean:
 	$(RM) *.o testnftnlcrdr testnftpinhole testnftnlrdr_peer \
 		test_nfct_get testnftnlrdr 
 
-testnftnlrdr:	nftnlrdr.o nftnlrdr_misc.o testnftnlrdr.o upnpglobalvars.o $(LIBS)
+testnftnlrdr:	nftnlrdr.o nftnlrdr_misc.o testnftnlrdr.o $(LIBS)
 
-testnftpinhole:	nftpinhole.o nftnlrdr_misc.o testnftpinhole.o upnpglobalvars.o $(LIBS)
+testnftpinhole:	nftpinhole.o nftnlrdr_misc.o testnftpinhole.o $(LIBS)
 
 test_nfct_get:	test_nfct_get.o test_nfct_get.o -lmnl -lnetfilter_conntrack
 
@@ -29,5 +29,3 @@ nftnlrdr_misc.o:	nftnlrdr_misc.c
 
 nftpinhole.o:		nftpinhole.c nftpinhole.h
 
-upnpglobalvars.o:	../upnpglobalvars.c ../upnpglobalvars.h
-	$(CC) -c -o $@ $<