opnsense/miniupnpd: development copy

opnsense/miniupnpd/Makefile

@@ -0,0 +1,52 @@
+PORTNAME=	miniupnpd
+PORTVERSION=	2.1.20200510
+PORTEPOCH=	1
+CATEGORIES=	net
+MASTER_SITES=	http://miniupnp.tuxfamily.org/files/ \
+		http://miniupnp.free.fr/files/
+
+MAINTAINER=	squat@squat.no
+COMMENT=	UPnP IGD implementation which uses pf/ipf
+WWW=		http://miniupnp.free.fr/
+
+LICENSE=	BSD3CLAUSE
+
+USES=		cpe ssl
+CPE_VENDOR=	miniupnp_project
+USE_RC_SUBR=	miniupnpd
+
+HAS_CONFIGURE=	yes
+MAKE_JOBS_UNSAFE=	yes
+
+CFLAGS+=	-I${OPENSSLINC}
+LDFLAGS+=	-L${OPENSSLLIB}
+
+PLIST_FILES=	etc/miniupnpd.conf.sample \
+		man/man8/miniupnpd.8.gz \
+		sbin/miniupnpd
+
+OPTIONS_DEFINE=			CHECK_PORTINUSE IPV6 LEASEFILE UPNP_IGDV2 \
+				UPNP_STRICT
+OPTIONS_DEFAULT=		AUTODETECT_FW
+OPTIONS_SINGLE=			FIREWALL
+OPTIONS_SINGLE_FIREWALL=	AUTODETECT_FW PF IPFW
+AUTODETECT_FW_DESC=		Try to autodetect firewall type
+CHECK_PORTINUSE_DESC=		Check if ports are in use
+IPFW_DESC=			Use IPFW as firewall type
+LEASEFILE_DESC=			Enable lease file
+PF_DESC=			Use PF as firewall type
+UPNP_IGDV2_DESC=		Build an IGDv2 instead of an IGDv1
+UPNP_STRICT_DESC=		More strict UPnP specification compliance
+
+CHECK_PORTINUSE_CONFIGURE_ON=	--portinuse
+IPV6_CONFIGURE_ON=		--ipv6
+LEASEFILE_CONFIGURE_ON=		--leasefile
+PF_CONFIGURE_ON=		--firewall=pf
+UPNP_IGDV2_CONFIGURE_ON=	--igd2
+UPNP_STRICT_CONFIGURE_ON=	--strict
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|\(-lssl -lcrypto\)|$$(LDFLAGS) \1|g' \
+	${WRKSRC}/Makefile.bsd
+
+.include <bsd.port.mk>

opnsense/miniupnpd/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1591038112
+SHA256 (miniupnpd-2.1.20200510.tar.gz) = 821e708f369cc1fb851506441fbc3a1f4a1b5a8bf8e84a9e71758a32f5127e8b
+SIZE (miniupnpd-2.1.20200510.tar.gz) = 245426

opnsense/miniupnpd/files/miniupnpd.conf.sample.in

@@ -0,0 +1,70 @@
+# WAN network interface
+ext_ifname=ed0
+# if the WAN interface has several IP addresses, you
+# can specify the one to use below
+#ext_ip=
+
+# there can be multiple listening ips for receiving SSDP traffic.
+# the 1st IP is also used for UPnP Soap traffic.
+#listening_ip= 192.168.0.61 
+listening_ip=10.0.2.1
+
+# port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
+port=5555
+
+# path to the unix socket used to communicate with MiniSSDPd
+# If running, MiniSSDPd will manage M-SEARCH answering.
+# default is /var/run/minissdpd.sock
+#minissdpdsocket=/var/run/minissdpd.sock
+
+# enable NAT-PMP support (default is no)
+#enable_natpmp=no
+
+# lease file location
+#lease_file=/var/log/upnp.leases
+
+# bitrates reported by daemon in bits per second
+bitrate_up=131072
+bitrate_down=524288
+
+# "secure" mode : when enabled, UPnP client are allowed to add mappings only
+# to their IP. (default is yes)
+#secure_mode=yes
+
+# default presentation url is http address on port 80
+#presentation_url=
+
+# report system uptime instead of daemon uptime
+system_uptime=yes
+
+# unused rules cleaning.
+# never remove any rule before this threshold for the number
+# of redirections is exceeded. default to 20
+#clean_ruleset_threshold=10
+# clean process work interval in seconds. default to 0 (disabled).
+# a 600 seconds (10 minutes) interval makes sense
+clean_ruleset_interval=600
+
+# notify interval in seconds default is 30 seconds.
+#notify_interval=240
+
+# log packets in pf
+#packet_log=no
+# ALTQ queue in pf
+# filter rules must be used for this to be used.
+# compile with PF_ENABLE_FILTER_RULES (see config.h file)
+#queue=queue_name1
+
+# uuid : generated by the install a new one can be created with
+# uuidgen
+uuid=%%UUID%%
+
+# UPnP permission rules
+# (allow|deny) (external port range) ip/mask (internal port range)
+# A port range is <min port>-<max port> or <port> if there is only
+# one port in the range.
+# ip/mask format must be nn.nn.nn.nn/nn
+allow 1024-65535 10.0.2.0/24 1024-65535
+allow 1024-65535 10.0.2.0/24 1024-65535
+deny 0-65535 0.0.0.0/0 0-65535
+

opnsense/miniupnpd/files/miniupnpd.in

@@ -0,0 +1,26 @@
+#!/bin/sh
+
+# PROVIDE: miniupnpd
+# REQUIRE: NETWORKING SERVERS DAEMON ldconfig resolv
+
+. /etc/rc.subr
+
+# Add the following line to /etc/rc.conf to enable miniupnpd
+# miniupnpd_enable="YES"
+# miniupnpd_flags="<set as needed>"
+
+name=miniupnpd
+rcvar=miniupnpd_enable
+load_rc_config $name
+
+miniupnpd_enable=${miniupnpd_enable:-"NO"}
+miniupnpd_config=${miniupnpd_config:-"%%PREFIX%%/etc/miniupnpd.conf"}
+
+command="%%PREFIX%%/sbin/miniupnpd"
+pidfile="/var/run/${name}.pid"
+command_args="-f $miniupnpd_config"
+
+required_files=$miniupnpd_config
+
+run_rc_command "$1"
+

opnsense/miniupnpd/files/patch-Makefile.bsd

@@ -0,0 +1,35 @@
+--- Makefile.bsd.orig	2020-05-10 16:58:42 UTC
++++ Makefile.bsd
+@@ -121,8 +121,7 @@ LIBS += -lssl -lcrypto
+
+ INSTALLBINDIR = $(PREFIX)/sbin
+ INSTALLETCDIR = $(PREFIX)/etc
+-# INSTALLMANDIR = $(PREFIX)/man
+-INSTALLMANDIR = /usr/share/man
++INSTALLMANDIR = $(MANPREFIX)/man
+
+ all:	$(EXECUTABLES)
+
+@@ -140,10 +139,10 @@ install:	miniupnpd genuuid
+ 	$(INSTALL) -d $(DESTDIR)$(INSTALLBINDIR)
+ 	$(INSTALL) -m 755 miniupnpd $(DESTDIR)$(INSTALLBINDIR)
+ 	$(INSTALL) -d $(DESTDIR)$(INSTALLETCDIR)
+-	$(INSTALL) -b miniupnpd.conf $(DESTDIR)$(INSTALLETCDIR)
++	$(INSTALL) -b miniupnpd.conf $(DESTDIR)$(INSTALLETCDIR)/miniupnpd.conf.sample
+ 	# TODO : install man page correctly
+-#	$(INSTALL) -d $(INSTALLMANDIR)
+-#	$(INSTALL) miniupnpd.8 $(INSTALLMANDIR)/cat8/miniupnpd.0
++	$(INSTALL) -d $(DESTDIR)$(INSTALLMANDIR)/man8
++	$(INSTALL) miniupnpd.8 $(DESTDIR)$(INSTALLMANDIR)/man8/miniupnpd.8
+
+ # genuuid is using the uuid cli tool available under OpenBSD 4.0 in
+ # the uuid-1.5.0 package
+@@ -187,7 +186,7 @@ dox:	miniupnpd.doxyconf
+ 	$(DOXYGEN) $>
+
+ miniupnpd: config.h $(ALLOBJS)
+-	$(CC) $(LDFLAGS) -o $@ $(ALLOBJS) $(LIBS)
++	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(ALLOBJS) $(LIBS)
+
+ # BSDmake :
+ #	$(CC) $(LDFLAGS) -o $@ $> $(LIBS)

opnsense/miniupnpd/pkg-descr

@@ -0,0 +1,3 @@
+Mini UPnPd is a lightweight implementation of a UPnP IGD daemon. This is
+supposed to be run on your gateway machine to allow client systems to redirect
+ports and punch holes in the firewall.

opnsense/miniupnpd/pkg-message

@@ -0,0 +1,22 @@
+[
+{ type: install
+  message: <<EOM
+*** !!WARNING!! !!WARNING!! !!WARNING!! ***
+This port allows machines within your network to create holes in your
+firewall.  Please ensure this is really what you want!
+*** !!WARNING!! !!WARNING!! !!WARNING!! ***
+
+For this daemon to work, you must modify your pf rules to add an anchor
+in both the NAT and rules section.  Both must be called 'miniupnpd'.
+Example:
+
+# NAT section
+# UPnPd rdr anchor
+rdr-anchor "miniupnpd"
+
+# Rules section
+# uPnPd rule anchor
+anchor "miniupnpd"
+EOM
+}
+]