luci-app-upnp: Revision, new access control and UCI options…#8415
Draft
Self-Hosting-Group wants to merge 5 commits intoopenwrt:masterfrom
Draft
luci-app-upnp: Revision, new access control and UCI options…#8415Self-Hosting-Group wants to merge 5 commits intoopenwrt:masterfrom
Self-Hosting-Group wants to merge 5 commits intoopenwrt:masterfrom
Conversation
- Workaround daemon bug to fix listing of active port maps with iptables >= 1.8.8, and relax nftables parsing for upcoming releases - Change `Active Service Port Maps` to `Active Port Maps`, use the same wording for the table headings and ACL as on the overview status page - Change description field header to `Added via / description`, always include the protocol and clearer/less redundant protocol labels - Disable IPv6 mapping (`ipv6_disable`): UI option added, UCI exists - Don't clear dependent options if UPnP IGD/STUN temporarily disabled - Set `notify_interval` minimum to 900 s (default), as recommended by [UDA 1.1] (2x=1800 in the standard), because daemon/OpenWrt wrongly suggested 30x less in the past, and to reduce multicast traffic and power consumption in wireless networks, clearer help - Report system instead of service uptime, UUID and service lease file: UI options removed (disabled, to keep translations) as rarely used - Slightly improve some text strings - Show hint if no suitable configuration found (missing related update), link to package manager, and show form as read-only to prevent changes - Configure service lease file by default in rpcd ucode for full UI functionality without option set - Refactoring by moving ubus connection as jow-/ucode@a58fe47 was merged - Adapt to JavaScript ES6 and remove some line breaks and format files - A commit has been prepared that manually adjusts the translations, without losing them [UDA 1.1]: https://upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf#page=30 Signed-off-by: Self-Hosting-Group <selfhostinggroup-git+openwrt@shost.ing>
And rearrange as many options (to merge with prior) Signed-off-by: Self-Hosting-Group <selfhostinggroup-git+openwrt@shost.ing>
The following settings UCI options been added or changed, and the
previous options are migrated on updating:
- Only display `Active Port Maps` if the service is enabled and `Access
Control List` if it is used
- Enable protocols (`enable_protocols`): Combined UI option added
- Allow CGNAT/STUN (`allow_cgnat`): Accept new values for IPv4 CGNAT use
(allow-* values), and update help with newer wording of RFC 5780
- STUN server (`stun_host`): Allow port inclusion
- STUN port: Removed, as now accepted in STUN server
- Override external IPv4 (`external_ip`): UI option added for CGNAT use
- Allow third-party mapping (`allow_third_party_mapping`): Inverted from
secure mode and optionally extended to PCP
- Log level (`log_output`): Allow info log level, and reworded
- UPnP IGD compatibility (`upnp_igd_compat`): Reworded/extensible
- Download/upload speed (`download_kbps`/`upload_kbps`): In kbit/s and
datatype set, now, interface link speed by default
- Router/friendly name (`friendly_name`): UI option added to set name
displayed in Windows Explorer, model/serial number removed
- Enable Networks / Access Control (`internal_network`): Section added
to select the enabled networks and their access control. By:
- Internal network (`interface`): UI option added to select the
local/internal (LAN) network interface to enable the service for
- Access preset (`access_preset`): UI option added to select an access
control preset for ports that all devices on the network can map
- Accept extra ports (`accept_ports`): UI option added to accept these
ports or port ranges on the network as well
- Reject ports (`reject_ports`): UI option added to reject ports on
this network; override other settings
- Ignore ACL (`ignore_acl`): UI option added to not check ACL entries
before a preset; can extend/override a preset
- Slightly improve introduction text
More details on changed options can be found in the dependent package PR
Depends on: https://redirect.github.com/openwrt/packages/pull/28765
Signed-off-by: Self-Hosting-Group <selfhostinggroup-git+openwrt@shost.ing>
Rename UCI section `config` (v1.0) -> `settings` (v2.0), helps on migration and to distinguish the updated config from the previous one (to merge with prior) Signed-off-by: Self-Hosting-Group <selfhostinggroup-git+openwrt@shost.ing>
- Ignorable and cloneable ACL entries, always translated `Action` - Improve UI with direct editability, clearer help wording, and rename to `Access Control List` - Note that the ACL is now rejected by default, with no preset and accepted extra ports. Add (ignored) ACL template entries on migration - Migrate ACL entries to the new section name `acl_entry` - The following ACL UCI options been added or changed, and the previous options are migrated on updating: acl_entry UCI options | Change | Previous name ----------------------------|----------------------------|-------------- action | New/updated values (1) | int_port | Remove colon separator (2) | int_ports ext_port | Remove colon separator (2) | ext_ports descr_filter | New option (3) | 1. Allow ignore, and update action option to use the nftables terms (allow/deny -> accept/reject). To avoid adding inverted actions when changing via LuCI, ensure any missing are set, as LuCI and UCI had not matching action defaults. Missing actions are now ignored/logged 2. Ensure that the hyphen (-) is only used as a port range separator by migration, as the colon (:) is not valid in LuCI 3. Add missing UCI option to set a regular expression to check for a UPnP IGD IPv4 port map description, and fix the current collision with the comment field which was not noticed due to a daemon bug https://redirect.github.com/openwrt/packages/pull/24495 https://redirect.github.com/miniupnp/miniupnp/pull/853 - Refactoring by adding a more universal usable `is_port_or_range` function instead of `upnpd_get_port_range` and check if it has a valid range, and removes a shellcheck warning - Rename `conf_rule_add` function to `upnpd_add_acl_entry` (to merge with prior) Signed-off-by: Self-Hosting-Group <selfhostinggroup-git+openwrt@shost.ing>
Failed checksIssues marked with an ❌ are failing checks. Commit a299173
Commit dc1577d
Commit 111ebdd
Commit abdf9cf
Commit da8df08
For more details, see the full job log. Something broken? Consider providing feedback. |
Contributor
Author
|
Hi @1715173329 @systemcrash @GeorgeSapkin. As agreed, I have created new PRs as an exception. Please leave the old ones open for now; I will then close them. For the time being, I also don't want to direct everyone to the new PR, so please avoid commenting there for now. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.