miniupnpd: separate service start and config-gen

- Remove `config_foreach upnpd "upnpd"` and replace it with regular
  function call, as init was not designed for a multi-instance setup, as
  the same `tmpconf` will be used/overwritten, and non-anonymous section
- Move code to make the custom vs. config file generation decision
  earlier, and only perform external interface detection with the second
  one, and rename function `upnpd` to `upnpd_generate_config`
- Replace unnecessary `if` cases with `elif` in init/hotplug
- Exit with 1 on errors to get an inactive service status
- Do not restart daemon in hotplug when using a custom config file, as
  then this file will not be regenerated on restarts
- Use `procd_add_reload_trigger "firewall"` instead of listening
  `/etc/config/firewall`

(to merge with prior)

Signed-off-by: Self-Hosting-Group <[email protected]>

Author: Self-Hosting-Group

net/miniupnpd/files/miniupnpd.hotplug

@@ -1,13 +1,12 @@
+#!/bin/sh
 /etc/init.d/miniupnpd enabled || exit 0
 
-# If miniupnpd is not running:
-# - check on _any_ event (event updates may contribute to network_find_wan*)
-
-# If miniupnpd _is_ running:
-# - check only on ifup (otherwise lease updates etc would cause
-#   miniupnpd state loss)
+# If daemon is:
+# - not running: check on any event (event updates may contribute to network_find_wan*)
+# - running: check only on ifup (otherwise lease updates etc. would cause daemon state loss)
 
 [ "$ACTION" != "ifup" ] && /etc/init.d/miniupnpd running && exit 0
+uci -q get upnpd.settings.config_file >/dev/null && exit 0
 
 tmpconf="/var/etc/miniupnpd.conf"
 external_iface=$(uci -q get upnpd.settings.external_iface)
@@ -16,26 +15,19 @@ external_zone=$(uci -q get upnpd.settings.external_zone)
 [ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3"
 
 . /lib/functions/network.sh
-
-if [ -n "$external_iface" ] ; then
+if [ -n "$external_iface" ]; then
 	network_get_device ifname "$external_iface"
+elif [ -n "$external_zone" ]; then
+	ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
 else
-	if [ -n "$external_zone" ] ; then
-		ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
-	else
-		network_find_wan external_iface && \
-			network_get_device ifname "$external_iface"
-	fi
+	network_find_wan external_iface && network_get_device ifname "$external_iface"
 fi
-if [ -n "$external_iface6" ] ; then
+if [ -n "$external_iface6" ]; then
 	network_get_device ifname6 "$external_iface6"
+elif [ -n "$external_zone" ]; then
+	ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
 else
-	if [ -n "$external_zone" ] ; then
-		ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
-	else
-		network_find_wan6 external_iface6 && \
-			network_get_device ifname6 "$external_iface6"
-	fi
+	network_find_wan6 external_iface6 && network_get_device ifname6 "$external_iface6"
 fi
 
 [ "$DEVICE" != "$ifname" ] && [ "$DEVICE" != "$ifname6" ] && exit 0

net/miniupnpd/files/miniupnpd.init

@@ -37,25 +37,16 @@ upnpd_add_custom_acl_entry() {
 	echo "$action $ext_port $int_addr $int_port${descr_filter} # $comment"
 }
 
-upnpd() {
-	config_load "upnpd"
-	local enabled
-	config_get enabled settings enabled 0
-	if [ "$enabled" != "1" ]; then
-		log "Service disabled, UCI enabled is not set"
-		return 1
-	fi
+upnpd_generate_config() {
 	# Daemon
-	local enabled_protocols allow_cgnat stun_host allow_third_party_mapping ipv6_disable system_uptime log_output lease_file config_file
+	local enabled_protocols allow_cgnat stun_host allow_third_party_mapping ipv6_disable system_uptime lease_file
 	config_get enabled_protocols settings enabled_protocols all
 	config_get allow_cgnat settings allow_cgnat 0
 	config_get stun_host settings stun_host stun.nextcloud.com
 	config_get allow_third_party_mapping settings allow_third_party_mapping 0
 	config_get ipv6_disable settings ipv6_disable 0
 	config_get system_uptime settings system_uptime 1
-	config_get log_output settings log_output
 	config_get lease_file settings lease_file /run/miniupnpd.leases
-	config_get config_file settings config_file
 
 	# UPnP IGD
 	local upnp_igd_compat download_kbps upload_kbps friendly_name model_number serial_number presentation_url uuid http_port notify_interval
@@ -77,51 +68,39 @@ upnpd() {
 	config_get external_zone settings external_zone
 	config_get external_ip settings external_ip
 
-	local conf ifname ifname6
+	local ifname ifname6
 	. /lib/functions/network.sh
-
-	if [ -n "$external_iface" ] ; then
+	if [ -n "$external_iface" ]; then
 		network_get_device ifname "$external_iface"
+	elif [ -n "$external_zone" ]; then
+		ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
 	else
-		if [ -n "$external_zone" ] ; then
-			ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
-		else
-			network_find_wan external_iface && \
-				network_get_device ifname "$external_iface"
-		fi
+		network_find_wan external_iface && network_get_device ifname "$external_iface"
 	fi
-	if [ -n "$external_iface6" ] ; then
+	if [ -n "$external_iface6" ]; then
 		network_get_device ifname6 "$external_iface6"
+	elif [ -n "$external_zone" ]; then
+		ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
 	else
-		if [ -n "$external_zone" ] ; then
-			ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
-		else
-			network_find_wan6 external_iface6 && \
-				network_get_device ifname6 "$external_iface6"
-		fi
+		network_find_wan6 external_iface6 && network_get_device ifname6 "$external_iface6"
 	fi
 
-	if [ -n "$config_file" ]; then
-		conf="$config_file"
-	else
-		local tmpconf="/var/etc/miniupnpd.conf"
-		conf="$tmpconf"
-		mkdir -p /var/etc
-		if [ "$ifname" = "" ]; then
-			log "No external network interface found, not starting" daemon.err
-			return 1
-		fi
-		if ! uci -q get upnpd.@internal_network[0].interface >/dev/null; then
-			log "No internal networks configured, not starting" daemon.err
-			return 1
-		fi
-		# Only perform an STUN CGNAT test if necessary, with a private/CGNAT external IPv4
-		local extipv4 extipv4private
-		network_get_ipaddr extipv4 "$external_iface"
-		case "$extipv4" in
-		10.* | 172.1[6-9].* | 172.2[0-9].* | 172.3[0-1].* | 192.168.* | 100.6[4-9].* | 100.[7-9][0-9].* | 100.1[0-1][0-9].* | 100.12[0-7].*) extipv4private=1 ;;
-		esac
-		{
+	if [ "$ifname" = "" ]; then
+		log "No external network interface found, not starting" daemon.err
+		return 1
+	fi
+	if ! uci -q get upnpd.@internal_network[0].interface >/dev/null; then
+		log "No internal networks configured, not starting" daemon.err
+		return 1
+	fi
+	# Only perform an STUN CGNAT test if necessary, with a private/CGNAT external IPv4
+	local extipv4 extipv4private
+	network_get_ipaddr extipv4 "$external_iface"
+	case "$extipv4" in
+	10.* | 172.1[6-9].* | 172.2[0-9].* | 172.3[0-1].* | 192.168.* | 100.6[4-9].* | 100.[7-9][0-9].* | 100.1[0-1][0-9].* | 100.12[0-7].*) extipv4private=1 ;;
+	esac
+
+	{
 		echo "# Daemon"
 		[ "$enabled_protocols" = "all" ] && echo "enable_upnp=yes" && echo "enable_pcp_pmp=yes"
 		[ "$enabled_protocols" = "upnp-igd" ] && echo "enable_upnp=yes" && echo "enable_pcp_pmp=no"
@@ -184,32 +163,15 @@ upnpd() {
 		config_foreach upnpd_add_int_network_and_preset internal_network postcustom
 		echo "deny 1-65535 0.0.0.0/0 1-65535 # Reject ACL by default"
 
-		} > "$tmpconf"
-	fi
-
-	if [ -n "$ifname" ]; then
-		if [ "$FW" = "fw4" ]; then
-			nft -s -t -n list chain inet fw4 upnp_forward >/dev/null 2>&1 || fw4 reload
-		else
-			iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
-		fi
-	fi
-
-	procd_open_instance
-	procd_set_param file "$conf" "/etc/config/firewall"
-	procd_set_param command "$PROG"
-	procd_append_param command -f "$conf"
-	[ "$log_output" = "info" ] && procd_append_param command -v
-	[ "$log_output" = "debug" ] && procd_append_param command -d
-	procd_close_instance
+	} >"$1"
 }
 
 stop_service() {
 	if [ "$FW" = "fw3" ]; then
-		iptables -t nat -F MINIUPNPD 2>/dev/null
-		iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
 		iptables -t filter -F MINIUPNPD 2>/dev/null
 		[ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
+		iptables -t nat -F MINIUPNPD 2>/dev/null
+		iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
 	else
 		nft flush chain inet fw4 upnp_forward 2>/dev/null
 		nft flush chain inet fw4 upnp_prerouting 2>/dev/null
@@ -219,11 +181,41 @@ stop_service() {
 
 start_service() {
 	config_load "upnpd"
-	config_foreach upnpd "upnpd"
+	local enabled config_file log_output conf
+	config_get enabled settings enabled 0
+	config_get config_file settings config_file
+	config_get log_output settings log_output
+	if [ "$enabled" != "1" ]; then
+		log "Service disabled, UCI enabled is not set"
+		return 1
+	fi
+
+	if [ -n "$config_file" ]; then
+		conf="$config_file"
+	else
+		local tmpconf="/var/etc/miniupnpd.conf"
+		conf="$tmpconf"
+		mkdir -p /var/etc
+		upnpd_generate_config "$tmpconf" || return 1
+	fi
+
+	if [ "$FW" = "fw4" ]; then
+		nft -s -t -n list chain inet fw4 upnp_forward >/dev/null 2>&1 || fw4 reload
+	else
+		iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
+	fi
+
+	procd_open_instance
+	procd_set_param file "$conf"
+	procd_set_param command "$PROG"
+	procd_append_param command -f "$conf"
+	[ "$log_output" = "info" ] && procd_append_param command -v
+	[ "$log_output" = "debug" ] && procd_append_param command -d
+	procd_close_instance
 }
 
 service_triggers() {
-	procd_add_reload_trigger "upnpd"
+	procd_add_reload_trigger "upnpd" "firewall"
 }
 
 log() {