Merge Official Source

Makefile

@@ -0,0 +1,122 @@
+#
+# Copyright (C) 2006-2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=miniupnpd
+PKG_VERSION:=2.3.9
+PKG_RELEASE:=2
+
+PKG_SOURCE_URL:=https://github.com/miniupnp/miniupnp/releases/download/miniupnpd_$(subst .,_,$(PKG_VERSION))
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_HASH:=66cb3c3d697ab2bb3a61d3c48628166d6ba328d7c2dbeb95898fdf2a3202af7b
+
+PKG_MAINTAINER:=
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+PKG_CPE_ID:=cpe:/a:miniupnp_project:miniupnpd
+
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/version.mk
+
+define Package/miniupnpd/Default
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:= \
+	+libcap-ng \
+	+libmnl \
+	+libuuid
+  PROVIDES:=miniupnpd
+  TITLE:=Lightweight UPnP IGD & PCP/NAT-PMP daemon
+  SUBMENU:=Firewall
+  URL:=https://miniupnp.tuxfamily.org/
+endef
+
+define Package/miniupnpd-iptables
+  $(call Package/miniupnpd/Default)
+  DEPENDS+= \
+	+IPV6:ip6tables \
+	+IPV6:libip6tc \
+	+iptables \
+	+libip4tc \
+	+libnetfilter-conntrack
+  TITLE+= (iptables)
+  VARIANT:=iptables
+endef
+
+define Package/miniupnpd-nftables
+  $(call Package/miniupnpd/Default)
+  DEPENDS+= \
+	+libnftnl
+  TITLE+= (nftables)
+  VARIANT:=nftables
+  DEFAULT_VARIANT:=1
+  CONFLICTS:=miniupnpd-iptables
+endef
+
+define Package/miniupnpd/conffiles/Default
+/etc/config/upnpd
+endef
+
+Package/miniupnpd-iptables/conffiles = $(Package/miniupnpd/conffiles/Default)
+Package/miniupnpd-nftables/conffiles = $(Package/miniupnpd/conffiles/Default)
+
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	echo "$(VERSION_NUMBER)" | tr '() ' '_' >$(PKG_BUILD_DIR)/os.openwrt
+endef
+
+CONFIGURE_ARGS = \
+	--disable-fork \
+	--disable-pppconn \
+	--firewall=$(BUILD_VARIANT) \
+	--igd2 \
+	$(if $(CONFIG_IPV6),--ipv6) \
+	--leasefile \
+	--portinuse \
+	--regex \
+	--vendorcfg
+
+TARGET_CFLAGS += $(FPIC)
+TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
+
+ifeq ($(BUILD_VARIANT),iptables)
+ifeq ($(filter $(ARCH),mips mipsel),)
+	TARGET_CFLAGS += -flto
+endif
+endif
+
+define Package/miniupnpd/install/Default
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/miniupnpd $(1)/usr/sbin/miniupnpd
+	$(INSTALL_BIN) ./files/miniupnpd.init $(1)/etc/init.d/miniupnpd
+	$(INSTALL_CONF) ./files/upnpd.config $(1)/etc/config/upnpd
+	$(INSTALL_DATA) ./files/miniupnpd.hotplug $(1)/etc/hotplug.d/iface/50-miniupnpd
+endef
+
+define Package/miniupnpd-iptables/install
+	$(call Package/miniupnpd/install/Default,$1)
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DIR) $(1)/usr/share/miniupnpd
+	$(INSTALL_BIN) ./files/miniupnpd.defaults.iptables $(1)/etc/uci-defaults/99-miniupnpd
+	$(INSTALL_DATA) ./files/firewall3.include $(1)/usr/share/miniupnpd/firewall.include
+endef
+
+define Package/miniupnpd-nftables/install
+	$(call Package/miniupnpd/install/Default,$1)
+	$(INSTALL_DIR) $(1)/usr/share/nftables.d
+	$(CP) ./files/nftables.d/* $(1)/usr/share/nftables.d/
+endef
+
+$(eval $(call BuildPackage,miniupnpd-iptables))
+$(eval $(call BuildPackage,miniupnpd-nftables))

files/firewall3.include

@@ -0,0 +1,72 @@
+#!/bin/sh
+# miniupnpd integration for firewall3
+
+IPTABLES="/usr/sbin/iptables"
+IP6TABLES="/usr/sbin/ip6tables"
+IPTARGS="-w 1"
+
+$IPTABLES -t filter -N MINIUPNPD 2>/dev/null
+$IPTABLES -t nat -N MINIUPNPD 2>/dev/null
+$IPTABLES -t nat -N MINIUPNPD-POSTROUTING 2>/dev/null
+
+[ -x $IP6TABLES ] && $IP6TABLES -t filter -N MINIUPNPD 2>/dev/null
+
+. /lib/functions/network.sh
+
+# helper to insert in chain as penultimate
+iptables_prepend_rule() {
+	local iptables="$1"
+	local table="$2"
+	local chain="$3"
+	local target="$4"
+
+	$iptables "$IPTARGS" -t "$table" -I "$chain" $($iptables "$IPTARGS" -t "$table" --line-numbers -nL "$chain" | \
+		sed -ne '$s/[^0-9].*//p') -j "$target"
+}
+
+ADDED=0
+
+add_extzone_rules() {
+    local ext_zone="$1"
+
+    [ -z "$ext_zone" ] && return
+
+    # IPv4 - due to NAT, need to add both to nat and filter table
+    # need to insert as penultimate rule for input & forward & postrouting since final rule might be a fw3 REJECT
+    iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_input" MINIUPNPD
+    iptables_prepend_rule "$IPTABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
+    $IPTABLES -t nat -A "zone_${ext_zone}_prerouting"  -j MINIUPNPD
+    iptables_prepend_rule "$IPTABLES" nat "zone_${ext_zone}_postrouting" MINIUPNPD-POSTROUTING
+
+    # IPv6 if available - filter only
+    [ -x $IP6TABLES ] && {
+	iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_input" MINIUPNPD
+	iptables_prepend_rule "$IP6TABLES" filter "zone_${ext_zone}_forward" MINIUPNPD
+    }
+    ADDED=$(($ADDED + 1))
+}
+
+# By default, user configuration is king.
+
+for ext_iface in $(uci -q get upnpd.config.external_iface); do
+    add_extzone_rules $(fw3 -q network "$ext_iface")
+done
+
+add_extzone_rules $(uci -q get upnpd.config.external_zone)
+
+[ "$ADDED" -ne 0 ] && exit 0
+
+# If really nothing is available, resort to network_find_wan{,6} and
+# assume external interfaces all have same firewall zone.
+
+# (This heuristic may fail horribly, in case of e.g. multihoming, so
+# please set external_zone in that case!)
+
+network_find_wan wan_iface
+network_find_wan6 wan6_iface
+
+for ext_iface in $wan_iface $wan6_iface; do
+    # fw3 -q network fails on sub-interfaces => map to device first
+    network_get_device ext_device $ext_iface
+    add_extzone_rules $(fw3 -q device "$ext_device")
+done

files/miniupnpd.defaults.iptables

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+uci -q batch <<-EOT
+	delete firewall.miniupnpd
+	set firewall.miniupnpd=include
+	set firewall.miniupnpd.type=script
+	set firewall.miniupnpd.path=/usr/share/miniupnpd/firewall.include
+	set firewall.miniupnpd.family=any
+	set firewall.miniupnpd.reload=1
+	commit firewall
+EOT
+
+exit 0

files/miniupnpd.hotplug

@@ -0,0 +1,45 @@
+/etc/init.d/miniupnpd enabled || exit 0
+
+# If miniupnpd is not running:
+# - check on _any_ event (event updates may contribute to network_find_wan*)
+
+# If miniupnpd _is_ running:
+# - check only on ifup (otherwise lease updates etc would cause
+#   miniupnpd state loss)
+
+[ "$ACTION" != "ifup" ] && /etc/init.d/miniupnpd running && exit 0
+
+tmpconf="/var/etc/miniupnpd.conf"
+external_iface=$(uci -q get upnpd.config.external_iface)
+external_iface6=$(uci -q get upnpd.config.external_iface6)
+external_zone=$(uci -q get upnpd.config.external_zone)
+[ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3"
+
+. /lib/functions/network.sh
+
+if [ -n "$external_iface" ] ; then
+	network_get_device ifname "$external_iface"
+else
+	if [ -n "$external_zone" ] ; then
+		ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
+	else
+		network_find_wan external_iface && \
+			network_get_device ifname "$external_iface"
+	fi
+fi
+if [ -n "$external_iface6" ] ; then
+	network_get_device ifname6 "$external_iface6"
+else
+	if [ -n "$external_zone" ] ; then
+		ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
+	else
+		network_find_wan6 external_iface6 && \
+			network_get_device ifname6 "$external_iface6"
+	fi
+fi
+
+[ "$DEVICE" != "$ifname" ] && [ "$DEVICE" != "$ifname6" ] && exit 0
+
+grep -qs "^ext_ifname=$ifname" "$tmpconf" && grep -qs "^ext_ifname6=$ifname6" "$tmpconf" && exit 0
+
+/etc/init.d/miniupnpd restart

files/miniupnpd.init

@@ -0,0 +1,223 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006-2014 OpenWrt.org
+
+START=94
+STOP=15
+USE_PROCD=1
+PROG=/usr/sbin/miniupnpd
+[ -x "$(command -v nft)" ] && FW="fw4" || FW="fw3"
+
+upnpd_get_port_range() {
+	local var="$1"; shift
+	local val
+
+	config_get val "$@"
+
+	case "$val" in
+		[0-9]*[:-][0-9]*)
+			export -n -- "${var}_start=${val%%[:-]*}"
+			export -n -- "${var}_end=${val##*[:-]}"
+		;;
+		[0-9]*)
+			export -n -- "${var}_start=$val"
+			export -n -- "${var}_end="
+		;;
+	esac
+}
+
+conf_rule_add() {
+	local cfg="$1"
+	local action int_addr
+	local ext_start ext_end int_start int_end comment
+
+	config_get action "$cfg" action "deny"                # allow or deny
+	upnpd_get_port_range "ext" "$cfg" ext_ports "0-65535" # external ports: x, x-y, x:y
+	config_get int_addr "$cfg" int_addr "0.0.0.0/0"       # ip or network and subnet mask (internal)
+	upnpd_get_port_range "int" "$cfg" int_ports "0-65535" # internal ports: x, x-y, x:y or range
+	config_get comment "$cfg" comment "ACL"		      # comment
+
+	# Make a single IP IP/32 so that miniupnpd.conf can use it.
+	[ "${int_addr%/*}" = "$int_addr" ] && int_addr="$int_addr/32"
+
+	echo "$action $ext_start${ext_end:+-}$ext_end $int_addr $int_start${int_end:+-}$int_end #$comment"
+}
+
+upnpd_write_bool() {
+	local opt="$1"
+	local def="${2:-0}"
+	local alt="${3:-$opt}"
+	local val
+
+	config_get_bool val config "$opt" "$def"
+	if [ "$val" -eq 0 ]; then
+		echo "$alt=no"
+	else
+		echo "$alt=yes"
+	fi
+}
+
+upnpd() {
+	config_load "upnpd"
+	local external_iface external_iface6 external_zone external_ip internal_iface
+	local upload download log_output port config_file serial_number model_number
+	local use_stun stun_host stun_port uuid notify_interval presentation_url
+	local upnp_lease_file upnp_lease_file6 ipv6_disable
+
+	local enabled
+	config_get_bool enabled config enabled 1
+	[ "$enabled" -eq 0 ] && return 1
+
+	config_get external_iface config external_iface
+	config_get external_iface6 config external_iface6
+	config_get external_zone config external_zone
+	config_get external_ip config external_ip
+	config_get internal_iface config internal_iface
+	config_get port config port 5000
+	config_get upload config upload
+	config_get download config download
+	config_get_bool log_output config log_output 0
+	config_get config_file config config_file
+	config_get serial_number config serial_number
+	config_get model_number config model_number
+	config_get uuid config uuid
+	config_get use_stun config use_stun 0
+	config_get stun_host config stun_host
+	config_get stun_port config stun_port
+	config_get notify_interval config notify_interval
+	config_get presentation_url config presentation_url
+	config_get upnp_lease_file config upnp_lease_file
+	config_get upnp_lease_file6 config upnp_lease_file6
+	config_get ipv6_disable config ipv6_disable 0
+
+	local conf ifname ifname6
+
+	. /lib/functions/network.sh
+
+	if [ -n "$external_iface" ] ; then
+		network_get_device ifname "$external_iface"
+	else
+		if [ -n "$external_zone" ] ; then
+			ifname=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
+		else
+			network_find_wan external_iface && \
+				network_get_device ifname "$external_iface"
+		fi
+	fi
+	if [ -n "$external_iface6" ] ; then
+		network_get_device ifname6 "$external_iface6"
+	else
+		if [ -n "$external_zone" ] ; then
+			ifname6=$($FW -q zone "$external_zone" 2>/dev/null | head -1)
+		else
+			network_find_wan6 external_iface6 && \
+				network_get_device ifname6 "$external_iface6"
+		fi
+	fi
+
+	if [ -n "$config_file" ]; then
+		conf="$config_file"
+	else
+		local tmpconf="/var/etc/miniupnpd.conf"
+		conf="$tmpconf"
+		mkdir -p /var/etc
+
+		{
+		echo "ext_ifname=$ifname"
+		echo "ext_ifname6=$ifname6"
+		[ -n "$external_ip" ] && echo "ext_ip=$external_ip"
+
+		local iface
+		for iface in ${internal_iface:-lan}; do
+			local device
+			network_get_device device "$iface" && echo "listening_ip=$device"
+		done
+
+		config_load "upnpd"
+		upnpd_write_bool enable_natpmp 1
+		upnpd_write_bool enable_upnp 1
+		upnpd_write_bool secure_mode 1
+		upnpd_write_bool system_uptime 1
+		upnpd_write_bool igdv1 0 force_igd_desc_v1
+		upnpd_write_bool use_stun 0 ext_perform_stun
+		upnpd_write_bool ipv6_disable $ipv6_disable
+
+		[ "$use_stun" -eq 0 ] || {
+			[ -n "$stun_host" ] && echo "ext_stun_host=$stun_host"
+			[ -n "$stun_port" ] && echo "ext_stun_port=$stun_port"
+		}
+
+		[ -n "$upload" ] && [ -n "$download" ] && {
+			echo "bitrate_down=$((download * 1024 * 8))"
+			echo "bitrate_up=$((upload * 1024 * 8))"
+		}
+
+		[ -n "$upnp_lease_file" ] && touch "$upnp_lease_file" && echo "lease_file=$upnp_lease_file"
+		[ -n "$upnp_lease_file6" ] && touch "$upnp_lease_file6" && echo "lease_file6=$upnp_lease_file6"
+		[ -n "$presentation_url" ] && echo "presentation_url=$presentation_url"
+		[ -n "$notify_interval" ] && echo "notify_interval=$notify_interval"
+		[ -n "$serial_number" ] && echo "serial=$serial_number"
+		[ -n "$model_number" ] && echo "model_number=$model_number"
+		[ -n "$port" ] && echo "port=$port"
+
+		[ -z "$uuid" ] && {
+			uuid="$(cat /proc/sys/kernel/random/uuid)"
+			uci set upnpd.config.uuid="$uuid"
+			uci commit upnpd
+		}
+
+		[ "$uuid" = "nocli" ] || echo "uuid=$uuid"
+
+		config_foreach conf_rule_add perm_rule
+
+		if [ "$FW" = "fw4" ]; then
+			#When using nftables configure miniupnpd to use its own table and chains
+			echo "upnp_table_name=fw4"
+			echo "upnp_nat_table_name=fw4"
+			echo "upnp_forward_chain=upnp_forward"
+			echo "upnp_nat_chain=upnp_prerouting"
+			echo "upnp_nat_postrouting_chain=upnp_postrouting"
+		fi
+
+		} > "$tmpconf"
+	fi
+
+	if [ -n "$ifname" ]; then
+		# start firewall
+		if [ "$FW" = "fw4" ]; then
+			nft -s -t -n list chain inet fw4 upnp_forward >/dev/null 2>&1 || fw4 reload
+		else
+			iptables -L MINIUPNPD >/dev/null 2>&1 || fw3 reload
+		fi
+	else
+		logger -t "upnp daemon" "external interface not found, not starting"
+	fi
+
+	procd_open_instance
+	procd_set_param file "$conf" "/etc/config/firewall"
+	procd_set_param command "$PROG"
+	procd_append_param command -f "$conf"
+	[ "$log_output" = "1" ] && procd_append_param command -d
+	procd_close_instance
+}
+
+stop_service() {
+	if [ "$FW" = "fw3" ]; then
+		iptables -t nat -F MINIUPNPD 2>/dev/null
+		iptables -t nat -F MINIUPNPD-POSTROUTING 2>/dev/null
+		iptables -t filter -F MINIUPNPD 2>/dev/null
+		[ -x /usr/sbin/ip6tables ] && ip6tables -t filter -F MINIUPNPD 2>/dev/null
+	else
+		nft flush chain inet fw4 upnp_forward 2>/dev/null
+		nft flush chain inet fw4 upnp_prerouting 2>/dev/null
+		nft flush chain inet fw4 upnp_postrouting 2>/dev/null
+	fi
+}
+
+start_service() {
+	config_load "upnpd"
+	config_foreach upnpd "upnpd"
+}
+
+service_triggers() {
+	procd_add_reload_trigger "upnpd"
+}

files/nftables.d/chain-post/dstnat/20-miniupnpd.nft

@@ -0,0 +1 @@
+jump upnp_prerouting comment "Hook into miniupnpd prerouting chain";

files/nftables.d/chain-post/forward/20-miniupnpd.nft

@@ -0,0 +1 @@
+jump upnp_forward comment "Hook into miniupnpd forwarding chain";

files/nftables.d/chain-post/srcnat/20-miniupnpd.nft

@@ -0,0 +1 @@
+jump upnp_postrouting comment "Hook into miniupnpd postrouting chain";

files/nftables.d/table-post/20-miniupnpd.nft

@@ -0,0 +1,3 @@
+chain upnp_forward {}
+chain upnp_prerouting {}
+chain upnp_postrouting {}

files/upnpd.config

@@ -0,0 +1,29 @@
+config upnpd config
+	option enabled		0
+	option enable_natpmp	1
+	option enable_upnp	1
+	option secure_mode	1
+	option log_output	0
+	option download		1024
+	option upload		512
+#by default, looked up dynamically from ubus
+#	option external_iface	wan
+	option internal_iface	lan
+	option port		5000
+	option upnp_lease_file	/var/run/miniupnpd.leases
+	option upnp_lease_file6	/var/run/miniupnpd.leases6
+	option igdv1		1
+
+config perm_rule
+	option action		allow
+	option ext_ports	1024-65535
+	option int_addr		0.0.0.0/0	# Does not override secure_mode
+	option int_ports	1024-65535
+	option comment		"Allow high ports"
+
+config perm_rule
+	option action		deny
+	option ext_ports	0-65535
+	option int_addr		0.0.0.0/0
+	option int_ports	0-65535
+	option comment		"Default deny"

patches/0e8c68d.patch

@@ -0,0 +1,25 @@
+From 0e8c68d2ac4097d50fa93368e15dd7c972123e74 Mon Sep 17 00:00:00 2001
+From: QiuSimons <45143996+QiuSimons@users.noreply.github.com>
+Date: Thu, 30 Nov 2023 11:50:58 +0800
+Subject: [PATCH] Update upnpevents.c
+
+---
+ miniupnpd/upnpevents.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/upnpevents.c b/upnpevents.c
+index 2e1b22f90..0b05e4b67 100644
+--- a/upnpevents.c
++++ b/upnpevents.c
+@@ -384,9 +384,9 @@ upnp_event_notify_connect(struct upnp_event_notify * obj)
+ 	obj->state = EConnecting;
+ 	if(connect(obj->s, (struct sockaddr *)&addr, addrlen) < 0) {
+ 		if(errno != EINPROGRESS && errno != EWOULDBLOCK) {
+-			syslog(LOG_ERR, "%s: connect(%d, %s, %u): %m",
++			/* syslog(LOG_ERR, "%s: connect(%d, %s, %u): %m",
+ 			       "upnp_event_notify_connect", obj->s,
+-			       obj->addrstr, addrlen);
++			       obj->addrstr, addrlen); */
+ 			obj->state = EError;
+ 		}
+ 	}

patches/21541fc.patch

@@ -0,0 +1,25 @@
+From 21541fc2e6b6bbc3c0e2a9e2c3e4393495d0b4cf Mon Sep 17 00:00:00 2001
+From: QiuSimons <45143996+QiuSimons@users.noreply.github.com>
+Date: Thu, 19 Oct 2023 10:50:50 +0800
+Subject: [PATCH] Update asyncsendto.c
+
+---
+ miniupnpd/asyncsendto.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/asyncsendto.c b/asyncsendto.c
+index b76d0db56..25ad28ec7 100644
+--- a/asyncsendto.c
++++ b/asyncsendto.c
+@@ -254,9 +254,9 @@ int try_sendto(fd_set * writefds)
+ 					/* uncatched error */
+ 					if(sockaddr_to_string(elt->dest_addr, addr_str, sizeof(addr_str)) <= 0)
+ 						addr_str[0] = '\0';
+-					syslog(LOG_ERR, "%s(sock=%d, len=%u, dest=%s): sendto: %m",
++					/* syslog(LOG_ERR, "%s(sock=%d, len=%u, dest=%s): sendto: %m",
+ 					       "try_sendto", elt->sockfd, (unsigned)elt->len,
+-					       addr_str);
++					       addr_str); */
+ 					ret--;
+ 				}
+ 			} else if((int)n != (int)elt->len) {

patches/3f3582b.patch

@@ -0,0 +1,24 @@
+From 3f3582be627ac6bdfded8789cb512aff00c6853b Mon Sep 17 00:00:00 2001
+From: QiuSimons <45143996+QiuSimons@users.noreply.github.com>
+Date: Wed, 24 Jan 2024 20:59:01 +0800
+Subject: [PATCH] Update minissdp.c
+
+---
+ miniupnpd/minissdp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/minissdp.c b/minissdp.c
+index b50b7b9a3..27f563231 100644
+--- a/minissdp.c
++++ b/minissdp.c
+@@ -1037,8 +1037,8 @@ ProcessSSDPData(int s, const char *bufr, int n,
+ 	}
+ 	if(lan_addr == NULL)
+ 	{
+-		syslog(LOG_WARNING, "SSDP packet sender %s (if_index=%d) not from a LAN, ignoring",
+-		       sender_str, source_if);
++		/* syslog(LOG_WARNING, "SSDP packet sender %s (if_index=%d) not from a LAN, ignoring",
++		       sender_str, source_if); */
+ 		return;
+ 	}
+ 

patches/60f5705.patch

@@ -0,0 +1,22 @@
+From 60f5705a3927d0b0ee96a6a4d4157006ad82fa08 Mon Sep 17 00:00:00 2001
+From: QiuSimons <45143996+QiuSimons@users.noreply.github.com>
+Date: Thu, 30 Nov 2023 11:24:17 +0800
+Subject: [PATCH] Update miniupnpd.c
+
+---
+ miniupnpd/miniupnpd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/miniupnpd.c b/miniupnpd.c
+index 61ff4e06a..d5c9038e1 100644
+--- a/miniupnpd.c
++++ b/miniupnpd.c
+@@ -2875,7 +2875,7 @@ main(int argc, char * * argv)
+ 		}
+ 		i = try_sendto(&writeset);
+ 		if(i < 0) {
+-			syslog(LOG_ERR, "try_sendto failed to send %d packets", -i);
++			/*syslog(LOG_ERR, "try_sendto failed to send %d packets", -i);*/
+ 		}
+ #ifdef USE_MINIUPNPDCTL
+ 		for(ectl = ctllisthead.lh_first; ectl;)

patches/6aefa9a.patch

@@ -0,0 +1,31 @@
+From 6aefa9a1796954b3ac1babbd15ed49d79e4200f5 Mon Sep 17 00:00:00 2001
+From: QiuSimons <45143996+QiuSimons@users.noreply.github.com>
+Date: Wed, 24 Dec 2025 12:31:20 +0800
+Subject: [PATCH] Increase listen backlog to 128
+
+---
+ miniupnpd/miniupnpd.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/miniupnpd.c b/miniupnpd.c
+index 4c96c77e..624845b6 100644
+--- a/miniupnpd.c
++++ b/miniupnpd.c
+@@ -425,7 +425,7 @@ OpenAndConfHTTPSocket(unsigned short * port)
+ 		return -1;
+ 	}
+ 
+-	if(listen(s, 5) < 0)
++	if(listen(s, 128) < 0)
+ 	{
+ 		syslog(LOG_ERR, "listen(http): %m");
+ 		close(s);
+@@ -705,7 +705,7 @@ OpenAndConfCtlUnixSocket(const char * path)
+ 		close(s);
+ 		s = -1;
+ 	}
+-	else if(listen(s, 5) < 0)
++	else if(listen(s, 128) < 0)
+ 	{
+ 		syslog(LOG_ERR, "listen(sctl): %m");
+ 		close(s);

patches/8f2f392.patch

@@ -0,0 +1,25 @@
+From 8f2f392c86472a19a447383e56cf1e797d105852 Mon Sep 17 00:00:00 2001
+From: QiuSimons <45143996+QiuSimons@users.noreply.github.com>
+Date: Thu, 30 Nov 2023 11:53:12 +0800
+Subject: [PATCH] Update upnpevents.c
+
+---
+ miniupnpd/upnpevents.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/upnpevents.c b/upnpevents.c
+index 2e1b22f90..5730a0c7d 100644
+--- a/upnpevents.c
++++ b/upnpevents.c
+@@ -547,9 +547,9 @@ upnp_event_process_notify(struct upnp_event_notify * obj)
+ 		}
+ 		if(err != 0) {
+ 			errno = err;
+-			syslog(LOG_WARNING, "%s: connect(%s%s): %m",
++			/* syslog(LOG_WARNING, "%s: connect(%s%s): %m",
+ 			       "upnp_event_process_notify",
+-			       obj->addrstr, obj->portstr);
++			       obj->addrstr, obj->portstr); */
+ 			obj->state = EError;
+ 			break;
+ 		}

patches/b78a363.patch

@@ -0,0 +1,24 @@
+From b78a3634a51a2a786a56b9ca629dc58a5c1a0491 Mon Sep 17 00:00:00 2001
+From: QiuSimons <45143996+QiuSimons@users.noreply.github.com>
+Date: Thu, 19 Oct 2023 10:52:51 +0800
+Subject: [PATCH] Update minissdp.c
+
+---
+ miniupnpd/minissdp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/minissdp.c b/minissdp.c
+index d71b6e016..42947304b 100644
+--- a/minissdp.c
++++ b/minissdp.c
+@@ -712,8 +712,8 @@ SendSSDPNotify(int s, const struct sockaddr * dest, socklen_t dest_len,
+ 	}
+ 	n = sendto_or_schedule(s, bufr, l, 0, dest, dest_len);
+ 	if(n < 0) {
+-		syslog(LOG_ERR, "sendto(udp_notify=%d, %s): %m", s,
+-		       host ? host : "NULL");
++		/* syslog(LOG_ERR, "sendto(udp_notify=%d, %s): %m", s,
++		       host ? host : "NULL"); */
+ 	} else if(n != l) {
+ 		syslog(LOG_NOTICE, "sendto() sent %d out of %d bytes", n, l);
+ 	}