Pre-install MiniUPnPd on OpenWrt by default

[Sergey Ponomarev]

Hi,

Most routers support port forwarding via UPnP IDG or/and NAT-PMP/PCP.
And many vendors use the MiniUPnPd http://miniupnp.free.fr This daemon
is kind of standard de-facto.
This is necessary for any p2p application but OpenWrt builds don't
have it pre-installed and pre-configured. While it's not so difficult
to install, this is an additional step and still something that users
must know. For example, I didn't know about it for about two years
while already using OpenWrt. For many users this makes life after
switching to OpenWrt worse than it was before because, for example,
now their gaming console works slower. Even if someone will try to
install it there is a risk to configure it incorrectly and expose WAN
to LAN forwarding.

Could you include the MiniUPnPd into OpenWrt?

There may be few concerns:
1. The UPnP IDG protocol has a very bad reputation. See "Universal Pwn
n Play" talk.
2. The MiniUPnPd also had a security issue in 2014 when the WAN to LAN
forwarding was enabled for NAT-PMP.
3. A disk space usage: I checked on OpenWrt with WR1043N  (MIPS) and
after installing the miniupnpd and it's dependency libcap-ng the disk
size usage increased to 72Kb. The binary itself is 98565 bytes, in
contrast with uhttpd 46212 and lighttpd 221413. Maybe for Tiny builds
this may be too much.

To make it smaller and easier for a code audit we may strip the UPnP
and leave only NAT-PMP/PCP. See
https://github.com/miniupnp/miniupnp/issues/545

In July 2014 there was two discussions about IPv6 firewall policy for
direct connections:
"OpenWRT IPv6 firewall"
http://lists.openwrt.org/pipermail/openwrt-devel/2014-July/000763.html
"IPv6 firewall and Port Control Protocol"
http://lists.openwrt.org/pipermail/openwrt-devel/2014-July/000671.html

The MiniUPnPd can solve the problem at least partially.

See also: a forum discussion
https://forum.openwrt.org/t/port-control-protocol-support/114411

Regards,
Sergey