luci-app-upnp: Finalise changes for OpenWrt 24.10 release

[Self-Hosting-Group]

• Complete plugin wording/UI revision
  Add missing protocol term in status/overview UI and shorten menu option to UPnP IGD & PCP, otherwise two lines, rearrange table columns, improve wording and add help texts and note upstream change miniupnp/miniupnp@9339f0e
• Simplify UI by moving rarely used options to advanced settings, rest to service setup and rearrangement
• Hide dependent UI fields if UPnP IGD protocol is disabled
• Remove clean_ruleset_interval/threshold UI options as not working
• Require client address and improve defaults in ACL entry UI (was not adopted)
• Manual adaption of changed non-translatable protocol acronyms in translations, see Integrity of translation source texts and changes. #7175

This PR completes committed changes #6863 (merged in #6975) and continues #7217 for the UPnP IGD & PCP/NAT-PMP autonomous port mapping service.

Commited in 4024dfa

Service setup UI:

Screenshot 23.05 release

Advanced settings UI:

Screenshot 23.05 release

ACL entry UI:

Status/overview UI:

The Port Control Protocol (PCP) is the successor to NAT-PMP, has similar protocol concepts and packet formats, but adds support for IPv6 port maps and options/extensions. For more information, see:
Port Mapping Protocols Overview and Comparison 2024 - About UPnP IGD & PCP/NAT-PMP
https://github.com/Self-Hosting-Group/wiki/wiki/Port-Mapping-Protocols-Overview

Maintainer: @jow-

[systemcrash]

rebase, squash please

[Self-Hosting-Group]

Simplify the UI by removing the unimportant option Report system instead on daemon uptime?

[systemcrash]

keep it around

[Self-Hosting-Group]

Last but not least.

1. I had renamed general settings to general setup, but now to service setup, with the corresponding advanced settings. Good choice?
2. The UPnP IGD & PCP/NAT-PMP protocols allow clients on the local network to configure port maps/forwards on the router autonomously. Or: The UPnP IGD & PCP/NAT-PMP protocols allow clients on the local network to configure autonomously port maps/forwards on the router. Autonomous is the best word, better than e.g. independent?
3. Would a help text in the UI with e.g. two example STUN servers be useful or in the wiki?
4. There is currently a bug in the 24.10 package that does not correctly remove the nftables rules for the port maps. I think this should be fixed in the release. I could possibly include this miniupnp/miniupnp@d07b0a1 in the package update. What do you think? Can the daemon be built directly from the latest upstream commit or does the fix need to be backported as there is unfortunately no release yet that fixes the bug. This affects the daemon starting with 2.3.6, see miniupnpd: Port map listing broken since version 2.3.6 miniupnp/miniupnp#768
5. In another project (maybe later in LuCI) I would like to propose the UI option Allow third-party (port?) mapping or Allow third-party maps, whichever is better, with the help text Allow (adding?) port maps for non-requesting IP addresses. This will replace the current secure mode there. Is this good wording, and perhaps as a variable allow_third_party_mapping?

Any comments on this would be very welcome.

[systemcrash]

Last but not least.

1. I had renamed general settings to general setup, but now to service setup, with the corresponding advanced settings. Good choice?

In so doing we orphan a bunch of already good i18n, with no obvious improvement. Just seems synonymous.

2. The UPnP IGD & PCP/NAT-PMP protocols allow clients on the local network to configure port maps/forwards on the router _autonomously_. Or: The UPnP IGD & PCP/NAT-PMP protocols allow clients on the local network to configure _autonomously_ port maps/forwards on the router. Autonomous is the best word, better than e.g. independent?

They're more or less synonyms. Either.

3. Would a help text in the UI with e.g. two example STUN servers be useful or in the wiki?

??

[systemcrash]

So, you've tested these changes in situ, correct? What happens when you edit an ACL, delete one of the port fields, and press save?

[systemcrash]

drop

[Self-Hosting-Group]

Better not. See detailed comment under point 1

[Self-Hosting-Group]

1. I would rather not remove the requirement to enter the client address in the ACL, for security reasons I think it should be very clear (and passed to UCI) which IP/netmask it is for, and explicitly ask the user via the UI. Also, if no entry is made for the ports/client address fields, the generated UCI configuration files would not contain the options, which would have to be added manually during subsequent editing via the CLI

2. Regarding IPv6 support in the daemon: unfortunately there is still no support, and this has been documented in the UI for some time, also the text will be updated with this PR

luci/applications/luci-app-upnp/htdocs/luci-static/resources/view/upnp/upnp.js

Line 196 in 43a24c4

_('ACL specify which client addresses and ports can be mapped, IPv6 always allowed.'));

Since you are reviewing this PR and know what you would like to see in OpenWrt, I have added your input as a separate commit, so you can decide whether to commit it or not.

Each change made by this PR is based on a clear consideration (but perhaps not clearly communicated), but as the quality of the plugin UI/wording was IMHO rather low, major changes were necessary.

A comment on points 4 and 5 of the earlier comment would be very, very nice after this PR is merged.

Thanks for all the reviews and sometimes it just takes longer, but the result is relevant. And I'm very happy with it.

[systemcrash]

OK. Done I think. Rebase, squash your commits, please.

[systemcrash]

No merge commits. Rebase on master.

[Self-Hosting-Group]

Squash: remove the Drop ACL input requirements commit and keep the separate Remove obsolete translations commit?

[stokito]

Some translations were lost, I'll try to repair them.

[Self-Hosting-Group]

Some translations were lost, I'll try to repair them.

The strings where several important things were changed, I deliberately deleted them to start a new translation. For example, function was used instead of protocol and the missing note about the IPv6 ACL limitation, etc. Any strings that were easy for me to adapt were adapted manually. For Use %s (STUN) it is not clear to me why the manual adaption did not work, maybe it has to do with the newly created msgctxt (b6cc5e0). Improvements/new translations are of course welcome.

[stokito]

Remove clean_ruleset_interval/threshold UI options as not working

why did you decided that they aren't working? I checked and the option is propagated to the config https://github.com/openwrt/packages/blob/f1c69d0e6cea3dc33e3cc86e22812afb8ecb1032/net/miniupnpd/files/miniupnpd.init#L160

The config value is also still used in the miniupnpd https://github.com/miniupnp/miniupnp/blob/master/miniupnpd/miniupnpd.conf#L149

[stokito]

ok, then maybe if you have a time you may restore translations for the changed keys? I restored the Use STUN but I have to go. You may continue from my branch

[hnyman]

@systemcrash
Due to this PR being merged, there is a weblate conflict.

Rebasing (1/1)
Auto-merging applications/luci-app-upnp/po/zh_Hant/upnp.po
CONFLICT (content): Merge conflict in applications/luci-app-upnp/po/zh_Hant/upnp.po
error: could not apply 428a43b365... Translated using Weblate (Chinese (Traditional Han script))
hint: Resolve all conflicts manually, mark them as resolved with
hint: "git add/rm <conflicted_files>", then run "git rebase --continue".
hint: You can instead skip this commit: run "git rebase --skip".
hint: To abort and get back to the state before "git rebase", run "git rebase --abort".
Could not apply 428a43b365... Translated using Weblate (Chinese (Traditional Han script))
 (1)

Stokito's later PR that you also merged, did not help, as the weblate was already in conflict.

[systemcrash]

I'll get that fixed (if you didn't already)

[hnyman]

I have been away from my PC, so I haven't fixed it

[systemcrash]

Fixed. Thanks for the heads-up @hnyman

[stokito]

See #7435