├── files
    └── Makefile
├── README.md
└── Makefile


/files/Makefile:
--------------------------------------------------------------------------------
 1 | all: libipt_FULLCONENAT.so libip6t_FULLCONENAT.so
 2 | .PHONY: all
 3 | 
 4 | %.so: %.o
 5 | 	$(CC) -shared -lxtables -o $@ $^
 6 | %.o: %.c
 7 | 	$(CC) ${CFLAGS} -fPIC -c -o $@ $<
 8 | 
 9 | obj-m += xt_FULLCONENAT.o
10 | 
11 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## Netfilter and iptables extension for [FULLCONENAT](https://github.com/Chion82/netfilter-full-cone-nat) target ported to OpenWrt.
 2 | 
 3 | Compile
 4 | ---
 5 | ```
 6 | # cd to OpenWrt source path
 7 | # Clone this repo
 8 | git clone -b master --single-branch https://github.com/LGA1150/openwrt-fullconenat package/fullconenat
 9 | # Select Network -> Firewall -> iptables-mod-fullconenat
10 | make menuconfig
11 | # Compile
12 | make V=s
13 | ```
14 | 
15 | Usage
16 | ---
17 | You can apply [this patch](https://github.com/LGA1150/fullconenat-fw3-patch) to OpenWrt's Firewall3 (Recommended).
18 | 
19 | Or manually add the following rules to `/etc/firewall.user`
20 | ```
21 | iptables -t nat -A zone_wan_prerouting -j FULLCONENAT
22 | iptables -t nat -A zone_wan_postrouting -j FULLCONENAT
23 | ```
24 | 
25 | Workaround for conflicting with module `nf_conntrack_netlink`
26 | ---
27 | This module uses conntrack events to register a callback function. In the same netns, only one callback method can be registered, that causes conflicts with `nf_conntrack_netlink`, which also uses conntrack events. Qualcomm Shortcut FE has introduced a patch to allow multiple callbacks to be registered. To apply, put [this patch](https://github.com/coolsnowwolf/lede/blob/master/target/linux/generic/hack-4.14/952-net-conntrack-events-support-multiple-registrant.patch) into `target/linux/generic/hack-4.14`.
28 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | #
 2 | # Copyright (C) 2018 Chion Tang <tech@chionlab.moe>
 3 | #
 4 | # This is free software, licensed under the GNU General Public License v2.
 5 | # See /LICENSE for more information.
 6 | #
 7 | 
 8 | include $(TOPDIR)/rules.mk
 9 | include $(INCLUDE_DIR)/kernel.mk
10 | 
11 | PKG_NAME:=fullconenat
12 | PKG_RELEASE:=1
13 | 
14 | PKG_SOURCE_DATE:=2023-01-01
15 | PKG_SOURCE_PROTO:=git
16 | PKG_SOURCE_URL:=https://github.com/llccd/netfilter-full-cone-nat.git
17 | PKG_SOURCE_VERSION:=74c5e6f3c7faaf33ece451697537c81781781c20
18 | PKG_MIRROR_HASH:=3c254f1edba28eafdccac9cf95eb550fd2b05eeaaec8a02c73e1dcd2f98f9d93
19 | 
20 | PKG_LICENSE:=GPL-2.0
21 | PKG_LICENSE_FILES:=LICENSE
22 | 
23 | include $(INCLUDE_DIR)/package.mk
24 | 
25 | define Package/iptables-mod-fullconenat
26 |   SUBMENU:=Firewall
27 |   SECTION:=net
28 |   CATEGORY:=Network
29 |   TITLE:=FULLCONENAT iptables extension
30 |   DEPENDS:=+iptables +kmod-ipt-fullconenat
31 |   MAINTAINER:=Chion Tang <tech@chionlab.moe>
32 | endef
33 | 
34 | define Package/iptables-mod-fullconenat/install
35 | 	$(INSTALL_DIR) $(1)/usr/lib/iptables
36 | 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/libipt_FULLCONENAT.so $(1)/usr/lib/iptables
37 | 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/libip6t_FULLCONENAT.so $(1)/usr/lib/iptables
38 | endef
39 | 
40 | define KernelPackage/ipt-fullconenat
41 |   SUBMENU:=Netfilter Extensions
42 |   TITLE:=FULLCONENAT netfilter module
43 |   DEPENDS:=+kmod-nf-ipt +kmod-nf-nat +kmod-nf-ipt6 +kmod-nf-nat6
44 |   MAINTAINER:=Chion Tang <tech@chionlab.moe>
45 |   KCONFIG:=CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y
46 |   FILES:=$(PKG_BUILD_DIR)/xt_FULLCONENAT.ko
47 | endef
48 | 
49 | include $(INCLUDE_DIR)/kernel-defaults.mk
50 | 
51 | define Build/Prepare
52 | 	$(call Build/Prepare/Default)
53 | 	$(CP) ./files/Makefile $(PKG_BUILD_DIR)/
54 | endef
55 | 
56 | define Build/Compile
57 | 	+$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \
58 |         CROSS_COMPILE="$(TARGET_CROSS)" \
59 |         ARCH="$(LINUX_KARCH)" \
60 |         M="$(PKG_BUILD_DIR)" \
61 |         EXTRA_CFLAGS="$(BUILDFLAGS)" \
62 |         modules
63 | 	$(call Build/Compile/Default)
64 | endef
65 | 
66 | $(eval $(call BuildPackage,iptables-mod-fullconenat))
67 | $(eval $(call KernelPackage,ipt-fullconenat))
68 | 


--------------------------------------------------------------------------------