From b069e5663393776e18b027ddfb2c60554da914d1 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 21 Dec 2022 12:50:49 +0100
Subject: [PATCH] Add fullconenat

---
 fullconenat/Makefile                          | 62 +++++++++++++++++++
 .../001-fix-init-Repeat-definition.patch      | 20 ++++++
 .../patches/001-linux-6.1-support.patch       | 26 ++++++++
 fullconenat/src/Makefile                      |  6 ++
 4 files changed, 114 insertions(+)
 create mode 100644 fullconenat/Makefile
 create mode 100644 fullconenat/patches/001-fix-init-Repeat-definition.patch
 create mode 100644 fullconenat/patches/001-linux-6.1-support.patch
 create mode 100644 fullconenat/src/Makefile

diff --git a/fullconenat/Makefile b/fullconenat/Makefile
new file mode 100644
index 000000000..d49155c7e
--- /dev/null
+++ b/fullconenat/Makefile
@@ -0,0 +1,62 @@
+#
+# Copyright (C) 2022 Chion Tang <tech@chionlab.moe>
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fullconenat
+PKG_RELEASE:=9
+
+PKG_SOURCE_DATE:=2022-02-13
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/llccd/netfilter-full-cone-nat.git
+PKG_SOURCE_VERSION:=108a36cbdca17e68c9e6e7fd5e26156a88f738e8
+PKG_MIRROR_HASH:=00d749235271dee194dcd23c22e6e85207ea90192a62a110b2af0b4e4de1971f
+
+PKG_LICENSE:=GPL-2.0
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Chion Tang <tech@chionlab.moe>
+
+include $(INCLUDE_DIR)/kernel.mk
+include $(INCLUDE_DIR)/package.mk
+
+define Package/iptables-mod-fullconenat
+  SUBMENU:=Firewall
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=FULLCONENAT iptables extension
+  DEPENDS:=+iptables +kmod-ipt-fullconenat
+endef
+
+define Package/iptables-mod-fullconenat/install
+	$(INSTALL_DIR) $(1)/usr/lib/iptables
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/libipt_FULLCONENAT.so $(1)/usr/lib/iptables
+endef
+
+define KernelPackage/ipt-fullconenat
+  SUBMENU:=Netfilter Extensions
+  TITLE:=FULLCONENAT netfilter module
+  DEPENDS:=+kmod-nf-ipt +kmod-nf-nat
+  KCONFIG:=  \
+	CONFIG_NF_CONNTRACK_EVENTS=y \
+	CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y
+  FILES:=$(PKG_BUILD_DIR)/xt_FULLCONENAT.ko
+endef
+
+include $(INCLUDE_DIR)/kernel-defaults.mk
+
+define Build/Compile
+	+$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \
+		CROSS_COMPILE="$(TARGET_CROSS)" \
+		ARCH="$(LINUX_KARCH)" \
+		M="$(PKG_BUILD_DIR)" \
+		EXTRA_CFLAGS="$(BUILDFLAGS)" \
+		modules
+	$(call Build/Compile/Default)
+endef
+
+$(eval $(call KernelPackage,ipt-fullconenat))
+$(eval $(call BuildPackage,iptables-mod-fullconenat))
diff --git a/fullconenat/patches/001-fix-init-Repeat-definition.patch b/fullconenat/patches/001-fix-init-Repeat-definition.patch
new file mode 100644
index 000000000..67c9332c8
--- /dev/null
+++ b/fullconenat/patches/001-fix-init-Repeat-definition.patch
@@ -0,0 +1,20 @@
+--- a/libip6t_FULLCONENAT.c
++++ b/libip6t_FULLCONENAT.c
+@@ -214,6 +214,7 @@ static struct xtables_target fullconenat_tg_reg = {
+ 	.x6_options	= FULLCONENAT_opts,
+ };
+ 
++#define _init __attribute__((constructor)) _INIT
+ void _init(void)
+ {
+ 	xtables_register_target(&fullconenat_tg_reg);
+--- a/libipt_FULLCONENAT.c
++++ b/libipt_FULLCONENAT.c
+@@ -235,6 +235,7 @@ static struct xtables_target fullconenat_tg_reg = {
+ 	.x6_options	= FULLCONENAT_opts,
+ };
+ 
++#define _init __attribute__((constructor)) _INIT
+ void _init(void)
+ {
+ 	xtables_register_target(&fullconenat_tg_reg);
diff --git a/fullconenat/patches/001-linux-6.1-support.patch b/fullconenat/patches/001-linux-6.1-support.patch
new file mode 100644
index 000000000..41721fb5c
--- /dev/null
+++ b/fullconenat/patches/001-linux-6.1-support.patch
@@ -0,0 +1,26 @@
+--- a/xt_FULLCONENAT.c
++++ b/xt_FULLCONENAT.c
+@@ -325,7 +325,11 @@
+     /* for now we do the same thing for both --random and --random-fully */
+ 
+     /* select a random starting point */
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
++    start = (uint16_t)(get_random_u32() % (u32)range_size);
++#else
+     start = (uint16_t)(prandom_u32() % (u32)range_size);
++#endif
+   } else {
+ 
+     if ((original_port >= min && original_port <= min + range_size - 1)
+@@ -995,7 +999,11 @@
+     /* for now we do the same thing for both --random and --random-fully */
+ 
+     /* select a random starting point */
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
++    start = (uint16_t)(get_random_u32() % (u32)range_size);
++#else
+     start = (uint16_t)(prandom_u32() % (u32)range_size);
++#endif
+   } else {
+ 
+     if ((original_port >= min && original_port <= min + range_size - 1)
diff --git a/fullconenat/src/Makefile b/fullconenat/src/Makefile
new file mode 100644
index 000000000..b2f88db33
--- /dev/null
+++ b/fullconenat/src/Makefile
@@ -0,0 +1,6 @@
+libipt_FULLCONENAT.so: libipt_FULLCONENAT.o
+	$(CC) -shared -lxtables -o $@ $^;
+libipt_FULLCONENAT.o: libipt_FULLCONENAT.c
+	$(CC) ${CFLAGS} -fPIC -D_INIT=$*_init -c -o $@ $<;
+
+obj-m += xt_FULLCONENAT.o