eBPF-based Endpoint-Independent NAT
The einat-ebpf is a eBPF application implements an "Endpoint-Independent Mapping" and "Endpoint-Independent Filtering" NAT(network address translation) on TC egress and ingress hooks.
- Target Linux kernel >= 5.15
- Target Linux kernel has the following kernel configuration enabled
CONFIG_DEBUG_KERNEL=y
CONFIG_DEBUG_INFO=y
CONFIG_DEBUG_INFO_REDUCED=n
CONFIG_DEBUG_INFO_BTF=y
- You can install
kmod-ikconfig
, use commandzcat /proc/config.gz | grep -E "(CONFIG_DEBUG_KERNEL|CONFIG_DEBUG_INFO|CONFIG_DEBUG_INFO_REDUCED|CONFIG_DEBUG_INFO_BTF)"
to confirm - If it does not match, you need add the following configuration to the
.config
and rebuild the target kernel
CONFIG_KERNEL_DEBUG_KERNEL=y
CONFIG_KERNEL_DEBUG_INFO=y
CONFIG_KERNEL_DEBUG_INFO_REDUCED=n
CONFIG_KERNEL_DEBUG_INFO_BTF=y
- Currently are known immortalwrt and fantastic-rebuild is enabled these options
You can find the prebuilt-ipks here
And LuCI can be found here luci-app-einat
# Build system setup
# Please refer to [Build system setup](https://openwrt.org/docs/guide-developer/toolchain/install-buildsystem)
sudo apt install libelf-dev zlib1g-dev
# Take the x86_64 platform as an example
tar xjf rebuild-sdk-23.05.3-x86-64_gcc-12.3.0_musl.Linux-x86_64.tar.xz
# Go to the SDK root dir
cd rebuild-sdk-*-x86_64_*
# Install prebuilt llvm-bpf
tar xjf llvm-bpf-*.Linux-x86_64.tar.xz
# First run to generate a .config file
./scripts/feeds update -a
./scripts/feeds install -a
make menuconfig
# Get Makefile
git clone --depth 1 --branch master --single-branch --no-checkout https://github.com/muink/openwrt-einat-ebpf.git package/einat-ebpf
pushd package/einat-ebpf
umask 022
git checkout
popd
# Select the package Network -> Routing and Redirection -> einat-ebpf
make menuconfig
# Start compiling
make package/einat-ebpf/compile V=s BUILD_LOG=y -j$(nproc)
This project is licensed under the GPL-2.0