add .install

author: edward-p 2018-08-25 01:23:35 +0800
committer: edward-p 2018-08-25 01:23:35 +0800
commit: 4910a9bbf482dd7334bb31e6f3d16c4529f04303 (patch)
tree: 29fba1129ba91e0073e68a0617c55b9c1c75953f
parent: 1c3ab7b8f9d1a095701b61e1f6b2d6b3d70259b2 (diff)
download: aur-4910a9bbf482dd7334bb31e6f3d16c4529f04303.tar.gz
4 files changed, 190 insertions, 4 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 885eb3eac241..16a46793222b 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,8 +1,9 @@
 pkgbase = iptables-fullcone-nat
 	pkgdesc = iptables with FULLCONENAT extension
-	pkgver = 1.8.0.r73.g92f7b04f
+	pkgver = 1.8.0.r85.g0800d9b4
 	pkgrel = 1
 	url = https://github.com/Chion82/netfilter-full-cone-nat
+	install = iptables-fullcone-nat.install
 	arch = i686
 	arch = x86_64
 	license = GPL2
@@ -27,6 +28,7 @@ pkgbase = iptables-fullcone-nat
 	source = iptables-flush::https://git.archlinux.org/svntogit/packages.git/plain/trunk/iptables-flush?h=packages/iptables
 	source = iptables.service::https://git.archlinux.org/svntogit/packages.git/plain/trunk/iptables.service?h=packages/iptables
 	source = simple_firewall.rules::https://git.archlinux.org/svntogit/packages.git/plain/trunk/simple_firewall.rules?h=packages/iptables
+	source = iptables-fullcone-nat.install
 	sha256sums = SKIP
 	sha256sums = SKIP
 	sha256sums = SKIP
@@ -39,6 +41,7 @@ pkgbase = iptables-fullcone-nat
 	sha256sums = SKIP
 	sha256sums = SKIP
 	sha256sums = SKIP
+	sha256sums = 28c1f28f2e8b2b95b562ff807ac472134f27da350cb787f7e0f2d59f80d16ac0
 
 pkgname = iptables-fullcone-nat
 
diff --git a/PKGBUILD b/PKGBUILD
index a31c304ae94d..6a53c9556dd7 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Edward Pacman <micro DOT fedora AT gmail DOT com>
 
 pkgname=iptables-fullcone-nat
-pkgver=1.8.0.r73.g92f7b04f
+pkgver=1.8.0.r85.g0800d9b4
 pkgrel=1
 pkgdesc="iptables with FULLCONENAT extension"
 arch=('i686' 'x86_64')
@@ -11,6 +11,7 @@ depends=('glibc' 'libmnl' 'libnftnl' 'libpcap' 'netfilter-full-cone-nat-dkms')
 makedepends=('git' 'linux-api-headers')
 provides=('iptables')
 conflicts=('iptables')
+install=${pkgname}.install
 source=("file:///usr/src/netfilter-full-cone-nat-git+ec14efe/libipt_FULLCONENAT.c"
 	"git://git.netfilter.org/iptables"
         "empty-filter.rules::https://git.archlinux.org/svntogit/packages.git/plain/trunk/empty-filter.rules?h=packages/iptables"
@@ -22,7 +23,8 @@ source=("file:///usr/src/netfilter-full-cone-nat-git+ec14efe/libipt_FULLCONENAT.
         "ip6tables.service::https://git.archlinux.org/svntogit/packages.git/plain/trunk/ip6tables.service?h=packages/iptables"
         "iptables-flush::https://git.archlinux.org/svntogit/packages.git/plain/trunk/iptables-flush?h=packages/iptables"
         "iptables.service::https://git.archlinux.org/svntogit/packages.git/plain/trunk/iptables.service?h=packages/iptables"
-        "simple_firewall.rules::https://git.archlinux.org/svntogit/packages.git/plain/trunk/simple_firewall.rules?h=packages/iptables")
+        "simple_firewall.rules::https://git.archlinux.org/svntogit/packages.git/plain/trunk/simple_firewall.rules?h=packages/iptables"
+        "iptables-fullcone-nat.install")
 sha256sums=('SKIP'
             'SKIP'
             'SKIP'
@@ -34,7 +36,8 @@ sha256sums=('SKIP'
             'SKIP'
             'SKIP'
             'SKIP'
-            'SKIP')
+            'SKIP'
+            '28c1f28f2e8b2b95b562ff807ac472134f27da350cb787f7e0f2d59f80d16ac0')
 
 
 pkgver() {
diff --git a/iptables-fullcone-nat.install b/iptables-fullcone-nat.install
new file mode 100644
index 000000000000..2ca0842b500f
--- /dev/null
+++ b/iptables-fullcone-nat.install
@@ -0,0 +1,9 @@
+post_install(){
+    echo "Assuming eth0 is external interface:"
+    echo -e "\tiptables -t nat -A POSTROUTING -o eth0 -j FULLCONENAT #same as MASQUERADE"
+    echo -e "\tiptables -t nat -A PREROUTING -i eth0 -j FULLCONENAT  #automatically restore NAT for inbound packets"
+}
+
+post_upgrade() {
+    post_install
+}
diff --git a/libipt_FULLCONENAT.c b/libipt_FULLCONENAT.c
new file mode 100644
index 000000000000..9965cd7e09c1
--- /dev/null
+++ b/libipt_FULLCONENAT.c
@@ -0,0 +1,171 @@
+#include <stdio.h>
+#include <netdb.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <xtables.h>
+#include <limits.h> /* INT_MAX in ip_tables.h */
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter/nf_nat.h>
+
+#ifndef NF_NAT_RANGE_PROTO_RANDOM_FULLY
+#define NF_NAT_RANGE_PROTO_RANDOM_FULLY (1 << 4)
+#endif
+
+enum {
+	O_TO_PORTS = 0,
+	O_RANDOM,
+	O_RANDOM_FULLY,
+};
+
+static void FULLCONENAT_help(void)
+{
+	printf(
+"FULLCONENAT target options:\n"
+" --to-ports <port>[-<port>]\n"
+"				Port (range) to map to.\n"
+" --random\n"
+"				Randomize source port.\n"
+" --random-fully\n"
+"				Fully randomize source port.\n");
+}
+
+static const struct xt_option_entry FULLCONENAT_opts[] = {
+	{.name = "to-ports", .id = O_TO_PORTS, .type = XTTYPE_STRING},
+	{.name = "random", .id = O_RANDOM, .type = XTTYPE_NONE},
+	{.name = "random-fully", .id = O_RANDOM_FULLY, .type = XTTYPE_NONE},
+	XTOPT_TABLEEND,
+};
+
+static void FULLCONENAT_init(struct xt_entry_target *t)
+{
+	struct nf_nat_ipv4_multi_range_compat *mr = (struct nf_nat_ipv4_multi_range_compat *)t->data;
+
+	/* Actually, it's 0, but it's ignored at the moment. */
+	mr->rangesize = 1;
+}
+
+/* Parses ports */
+static void
+parse_ports(const char *arg, struct nf_nat_ipv4_multi_range_compat *mr)
+{
+	char *end;
+	unsigned int port, maxport;
+
+	mr->range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
+
+	if (!xtables_strtoui(arg, &end, &port, 0, UINT16_MAX))
+		xtables_param_act(XTF_BAD_VALUE, "FULLCONENAT", "--to-ports", arg);
+
+	switch (*end) {
+	case '\0':
+		mr->range[0].min.tcp.port
+			= mr->range[0].max.tcp.port
+			= htons(port);
+		return;
+	case '-':
+		if (!xtables_strtoui(end + 1, NULL, &maxport, 0, UINT16_MAX))
+			break;
+
+		if (maxport < port)
+			break;
+
+		mr->range[0].min.tcp.port = htons(port);
+		mr->range[0].max.tcp.port = htons(maxport);
+		return;
+	default:
+		break;
+	}
+	xtables_param_act(XTF_BAD_VALUE, "FULLCONENAT", "--to-ports", arg);
+}
+
+static void FULLCONENAT_parse(struct xt_option_call *cb)
+{
+	const struct ipt_entry *entry = cb->xt_entry;
+	int portok;
+	struct nf_nat_ipv4_multi_range_compat *mr = cb->data;
+
+	if (entry->ip.proto == IPPROTO_TCP
+	    || entry->ip.proto == IPPROTO_UDP
+	    || entry->ip.proto == IPPROTO_SCTP
+	    || entry->ip.proto == IPPROTO_DCCP
+	    || entry->ip.proto == IPPROTO_ICMP)
+		portok = 1;
+	else
+		portok = 0;
+
+	xtables_option_parse(cb);
+	switch (cb->entry->id) {
+	case O_TO_PORTS:
+		if (!portok)
+			xtables_error(PARAMETER_PROBLEM,
+				   "Need TCP, UDP, SCTP or DCCP with port specification");
+		parse_ports(cb->arg, mr);
+		break;
+	case O_RANDOM:
+		mr->range[0].flags |=  NF_NAT_RANGE_PROTO_RANDOM;
+		break;
+	case O_RANDOM_FULLY:
+		mr->range[0].flags |=  NF_NAT_RANGE_PROTO_RANDOM_FULLY;
+		break;
+	}
+}
+
+static void
+FULLCONENAT_print(const void *ip, const struct xt_entry_target *target,
+                 int numeric)
+{
+	const struct nf_nat_ipv4_multi_range_compat *mr = (const void *)target->data;
+	const struct nf_nat_ipv4_range *r = &mr->range[0];
+
+	if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
+		printf(" masq ports: ");
+		printf("%hu", ntohs(r->min.tcp.port));
+		if (r->max.tcp.port != r->min.tcp.port)
+			printf("-%hu", ntohs(r->max.tcp.port));
+	}
+
+	if (r->flags & NF_NAT_RANGE_PROTO_RANDOM)
+		printf(" random");
+
+	if (r->flags & NF_NAT_RANGE_PROTO_RANDOM_FULLY)
+		printf(" random-fully");
+}
+
+static void
+FULLCONENAT_save(const void *ip, const struct xt_entry_target *target)
+{
+	const struct nf_nat_ipv4_multi_range_compat *mr = (const void *)target->data;
+	const struct nf_nat_ipv4_range *r = &mr->range[0];
+
+	if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
+		printf(" --to-ports %hu", ntohs(r->min.tcp.port));
+		if (r->max.tcp.port != r->min.tcp.port)
+			printf("-%hu", ntohs(r->max.tcp.port));
+	}
+
+	if (r->flags & NF_NAT_RANGE_PROTO_RANDOM)
+		printf(" --random");
+
+	if (r->flags & NF_NAT_RANGE_PROTO_RANDOM_FULLY)
+		printf(" --random-fully");
+}
+
+static struct xtables_target fullconenat_tg_reg = {
+	.name		= "FULLCONENAT",
+	.version	= XTABLES_VERSION,
+	.family		= NFPROTO_IPV4,
+	.size		= XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)),
+	.userspacesize	= XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)),
+	.help		= FULLCONENAT_help,
+	.init		= FULLCONENAT_init,
+	.x6_parse	= FULLCONENAT_parse,
+	.print		= FULLCONENAT_print,
+	.save		= FULLCONENAT_save,
+	.x6_options	= FULLCONENAT_opts,
+};
+
+void _init(void)
+{
+	xtables_register_target(&fullconenat_tg_reg);
+}
author	edward-p	2018-08-25 01:23:35 +0800
committer	edward-p	2018-08-25 01:23:35 +0800
commit	4910a9bbf482dd7334bb31e6f3d16c4529f04303 (patch)
tree	29fba1129ba91e0073e68a0617c55b9c1c75953f
parent	1c3ab7b8f9d1a095701b61e1f6b2d6b3d70259b2 (diff)
download	aur-4910a9bbf482dd7334bb31e6f3d16c4529f04303.tar.gz