diff --git a/einat-ebpf/.github/workflows/calculate.yml b/einat-ebpf/.github/workflows/calculate.yml
new file mode 100644
index 0000000..3feaf5a
--- /dev/null
+++ b/einat-ebpf/.github/workflows/calculate.yml
@@ -0,0 +1,27 @@
+name: Calculating PKG_MIRROR_HASH
+on:
+  workflow_dispatch:
+    inputs:
+      target_version:
+        description: 'Target OpenWrt version. if empty the simple mode will be used.'
+        required: false
+        type: string
+
+jobs:
+  check:
+    name: Calculating PKG_MIRROR_HASH of XX
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write  # To push a branch
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref_name }}
+          fetch-depth: 0
+
+      - uses: muink/openwrt-package-mirror-hash-calculator@main
+        env:
+          COMMIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          MAKEFILE: Makefile
+          TARGET_VERSION: ${{ inputs.target_version }}
diff --git a/einat-ebpf/.prepare.sh b/einat-ebpf/.prepare.sh
new file mode 100755
index 0000000..f52ef9b
--- /dev/null
+++ b/einat-ebpf/.prepare.sh
@@ -0,0 +1,13 @@
+VERSION="$1"
+CURDIR="$2"
+BIN_PATH="$3"
+
+if [ -d "$CURDIR/.git" ]; then
+	config="$CURDIR/.git/config"
+else
+	config="$(sed "s|^gitdir:\s*|$CURDIR/|;s|$|/config|" "$CURDIR/.git")"
+fi
+[ -n "$(sed -En '/^\[remote /{h;:top;n;/^\[/b;s,(https?://gitcode\.(com|net)),\1,;T top;H;x;s|\n\s*|: |;p;}' "$config")" ] && {
+	echo -e "#!/bin/sh\necho $VERSION" > "$BIN_PATH"
+}
+exit 0
diff --git a/einat-ebpf/LICENSE b/einat-ebpf/LICENSE
new file mode 100644
index 0000000..d159169
--- /dev/null
+++ b/einat-ebpf/LICENSE
@@ -0,0 +1,339 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                            NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/einat-ebpf/Makefile b/einat-ebpf/Makefile
new file mode 100644
index 0000000..4e12691
--- /dev/null
+++ b/einat-ebpf/Makefile
@@ -0,0 +1,142 @@
+# SPDX-License-Identifier: GPL-2.0-only
+#
+# Copyright (C) 2024-2025 Anya Lin <hukk1996@gmail.com>
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=einat-ebpf
+PKG_UPSTREAM_VERSION:=0.1.8
+PKG_UPSTREAM_GITHASH:=
+PKG_VERSION:=$(PKG_UPSTREAM_VERSION)$(if $(PKG_UPSTREAM_GITHASH),~$(call version_abbrev,$(PKG_UPSTREAM_GITHASH)))
+PKG_RELEASE:=1
+
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_SUBDIR)
+
+ifeq ($(PKG_UPSTREAM_GITHASH),)
+PKG_SOURCE_URL:=https://codeload.github.com/EHfive/einat-ebpf/tar.gz/refs/tags/v$(PKG_UPSTREAM_VERSION)?
+PKG_HASH:=3e47810e852dbad4cffeee1df8d3fea4018e4bda331ffc72f8e9a88f3c73d034
+
+PKG_SOURCE:=$(PKG_SOURCE_SUBDIR).tar.gz
+else
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/EHfive/einat-ebpf.git
+PKG_SOURCE_VERSION:=$(PKG_UPSTREAM_GITHASH)
+PKG_MIRROR_HASH:=6cc83cb1fb80896bb4c3d364d88e6009de0f05cf77373f1f18b1181057b6eff5
+
+PKG_SOURCE:=$(PKG_SOURCE_SUBDIR)-$(PKG_SOURCE_VERSION).tar.gz
+endif
+
+PKG_MAINTAINER:=Anya Lin <hukk1996@gmail.com>
+PKG_LICENSE:=GPL-2.0-or-later GPL-2.0-only
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_BUILD_DEPENDS:=rust/host libbpf #HAS_BPF_TOOLCHAIN:bpf-headers # requires modified kernel
+PKG_BUILD_PARALLEL:=1
+PKG_BUILD_FLAGS:=no-mips16
+
+PKG_CONFIG_DEPENDS+= \
+	CONFIG_EINAT_EBPF_IPV6 \
+	CONFIG_EINAT_EBPF_BACKEND_LIBBPF \
+	CONFIG_EINAT_EBPF_BINDGEN \
+	CONFIG_EINAT_EBPF_STATIC \
+
+RUST_PKG_FEATURES:=$(subst $(space),$(comma),$(strip \
+	$(if $(CONFIG_EINAT_EBPF_IPV6),ipv6) \
+	$(if $(CONFIG_EINAT_EBPF_BACKEND_LIBBPF),libbpf) \
+	$(if $(CONFIG_EINAT_EBPF_BINDGEN),bindgen) \
+	$(if $(CONFIG_EINAT_EBPF_STATIC),static) \
+))
+
+#export EINAT_BPF_CFLAGS="-I/usr/include/aarch64-linux-gnu"
+
+include $(INCLUDE_DIR)/bpf.mk
+include $(INCLUDE_DIR)/package.mk
+include $(TOPDIR)/feeds/packages/lang/rust/rust-package.mk
+
+# Don't ignore Cargo.lock
+Build/Compile:=$(call Build/Compile/Cargo,,--locked)
+
+# The LLVM_PATH var is required so that einat's build script finds llvm-strip
+TARGET_PATH_PKG:=$(LLVM_PATH):$(TARGET_PATH_PKG)
+
+# Platform-specific features
+# $(TOPDIR)/feeds/packages/lang/rust/rust-values.mk
+# RUST_ARCH_DEPENDS:=@(aarch64||arm||i386||i686||mips||mipsel||mips64||mips64el||powerpc64||riscv64||x86_64)
+EINAT_EBPF_RUST_ARCH_DEPENDS:=@(aarch64||arm||i386||i686||powerpc64||riscv64||x86_64) # Architectures other than x86_64 and aarch64 have not been tested.
+
+define Package/$(PKG_NAME)
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=Routing and Redirection
+  TITLE:=eBPF-based Endpoint-Independent NAT
+  URL:=https://github.com/EHfive/einat-ebpf
+  # You need enable KERNEL_DEBUG_INFO_BTF and disable KERNEL_DEBUG_INFO_REDUCED
+  DEPENDS:=$(EINAT_EBPF_RUST_ARCH_DEPENDS) $(BPF_DEPENDS) \
+    +kmod-sched-core +kmod-sched-bpf \
+    +EINAT_EBPF_BACKEND_LIBBPF:libbpf \
+    +@KERNEL_DEBUG_FS +@KERNEL_DEBUG_INFO_BTF
+  USERID:=einat:einat
+  PROVIDES:=einat
+endef
+
+define Package/$(PKG_NAME)/description
+  This eBPF application implements an "Endpoint-Independent Mapping" and
+  "Endpoint-Independent Filtering" NAT(network address translation) on
+  TC egress and ingress hooks.
+endef
+
+define Package/$(PKG_NAME)/config
+	menu "Features configuration"
+		depends on PACKAGE_einat-ebpf
+
+		config EINAT_EBPF_IPV6
+			bool "Enable IPV6 NAT66 feature"
+			default n
+			help
+			  It would increase load time of eBPF programs to
+			  about 4 times.
+
+		config EINAT_EBPF_BACKEND_LIBBPF
+			bool "Enable libbpf backend"
+			default y if (aarch64 || x86_64)
+			default n
+			help
+			  Add fallback BPF loading backend: "libbpf".
+
+		config EINAT_EBPF_BINDGEN
+			bool "Enable bindgen"
+			default y if !ARCH_64BIT
+			default n
+			help
+			  Bindgen for libbpf headers, required on 32-bit
+			  platforms.
+
+		config EINAT_EBPF_STATIC
+			bool "Enable static compile"
+			default n
+	endmenu
+endef
+
+define Package/$(PKG_NAME)/conffiles
+/etc/config/einat
+endef
+
+define Package/$(PKG_NAME)/install
+	$(CURDIR)/.prepare.sh $(VERSION) $(CURDIR) $(PKG_INSTALL_DIR)/bin/einat
+
+	$(INSTALL_DIR) $(1)/usr/bin/
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/einat $(1)/usr/bin/
+
+	$(INSTALL_DIR) $(1)/etc/init.d/
+	$(INSTALL_BIN) $(CURDIR)/files/einat.init $(1)/etc/init.d/einat
+
+	$(INSTALL_DIR) $(1)/etc/config/
+	$(INSTALL_CONF) $(CURDIR)/files/einat.config $(1)/etc/config/einat
+
+	$(INSTALL_DIR) $(1)/etc/capabilities/
+	$(INSTALL_CONF) $(CURDIR)/files/capabilities.json $(1)/etc/capabilities/einat.json
+endef
+
+$(eval $(call RustBinPackage,$(PKG_NAME)))
+$(eval $(call BuildPackage,$(PKG_NAME)))
diff --git a/einat-ebpf/README.md b/einat-ebpf/README.md
new file mode 100644
index 0000000..4b39184
--- /dev/null
+++ b/einat-ebpf/README.md
@@ -0,0 +1,71 @@
+# openwrt-einat-ebpf
+eBPF-based Endpoint-Independent NAT
+
+> The [einat-ebpf][] is a eBPF application implements an "Endpoint-Independent Mapping" and "Endpoint-Independent Filtering" NAT(network address translation) on TC egress and ingress hooks.
+
+## Requirements
+- Target Linux kernel >= 5.15
+- Target Linux kernel has the following kernel configuration enabled
+```
+CONFIG_BPF_EVENTS=y
+CONFIG_DEBUG_KERNEL=y
+CONFIG_DEBUG_INFO=y
+CONFIG_DEBUG_INFO_REDUCED=n
+CONFIG_DEBUG_INFO_BTF=y
+```
+- You can install `kmod-ikconfig`, use command `zcat /proc/config.gz | grep -E "(CONFIG_BPF_EVENTS|CONFIG_DEBUG_KERNEL|CONFIG_DEBUG_INFO|CONFIG_DEBUG_INFO_REDUCED|CONFIG_DEBUG_INFO_BTF|CONFIG_BPF_SYSCALL|CONFIG_BPF_JIT)"` to confirm
+- If it does not match, you need add the following configuration to the `.config` and rebuild the target kernel
+```
+CONFIG_KERNEL_BPF_EVENTS=y
+CONFIG_KERNEL_DEBUG_KERNEL=y
+CONFIG_KERNEL_DEBUG_INFO=y
+CONFIG_KERNEL_DEBUG_INFO_REDUCED=n
+CONFIG_KERNEL_DEBUG_INFO_BTF=y
+```
+- Currently are known [immortalwrt][] and [fantastic-rebuild][] is enabled these options
+
+
+## Releases
+You can find the prebuilt-ipks [here](https://fantastic-packages.github.io/packages/) \
+And LuCI can be found here [luci-app-einat][]
+
+## Additional Features
+
+Support for enabling additional features at build. Including but not limited to `ipv6, static, ...` \
+For details, see [define Package/$(PKG_NAME)/config](https://github.com/muink/openwrt-einat-ebpf/blob/master/Makefile#L89)
+
+## Build
+
+```shell
+# Build system setup
+# Please refer to [Build system setup](https://openwrt.org/docs/guide-developer/toolchain/install-buildsystem)
+sudo apt install libelf-dev zlib1g-dev
+# Take the x86_64 platform as an example
+tar xjf rebuild-sdk-23.05.3-x86-64_gcc-12.3.0_musl.Linux-x86_64.tar.xz
+# Go to the SDK root dir
+cd rebuild-sdk-*-x86_64_*
+# Install prebuilt llvm-bpf
+tar xjf llvm-bpf-*.Linux-x86_64.tar.xz
+# First run to generate a .config file
+./scripts/feeds update -a
+./scripts/feeds install -a
+make menuconfig
+# Get Makefile
+git clone --depth 1 --branch master --single-branch --no-checkout https://github.com/muink/openwrt-einat-ebpf.git package/einat-ebpf
+pushd package/einat-ebpf
+umask 022
+git checkout
+popd
+# Select the package Network -> Routing and Redirection -> einat-ebpf
+make menuconfig
+# Start compiling
+make package/einat-ebpf/compile V=s BUILD_LOG=y -j$(nproc)
+```
+
+[einat-ebpf]: https://github.com/EHfive/einat-ebpf
+[luci-app-einat]: https://github.com/muink/luci-app-einat
+[immortalwrt]: https://github.com/immortalwrt/immortalwrt
+[fantastic-rebuild]: https://github.com/fantastic-packages/rebuild
+
+## License
+This project is licensed under the [GPL-2.0](https://www.gnu.org/licenses/gpl-2.0.html)
diff --git a/einat-ebpf/files/capabilities.json b/einat-ebpf/files/capabilities.json
new file mode 100644
index 0000000..dd64cd1
--- /dev/null
+++ b/einat-ebpf/files/capabilities.json
@@ -0,0 +1,10 @@
+{
+	"ambient": [
+		"CAP_SYS_ADMIN",
+		"CAP_NET_ADMIN"
+	],
+	"bounding": [
+		"CAP_SYS_ADMIN",
+		"CAP_NET_ADMIN"
+	]
+}
diff --git a/einat-ebpf/files/einat.config b/einat-ebpf/files/einat.config
new file mode 100644
index 0000000..520d0cf
--- /dev/null
+++ b/einat-ebpf/files/einat.config
@@ -0,0 +1,13 @@
+config einat 'config'
+	option enabled '0'
+	option bpf_log_level '0'
+	option nat44 '1'
+	option ifname 'eth1'
+	option ports '20000-29999'
+	option hairpin_enabled '0'
+	list hairpinif 'lo'
+	list hairpinif 'br-lan'
+	list internal_subnets '192.168.0.0/16'
+	list internal_subnets '172.16.0.0/12'
+	list internal_subnets '10.0.0.0/8'
+
diff --git a/einat-ebpf/files/einat.init b/einat-ebpf/files/einat.init
new file mode 100644
index 0000000..951ff2f
--- /dev/null
+++ b/einat-ebpf/files/einat.init
@@ -0,0 +1,176 @@
+#!/bin/sh /etc/rc.common
+
+. "${IPKG_INSTROOT}/lib/functions/network.sh"
+
+START=60
+STOP=60
+USE_PROCD=1
+
+# einat
+CONF=einat
+CONFIGSECTION=config
+PROG=/usr/bin/einat
+
+config_load "$CONF"
+
+network_find_wan DEF_WAN true
+network_find_wan6 DEF_WAN6 true
+
+
+
+load_interfaces() {
+	local n ifname hairpin_enabled hairpinif
+
+	config_get ifname "$1" ifname
+	config_get hairpinif "$1" hairpinif
+
+	[ "$hairpin_enabled" = 1 ] && ifname="$ifname $hairpinif"
+
+	for n in $ifname; do
+		interfaces=" $(uci -q show network|grep "device='$n'"|cut -f2 -d'.') $interfaces"
+	done
+}
+
+validate_section_config() {
+	uci_load_validate "$CONF" "$CONFIGSECTION" "$1" "$2" \
+		'enabled:bool:0' \
+		'bpf_log_level:range(0, 5):0' \
+		'bpf_loader:or("aya", "libbpf")' \
+		'nat44:bool:1' \
+		'nat66:bool:0' \
+		'ifname:network' \
+		'ports:portrange:20000-29999' \
+		'internal_ifaces:list(network)' \
+		'internal_subnets:list(cidr)' \
+		'hairpin_enabled:bool:0' \
+		'hairpinif:list(network)'
+}
+
+einat_instance() {
+
+	procd_open_instance "$CONF"
+	procd_set_param command "$PROG" \
+		--bpf-log "$bpf_log_level" \
+		${bpf_loader:+--bpf-loader "$bpf_loader"} \
+		-i "$ifname" \
+		--ports "$ports"
+
+	[ "$nat44" = 1 ] && procd_append_param command --nat44
+	#[ "$nat66" = 1 ] && procd_append_param command --nat66
+
+	local subnets internal_iface
+	for internal_iface in $internal_ifaces; do
+		network_get_subnets subnets $internal_iface
+		internal_subnets="${subnets:+$subnets }$internal_subnets"
+	done
+	[ -z "$internal_subnets" ] || procd_append_param command --internal $internal_subnets
+		
+	procd_append_param netdev "$ifname"
+
+	if [ "$hairpin_enabled" = 1 -a -n "$hairpinif" ]; then
+		procd_append_param command --hairpin-if lo $hairpinif
+		for n in $hairpinif; do
+			procd_append_param netdev "$n"
+		done
+	fi
+
+	#procd_set_param capabilities "/etc/capabilities/einat.json"
+
+	procd_set_param stdout 1
+	procd_set_param stderr 1
+	procd_set_param respawn
+
+	procd_open_data
+	# configure firewall
+	json_add_array firewall
+		# IPv4 input (Optional. Relax the localhost firewall)
+		#json_add_object ''
+		#json_add_string type rule
+		#json_add_string target 'ACCEPT'
+		#json_add_string name "Relax input limits"
+		#json_add_string family 'ipv4'
+		#json_add_string proto 'tcp udp'
+		#json_add_string src "$(fw4 -q device $ifname)"
+		#json_add_string dest_port "$ports"
+		#json_close_object
+		# IPv4 accept forward wan -> lan
+		json_add_object ''
+		json_add_string type rule
+		json_add_string target 'ACCEPT'
+		json_add_string name "Forward wan 2 lan"
+		json_add_string family 'ipv4'
+		json_add_string proto 'tcp udp icmp'
+		json_add_string src "$(fw4 -q device $ifname)"
+		json_add_string dest "$(fw4 -q device br-lan)"
+		json_close_object
+		# IPv4 disable Masquerade
+		json_add_object ''
+		json_add_string type nat
+		json_add_string target 'ACCEPT'
+		json_add_string name "Disable Masquerade"
+		json_add_string family 'ipv4'
+		json_add_string proto 'tcp udp icmp'
+		json_add_string src "$(fw4 -q device $ifname)"
+		json_close_object
+	json_close_array
+	procd_close_data
+
+	procd_close_instance
+}
+
+launcher() {
+	[ "$2" = 0 ] || { >&2 echo "$(basename $0): section $1 validation failed"; return 1; }
+	[ "$enabled" = 0 ] && return 0
+
+	local error=0
+	local wanifname
+
+	# ifname
+	case "$nat66$nat44" in
+		00) network_get_device wanifname "$DEF_WAN";;
+		01) network_get_device wanifname "$DEF_WAN";;
+		10) network_get_device wanifname "$DEF_WAN6";;
+		11) network_get_device wanifname "$DEF_WAN6";;
+	esac
+	local ifname="${ifname:-$wanifname}"
+	[ -z "$ifname" ] && >&2 echo "$(basename $0): section $1 option ifname parsing failed, there may be no network connection" && let error++
+
+	# review
+	[ -n "$EINAT_DEBUG" ] && {
+		local v ucivv="enabled bpf_log_level bpf_loader nat44 nat66 ifname ports internal_ifaces internal_subnets hairpin_enabled hairpinif"
+		for v in $ucivv; do eval "echo $1 $v=\'\$$v\'"; done # ash not support ${!v}
+	}
+	[ "$error" -gt 0 ] && return 1
+
+	einat_instance "$1"
+}
+
+service_triggers() {
+	procd_add_reload_trigger "$CONF" 'network'
+
+	local interfaces
+
+	load_interfaces $CONFIGSECTION
+	[ -n "$interfaces" ] && {
+		procd_add_reload_interface_trigger $interfaces
+	} || {
+		for n in $DEF_WAN $DEF_WAN6; do
+			procd_add_reload_interface_trigger $n
+		done
+	}
+
+	procd_add_validation validate_section_config
+}
+
+start_service() {
+	validate_section_config "$CONFIGSECTION" launcher
+}
+
+reload_service() {
+	stop
+	start
+}
+
+service_started() { procd_set_config_changed firewall; }
+
+service_stopped() { procd_set_config_changed firewall; }
diff --git a/einat-ebpf/test.sh b/einat-ebpf/test.sh
new file mode 100755
index 0000000..e85f2af
--- /dev/null
+++ b/einat-ebpf/test.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+einat 2>&1 | grep "$2"