From 43107110a5d75bbbbb2be356944788870e3a99e5 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 9 Oct 2024 11:08:54 +0200
Subject: [PATCH 1/7] Add keep alive support to Shadowsocks-Rust init and
 interface

---
 .../htdocs/luci-static/resources/shadowsocks-rust.js     | 3 +++
 .../files/etc/uci-defaults/1930-omr-shadowsocks          | 9 +++++++++
 shadowsocks-rust/files/shadowsocks-rust.config           | 7 +++++--
 shadowsocks-rust/files/shadowsocks-rust.init-nft         | 2 ++
 4 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/luci-app-shadowsocks-rust/htdocs/luci-static/resources/shadowsocks-rust.js b/luci-app-shadowsocks-rust/htdocs/luci-static/resources/shadowsocks-rust.js
index 0e4c4e0712..4e6d126059 100644
--- a/luci-app-shadowsocks-rust/htdocs/luci-static/resources/shadowsocks-rust.js
+++ b/luci-app-shadowsocks-rust/htdocs/luci-static/resources/shadowsocks-rust.js
@@ -28,6 +28,7 @@ var names_options_common = [
 	'mode',
 	'mtu',
 	'timeout',
+	'keep_alive',
 	'user',
 	'mptcp',
 ];
@@ -157,6 +158,8 @@ return L.Class.extend({
 		o.datatype = 'uinteger';
 		o = s.taboption(tab, form.Value, 'timeout', _('Timeout (sec)'));
 		o.datatype = 'uinteger';
+		o = s.taboption(tab, form.Value, 'keep_alive', _('Keep Alive (sec)'));
+		o.datatype = 'uinteger';
 		s.taboption(tab, form.Value, 'user', _('Run as'));
 
 		s.taboption(tab, form.Flag, 'verbose', _('Verbose'));
diff --git a/openmptcprouter/files/etc/uci-defaults/1930-omr-shadowsocks b/openmptcprouter/files/etc/uci-defaults/1930-omr-shadowsocks
index 7ddcc4e571..1c339219bd 100755
--- a/openmptcprouter/files/etc/uci-defaults/1930-omr-shadowsocks
+++ b/openmptcprouter/files/etc/uci-defaults/1930-omr-shadowsocks
@@ -116,6 +116,15 @@ if [ "$(uci -q get shadowsocks-libev.sss1)" = "" ]; then
 		commit shadowsocks-libev
 	EOF
 fi
+if [ -z "$(uci -q get shadowsocks-rust.hi1.keep_alive)" ]; then
+	uci -q batch <<-EOF > /dev/null
+		set shadowsocks-rust.hi1.keep_alive=15
+		set shadowsocks-rust.hi1.no_delay=1
+		set shadowsocks-rust.hi2.keep_alive=15
+		set shadowsocks-rust.hi2.no_delay=1
+		commit shadowsocks-rust
+	EOF
+fi
 
 rm -f /tmp/luci-indexcache
 exit 0
diff --git a/shadowsocks-rust/files/shadowsocks-rust.config b/shadowsocks-rust/files/shadowsocks-rust.config
index 47a10cfc4e..c12db84c69 100644
--- a/shadowsocks-rust/files/shadowsocks-rust.config
+++ b/shadowsocks-rust/files/shadowsocks-rust.config
@@ -4,13 +4,14 @@ config ss_redir hi1
 	option local_port '1100'
 	option mode 'tcp_and_udp'
 	option timeout '1000'
+	option keep_alive '15'
 	option fast_open 0
 	option verbose 0
 	option syslog 1
 	option reuse_port 0
 	option mptcp 1
 	option ipv6_first 1
-	option no_delay 0
+	option no_delay 1
 
 config ss_redir hi2
 	option server 'sss1'
@@ -18,13 +19,14 @@ config ss_redir hi2
 	option local_port '1101'
 	option mode 'tcp_and_udp'
 	option timeout '1000'
+	option keep_alive '15'
 	option fast_open 0
 	option verbose 0
 	option syslog 1
 	option reuse_port 0
 	option mptcp 1
 	option ipv6_first 1
-	option no_delay 0
+	option no_delay 1
 
 config ss_rules 'ss_rules'
 	option disabled 0
@@ -63,6 +65,7 @@ config ss_local 'tracker_sss0'
 	option local_port '1111'
 	option mode 'tcp_and_udp'
 	option timeout '600'
+	option keep_alive '15'
 	option fast_open '0'
 	option syslog '0'
 	option reuse_port '1'
diff --git a/shadowsocks-rust/files/shadowsocks-rust.init-nft b/shadowsocks-rust/files/shadowsocks-rust.init-nft
index 34b761aefb..9add4eddd7 100755
--- a/shadowsocks-rust/files/shadowsocks-rust.init-nft
+++ b/shadowsocks-rust/files/shadowsocks-rust.init-nft
@@ -87,6 +87,7 @@ ss_xxx() {
 	[ -z "$mode" ] || json_add_string mode "$mode"
 	[ -z "$mtu" ] || json_add_int mtu "$mtu"
 	[ -z "$timeout" ] || json_add_int timeout "$timeout"
+	[ -z "$keep_alive" ] || json_add_int keep_alive "$keep_alive"
 	[ -z "$user" ] || json_add_string user "$user"
 	[ -z "$acl" ] || json_add_string acl "$acl"
 	json_dump -i >"$confjson"
@@ -369,6 +370,7 @@ validate_common_options_() {
 		'mode:or("tcp_only", "udp_only", "tcp_and_udp"):tcp_only' \
 		'mtu:uinteger' \
 		'timeout:uinteger' \
+		'keep_alive:uinteger' \
 		'user:string'
 }
 

From 11681a878f9b7478808d88905c686e8fa41ccfd2 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 9 Oct 2024 11:12:42 +0200
Subject: [PATCH 2/7] Enable TCP Fast Open on Shadowsocks Rust by default

---
 openmptcprouter/files/etc/uci-defaults/1930-omr-shadowsocks | 2 ++
 shadowsocks-rust/files/shadowsocks-rust.config              | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/openmptcprouter/files/etc/uci-defaults/1930-omr-shadowsocks b/openmptcprouter/files/etc/uci-defaults/1930-omr-shadowsocks
index 1c339219bd..437ede0963 100755
--- a/openmptcprouter/files/etc/uci-defaults/1930-omr-shadowsocks
+++ b/openmptcprouter/files/etc/uci-defaults/1930-omr-shadowsocks
@@ -120,8 +120,10 @@ if [ -z "$(uci -q get shadowsocks-rust.hi1.keep_alive)" ]; then
 	uci -q batch <<-EOF > /dev/null
 		set shadowsocks-rust.hi1.keep_alive=15
 		set shadowsocks-rust.hi1.no_delay=1
+		set shadowsocks-rust.hi1.fast_open=1
 		set shadowsocks-rust.hi2.keep_alive=15
 		set shadowsocks-rust.hi2.no_delay=1
+		set shadowsocks-rust.hi2.fast_open=1
 		commit shadowsocks-rust
 	EOF
 fi
diff --git a/shadowsocks-rust/files/shadowsocks-rust.config b/shadowsocks-rust/files/shadowsocks-rust.config
index c12db84c69..4987837620 100644
--- a/shadowsocks-rust/files/shadowsocks-rust.config
+++ b/shadowsocks-rust/files/shadowsocks-rust.config
@@ -5,7 +5,7 @@ config ss_redir hi1
 	option mode 'tcp_and_udp'
 	option timeout '1000'
 	option keep_alive '15'
-	option fast_open 0
+	option fast_open 1
 	option verbose 0
 	option syslog 1
 	option reuse_port 0
@@ -20,7 +20,7 @@ config ss_redir hi2
 	option mode 'tcp_and_udp'
 	option timeout '1000'
 	option keep_alive '15'
-	option fast_open 0
+	option fast_open 1
 	option verbose 0
 	option syslog 1
 	option reuse_port 0

From 89da64717536e8ddff98e53525964a6bba31ef32 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 9 Oct 2024 11:13:45 +0200
Subject: [PATCH 3/7] Fix ByPass route table when master interface is used

---
 omr-tracker/files/usr/share/omr/post-tracking.d/003-up | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/omr-tracker/files/usr/share/omr/post-tracking.d/003-up b/omr-tracker/files/usr/share/omr/post-tracking.d/003-up
index d46388efeb..379ce9173a 100755
--- a/omr-tracker/files/usr/share/omr/post-tracking.d/003-up
+++ b/omr-tracker/files/usr/share/omr/post-tracking.d/003-up
@@ -11,7 +11,7 @@ if [ "$OMR_TRACKER_STATUS" = "ERROR" ]; then
 	exit 0
 fi
 
-if [ "$OMR_TRACKER_PREV_STATUS" = "$OMR_TRACKER_STATUS" ] && [ -n "$OMR_TRACKER_INTERFACE" ] && [ "$OMR_TRACKER_PREV_DEVICE_IP" = "$OMR_TRACKER_DEVICE_IP" ] && [ "$OMR_TRACKER_PREV_DEVICE_IP6" = "$OMR_TRACKER_DEVICE_IP6" ]; then
+if [ "$OMR_TRACKER_PREV_STATUS" = "$OMR_TRACKER_STATUS" ] && [ -n "$OMR_TRACKER_INTERFACE" ] && [ "$OMR_TRACKER_PREV_DEVICE_IP" = "$OMR_TRACKER_DEVICE_IP" ] && [ "$OMR_TRACKER_PREV_DEVICE_IP6" = "$OMR_TRACKER_DEVICE_IP6" ] && (([ -n "$OMR_TRACKER_DEVICE_GATEWAY" ] && [ -n "$(ip r show table 991337)" ]) || ([ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ] && [ -n "$(ip -6 r show table 6991337)" ])); then
 	exit 0
 fi
 
@@ -115,7 +115,7 @@ set_route6() {
 		if [ "$interface_gw" != "" ] && [ "$interface_if" != "" ] && [ -n "$(echo $interface_gw | grep ':')" ]; then
 			[ "$(uci -q get openmptcprouter.settings.debug)" = "true" ] && _log "$PREVINTERFACE down. Replace default route by $interface_gw dev $interface_if"
 			[ "$SETDEFAULT" = "yes" ] && [ "$(uci -q openmptcprouter.settings.defaultgw)" != "0" ] && ip -6 route replace default scope metric 1 global nexthop via $interface_gw dev $interface_if >/dev/null 2>&1
-			ip -6 route replace default via $interface_gw dev $interface_if table 991337 >/dev/null 2>&1 && SETROUTE=true
+			ip -6 route replace default via $interface_gw dev $interface_if table 6991337 >/dev/null 2>&1 && SETROUTE=true
 		fi
 	fi
 }
@@ -947,7 +947,7 @@ if [ "$multipath_config" = "master" ]; then
 		ip route replace default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE table 991337 $initcwrwnd >/dev/null 2>&1
 		#ip route flush cache >/dev/null 2>&1
 	fi
-	if [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ] && [ -n "$OMR_TRACKER_DEVICE" ] && [ "$(ip -6 r show table 991337)" != "default via $OMR_TRACKER_DEVICE_GATEWAY6 dev $OMR_TRACKER_DEVICE " ]; then
+	if [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ] && [ -n "$OMR_TRACKER_DEVICE" ] && [ "$(ip -6 r show table 6991337)" != "default via $OMR_TRACKER_DEVICE_GATEWAY6 dev $OMR_TRACKER_DEVICE " ]; then
 		ip -6 route replace default via $OMR_TRACKER_DEVICE_GATEWAY6 dev $OMR_TRACKER_DEVICE table 6991337 $initcwrwnd >/dev/null 2>&1
 		#ip -6 route flush cache >/dev/null 2>&1
 	fi

From 8f237144e7d42f9a111ec0fdc2a4b07e5f5e0fc2 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 9 Oct 2024 11:14:29 +0200
Subject: [PATCH 4/7] Fix in OMR-ByPass to enable ACCEPT rule when it should be

---
 omr-bypass/files/etc/init.d/omr-bypass-nft | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/omr-bypass/files/etc/init.d/omr-bypass-nft b/omr-bypass/files/etc/init.d/omr-bypass-nft
index 0e8baebd1e..a922412b05 100755
--- a/omr-bypass/files/etc/init.d/omr-bypass-nft
+++ b/omr-bypass/files/etc/init.d/omr-bypass-nft
@@ -62,10 +62,12 @@ _bypass_ip() {
 		uci -q add_list firewall.omr_dst_bypass_${type}_4.entry="$ip"
 		uci -q set firewall.omr_dst_bypass_${type}_4.enabled='1'
 		uci -q set firewall.omr_dst_bypass_${type}_dstip_4.enabled='1'
+		uci -q set firewall.omr_dst_bypass_${type}_dstip_4_accept.enabled='1'
 	elif [ "$valid_ip6" = "ok" ]; then
 		uci -q add_list firewall.omr_dst_bypass_${type}_6.entry="$ip"
 		uci -q set firewall.omr_dst_bypass_${type}_6.enabled='1'
 		uci -q set firewall.omr_dst_bypass_${type}_dstip_6.enabled='1'
+		uci -q set firewall.omr_dst_bypass_${type}_dstip_6_accept.enabled='1'
 	fi
 }
 

From 53de5ab42221cc8acf5e42215c9411858aa93d38 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 9 Oct 2024 11:15:40 +0200
Subject: [PATCH 5/7] Fix for Kernel 6.12

---
 ndpi-netfilter2/Makefile                           |  2 +-
 .../patches/302-fix-build-with-linux-6.12.patch    | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 xtables-addons/patches/302-fix-build-with-linux-6.12.patch

diff --git a/ndpi-netfilter2/Makefile b/ndpi-netfilter2/Makefile
index 2498597188..6990f3bdf0 100644
--- a/ndpi-netfilter2/Makefile
+++ b/ndpi-netfilter2/Makefile
@@ -83,7 +83,7 @@ define KernelPackage/ipt-ndpi
 	TITLE:= nDPI net netfilter module
 #	DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables +libpcap @(LINUX_5_4||LINUX_5_15||TARGET_x86_64)
 #	DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables +libpcap @(LINUX_5_4||LINUX_5_15) @!TARGET_ramips
-	DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +(LINUX_5_4||LINUX_6_1):kmod-ipt-compat-xtables +libpcap @!TARGET_ramips @!LINUX_6_6 @!LINUX_6_10 @!LINUX_6_11
+	DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +(LINUX_5_4||LINUX_6_1):kmod-ipt-compat-xtables +libpcap @!TARGET_ramips @!LINUX_6_6 @!LINUX_6_10 @!LINUX_6_11 @!LINUX_6_12
 #	DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables +libpcap
 	KCONFIG:=CONFIG_NF_CONNTRACK_LABELS=y \
 	    CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y
diff --git a/xtables-addons/patches/302-fix-build-with-linux-6.12.patch b/xtables-addons/patches/302-fix-build-with-linux-6.12.patch
new file mode 100644
index 0000000000..020003dcc6
--- /dev/null
+++ b/xtables-addons/patches/302-fix-build-with-linux-6.12.patch
@@ -0,0 +1,14 @@
+--- a/extensions/xt_ipp2p.c	2024-10-08 14:14:40.759989875 +0200
++++ b/extensions/xt_ipp2p.c	2024-10-08 14:16:04.042851316 +0200
+@@ -6,7 +6,11 @@
+ #include <linux/netfilter_ipv4/ip_tables.h>
+ #include <net/tcp.h>
+ #include <net/udp.h>
++#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 11, 0)
+ #include <asm/unaligned.h>
++#else
++#include <linux/unaligned.h>
++#endif
+ #include "xt_ipp2p.h"
+ #include "compat_xtables.h"
+ 

From 21d2b4c87c460680bd3c59397d2804936557c2b8 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 9 Oct 2024 14:24:19 +0200
Subject: [PATCH 6/7] Add kmod-r8125 for rockchip

---
 openmptcprouter-full/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openmptcprouter-full/Makefile b/openmptcprouter-full/Makefile
index 64562ea411..72c1e0844f 100644
--- a/openmptcprouter-full/Makefile
+++ b/openmptcprouter-full/Makefile
@@ -93,7 +93,7 @@ MY_DEPENDS := \
     (LINUX_5_4&&(TARGET_x86_64||TARGET_aarch64)):kmod-tcp-bbr2 \
     TARGET_x86_64:kmod-atlantic \
     !(LINUX_5_4||LINUX_6_1||TARGET_ramips||TARGET_ipq806x):mptcp-bpf-burst !(LINUX_5_4||LINUX_6_1||TARGET_ramips||TARGET_ipq806x):mptcp-bpf-first !(LINUX_5_4||LINUX_6_1||TARGET_ramips||TARGET_ipq806x):mptcp-bpf-red !(LINUX_5_4||LINUX_6_1||TARGET_ramips||TARGET_ipq806x):mptcp-bpf-rr !(LINUX_5_4||LINUX_6_1||TARGET_ramips||TARGET_ipq806x):bpftool-full \
-    !(LINUX_6_10||LINUX_6_11||LINUX_6_12):kmod-ovpn-dco-v2 lspci
+    !(LINUX_6_10||LINUX_6_11||LINUX_6_12):kmod-ovpn-dco-v2 lspci TARGET_rockchip:kmod-r8125
 
 #    !TARGET_ipq40xx:kmod-rt2800-usb (TARGET_x86||TARGET_x86_64):kmod-iwlwifi (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl1000 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl100 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl105 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl135 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl2000 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl2030 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl3160 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl3168 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl5000 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl5150 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl6000g2 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl6000g2a (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl6000g2b (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl6050 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl7260 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl7265 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl7265d (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl8260c (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl8265 \
 #    !TARGET_ipq40xx:kmod-rtl8xxxu !TARGET_ipq40xx:kmod-rtl8192cu !TARGET_ipq40xx:kmod-net-rtl8192su !LINUX_6_1:kmod-rtl8812au-ct (TARGET_x86||TARGET_x86_64):kmod-r8169 (TARGET_x86||TARGET_x86_64):kmod-8139too (TARGET_x86||TARGET_x86_64):kmod-r8125 !TARGET_ipq40xx:kmod-rtl8187 kmod-rtl8xxxu (TARGET_x86||TARGET_x86_64):rtl8192eu-firmware

From 0b1cc79c18267233c94dd059505677a2f45eabdf Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 9 Oct 2024 14:24:47 +0200
Subject: [PATCH 7/7] Block OpenVPN DCO on kernel 6.12 for now

---
 ovpn-dco/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ovpn-dco/Makefile b/ovpn-dco/Makefile
index d41d0b8e37..f474495d59 100644
--- a/ovpn-dco/Makefile
+++ b/ovpn-dco/Makefile
@@ -1,6 +1,6 @@
 #
 # Copyright (C) 2021 Jianhui Zhao <zhaojh329@gmail.com>
-# Copyright (C) 2023 Yannick Chabanois (Ycarus) <contact@openmptcprouter.com> for OpenMPTCProuter
+# Copyright (C) 2023-2024 Yannick Chabanois (Ycarus) <contact@openmptcprouter.com> for OpenMPTCProuter
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -27,7 +27,7 @@ include $(INCLUDE_DIR)/package.mk
 define KernelPackage/ovpn-dco-v2
   SUBMENU:=Network Support
   TITLE:=OpenVPN data channel offload
-  DEPENDS:=+kmod-crypto-aead +kmod-udptunnel4 +IPV6:kmod-udptunnel6
+  DEPENDS:=+kmod-crypto-aead +kmod-udptunnel4 +IPV6:kmod-udptunnel6 @!LINUX_6_12
   FILES:=$(PKG_BUILD_DIR)/drivers/net/ovpn-dco/ovpn-dco-v2.ko
   AUTOLOAD:=$(call AutoLoad,30,ovpn-dco-v2)
 endef