From 8b40968f6aa2a5e23babcac1eaaf74bddf0c9f60 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 5 Apr 2024 16:45:33 +0200
Subject: [PATCH 1/2] Fix https://github.com/Ysurac/openmptcprouter/issues/3251
 - Bypass MAC address

---
 omr-bypass/files/etc/init.d/omr-bypass-nft | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/omr-bypass/files/etc/init.d/omr-bypass-nft b/omr-bypass/files/etc/init.d/omr-bypass-nft
index 014e1dabc..e7982eddf 100755
--- a/omr-bypass/files/etc/init.d/omr-bypass-nft
+++ b/omr-bypass/files/etc/init.d/omr-bypass-nft
@@ -536,12 +536,16 @@ _bypass_proto_without_ndpi() {
 _intf_rule_ss_rules() {
 	cat >> /etc/firewall.omr-bypass <<-EOF
 		nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_${intf}_4 accept
+		nft insert rule inet fw4 ss_rules_pre_tcp meta mark 0x4539${count} accept
 		nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_${intf}_4 accept
+		nft insert rule inet fw4 ss_rules_local_out meta mark 0x4539${count} accept
 	EOF
 	if [ "$disableipv6" = "0" ]; then
 		cat >> /etc/firewall.omr-bypass <<-EOF
 			nft insert rule inet fw4 ss_rules_pre_tcp ip6 daddr @omr_dst_bypass_${intf}_6 accept
+			nft insert rule inet fw4 ss_rules_pre_tcp meta mark 0x6539${count} accept
 			nft insert rule inet fw4 ss_rules_local_out ip6 daddr @omr_dst_bypass_${intf}_6 accept
+			nft insert rule inet fw4 ss_rules_local_out meta mark 0x6539${count} accept
 		EOF
 	fi
 }
@@ -549,12 +553,16 @@ _intf_rule_ss_rules() {
 _intf_rule_v2ray_rules() {
 	cat >> /etc/firewall.omr-bypass <<-EOF
 		nft insert rule inet fw4 v2r_rules_pre_tcp ip daddr @omr_dst_bypass_${intf}_4 accept
+		nft insert rule inet fw4 v2r_rules_pre_tcp meta mark 0x4539${count} accept
 		nft insert rule inet fw4 v2r_rules_local_out ip daddr @omr_dst_bypass_${intf}_4 accept
+		nft insert rule inet fw4 v2r_rules_local_out meta mark 0x4539${count} accept
 	EOF
 	if [ "$disableipv6" = "0" ]; then
 		cat >> /etc/firewall.omr-bypass <<-EOF
 			nft insert rule inet fw4 v2r_rules_pre_tcp ip6 daddr @omr_dst_bypass_${intf}_6 accept
+			nft insert rule inet fw4 v2r_rules_pre_tcp meta mark 0x6539${count} accept
 			nft insert rule inet fw4 v2r_rules_local_out ip6 daddr @omr_dst_bypass_${intf}_6 accept
+			nft insert rule inet fw4 v2r_rules_local_out meta mark 0x6539${count} accept
 		EOF
 	fi
 }
@@ -562,12 +570,16 @@ _intf_rule_v2ray_rules() {
 _intf_rule_xray_rules() {
 	cat >> /etc/firewall.omr-bypass <<-EOF
 		nft insert rule inet fw4 xr_rules_pre_tcp ip daddr @omr_dst_bypass_${intf}_4 accept
+		nft insert rule inet fw4 xr_rules_pre_tcp meta mark 0x4539${count} accept
 		nft insert rule inet fw4 xr_rules_local_out ip daddr @omr_dst_bypass_${intf}_4 accept
+		nft insert rule inet fw4 xr_rules_local_out meta mark 0x4539${count} accept
 	EOF
 	if [ "$disableipv6" = "0" ]; then
 		cat >> /etc/firewall.omr-bypass <<-EOF
 			nft insert rule inet fw4 xr_rules_pre_tcp ip6 daddr @omr_dst_bypass_${intf}_6 accept
+			nft insert rule inet fw4 xr_rules_pre_tcp meta mark 0x6539${count} accept
 			nft insert rule inet fw4 xr_rules_local_out ip6 daddr @omr_dst_bypass_${intf}_6 accept
+			nft insert rule inet fw4 xr_rules_local_out meta mark 0x6539${count} accept
 		EOF
 	fi
 }
@@ -714,11 +726,13 @@ _intf_rule() {
 		EOF
 
 	if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ] && [ "$(uci -q get shadowsocks-libev.sss0.disabled)" != "1" ]; then
-		config_load shadowsocks-libev
-		config_foreach _intf_rule_ss_rules ss_rules
+		#config_load shadowsocks-libev
+		#config_foreach _intf_rule_ss_rules ss_rules
+		_intf_rule_ss_rules
 	elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks-rust" ] && [ "$(uci -q get shadowsocks-rust.sss0.disabled)" != "1" ]; then
-		config_load shadowsocks-rust
-		config_foreach _intf_rule_ss_rules ss_rules
+		#config_load shadowsocks-rust
+		#config_foreach _intf_rule_ss_rules ss_rules
+		_intf_rule_ss_rules
 	elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ] && [ "$(uci -q get v2ray.main.enabled)" = "1" ]; then
 		_intf_rule_v2ray_rules
 	elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "xray" ] && [ "$(uci -q get xray.main.enabled)" = "1" ]; then

From 57b8239787797077dd9d8d211f1793ae1dbf6a96 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sat, 6 Apr 2024 17:12:32 +0200
Subject: [PATCH 2/2] Should fix
 https://github.com/Ysurac/openmptcprouter/issues/3252#issuecomment-2041038428

---
 sqm-autorate/files/usr/share/sqm-autorate/config_template.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sqm-autorate/files/usr/share/sqm-autorate/config_template.sh b/sqm-autorate/files/usr/share/sqm-autorate/config_template.sh
index 4fe0d2822..64105e647 100755
--- a/sqm-autorate/files/usr/share/sqm-autorate/config_template.sh
+++ b/sqm-autorate/files/usr/share/sqm-autorate/config_template.sh
@@ -79,7 +79,7 @@ reflector_ping_interval_s=$(uci -q get sqm.${INTERFACE}.reflector_ping_interval_
 # (adjustment significant at sub 12Mbit/s rates, else negligible)
 #logger -t "sqm-autorate" "ping for ${INTERFACE} (${ul_if}): $(echo $(/sbin/uci -q get sqm.${INTERFACE}.delay_thr_ms || echo '100'))"
 #dl_owd_delta_thr_ms=$(echo $(echo $(uci -q get sqm.${INTERFACE}.delay_thr_ms || echo $(echo "$(/usr/bin/ping -B -w 5 -c 5 -I ${ul_if} 1.1.1.1 | cut -d '/' -s -f6 | tr -d '\n' 2>/dev/null)+30" | bc) || echo "100")) + "0.1" | bc)  # (milliseconds)
-dl_owd_delta_thr_ms=$(uci -q get sqm.${INTERFACE}.delay_thr_ms || echo "250")
+dl_owd_delta_thr_ms=$(uci -q get sqm.${INTERFACE}.delay_thr_ms || echo "250.0")
 ul_owd_delta_thr_ms=${dl_owd_delta_thr_ms}
 
 # average owd delta threshold in ms at which maximum adjust_down_bufferbloat is applied