From 8c9688f82f1493112c5c91cba085268f53950b03 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 13 Mar 2024 09:44:10 +0100
Subject: [PATCH 1/7] Update OpenVPN to 2.6.9

---
 openvpn/Makefile                            |   6 +-
 openvpn/files/etc/hotplug.d/openvpn/01-user |   7 +-
 openvpn/files/openvpn.init                  | 110 +++++++++++++-------
 3 files changed, 79 insertions(+), 44 deletions(-)

diff --git a/openvpn/Makefile b/openvpn/Makefile
index 752d38535..349c7e1cb 100644
--- a/openvpn/Makefile
+++ b/openvpn/Makefile
@@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openvpn
 
-PKG_VERSION:=2.6.5
-PKG_RELEASE:=1
+PKG_VERSION:=2.6.9
+PKG_RELEASE:=10
 
 PKG_SOURCE_URL:=\
 	https://build.openvpn.net/downloads/releases/ \
 	https://swupdate.openvpn.net/community/releases/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=e34efdb9a3789a760cfc91d57349dfb1e31da169c98c06cb490c6a8a015638e2
+PKG_HASH:=e08d147e15b4508dfcd1d6618a1f21f1495f9817a8dadc1eddf0532fa116d7e3
 
 PKG_MAINTAINER:=Magnus Kroken <mkroken@gmail.com>
 
diff --git a/openvpn/files/etc/hotplug.d/openvpn/01-user b/openvpn/files/etc/hotplug.d/openvpn/01-user
index 4c72f1c4b..f6ad8935e 100644
--- a/openvpn/files/etc/hotplug.d/openvpn/01-user
+++ b/openvpn/files/etc/hotplug.d/openvpn/01-user
@@ -7,10 +7,14 @@
 		$*
 }
 
-# Wrap user defined scripts on up/down events
+# Wrap user defined scripts on up/down/route-up/route-pre-down/ipchange events
+# Scriptp set with up/down/route-up/route-pre-down/ipchange in the openvpn config are also executed with the command=user_xxxx
 case "$ACTION" in
 	up) command=$user_up ;;
 	down) command=$user_down ;;
+	route-up) command=$user_route_up ;;
+	route-pre-down) command=$user_route_pre_down ;;
+	ipchange) command=$user_ipchange ;;
 	*) command= ;;
 esac
 
@@ -20,3 +24,4 @@ if [ -n "$command" ]; then
 fi
 
 exit 0
+
diff --git a/openvpn/files/openvpn.init b/openvpn/files/openvpn.init
index 34c6f3511..5c1beb0e3 100644
--- a/openvpn/files/openvpn.init
+++ b/openvpn/files/openvpn.init
@@ -10,22 +10,13 @@ STOP=10
 USE_PROCD=1
 PROG=/usr/sbin/openvpn
 
+PATH_INSTANCE_DIR="/etc/openvpn"
 LIST_SEP="
 "
 
 UCI_STARTED=
 UCI_DISABLED=
 
-version_over_5_4() {
-	MAJOR_VERSION=$(uname -r | awk -F '.' '{print $1}')
-	MINOR_VERSION=$(uname -r | awk -F '.' '{print $2}')
-	if [ $MAJOR_VERSION -ge 5 ] && [ $MINOR_VERSION -gt 13 ] || [ $MAJOR_VERSION -gt 5 ] ; then
-		return 0
-	else
-		return 1
-	fi
-}
-
 append_param() {
 	local s="$1"
 	local v="$2"
@@ -154,6 +145,9 @@ openvpn_add_instance() {
 	local security="$4"
 	local up="$5"
 	local down="$6"
+	local route_up="$7"
+	local route_pre_down="$8"
+	local ipchange="$9"
 	local client=$(grep -qEx "client|tls-client" "$dir/$conf" && echo 1)
 
 	procd_open_instance "$name"
@@ -169,12 +163,12 @@ openvpn_add_instance() {
 		${client:+--ipchange "/usr/libexec/openvpn-hotplug ipchange $name"} \
 		${up:+--setenv user_up "$up"} \
 		${down:+--setenv user_down "$down"} \
+		${route_up:+--setenv user_route_up "$route_up"} \
+		${route_pre_down:+--setenv user_route_pre_down "$route_pre_down"} \
+		${client:+${ipchange:+--setenv user_ipchange "$ipchange"}} \
 		--script-security "${security:-2}" \
 		$(openvpn_get_dev "$name" "$conf") \
 		$(openvpn_get_credentials "$name" "$conf")
-	if version_over_5_4; then
-		procd_append_param command "--mptcp"
-	fi
 	procd_set_param file "$dir/$conf"
 	procd_set_param term_timeout 15
 	procd_set_param respawn
@@ -184,7 +178,7 @@ openvpn_add_instance() {
 	procd_close_instance
 }
 
-start_instance() {
+start_uci_instance() {
 	local s="$1"
 
 	config_get config "$s" config
@@ -195,18 +189,25 @@ start_instance() {
 		return 1
 	}
 
-	local up down script_security
+	local up down route_up route_pre_down ipchange script_security
 	config_get up "$s" up
 	config_get down "$s" down
+	config_get route_up "$s" route_up
+	config_get route_pre_down "$s" route_pre_down
+	config_get ipchange "$s" ipchange
 	config_get script_security "$s" script_security
 
 	[ ! -d "/var/run" ] && mkdir -p "/var/run"
 
 	if [ ! -z "$config" ]; then
 		append UCI_STARTED "$config" "$LIST_SEP"
+		[ -n "$script_security" ] || get_openvpn_option "$config" script_security script-security
 		[ -n "$up" ] || get_openvpn_option "$config" up up
 		[ -n "$down" ] || get_openvpn_option "$config" down down
-		openvpn_add_instance "$s" "${config%/*}" "$config" "$script_security" "$up" "$down"
+		[ -n "$route_up" ] || get_openvpn_option "$config" route_up route-up
+		[ -n "$route_pre_down" ] || get_openvpn_option "$config" route_pre_down route-pre-down
+		[ -n "$ipchange" ] || get_openvpn_option "$config" ipchange ipchange
+		openvpn_add_instance "$s" "${config%/*}" "$config" "$script_security" "$up" "$down" "$route_up" "$route_pre_down" "$ipchange"
 		return
 	fi
 
@@ -216,7 +217,47 @@ start_instance() {
 	append_params "$s" $OPENVPN_PARAMS
 	append_list "$s" $OPENVPN_LIST
 
-	openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf" "$script_security" "$up" "$down"
+	openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf" "$script_security" "$up" "$down" "$route_up" "$route_pre_down" "$ipchange"
+}
+
+start_path_instances() {
+	local path name
+
+	for path in ${PATH_INSTANCE_DIR}/*.conf; do
+		[ -f "$path" ] && {
+			name="${path##*/}"
+			name="${name%.conf}"
+			start_path_instance "$name"
+		}
+	done
+}
+
+start_path_instance() {
+	local name="$1"
+
+	local path name up down route_up route_pre_down ipchange
+
+	path="${PATH_INSTANCE_DIR}/${name}.conf"
+
+	# don't start configs again that are already started by uci
+	if echo "$UCI_STARTED" | grep -qxF "$path"; then
+		logger -t openvpn "$name.conf already started"
+		return
+	fi
+
+	# don't start configs which are set to disabled in uci
+	if echo "$UCI_DISABLED" | grep -qxF "$path"; then
+		logger -t openvpn "$name.conf is disabled in /etc/config/openvpn"
+		return
+	fi
+
+	get_openvpn_option "$path" up up || up=""
+	get_openvpn_option "$path" down down || down=""
+	get_openvpn_option "$path" route_up route-up || route_up=""
+	get_openvpn_option "$path" route_pre_down route-pre-down || route_pre_down=""
+	get_openvpn_option "$path" ipchange ipchange || ipchange=""
+
+	openvpn_add_instance "$name" "${path%/*}" "$path" "" "$up" "$down" "$route_up" "$route_pre_down" "$ipchange"
 }
 
 start_service() {
@@ -238,31 +279,20 @@ start_service() {
 	config_load 'openvpn'
 
 	if [ -n "$instance" ]; then
-		[ "$instance_found" -gt 0 ] || return
-		start_instance "$instance"
+		if [ "$instance_found" -gt 0 ]; then
+			start_uci_instance "$instance"
+		elif [ -f "${PATH_INSTANCE_DIR}/${instance}.conf" ]; then
+			start_path_instance "$instance"
+		fi
 	else
-		config_foreach start_instance 'openvpn'
+		config_foreach start_uci_instance 'openvpn'
 
-		local path name up down
-		for path in /etc/openvpn/*.conf; do
-			if [ -f "$path" ]; then
-				name="${path##*/}"; name="${name%.conf}"
-
-				# don't start configs again that are already started by uci
-				if echo "$UCI_STARTED" | grep -qxF "$path"; then
-					continue
-
-				# don't start configs which are set to disabled in uci
-				elif echo "$UCI_DISABLED" | grep -qxF "$path"; then
-					logger -t openvpn "$name.conf is disabled in /etc/config/openvpn"
-					continue
-				fi
-
-				get_openvpn_option "$path" up up || up=""
-				get_openvpn_option "$path" down down || down=""
-				openvpn_add_instance "$name" "${path%/*}" "$path" "" "$up" "$down"
-			fi
-		done
+		auto="$(uci_get openvpn globals autostart 1)"
+		if [ "$auto" = "1" ]; then
+			start_path_instances
+		else
+			logger -t openvpn "Autostart for configs in '$PATH_INSTANCE_DIR/*.conf' disabled"
+		fi
 	fi
 }
 

From d6996f829bde528b877ad4cba63b56d1d471806d Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 13 Mar 2024 09:44:46 +0100
Subject: [PATCH 2/7] Fix typo in omr-bypass

---
 omr-bypass/files/etc/init.d/omr-bypass-nft | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/omr-bypass/files/etc/init.d/omr-bypass-nft b/omr-bypass/files/etc/init.d/omr-bypass-nft
index a0a98819f..12c8fbf28 100755
--- a/omr-bypass/files/etc/init.d/omr-bypass-nft
+++ b/omr-bypass/files/etc/init.d/omr-bypass-nft
@@ -422,24 +422,28 @@ _bypass_proto_without_ndpi() {
 					set firewall.bypass_$proto.match='dest_ip'
 					set firewall.bypass_$proto.family='ipv4'
 					set firewall.bypass_$proto_rule=rule
-					set firewall.bypass_$proto_rule.name="bypass_$proto"
+					set firewall.bypass_$proto_rule.name="bypass_$proto_rule"
 					set firewall.bypass_$proto_rule.src='lan'
 					set firewall.bypass_$proto_rule.dest='*'
+					set firewall.bypass_$proto_rule.family='ipv4'
 					set firewall.bypass_$proto_rule.target='MARK'
+					set firewall.bypass_$proto_rule.ipset="bypass_$proto"
 					set firewall.bypass_$proto_rule.set_xmark="0x4539${intfid}"
 					commit firewall
 				EOF
 				uci -q batch <<-EOF >/dev/null
 					set firewall.bypass6_$proto=ipset
-					set firewall.bypass6_$proto.name="bypas6s_$proto"
+					set firewall.bypass6_$proto.name="bypass6_$proto"
 					set firewall.bypass6_$proto.match='dest_ip'
 					set firewall.bypass6_$proto.family='ipv6'
 					set firewall.bypass6_$proto_rule=rule
-					set firewall.bypass6_$proto_rule.name="bypass6_$proto"
+					set firewall.bypass6_$proto_rule.name="bypass6_$proto_rule"
 					set firewall.bypass6_$proto_rule.src='lan'
+					set firewall.bypass6_$proto_rule.family='ipv6'
 					set firewall.bypass6_$proto_rule.dest='*'
 					set firewall.bypass6_$proto_rule.target='MARK'
 					set firewall.bypass6_$proto_rule.set_xmark="0x6539${intfid}"
+					set firewall.bypass6_$proto_rule.ipset="bypass6_$proto"
 					commit firewall
 				EOF
 				#if [ "$intfid" != "" ]; then

From 572a2ead4a5a12f0aac34d402a8bee7726a111f4 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 13 Mar 2024 09:45:25 +0100
Subject: [PATCH 3/7] Add all servers IP to bypass list in Shadowsocks-*

---
 shadowsocks-libev/files/shadowsocks-libev.init-nft | 12 ++++++++++++
 shadowsocks-rust/files/shadowsocks-rust.init-nft   | 12 ++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/shadowsocks-libev/files/shadowsocks-libev.init-nft b/shadowsocks-libev/files/shadowsocks-libev.init-nft
index e0d6ba774..cf344260b 100755
--- a/shadowsocks-libev/files/shadowsocks-libev.init-nft
+++ b/shadowsocks-libev/files/shadowsocks-libev.init-nft
@@ -131,6 +131,14 @@ ss_xxx() {
 	ss_rules_cb
 }
 
+ss_omr_servers() {
+	add_ip() {
+		local ip="$1"
+		[ -n "$ip" ] && [ -z "$(echo \"$ss_redir_servers\" | grep \"$ip\")" ] && ss_redir_servers="$ss_redir_servers $ip"
+	}
+	config_list_foreach "$1" ip add_ip
+}
+
 ss_rules_cb() {
 	local cfgserver server
 
@@ -296,6 +304,10 @@ start_service() {
 	for cfgtype in ss_local ss_redir ss_server ss_tunnel; do
 		config_foreach ss_xxx "$cfgtype" "$cfgtype"
 	done
+	if [ -n "$(uci show openmptcprouter)" ]; then
+		config_load openmptcprouter
+		config_foreach ss_omr_servers server
+	fi
 	ss_rules
 }
 
diff --git a/shadowsocks-rust/files/shadowsocks-rust.init-nft b/shadowsocks-rust/files/shadowsocks-rust.init-nft
index 9e708648f..8b51253b9 100755
--- a/shadowsocks-rust/files/shadowsocks-rust.init-nft
+++ b/shadowsocks-rust/files/shadowsocks-rust.init-nft
@@ -104,6 +104,14 @@ ss_xxx() {
 	ss_rules_cb
 }
 
+ss_omr_servers() {
+	add_ip() {
+		local ip="$1"
+		[ -n "$ip" ] && [ -z "$(echo \"$ss_redir_servers\" | grep \"$ip\")" ] && ss_redir_servers="$ss_redir_servers $ip"
+	}
+	config_list_foreach "$1" ip add_ip
+}
+
 ss_rules_cb() {
 	local cfgserver server
 
@@ -269,6 +277,10 @@ start_service() {
 	for cfgtype in ss_local ss_redir ss_server ss_tunnel; do
 		config_foreach ss_xxx "$cfgtype" "$cfgtype"
 	done
+	if [ -n "$(uci show openmptcprouter)" ]; then
+		config_load openmptcprouter
+		config_foreach ss_omr_servers server
+	fi
 	ss_rules
 }
 

From ca31571685249dec1ebe5921a78b875a44da9790 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 13 Mar 2024 09:45:55 +0100
Subject: [PATCH 4/7] Update Shadowsocks-rust

---
 shadowsocks-rust/Makefile | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/shadowsocks-rust/Makefile b/shadowsocks-rust/Makefile
index 10e6146a6..8942c1e89 100644
--- a/shadowsocks-rust/Makefile
+++ b/shadowsocks-rust/Makefile
@@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=shadowsocks-rust
-PKG_VERSION:=1.18.0
-PKG_HASH:=e854743ecef9ab3b371fdcb139e6f4452831b487d449c97c2129abbf4f51e863
+PKG_VERSION:=1.18.1
+PKG_HASH:=c2e1d8838e4578c0a6b0de6e1da00e9ece2d780dc452117fd109bb091e5d106f
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -48,7 +48,6 @@ define Package/shadowsocks-rust-config
   SUBMENU:=Web Servers/Proxies
   TITLE:=shadowsocks-rust config
   URL:=https://github.com/shadowsocks/shadowsocks-rust
-  DEPENDS:=$$(RUST_ARCH_DEPENDS)
 endef
 
 

From 7437375a2cf96443a208e54ad0ea6994bc2249ce Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 13 Mar 2024 20:37:07 +0100
Subject: [PATCH 5/7] Fix float to int

---
 omr-tracker/files/bin/omr-tracker | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/omr-tracker/files/bin/omr-tracker b/omr-tracker/files/bin/omr-tracker
index f75fd2a1a..d277709a8 100755
--- a/omr-tracker/files/bin/omr-tracker
+++ b/omr-tracker/files/bin/omr-tracker
@@ -61,11 +61,11 @@ _init_rto() {
 _update_rto() {
 	if [ -z "$srtt" ]; then
 		srtt=$1
-		rttvar=$(($1 / 2))
+		rttvar=$(echo "$(($1 / 2))" | cut -d. -f1)
 	else
 		diff=$((srtt - $1))
-		rttvar=$(((75 * rttvar + 25 * (diff >= 0 ? diff : -diff)) / 100))
-		srtt=$(((75 * srtt + 25 * $1) / 100))
+		rttvar=$(echo "$(((75 * rttvar + 25 * (diff >= 0 ? diff : -diff)) / 100))" | cut -d. -f1)
+		srtt=$(echo "$(((75 * srtt + 25 * $1) / 100))" | cut -d. -f1)
 	fi
 	rto=$((tmp = srtt + 3 * rttvar, tmp > rto_init ? tmp : rto_init))
 }

From b83c9b985f6f0ca0f2ca92183d1565128de710b9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 13 Mar 2024 20:37:54 +0100
Subject: [PATCH 6/7] Fix VPN routes in some case

---
 mptcp/files/usr/share/omr/post-tracking.d/001-post-tracking | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mptcp/files/usr/share/omr/post-tracking.d/001-post-tracking b/mptcp/files/usr/share/omr/post-tracking.d/001-post-tracking
index f590d7de6..87d2958f0 100755
--- a/mptcp/files/usr/share/omr/post-tracking.d/001-post-tracking
+++ b/mptcp/files/usr/share/omr/post-tracking.d/001-post-tracking
@@ -731,7 +731,7 @@ interface_pending=$(ifstatus "$OMR_TRACKER_INTERFACE" 2>/dev/null | jsonfilter -
 initcwrwnd=""
 
 # An interface in error will never be used in MPTCP
-if [ "$OMR_TRACKER_STATUS" = "ERROR" ] || [ "$interface_up" != "true" ]; then
+if [ "$OMR_TRACKER_STATUS" = "ERROR" ] || ([ "$OMR_TRACKER_INTERFACE" != "omrvpn" ] && [ "$interface_up" != "true" ]); then
 	#if [ "$interface_up" = "true" ] && [ -n "$OMR_TRACKER_INTERFACE" ] && ([ "$(uci -q get network.$OMR_TRACKER_INTERFACE.proto)" = "modemmanager" ] || [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.proto)" = "wireguard" ]); then
 	#if [ "$interface_available" = "true" ] && ([ "$interface_pending" = "true" ] || [ "$interface_up" = "true" ]) && [ -n "$OMR_TRACKER_INTERFACE" ] && ([ "$(uci -q get network.$OMR_TRACKER_INTERFACE.proto)" = "modemmanager" ] || [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.proto)" = "wireguard" ]); then
 	if [ "$interface_available" = "true" ] && [ -n "$OMR_TRACKER_INTERFACE" ] && ([ "$(uci -q get network.$OMR_TRACKER_INTERFACE.proto)" = "modemmanager" ] || [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.proto)" = "wireguard" ]); then

From 2d3eac400f55fcfe4306879edec1e1c0c6ca8442 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 13 Mar 2024 20:38:23 +0100
Subject: [PATCH 7/7] Fix metrics on imported backup

---
 .../files/etc/uci-defaults/1920-omr-network          | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/openmptcprouter/files/etc/uci-defaults/1920-omr-network b/openmptcprouter/files/etc/uci-defaults/1920-omr-network
index 5889afb48..8f15bcdaa 100755
--- a/openmptcprouter/files/etc/uci-defaults/1920-omr-network
+++ b/openmptcprouter/files/etc/uci-defaults/1920-omr-network
@@ -79,6 +79,18 @@ config_load network
 #config_foreach _setup_macvlan_update interface
 config_foreach _setup_mptcp_handover_to_on interface
 
+_fix_metrics() {
+	uci -q batch <<-EOF
+	delete openmptcprouter.$1.metric
+	delete network.$1.metric
+	commit openmptcprouter
+	commit network
+	EOF
+}
+
+config_load openmptcprouter
+config_foreach _fix_metrics interface
+
 if [ "$(uci -q show network.lan | grep multipath)" != "" ]; then
 	exit 0
 fi