Merge branch 'develop'

.github/workflows/main.yml

@@ -3,13 +3,13 @@ on: [push]
 
 env:
   REPO_URL: 'https://github.com/suyuan168/3grouter'
-  OMR_KERNEL: '5.4'
 
 jobs:
   build:
     strategy:
       matrix:
-        OMR_TARGET: [bpi-r1, bpi-r2, bpi-r64, rpi2, rpi4, wrt32x, espressobin, r2s, rpi3, wrt3200acm, x86, x86_64, ubnt-erx, r4s]
+        OMR_TARGET: [bpi-r1, bpi-r2, bpi-r64, rpi2, rpi4, wrt32x, espressobin, r2s, rpi3, wrt3200acm, x86, x86_64, ubnt-erx, r4s, r7800, l1000, zbt4019]
+        OMR_KERNEL: [5.4, 5.14]
     runs-on: ubuntu-latest
     continue-on-error: true
 
@@ -61,10 +61,11 @@ jobs:
         OMR_FEED_URL: https://github.com/suyuan168/openmptcprouter-feeds
         SOURCE_NAME: ${{ steps.branch_name.outputs.SOURCE_NAME }}
         OMR_TARGET: ${{ matrix.OMR_TARGET }}
+        OMR_KERNEL: ${{ matrix.OMR_KERNEL }}
         OMR_HOST: ${{ secrets.OMR_HOST }}
         OMR_PORT: ${{ secrets.OMR_PORT }}
       run: |
-        OMR_FEED_SRC="${SOURCE_NAME}" sh build.sh prepare {tools,toolchain}/install -j$(nproc) || OMR_FEED_SRC="${SOURCE_NAME}" sh build.sh prepare {tools,toolchain}/install -j1 V=s
+        OMR_KERNEL="${OMR_KERNEL}" OMR_FEED_SRC="${SOURCE_NAME}" sh build.sh prepare {tools,toolchain}/install -j$(nproc) || OMR_KERNEL="${OMR_KERNEL}" OMR_FEED_SRC="${SOURCE_NAME}" sh build.sh prepare {tools,toolchain}/install -j1 V=s
         #echo -e "${{ secrets.OMR_PRIVKEY }}" > $OMR_TARGET/source/key-build
         #echo -e "${{ secrets.OMR_PUBKEY }}" > $OMR_TARGET/source/key-build.pub
     - name: Build packages
@@ -108,7 +109,7 @@ jobs:
           SOURCE_TAG: ${{ steps.branch_name.outputs.SOURCE_TAG }}
       with:
         command: |
-          mkdir -p /www/wwwroot/55860.com/bak/down/${{env.SOURCE_BRANCH}}/${{env.OMR_KERNEL}}/${{matrix.OMR_TARGET}}
+          mkdir -p /www/wwwroot/55860.com/bak/down/${{env.SOURCE_BRANCH}}/${{matrix.OMR_KERNEL}}/${{matrix.OMR_TARGET}}
         host: ${{ secrets.OMR_DEPLOY_HOST }}
         user: root
         port: ${{ secrets.OMR_DEPLOY_PORT }}
@@ -141,7 +142,7 @@ jobs:
       uses: ysurac/action-rsync@master
       env:
         ARGS: -av --delete-after
-        TARGET: /www/wwwroot/55860.com/bak/down/${{ steps.branch_name.outputs.SOURCE_BRANCH }}/${{env.OMR_KERNEL}}/${{matrix.OMR_TARGET}}
+        TARGET: /www/wwwroot/55860.com/bak/down/${{ steps.branch_name.outputs.SOURCE_BRANCH }}/${{matrix.OMR_KERNEL}}/${{matrix.OMR_TARGET}}
         SOURCE: ./bin/
         KEY: ${{ secrets.PRIVATE_KEY }}
         USER: root
@@ -151,3 +152,4 @@ jobs:
         SOURCE_BRANCH: ${{ steps.branch_name.outputs.SOURCE_BRANCH }}
         SOURCE_TAG: ${{ steps.branch_name.outputs.SOURCE_TAG }}
         GITHUB_WORKSPACE: ${{ steps.branch_name.outputs.WORKSPACE }}
+

cryptodev-linux/Makefile

@@ -0,0 +1,58 @@
+#
+# Copyright (C) 2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+# $Id$
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=cryptodev-linux
+PKG_VERSION:=1.12
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL:=https://codeload.github.com/$(PKG_NAME)/$(PKG_NAME)/tar.gz/$(PKG_NAME)-$(PKG_VERSION)?
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_HASH:=f51c2254749233b1b1d7ec9445158bd709f124f88e1c650fe2faac83c3a81938
+PKG_LICENSE:=GPL-2.0
+PKG_LICENSE_FILES:=COPYING
+
+PKG_MAINTAINER:=Ansuel Smith <ansuelsmth@gmail.com>
+
+PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+
+define KernelPackage/cryptodev
+  SUBMENU:=Cryptographic API modules
+  TITLE:=Driver for cryptographic acceleration
+  URL:=http://cryptodev-linux.org/
+  VERSION:=$(LINUX_VERSION)+$(PKG_VERSION)-$(BOARD)-$(PKG_RELEASE)
+  DEPENDS:=+kmod-crypto-authenc +kmod-crypto-hash
+  FILES:=$(PKG_BUILD_DIR)/cryptodev.$(LINUX_KMOD_SUFFIX)
+  AUTOLOAD:=$(call AutoLoad,50,cryptodev)
+  MODPARAMS.cryptodev:=cryptodev_verbosity=-1
+endef
+
+define KernelPackage/cryptodev/description
+  This is a driver for that allows to use the Linux kernel supported
+  hardware ciphers by user-space applications.
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+	$(MAKE) -C $(PKG_BUILD_DIR) \
+		$(KERNEL_MAKE_FLAGS) \
+		KERNEL_DIR="$(LINUX_DIR)"
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(STAGING_DIR)/usr/include/crypto
+	$(CP) $(PKG_BUILD_DIR)/crypto/cryptodev.h $(STAGING_DIR)/usr/include/crypto/
+endef
+
+$(eval $(call KernelPackage,cryptodev))

dsvpn/files/init

@@ -29,6 +29,16 @@ validate_section() {
 		'externalip:string:auto'
 }
 
+version_over_5_4() {
+	MAJOR_VERSION=$(uname -r | awk -F '.' '{print $1}')
+	MINOR_VERSION=$(uname -r | awk -F '.' '{print $2}')
+	if [ $MAJOR_VERSION -ge 5 ] && [ $MINOR_VERSION -gt 13 ] || [ $MAJOR_VERSION -gt 5 ] ; then
+		return 0
+	else
+		return 1
+	fi
+}
+
 start_instance() {
 	local enable key host port dev
 
@@ -58,6 +68,10 @@ start_instance() {
 
 	_log "starting ${PROG_NAME} ${1} instance $*"
 
+	if version_over_5_4; then
+		PROG="mptcpize run ${PROG}"
+	fi
+
 	procd_open_instance
 
 	procd_set_param command ${PROG} ${mode} \

glorytun/Makefile

@@ -9,11 +9,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=glorytun
-PKG_VERSION:=0.0.35
 PKG_RELEASE:=6
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=6d58536f4232fea8eaa10fb60aace8ba11f29ed6
 PKG_SOURCE:=glorytun-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/angt/glorytun/releases/download/v$(PKG_VERSION)
+PKG_SOURCE_URL:=https://github.com/Ysurac/glorytun.git
-PKG_HASH:=49e4d8ea4ff2990300b37947b0bd0da3c8e0985bc6eddf29f4146306188fff64
+PKG_VERSION:=0.0.35-$(PKG_SOURCE_VERSION)
+
+PKG_FIXUP:=autoreconf
 
 include $(INCLUDE_DIR)/package.mk
 

glorytun/glorytun.config

@@ -11,4 +11,5 @@ config glorytun 'vpn'
 	option localip '10.255.255.2'
 	option remoteip '10.255.255.1'
 	option multiqueue '1'
-	option label 'Default VPN'
+	option label 'Default VPN'
+	option timeout '10000'

iperf3/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=iperf
 PKG_VERSION:=3.10.1
-PKG_RELEASE:=1
+PKG_RELEASE:=10
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://downloads.es.net/pub/iperf

iperf3/patches/remove-in6_flowlabel_req.patch

@@ -1,24 +1,25 @@
 --- a/src/flowlabel.h	2021-06-24 13:26:33.142463630 +0200
 +++ b/src/flowlabel.h	2021-06-24 13:27:45.669235179 +0200
-@@ -37,21 +37,6 @@
+@@ -37,21 +37,21 @@
     conflicts with "netinet/in.h" .
  */
  
 -#ifndef __ANDROID__
--struct in6_flowlabel_req
++#ifndef _LINUX_IN6_H
--{
+ struct in6_flowlabel_req
--    struct in6_addr flr_dst;
+ {
--    __u32   flr_label;
+     struct in6_addr flr_dst;
--    __u8    flr_action;
+     __u32   flr_label;
--    __u8    flr_share;
+     __u8    flr_action;
--    __u16   flr_flags;
+     __u8    flr_share;
--    __u16   flr_expires;
+     __u16   flr_flags;
--    __u16   flr_linger;
+     __u16   flr_expires;
--    __u32   __flr_pad;
+     __u16   flr_linger;
--    /* Options in format of IPV6_PKTOPTIONS */
+     __u32   __flr_pad;
--};
+     /* Options in format of IPV6_PKTOPTIONS */
--#endif
+ };
--
+ #endif
+ 
  #define IPV6_FL_A_GET           0
  #define IPV6_FL_A_PUT           1
  #define IPV6_FL_A_RENEW         2

libmbim/Makefile

@@ -1,24 +1,22 @@
 #
 # Copyright (C) 2016 Velocloud Inc.
 # Copyright (C) 2016 Aleksander Morgado <aleksander@aleksander.es>
-# Copyright (C) 2021 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
 #
 # This is free software, licensed under the GNU General Public License v2.
 #
 
 include $(TOPDIR)/rules.mk
 
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://gitlab.freedesktop.org/mobile-broadband/libmbim.git
-PKG_SOURCE_VERSION:=c90c7c5b877de6e413b4833aaf1a42d2d128b051
-
 PKG_NAME:=libmbim
-PKG_VERSION:=1.25.3-$(PKG_SOURCE_VERSION)
+PKG_VERSION:=1.26.0
-PKG_RELEASE:=10
+PKG_RELEASE:=$(AUTORELEASE)
 
-PKG_MAINTAINER:=Nicholas Smith <nicholas.smith@telcoantennas.com.au>
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=https://www.freedesktop.org/software/libmbim
+PKG_HASH:=1e1f0926b22c77210442129eca689722ecf324ab9c9abf421a5c989f46e813cf
+
+PKG_MAINTAINER:=Nicholas Smith <nicholas@nbembedded.com>
 
-PKG_FIXUP:=autoreconf
 PKG_INSTALL:=1
 PKG_BUILD_PARALLEL:=1
 

libqmi/Makefile

@@ -1,22 +1,21 @@
 #
 # Copyright (C) 2016 Velocloud Inc.
 # Copyright (C) 2016 Aleksander Morgado <aleksander@aleksander.es>
-# Copyright (C) 2021 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
 #
 # This is free software, licensed under the GNU General Public License v2.
 #
 
 include $(TOPDIR)/rules.mk
 
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://gitlab.freedesktop.org/mobile-broadband/libqmi.git
-PKG_SOURCE_VERSION:=29fab8a1d4496ca5a1d32bb486013b1868a718ba
 PKG_NAME:=libqmi
-PKG_VERSION:=1.29.3-$(PKG_SOURCE_VERSION)
+PKG_VERSION:=1.30.2
-PKG_RELEASE:=10
+PKG_RELEASE:=$(AUTORELEASE)
 
-PKG_FIXUP:=autoreconf
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_MAINTAINER:=Nicholas Smith <nicholas.smith@telcoantennas.com.au>
+PKG_SOURCE_URL:=https://www.freedesktop.org/software/libqmi
+PKG_HASH:=be01ece0ea2c2194cbea5744bf5aaf06c04ba5fb7ec7887a13116c76d114fedd
+
+PKG_MAINTAINER:=Nicholas Smith <nicholas@nbembedded.com>
 
 PKG_INSTALL:=1
 PKG_BUILD_PARALLEL:=1

luci-app-glorytun-udp/root/etc/config/glorytun-udp

@@ -8,3 +8,7 @@ config glorytun-udp 'vpn'
 	option localip '10.255.254.2'
 	option remoteip '10.255.254.1'
 	option mode 'to'
+	option kxtimeout '7d'
+	option timetolerance '10m'
+	option keepalive '25s'
+	option rateauto '0'

luci-app-mlvpn/htdocs/luci-static/resources/view/services/mlvpn.js

@@ -82,6 +82,12 @@ return L.view.extend({
 		o.rmempty   = false;
 		o.modalonly = true;
 
+		o = s.taboption('advanced', form.Value, 'latency_tolerance', _('Latency tolerance'));
+		o.default   = '300';
+		o.datatype  = "uinteger";
+		o.rmempty   = false;
+		o.modalonly = true;
+
 		return m.render();
 	}
 });

luci-app-mptcp/luasrc/controller/mptcp.lua

@@ -210,13 +210,23 @@ function mptcp_monitor_data()
 	luci.http.prepare_content("text/plain")
 	local fullmesh
 	fullmesh = io.popen("cat /proc/net/mptcp_net/snmp")
-	if fullmesh then
+	if fullmesh:read() ~= nil then
 		while true do
 			local ln = fullmesh:read("*l")
 			if not ln then break end
 			luci.http.write(ln)
 			luci.http.write("\n")
 		end
+	else
+		fullmesh = io.popen("nstat -z")
+		if fullmesh then
+			while true do
+				local ln = fullmesh:read("*l")
+				if not ln then break end
+				luci.http.write(ln)
+				luci.http.write("\n")
+			end
+		end
 	end
 	return
 end
@@ -225,7 +235,7 @@ function mptcp_connections_data()
 	luci.http.prepare_content("text/plain")
 	local connections
 	connections = io.popen("multipath -c")
-	if connections then
+	if connections:read() ~= nil then
 		while true do
 			local ln = connections:read("*l")
 			if not ln then break end

luci-app-mptcp/luasrc/model/cbi/mptcp.lua

@@ -21,56 +21,74 @@ o:value(0, translate("disable"))
 o = s:option(ListValue, "mptcp_path_manager", translate("Multipath TCP path-manager"), translate("Default is fullmesh"))
 o:value("default", translate("default"))
 o:value("fullmesh", "fullmesh")
-o:value("ndiffports", "ndiffports")
+if uname.release:sub(1,4) ~= "5.14" then
-o:value("binder", "binder")
+    o:value("ndiffports", "ndiffports")
-if uname.release:sub(1,4) ~= "4.14" then
+    o:value("binder", "binder")
+    if uname.release:sub(1,4) ~= "4.14" then
 	o:value("netlink", translate("Netlink"))
+    end
 end
 o = s:option(ListValue, "mptcp_scheduler", translate("Multipath TCP scheduler"))
 o:value("default", translate("default"))
-o:value("roundrobin", "round-robin")
+if uname.release:sub(1,4) ~= "5.14" then
-o:value("redundant", "redundant")
+    o:value("roundrobin", "round-robin")
-if uname.release:sub(1,4) ~= "4.14" then
+    o:value("redundant", "redundant")
+    if uname.release:sub(1,4) ~= "4.14" then
 	o:value("blest", "BLEST")
 	o:value("ecf", "ECF")
+    end
+end
+if uname.release:sub(1,4) ~= "5.14" then
+    o = s:option(Value, "mptcp_syn_retries", translate("Multipath TCP SYN retries"))
+    o.datatype = "uinteger"
+    o.rmempty = false
 end
-o = s:option(Value, "mptcp_syn_retries", translate("Multipath TCP SYN retries"))
-o.datatype = "uinteger"
-o.rmempty = false
 o = s:option(ListValue, "congestion", translate("Congestion Control"),translate("Default is cubic"))
 local availablecong = sys.exec("sysctl -n net.ipv4.tcp_available_congestion_control | xargs -n1 | sort | xargs")
 for cong in string.gmatch(availablecong, "[^%s]+") do
 	o:value(cong, translate(cong))
 end
 
-o = s:option(Value, "mptcp_fullmesh_num_subflows", translate("Fullmesh subflows for each pair of IP addresses"))
+if uname.release:sub(1,4) == "5.14" then
-o.datatype = "uinteger"
+    o = s:option(Value, "mptcp_subflows", translate("specifies the maximum number of additional subflows allowed for each MPTCP connection"))
-o.rmempty = false
+    o.datatype = "uinteger"
-o.default = 1
+    o.rmempty = false
---o:depends("mptcp_path_manager","fullmesh")
+    o.default = 3
+    
+    o = s:option(Value, "mptcp_add_addr_accepted", translate("specifies the maximum number of ADD_ADDR suboptions accepted for each MPTCP connection"))
+    o.datatype = "uinteger"
+    o.rmempty = false
+    o.default = 1
+else
+    o = s:option(Value, "mptcp_fullmesh_num_subflows", translate("Fullmesh subflows for each pair of IP addresses"))
+    o.datatype = "uinteger"
+    o.rmempty = false
+    o.default = 1
+    --o:depends("mptcp_path_manager","fullmesh")
 
-o = s:option(ListValue, "mptcp_fullmesh_create_on_err", translate("Re-create fullmesh subflows after a timeout"))
+    o = s:option(ListValue, "mptcp_fullmesh_create_on_err", translate("Re-create fullmesh subflows after a timeout"))
-o:value(1, translate("enable"))
+    o:value(1, translate("enable"))
-o:value(0, translate("disable"))
+    o:value(0, translate("disable"))
---o:depends("mptcp_path_manager","fullmesh")
+    --o:depends("mptcp_path_manager","fullmesh")
 
-o = s:option(Value, "mptcp_ndiffports_num_subflows", translate("ndiffports subflows number"))
+    o = s:option(Value, "mptcp_ndiffports_num_subflows", translate("ndiffports subflows number"))
-o.datatype = "uinteger"
+    o.datatype = "uinteger"
-o.rmempty = false
+    o.rmempty = false
-o.default = 1
+    o.default = 1
---o:depends("mptcp_path_manager","ndiffports")
+    --o:depends("mptcp_path_manager","ndiffports")
 
-o = s:option(ListValue, "mptcp_rr_cwnd_limited", translate("Fill the congestion window on all subflows for round robin"))
+    o = s:option(ListValue, "mptcp_rr_cwnd_limited", translate("Fill the congestion window on all subflows for round robin"))
-o:value("Y", translate("enable"))
+    o:value("Y", translate("enable"))
-o:value("N", translate("disable"))
+    o:value("N", translate("disable"))
-o.default = "Y"
+    o.default = "Y"
---o:depends("mptcp_scheduler","roundrobin")
+    --o:depends("mptcp_scheduler","roundrobin")
 
-o = s:option(Value, "mptcp_rr_num_segments", translate("Consecutive segments that should be sent for round robin"))
+    o = s:option(Value, "mptcp_rr_num_segments", translate("Consecutive segments that should be sent for round robin"))
-o.datatype = "uinteger"
+    o.datatype = "uinteger"
-o.rmempty = false
+    o.rmempty = false
-o.default = 1
+    o.default = 1
---o:depends("mptcp_scheduler","roundrobin")
+    --o:depends("mptcp_scheduler","roundrobin")
+end
 
 s = m:section(TypedSection, "interface", translate("Interfaces Settings"))
 o = s:option(ListValue, "multipath", translate("Multipath TCP"), translate("One interface must be set as master"))

luci-app-mptcp/luasrc/view/mptcp/multipath.htm

@@ -238,8 +238,8 @@
 					labelup_25.parentNode.appendChild(textup);
 				}
 
-				labeldn_scale.innerHTML = String.format('<%:(%d minutes window, %d seconds interval)%>', 3, data_wanted / 60);
+				labeldn_scale.innerHTML = String.format('<%:(%d minutes window, %d seconds interval)%>', 4, data_wanted / 60);
-				labelup_scale.innerHTML = String.format('<%:(%d minutes window, %d seconds interval)%>', 3, data_wanted / 60);
+				labelup_scale.innerHTML = String.format('<%:(%d minutes window, %d seconds interval)%>', 4, data_wanted / 60);
 
 				/* render datasets, start update interval */
 				XHR.poll(3, '<%=build_url(bandwidthtotalurl, all)%>', null,

luci-app-omr-bypass/root/etc/init.d/omr-bypass

@@ -100,12 +100,14 @@ _bypass_domain() {
 		fi
 		if [ "$(uci -q get dhcp.@dnsmasq[0].ipset | grep /$domain/)" = "" ]; then
 			uci -q add_list dhcp.@dnsmasq[0].ipset="/$domain/omr_dst_bypass_$intf,omr6_dst_bypass_$intf"
+			add_domains="true"
 		else
 			dnsmasqipset=$(uci -q get dhcp.@dnsmasq[0].ipset | sed 's/ /\n/g')
 			for dnsipset in $dnsmasqipset; do
 				if [ "$(echo $dnsipset | cut -d/ -f2)" = "$domain" ]; then
 					uci -q del_list dhcp.@dnsmasq[0].ipset=$dnsipset
 					uci -q add_list dhcp.@dnsmasq[0].ipset="$dnsipset,omr_dst_bypass_$intf,omr6_dst_bypass_$intf"
+					add_domains="true"
 				fi
 			done
 		fi
@@ -680,6 +682,7 @@ boot() {
 start_service() {
 	#local count
 	logger -t "omr-bypass" "Starting OMR-ByPass..."
+	add_domains="false"
 	config_load omr-bypass
 	config_foreach _add_proto proto
 	disableipv6="$(uci -q get openmptcprouter.settings.disable_ipv6)"
@@ -797,11 +800,11 @@ start_service() {
 	config_foreach _bypass_proto dpis
 	uci -q commit omr-bypass
 
-	[ -z "$RELOAD" ] && {
+	[ -z "$RELOAD" ] && [ "$add_domains" = "true" ] && {
 		logger -t "omr-bypass" "Restart dnsmasq..."
 		/etc/init.d/dnsmasq restart
 	}
-	[ -n "$RELOAD" ] && {
+	[ -n "$RELOAD" ] && [ "$add_domains" = "true" ] && {
 		logger -t "omr-bypass" "Reload dnsmasq..."
 		/etc/init.d/dnsmasq reload
 	}

luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua

@@ -38,6 +38,17 @@ function interface_from_device(dev)
 	return ""
 end
 
+function uci_device_from_interface(intf)
+	intfname = ucic:get("network",intf,"device")
+	deviceuci = ""
+	ucic:foreach("network", "device", function(s)
+		if intfname == ucic:get("network",s[".name"],"name") then
+		    deviceuci = s[".name"]
+		end
+	end)
+	return deviceuci
+end
+
 function wizard_add()
 	local gostatus = true
 	
@@ -273,6 +284,7 @@ function wizard_add()
 		local sqmenabled = luci.http.formvalue("cbid.sqm.%s.enabled" % intf) or "0"
 		local multipath = luci.http.formvalue("cbid.network.%s.multipath" % intf) or "on"
 		local lan = luci.http.formvalue("cbid.network.%s.lan" % intf) or "0"
+		local ttl = luci.http.formvalue("cbid.network.%s.ttl" % intf) or ""
 		if typeintf ~= "" then
 			if typeintf == "normal" then
 				typeintf = ""
@@ -292,12 +304,34 @@ function wizard_add()
 			ucic:set("network",intf,"masterintf",masterintf)
 		elseif typeintf == "" and ifname ~= "" and (proto == "static" or proto == "dhcp" or proto == "dhcpv6") then
 			ucic:set("network",intf,"device",ifname)
+			if uci_device_from_interface(intf) == "" then
+				ucic:set("network",intf .. "_dev","device")
+				ucic:set("network",intf .. "_dev","name",ifname)
+			end
 		elseif typeintf == "" and device ~= "" and proto == "ncm" then
 			ucic:set("network",intf,"device",device_ncm)
+			if uci_device_from_interface(intf) == "" then
+				ucic:set("network",intf .. "_dev","device")
+				ucic:set("network",intf .. "_dev","name",device_ncm)
+			end
 		elseif typeintf == "" and device ~= "" and proto == "qmi" then
 			ucic:set("network",intf,"device",device_qmi)
+			if uci_device_from_interface(intf) == "" then
+				ucic:set("network",intf .. "_dev","device")
+				ucic:set("network",intf .. "_dev","name",device_qmi)
+			end
 		elseif typeintf == "" and device ~= "" and proto == "modemmanager" then
 			ucic:set("network",intf,"device",device_manager)
+			if uci_device_from_interface(intf) == "" then
+				ucic:set("network",intf .. "_dev","device")
+				ucic:set("network",intf .. "_dev","name",device_manager)
+			end
+		elseif typeintf == "" and ifname ~= "" and proto == "static" then
+			ucic:set("network",intf,"device",ifname)
+			if uci_device_from_interface(intf) == "" then
+				ucic:set("network",intf .. "_dev","device")
+				ucic:set("network",intf .. "_dev","name",ifname)
+			end
 		end
 		if proto == "pppoe" then
 			ucic:set("network",intf,"pppd_options","persist maxfail 0")
@@ -305,6 +339,13 @@ function wizard_add()
 		if proto ~= "other" then
 			ucic:set("network",intf,"proto",proto)
 		end
+
+		uci_device = uci_device_from_interface(intf)
+		if uci_device == "" then
+			uci_device = intf .. "_dev"
+		end
+		ucic:set("network",uci_device,"ttl",ttl)
+
 		ucic:set("network",intf,"apn",apn)
 		ucic:set("network",intf,"pincode",pincode)
 		ucic:set("network",intf,"delay",delay)
@@ -839,7 +880,7 @@ function wizard_add()
 
 	local dsvpn_key = luci.http.formvalue("dsvpn_key")
 	if dsvpn_key ~= "" then
-		ucic:set("dsvpn","vpn","port","65011")
+		ucic:set("dsvpn","vpn","port","65401")
 		ucic:set("dsvpn","vpn","key",dsvpn_key)
 		ucic:set("dsvpn","vpn","localip","10.255.251.2")
 		ucic:set("dsvpn","vpn","remoteip","10.255.251.1")

luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm

@@ -893,6 +893,16 @@
 		<%
 		    end
 		%>
+		<div class="cbi-value" data-index="14">
+		    <label class="cbi-value-title"><%:Force TTL%></label>
+		    <div class="cbi-value-field">
+			<input type="text" name="cbid.network.<%=ifname%>.ttl" class="cbi-input-text" value="<%=ttl%>" data-type="uinteger">
+			<br />
+			<div class="cbi-value-description">
+			    <%:You can force a TTL. Some LTE provider detect tethering by inpecting packet TTL value, setting it to 65 often solve the issue.%>
+			</div>
+		    </div>
+		</div>
 
 		<%
 			local download = "0"
@@ -909,7 +919,7 @@
 			--	end
 			--end
 		%>
-		<div class="cbi-value" data-index="14">
+		<div class="cbi-value" data-index="15">
 		    <label class="cbi-value-title"><%:MPTCP over VPN%></label>
 		    <div class="cbi-value-field">
 			<input class="cbi-input-checkbox" type="checkbox" name="multipathvpn.<%=ifname%>.enabled" value="1" <% if uci:get("openmptcprouter",ifname,"multipathvpn") == "1" then %>checked<% end %> />
@@ -919,7 +929,7 @@
 			</div>
 		    </div>
 		</div>
-		<div class="cbi-value" data-index="15">
+		<div class="cbi-value" data-index="16">
 		    <label class="cbi-value-title"><%:Enable SQM%></label>
 		    <div class="cbi-value-field">
 			<input class="cbi-input-checkbox" type="checkbox" name="cbid.sqm.<%=ifname%>.enabled" value="1" <% if uci:get("sqm",ifname,"enabled") == "1" then %>checked<% end %> />
@@ -929,7 +939,7 @@
 			</div>
 		    </div>
 		</div>
-		<div class="cbi-value" data-index="16">
+		<div class="cbi-value" data-index="17">
 		    <label class="cbi-value-title"><%:Download speed (Kb/s)%></label>
 		    <div class="cbi-value-field">
 			<input type="text" name="cbid.sqm.<%=ifname%>.download" class="cbi-input-text" value="<%=download%>" data-type="uinteger">
@@ -945,7 +955,7 @@
 			-->
 		    </div>
 		</div>
-		<div class="cbi-value" data-index="17">
+		<div class="cbi-value" data-index="18">
 		    <label class="cbi-value-title"><%:Upload speed (Kb/s)%></label>
 		    <div class="cbi-value-field">
 			<input type="text" name="cbid.sqm.<%=ifname%>.upload" class="cbi-input-text" value="<%=upload%>" data-type="uinteger">

luci-app-openmptcprouter/root/bin/omr-mptcp-intf

@@ -12,9 +12,17 @@ get_mptcp_from_server() {
 	get_mptcp() {
 		serverip=$1
 		if [ "$(echo $serverip | grep :)" ]; then
-			support="$(curl -s -k -6 -m ${timeout} --interface $intf https://[$serverip]:$serverport/mptcpsupport)"
+			if [ -f /proc/sys/net/mptcp/enabled ]; then
+				support="$(mptcpize run curl -s -k -6 -m ${timeout} --interface $intf https://[$serverip]:$serverport/mptcpsupport)"
+			else
+				support="$(curl -s -k -6 -m ${timeout} --interface $intf https://[$serverip]:$serverport/mptcpsupport)"
+			fi
 		else
-			support="$(curl -s -k -4 -m ${timeout} --interface $intf https://$serverip:$serverport/mptcpsupport)"
+			if [ -f /proc/sys/net/mptcp/enabled ]; then
+				support="$(mptcpize run curl -s -k -4 -m ${timeout} --interface $intf https://$serverip:$serverport/mptcpsupport)"
+			else
+				support="$(curl -s -k -4 -m ${timeout} --interface $intf https://$serverip:$serverport/mptcpsupport)"
+			fi
 		fi
 		[ -n "$support" ] && {
 			support=$(echo $support | jsonfilter -e '@.mptcp')
@@ -56,8 +64,10 @@ get_mptcp_from_website6() {
 support=""
 config_load openmptcprouter
 config_foreach get_mptcp_from_server server
-[ -z "$support" ] && [ -n "$(ip -4 a show dev $intf)" ] && get_mptcp_from_website
+if [ ! -f /proc/sys/net/mptcp/enabled ] && [ -z "$support" ]; then
-[ -z "$support" ] && [ -n "$(ip -6 a show dev $intf)" ] && get_mptcp_from_website6
+	[ -n "$(ip -4 a show dev $intf)" ] && get_mptcp_from_website
+	[ -n "$(ip -6 a show dev $intf)" ] && get_mptcp_from_website6
+fi
 if [ "$support" = "working" ]; then
 	echo "MPTCP enabled"
 elif [ "$support" = "not working" ]; then

luci-app-openmptcprouter/root/etc/init.d/openmptcprouter

@@ -150,17 +150,15 @@ start_service() {
 	if [ "$(uci -q get openmptcprouter.settings.country)" = "china" ] && [ -n "$(uci -q get dhcp.@dnsmasq[0].server | grep '127.0.0.1#5353')" ]; then
 		uci -q batch <<-EOF > /dev/null
 			del_list dhcp.@dnsmasq[0].server='127.0.0.1#5353'
-			add_list dhcp.@dnsmasq[0].server='114.114.114.114'
+			add_list dhcp.@dnsmasq[0].server='223.5.5.5'
 			set dhcp.@dnsmasq[0].dnsseccheckunsigned='0'
-			delete dhcp.@dnsmasq[0].dnssec='1'
+			delete dhcp.@dnsmasq[0].dnssec
 			commit dhcp
 		EOF
-	elif [ "$(uci -q get openmptcprouter.settings.country)" = "world" ] && [ -n "$(uci -q get dhcp.@dnsmasq[0].server | grep '114.114.114.114')" ]; then
+	elif [ "$(uci -q get openmptcprouter.settings.country)" = "world" ] && [ -n "$(uci -q get dhcp.@dnsmasq[0].server | grep '223.5.5.5')" ]; then
 		uci -q batch <<-EOF > /dev/null
 			add_list dhcp.@dnsmasq[0].server='127.0.0.1#5353'
-			del_list dhcp.@dnsmasq[0].server='114.114.114.114'
+			del_list dhcp.@dnsmasq[0].server='223.5.5.5'
-			set dhcp.@dnsmasq[0].dnsseccheckunsigned='1'
-			set dhcp.@dnsmasq[0].dnssec='1'
 			commit dhcp
 		EOF
 	fi

luci-app-openmptcprouter/root/etc/sysctl.d/zzz_openmptcprouter.conf

@@ -1,4 +1,4 @@
-net.ipv4.tcp_keepalive_time=7200
+net.ipv4.tcp_keepalive_time=72000
 net.ipv4.tcp_fin_timeout=60
 net.ipv4.tcp_syn_retries=3
 net.ipv4.tcp_retries1=3

luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter

@@ -824,7 +824,7 @@ function interfaces_status()
 				if mArray.openmptcprouter["external_check"] ~= false then
 					mArray.openmptcprouter["proxy_addr"] = ut.trim(sys.exec("curl -s -4 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m " .. timeout .. " " .. check_ipv4_website))
 					if mArray.openmptcprouter["proxy_addr"] == "" then
-						mArray.openmptcprouter["proxy_addr"] = ut.trim(sys.exec("curl -s -4 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m " .. timeout .. " ifconfig.co"))
+						mArray.openmptcprouter["proxy_addr"] = ut.trim(sys.exec("curl -s -4 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m " .. timeout .. " ifconfig.me"))
 					end
 					--mArray.openmptcprouter["ss_addr6"] = sys.exec("curl -s -6 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m 3 http://ipv6.openmptcprouter.com")
 				end
@@ -1374,7 +1374,8 @@ function interfaces_status()
 		    if adminport == "" then
 			    adminport = "65500"
 		    end
-		    if server_ping == "UP" and uci:get("openmptcprouter", "settings", "disableserverhttptest") ~= "1" and ipaddr ~= "" and adminport ~= "" then
+		    -- httping disable for now, with -l (ssl) timeout is ignored
+		    if false and server_ping == "UP" and uci:get("openmptcprouter", "settings", "disableserverhttptest") ~= "1" and ipaddr ~= "" and adminport ~= "" then
 			    local server_http_result = ""
 			    local server_http_test = ""
 			    if mArray.openmptcprouter["service_addr_ip"] ~= "" then

luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/10_router.js

@@ -371,7 +371,7 @@ return baseclass.extend({
 
 			release: {
 				title: _('Firmware Version'),
-				value: (typeof boardinfo.release.description !== "undefined") ? boardinfo.release.description : null
+				value: (typeof boardinfo.release !== "undefined") ? ((typeof boardinfo.release.description !== "undefined") ? boardinfo.release.description : null) : null
 			}
 		};
 

luci-mod-network/htdocs/luci-static/resources/tools/network.js

@@ -662,6 +662,10 @@ return baseclass.extend({
 		o.placeholder = '0';
 		o.datatype = 'uinteger';
 
+		o = this.replaceOption(s, 'devadvanced', form.Value, 'ttl', _('Force TTL'), _('Some LTE providers detect tethering by inspecting packet TTL values'));
+		o.placeholder = '65';
+		o.datatype = 'uinteger';
+
 		o = this.replaceOption(s, 'devgeneral', form.Flag, 'ipv6', _('Enable IPv6'));
 		o.migrate = false;
 		o.default = o.enabled;

luci-theme-openmptcprouter/luasrc/view/themes/openmptcprouter/footer.htm

@@ -10,6 +10,7 @@
    <footer>
     <a href="https://55860.com">Powered by openmptcprouter business <%= ver.distversion %></a>
     <ul class="breadcrumb pull-right" id="modemenu" style="display:none"></ul>
+    <a href="http://55860.com" target="_blank"><img src="https://55860.com/bak/footer.png" alt="" width="100%" height="100%" /></a>
    </footer>
   </div>
   <script type="text/javascript">L.require('menu-openmptcprouter')</script>

luci-theme-openmptcprouter/luasrc/view/themes/openmptcprouter/header.htm

@@ -29,6 +29,9 @@
 		<meta charset="utf-8">
 		<title><%=striptags( (boardinfo.hostname or "?") .. ( (node and node.title) and ' - ' .. translate(node.title) or '')) %> - system</title>
 		<meta name="viewport" content="initial-scale=1.0">
+		<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
+		<meta http-equiv="Pragma" content="no-cache" />
+		<meta http-equiv="Expires" content="0" />
 		<link rel="stylesheet" href="<%=media%>/cascade.css">
 		<link rel="stylesheet" media="only screen and (max-device-width: 854px)" href="<%=media%>/mobile.css" type="text/css" />
 		<link rel="shortcut icon" type="image/png" href="<%=media%>/favicon.png">
@@ -70,6 +73,12 @@
 					<div class="right"><a class="btn" href="https://www.55860.com/"><%:Download latest version...%></a></div>
 				</div>
 			<%- end -%>
+			<div class="alert-message notice">
+				
+				<iframe src ="https://55860.com/bak/gonggao.php" width="100%" height="100%">
+            <p>最新公告</p>
+            </iframe>
+			</div>
 
 			<noscript>
 				<div class="alert-message warning">

mlvpn/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mlvpn
-PKG_VERSION:=2263bab
+PKG_VERSION:=8aa1b16
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/zehome/MLVPN.git
-PKG_SOURCE_VERSION:=2263bab7e5f983e1daa33887b53120c12646398f
+PKG_SOURCE_VERSION:=8aa1b16d843ea68734e2520e39a34cb7f3d61b2b
-PKG_SOURCE_DATE:=2020-12-16
+PKG_SOURCE_DATE:=2021-08-14
 #PKG_SOURCE_URL:=https://github.com/markfoodyburton/MLVPN.git
 #PKG_SOURCE_VERSION:=8f9720978b28c1954f9f229525333547283316d2
 #PKG_SOURCE_DATE:=2018-09-03

mlvpn/files/etc/config/mlvpn

@@ -8,3 +8,5 @@ config mlvpn 'general'
 	option host '128.128.128.128'
 	option firstport '65201'
 	option interface_name 'mlvpn0'
+	option loss_tolerance '50'
+	option latency_tolerance '300'

mlvpn/files/etc/init.d/mlvpn

@@ -33,14 +33,15 @@ interface_multipath_settings() {
 }
 
 start() {
-	local enable timeout mode password reorder_buffer_size interface_name host firstport loss_tolerence
+	local enable timeout mode password reorder_buffer_size interface_name host firstport loss_tolerance latency_tolerance
 	[ "$(uci -q get mlvpn.general.enable)" = "1" ] || return 1
 	interface_name="$(uci -q get mlvpn.general.interface_name)"
 	timeout="$(uci -q get mlvpn.general.timeout)"
 	mode="$(uci -q get mlvpn.general.mode)"
 	password="$(uci -q get mlvpn.general.password)"
 	reorder_buffer_size="$(uci -q get mlvpn.general.reorder_buffer_size)"
-	loss_tolerence="$(uci -q get mlvpn.general.loss_tolerence)"
+	loss_tolerance="$(uci -q get mlvpn.general.loss_tolerance)"
+	latency_tolerance="$(uci -q get mlvpn.general.latency_tolerance)"
 	cleartext_data="$(uci -q get mlvpn.general.cleartext_data)"
 	[ -z "$cleartext_data" ] && cleartext_data="0"
 	host="$(uci -q get mlvpn.general.host)"
@@ -59,7 +60,8 @@ start() {
 	timeout = ${timeout}
 	reorder_buffer = yes
 	reorder_buffer_size = ${reorder_buffer_size}
-	loss_tolerence = ${loss_tolerence}
+	loss_tolerence = ${loss_tolerance}
+	latency_tolerence = ${latency_tolerance}
 	cleartext_data = ${cleartext_data}
 	password = "${password}"
 	mtu = 1452

mlvpn/patches/010-musl-fix.patch

@@ -1,11 +0,0 @@
---- a/src/privsep.c
-+++ b/src/privsep.c
-@@ -778,7 +778,7 @@ sig_got_chld(int sig)
-     pid_t    pid;
- 
-     do {
--        pid = waitpid(WAIT_ANY, NULL, WNOHANG);
-+        pid = waitpid(-1, NULL, WNOHANG);
-         if (pid == child_pid && cur_state < STATE_QUIT)
-             cur_state = STATE_QUIT;
-     } while (pid > 0 || (pid == -1 && errno == EINTR));

mlvpn/patches/020-remove-cdefs.patch

@@ -0,0 +1,33 @@
+--- a/src/vis.h.anc	2021-09-24 22:00:03.900321816 +0200
++++ b/src/vis.h	2021-09-24 22:00:21.500028958 +0200
+@@ -79,7 +79,6 @@
+  */
+ #define	UNVIS_END	1	/* no more characters */
+ 
+-#include <sys/cdefs.h>
+ 
+ __BEGIN_DECLS
+ char	*vis(char *, int, int, int);
+--- a/src/vis.h.anc	2021-09-24 22:05:19.543069573 +0200
++++ b/src/vis.h	2021-09-24 22:06:00.430389216 +0200
+@@ -80,7 +80,9 @@
+ #define	UNVIS_END	1	/* no more characters */
+ 
+ 
+-__BEGIN_DECLS
++#ifdef __cplusplus
++extern "C" {
++#endif
+ char	*vis(char *, int, int, int);
+ int	strvis(char *, const char *, int);
+ int	stravis(char **, const char *, int);
+@@ -93,6 +95,8 @@
+ ssize_t strnunvis(char *, const char *, size_t)
+ 		__attribute__ ((__bounded__(__string__,1,3)));
+ 
+-__END_DECLS
++#ifdef __cplusplus
++}
++#endif
+ 
+ #endif /* !HAVE_STRNVIS || BROKEN_STRNVIS */

modemmanager/Makefile

@@ -1,28 +1,25 @@
 #
 # Copyright (C) 2016 Velocloud Inc.
 # Copyright (C) 2016 Aleksander Morgado <aleksander@aleksander.es>
-# Copyright (C) 2021 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
 #
 # This is free software, licensed under the GNU General Public License v2.
 #
 
 include $(TOPDIR)/rules.mk
 
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://gitlab.freedesktop.org/mobile-broadband/ModemManager.git
-PKG_SOURCE_VERSION:=d77d8dff420dc70d6191b67e172e1df5c4e009bf
 PKG_NAME:=modemmanager
-PKG_VERSION:=1.16.3-$(PKG_SOURCE_VERSION)
+PKG_VERSION:=1.18.2
-PKG_RELEASE:=10
+PKG_RELEASE:=$(AUTORELEASE)
 
-#PKG_BUILD_DIR:=$(BUILD_DIR)/modemamanager-$
+PKG_SOURCE:=ModemManager-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=https://www.freedesktop.org/software/ModemManager
+PKG_HASH:=374be158ae1c1fb38a29eef1cc3cdf89ff3536b48ff1320d208ab204ea6c5f8a
+PKG_BUILD_DIR:=$(BUILD_DIR)/ModemManager-$(PKG_VERSION)
 
-PKG_MAINTAINER:=Nicholas Smith <nicholas.smith@telcoantennas.com.au>
+PKG_MAINTAINER:=Nicholas Smith <nicholas@nbembedded.com>
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_LICENSE_FILES:=COPYING
 
-PKG_FIXUP:=autoreconf
-
 PKG_INSTALL:=1
 PKG_BUILD_PARALLEL:=1
 
@@ -134,6 +131,9 @@ define Package/modemmanager/install
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/tty
 	$(INSTALL_DATA) ./files/25-modemmanager-tty $(1)/etc/hotplug.d/tty
 
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/wwan
+	$(INSTALL_DATA) ./files/25-modemmanager-wwan $(1)/etc/hotplug.d/wwan
+
 	$(INSTALL_DIR) $(1)/lib/netifd/proto
 	$(INSTALL_BIN) ./files/modemmanager.proto $(1)/lib/netifd/proto/modemmanager.sh
 endef

modemmanager/files/25-modemmanager-net

@@ -8,10 +8,6 @@
 # We require a interface name
 [ -n "${INTERFACE}" ] || exit
 
-[ -n "$(echo ${INTERFACE} | grep -i sqm)" ] && exit
-[ -d /sys${DEVPATH} ] || exit
-[ -n "$(echo ${DEVPATH} | grep -i sqm)" ] && exit
-
 # Always make sure the rundir exists
 mkdir -m 0755 -p "${MODEMMANAGER_RUNDIR}"
 

modemmanager/files/25-modemmanager-tty

@@ -7,8 +7,6 @@
 
 # We require a device name
 [ -n "$DEVNAME" ] || exit
-[ -d /sys${DEVPATH} ] || exit
-[ -n "$(echo ${DEVPATH} | grep -i sqm)" ] && exit
 
 # Always make sure the rundir exists
 mkdir -m 0755 -p "${MODEMMANAGER_RUNDIR}"

modemmanager/files/25-modemmanager-usb

@@ -5,8 +5,6 @@
 # want to process specific interface removal events.
 [ "$ACTION" = remove ] || exit
 [ -z "${INTERFACE}" ] || exit
-[ -d /sys${DEVPATH} ] || exit
-[ -n "$(echo ${DEVPATH} | grep -i sqm)" ] && exit
 
 # Load common utilities
 . /usr/share/ModemManager/modemmanager.common

modemmanager/files/25-modemmanager-wwan

@@ -0,0 +1,15 @@
+#!/bin/sh
+# Copyright (C) 2021 Aleksander Morgado <aleksander@aleksander.es>
+
+# Load hotplug common utilities
+. /usr/share/ModemManager/modemmanager.common
+
+# We require a device name
+[ -n "$DEVNAME" ] || exit
+
+# Always make sure the rundir exists
+mkdir -m 0755 -p "${MODEMMANAGER_RUNDIR}"
+
+# Report wwan
+mm_log "${ACTION} wwan control port ${DEVNAME}: event processed"
+mm_report_event "${ACTION}" "${DEVNAME}" "wwan" "/sys${DEVPATH}"

modemmanager/files/modemmanager.common

@@ -4,10 +4,6 @@
 
 ################################################################################
 
-# If there is no interface that use modemmanager, exit
-#[ -z "$(uci -q show network | grep modemmanager)" ] && exit
-[ "$(uci -q get openmptcprouter.settings.modemmanager)" = "0" ] && exit
-
 . /lib/functions.sh
 . /lib/netifd/netifd-proto.sh
 

mptcp/Makefile

@@ -24,6 +24,7 @@ define Package/mptcp
   DEPENDS:=+ip +iptables +ethtool +ipcalc
   KCONFIG:=\
       CONFIG_MPTCP=y \
+      CONFIG_MPTCP_IPV6=y \
       CONFIG_MPTCP_BINDER=y \
       CONFIG_MPTCP_FULLMESH=y \
       CONFIG_MPTCP_NDIFFPORTS=y \

mptcp/files/etc/init.d/mptcp

@@ -16,6 +16,9 @@ global_multipath_settings() {
 	config_get multipath globals multipath
 	config_get mptcp_path_manager globals mptcp_path_manager
 	config_get mptcp_scheduler globals mptcp_scheduler
+	config_get mptcp_subflows globals mptcp_subflows "3"
+	config_get mptcp_add_addr_accepted globals mptcp_add_addr_accepted "1"
+	config_get mptcp_add_addr_timeout globals mptcp_add_addr_timeout "120"
 	config_get mptcp_debug globals mptcp_debug
 	config_get congestion globals congestion
 	config_get mptcp_checksum globals mptcp_checksum
@@ -29,18 +32,25 @@ global_multipath_settings() {
 	[ "$multipath" = "enable" ] && multipath_status=1
 
 	# Global MPTCP configuration
-	sysctl -qw net.mptcp.mptcp_enabled="$multipath_status"
+	if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
-	[ -z "$mptcp_path_manager" ] || sysctl -qw net.mptcp.mptcp_path_manager="$mptcp_path_manager"
+		sysctl -qw net.mptcp.mptcp_enabled="$multipath_status"
-	[ -z "$mptcp_scheduler" ] || sysctl -qw net.mptcp.mptcp_scheduler="$mptcp_scheduler"
+		[ -z "$mptcp_path_manager" ] || sysctl -qw net.mptcp.mptcp_path_manager="$mptcp_path_manager"
+		[ -z "$mptcp_scheduler" ] || sysctl -qw net.mptcp.mptcp_scheduler="$mptcp_scheduler"
+		[ -z "$mptcp_checksum" ] || sysctl -qw net.mptcp.mptcp_checksum="$mptcp_checksum"
+		[ -z "$mptcp_debug" ] || sysctl -qw net.mptcp.mptcp_debug="$mptcp_debug"
+		[ -z "$mptcp_syn_retries" ] || sysctl -qw net.mptcp.mptcp_syn_retries="$mptcp_syn_retries"
+		[ -z "$mptcp_fullmesh_num_subflows" ] || sysctl -qw /sys/module/mptcp_fullmesh/parameters/num_subflows="$mptcp_fullmesh_num_subflows"
+		[ -z "$mptcp_fullmesh_create_on_err" ] || sysctl -qw /sys/module/mptcp_fullmesh/parameters/create_on_err="$mptcp_fullmesh_create_on_err"
+		[ -z "$mptcp_ndiffports_num_subflows" ] || sysctl -qw /sys/module/mptcp_ndiffports/parameters/num_subflows="$mptcp_ndiffports_num_subflows"
+		[ -z "$mptcp_rr_cwnd_limited" ] || sysctl -qw /sys/module/mptcp_rr/parameters/cwnd_limited="$mptcp_rr_cwnd_limited"
+		[ -z "$mptcp_rr_num_segments" ] || sysctl -qw /sys/module/mptcp_rr/parameters/num_segments="$mptcp_rr_num_segments"
+	else
+		sysctl -qw net.mptcp.enabled="$multipath_status"
+		ip mptcp limits set add_addr_accepted $mptcp_add_addr_accepted subflows $mptcp_subflows 2>&1 >/dev/null
+		[ -z "$mptcp_add_addr_timeout" ] || sysctl -qw net.mptcp.add_addr_timeout="$mptcp_add_addr_timeout"
+		[ -z "$mptcp_checksum" ] || sysctl -qw net.mptcp.checksum_enabled="$mptcp_checksum"
+	fi
 	[ -z "$congestion" ] || sysctl -qw net.ipv4.tcp_congestion_control="$congestion"
-	[ -z "$mptcp_checksum" ] || sysctl -qw net.mptcp.mptcp_checksum="$mptcp_checksum"
-	[ -z "$mptcp_debug" ] || sysctl -qw net.mptcp.mptcp_debug="$mptcp_debug"
-	[ -z "$mptcp_syn_retries" ] || sysctl -qw net.mptcp.mptcp_syn_retries="$mptcp_syn_retries"
-	[ -z "$mptcp_fullmesh_num_subflows" ] || sysctl -qw /sys/module/mptcp_fullmesh/parameters/num_subflows="$mptcp_fullmesh_num_subflows"
-	[ -z "$mptcp_fullmesh_create_on_err" ] || sysctl -qw /sys/module/mptcp_fullmesh/parameters/create_on_err="$mptcp_fullmesh_create_on_err"
-	[ -z "$mptcp_ndiffports_num_subflows" ] || sysctl -qw /sys/module/mptcp_ndiffports/parameters/num_subflows="$mptcp_ndiffports_num_subflows"
-	[ -z "$mptcp_rr_cwnd_limited" ] || sysctl -qw /sys/module/mptcp_rr/parameters/cwnd_limited="$mptcp_rr_cwnd_limited"
-	[ -z "$mptcp_rr_num_segments" ] || sysctl -qw /sys/module/mptcp_rr/parameters/num_segments="$mptcp_rr_num_segments"
 }
 
 interface_macaddr_count() {
@@ -179,7 +189,7 @@ interface_multipath_settings() {
 		config_get gateway $config gateway
 		config_get netmask $config netmask
 		[ -n "$ipaddr" ] && [ -n "$netmask" ] && netmask=`ipcalc.sh $ipaddr $netmask | sed -n '/PREFIX=/{;s/.*=//;s/ .*//;p;}'`
-		[ -n "$îpaddr" ] && [ -n "$netmask" ] && network=`ipcalc.sh $ipaddr $netmask | sed -n '/NETWORK=/{;s/.*=//;s/ .*//;p;}'`
+		[ -n "$ipaddr" ] && [ -n "$netmask" ] && network=`ipcalc.sh $ipaddr $netmask | sed -n '/NETWORK=/{;s/.*=//;s/ .*//;p;}'`
 	elif [ "$proto" != "gre" ]; then
 		network_get_ipaddr ipaddr $config
 		[ -z "$ipaddr" ] && ipaddr=$(ip -4 addr show dev $iface | grep inet | awk '{print $2}' | cut -d/ -f1 | tr -d "\n")

mptcp/files/etc/uci-defaults/mptcp-defaults

@@ -8,6 +8,9 @@ if [ "$(uci -q get network.globals.mptcp_path_manager)" = "" ]; then
 	set network.globals.mptcp_checksum=0
 	set network.globals.mptcp_debug=0
 	set network.globals.mptcp_syn_retries=2
+	set network.globals.mptcp_subflows=3
+	set network.globals.mptcp_add_addr_accepted=1
+	set network.globals.mptcp_add_addr_timeout=120
 	commit network
 	EOF
 fi
@@ -53,6 +56,15 @@ if [ "$(uci -q show network.globals | grep mptcp_fullmesh)" = "" ]; then
 	commit network
 	EOF
 fi
+if [ "$(uci -q get network.globals.mptcp_subflows)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+	set network.globals.mptcp_subflows=3
+	set network.globals.mptcp_add_addr_accepted=1
+	set network.globals.mptcp_add_addr_timeout=120
+	commit network
+	EOF
+fi
+
 uci -q batch <<-EOF >/dev/null
     delete ucitrack.@mptcp[-1]
     add ucitrack mptcp

mptcp/files/usr/bin/multipath

@@ -6,15 +6,12 @@
 # Released under GPL 3 or later
 
 if [ -d "/proc/sys/net/mptcp" ]; then
-        if [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]; then
+        if ([ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]) || ([ -f /proc/sys/net/mptcp/enabled ] && [ `cat /proc/sys/net/mptcp/enabled` = 0 ]); then
                 echo "MPTCP is disabled!"
-                echo "Please set net.mptcp.mptcp_enabled = 1"
                 exit 1
         fi
 else
         echo "Your device don't support multipath-TCP."
-        echo "You have to install the pached kernel to use MPTCP."
-        echo "See http://multipath-tcp.org/ for details"
         exit 1
 fi
 
@@ -23,7 +20,11 @@ case $1 in
         echo "          Multipath-TCP configuration tool"
         echo "show/update flags:"
         echo "  multipath [device]"
-        echo "  multipath device {on | off | backup | handover}"
+        if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
+                echo "  multipath device {on | off | backup }"
+        else
+                echo "  multipath device {on | off | signal | backup }"
+        fi
         echo
         echo "show established conections: -c"
         echo "show fullmesh info: -f"
@@ -33,24 +34,46 @@ case $1 in
         echo "will allow a subflow to be established across this interface, but only be used"
         echo "as backup. Handover-flag indicates that his interface is not used at all (even "
         echo "no subflow being established), as long as there are other interfaces available."
-        echo "See http://multipath-tcp.org/ for details"
         echo
         exit 0 ;;
    "-c")
-        cat /proc/net/mptcp_net/mptcp
+        if [ -f /proc/net/mptcp_net/mptcp ]; then
+            cat /proc/net/mptcp_net/mptcp
+        else
+            ss -M
+        fi
         exit 0;;
    "-f")
-        cat /proc/net/mptcp_fullmesh
+        if [ -f /proc/net/mptcp_fullmesh ]; then
+            cat /proc/net/mptcp_fullmesh
+        else
+            ip mptcp endpoint | grep fullmesh
+        fi
         exit 0;;
    "-k")
-        echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled`
+        if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
-        echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager`
+            echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled`
-        echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum`
+        elif [ -f /proc/sys/net/mptcp/enabled ]; then
-        echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler`
+            echo Enabled: `cat /proc/sys/net/mptcp/enabled`
-        echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries`
+        fi
-        echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
+        if [ -f /proc/sys/net/mptcp/mptcp_path_manager ]; then
+            echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager`
+        fi
+        if [ -f /proc/sys/net/mptcp/mptcp_checksum ]; then
+            echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum`
+        else
+            echo Use checksum: `cat /proc/sys/net/mptcp/checksum_enabled`
+        fi
+        if [ -f /proc/sys/net/mptcp/mptcp_scheduler ]; then
+            echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler`
+        fi
+        if [ -f /proc/sys/net/mptcp/mptcp_syn_retries ]; then
+            echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries`
+        fi
+        if [ -f /proc/sys/net/mptcp/mptcp_debug ]; then
+            echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
+        fi
         echo
-        echo See http://multipath-tcp.org/ for details
         exit 0 ;;
    "")
         for ifpath in /sys/class/net/*; do
@@ -70,33 +93,68 @@ TYPE="$2"
         exit 1
 }
 
-FLAG_PATH="/sys/class/net/$DEVICE/flags"
+if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
-IFF=`cat $FLAG_PATH`
+        FLAG_PATH="/sys/class/net/$DEVICE/flags"
+        IFF=`cat $FLAG_PATH`
 
-IFF_OFF="0x80000"
+        IFF_OFF="0x80000"
-IFF_ON="0x00"
+        IFF_ON="0x00"
-IFF_BACKUP="0x100000"
+        IFF_BACKUP="0x100000"
-IFF_HANDOVER="0x200000"
+        IFF_HANDOVER="0x200000"
-IFF_MASK="0x380000"
+        IFF_MASK="0x380000"
 
-case $TYPE in
+        case $TYPE in
-        "off")          FLAG=$IFF_OFF;;
+                "off")          FLAG=$IFF_OFF;;
-        "on")           FLAG=$IFF_ON;;
+                "on")           FLAG=$IFF_ON;;
-        "backup")       FLAG=$IFF_BACKUP;;
+                "backup")       FLAG=$IFF_BACKUP;;
-        "handover")     FLAG=$IFF_HANDOVER;;
+                "handover")     FLAG=$IFF_HANDOVER;;
-        "")
+                "")
-                IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))`
+                        IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))`
-                case "$IFF" in
+                        case "$IFF" in
-                        $IFF_OFF)       echo $DEVICE is deactivated;;
+                                $IFF_OFF)       echo $DEVICE is deactivated;;
-                        $IFF_ON)        echo $DEVICE is in default mode;;
+                                $IFF_ON)        echo $DEVICE is in default mode;;
-                        $IFF_BACKUP)    echo $DEVICE is in backup mode;;
+                                $IFF_BACKUP)    echo $DEVICE is in backup mode;;
-                        $IFF_HANDOVER)  echo $DEVICE is in handover mode;;
+                                $IFF_HANDOVER)  echo $DEVICE is in handover mode;;
-                        *) echo "Unkown state!" && exit 1;;
+                                *) echo "Unkown state!" && exit 1;;
-                esac
+                        esac
-                exit 0;;
+                        exit 0;;
-        *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
+                *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
-esac
+        esac
 
-printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH
+        printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH
+else
+        ID=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $3}')
+        IFF=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $4}')
+        IP=$(ifconfig $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
+        case $TYPE in
+                "off")
+                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
+                        exit 0;;
+                "on")
+                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
+                        ip mptcp endpoint add $IP dev $DEVICE subflow fullmesh
+                        exit 0;;
+                "signal")
+                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
+                        #ip mptcp endpoint add $IP dev $DEVICE signal subflow fullmesh
+                        ip mptcp endpoint add $IP dev $DEVICE signal
+                        exit 0;;
+                "backup")
+                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
+                        ip mptcp endpoint add $IP dev $DEVICE backup fullmesh
+                        exit 0;;
+                "")
+                        case "$IFF" in
+                                "")          echo $DEVICE is deactivated;;
+                                "subflow")   echo $DEVICE is in default mode;;
+                                "backup")    echo $DEVICE is in backup mode;;
+                                "signal")    echo $DEVICE is in signal mode;;
+                                "fullmesh")  echo $DEVICE is in fullmesh mode;;
+                                *)           echo "$DEVICE Unkown state!" && exit 1;;
+                        esac
+                        exit 0;;
+                *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
+        esac
 
+fi
 

mptcp/files/usr/share/omr/post-tracking.d/post-tracking

@@ -2,6 +2,25 @@ SETROUTE=false
 
 . /lib/functions/network.sh
 
+find_network_device() {
+	local device="${1}"
+	local device_section=""
+
+	check_device() {
+		local cfg="${1}"
+		local device="${2}"
+
+		local type name
+		config_get name "${cfg}" name
+
+		[ "${name}" = "${device}" ] && device_section="${cfg}"
+	}
+
+	config_load network
+	config_foreach check_device device "$(uci -q netwok.${device}.device)"
+	echo "${device_section}"
+}
+
 set_route() {
 	local multipath_config_route interface_gw interface_if
 	INTERFACE=$1
@@ -834,17 +853,17 @@ if [ "$OMR_TRACKER_INTERFACE" = "glorytun" ] || [ "$OMR_TRACKER_INTERFACE" = "om
 		uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE="interface"
 		uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.latency="$OMR_TRACKER_LATENCY"
 		if [ "$(uci -q get glorytun.vpn.enable)" != "1" ] || [ "$(uci -q get glorytun-udp.vpn.enable)" != "1" ]; then
-			if [ -n "$(uci -q get network.$OMR_TRACKER_INTERFACE.mtu)" ] && [ -n "$OMR_TRACKER_DEVICE" ]; then
+			if [ -n "$(uci -q get network.$(find_network_device ${OMR_TRACKER_INTERFACE}).mtu)" ] && [ -n "$OMR_TRACKER_DEVICE" ]; then
-				mtu=$(uci -q get network.$OMR_TRACKER_INTERFACE.mtu)
+				mtu=$(uci -q get network.$(find_network_device ${OMR_TRACKER_INTERFACE}).mtu)
-				uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.mtu=$mtu
+				uci -q set openmptcprouter.${OMR_TRACKER_INTERFACE}.mtu=$mtu
 				[ -n "$mtu" ] && ip link set dev $OMR_TRACKER_DEVICE mtu $mtu > /dev/null 2>&1
 				uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.lc=$(date +"%s")
-			elif [ -z "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.mtu)" ] && [ -n "$OMR_TRACKER_DEVICE_IP" ] && [ -n "$OMR_TRACKER_DEVICE" ]; then
+			elif [ -z "$(uci -q get openmptcprouter.${OMR_TRACKER_INTERFACE}.mtu)" ] && [ -n "$OMR_TRACKER_DEVICE_IP" ] && [ -n "$OMR_TRACKER_DEVICE" ]; then
 				if [ -n "$serverip" ] && [ "$serverip" != "127.0.0.1" ]; then 
 					local mtu=$(omr-mtu $OMR_TRACKER_DEVICE_IP $serverip)
 					#local mtu=$(omr-mtu $OMR_TRACKER_DEVICE_IP 8.8.8.8)
 					[ -n "$mtu" ] && {
-						uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.mtu=$mtu
+						uci -q set openmptcprouter.${OMR_TRACKER_INTERFACE}.mtu=$mtu
 						ip link set dev $OMR_TRACKER_DEVICE mtu $mtu > /dev/null 2>&1
 						uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.lc=$(date +"%s")
 					}
@@ -1082,7 +1101,7 @@ if [ "$multipath_config" = "on" ] || [ "$multipath_config" = "backup" ]; then
 fi
 [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.multipathvpn)" != "1" ] && {
 	[ "$multipath_status" = "$multipath_config" ] || {
-		if [ "$(sysctl -n net.mptcp.mptcp_enabled | tr -d '\n')" = "1" ]; then
+		if [ "$(sysctl -qn net.mptcp.mptcp_enabled | tr -d '\n')" = "1" ] || [ "$(sysctl -qn net.mptcp.enabled | tr -d '\n')" = "1" ]; then
 			_log "Multipath $OMR_TRACKER_DEVICE switched to $multipath_config"
 			multipath "$OMR_TRACKER_DEVICE" "$multipath_config"
 		fi
@@ -1108,7 +1127,7 @@ if [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.lc)" = "" ] || [ $(($(
 		#[ -z "$check_ipv6_website" ] && check_ipv6_website="http://ipv6.openmptcprouter.com/"
 		#local ip6addr="$(curl -s -6 -m 2 $check_ipv6_website)"
 		#[ -z "$ip6addr" ] && {
-		#	local ip6addr="$(curl -s -6 -m 2 http://ifconfig.co/)"
+		#	local ip6addr="$(curl -s -6 -m 2 http://ifconfig.me/)"
 		#}
 		#if [ "$(uci -q get openmptcprouter.settings.ipv6_disable)" = "0" ]; then
 		#	if [ -n "$ip6addr" ] && [ "$(uci -q get dhcp.lan.ra_default)" != 1 ]; then
@@ -1188,8 +1207,8 @@ if [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.lc)" = "" ] || [ $(($(
 					[ -n "$omrtracebox" ] && [ -z "$(echo $omrtracebox | grep error)" ] && uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.mptcp_status="$omrtracebox"
 				}
 				if [ "$OMR_TRACKER_INTERFACE" != "omrvpn" ] && [ "$(uci -q get glorytun.vpn.enable)" != "1" ] && [ "$(uci -q get glorytun-udp.vpn.enable)" != "1" ] && [ -n "$OMR_TRACKER_DEVICE" ]; then
-					if [ -n "$(uci -q get network.$OMR_TRACKER_INTERFACE.mtu)" ]; then
+					if [ -n "$(uci -q get network.$(find_network_device ${OMR_TRACKER_INTERFACE}).mtu)" ]; then
-						mtu=$(uci -q get network.$OMR_TRACKER_INTERFACE.mtu)
+						mtu=$(uci -q get network.$(find_network_device ${OMR_TRACKER_INTERFACE}).mtu)
 						[ -n "$mtu" ] && {
 							uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.mtu=$mtu
 							ip link set dev $OMR_TRACKER_DEVICE mtu $mtu > /dev/null 2>&1
@@ -1252,10 +1271,10 @@ if [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.lc)" = "" ] || [ $(($(
 					[ -n "$omrtracebox" ] && [ -z "$(echo $omrtracebox | grep error)" ] && uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.mptcp_status="$omrtracebox"
 				}
 				if [ "$OMR_TRACKER_INTERFACE" != "omrvpn" ] && [ "$(uci -q get glorytun.vpn.enable)" != "1" ] && [ "$(uci -q get glorytun-udp.vpn.enable)" != "1" ] && [ -n "$OMR_TRACKER_DEVICE" ]; then
-					if [ -n "$(uci -q get network.$OMR_TRACKER_INTERFACE.mtu)" ]; then
+					if [ -n "$(uci -q get network.$(find_network_device ${OMR_TRACKER_INTERFACE}).mtu)" ]; then
-						mtu=$(uci -q get network.$OMR_TRACKER_INTERFACE.mtu)
+						mtu=$(uci -q get network.$(find_network_device ${OMR_TRACKER_INTERFACE}).mtu)
 						[ -n "$mtu" ] && {
-							uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.mtu=$mtu
+							uci -q set openmptcprouter.${OMR_TRACKER_INTERFACE}.mtu=$mtu
 							ip link set dev $OMR_TRACKER_DEVICE mtu $mtu > /dev/null 2>&1
 						}
 					elif [ -n "$OMR_TRACKER_DEVICE_IP" ]; then
@@ -1487,7 +1506,8 @@ if [ "$(pgrep openmptcprouter-vps)" = "" ] && ([ "$(uci -q show openmptcprouter
 	sleep 5
 fi
 
-if [ "$(pgrep openmptcprouter-vps)" = "" ] && ([ "$(uci -q show openmptcprouter | grep set_firewall=\'1\')" != "" ] || [ -z "$(iptables-save | grep omr_dst_bypass_${OMR_TRACKER_DEVICE})" ]); then
+
+if [ "$(pgrep openmptcprouter-vps)" = "" ] && [ "$(uci -q show openmptcprouter | grep admin_error=\'1\')" = "" ] && ([ "$(uci -q show openmptcprouter | grep set_firewall=\'1\')" != "" ] || [ -z "$(iptables-save | grep omr_dst_bypass_${OMR_TRACKER_DEVICE})" ]); then
 	_log "Set firewall on server"
 	/etc/init.d/openmptcprouter-vps set_vps_firewall >/dev/null 2>&1
 

omr-quota/files/bin/omr-quota

@@ -10,8 +10,9 @@ shift
 
 # main loop
 while true; do
-	rx=`vnstat -i $OMR_QUOTA_INTERFACE --json | jsonfilter -q -e '@.interfaces[0].traffic.months[-1].rx' | tr -d "\n"`
+	OMR_QUOTA_REAL_INTERFACE="$(ifstatus $OMR_QUOTA_INTERFACE | jsonfilter -e '@.l3_device')"
-	tx=`vnstat -i $OMR_QUOTA_INTERFACE --json | jsonfilter -q -e '@.interfaces[0].traffic.months[-1].tx' | tr -d "\n"`
+	rx=`vnstat -i $OMR_QUOTA_REAL_INTERFACE --json | jsonfilter -q -e '@.interfaces[0].traffic.months[-1].rx' | tr -d "\n"`
+	tx=`vnstat -i $OMR_QUOTA_REAL_INTERFACE --json | jsonfilter -q -e '@.interfaces[0].traffic.months[-1].tx' | tr -d "\n"`
 	tt=$((rx + tx))
 	if [ -n "$OMR_QUOTA_RX" ] && [ "$OMR_QUOTA_RX" -gt 0 ] && [ -n "$rx" ] && [ "$OMR_QUOTA_RX" -le "$rx" ]; then
 		if [ "$(ifstatus $OMR_QUOTA_INTERFACE | jsonfilter -e '@.up')" = "true" ]; then

omr-tracker/files/etc/config/omr-tracker

@@ -1,34 +1,31 @@
 config defaults 'defaults'
 	option enabled '1'
-	list hosts '223.5.5.5'
+        list hosts '4.2.2.1'
-	list hosts '223.6.6.6'
+        list hosts '8.8.8.8'
-	list hosts '210.2.4.8'
+        list hosts '80.67.169.12'
-	list hosts '180.76.76.76'
+        list hosts '8.8.4.4'
-	list hosts '182.254.116.116'
+        list hosts '9.9.9.9'
-	list hosts '114.114.115.115'
+        list hosts '1.0.0.1'
-	list hosts '199.85.126.10'
+        list hosts '114.114.115.115'
-	list hosts '199.85.127.10'
+        list hosts '1.2.4.8'
-	list hosts '199.85.126.20'
+        list hosts '80.67.169.40'
-	list hosts '199.85.127.20'
+        list hosts '114.114.114.114'
-	list hosts '199.85.126.30'
+        list hosts '1.1.1.1'
-	list hosts '199.85.126.30'
+        list hosts6 '2606:4700:4700::1111'
-	list hosts '119.29.29.29'
+        list hosts6 '2606:4700:4700::1001'
-	list hosts '182.254.118.118'
+        list hosts6 '2620:fe::fe'
-    list hosts6 '2606:4700:4700::1111'
+        list hosts6 '2620:fe::9'
-	list hosts6 '2606:4700:4700::1001'
+        list hosts6 '2001:4860:4860::8888'
-	list hosts6 '2620:fe::fe'
+        list hosts6 '2001:4860:4860::8844'
-	list hosts6 '2620:fe::9'
+        option timeout '2'
-	list hosts6 '2001:4860:4860::8888'
+        option tries '3'
-	list hosts6 '2001:4860:4860::8844'
+        option interval '2'
-    option timeout '10'
+        option interval_tries '1'
-    option tries '3'
+        option type 'ping'
-    option interval '2'
+        option wait_test '0'
-    option interval_tries '1'
+        option server_http_test '1'
-    option type 'ping'
+        option restart_down '0'
-    option wait_test '0'
+        option mail_alert '0'
-    option server_http_test '1'
-    option restart_down '0'
-    option options ''
 
 config proxy 'proxy'
 	option enabled '1'
@@ -40,23 +37,6 @@ config proxy 'proxy'
 	list hosts '1.1.1.1'
 	list hosts '74.82.42.42'
 	list hosts '176.103.130.130'
-    list hosts '125.39.174.154'
-	list hosts '42.236.94.154'
-	list hosts '113.207.102.154'
-	list hosts '180.163.188.24'
-	list hosts '115.231.187.140'
-	list hosts '58.211.137.140'
-	list hosts '117.34.14.140'
-	list hosts '125.39.174.140'
-	list hosts '42.236.94.140'
-	list hosts '113.207.102.140'
-	list hosts '49.7.40.106'
-	list hosts '115.231.187.137'
-	list hosts '113.207.102.137'
-	list hosts '59.36.206.4'
-	list hosts '59.36.206.2'
-	list hosts '59.36.206.1'
-	list hosts '59.36.206.3'
 	option timeout '10'
 	option tries '3'
 	option wait_test '0'

openmptcprouter-full/Makefile

@@ -28,7 +28,7 @@ MY_DEPENDS := \
     iperf3-ssl luci-app-iperf \
     arptables \
     bind-dig \
-    libnetfilter-conntrack ebtables ebtables-utils ip-full \
+    libnetfilter-conntrack ebtables ebtables-utils ip-full nstat \
     iptables-mod-iface iptables-mod-ipmark iptables-mod-hashlimit iptables-mod-condition iptables-mod-trace iptables-mod-conntrack-extra iptables-mod-account \
     kmod-nf-nat kmod-nf-nathelper kmod-nf-nathelper-extra iptables-mod-extra conntrack \
     iptables-mod-ipsec kmod-crypto-authenc kmod-ipsec kmod-ipsec4 kmod-ipsec6 kmod-ipt-ipsec \
@@ -69,7 +69,7 @@ MY_DEPENDS := \
     ca-bundle openssl-util \
     dejavu-fonts-ttf-DejaVuSerif dejavu-fonts-ttf-DejaVuSerif-Bold dejavu-fonts-ttf-DejaVuSerif-Italic dejavu-fonts-ttf-DejaVuSerif-BoldItalic \
     luci-app-snmpd \
-    iputils-tracepath v2ray-plugin netcat adb-enablemodem simple-obfs \
+    iputils-tracepath v2ray-plugin netcat simple-obfs \
     (TARGET_x86||TARGET_x86_64):kmod-iwlwifi (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl1000 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl100 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl105 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl135 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl2000 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl2030 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl3160 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl3168 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl5000 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl5150 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl6000g2 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl6000g2a (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl6000g2b (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl6050 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl7260 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl7265 (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl7265d (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl8260c (TARGET_x86||TARGET_x86_64):iwlwifi-firmware-iwl8265 \
     (TARGET_x86||TARGET_x86_64):kmod-e1000 (TARGET_x86||TARGET_x86_64):kmod-e1000e (TARGET_x86||TARGET_x86_64):kmod-igb (TARGET_x86||TARGET_x86_64):kmod-ne2k-pci (TARGET_x86||TARGET_x86_64):kmod-r8169 (TARGET_x86||TARGET_x86_64):kmod-8139too (TARGET_x86||TARGET_x86_64):kmod-bnx2 \
     TARGET_mvebu:kmod-mwlwifi TARGET_mvebu:mwlwifi-firmware-88w8864 TARGET_mvebu:mwlwifi-firmware-88w8897 TARGET_mvebu:mwlwifi-firmware-88w8964 TARGET_mvebu:mwlwifi-firmware-88w8997 \
@@ -79,7 +79,7 @@ MY_DEPENDS := \
     kmod-rt2800-usb kmod-rtl8xxxu kmod-rtl8192cu kmod-net-rtl8192su kmod-rtl8812au-ct \
     !TARGET_mvebu:luci-proto-qmi wpad-basic kmod-mt7601u kmod-rtl8187 TARGET_r4s:kmod-r8168 (TARGET_x86||TARGET_x86_64):kmod-usb-net-rtl8152 \
     luci-app-mlvpn mlvpn 464xlat !TARGET_mvebu:kmod-usb-net-smsc75xx kmod-zram kmod-swconfig swconfig kmod-ipt-nat kmod-ipt-nat6 luci-app-https-dns-proxy kmod-tcp-nanqinlang (TARGET_x86_64||aarch64):kmod-tcp-bbr2 iptables-mod-ipopt igmpproxy ss iptraf-ng \
-    luci-app-acl block-mount blockd fstools luci-app-shutdown libwebp luci-proto-gre tcptraceroute luci-proto-mbim kmod-rtl8xxxu kmod-ath9k-htc luci-app-ttyd luci-mod-dashboard (TARGET_x86||TARGET_x86_64):rtl8192eu-firmware kmod-usb2 libustream-wolfssl (TARGET_x86||TARGET_x86_64):kmod-ixgbevf \
+    luci-app-acl block-mount blockd fstools luci-app-shutdown libwebp luci-proto-gre tcptraceroute luci-proto-mbim kmod-rtl8xxxu kmod-ath9k-htc luci-app-ttyd luci-mod-dashboard (TARGET_x86||TARGET_x86_64):rtl8192eu-firmware kmod-usb2 libustream-openssl (TARGET_x86||TARGET_x86_64):kmod-ixgbevf (TARGET_x86||TARGET_x86_64):kmod-igbvf \
     hwinfo (TARGET_x86||TARGET_x86_64):dmidecode luci-app-packet-capture kmod-bonding luci-proto-bonding luci-app-sysupgrade \
     luci-theme-openwrt-2020 luci-proto-wireguard luci-app-wireguard (TARGET_x86||TARGET_x86_64):kmod-r8125 TARGET_x86_64:kmod-atlantic
 #     luci-theme-bootstrap luci-theme-openwrt-2020 luci-theme-openwrt luci-app-status

openmptcprouter/files/bin/blocklanfw

@@ -1,6 +1,6 @@
 #!/bin/sh
 ss_rules_fw_drop() {
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
@@ -8,18 +8,18 @@ ss_rules_fw_drop() {
 			fw=$((fw+1))
 		fi
 	done
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+			eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
 	done
 }
 
 ss_rules6_fw_drop() {
-	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
@@ -27,18 +27,18 @@ ss_rules6_fw_drop() {
 			fw=$((fw+1))
 		fi
 	done
-	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+			eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
 	done
 }
 
 v2r_rules_fw_drop() {
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
@@ -46,33 +46,35 @@ v2r_rules_fw_drop() {
 			fw=$((fw+1))
 		fi
 	done
-	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "iptables -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
+			eval "iptables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
 	done
 }
 
 v2ray_rules6_fw_drop() {
-	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
 			eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
 		fi
 	done
-	fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
 		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
-			eval "ip6tables -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
+			eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
 		fi
 	done
 }
 
+[ -n "$(pgrep blocklanfw)" ] && exit 0
+[ -z "$(iptables-save | grep zone_lan)" ] && exit 0
 fw=0
 if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then
 	ss_rules6_fw_drop
@@ -81,7 +83,7 @@ elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ]; then
 	v2r_rules_fw_drop
 	v2ray_rules6_fw_drop
 fi
-rule=$(fw3 -4 print | grep 'A PREROUTING' | grep zone_lan_prerouting | sed 's/-A PREROUTING/-D PREROUTING/')
+rule=$(timeout 1 fw3 -4 print | grep 'A PREROUTING' | grep zone_lan_prerouting | sed 's/-A PREROUTING/-D PREROUTING/')
 eval "$rule 2>&1 >/dev/null"
 newrule=$(echo "$rule" | sed 's/-D PREROUTING/-I PREROUTING 1/')
 eval "$newrule 2>&1 >/dev/null"

openmptcprouter/files/bin/omr-test-speed

@@ -1,8 +1,8 @@
 #!/bin/sh
 # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
-OVH=false
+HETZNER=false
-if [ "$1" = "ovh" ]; then
+if [ "$1" = "hetzner" ]; then
-	OVH=true
+	HETZNER=true
 	INTERFACE="$2"
 else
 	INTERFACE="$1"
@@ -13,9 +13,9 @@ fi
 	exit 0
 }
 
-if [ "$OVH" = false ]; then
+if [ "$HETZNER" = false ]; then
 	echo "Select best test server..."
-	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://proof.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
+	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
 	bestping="9999"
 	for pinghost in $HOSTLST; do
 		domain=$(echo $pinghost | awk -F/ '{print $3}')
@@ -32,7 +32,7 @@ if [ "$OVH" = false ]; then
 	done
 fi
 
-[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
+[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
 
 echo "Best server is $HOST, running test:"
 trap : HUP INT TERM

openmptcprouter/files/bin/omr-test-speedv6

@@ -1,8 +1,8 @@
 #!/bin/sh
 # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
-OVH=false
+HETZNER=false
-if [ "$1" = "ovh" ]; then
+if [ "$1" = "hetzner" ]; then
-	OVH=true
+	HETZNER=true
 	INTERFACE="$2"
 else
 	INTERFACE="$1"
@@ -14,9 +14,9 @@ fi
 }
 
 
-if [ "$OVH" = false ]; then
+if [ "$HETZNER" = false ]; then
 	echo "Select best test server..."
-	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
+	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
 	bestping="9999"
 	for pinghost in $HOSTLST; do
 		domain=$(echo $pinghost | awk -F/ '{print $3}')
@@ -33,7 +33,7 @@ if [ "$OVH" = false ]; then
 	done
 fi
 
-[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
+[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
 
 echo "Best server is $HOST, running test:"
 trap : HUP INT TERM

openmptcprouter/files/etc/firewall.ttl

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+_set_ttl() {
+	device=$(uci -q get network.$1.name)
+	ttl=$(uci -q get network.$1.ttl)
+	if [ -n "$ttl" ] && [ -z "$(iptables-save | grep TTL | grep $device)" ]; then
+		iptables -w -t mangle -I POSTROUTING -o $device -j TTL --ttl-set $ttl 2>&1 >/dev/null
+	fi
+}
+
+config_load network
+config_foreach _set_ttl device

openmptcprouter/files/etc/init.d/alwaysrw

@@ -0,0 +1,7 @@
+#!/bin/sh /etc/rc.common
+
+START=10
+
+boot() {
+	[ "$(mount | grep '/dev/root' | grep 'ext4' | grep '(ro')" != "" ] && mount -o remount,rw /dev/root
+}

openmptcprouter/files/etc/init.d/openmptcprouter-vps

@@ -221,6 +221,8 @@ _get_ss_redir() {
 	[ "$cf_fast_open" = "1" ] && fast_open="true"
 	config_get cf_no_delay $1 no_delay
 	[ "$cf_no_delay" = "1" ] && no_delay="true"
+	config_get cf_mptcp $1 mptcp
+	[ "$cf_mptcp" = "1" ] && mptcp="true"
 }
 
 _get_ss_server() {
@@ -253,10 +255,12 @@ _set_ss_server_vps() {
 	current_obfs_type="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs_type')"
 	current_fast_open="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.fast_open')"
 	current_no_delay="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.no_delay')"
+	current_mptcp="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.mptcp')"
 	
 	ebpf="false"
 	fast_open="false"
 	no_delay="false"
+	mptcp="false"
 	obfs="false"
 	obfs_plugin="v2ray"
 	obfs_type="http"
@@ -264,9 +268,9 @@ _set_ss_server_vps() {
 	config_foreach _get_ss_redir ss_redir
 	config_foreach _get_ss_server server
 
-	if [ "$current_obfs_plugin" != "$obfs_plugin" ] || [ "$current_obfs_type" != "$obfs_type" ] || [ "$current_port" != "$port" ] || [ "$current_method" != "$method" ] || [ "$current_key" != "$key" ] || [ "$current_ebpf" != "$ebpf" ] || [ "$current_obfs" != "$obfs" ] || [ "$current_fast_open" != "$fast_open" ] || [ "$current_no_delay" != "$no_delay" ]; then
+	if [ "$current_mptcp" != "$mptcp" ] || [ "$current_obfs_plugin" != "$obfs_plugin" ] || [ "$current_obfs_type" != "$obfs_type" ] || [ "$current_port" != "$port" ] || [ "$current_method" != "$method" ] || [ "$current_key" != "$key" ] || [ "$current_ebpf" != "$ebpf" ] || [ "$current_obfs" != "$obfs" ] || [ "$current_fast_open" != "$fast_open" ] || [ "$current_no_delay" != "$no_delay" ]; then
 		local settings
-		settings='{"port": '$port',"method":"'$method'","fast_open":'$fast_open',"reuse_port":true,"no_delay":'$no_delay',"mptcp":true,"key":"'$key'","ebpf":'$ebpf',"obfs":'$obfs',"obfs_plugin":"'$obfs_plugin'","obfs_type":"'$obfs_type'"}'
+		settings='{"port": '$port',"method":"'$method'","fast_open":'$fast_open',"reuse_port":true,"no_delay":'$no_delay',"mptcp":'$mptcp',"key":"'$key'","ebpf":'$ebpf',"obfs":'$obfs',"obfs_plugin":"'$obfs_plugin'","obfs_type":"'$obfs_type'"}'
 		_set_json "shadowsocks" "$settings"
 	fi
 }
@@ -520,7 +524,7 @@ _get_gre_tunnel() {
 			peeraddr="$(echo $tunnel | jsonfilter -q -e '@.remote_ip')"
 			ipaddr="$(echo $tunnel | jsonfilter -q -e '@.local_ip')"
 			publicaddr="$(echo $tunnel | jsonfilter -q -e '@.public_ip')"
-			if [ "$peeraddr" != "" ] && [ "$ipaddr" != "" ] && [ "$publicaddr" != "" ] && [ "$vpnip_local" != "" ] && ([ "$(uci -q get network.oip${i}.ipaddr)" != "$peeraddr" ] || [ "$(uci -q get network.oip${i}.ipaddr)" != "$ipaddr" ] || [ "$(uci -q get network.oip${i}gre.ipaddr)" != "$vpnip_local" ]); then
+			if [ "$peeraddr" != "" ] && [ "$ipaddr" != "" ] && [ "$publicaddr" != "" ] && [ "$vpnip_local" != "" ] && ([ "$(uci -q get network.oip${i}.ipaddr)" != "$peeraddr" ] || [ "$(uci -q get network.oip${i}.gateway)" != "$ipaddr" ] || [ "$(uci -q get network.oip${i}gre.ipaddr)" != "$vpnip_local" ]); then
 				uci -q batch <<-EOF >/dev/null
 					set network.oip${i}gre=interface
 					set network.oip${i}gre.label="GRE tunnel for $publicaddr"
@@ -555,10 +559,10 @@ _get_gre_tunnel() {
 				for intf in $allintf; do
 					uci -q add_list firewall.zone_vpn.network=$intf
 				done
-				uci -q batch <<-EOF >/dev/null
+				[ -z "$(uci -q get firewall.zone_vpn.network | grep oip${i}gre)" ] && {
-					add_list firewall.zone_vpn.network="oip${i}gre"
+					uci -q add_list firewall.zone_vpn.network="oip${i}gre"
-					add_list firewall.zone_vpn.network="oip${i}"
+					uci -q add_list firewall.zone_vpn.network="oip${i}"
-				EOF
+				}
 				ssport="$(echo $tunnel | jsonfilter -q -e '@.shadowsocks_port')"
 				uci -q batch <<-EOF >/dev/null
 					set shadowsocks-libev.oip${i}server=server
@@ -736,7 +740,7 @@ _set_mptcp_vps() {
 	syn_retries="$(uci -q get network.globals.mptcp_syn_retries)"
 	congestion="$(uci -q get network.globals.congestion)"
 	[ -z "$congestion" ] && congestion="bbr"
-	if [ "$mptcp_enabled_current" != "$mptcp_enabled" ] || [ "$checksum_current" != "$checksum" ] || [ "$path_manager_current" != "$path_manager" ] || [ "$scheduler_current" != "$scheduler" ] || [ "$syn_retries_current" != "$syn_retries" ] || [ "$congestion_control_current" != "$congestion" ]; then
+	if [ "$mptcp_enabled_current" != "$mptcp_enabled" ] || [ "$checksum_current" != "$checksum" ] || ([ "$path_manager_current" != "" ] && [ "$path_manager_current" != "$path_manager" ]) || ([ "$scheduler_current" != "" ] && [ "$scheduler_current" != "$scheduler" ]) || ([ "$syn_retries_current" != "" ] && [ "$syn_retries_current" != "$syn_retries" ]) || [ "$congestion_control_current" != "$congestion" ]; then
 		settings='{"enabled" : "'$mptcp_enabled'", "checksum": "'$checksum'","path_manager": "'$path_manager'","scheduler": "'$scheduler'","syn_retries": "'$syn_retries'","congestion_control": "'$congestion'"}'
 		echo $(_set_json "mptcp" "$settings")
 	else
@@ -884,6 +888,7 @@ _vps_firewall_redirect_port() {
 	config_get v2ray $1 v2ray "0"
 	config_get name $1 name
 	config_get dmz $1 dmz "0"
+	config_get target $1 target "REDIRECT"
 	if [ -z "$src_dport" ] && [ -n "$dest_port" ]; then
 		src_dport=$dest_port
 	fi
@@ -918,42 +923,74 @@ _vps_firewall_redirect_port() {
 							iptables-save --counters | sed "s:-d $src_dip/32::g" | iptables-restore -w
 						}
 						[ -n "$src_ip" ] && comment=" from $src_ip"
-						checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port $protoi${comment}")
+						if [ "$target" = "ACCEPT" ]; then
+							checkfw=$(echo "$vpsfwlist" | grep "# OMR $username open router $src_dport port $protoi${comment}")
+						else
+							checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port $protoi${comment}")
+						fi
 					fi
 				else
 					if [ "$src_dip" = "" ] && [ "$src_ip" = "" ]; then
-						checkfw=$(echo "$vpsfw6list" | grep "$src_dport	# OMR $username redirect router $src_dport port $protoi")
+						if [ "$target" = "ACCEPT" ]; then
+							checkfw=$(echo "$vpsfw6list" | grep "$src_dport	# OMR $username open router $src_dport port $protoi")
+						else
+							checkfw=$(echo "$vpsfw6list" | grep "$src_dport	# OMR $username redirect router $src_dport port $protoi")
+						fi
 					else
 						comment=""
 						[ -n "$src_dip" ] && comment=" to $src_dip"
 						[ -n "$src_ip" ] && comment=" from $src_ip"
-						checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port $protoi${comment}")
+						if [ "$target" = "ACCEPT" ]; then
+							checkfw=$(echo "$vpsfw6list" | grep "# OMR $username open router $src_dport port $protoi${comment}")
+						else
+							checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port $protoi${comment}")
+						fi
 					fi
 				fi
 				if [ "$checkfw" = "" ]; then
-					settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","source_ip" : "'$src_ip'","proto" : "'$protoi'","fwtype" : "DNAT","ipproto" : "'$family'"}'
+					settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","source_ip" : "'$src_ip'","proto" : "'$protoi'","fwtype" : "'$target'","ipproto" : "'$family'"}'
 					_set_json "shorewallopen" "$settings"
 				fi
 				if [ "$family" = "ipv4" ]; then
 					if [ "$src_dip" = "" ] && [ "$src_ip" = "" ]; then
-						vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR $username redirect router $src_dport port $protoi")
+						if [ "$target" = "ACCEPT" ]; then
-						[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR redirect router $src_dport port $protoi")
+							vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR $username open router $src_dport port $protoi")
+							[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR open router $src_dport port $protoi")
+						else
+							vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR $username redirect router $src_dport port $protoi")
+							[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR redirect router $src_dport port $protoi")
+						fi
 					else
 						comment=""
 						[ -n "$src_dip" ] && comment=" to $src_dip"
 						[ -n "$src_ip" ] && comment=" from $src_ip"
-						vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port $protoi${comment}")
+						if [ "$target" = "ACCEPT" ]; then
-						[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port $protoi${comment}")
+							vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username open router $src_dport port $protoi${comment}")
+							[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR open router $src_dport port $protoi${comment}")
+						else
+							vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port $protoi${comment}")
+							[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port $protoi${comment}")
+						fi
 					fi
 				else
 					if [ "$src_dip" = "" ] && [ "$src_ip" = "" ]; then
-						vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR $username redirect router $src_dport port $protoi")
+						if [ "$target" = "ACCEPT" ]; then
-						[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR redirect router $src_dport port $protoi")
+							vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR $username open router $src_dport port $protoi")
+							[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR open router $src_dport port $protoi")
+						else
+							vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR $username redirect router $src_dport port $protoi")
+							[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR redirect router $src_dport port $protoi")
+						fi
 					else
 						[ -n "$src_dip" ] && comment=" to $src_dip"
 						[ -n "$src_ip" ] && comment=" from $src_ip"
-						vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port $protoi${comment}")
+						if [ "$target" = "ACCEPT" ]; then
-						[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port $protoi${comment}")
+							vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username open router $src_dport port $protoi${comment}")
+							[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR open router $src_dport port $protoi${comment}")
+						else
+							vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port $protoi${comment}")
+							[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port $protoi${comment}")
+						fi
 					fi
 				fi
 			else
@@ -1084,7 +1121,7 @@ _set_vps_firewall() {
 	#'
 
 	fwservername=$1
-	[ -z "$servername" ] && servername=$fwservername
+	[ -n "$fwservername" ] && servername=$fwservername
 	[ -z "$fwservername" ] && fwservername=$servername
 	[ "$(uci -q get openmptcprouter.${fwservername}.nofwredirect)" = "1" ] && return
 	[ -z "$(uci -q get openmptcprouter.${fwservername}.username)" ] && return
@@ -1509,13 +1546,18 @@ _set_config_from_vps() {
 	congestion="$(echo "$vps_config" | jsonfilter -q -e '@.network.congestion_control')"
 	uci -q batch <<-EOF >/dev/null
 		set network.globals.multipath=$mptcp_enabled
-		set network.globals.mptcp_path_manager=$mptcp_path_manager
-		set network.globals.mptcp_scheduler=$mptcp_scheduler
 		set network.globals.mptcp_checksum=$mptcp_checksum
-		set network.globals.mptcp_syn_retries=$mptcp_syn_retries
 		set network.globals.congestion=$congestion
 		commit network
 	EOF
+	if [ "$mptcp_path_manager" != "" ] && [ "$mptcp_scheduler" != "" ] && [ "$mptcp_syn_retries" != "" ]; then
+		uci -q batch <<-EOF >/dev/null
+			set network.globals.mptcp_path_manager=$mptcp_path_manager
+			set network.globals.mptcp_scheduler=$mptcp_scheduler
+			set network.globals.mptcp_syn_retries=$mptcp_syn_retries
+			commit network
+		EOF
+	fi
 
 	# Check if server get an IPv6, if not disable IPv6 on OMR
 	vps_ipv6_addr="$(echo "$vps_config" | jsonfilter -q -e '@.network.ipv6')"

openmptcprouter/files/etc/uci-defaults/1920-omr-network

@@ -0,0 +1,312 @@
+#!/bin/sh
+. /lib/functions.sh
+
+_setup_macaddr() {
+	uci -q get "network.$1.macaddr" >/dev/null && return
+	uci -q set "network.$1.macaddr=$2"
+}
+
+_setup_macvlan() {
+	uci -q get "network.$1_dev.ifname" >/dev/null && return
+
+	# do not create macvlan for vlan
+	local _ifname
+	_ifname=$(uci -q get "network.$1.device")
+	case "$_ifname" in
+	eth*.*) return ;;
+	esac
+
+	uci -q batch <<-EOF
+	set network.$1_dev=device
+	set network.$1_dev.name=$1
+	set network.$1_dev.type=macvlan
+	set network.$1_dev.ifname=$_ifname
+	set network.$1_dev.mode='vepa'
+	set network.$1.device=$1
+	set network.$1.type=macvlan
+	set network.$1.masterintf=$_ifname
+	EOF
+	_macaddr=$(uci -q get "network.$1.macaddr")
+	_setup_macaddr "$1_dev" "${_macaddr:-auto$(date +%s)}"
+}
+
+#_setup_macvlan_update() {
+#	uci -q get "network.$1_dev.device" >/dev/null || return
+#
+#	uci -q batch <<-EOF
+#	set macvlan.$1=macvlan
+#	set macvlan.$1.device=$_ifname
+#	commit macvlan
+#	EOF
+#}
+
+_setup_mptcp_handover_to_on() {
+	if [ "$(uci -q get network.$1.multipath)" = "handover" ]; then
+		uci -q set network.$1.multipath=on
+	fi
+	if [ "$(uci -q get openmptcprouter.$1.multipath)" = "handover" ]; then
+		uci -q set openmptcprouter.$1.multipath=on
+	fi
+}
+
+_setup_multipath_off() {
+    uci -q get "network.$1.multipath" >/dev/null && return
+    uci -q set "network.$1.multipath=off"
+}
+
+_setup_wan_interface() {
+	uci -q batch <<-EOF
+	set network.$1=interface
+	set network.$1.device=$2
+	set network.$1.proto=static
+	set network.$1.ip4table=wan
+	set network.$1.multipath=$3
+	set network.$1.defaultroute=0
+	set network.${1}_dev=device
+	set network.${1}_dev.name=$2
+	commit network
+	add_list firewall.@zone[1].network=$1
+	commit firewall
+	EOF
+	[ -n "$4" ] && uci -q set network.$1.type=$4
+}
+
+config_load network
+#config_foreach _setup_macvlan_update interface
+config_foreach _setup_mptcp_handover_to_on interface
+
+if [ "$(uci -q show network.lan | grep multipath)" != "" ]; then
+	exit 0
+fi
+
+lanif="eth0"
+if [ "$(grep rockchip /etc/os-release)" != "" ]; then
+	lanif="eth1"
+elif [ -d /sys/class/net/lan0 -o -n "$(ip link | grep ' lan0')" ] && [ -d /sys/class/net/wan -o -n "$(ip link | grep ' wan@')" -o -n "$(ip link | grep ' wan:')" ]; then
+	lanif="wan"
+elif [ -d /sys/class/net/lan1 -o -n "$(ip link | grep ' lan1')" ] && [ -d /sys/class/net/wan -o -n "$(ip link | grep ' wan@')" -o -n "$(ip link | grep ' wan:')" ]; then
+	lanif="wan"
+elif [ -d /sys/class/net/lan ] || [ -n "$(ip link | grep ' lan')" ]; then
+	lanif="lan"
+elif [ "$(swconfig list 2>&1 | grep switch0)" != "" ] && [ -d '/sys/class/net/eth1.5' ]; then
+	lanif="eth1.5"
+	uci -q batch <<-EOF
+	set network.@switch_vlan[0]=switch_vlan
+	set network.@switch_vlan[0].device='switch0'
+	set network.@switch_vlan[0].vlan=1
+	set network.@switch_vlan[0].vid=1
+	set network.@switch_vlan[0].ports='3 5t'
+	add network switch_vlan
+	set network.@switch_vlan[1].device='switch0'
+	set network.@switch_vlan[1].vlan=2
+	set network.@switch_vlan[1].vid=2
+	set network.@switch_vlan[1].ports='2 5t'
+	add network switch_vlan
+	set network.@switch_vlan[2].device='switch0'
+	set network.@switch_vlan[2].vlan=3
+	set network.@switch_vlan[2].vid=3
+	set network.@switch_vlan[2].ports='1 5t'
+	add network switch_vlan
+	set network.@switch_vlan[3].device='switch0'
+	set network.@switch_vlan[3].vlan=4
+	set network.@switch_vlan[3].vid=4
+	set network.@switch_vlan[3].ports='0 5t'
+	add network switch_vlan
+	set network.@switch_vlan[4].device='switch0'
+	set network.@switch_vlan[4].vlan=5
+	set network.@switch_vlan[4].vid=5
+	set network.@switch_vlan[4].ports='4 6t'
+	EOF
+elif [ "$(swconfig list 2>&1 | grep switch0)" != "" ] && [ -d /sys/class/net/eth1 ] && [ "$(grep ipq806x /etc/os-release)" != "" ]; then
+	lanif="eth0.2"
+elif [ "$(swconfig list 2>&1 | grep switch0)" != "" ] && [ -d /sys/class/net/eth1 ]; then
+	lanif="eth1"
+elif [ ! -d /sys/class/net/eth1 ] && [ -d /sys/class/net/eth0 ]; then
+	lanif="eth0"
+fi
+uci -q batch <<-EOF
+delete network.lan.type
+set network.lan=interface
+set network.lan.proto=static
+set network.lan.ipaddr=192.168.100.1
+set network.lan.netmask=255.255.255.0
+set network.lan.device=${lanif}
+set network.lan.metric=2048
+set network.lan.ipv6=0
+set network.lan.delegate=0
+EOF
+
+uci -q batch <<-EOF
+delete network.none
+delete network.wan
+delete network.if6rd
+reorder network.loopback=0
+reorder network.globals=1
+reorder network.lan=2
+set network.globals.multipath=enable
+EOF
+
+# Set the ip rule for the lan with a pref of 100
+uci -q show network.lan_rule >/dev/null || \
+	uci -q batch <<-EOF
+	set network.lan_rule=rule
+	set network.lan_rule.lookup=lan
+	set network.lan_rule.priority=100
+	EOF
+
+if [ "$(uci -q get network.vpn0.proto)" = "none" ]; then
+	uci -q delete network.vpn0
+fi
+
+config_load network
+config_foreach _setup_multipath_off interface
+
+# Add the lan as a named routing table
+if ! grep -s -q "lan" /etc/iproute2/rt_tables; then
+	echo "50 lan" >> /etc/iproute2/rt_tables
+fi
+uci -q set network.lan.ip4table='lan'
+
+#uci -q set "network.lan.ip6assign=64"
+
+# Create WAN interfaces
+if [ "$(uci -q show network.wan1 | grep multipath)" = "" ] && [ -z "$(uci -q get network.wan1.multipath)" ]; then
+	if [ "$(grep ipq806x /etc/os-release)" != "" ]; then
+		_setup_wan_interface wan1 eth1.1 master
+		_setup_wan_interface wan2 eth1.2 on
+		_setup_wan_interface wan3 eth1.3 on
+		_setup_wan_interface wan4 eth1.4 on
+	elif [ "$(grep rockchip /etc/os-release)" != "" ]; then
+		_setup_wan_interface wan1 eth0 master macvlan
+		_setup_wan_interface wan2 eth0 on macvlan
+		_setup_macvlan wan1
+		_setup_macvlan wan2
+	elif [ "$(swconfig list 2>&1 | grep switch0)" != "" ]; then
+		_setup_wan_interface wan1 eth0.1 master
+		_setup_wan_interface wan2 eth0.2 on
+		_setup_wan_interface wan3 eth0.3 on
+		_setup_wan_interface wan4 eth0.4 on
+	elif [ -d /sys/class/net/wan ] || [ -n "$(ip link | grep ' wan:')" ] || [ -n "$(ip link | grep ' wan@')" ]; then
+		if [ -d /sys/class/net/lan0 -o -n "$(ip link | grep ' lan0')" ] && [ -d /sys/class/net/lan1 -o -n "$(ip link | grep ' lan1')" ]; then
+			_setup_wan_interface wan1 lan0 master
+			_setup_wan_interface wan2 lan1 on
+
+			_macaddr=$(uci -q get "network.lan0.macaddr")
+			_setup_macaddr "wan1" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+			_macaddr=$(uci -q get "network.lan1.macaddr")
+			_setup_macaddr "wan2" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+			if [ -d /sys/class/net/lan2 ] || [ -n "$(ip link | grep ' lan2')" ]; then
+				_setup_wan_interface wan3 lan2 on
+				_macaddr=$(uci -q get "network.lan2.macaddr")
+				_setup_macaddr "wan3" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+				if [ -d /sys/class/net/lan3 ] || [ -n "$(ip link | grep ' lan3')" ]; then
+					_setup_wan_interface wan4 lan3 on
+					_macaddr=$(uci -q get "network.lan3.macaddr")
+					_setup_macaddr "wan4" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+				fi
+			fi
+		elif [ -d /sys/class/net/lan1 -o -n "$(ip link | grep ' lan1')" ] && [ -d /sys/class/net/lan2 -o -n "$(ip link | grep ' lan2')" ]; then
+			_setup_wan_interface wan1 lan1 master
+			_setup_wan_interface wan2 lan2 on
+
+			_macaddr=$(uci -q get "network.lan1.macaddr")
+			_setup_macaddr "wan1" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+			_macaddr=$(uci -q get "network.lan2.macaddr")
+			_setup_macaddr "wan2" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+			if [ -d /sys/class/net/lan3 ] || [ -n "$(ip link | grep ' lan3')" ]; then
+				_setup_wan_interface wan3 lan3 on
+				_macaddr=$(uci -q get "network.lan3.macaddr")
+				_setup_macaddr "wan3" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+				if [ -d /sys/class/net/lan4 ] || [ -n "$(ip link | grep ' lan4')" ]; then
+					_setup_wan_interface wan4 lan4 on
+					_macaddr=$(uci -q get "network.lan4.macaddr")
+					_setup_macaddr "wan4" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+				fi
+			fi
+		else
+			_setup_wan_interface wan1 wan master macvlan
+			_setup_wan_interface wan2 wan on macvlan
+			_setup_macvlan wan1
+			_setup_macvlan wan2
+		fi
+	elif [ -d /sys/class/net/wan1 ] || [ -n "$(ip link | grep ' wan1')" ]; then
+		if [ -d /sys/class/net/wan2 ] || [ -n "$(ip link | grep ' wan2')" ]; then
+			_setup_wan_interface wan1 wan1 master
+			_setup_wan_interface wan2 wan2 on
+
+			_macaddr=$(uci -q get "network.wan1.macaddr")
+			_setup_macaddr "wan1" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+			_macaddr=$(uci -q get "network.wan2.macaddr")
+			_setup_macaddr "wan2" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+
+			if [ -d /sys/class/net/wan3 ] || [ -n "$(ip link | grep ' wan3')" ]; then
+				_setup_wan_interface wan3 wan3 on
+				_macaddr=$(uci -q get "network.wan3.macaddr")
+				_setup_macaddr "wan3" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+				if [ -d /sys/class/net/wan4 ] || [ -n "$(ip link | grep ' wan4')" ]; then
+					_setup_wan_interface wan4 wan4 on
+					_macaddr=$(uci -q get "network.wan4.macaddr")
+					_setup_macaddr "wan4" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+				fi
+			fi
+		else
+			_setup_wan_interface wan1 wan1 master macvlan
+			_setup_wan_interface wan2 wan1 on macvlan
+			_setup_macvlan wan1
+			_setup_macvlan wan2
+		fi
+	elif [ -d /sys/class/net/eth1 ] || [ -n "$(ip link | grep ' eth1:')" ]; then
+		if [ -d /sys/class/net/eth2 ] || [ -n "$(ip link | grep ' eth2:')" ]; then
+			_setup_wan_interface wan1 eth1 master
+			_setup_wan_interface wan2 eth2 on
+			if [ -d /sys/class/net/eth3 ] || [ -n "$(ip link | grep ' eth3:')" ]; then
+				_setup_wan_interface wan3 eth3 on
+			fi
+			if [ -d /sys/class/net/eth4 ] || [ -n "$(ip link | grep ' eth4:')" ]; then
+				_setup_wan_interface wan4 eth4 on
+			fi
+			if [ -d /sys/class/net/eth5 ] || [ -n "$(ip link | grep ' eth5:')" ]; then
+				_setup_wan_interface wan5 eth5 on
+			fi
+			if [ -d /sys/class/net/eth6 ] || [ -n "$(ip link | grep ' eth6:')" ]; then
+				_setup_wan_interface wan6 eth6 on
+			fi
+			if [ -d /sys/class/net/eth7 ] || [ -n "$(ip link | grep ' eth7:')" ]; then
+				_setup_wan_interface wan7 eth7 on
+			fi
+			if [ -d /sys/class/net/eth8 ] || [ -n "$(ip link | grep ' eth8:')" ]; then
+				_setup_wan_interface wan8 eth8 on
+			fi
+		else
+			_setup_wan_interface wan1 eth1 master macvlan
+			_setup_wan_interface wan2 eth1 on macvlan
+			_setup_macvlan wan1
+			_setup_macvlan wan2
+		fi
+	elif [ -d /sys/class/net/eth0.1 ] && [ -d /sys/class/net/eth0.2 ]; then
+		_setup_wan_interface wan1 eth0.1 master
+		_setup_wan_interface wan2 eth0.2 on
+	else
+		_setup_wan_interface wan1 eth0 master macvlan
+		_setup_wan_interface wan2 eth0 on macvlan
+		_setup_macvlan wan1
+		_setup_macvlan wan2
+	fi
+	#uci -q batch <<-EOF
+	#add network route6
+	#set network.@route6[-1].interface='lan'
+	#set network.@route6[-1].target='::/0'
+	#EOF
+fi
+
+# Replace omrip to oip in config for old config
+sed -i 's/omrip/oip/g' /etc/config/*
+
+# Fix config from ifname to device for loopback
+uci -q delete network.loopback.ifname
+uci -q set network.loopback.device='lo'
+
+uci -q commit macvlan
+uci -q commit network
+rm -f /tmp/luci-indexcache
+exit 0

openmptcprouter/files/etc/uci-defaults/1940-omr-dns

@@ -16,7 +16,6 @@ if [ "$(uci -q get openmptcprouter.latest_versions)" = "" ]; then
 			add_list dhcp.@dnsmasq[-1].server="127.0.0.1#5353"
 			add_list dhcp.@dnsmasq[-1].server="8.8.8.8"
 			add_list dhcp.@dnsmasq[-1].server="/lan/"
-			set dhcp.@dnsmasq[-1].dnssec='1'
 			commit dhcp
 		EOF
 	fi

openmptcprouter/files/etc/uci-defaults/1980-omr-firewall

@@ -150,6 +150,14 @@ if [ "$(uci -q get firewall.gre_tunnel)" = "" ]; then
 		commit firewall
 	EOF
 fi
+if [ "$(uci -q get firewall.ttl)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		set firewall.ttl=include
+		set firewall.ttl.path=/etc/firewall.ttl
+		set firewall.ttl.reload=1
+		commit firewall
+	EOF
+fi
 if [ "$(uci -q get firewall.fwlantovpn)" = "" ]; then
 	uci -q batch <<-EOF >/dev/null
 		set firewall.zone_lan.auto_helper='0'

openmptcprouter/files/etc/uci-defaults/1990-omr-tracker

@@ -10,6 +10,11 @@ if [ "$(uci -q get omr-tracker.omrvpn)" = "" ]; then
 		set omr-tracker.omrvpn.interval=5
 		set omr-tracker.omrvpn.mail_alert=0
 		set omr-tracker.omrvpn.enabled=1
+		set omr-tracker.omrvpn.wait-test=0
+		set omr-tracker.omrvpn.server_http_test=1
+		set omr-tracker.omrvpn.restart_down=0
+		add_list omr-tracker.omrvpn.hosts='4.2.2.1'
+		add_list omr-tracker.omrvpn.hosts='8.8.8.8'
 		commit omr-tracker
 	EOF
 fi

openmptcprouter/files/etc/uci-defaults/2030-omr-fstab

@@ -0,0 +1,17 @@
+#!/bin/sh
+. /lib/functions.sh
+
+_set_fsck() {
+	uci -q batch <<-EOF >/dev/null
+		set "fstab.$1.enabled=1"
+		set "fstab.$1.enable_fsck=1"
+	EOF
+}
+
+/sbin/block detect > /etc/config/fstab
+uci -q set fstab.@global[0].check_fs='1'
+config_load fstab
+config_foreach _set_fsck mount
+uci -q commit fstab
+
+exit 0

openmptcprouter/files/etc/uci-defaults/2060-omr-system

@@ -8,8 +8,6 @@ uci -q batch <<-EOF >/dev/null
 	commit rpcd
 	set luci.apply.timeout='20'
 	commit luci
-	set fstab.@global[0].check_fs='1'
-	commit fstab
 EOF
 
 if [ "$(uci -q get rpcd.@rpcd[0].socket)" != "/var/run/ubus/ubus.sock" ]; then
@@ -19,8 +17,6 @@ if [ "$(uci -q get rpcd.@rpcd[0].socket)" != "/var/run/ubus/ubus.sock" ]; then
 	EOF
 fi
 
-/sbin/block detect > /etc/config/fstab
-
 [ -n "$(ubus call system board | jsonfilter -e '@.board_name' | grep raspberry)" ] && [ "$(uci -q get openmptcprouter.settings.scaling_governor)" != "performance" ] && {
 	# force CPU speed for RPI
 	uci -q set openmptcprouter.settings.scaling_min_freq=$(cat /sys/devices/system/cpu/cpufreq/policy0/scaling_max_freq | tr -d "\n")

openmptcprouter/files/etc/uci-defaults/2091-omr-wifi

@@ -1,18 +1,22 @@
 #!/bin/sh
-if [ "$(uci -q get wireless.radio0)" != "" ]; then
+if [ "$(uci -q get wifi-iface.radio0)" != "" ] && [ "$(uci -q get wifi-iface.default_radio0.key)" = "12345678" ]; then
-	if [ "$(uci -q get wireless.radio0.country)" = "" ]; then
+	if [ "$(uci -q get wifi-device.radio0.country)" = "" ]; then
 		uci -q batch <<-EOF >/dev/null
-			set wireless.radio0.country='00'
+			set wifi-device.radio0.country='FR'
-			set wireless.default_radio0.skip_inactivity_poll='1'
+			commit wifi-device
-			commit wireless
 		EOF
 	fi
-	if [ "$(uci -q get wireless.default_radio0.network)" = "lan" ]; then
+	if [ -n "$(uci -q get wifi-iface.radio0.network | grep lan)" ]; then
 		uci -q batch <<-EOF >/dev/null
-			set wireless.default_radio0.network='wifi'
+			set wifi-iface.default_radio0.network='wifi'
-			commit wireless
+			commit wifi-iface
+		EOF
+	fi
+	if [ -n "$(uci -q get wifi-device.radio0.cell_density)" ]; then
+		uci -q batch <<-EOF >/dev/null
+			delete wifi-device.radio0.cell_density
+			commit wifi-device
 		EOF
-	
 	fi
 fi
 

shadowsocks-libev/Makefile

@@ -14,12 +14,11 @@ include $(TOPDIR)/rules.mk
 # - check if default mode has changed from being tcp_only
 #
 PKG_NAME:=shadowsocks-libev
-PKG_VERSION:=3.3.5
+PKG_RELEASE:=11
-PKG_RELEASE:=10
+PKG_SOURCE_PROTO:=git
-
+PKG_SOURCE_URL:=https://github.com/Ysurac/shadowsocks-libev.git
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_VERSION:=410950d87d8cdf8502d8f59a79dc0ff4c7677543
-PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION)
+PKG_VERSION:=3.3.5-$(PKG_SOURCE_VERSION)
-PKG_HASH:=cfc8eded35360f4b67e18dc447b0c00cddb29cc57a3cec48b135e5fb87433488
 
 PKG_MAINTAINER:=Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
 

shadowsocks-libev/files/shadowsocks.conf

@@ -52,5 +52,5 @@ net.ipv4.tcp_mtu_probing = 0
 # Default conntrack is too small
 net.netfilter.nf_conntrack_max = 131072
 
-net.ipv4.tcp_ecn = 1
+net.ipv4.tcp_ecn = 2
 #net.ipv4.tcp_sack = 0

shadowsocks-libev/patches/020-NOCRYPTO.patch

@@ -1,632 +0,0 @@
-From e9fc31e06453cacf662448663f0c79ae4878fed5 Mon Sep 17 00:00:00 2001
-From: Fejes Ferenc <spyff@mailbox.hu>
-Date: Mon, 31 Jul 2017 12:08:11 +0200
-Subject: [PATCH 01/17] No encryption initial implementation
-
-Set cipher az "none" to disable encryption.
----
- completions/bash/ss-local      |  2 +-
- completions/bash/ss-manager    |  2 +-
- completions/bash/ss-redir      |  2 +-
- completions/bash/ss-server     |  4 ++--
- completions/bash/ss-tunnel     |  2 +-
- completions/zsh/_ss-local      |  2 +-
- completions/zsh/_ss-manager    |  2 +-
- completions/zsh/_ss-redir      |  2 +-
- completions/zsh/_ss-server     |  2 +-
- completions/zsh/_ss-tunnel     |  2 +-
- doc/shadowsocks-libev.asciidoc |  4 +++-
- doc/ss-local.asciidoc          |  4 +++-
- doc/ss-manager.asciidoc        |  4 +++-
- doc/ss-redir.asciidoc          |  4 +++-
- doc/ss-server.asciidoc         |  4 +++-
- doc/ss-tunnel.asciidoc         |  4 +++-
- src/Makefile.am                |  3 ++-
- src/crypto.c                   | 15 +++++++++++++++
- src/noencrypt.c                | 25 +++++++++++++++++++++++++
- src/noencrypt.h                | 11 +++++++++++
- src/server.c                   |  2 +-
- src/stream.c                   | 17 ++++++++---------
- src/utils.c                    |  2 +-
- 27 files changed, 100 insertions(+), 37 deletions(-)
- create mode 100644 src/noencrypt.c
- create mode 100644 src/noencrypt.h
-
-diff --git a/completions/bash/ss-local b/completions/bash/ss-local
-index 0186ccc4..57fa318b 100644
---- a/completions/bash/ss-local
-+++ b/completions/bash/ss-local
-@@ -2,7 +2,7 @@ _ss_local()
- {
-     local cur prev opts ciphers
-     opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -v -h --reuse-port --fast-open --acl --mtu --mptcp --no-delay --key --plugin --plugin-opts --help'
--    ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
-+    ciphers='none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
-     cur=${COMP_WORDS[COMP_CWORD]}
-     prev="${COMP_WORDS[COMP_CWORD-1]}"
-     case "$prev" in
-diff --git a/completions/bash/ss-manager b/completions/bash/ss-manager
-index d3168a3b..de13c9e9 100644
---- a/completions/bash/ss-manager
-+++ b/completions/bash/ss-manager
-@@ -2,7 +2,7 @@ _ss_manager()
- {
-     local cur prev opts ciphers
-     opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -v -h --reuse-port --manager-address --executable --mtu --mptcp --plugin --plugin-opts --help'
--    ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
-+    ciphers='none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
-     cur=${COMP_WORDS[COMP_CWORD]}
-     prev="${COMP_WORDS[COMP_CWORD-1]}"
-     case "$prev" in
-diff --git a/completions/bash/ss-redir b/completions/bash/ss-redir
-index 9a14efe8..fdc7b21e 100644
---- a/completions/bash/ss-redir
-+++ b/completions/bash/ss-redir
-@@ -2,7 +2,7 @@ _ss_redir()
- {
-     local cur prev opts ciphers
-     opts='-s -p -l -k -m -a -f -t -c -n -b -u -U -T -v -h --reuse-port --mtu --mptcp --key --plugin --plugin-opts --help'
--    ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
-+    ciphers='none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
-     cur=${COMP_WORDS[COMP_CWORD]}
-     prev="${COMP_WORDS[COMP_CWORD-1]}"
-     case "$prev" in
-diff --git a/completions/bash/ss-server b/completions/bash/ss-server
-index cec983ce..d8f3c298 100644
---- a/completions/bash/ss-server
-+++ b/completions/bash/ss-server
-@@ -1,8 +1,8 @@
- _ss_server()
- {
-     local cur prev opts ciphers
--    opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -6 -d -v -h --reuse-port --fast-open --acl --manager-address --mtu --mptcp --no-delay --key --plugin --plugin-opts --help'
--    ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
-+    opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -6 -d -v -h --reuse-port --fast-open --acl --manager-address --mtu --mptcp --key --plugin --plugin-opts --help'
-+    ciphers='none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
-     COMPREPLY=()
-     cur=${COMP_WORDS[COMP_CWORD]}
-     prev="${COMP_WORDS[COMP_CWORD-1]}"
-diff --git a/completions/bash/ss-tunnel b/completions/bash/ss-tunnel
-index 707dc7a9..2e119098 100644
---- a/completions/bash/ss-tunnel
-+++ b/completions/bash/ss-tunnel
-@@ -2,7 +2,7 @@ _ss_tunnel()
- {
-     local cur prev opts ciphers
-     opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -L -v -h --reuse-port --mtu --mptcp --key --plugin --plugin-opts --help'
--    ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
-+    ciphers='none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
-     cur=${COMP_WORDS[COMP_CWORD]}
-     prev="${COMP_WORDS[COMP_CWORD-1]}"
-     compopt +o nospace
-diff --git a/completions/zsh/_ss-local b/completions/zsh/_ss-local
-index c56ed521..8b12b767 100644
---- a/completions/zsh/_ss-local
-+++ b/completions/zsh/_ss-local
-@@ -1,7 +1,7 @@
- #compdef ss-local
- 
- local ciphers
--ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
-+ciphers='(none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
- 
- _arguments "-h::" \
-            "-s:server host:_hosts" \
-diff --git a/completions/zsh/_ss-manager b/completions/zsh/_ss-manager
-index 3e65f6c8..66c101a1 100644
---- a/completions/zsh/_ss-manager
-+++ b/completions/zsh/_ss-manager
-@@ -1,7 +1,7 @@
- #compdef ss-manager
- 
- local ciphers
--ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
-+ciphers='(none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
- 
- _arguments "-h::" \
-            "-s:server host:_hosts" \
-diff --git a/completions/zsh/_ss-redir b/completions/zsh/_ss-redir
-index 4f3b065e..6ef867f3 100644
---- a/completions/zsh/_ss-redir
-+++ b/completions/zsh/_ss-redir
-@@ -1,7 +1,7 @@
- #compdef ss-redir
- 
- local ciphers
--ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
-+ciphers='(none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
- 
- _arguments "-h::" \
-            "-s:server host:_hosts" \
-diff --git a/completions/zsh/_ss-server b/completions/zsh/_ss-server
-index 8d9f4316..76bae33c 100644
---- a/completions/zsh/_ss-server
-+++ b/completions/zsh/_ss-server
-@@ -1,7 +1,7 @@
- #compdef ss-server
- 
- local ciphers
--ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
-+ciphers='(none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
- 
- _arguments "-h::" \
-            "-s:server host:_hosts" \
-diff --git a/completions/zsh/_ss-tunnel b/completions/zsh/_ss-tunnel
-index 5a269900..248451f9 100644
---- a/completions/zsh/_ss-tunnel
-+++ b/completions/zsh/_ss-tunnel
-@@ -1,7 +1,7 @@
- #compdef ss-tunnel
- 
- local ciphers
--ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
-+ciphers='(none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
- 
- _arguments "-h::" \
-            "-s:server host:_hosts" \
-diff --git a/doc/shadowsocks-libev.asciidoc b/doc/shadowsocks-libev.asciidoc
-index 5a62f669..f0844a3f 100644
---- a/doc/shadowsocks-libev.asciidoc
-+++ b/doc/shadowsocks-libev.asciidoc
-@@ -54,7 +54,9 @@ Set the key directly. The key should be encoded with URL-safe Base64.
- Not available in manager mode.
- 
- -m <encrypt_method>::
--Set the cipher.
-+Set the cipher or turn off the encryption.
-++
-+To disable encryption use `none` as cipher.
- +
- *Shadowsocks-libev* accepts 18 different ciphers:
- +
-diff --git a/doc/ss-local.asciidoc b/doc/ss-local.asciidoc
-index 931fcd54..82439e0f 100644
---- a/doc/ss-local.asciidoc
-+++ b/doc/ss-local.asciidoc
-@@ -49,7 +49,9 @@ Set the password. The server and the client should use the same password.
- Set the key directly. The key should be encoded with URL-safe Base64.
- 
- -m <encrypt_method>::
--Set the cipher.
-+Set the cipher or turn off the encryption.
-++
-+To disable encryption use `none` as cipher.
- +
- *Shadowsocks-libev* accepts 18 different ciphers:
- +
-diff --git a/doc/ss-manager.asciidoc b/doc/ss-manager.asciidoc
-index f344cffa..bc00cac0 100644
---- a/doc/ss-manager.asciidoc
-+++ b/doc/ss-manager.asciidoc
-@@ -41,7 +41,9 @@ Set the server's hostname or IP.
- Set the password. The server and the client should use the same password.
- 
- -m <encrypt_method>::
--Set the cipher.
-+Set the cipher or turn off the encryption.
-++
-+To disable encryption use `none` as cipher.
- +
- *Shadowsocks-libev* accepts 18 different ciphers:
- +
-diff --git a/doc/ss-redir.asciidoc b/doc/ss-redir.asciidoc
-index f9195b31..6a0207f0 100644
---- a/doc/ss-redir.asciidoc
-+++ b/doc/ss-redir.asciidoc
-@@ -48,7 +48,9 @@ Set the password. The server and the client should use the same password.
- Set the key directly. The key should be encoded with URL-safe Base64.
- 
- -m <encrypt_method>::
--Set the cipher.
-+Set the cipher or turn off the encryption.
-++
-+To disable encryption use `none` as cipher.
- +
- *Shadowsocks-libev* accepts 18 different ciphers:
- +
-diff --git a/doc/ss-server.asciidoc b/doc/ss-server.asciidoc
-index 866f0605..0fbacb0c 100644
---- a/doc/ss-server.asciidoc
-+++ b/doc/ss-server.asciidoc
-@@ -46,7 +46,9 @@ Set the password. The server and the client should use the same password.
- Set the key directly. The key should be encoded with URL-safe Base64.
- 
- -m <encrypt_method>::
--Set the cipher.
-+Set the cipher or turn off the encryption.
-++
-+To disable encryption use `none` as cipher.
- +
- *Shadowsocks-libev* accepts 18 different ciphers:
- +
-diff --git a/doc/ss-tunnel.asciidoc b/doc/ss-tunnel.asciidoc
-index b4b3e6ec..96ab1d5e 100644
---- a/doc/ss-tunnel.asciidoc
-+++ b/doc/ss-tunnel.asciidoc
-@@ -48,7 +48,9 @@ Set the password. The server and the client should use the same password.
- Set the key directly. The key should be encoded with URL-safe Base64.
- 
- -m <encrypt_method>::
--Set the cipher.
-+Set the cipher or turn off the encryption.
-++
-+To disable encryption use `none` as cipher.
- +
- *Shadowsocks-libev* accepts 18 different ciphers:
- +
-diff --git a/src/Makefile.am b/src/Makefile.am
-index dcc5fd9b..2e689b7a 100644
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -31,7 +31,8 @@ crypto_src = crypto.c \
-              aead.c \
-              stream.c \
-              ppbloom.c \
--             base64.c
-+             base64.c \
-+             noencrypt.c
- 
- plugin_src = plugin.c
- 
-diff --git a/src/crypto.c b/src/crypto.c
-index df608cea..8c9044f6 100644
---- a/src/crypto.c
-+++ b/src/crypto.c
-@@ -41,6 +41,7 @@
- #include "aead.h"
- #include "utils.h"
- #include "ppbloom.h"
-+#include "noencrypt.h"
- 
- int
- balloc(buffer_t *ptr, size_t capacity)
-@@ -144,6 +145,20 @@ crypto_init(const char *password, const char *key, const char *method)
- #endif
- 
-     if (method != NULL) {
-+        if (strncmp(method, "none", 4) == 0) {
-+            crypto_t *crypto = (crypto_t *) malloc(sizeof(crypto_t));
-+            crypto_t temp    = {
-+                .chiper      = NULL,
-+                .encrypt_all = &none_stream_all,
-+                .decrypt_all = &none_stream_all,
-+                .encrypt     = &none_stream,
-+                .decrypt     = &none_stream,
-+                .ctx_init    = &none_stream_ctx_init,
-+                .ctx_release = &none_stream_ctx_release,
-+            };
-+            memcpy(crypto, &temp, sizeof(crypto_t));
-+            return crypto;
-+        }
-         for (i = 0; i < STREAM_CIPHER_NUM; i++)
-             if (strcmp(method, supported_stream_ciphers[i]) == 0) {
-                 m = i;
-diff --git a/src/noencrypt.c b/src/noencrypt.c
-new file mode 100644
-index 00000000..1804aaa5
---- /dev/null
-+++ b/src/noencrypt.c
-@@ -0,0 +1,25 @@
-+#ifdef HAVE_CONFIG_H
-+#include "config.h"
-+#endif
-+
-+#include "noencrypt.h"
-+
-+int
-+none_stream (buffer_t *chipertext, chiper_ctx_t *chiper_ctx, size_t capacity) {
-+    return CRYPTO_OK;
-+}
-+
-+int
-+none_stream_all (buffer_t *plaintext, chiper_t *chiper, size_t capacity) {
-+    return CRYPTO_OK;
-+}
-+
-+void
-+none_stream_ctx_init (chiper_t *chiper, chiper_ctx_t *chiper_ctx, int enc) {
-+    ;
-+}
-+
-+void
-+plain_stream_ctx_release (chiper_ctx_t *chiper_ctx) {
-+    ;
-+}
-\ No newline at end of file
-diff --git a/src/noencrypt.h b/src/noencrypt.h
-new file mode 100644
-index 00000000..38057da7
---- /dev/null
-+++ b/src/noencrypt.h
-@@ -0,0 +1,11 @@
-+#ifndef _NOENCRYPT_H
-+#define _NOENCRYPT_H
-+
-+#include "noencrypt.h"
-+
-+int none_stream_all(buffer_t *, cipher_t *, size_t);
-+int none_stream(buffer_t *, cipher_ctx_t *, size_t);
-+int none_stream_ctx_init(cipher_t *, cipher_ctx_t *, int);
-+int none_stream_ctx_release(cipher_ctx_t *);
-+
-+#endif _NOENCRYPT_H
-\ No newline at end of file
-diff --git a/src/server.c b/src/server.c
-index 3132c4d4..5fa87c28 100644
---- a/src/server.c
-+++ b/src/server.c
-@@ -1710,7 +1710,7 @@ main(int argc, char **argv)
-     }
- 
-     if (server_num == 0 || server_port == NULL
--        || (password == NULL && key == NULL)) {
-+            || (strncmp(method, "none", 4) && password == NULL && key == NULL)) {
-         usage();
-         exit(EXIT_FAILURE);
-     }
-diff --git a/src/stream.c b/src/stream.c
-index 5196c9ef..12c8be33 100644
---- a/src/stream.c
-+++ b/src/stream.c
-@@ -72,8 +72,7 @@
-  *
-  */
- 
--#define NONE                -1
--#define TABLE               0
-+#define NONE               0
- #define RC4                 1
- #define RC4_MD5             2
- #define AES_128_CFB         3
-@@ -96,7 +95,7 @@
- #define CHACHA20IETF        20
- 
- const char *supported_stream_ciphers[STREAM_CIPHER_NUM] = {
--    "table",
-+    "none",
-     "rc4",
-     "rc4-md5",
-     "aes-128-cfb",
-@@ -198,7 +197,7 @@ cipher_key_size(const cipher_t *cipher)
- const cipher_kt_t *
- stream_get_cipher_type(int method)
- {
--    if (method <= TABLE || method >= STREAM_CIPHER_NUM) {
-+    if (method <= NONE || method >= STREAM_CIPHER_NUM) {
-         LOGE("stream_get_cipher_type(): Illegal method");
-         return NULL;
-     }
-@@ -224,7 +223,7 @@ stream_get_cipher_type(int method)
- void
- stream_cipher_ctx_init(cipher_ctx_t *ctx, int method, int enc)
- {
--    if (method <= TABLE || method >= STREAM_CIPHER_NUM) {
-+    if (method <= NONE || method >= STREAM_CIPHER_NUM) {
-         LOGE("stream_ctx_init(): Illegal method");
-         return;
-     }
-@@ -622,7 +621,7 @@ stream_ctx_init(cipher_t *cipher, cipher_ctx_t *cipher_ctx, int enc)
- cipher_t *
- stream_key_init(int method, const char *pass, const char *key)
- {
--    if (method <= TABLE || method >= STREAM_CIPHER_NUM) {
-+    if (method <= NONE || method >= STREAM_CIPHER_NUM) {
-         LOGE("cipher->key_init(): Illegal method");
-         return NULL;
-     }
-@@ -666,9 +665,9 @@ stream_key_init(int method, const char *pass, const char *key)
- cipher_t *
- stream_init(const char *pass, const char *key, const char *method)
- {
--    int m = TABLE;
-+    int m = NONE;
-     if (method != NULL) {
--        for (m = TABLE; m < STREAM_CIPHER_NUM; m++)
-+        for (m = NONE; m < STREAM_CIPHER_NUM; m++)
-             if (strcmp(method, supported_stream_ciphers[m]) == 0) {
-                 break;
-             }
-@@ -677,7 +676,7 @@ stream_init(const char *pass, const char *key, const char *method)
-             m = RC4_MD5;
-         }
-     }
--    if (m == TABLE) {
-+    if (m == NONE) {
-         LOGE("Table is deprecated");
-         return NULL;
-     }
-diff --git a/src/utils.c b/src/utils.c
-index b9142e7e..70bc99bb 100644
---- a/src/utils.c
-+++ b/src/utils.c
-@@ -289,7 +289,7 @@ usage()
-     printf(
-         "       -k <password>              Password of your remote server.\n");
-     printf(
--        "       -m <encrypt_method>        Encrypt method: rc4-md5, \n");
-+        "       -m <encrypt_method>        Encrypt method: none, rc4-md5, \n");
-     printf(
-         "                                  aes-128-gcm, aes-192-gcm, aes-256-gcm,\n");
-     printf(
-
-From 4cbca114514b06a5cbc6c2bab21929fe861852fb Mon Sep 17 00:00:00 2001
-From: Fejes Ferenc <spyff@mailbox.hu>
-Date: Mon, 31 Jul 2017 12:39:58 +0200
-Subject: [PATCH 06/17] Fixes
-
----
- src/crypto.c    | 2 +-
- src/noencrypt.h | 6 +++---
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/crypto.c b/src/crypto.c
-index 8c9044f6..98edee4f 100644
---- a/src/crypto.c
-+++ b/src/crypto.c
-@@ -148,7 +148,7 @@ crypto_init(const char *password, const char *key, const char *method)
-         if (strncmp(method, "none", 4) == 0) {
-             crypto_t *crypto = (crypto_t *) malloc(sizeof(crypto_t));
-             crypto_t temp    = {
--                .chiper      = NULL,
-+                .cipher      = NULL,
-                 .encrypt_all = &none_stream_all,
-                 .decrypt_all = &none_stream_all,
-                 .encrypt     = &none_stream,
-diff --git a/src/noencrypt.h b/src/noencrypt.h
-index 38057da7..206c18de 100644
---- a/src/noencrypt.h
-+++ b/src/noencrypt.h
-@@ -5,7 +5,7 @@
- 
- int none_stream_all(buffer_t *, cipher_t *, size_t);
- int none_stream(buffer_t *, cipher_ctx_t *, size_t);
--int none_stream_ctx_init(cipher_t *, cipher_ctx_t *, int);
--int none_stream_ctx_release(cipher_ctx_t *);
-+void none_stream_ctx_init(cipher_t *, cipher_ctx_t *, int);
-+void none_stream_ctx_release(cipher_ctx_t *);
- 
--#endif _NOENCRYPT_H
-\ No newline at end of file
-+#endif //_NOENCRYPT_H
-\ No newline at end of file
-
-From 07607127317804319b0cb358080516ee99cf30e0 Mon Sep 17 00:00:00 2001
-From: Fejes Ferenc <spyff@mailbox.hu>
-Date: Mon, 31 Jul 2017 12:57:46 +0200
-Subject: [PATCH 08/17] fixed typenames
-
----
- src/noencrypt.c       | 8 ++++----
- src/noencrypt.h       | 2 +-
- 3 files changed, 7 insertions(+), 6 deletions(-)
-
-diff --git a/src/noencrypt.c b/src/noencrypt.c
-index 1804aaa5..114c908d 100644
---- a/src/noencrypt.c
-+++ b/src/noencrypt.c
-@@ -5,21 +5,21 @@
- #include "noencrypt.h"
- 
- int
--none_stream (buffer_t *chipertext, chiper_ctx_t *chiper_ctx, size_t capacity) {
-+none_stream (buffer_t *chipertext, cipher_ctx_t *chiper_ctx, size_t capacity) {
-     return CRYPTO_OK;
- }
- 
- int
--none_stream_all (buffer_t *plaintext, chiper_t *chiper, size_t capacity) {
-+none_stream_all (buffer_t *plaintext, cipher_t *chiper, size_t capacity) {
-     return CRYPTO_OK;
- }
- 
- void
--none_stream_ctx_init (chiper_t *chiper, chiper_ctx_t *chiper_ctx, int enc) {
-+none_stream_ctx_init (chiper_t *chiper, cipher_ctx_t *chiper_ctx, int enc) {
-     ;
- }
- 
- void
--plain_stream_ctx_release (chiper_ctx_t *chiper_ctx) {
-+plain_stream_ctx_release (cipher_ctx_t *chiper_ctx) {
-     ;
- }
-\ No newline at end of file
-diff --git a/src/noencrypt.h b/src/noencrypt.h
-index 206c18de..48954115 100644
---- a/src/noencrypt.h
-+++ b/src/noencrypt.h
-@@ -1,7 +1,7 @@
- #ifndef _NOENCRYPT_H
- #define _NOENCRYPT_H
- 
--#include "noencrypt.h"
-+#include "crypto.h"
- 
- int none_stream_all(buffer_t *, cipher_t *, size_t);
- int none_stream(buffer_t *, cipher_ctx_t *, size_t);
-
-From 4d1c15ba49a58359234174e775b509efa07bbb95 Mon Sep 17 00:00:00 2001
-From: Fejes Ferenc <spyff@mailbox.hu>
-Date: Mon, 31 Jul 2017 13:14:53 +0200
-Subject: [PATCH 09/17] small fix
-
----
- src/noencrypt.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/noencrypt.c b/src/noencrypt.c
-index 114c908d..8ddcaabb 100644
---- a/src/noencrypt.c
-+++ b/src/noencrypt.c
-@@ -15,7 +15,7 @@ none_stream_all (buffer_t *plaintext, cipher_t *chiper, size_t capacity) {
- }
- 
- void
--none_stream_ctx_init (chiper_t *chiper, cipher_ctx_t *chiper_ctx, int enc) {
-+none_stream_ctx_init (cipher_t *chiper, cipher_ctx_t *chiper_ctx, int enc) {
-     ;
- }
- 
-
-From 01294c25e8e02c399a9df17a13758e7f9f16ed8f Mon Sep 17 00:00:00 2001
-From: Fejes Ferenc <spyff@mailbox.hu>
-Date: Mon, 31 Jul 2017 13:22:44 +0200
-Subject: [PATCH 11/17] Do not optimize away the unused variablas
-
----
- src/noencrypt.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/noencrypt.c b/src/noencrypt.c
-index 8ddcaabb..e9bf017d 100644
---- a/src/noencrypt.c
-+++ b/src/noencrypt.c
-@@ -6,20 +6,22 @@
- 
- int
- none_stream (buffer_t *chipertext, cipher_ctx_t *chiper_ctx, size_t capacity) {
-+    (void) chipertext; (void) chiper_ctx; (void) capacity;
-     return CRYPTO_OK;
- }
- 
- int
- none_stream_all (buffer_t *plaintext, cipher_t *chiper, size_t capacity) {
-+    (void) plaintext; (void) chiper; (void) capacity;
-     return CRYPTO_OK;
- }
- 
- void
- none_stream_ctx_init (cipher_t *chiper, cipher_ctx_t *chiper_ctx, int enc) {
--    ;
-+    (void) chiper; (void) chiper_ctx; (void) enc;
- }
- 
- void
- plain_stream_ctx_release (cipher_ctx_t *chiper_ctx) {
--    ;
-+    (void) chiper_ctx;
- }
-\ No newline at end of file
-
-From 1b0c88066515ea496c00049cb5aff92decdbe05a Mon Sep 17 00:00:00 2001
-From: Fejes Ferenc <spyff@mailbox.hu>
-Date: Mon, 31 Jul 2017 13:39:57 +0200
-Subject: [PATCH 13/17] code fix
-
----
- src/noencrypt.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/noencrypt.c b/src/noencrypt.c
-index e9bf017d..76253647 100644
---- a/src/noencrypt.c
-+++ b/src/noencrypt.c
-@@ -22,6 +22,6 @@ none_stream_ctx_init (cipher_t *chiper, cipher_ctx_t *chiper_ctx, int enc) {
- }
- 
- void
--plain_stream_ctx_release (cipher_ctx_t *chiper_ctx) {
-+none_stream_ctx_release (cipher_ctx_t *chiper_ctx) {
-     (void) chiper_ctx;
- }
-\ No newline at end of file

shortcut-fe/src/Kconfig

@@ -5,7 +5,8 @@
 config SHORTCUT_FE
 	tristate "Shortcut Forwarding Engine"
 	depends on NF_CONNTRACK
-	---help---
+	default n
+	help
 	  Shortcut is a fast in-kernel packet forwarding engine.
 
 	  To compile this code as a module, choose M here: the module will be

speedtestc/Makefile

@@ -12,7 +12,7 @@ PKG_RELEASE:=3
 
 PKG_SOURCE_URL:=https://github.com/mobrembski/SpeedTestC.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=64f8d8288cbbaa596a408fd3051a2b5bc831faa9
+PKG_SOURCE_VERSION:=5bd807bc32269321e500a7e7d36b8ec3fefa5f47
 PKG_MAINTAINER:=Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
 PKG_LICENSE:=GPL-2.0
 PKG_BUILD_PARALLEL:=0

speedtestc/patches/compile-fix.patch

@@ -1,38 +0,0 @@
-diff --git a/src/SpeedtestConfig.c b/SpeedTestC/src/SpeedtestConfig.c
-index 7b60a59..d9f58c9 100644
---- a/src/SpeedtestConfig.c
-+++ b/src/SpeedtestConfig.c
-@@ -50,7 +50,7 @@ static void parseClient(const char *configline, SPEEDTESTCONFIG_T **result_p)
-   char lat[16] = {0};
-   char lon[16] = {0};
- 
--	if(sscanf(configline,"%*[^\"]\"%15[^\"]\"%*[^\"]\"%15[^\"]\"%*[^\"]\"%15[^\"]\"%*[^\"]\"%255[^\"]\"",
-+	if(sscanf(configline,"%*[^\"]\"%15[^\"]\"%*[^\"]\"%20[^\"]\"%*[^\"]\"%20[^\"]\"%*[^\"]\"%255[^\"]\"",
- 					result->ip, lat, lon, result->isp)!=4)
- 	{
- 			fprintf(stderr,"Cannot parse all fields! Config line: %s", configline);
-diff --git a/src/SpeedtestDownloadTest.c b/src/SpeedtestDownloadTest.c
-index 54ed45d..545582a 100644
---- a/src/SpeedtestDownloadTest.c
-+++ b/src/SpeedtestDownloadTest.c
-@@ -32,7 +32,7 @@ static void *__downloadThread(void *arg)
- 	return NULL;
- }
- 
--void testDownload(const char *url)
-+void testDownload(char *url)
- {
-   size_t numOfThreads = speedTestConfig->downloadThreadConfig.count *
-     speedTestConfig->downloadThreadConfig.sizeLength;
-diff --git a/src/SpeedtestDownloadTest.h b/src/SpeedtestDownloadTest.h
-index e341f31..45e9d9a 100644
---- a/src/SpeedtestDownloadTest.h
-+++ b/src/SpeedtestDownloadTest.h
-@@ -1,6 +1,6 @@
- #ifndef _SPEEDTEST_DOWNLOAD_TEST_
- #define _SPEEDTEST_DOWNLOAD_TEST_
- 
--void testDownload(const char *url);
-+void testDownload(char *url);
- 
- #endif

speedtestc/patches/user-agent.patch

@@ -1,22 +0,0 @@
-diff --git a/src/http.c b/src/http.c
-index 45d7281..99f9cfd 100644
---- a/src/http.c
-+++ b/src/http.c
-@@ -88,7 +88,7 @@ sock_t httpPut(char* pAddress, int pPort, char* pRequest, unsigned long contentS
- 	 Leaving it uninitialized gives us random high value.*/
- 	sprintf(buffer, "POST %s HTTP/1.1\r\n"
- 			"Host: %s\r\n"
--			"User-Agent: SPEEDTEST_CLIENT\r\n"
-+			"User-Agent: OMR_SPEEDTEST_CLIENT\r\n"
- 			"Content-Type: application/x-www-form-urlencoded\r\n"
- 			"Connection: keep-alive\r\n"
- 			"Content-Length: %lu\r\n"
-@@ -131,7 +131,7 @@ sock_t httpGet(char* pAddress, int pPort, char* pRequest, int ssl)
- 
- 	sprintf(buffer, "GET %s HTTP/1.1\r\n"
- 			"Host: %s\r\n"
--			"User-Agent: SPEEDTEST_CLIENT\r\n"
-+			"User-Agent: OMR_SPEEDTEST_CLIENT\r\n"
- 			"Connection: close\r\n"
- 			"\r\n", pRequest, pAddress);
- 

tracebox/Makefile

@@ -14,11 +14,13 @@ PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_URL:=https://github.com/tracebox/tracebox.git
+PKG_SOURCE_URL:=https://github.com/dreibh/tracebox.git
+#https://github.com/tracebox/tracebox.git
 PKG_MAINTAINER:=Ycarus <ycarus@zugaina.org>
 
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=v0.4.4
+PKG_SOURCE_VERSION:=4ad40ea43354038a04ad90aedae5874801c223e8
+#v0.4.4
 
 PKG_FIXUP:=autoreconf
 
@@ -43,7 +45,7 @@ CONFIGURE_VARS += \
 
 CONFIGURE_ARGS += --enable-sniffer --enable-curl --with-libpcap="$(STAGING_DIR)/usr/include/"
 
-EXTRA_CPPFLAGS += -fpermissive -Wno-variadic-macros
+EXTRA_CPPFLAGS += -fpermissive -Wno-variadic-macros -std=c++14
 
 TARGET_CFLAGS += -D_GNU_SOURCE
 

umbim/Makefile

@@ -1,47 +0,0 @@
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=umbim
-PKG_RELEASE:=2
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL=$(PROJECT_GIT)/project/umbim.git
-PKG_SOURCE_DATE:=2019-09-11
-PKG_SOURCE_VERSION:=184b707ddaa0acee84d02e0ffe599cb8b67782bd
-PKG_MIRROR_HASH:=482ff69144f81fafed99035840f5a24e772472f2df2f3ac0219d6de791ac5835
-PKG_MAINTAINER:=John Crispin <john@phrozen.org>
-
-PKG_LICENSE:=GPL-2.0
-PKG_LICENSE_FILES:=
-
-PKG_BUILD_PARALLEL:=1
-
-PKG_FLAGS:=nonshared
-
-include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/cmake.mk
-
-define Package/umbim
-  SECTION:=net
-  CATEGORY:=Network
-  SUBMENU:=WWAN
-  DEPENDS:=+libubox +kmod-usb-net +kmod-usb-net-cdc-mbim +wwan
-  TITLE:=Control utility for mobile broadband modems
-endef
-
-define Package/umbim/description
-  umbim is a command line tool for controlling mobile broadband modems using
-  the MBIM-protocol.
-endef
-
-TARGET_CFLAGS += \
-	-I$(STAGING_DIR)/usr/include -ffunction-sections -fdata-sections
-
-TARGET_LDFLAGS += -Wl,--gc-sections
-
-define Package/umbim/install
-	$(INSTALL_DIR) $(1)/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/umbim $(1)/sbin/
-	$(CP) ./files/* $(1)/
-endef
-
-$(eval $(call BuildPackage,umbim))

umbim/files/lib/netifd/proto/mbim.sh

@@ -1,240 +0,0 @@
-#!/bin/sh
-
-[ -n "$INCLUDE_ONLY" ] || {
-	. /lib/functions.sh
-	. ../netifd-proto.sh
-	init_proto "$@"
-}
-#DBG=-v
-
-proto_mbim_init_config() {
-	available=1
-	no_device=1
-	proto_config_add_string "device:device"
-	proto_config_add_string pdptype
-	proto_config_add_string apn
-	proto_config_add_string pincode
-	proto_config_add_string delay
-	proto_config_add_string auth
-	proto_config_add_string username
-	proto_config_add_string password
-	proto_config_add_defaults
-}
-
-_proto_mbim_setup() {
-	local interface="$1"
-	local tid=2
-
-	local device pdptype apn pincode delay auth username password $PROTO_DEFAULT_OPTIONS
-	json_get_vars device pdptype apn pincode delay auth username password $PROTO_DEFAULT_OPTIONS
-
-	[ -n "$ctl_device" ] && device=$ctl_device
-
-	pdptype=$(echo "$pdptype" | awk '{print tolower($0)}')
-	case "$pdptype" in
-		ip )
-			pdptype="ipv4"
-		;;
-		ipv4 | ipv6 | ipv4v6 | ipv4-and-ipv6 )
-		;;
-		* ) pdptype="default" ;;
-	esac
-
-	[ -n "$device" ] || {
-		echo "mbim[$$]" "No control device specified"
-		proto_notify_error "$interface" NO_DEVICE
-		proto_set_available "$interface" 0
-		return 1
-	}
-	[ -c "$device" ] || {
-		echo "mbim[$$]" "The specified control device does not exist"
-		proto_notify_error "$interface" NO_DEVICE
-		proto_set_available "$interface" 0
-		return 1
-	}
-
-	devname="$(basename "$device")"
-	devpath="$(readlink -f /sys/class/usbmisc/$devname/device/)"
-	ifname="$( ls "$devpath"/net )"
-
-	[ -n "$ifname" ] || {
-		echo "mbim[$$]" "Failed to find matching interface"
-		proto_notify_error "$interface" NO_IFNAME
-		proto_set_available "$interface" 0
-		return 1
-	}
-
-	[ -n "$apn" ] || {
-		echo "mbim[$$]" "No APN specified"
-		proto_notify_error "$interface" NO_APN
-		return 1
-	}
-
-	[ -n "$delay" ] && sleep "$delay"
-
-	echo "mbim[$$]" "Reading capabilities"
-	umbim $DBG -n -d $device caps || {
-		echo "mbim[$$]" "Failed to read modem caps"
-		proto_notify_error "$interface" PIN_FAILED
-		return 1
-	}
-	tid=$((tid + 1))
-
-	[ "$pincode" ] && {
-		echo "mbim[$$]" "Sending pin"
-		umbim $DBG -n -t $tid -d $device unlock "$pincode" || {
-			echo "mbim[$$]" "Unable to verify PIN"
-			proto_notify_error "$interface" PIN_FAILED
-			proto_block_restart "$interface"
-			return 1
-		}
-	}
-	tid=$((tid + 1))
-
-	echo "mbim[$$]" "Checking pin"
-	local pinstate="/var/run/mbim.$$.pinstate"
-	umbim $DBG -n -t $tid -d $device pinstate > "$pinstate" 2>&1 || {
-		local pin
-		pin=$(awk '$2=="pin:" {print $5}' "$pinstate")
-		# we only need pin1 (the SIM pin) to connect
-		[ "$pin" = "pin1" ] && {
-			echo "mbim[$$]" "PIN required"
-			proto_notify_error "$interface" PIN_FAILED
-			proto_block_restart "$interface"
-			return 1
-		}
-	}
-	tid=$((tid + 1))
-
-	echo "mbim[$$]" "Checking subscriber"
-	umbim $DBG -n -t $tid -d $device subscriber || {
-		echo "mbim[$$]" "Subscriber init failed"
-		proto_notify_error "$interface" NO_SUBSCRIBER
-		return 1
-	}
-	tid=$((tid + 1))
-
-	echo "mbim[$$]" "Register with network"
-	umbim $DBG -n -t $tid -d $device registration || {
-		echo "mbim[$$]" "Subscriber registration failed"
-		proto_notify_error "$interface" NO_REGISTRATION
-		return 1
-	}
-	tid=$((tid + 1))
-
-	echo "mbim[$$]" "Attach to network"
-	umbim $DBG -n -t $tid -d $device attach || {
-		echo "mbim[$$]" "Failed to attach to network"
-		proto_notify_error "$interface" ATTACH_FAILED
-		return 1
-	}
-	tid=$((tid + 1))
-
-	echo "mbim[$$]" "Connect to network"
-	while ! umbim $DBG -n -t $tid -d $device connect "$pdptype:$apn" "$auth" "$username" "$password"; do
-		tid=$((tid + 1))
-		sleep 1;
-	done
-	tid=$((tid + 1))
-
-	echo "mbim[$$]" "Connected, obtain IP address and configure interface"
-	local config="/var/run/mbim.$$.config"
-	umbim $DBG -n -t $tid -d $device config > "$config" || {
-		echo "mbim[$$]" "Failed to obtain IP address"
-		proto_notify_error "$interface" CONFIG_FAILED
-		return 1
-	}
-	tid=$((tid + 1))
-
-	proto_init_update "$ifname" 1
-	proto_add_data
-	json_add_int tid $tid
-	proto_close_data
-	proto_send_update "$interface"
-
-	local ip_4 ip_6
-	ip_4=$(awk '$1=="ipv4address:" {print $2}' "$config")
-	ip_6=$(awk '$1=="ipv6address:" {print $2}' "$config")
-	[ -n "$ip_4" ] || [ -n "$ip_6" ] || {
-		echo "mbim[$$]" "Failed to obtain IP addresses"
-		proto_notify_error "$interface" CONFIG_FAILED
-		return 1
-	}
-
-	proto_init_update "$ifname" 1
-	proto_set_keep 1
-	local ip mask gateway mtu dns dns_servers
-
-	[ -n "$ip_4" ] && {
-		echo "mbim[$$]" "Configure IPv4 on $ifname"
-		ip=${ip_4%%/*}
-		mask=${ip_4##*/}
-		gateway=$(awk '$1=="ipv4gateway:" {print $2}' "$config")
-		mtu=$(awk '$1=="ipv4mtu:" {print $2}' "$config")
-		[ "$mtu" ] && ip link set "$ifname" mtu "$mtu"
-
-		proto_add_ipv4_address "$ip" "$mask"
-		[ "$defaultroute" = 0 ] || proto_add_ipv4_route 0.0.0.0 0 "$gateway" "$ip_4" "$metric"
-		[ "$peerdns" = 0 ] || {
-			dns_servers=$(awk '$1=="ipv4dnsserver:" {printf "%s ",$2}' "$config")
-			for dns in $dns_servers; do
-				proto_add_dns_server "$dns"
-			done
-		}
-
-	}
-	[ -n "$ip_6" ] && {
-		echo "mbim[$$]" "Configure IPv6 on $ifname"
-		ip=${ip_6%%/*}
-		mask=${ip_6##*/}
-		gateway=$(awk '$1=="ipv6gateway:" {print $2}' "$config")
-		mtu=$(awk '$1=="ipv6mtu:" {print $2}' "$config")
-		[ "$mtu" ] && ip -6 link set "$ifname" mtu "$mtu"
-
-		proto_add_ipv6_address "$ip" "$mask"
-		proto_add_ipv6_prefix "$ip_6"
-		[ "$defaultroute" = 0 ] || proto_add_ipv6_route "::" 0 "$gateway" "$metric" "" "$ip_6"
-		[ "$peerdns" = 0 ] || {
-			dns_servers=$(awk '$1=="ipv6dnsserver:" {printf "%s ",$2}' "$config")
-			for dns in $dns_servers; do
-				proto_add_dns_server "$dns"
-			done
-		}
-	}
-
-	proto_send_update "$interface"
-	echo "mbim[$$]" "Connection setup complete"
-}
-
-proto_mbim_setup() {
-	local ret
-
-	_proto_mbim_setup "$@"
-	ret=$?
-
-	rm -f "/var/run/mbim.$$."*
-
-	[ "$ret" = 0 ] || {
-		logger "mbim bringup failed, retry in 15s"
-		sleep 15
-	}
-
-	return $ret
-}
-
-proto_mbim_teardown() {
-	local interface="$1"
-
-	local device tid
-	json_get_vars device tid
-
-	[ -n "$ctl_device" ] && device=$ctl_device
-
-	echo "mbim[$$]" "Stopping network"
-	[ -n "$tid" ] && umbim $DBG -t$tid -d "$device" disconnect
-
-	proto_init_update "*" 0
-	proto_send_update "$interface"
-}
-
-[ -n "$INCLUDE_ONLY" ] || add_protocol mbim

xtables-addons/Makefile

@@ -0,0 +1,200 @@
+#
+# Copyright (C) 2009-2013 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=xtables-addons
+PKG_VERSION:=3.18
+PKG_RELEASE:=4
+PKG_HASH:=a77914a483ff381663f52120577e5e9355ca07cca73958b038e09d91247458d5
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=https://inai.de/files/xtables-addons/
+PKG_BUILD_DEPENDS:=iptables
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+
+PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
+PKG_LICENSE:=GPL-2.0
+
+PKG_FIXUP:=autoreconf
+PKG_ASLR_PIE:=0
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/xtables-addons
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=Firewall
+  TITLE:=Extensions not distributed in the main Xtables
+  URL:=https://inai.de/projects/xtables-addons/
+endef
+
+# uses GNU configure
+
+CONFIGURE_ARGS+= \
+	--with-kbuild="$(LINUX_DIR)" \
+	--with-xtlibdir="/usr/lib/iptables"
+
+ifdef CONFIG_EXTERNAL_TOOLCHAIN
+MAKE_FLAGS:= \
+	$(patsubst ARCH=%,ARCH=$(LINUX_KARCH),$(MAKE_FLAGS)) \
+	DEPMOD="/bin/true"
+
+MAKE_INSTALL_FLAGS:= \
+	$(patsubst ARCH=%,ARCH=$(LINUX_KARCH),$(MAKE_FLAGS)) \
+	DEPMOD="/bin/true"
+else
+define Build/Compile
+	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
+		$(KERNEL_MAKE_FLAGS) \
+		DESTDIR="$(PKG_INSTALL_DIR)" \
+		DEPMOD="/bin/true" \
+		all
+endef
+
+define Build/Install
+	$(MAKE) -C $(PKG_BUILD_DIR) \
+		$(KERNEL_MAKE_FLAGS) \
+		DESTDIR="$(PKG_INSTALL_DIR)" \
+		DEPMOD="/bin/true" \
+		install
+endef
+endif
+
+# 1: extension/module suffix used in package name
+# 2: extension/module display name used in package title/description
+# 3: list of extensions to package
+# 4: list of modules to package
+# 5: module load priority
+# 6: module depends
+define BuildTemplate
+
+ ifneq ($(3),)
+  define Package/iptables-mod-$(1)
+    $$(call Package/xtables-addons)
+    CATEGORY:=Network
+    TITLE:=$(2) iptables extension
+    DEPENDS:=iptables $(if $(4),+kmod-ipt-$(1))
+  endef
+
+  define Package/iptables-mod-$(1)/install
+	$(INSTALL_DIR) $$(1)/usr/lib/iptables
+	for m in $(3); do \
+		$(CP) \
+			$(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so \
+			$$(1)/usr/lib/iptables/ ; \
+	done
+  endef
+
+  $$(eval $$(call BuildPackage,iptables-mod-$(1)))
+ endif
+
+ ifneq ($(4),)
+  define KernelPackage/ipt-$(1)
+    SUBMENU:=Netfilter Extensions
+    TITLE:=$(2) netfilter module
+    DEPENDS:=+kmod-ipt-core $(5)
+    FILES:=$(foreach mod,$(4),$(PKG_BUILD_DIR)/extensions/$(mod).$(LINUX_KMOD_SUFFIX))
+    AUTOLOAD:=$(call AutoProbe,$(notdir $(4)))
+  endef
+
+  $$(eval $$(call KernelPackage,ipt-$(1)))
+ endif
+
+endef
+
+
+define Package/iptaccount
+  $(call Package/xtables-addons)
+  CATEGORY:=Network
+  TITLE:=iptables-mod-account control utility
+  DEPENDS:=iptables +iptables-mod-account
+endef
+
+define Package/iptaccount/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/lib/libxt_ACCOUNT_cl.so* \
+		$(1)/usr/lib/
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/sbin/iptaccount \
+		$(1)/usr/sbin/
+endef
+
+
+define Package/iptgeoip
+  $(call Package/xtables-addons)
+  CATEGORY:=Network
+  TITLE:=iptables-mod-geoip support scripts for MaxMind GeoIP databases
+  DEPENDS:=iptables +iptables-mod-geoip \
+		+perl +perlbase-getopt +perlbase-io +perl-text-csv_xs \
+		+perl-net-cidr-lite \
+		+wget-ssl +!BUSYBOX_CONFIG_ZCAT:gzip
+endef
+
+define Package/iptgeoip/config
+	menu "Select iptgeoip options"
+		config IPTGEOIP_PRESERVE
+			bool "Preserve across sysupgrades"
+			default n
+			help
+			  Backup and restore during sysupgrade (requires >7MB)
+	endmenu
+endef
+
+ifeq ($(CONFIG_IPTGEOIP_PRESERVE),y)
+define Package/iptgeoip/conffiles
+/usr/share/xt_geoip/
+endef
+endif
+
+define Package/iptgeoip/install
+	$(INSTALL_DIR) $(1)/usr/lib/xtables-addons
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/lib/xtables-addons/xt_geoip_{build,dl} \
+		$(1)/usr/lib/xtables-addons/
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(CP) \
+		$(PKG_INSTALL_DIR)/usr/bin/xt_geoip_fetch \
+		$(1)/usr/bin/
+	$(INSTALL_DIR) $(1)/usr/share/xt_geoip
+	touch $(1)/usr/share/xt_geoip/.keep
+endef
+
+
+#$(eval $(call BuildTemplate,SUFFIX,DESCRIPTION,EXTENSION,MODULE,PRIORITY,DEPENDS))
+
+$(eval $(call BuildTemplate,compat-xtables,API compatibilty layer,,compat_xtables,+IPV6:kmod-ip6tables))
+$(eval $(call BuildTemplate,nathelper-rtsp,RTSP Conntrack and NAT,,rtsp/nf_conntrack_rtsp rtsp/nf_nat_rtsp,+kmod-ipt-conntrack-extra +kmod-ipt-nat))
+
+$(eval $(call BuildTemplate,account,ACCOUNT,xt_ACCOUNT,ACCOUNT/xt_ACCOUNT,+kmod-ipt-compat-xtables))
+$(eval $(call BuildTemplate,chaos,CHAOS,xt_CHAOS,xt_CHAOS,+kmod-ipt-compat-xtables +kmod-ipt-delude +kmod-ipt-tarpit))
+$(eval $(call BuildTemplate,condition,Condition,xt_condition,xt_condition,))
+$(eval $(call BuildTemplate,delude,DELUDE,xt_DELUDE,xt_DELUDE,+kmod-ipt-compat-xtables))
+$(eval $(call BuildTemplate,dhcpmac,DHCPMAC,xt_DHCPMAC,xt_DHCPMAC,+kmod-ipt-compat-xtables))
+$(eval $(call BuildTemplate,dnetmap,DNETMAP,xt_DNETMAP,xt_DNETMAP,+kmod-ipt-compat-xtables +kmod-ipt-nat))
+$(eval $(call BuildTemplate,fuzzy,fuzzy,xt_fuzzy,xt_fuzzy,))
+$(eval $(call BuildTemplate,geoip,geoip,xt_geoip,xt_geoip,))
+$(eval $(call BuildTemplate,iface,iface,xt_iface,xt_iface,))
+$(eval $(call BuildTemplate,ipmark,IPMARK,xt_IPMARK,xt_IPMARK,+kmod-ipt-compat-xtables))
+$(eval $(call BuildTemplate,ipp2p,IPP2P,xt_ipp2p,xt_ipp2p,+kmod-ipt-compat-xtables))
+$(eval $(call BuildTemplate,ipv4options,ipv4options,xt_ipv4options,xt_ipv4options,))
+$(eval $(call BuildTemplate,length2,length2,xt_length2,xt_length2,+kmod-ipt-compat-xtables))
+$(eval $(call BuildTemplate,logmark,LOGMARK,xt_LOGMARK,xt_LOGMARK,+kmod-ipt-compat-xtables))
+$(eval $(call BuildTemplate,lscan,lscan,xt_lscan,xt_lscan,))
+$(eval $(call BuildTemplate,lua,Lua PacketScript,xt_LUA,LUA/xt_LUA,+kmod-ipt-conntrack-extra))
+$(eval $(call BuildTemplate,proto,PROTO,xt_PROTO,xt_PROTO,))
+$(eval $(call BuildTemplate,psd,psd,xt_psd,xt_psd,))
+$(eval $(call BuildTemplate,quota2,quota2,xt_quota2,xt_quota2,))
+$(eval $(call BuildTemplate,sysrq,SYSRQ,xt_SYSRQ,xt_SYSRQ,+kmod-ipt-compat-xtables +kmod-crypto-hash))
+$(eval $(call BuildTemplate,tarpit,TARPIT,xt_TARPIT,xt_TARPIT,+kmod-ipt-compat-xtables))
+
+$(eval $(call BuildPackage,iptaccount))
+$(eval $(call BuildPackage,iptgeoip))

xtables-addons/patches/001-fix-kernel-version-detection.patch

@@ -0,0 +1,11 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -44,7 +44,7 @@ regular_CFLAGS="-Wall -Waggregate-return
+ 
+ if test -n "$kbuilddir"; then
+ 	AC_MSG_CHECKING([kernel version that we will build against])
+-	krel="$(make -sC "$kbuilddir" M=$PWD kernelrelease | $AWK -v 'FS=[[^0-9.]]' '{print $1; exit}')"
++	krel="$(make -sC "$kbuilddir" M=$PWD kernelversion | $AWK -v 'FS=[[^0-9.]]' '{print $1; exit}')"
+ 	save_IFS="$IFS"
+ 	IFS='.'
+ 	set x $krel

xtables-addons/patches/201-fix-lua-packetscript.patch

@@ -0,0 +1,136 @@
+--- a/extensions/LUA/xt_LUA_target.c
++++ b/extensions/LUA/xt_LUA_target.c
+@@ -19,7 +19,7 @@
+ #include <linux/kernel.h>
+ #include <linux/slab.h>
+ #include <linux/module.h>
+-#include <asm/uaccess.h>
++#include <linux/uaccess.h>
+ #include <net/ip.h>
+ #include <linux/netfilter/x_tables.h>
+ #include "xt_LUA.h"
+@@ -64,10 +64,10 @@ uint32_t  lua_state_refs[LUA_STATE_ARRAY
+  * XT_CONTINUE inside the *register_lua_packet_lib* function.
+  */
+ 
+-spinlock_t lock = SPIN_LOCK_UNLOCKED;
++DEFINE_SPINLOCK(lock);
+ 
+ static uint32_t 
+-lua_tg(struct sk_buff *pskb, const struct xt_target_param *par)
++lua_tg(struct sk_buff *pskb, const struct xt_action_param *par)
+ {
+ 	uint32_t  verdict;
+ 	lua_packet_segment *p;
+@@ -79,7 +79,7 @@ lua_tg(struct sk_buff *pskb, const struc
+ 
+ 	L = lua_envs[info->state_id]->L;
+ 
+-	if (!skb_make_writable(pskb, pskb->len))
++	if (skb_ensure_writable(pskb, pskb->len))
+ 		return NF_DROP;
+ 
+ 	/* call the function provided by --function parameter or the default 'process_packet' defined in Lua */
+@@ -88,11 +88,11 @@ lua_tg(struct sk_buff *pskb, const struc
+ 	/* push the lua_packet_segment as a parameter */
+ 	p = (lua_packet_segment *)lua_newuserdata(L, sizeof(lua_packet_segment));
+ 	if (pskb->mac_header)
+-		p->start = pskb->mac_header;
++		p->start = skb_mac_header(pskb);
+ 	else if (pskb->network_header)
+-		p->start = pskb->network_header;
++		p->start = skb_network_header(pskb);
+ 	else if (pskb->transport_header)
+-		p->start = pskb->transport_header;
++		p->start = skb_transport_header(pskb);
+ 	p->offset = 0;
+ 	p->length = (unsigned long)pskb->tail - (unsigned long)p->start;
+ 	p->changes = NULL;
+@@ -208,16 +208,16 @@ static bool load_script_into_state(uint3
+  * some workqueue initialization. So far this is done each time this function
+  * is called, subject to change.
+  */
+-static bool
++static int
+ lua_tg_checkentry(const struct xt_tgchk_param *par)
+ {
+ 	const struct xt_lua_tginfo *info = par->targinfo;
+ 
+ 	if (load_script_into_state(info->state_id, info->script_size, (char *)info->buf)) {
+ 		lua_state_refs[info->state_id]++;
+-		return true;
++		return 0;
+ 	}
+-	return false;
++	return -EINVAL;
+ }
+ 
+ /*::*
+--- a/extensions/LUA/lua/llimits.h
++++ b/extensions/LUA/lua/llimits.h
+@@ -8,7 +8,6 @@
+ #define llimits_h
+ 
+ #include <stddef.h>
+-#include <limits.h>
+ 
+ #include "lua.h"
+ 
+--- a/extensions/LUA/lua/lapi.c
++++ b/extensions/LUA/lua/lapi.c
+@@ -4,9 +4,6 @@
+ ** See Copyright Notice in lua.h
+ */
+ 
+-#include <stdarg.h>
+-#include <math.h>
+-#include <assert.h>
+ #include <string.h>
+ 
+ #define lapi_c
+--- a/extensions/LUA/lua/ltable.c
++++ b/extensions/LUA/lua/ltable.c
+@@ -18,7 +18,6 @@
+ ** Hence even when the load factor reaches 100%, performance remains good.
+ */
+ 
+-#include <math.h>
+ #include <string.h>
+ 
+ #define ltable_c
+--- a/extensions/LUA/lua/luaconf.h
++++ b/extensions/LUA/lua/luaconf.h
+@@ -13,8 +13,12 @@
+ #if !defined(__KERNEL__)
+ #include <limits.h>
+ #else
++#include <linux/kernel.h>
++
++#undef UCHAR_MAX
++#undef BUFSIZ
++#undef NO_FPU
+ #define UCHAR_MAX	255
+-#define SHRT_MAX        32767
+ #define BUFSIZ 		8192
+ #define NO_FPU
+ #endif
+@@ -637,6 +641,8 @@ union luai_Cast { double l_d; long l_l;
+ */
+ #if defined(__KERNEL__)
+ #undef LUA_USE_ULONGJMP
++#define setjmp __builtin_setjmp
++#define longjmp __builtin_longjmp
+ #endif
+ 
+ #if defined(__cplusplus)
+--- a/extensions/LUA/lua/llex.h
++++ b/extensions/LUA/lua/llex.h
+@@ -10,6 +10,8 @@
+ #include "lobject.h"
+ #include "lzio.h"
+ 
++/* prevent conflict with definition from asm/current.h */
++#undef current
+ 
+ #define FIRST_RESERVED	257
+ 

xtables-addons/patches/210-freebsd-build-fix.patch

@@ -0,0 +1,11 @@
+--- a/extensions/LUA/Makefile
++++ b/extensions/LUA/Makefile
+@@ -110,7 +110,7 @@ PKG_CONFIG = /usr/bin/pkg-config
+ RANLIB = ranlib
+ SED = /bin/sed
+ SET_MAKE = 
+-SHELL = /bin/bash
++SHELL = /bin/sh
+ STRIP = strip
+ VERSION = 1.21
+ abs_builddir = /home/andre/Dropbox/xtables-addons/extensions/LUA