From e03c030890950a2308f504c85deb563037260021 Mon Sep 17 00:00:00 2001
From: sbwml <admin@cooluc.com>
Date: Sat, 7 Sep 2024 22:35:29 +0800
Subject: [PATCH 1/3] r8500: hotplug.d: add usb-reset action

Signed-off-by: sbwml <admin@cooluc.com>
---
 openwrt/files/etc/hotplug.d/block/20-usbreset | 18 ++++++++++++++++++
 openwrt/scripts/00-prepare_base.sh            |  4 ++++
 2 files changed, 22 insertions(+)
 create mode 100644 openwrt/files/etc/hotplug.d/block/20-usbreset

diff --git a/openwrt/files/etc/hotplug.d/block/20-usbreset b/openwrt/files/etc/hotplug.d/block/20-usbreset
new file mode 100644
index 000000000..9bdfc3666
--- /dev/null
+++ b/openwrt/files/etc/hotplug.d/block/20-usbreset
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+device=`basename $DEVPATH`
+point=$device
+
+case "$ACTION" in
+	add)
+		mkdir -p /usb/$point
+		mount -o rw,noatime,discard /dev/$device /usb/$point
+		if [ -f "/usb/$point/recovery.txt" ]; then
+			echo y | firstboot
+			sleep 2
+			reboot
+		else
+			umount -l /usb/$point
+		fi
+		;;
+esac
diff --git a/openwrt/scripts/00-prepare_base.sh b/openwrt/scripts/00-prepare_base.sh
index 844043456..ea39acf80 100644
--- a/openwrt/scripts/00-prepare_base.sh
+++ b/openwrt/scripts/00-prepare_base.sh
@@ -442,6 +442,10 @@ curl -so files/root/.bashrc https://$mirror/openwrt/files/root/.bashrc
 mkdir -p files/etc/sysctl.d
 curl -so files/etc/sysctl.d/15-vm-swappiness.conf https://$mirror/openwrt/files/etc/sysctl.d/15-vm-swappiness.conf
 curl -so files/etc/sysctl.d/16-udp-buffer-size.conf https://$mirror/openwrt/files/etc/sysctl.d/16-udp-buffer-size.conf
+if [ "$platform" = "bcm53xx" ]; then
+    mkdir -p files/etc/hotplug.d/block
+    curl -so files/etc/hotplug.d/block/20-usbreset https://$mirror/openwrt/files/etc/hotplug.d/block/20-usbreset
+fi
 
 # NTP
 sed -i 's/0.openwrt.pool.ntp.org/ntp1.aliyun.com/g' package/base-files/files/bin/config_generate

From d0752acb5da56a06e49b966c41f952b98afa8cf4 Mon Sep 17 00:00:00 2001
From: sbwml <admin@cooluc.com>
Date: Sun, 8 Sep 2024 03:56:49 +0800
Subject: [PATCH 2/3] linux-6.6: bump to 6.6.49

Signed-off-by: sbwml <admin@cooluc.com>
---
 tags/kernel-6.6 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tags/kernel-6.6 b/tags/kernel-6.6
index 5fbb10e05..511218f43 100644
--- a/tags/kernel-6.6
+++ b/tags/kernel-6.6
@@ -1,2 +1,2 @@
-LINUX_VERSION-6.6 = .48
-LINUX_KERNEL_HASH-6.6.48 = 6b16df7b2aba3116b78fdfd8aea0b6cd7abe8f0cb699b04a66d3169141772029
+LINUX_VERSION-6.6 = .49
+LINUX_KERNEL_HASH-6.6.49 = 2c56dac2b70859c16b4ef651befb0d28c227498bd3eee08e8a45a357f22dd3b7

From ddfa1536fecac0bb5bcd7a7798cea85464d4f91c Mon Sep 17 00:00:00 2001
From: sbwml <admin@cooluc.com>
Date: Sun, 8 Sep 2024 03:57:21 +0800
Subject: [PATCH 3/3] build: add natflow based offloading for routing/NAT

Signed-off-by: sbwml <admin@cooluc.com>
---
 openwrt/23-config-common                      |  3 +
 openwrt/23-config-musl-r8500                  |  3 +
 openwrt/build.sh                              |  4 ++
 ...firewall-add-natflow-offload-support.patch | 55 +++++++++++++++++++
 openwrt/scripts/00-prepare_base.sh            |  6 +-
 5 files changed, 70 insertions(+), 1 deletion(-)
 create mode 100644 openwrt/patch/firewall4/0005-luci-app-firewall-add-natflow-offload-support.patch

diff --git a/openwrt/23-config-common b/openwrt/23-config-common
index 76fda3a5a..0838918ee 100644
--- a/openwrt/23-config-common
+++ b/openwrt/23-config-common
@@ -21,6 +21,9 @@ CONFIG_PACKAGE_iptables-nft=y
 CONFIG_PACKAGE_xtables-nft=y
 # CONFIG_PACKAGE_iptables-legacy is not set
 
+# Natflow
+CONFIG_PACKAGE_natflow=m
+
 # SFE
 CONFIG_PACKAGE_kmod-fast-classifier=y
 CONFIG_PACKAGE_kmod-shortcut-fe-cm=y
diff --git a/openwrt/23-config-musl-r8500 b/openwrt/23-config-musl-r8500
index e36ad1fd9..6838fc991 100644
--- a/openwrt/23-config-musl-r8500
+++ b/openwrt/23-config-musl-r8500
@@ -37,6 +37,9 @@ CONFIG_PACKAGE_iptables-nft=y
 CONFIG_PACKAGE_xtables-nft=y
 # CONFIG_PACKAGE_iptables-legacy is not set
 
+# Natflow
+CONFIG_PACKAGE_natflow=m
+
 # SFE
 CONFIG_PACKAGE_kmod-fast-classifier=y
 CONFIG_PACKAGE_kmod-shortcut-fe-cm=y
diff --git a/openwrt/build.sh b/openwrt/build.sh
index 31054a08f..ba771bfd8 100644
--- a/openwrt/build.sh
+++ b/openwrt/build.sh
@@ -458,6 +458,7 @@ if [ "$platform" = "x86_64" ]; then
         rm -f $kmodpkg_name/Packages*
         # driver firmware
         cp -a bin/packages/x86_64/base/*firmware*.ipk $kmodpkg_name/
+        cp -a bin/packages/x86_64/base/*natflow*.ipk $kmodpkg_name/
         bash kmod-sign $kmodpkg_name
         tar zcf x86_64-$kmodpkg_name.tar.gz $kmodpkg_name
         rm -rf $kmodpkg_name
@@ -496,6 +497,7 @@ elif [ "$platform" = "armv8" ]; then
         rm -f $kmodpkg_name/Packages*
         # driver firmware
         cp -a bin/packages/aarch64_generic/base/*firmware*.ipk $kmodpkg_name/
+        cp -a bin/packages/aarch64_generic/base/*natflow*.ipk $kmodpkg_name/
         bash kmod-sign $kmodpkg_name
         tar zcf armv8-$kmodpkg_name.tar.gz $kmodpkg_name
         rm -rf $kmodpkg_name
@@ -524,6 +526,7 @@ elif [ "$platform" = "bcm53xx" ]; then
         rm -f $kmodpkg_name/Packages*
         # driver firmware
         cp -a bin/packages/arm_cortex-a9/base/*firmware*.ipk $kmodpkg_name/
+        cp -a bin/packages/arm_cortex-a9/base/*natflow*.ipk $kmodpkg_name/
         bash kmod-sign $kmodpkg_name
         tar zcf bcm53xx-$kmodpkg_name.tar.gz $kmodpkg_name
         rm -rf $kmodpkg_name
@@ -557,6 +560,7 @@ else
         rm -f $kmodpkg_name/Packages*
         # driver firmware
         cp -a bin/packages/aarch64_generic/base/*firmware*.ipk $kmodpkg_name/
+        cp -a bin/packages/aarch64_generic/base/*natflow*.ipk $kmodpkg_name/
         bash kmod-sign $kmodpkg_name
         tar zcf aarch64-$kmodpkg_name.tar.gz $kmodpkg_name
         rm -rf $kmodpkg_name
diff --git a/openwrt/patch/firewall4/0005-luci-app-firewall-add-natflow-offload-support.patch b/openwrt/patch/firewall4/0005-luci-app-firewall-add-natflow-offload-support.patch
new file mode 100644
index 000000000..c1bda2323
--- /dev/null
+++ b/openwrt/patch/firewall4/0005-luci-app-firewall-add-natflow-offload-support.patch
@@ -0,0 +1,55 @@
+From 518eadc602c8e61621c8c1091585a134d978d596 Mon Sep 17 00:00:00 2001
+From: sbwml <admin@cooluc.com>
+Date: Sun, 8 Sep 2024 03:40:30 +0800
+Subject: [PATCH] luci-app-firewall: add natflow offload support
+
+Signed-off-by: sbwml <admin@cooluc.com>
+---
+ .../resources/view/firewall/zones.js          | 20 +++++++++++++++++--
+ 1 file changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
+index 1bedd2c..522d001 100644
+--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
++++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
+@@ -122,6 +122,21 @@ return view.extend({
+ 			o.depends('shortcut_fe', '1');
+ 		}
+ 
++		/* Natflow offload support */
++		if (L.hasSystemFeature('natflow')) {
++			o = s.option(form.Flag, 'natflow',
++			_('Natflow offloading'),
++			_('Natflow based offloading for routing/NAT'));
++			o.optional = true;
++
++			o = s.option(form.Value, 'natflow_delay_pkts',
++			_('Natflow delay packet'),
++			_('Set up the natflow delay packet'));
++			o.datatype = 'and(uinteger,min(0))';
++			o.default = 0;
++			o.depends('natflow', '1');
++		}
++
+ 		s = m.section(form.GridSection, 'zone', _('Zones'));
+ 		s.addremove = true;
+ 		s.anonymous = true;
+@@ -418,12 +433,13 @@ return view.extend({
+ 			const checkboxes = document.querySelectorAll('.cbi-checkbox input[type="checkbox"]');
+ 			checkboxes.forEach((checkbox) => {
+ 				const widgetId = checkbox.getAttribute('data-widget-id');
+-				if ((widgetId.includes('flow_offloading') && !widgetId.includes('flow_offloading_hw')) || widgetId.includes('shortcut_fe')) {
++				if ((widgetId.includes('flow_offloading') && !widgetId.includes('flow_offloading_hw')) || widgetId.includes('shortcut_fe') || widgetId.includes('natflow')) {
+ 					checkbox.addEventListener('change', function() {
+ 						if (this.checked) {
+ 							checkboxes.forEach((cb) => {
+ 								if (cb !== this && (cb.getAttribute('data-widget-id').includes('flow_offloading') ||
+-									cb.getAttribute('data-widget-id').includes('shortcut_fe'))) {
++									cb.getAttribute('data-widget-id').includes('shortcut_fe') ||
++									cb.getAttribute('data-widget-id').includes('natflow'))) {
+ 									cb.checked = false;
+ 								}
+ 							});
+-- 
+2.42.0
+
diff --git a/openwrt/scripts/00-prepare_base.sh b/openwrt/scripts/00-prepare_base.sh
index ea39acf80..aa8f53e26 100644
--- a/openwrt/scripts/00-prepare_base.sh
+++ b/openwrt/scripts/00-prepare_base.sh
@@ -198,12 +198,16 @@ git clone https://$gitea/sbwml/nft-fullcone package/new/nft-fullcone
 # IPv6 NAT
 git clone https://$github/sbwml/packages_new_nat6 package/new/nat6
 
-# Patch Luci add nft_fullcone/bcm_fullcone & shortcut-fe & ipv6-nat & custom nft command option
+# natflow
+git clone https://$github/sbwml/package_new_natflow package/new/natflow
+
+# Patch Luci add nft_fullcone/bcm_fullcone & shortcut-fe & natflow & ipv6-nat & custom nft command option
 pushd feeds/luci
     curl -s https://$mirror/openwrt/patch/firewall4/0001-luci-app-firewall-add-nft-fullcone-and-bcm-fullcone-.patch | patch -p1
     curl -s https://$mirror/openwrt/patch/firewall4/0002-luci-app-firewall-add-shortcut-fe-option.patch | patch -p1
     curl -s https://$mirror/openwrt/patch/firewall4/0003-luci-app-firewall-add-ipv6-nat-option.patch | patch -p1
     curl -s https://$mirror/openwrt/patch/firewall4/0004-luci-add-firewall-add-custom-nft-rule-support.patch | patch -p1
+    curl -s https://$mirror/openwrt/patch/firewall4/0005-luci-app-firewall-add-natflow-offload-support.patch | patch -p1
 popd
 
 # openssl - quictls