#!/system/bin/sh

# Write pending (memory) cached data to disk as a precaution before applying any changes.
sync

# resetprop (without -n) = deletes a property then modifies it, this forces property_service to update that property immediately.
# Don't automatically insert 'dun' into the APN,
# which would persistently tell the telecom that tethering was used.
# At that point, only after a reboot and not getting 'dun' added again would mask it.
resetprop -v tether_dun_required 0

# Tethering hardware acceleration causes latency issues on the Pixel 4a (5G).
resetprop -v tether_offload_disabled 1

# Don't tell the telecom to check if tethering is even allowed for your data plan.
resetprop -v net.tethering.noprovisioning true
resetprop -v tether_entitlement_check_state 0

# Don't apply iptables rules until Android has fully booted.
until [ "$(getprop sys.boot_completed)" -eq 1 ] && [ -d "/sdcard" ]; do
    sleep 3
done

# Bypass TTL/HL detections for only Tether device (server) -> Tethered To devices (client).
# WARNING: Routers (as the client) require their own TTL/HL increment script.
# Tethering interfaces -> rndis0: USB, wlan1: Wi-Fi, bt-pan: Bluetooth.
# -A: last rule in chain, -I: "head"/first rule (by default) in chain.
for INTERFACE in "rndis0" "wlan1" "bt-pan"; do
    iptables -t mangle -A PREROUTING -i $INTERFACE -j TTL --ttl-inc 1
    iptables -t mangle -I POSTROUTING -o $INTERFACE -j TTL --ttl-inc 1
    ip6tables -t mangle -A PREROUTING ! -p icmpv6 -i $INTERFACE -j HL --hl-inc 1
    ip6tables -t mangle -I POSTROUTING ! -p icmpv6 -o $INTERFACE -j HL --hl-inc 1
done

# == Network optimizations ==

# Disabling ICMP echo replies breaks PMTUD, leading to worsened packet fragmentation.
write /proc/sys/net/ipv4/icmp_echo_ignore_all 0
write /proc/sys/net/ipv6/icmp/echo_ignore_all 0

# TCP acknowledgements help with lossy connections.
write /proc/sys/net/ipv4/tcp_sack 1
write /proc/sys/net/ipv4/tcp_dsack 1
write /proc/sys/net/ipv4/tcp_fack 1

# Ensure MTU is valid to prevent stuck connection(s); very useful on misconfigured networks:
# https://blog.cloudflare.com/path-mtu-discovery-in-practice/
write /proc/sys/net/ipv4/tcp_mtu_probing 1

# iOS 11 forced telecoms to implement full support for TCP ECN.
write /proc/sys/net/ipv4/tcp_ecn 1

# Protects against wrapped TCP sequence numbers, as they cause more packet retransmissions during packet loss conditions.
write /proc/sys/net/ipv4/tcp_timestamps 1

# At 1: Violates TCP standards and can cause unpredictable network performance.
write /proc/sys/net/ipv4/tcp_syncookies 0

# Enables TCP Fast Open (RFC7413) for both requesting (client) and sending (server).
write /proc/sys/net/ipv4/tcp_fastopen 3

# == END ==

exit 0