After trying nfqttl and failing, I decided to go on my way and, in the process, I found the definitive solution.
1) unpack boot.img
2) patch kernel image
3) repack boot.img
the patch is simple:
In the linux kernet in ip_forward.c this function is called to decrease the TTL of every forwarded packet:
|static __always_inline int ip_decrease_ttl(struct iphdr *iph)|
| u32 check = (__force u32)iph->check;|
| check += (__force u32)htons(0x0100);|
| iph->check = (__force __sum16)(check + (check >= 0xFFFF));|
| return --iph->ttl;|
All I did is to patch the kernel not to do so.
You can easily do it in this way:
magiskboot unpack -h boot.img
magiskboot hexpatch kernel C9220039C816007968F24039E8002836 1F2003D51F2003D568F24039E8002836 # tested on Redmi Note 10 Pro
magiskboot hexpatch kernel A0160079A022403900040051A0220039 1F2003D5A0224039000400511F2003D5 # tested on Redmi 4X
magiskboot repack boot.img
Then you can just boot it (for testing) or flash it directly.
fastboot boot new-boot.img
fastboot flash boot new-boot.img
pinging google from the phone:
$ ping google.com
PING google.com (126.96.36.199) 56(84) bytes of data.
64 bytes from ams17s10-in-f14.1e100.net (188.8.131.52): icmp_seq=1 ttl=106 time=115 ms
pinging google from windows connected to the phone (works both with wifi or usb tethering)
Pinging 184.108.40.206 with 32 bytes of data:
Reply from 220.127.116.11: bytes=32 time=127ms TTL=106
As you can see the TTL is the same.
Before the patch it's one less, obviously.
If you have magisk installed you can also just copy and paste this line of code in your adb shell:
su -c "curl -s https://raw.githubusercontent.com/Zibri/ttl_fix/master/customize.sh | sh"
su -c "curl -s https://raw.githubusercontent.com/Zibri/ttl_fix/master/remove.sh | sh"