From 626ac981ebb0db846f1915cb3e3d8368d9852f87 Mon Sep 17 00:00:00 2001 From: Andrey Petelin Date: Tue, 25 Nov 2025 13:53:24 +0500 Subject: [PATCH 1/8] refactor: configuring dnsmasq after starting sing-box --- podkop/files/usr/bin/podkop | 60 ++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 31 deletions(-) diff --git a/podkop/files/usr/bin/podkop b/podkop/files/usr/bin/podkop index 9397053..b8af9b3 100755 --- a/podkop/files/usr/bin/podkop +++ b/podkop/files/usr/bin/podkop @@ -104,7 +104,7 @@ has_outbound_section() { return $section_exists } -start_main() { +start() { log "Starting podkop" check_requirements @@ -125,37 +125,31 @@ start_main() { # base route_table_rule_mark - create_nft_table + create_nft_rules sing_box_uci # sing-box sing_box_init_config config_foreach add_cron_job "section" /etc/init.d/sing-box start - - local exclude_ntp - config_get_bool exclude_ntp "settings" "exclude_ntp" "0" - if [ "$exclude_ntp" -eq 1 ]; then - log "NTP traffic exclude for proxy" - nft insert rule inet "$NFT_TABLE_NAME" mangle udp dport 123 return + if [ $? -ne 0 ]; then + echo "Failed to start sing-box service" + exit 1 fi + config_get_bool dont_touch_dhcp "settings" "dont_touch_dhcp" 0 + if [ "$dont_touch_dhcp" -eq 0 ]; then + dnsmasq_configure + fi + uci_set "podkop" "settings" "shutdown_correctly" 0 + uci commit "podkop" && config_load "$PODKOP_CONFIG" + log "Nice" list_update & echo $! > /var/run/podkop_list_update.pid } -start() { - start_main - config_get_bool dont_touch_dhcp "settings" "dont_touch_dhcp" 0 - if [ "$dont_touch_dhcp" -eq 0 ]; then - dnsmasq_add_resolver - fi - uci_set "podkop" "settings" "shutdown_correctly" 0 - uci commit "podkop" && config_load "$PODKOP_CONFIG" -} - -stop_main() { +stop() { log "Stopping the podkop" if [ -f /var/run/podkop_list_update.pid ]; then @@ -186,25 +180,23 @@ stop_main() { ip route flush table podkop fi - log "Stop sing-box" - /etc/init.d/sing-box stop -} - -stop() { local dont_touch_dhcp config_get_bool dont_touch_dhcp "settings" "dont_touch_dhcp" 0 if [ "$dont_touch_dhcp" -eq 0 ]; then dnsmasq_restore fi - stop_main + + log "Stop sing-box" + /etc/init.d/sing-box stop + uci_set "podkop" "settings" "shutdown_correctly" 1 - uci commit "podkop" && config_load "$PODKOP_CONFIG" + uci commit "podkop" } reload() { log "Podkop reload" - stop_main - start_main + stop + start } restart() { @@ -281,7 +273,7 @@ nft_init_interfaces_set() { done } -create_nft_table() { +create_nft_rules() { log "Create nft table" nft_create_table "$NFT_TABLE_NAME" @@ -329,6 +321,13 @@ create_nft_table() { nft add rule inet "$NFT_TABLE_NAME" mangle_output ip daddr "@$NFT_COMMON_SET_NAME" meta l4proto udp meta mark set 0x105 counter nft add rule inet "$NFT_TABLE_NAME" mangle_output ip daddr "$SB_FAKEIP_INET4_RANGE" meta l4proto tcp meta mark set 0x105 counter nft add rule inet "$NFT_TABLE_NAME" mangle_output ip daddr "$SB_FAKEIP_INET4_RANGE" meta l4proto tcp meta mark set 0x105 counter + + local exclude_ntp + config_get_bool exclude_ntp "settings" "exclude_ntp" "0" + if [ "$exclude_ntp" -eq 1 ]; then + log "NTP traffic exclude for proxy" + nft insert rule inet "$NFT_TABLE_NAME" mangle udp dport 123 return + fi } backup_dnsmasq_config_option() { @@ -342,7 +341,7 @@ backup_dnsmasq_config_option() { fi } -dnsmasq_add_resolver() { +dnsmasq_configure() { local shutdown_correctly config_get shutdown_correctly "settings" "shutdown_correctly" if [ "$shutdown_correctly" -eq 0 ]; then @@ -527,7 +526,6 @@ list_update() { } # sing-box funcs - sing_box_uci() { local sing_box_enabled sing_box_user sing_box_config_path sing_box_conffile sing_box_enabled=$(uci get "sing-box.main.enabled") From 68c61aed5099f2edd3f9168511e574f0fe55db77 Mon Sep 17 00:00:00 2001 From: Andrey Petelin Date: Tue, 25 Nov 2025 14:10:18 +0500 Subject: [PATCH 2/8] refactor: use uci wrappers --- podkop/files/usr/bin/podkop | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/podkop/files/usr/bin/podkop b/podkop/files/usr/bin/podkop index b8af9b3..1a4d07c 100755 --- a/podkop/files/usr/bin/podkop +++ b/podkop/files/usr/bin/podkop @@ -126,7 +126,7 @@ start() { # base route_table_rule_mark create_nft_rules - sing_box_uci + sing_box_configure_service # sing-box sing_box_init_config @@ -526,29 +526,30 @@ list_update() { } # sing-box funcs -sing_box_uci() { +sing_box_configure_service() { local sing_box_enabled sing_box_user sing_box_config_path sing_box_conffile - sing_box_enabled=$(uci get "sing-box.main.enabled") - sing_box_user=$(uci get "sing-box.main.user") + sing_box_enabled="$(uci_get "sing-box" "main" "enabled")" + sing_box_user="$(uci_get "sing-box" "main" "user")" + if [ "$sing_box_enabled" -ne 1 ]; then - uci set "sing-box.main.enabled=1" - uci commit "sing-box" + uci_set "sing-box" "main" "enabled" 1 + uci_commit "sing-box" log "sing-box service has been enabled" fi if [ "$sing_box_user" != "root" ]; then - uci set "sing-box.main.user=root" - uci commit "sing-box" + uci_set "sing-box" "main" "user" "root" + uci_commit "sing-box" log "sing-box service user has been changed to root" fi config_get sing_box_config_path "settings" "config_path" - sing_box_conffile=$(uci get "sing-box.main.conffile") + sing_box_conffile="$(uci_get "sing-box" "main" "conffile")" log "sing-box config path: $sing_box_config_path" "debug" log "sing-box service conffile: $sing_box_conffile" "debug" if [ "$sing_box_conffile" != "$sing_box_config_path" ]; then - uci set "sing-box.main.conffile=$sing_box_config_path" - uci commit "sing-box" + uci_set "sing-box" "main" "conffile" "$sing_box_config_path" + uci_commit "sing-box" log "Configuration file path has been set to $sing_box_config_path" fi From d52f6e26ae6617e9aa95a965f255c632d5bfe924 Mon Sep 17 00:00:00 2001 From: Andrey Petelin Date: Tue, 25 Nov 2025 17:04:31 +0500 Subject: [PATCH 3/8] refactor: add configurable DNS/curl timeouts and retries, detect service proxy, and improve connection checks --- podkop/files/usr/bin/podkop | 43 ++++++++++++++++++++++++------------- 1 file changed, 28 insertions(+), 15 deletions(-) diff --git a/podkop/files/usr/bin/podkop b/podkop/files/usr/bin/podkop index 1a4d07c..1957891 100755 --- a/podkop/files/usr/bin/podkop +++ b/podkop/files/usr/bin/podkop @@ -473,42 +473,55 @@ remove_cron_job() { list_update() { echolog "🔄 Starting lists update..." + local nslookup_timeout=3 + local nslookup_attempts=10 + local curl_timeout=5 + local curl_attempts=10 + local curl_max_timeout=10 + local delay=3 local i - for i in $(seq 1 60); do - if nslookup -timeout=1 openwrt.org > /dev/null 2>&1; then + # DNS Check + for i in $(seq 1 $nslookup_timeout); do + if nslookup -timeout=$nslookup_timeout openwrt.org > /dev/null 2>&1; then echolog "✅ DNS check passed" break fi - log "DNS is unavailable [$i/60]" - sleep 3 + echolog "DNS is unavailable [$i/$nslookup_attempts]" + sleep $delay done - if [ "$i" -eq 60 ]; then - echolog "❌ DNS check failed after 60 attempts" + if [ "$i" -eq $nslookup_attempts ]; then + echolog "❌ DNS check failed after $nslookup_attempts attempts" return 1 fi - for i in $(seq 1 60); do - config_get_bool download_lists_via_proxy "settings" "download_lists_via_proxy" "0" - if [ "$download_lists_via_proxy" -eq 1 ]; then - if http_proxy="http://127.0.0.1:4534" https_proxy="http://127.0.0.1:4534" curl -s -m 3 https://github.com > /dev/null; then + # Github Check + for i in $(seq 1 $curl_attempts); do + local service_proxy_address + service_proxy_address="$(get_service_proxy_address)" + + if [ -n "$http_proxy_address" ]; then + if curl -s -x "http://$service_proxy_address" -m $curl_timeout https://github.com > /dev/null; then echolog "✅ GitHub connection check passed (via proxy)" break fi else - if curl -s -m 3 https://github.com > /dev/null; then + if curl -s -m $curl_timeout https://github.com > /dev/null; then echolog "✅ GitHub connection check passed" break fi fi - echolog "GitHub is unavailable [$i/60]" - sleep 3 + echolog "GitHub is unavailable [$i/$curl_attempts] (max-timeout=$curl_timeout)" + if [ "$curl_timeout" -lt $curl_max_timeout ]; then + curl_timeout=$((curl_timeout + 1)) + fi + sleep $delay done - if [ "$i" -eq 60 ]; then - echolog "❌ GitHub connection check failed after 60 attempts" + if [ "$i" -eq $curl_attempts ]; then + echolog "❌ GitHub connection check failed after $curl_attempts attempts" return 1 fi From 7a497f1e318b7e7181ea354e0437aee5da4a844a Mon Sep 17 00:00:00 2001 From: Andrey Petelin Date: Tue, 25 Nov 2025 17:05:25 +0500 Subject: [PATCH 4/8] fix: reload PODKOP_CONFIG after uci commit to refresh config on shutdown --- podkop/files/usr/bin/podkop | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/podkop/files/usr/bin/podkop b/podkop/files/usr/bin/podkop index 1957891..66581a6 100755 --- a/podkop/files/usr/bin/podkop +++ b/podkop/files/usr/bin/podkop @@ -190,7 +190,7 @@ stop() { /etc/init.d/sing-box stop uci_set "podkop" "settings" "shutdown_correctly" 1 - uci commit "podkop" + uci commit "podkop" && config_load "$PODKOP_CONFIG" } reload() { From 576e58fd17f3b3fc59238dddf39bcd9b90b06437 Mon Sep 17 00:00:00 2001 From: Andrey Petelin Date: Wed, 26 Nov 2025 13:56:10 +0500 Subject: [PATCH 5/8] chore: restore start_main and stop_main; have reload call them instead of full start/stop --- podkop/files/usr/bin/podkop | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/podkop/files/usr/bin/podkop b/podkop/files/usr/bin/podkop index 66581a6..59dfa1a 100755 --- a/podkop/files/usr/bin/podkop +++ b/podkop/files/usr/bin/podkop @@ -104,7 +104,7 @@ has_outbound_section() { return $section_exists } -start() { +start_main() { log "Starting podkop" check_requirements @@ -137,10 +137,6 @@ start() { exit 1 fi - config_get_bool dont_touch_dhcp "settings" "dont_touch_dhcp" 0 - if [ "$dont_touch_dhcp" -eq 0 ]; then - dnsmasq_configure - fi uci_set "podkop" "settings" "shutdown_correctly" 0 uci commit "podkop" && config_load "$PODKOP_CONFIG" @@ -149,7 +145,7 @@ start() { echo $! > /var/run/podkop_list_update.pid } -stop() { +stop_main() { log "Stopping the podkop" if [ -f /var/run/podkop_list_update.pid ]; then @@ -180,12 +176,6 @@ stop() { ip route flush table podkop fi - local dont_touch_dhcp - config_get_bool dont_touch_dhcp "settings" "dont_touch_dhcp" 0 - if [ "$dont_touch_dhcp" -eq 0 ]; then - dnsmasq_restore - fi - log "Stop sing-box" /etc/init.d/sing-box stop @@ -193,10 +183,27 @@ stop() { uci commit "podkop" && config_load "$PODKOP_CONFIG" } +start() { + start_main + config_get_bool dont_touch_dhcp "settings" "dont_touch_dhcp" 0 + if [ "$dont_touch_dhcp" -eq 0 ]; then + dnsmasq_configure + fi +} + +stop() { + local dont_touch_dhcp + config_get_bool dont_touch_dhcp "settings" "dont_touch_dhcp" 0 + if [ "$dont_touch_dhcp" -eq 0 ]; then + dnsmasq_restore + fi + stop_main +} + reload() { log "Podkop reload" - stop - start + stop_main + start_main } restart() { From ff43f477e92db4b08ccac46777dd465c570c815d Mon Sep 17 00:00:00 2001 From: Andrey Petelin Date: Wed, 26 Nov 2025 14:14:27 +0500 Subject: [PATCH 6/8] chore: restore shutdown_correctly logic --- podkop/files/usr/bin/podkop | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/podkop/files/usr/bin/podkop b/podkop/files/usr/bin/podkop index 59dfa1a..a7c2779 100755 --- a/podkop/files/usr/bin/podkop +++ b/podkop/files/usr/bin/podkop @@ -137,9 +137,6 @@ start_main() { exit 1 fi - uci_set "podkop" "settings" "shutdown_correctly" 0 - uci commit "podkop" && config_load "$PODKOP_CONFIG" - log "Nice" list_update & echo $! > /var/run/podkop_list_update.pid @@ -178,17 +175,18 @@ stop_main() { log "Stop sing-box" /etc/init.d/sing-box stop - - uci_set "podkop" "settings" "shutdown_correctly" 1 - uci commit "podkop" && config_load "$PODKOP_CONFIG" } start() { start_main + config_get_bool dont_touch_dhcp "settings" "dont_touch_dhcp" 0 if [ "$dont_touch_dhcp" -eq 0 ]; then dnsmasq_configure fi + + uci_set "podkop" "settings" "shutdown_correctly" 0 + uci commit "podkop" && config_load "$PODKOP_CONFIG" } stop() { @@ -197,7 +195,11 @@ stop() { if [ "$dont_touch_dhcp" -eq 0 ]; then dnsmasq_restore fi + stop_main + + uci_set "podkop" "settings" "shutdown_correctly" 1 + uci commit "podkop" && config_load "$PODKOP_CONFIG" } reload() { From 14f704fcb867f039c23cd0665cd8f8b09c36b63c Mon Sep 17 00:00:00 2001 From: Andrey Petelin Date: Wed, 26 Nov 2025 15:47:12 +0500 Subject: [PATCH 7/8] fix: use echolog for sing-box start failure --- podkop/files/usr/bin/podkop | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/podkop/files/usr/bin/podkop b/podkop/files/usr/bin/podkop index a7c2779..6b70c14 100755 --- a/podkop/files/usr/bin/podkop +++ b/podkop/files/usr/bin/podkop @@ -133,7 +133,7 @@ start_main() { config_foreach add_cron_job "section" /etc/init.d/sing-box start if [ $? -ne 0 ]; then - echo "Failed to start sing-box service" + echolog "Failed to start sing-box service" exit 1 fi From 6a48a060e1cc538e37f63fd3c1ee447418e8a604 Mon Sep 17 00:00:00 2001 From: Andrey Petelin Date: Wed, 26 Nov 2025 16:01:41 +0500 Subject: [PATCH 8/8] refactor: remove sing-box start exit check --- podkop/files/usr/bin/podkop | 4 ---- 1 file changed, 4 deletions(-) diff --git a/podkop/files/usr/bin/podkop b/podkop/files/usr/bin/podkop index 6b70c14..6cd1f90 100755 --- a/podkop/files/usr/bin/podkop +++ b/podkop/files/usr/bin/podkop @@ -132,10 +132,6 @@ start_main() { sing_box_init_config config_foreach add_cron_job "section" /etc/init.d/sing-box start - if [ $? -ne 0 ]; then - echolog "Failed to start sing-box service" - exit 1 - fi log "Nice" list_update &