Fix extension for list

User Subnet validation for glob ip, init.d/zapret proper check, passwall in conflicts

.github/CODEOWNERS

@@ -0,0 +1 @@
+*       @itdoginfo

.github/workflows/build.yml

@@ -1,5 +1,4 @@
 name: Build packages
-
 on:
   push:
     tags:
@@ -9,15 +8,24 @@ jobs:
   build:
     name: Build podkop and luci-app-podkop
     runs-on: ubuntu-latest
-
     steps:
       - uses: actions/checkout@v4.2.1
+        with:
+          fetch-depth: 0
+
+      - name: Extract version
+        id: version
+        run: |
+          VERSION=$(git describe --tags --exact-match 2>/dev/null || echo "dev_$(date +%d%m%Y)")
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
 
       - name: Build and push
         uses: docker/build-push-action@v6.9.0
         with:
           context: .
           tags: podkop:ci
+          build-args: |
+            PKG_VERSION=${{ steps.version.outputs.version }}
 
       - name: Create Docker container
         run: docker create --name podkop podkop:ci
@@ -27,10 +35,20 @@ jobs:
           docker cp podkop:/builder/bin/packages/x86_64/utilites/. ./bin/
           docker cp podkop:/builder/bin/packages/x86_64/luci/. ./bin/
 
+      - name: Filter IPK files
+        run: |
+          # Извлекаем версию из тега, убирая префикс 'v'
+          VERSION=${GITHUB_REF#refs/tags/v}
+
+          mkdir -p ./filtered-bin
+          cp ./bin/luci-i18n-podkop-ru_*.ipk "./filtered-bin/luci-i18n-podkop-ru_${VERSION}.ipk"
+          cp ./bin/podkop_*.ipk ./filtered-bin/
+          cp ./bin/luci-app-podkop_*.ipk ./filtered-bin/
+
       - name: Remove Docker container
         run: docker rm podkop
 
       - name: Release
         uses: softprops/action-gh-release@v2.0.8
         with:
-          files: ./bin/*.ipk
+          files: ./filtered-bin/*.ipk

.shellcheckrc

@@ -0,0 +1 @@
+disable=SC3036,SC3010,SC3014,SC3015,SC3020,SC3003

Dockerfile

@@ -1,6 +1,7 @@
-FROM openwrt/sdk:x86_64-v23.05.5
+FROM itdoginfo/openwrt-sdk:24.10.1
 
-RUN ./scripts/feeds update -a && mkdir -p /builder/package/feeds/utilites/ && mkdir -p /builder/package/feeds/luci/
+ARG PKG_VERSION
+ENV PKG_VERSION=${PKG_VERSION}
 
 COPY ./podkop /builder/package/feeds/utilites/podkop
 COPY ./luci-app-podkop /builder/package/feeds/luci/luci-app-podkop

Dockerfile-SDK

@@ -0,0 +1,3 @@
+FROM openwrt/sdk:x86_64-v24.10.1
+
+RUN ./scripts/feeds update -a && ./scripts/feeds install luci-base && mkdir -p /builder/package/feeds/utilites/ && mkdir -p /builder/package/feeds/luci/

README.md

@@ -1,190 +1,49 @@
-Это альфа версия, может не работать. Обсуждение https://t.me/itdogchat - топик Podkop dev
+# Вещи, которые вам нужно знать перед установкой
 
-Если у вас установлен Getdomains, то его следует удалить.
+- Это бета-версия, которая находится в активной разработке. Из версии в версию что-то может меняться.
+- При возникновении проблем, нужен технически грамотный фидбэк в чат.
+- При обновлении **обязательно** [сбрасывайте кэш LuCI](https://podkop.net/docs/clear-browser-cache/).
+- Также при обновлении всегда заходите в конфигурацию и проверяйте свои настройки. Конфигурация может измениться.
+- Необходимо минимум 15МБ свободного места на роутере. Роутеры с флешками на 16МБ сразу мимо.
+- При старте программы редактируется конфиг Dnsmasq.
+- Podkop редактирует конфиг sing-box. Обязательно сохраните ваш конфиг sing-box перед установкой, если он вам нужен.
+- Информация здесь может быть устаревшей. Все изменения фиксируются в [телеграм-чате](https://t.me/itdogchat/81758/420321).
+- [Если у вас не что-то не работает.](https://podkop.net/docs/diagnostics/)
+- Если у вас установлен Getdomains, [его следует удалить](https://github.com/itdoginfo/domain-routing-openwrt?tab=readme-ov-file#%D1%81%D0%BA%D1%80%D0%B8%D0%BF%D1%82-%D0%B4%D0%BB%D1%8F-%D1%83%D0%B4%D0%B0%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F).
 
-# Удаление GetDomains скриптом
-```
-sh <(wget -O - https://raw.githubusercontent.com/itdoginfo/domain-routing-openwrt/refs/heads/master/getdomains-uninstall.sh)
-```
+# Документация
+https://podkop.net/
 
-Оставляет туннели, зоны, forwarding. А также stubby и dnscrypt. Они не помешают. Конфиг sing-box будет перезаписан в podkop.
+# Установка Podkop
+Полная информация в [документации](https://podkop.net/docs/install/)
 
-# Установка
-Пакет работает на всех архитектурах.
-Будет точно работать только на OpenWrt 23.05.
-
-Нужен dnsmasq-full. В автоматическом режиме ставится сам. Вручную надо поставить [самостоятельно](https://github.com/itdoginfo/podkop/blob/952dd6215a2a83d65937cf9e33534c42809091ed/install.sh#L20).
-
-## Автоматическая
+Вкратце, достаточно одного скрипта для установки и обновления:
 ```
 sh <(wget -O - https://raw.githubusercontent.com/itdoginfo/podkop/refs/heads/main/install.sh)
 ```
 
-## Вручную
-Сделать `opkg update`, чтоб установились зависимости.
-Скачать пакеты `podkop_*.ipk` и `luci-app-podkop_*.ipk` из релиза. `opkg install` сначала первый, потом второй.
-
-# Удаление
-```
-opkg remove luci-app-podkop podkop
-```
-
-# Использование
-Конфиг: /etc/config/podkop
-
-Luci: Services/podkop
-
-## Режимы
-
-### Proxy
-Для VLESS и Shadowsocks. Другие протоколы тоже будут, кидайте в чат примеры строк без чувствительных данных.
-Для использования этого режима нужен sing-box:
-```
-opkg update && opkg install sing-box
-```
-
-В этом режиме просто копируйте строку в **Proxy String** и из неё автоматически настроится sing-box.
-
-### VPN
-Здесь у вас должен быть уже настроен WG/OpenVPN/OpenConnect etc, создана Zone и Forwarding.
-
-Просто выбрать интерфейс из списка.
-
-## Настройка доменов и подсетей
-**Domain list enable** - Включить общий список.
-
-**Delist domains from main list enable** - Выключение заданных доменов из общего списка. Задавать списком.
-
-**Subnets list enable** - Включить подсети из общего списка, выбрать из предложенных.
-
-**Custom domains enable** - Добавить свои домены. Задавать списком.
-
-**Custom subnets enable** - Добавить подсети или IP-адреса. Для подсетей задать маску.
-
-# Известные баги
-- [x] Не работает proxy при режимах main vpn, second proxy
-- [ ] Не всегда отрабатывает ucitrack (применение настроек из luci). Не удаётся повторить
-
 # ToDo
-Сделано
-- [x] Скрипт для автоматической установки.
-- [x] Подсети дискорда.
-- [x] Удаление getdomains через скрипт. Кроме туннеля и sing-box.
-- [x] Дополнительная вкладка для ещё одного туннеля. Домены, подсети.
-- [x] Улучшение скрипта автоматической установки. Спрашивать про туннели.
-- [x] Зависимость от dnsmasq-full
+Этот раздел не означает задачи, которые нужно брать и делать. Это общий список хотелок. Если вы хотите помочь, пожалуйста, спросите сначала в телеграмме.
 
-Приоритет 1
-- [x] В nft разделить правило tproxy на маркировку и tproxy
-- [ ] Нужен дебаг. Restart ucitrack в отдельный скрипт postinst, не отрабатывает.
-- [x] Весь трафик для устойства пускать в туннель\прокси
-- [x] Исключение для IP, не ходить в туннель\прокси совсем 0x0
-- [x] Врубать галочкой yacd в sing-box
-- [x] Свои списки. Просто список доменов с переносом строки 
-- [x] Свои списки ipv4
-- [ ] Ntp (порт 123) делать маркировку 0x0. По галке
-- [ ] Вернуть две цепочки nft
+Основные задачи в issues.
 
-Приоритет 2
-- [ ] Кнопка обновления списка доменов и подсетей
-- [ ] IPv6
-- [ ] Придумать автонастройку DNS через stubby итд. Как лучше это реализовать.
-- [ ] Удаление подсетей CF из domain sets раз в N часов
-- [ ] Автонастройка wireguard по примеру getdomains
-- [ ] Автонастройка awg по примеру getdomains
+## Рефактор
+- [ ] Очевидные повторения в `/usr/bin/podkop` загнать в переменые
+- [ ] Возможно поменять структуру
 
-Wiki
-- [ ] Тема
-- [ ] Изначальное наполнение
-- [ ] Nginx+acme.sh ansible playbook
-- [ ] Сборка и деплой через github actions
-- [ ] Общий мониторинг VM
-- [ ] Мониторинг tls
+## Списки
+- [ ] CloudFront
 
-Низкий приоритет
-- [x] Открытый прокси порт на роутере для браузеров
-- [ ] Переменная, раз во сколько часов обновлять списки
-- [ ] Галочка, которая режет доступ к doh серверам
+## Будущее
+- [ ] Подписка. Здесь нужна реализация, чтоб для каждой секции помимо ручного выбора, был выбор фильтрации по тегу. Например, для main выбираем ключевые слова NL, DE, FI. А для extra секции фильтруем по RU. И создаётся outbound c urltest в которых перечислены outbound из фильтров.
+- [ ] Опция, когда все запросы (с роутера в первую очередь), а не только br-lan идут в прокси. С этим связана #95. Требуется много переделать для nftables.
+- [ ] Весь трафик в Proxy\VPN. Вопрос, что делать с экстрасекциями в этом случае. FakeIP здесь скорее не нужен, а значит только main секция остаётся. Всё что касается fakeip проверок, придётся выключать в этом режиме.
+- [x] Поддержка Source format. Нужна расшифровка в json и если присуствуют подсети, заносить их в custom subnet nftset.
+- [ ] Переделывание функции формирования кастомных списков в JSON. Обрабатывать сразу скопом, а не по одному.
+- [ ] При успешном запуске переходит в фоновый режим и следит за состоянием sing-box. Если вдруг идёт exit 1, выполняется dnsmasq restore и снова следит за состоянием. Вопрос в том, как это искусcтвенно провернуть. Попробовать положить прокси и посмотреть, останется ли работать DNS в этом случае. И здесь, вероятно, можно обойтись триггером в init.d.
+- [ ] Галочка, которая режет доступ к doh серверам.
+- [ ] IPv6. Только после наполнения Wiki.
 
-Рефактор
-- [ ] Формирование json для sing-box на уровне jq, а не шаблонов
+## Тесты
 - [ ] Unit тесты (BATS)
-- [ ] Интеграционые тесты бекенда (OpenWrt rootfs + BATS)
-- [ ] RU перевод
-- [ ] Handle для sing-box
-- [ ] Handle для dnsmasq
-
-Хз как сделать
-- [ ] Добавить label от конфига vless\ss\etc в luci. Хз как
-
-# Разработка
-Есть два варианта:
-- Просто поставить пакет на роутер или виртуалку и прям редактировать через SFTP (opkg install openssh-sftp-server)
-- SDK, чтоб собирать пакеты
-
-Для сборки пакетов нужен SDK, один из вариантов скачать прям файл и разархивировать
-https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/
-Нужен файл с SDK в имени
-
-```
-wget https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/openwrt-sdk-23.05.5-x86-64_gcc-12.3.0_musl.Linux-x86_64.tar.xz
-tar xf openwrt-sdk-23.05.5-x86-64_gcc-12.3.0_musl.Linux-x86_64.tar.xz
-mv openwrt-sdk-23.05.5-x86-64_gcc-12.3.0_musl.Linux-x86_64 SDK
-```
-Последнее для удобства.
-
-Создаём директорию для пакета
-```
-mkdir package/utilites
-```
-
-Симлинк из репозитория
-```
-ln -s ~/podkop/podkop package/utilites/podkop
-ln -s ~/podkop/luci-app-podkop package/luci-app-podkop
-```
-
-В первый раз для сборки luci-app необходимо обновить пакеты
-```
-./scripts/feeds update -a
-```
-
-Для make можно добавить флаг -j N, где N - количество ядер для сборки. Первый раз пройдёт быстрее.
-
-При первом make выводится менюшка, можно просто save, exit и всё. Первый раз долго грузит зависимости.
-
-Сборка пакета. Сами пакеты собираются быстро.
-```
-make package/podkop/{clean,compile} V=s
-```
-
-Также для luci
-```
-make package/luci-app-podkop/{clean,compile} V=s
-```
-
-.ipk лежат в `bin/packages/x86_64/base/`
-
-## Ошибки
-```
-Makefile:17: /SDK/feeds/luci/luci.mk: No such file or directory
-make[2]: *** No rule to make target '/SDK/feeds/luci/luci.mk'.  Stop.
-time: package/luci/luci-app-podkop/clean#0.00#0.00#0.00
-    ERROR: package/luci/luci-app-podkop failed to build.
-make[1]: *** [package/Makefile:129: package/luci/luci-app-podkop/clean] Error 1
-make[1]: Leaving directory '/SDK'
-make: *** [/SDK/include/toplevel.mk:226: package/luci-app-podkop/clean] Error 2
-```
-
-Не загружены пакеты для luci
-
-## make зависимости
-https://openwrt.org/docs/guide-developer/toolchain/install-buildsystem
-
-Ubuntu
-```
-sudo apt update
-sudo apt install build-essential clang flex bison g++ gawk \
-gcc-multilib g++-multilib gettext git libncurses-dev libssl-dev \
-python3-distutils rsync unzip zlib1g-dev file wget
-```
+- [ ] Интеграционые тесты бекенда (OpenWrt rootfs + BATS)

String-example.md

@@ -0,0 +1,68 @@
+# Shadowsocks
+Тут всё просто
+
+## Shadowsocks-old
+```
+ss://YWVzLTI1Ni1nY206RmJwUDJnSStPczJKK1kzdkVhTnVuOUZ2ZjJZYUhNUlN1L1BBdEVqMks1VT0@example.com:80?type=tcp#example-ss-old
+```
+
+## Shadowsocks-2022
+```
+ss://2022-blake3-aes-128-gcm:5NgF%2B9eM8h4OnrTbHp%2B8UA%3D%3D%3Am8tbs5aKLYG7dN9f3xsiKA%3D%3D@example.com:80#example-ss2022
+```
+
+```
+ss://MjAyMi1ibGFrZTMtYWVzLTEyOC1nY206Y21lZklCdDhwMTJaZm1QWUplMnNCNThRd3R3NXNKeVpUV0Z6ZENKV2taOD06eEJHZUxiMWNPTjFIeE9CenF6UlN0VFdhUUh6YWM2cFhRVFNZd2dVV2R1RT0@example.com:81?type=tcp#example-ss2022
+```
+Может быть без `?type=tcp`
+
+# VLESS
+
+## Reality
+```
+vless://eb445f4b-ddb4-4c79-86d5-0833fc674379@example.com:443?type=tcp&security=reality&pbk=ARQzddtXPJZHinwkPbgVpah9uwPTuzdjU9GpbUkQJkc&fp=chrome&sni=yahoo.com&sid=6cabf01472a3&spx=%2F&flow=xtls-rprx-vision#vless-reality
+```
+
+```
+vless://UUID@IP:2082?security=reality&sni=dash.cloudflare.com&alpn=h2,http/1.1&allowInsecure=1&fp=chrome&pbk=pukkey&sid=id&type=grpc&encryption=none#vless-reality-strange
+```
+
+## TLS
+1. 
+```
+vless://8100b6eb-3fd1-4e73-8ccf-b4ac961232d6@example.com:443?type=tcp&security=tls&fp=&alpn=h3%2Ch2%2Chttp%2F1.1#vless-tls
+```
+
+2.
+```
+vless://8b60389a-7a01-4365-9244-c87f12bb98cf@example.com:443?security=tls&sni=SITE&fp=chrome&type=tcp&flow=xtls-rprx-vision&encryption=none#vless-tls-withot-alpn
+```
+3. 
+```
+vless://8b60389a-7a01-4365-9244-c87f12bb98cf@example.com:443/?type=ws&encryption=none&path=%2Fwebsocket&security=tls&sni=sni.server.com&fp=chrome#vless-tls-ws
+```
+
+4.
+```
+vless://[someid]@[someserver]?security=tls&sni=[somesni]&type=ws&path=/?ed%3D2560&host=[somesni]&encryption=none#vless-tls-ws-2
+```
+
+5.
+```
+vless://uuid@server:443?security=tls&sni=server&fp=chrome&type=ws&path=/websocket&encryption=none#vless-tls-ws-3
+```
+
+6.
+```
+vless://33333@example.com:443/?type=ws&encryption=none&path=%2Fwebsocket&security=tls&sni=example.com&fp=chrome#vless-tls-ws-4
+```
+
+7.
+```
+vless://id@sub.domain.example:443?type=ws&path=%2Fdir%2Fpath&host=sub.domain.example&security=tls#configname
+```
+
+## No security
+```
+vless://8b60389a-7a01-4365-9244-c87f12bb98cf@example.com:443?type=tcp&security=none#vless-tls-no-encrypt
+```

install.sh

@@ -1,83 +1,162 @@
 #!/bin/sh
 
 REPO="https://api.github.com/repos/itdoginfo/podkop/releases/latest"
-
 DOWNLOAD_DIR="/tmp/podkop"
+COUNT=3
+
+rm -rf "$DOWNLOAD_DIR"
 mkdir -p "$DOWNLOAD_DIR"
 
-wget -qO- "$REPO" | grep -o 'https://[^"]*\.ipk' | while read -r url; do
-    filename=$(basename "$url")
-    echo "Download $filename..."
-    wget -q -O "$DOWNLOAD_DIR/$filename" "$url"
-done
+msg() {
+    printf "\033[32;1m%s\033[0m\n" "$1"
+}
 
-echo "opkg update"
-opkg update
+main() {
+    check_system
+    sing_box
 
-if opkg list-installed | grep -q dnsmasq-full; then
-    echo "dnsmasq-full already installed"
-else
-    echo "Installed dnsmasq-full"
-    cd /tmp/ && opkg download dnsmasq-full
-    opkg remove dnsmasq && opkg install dnsmasq-full --cache /tmp/
+    /usr/sbin/ntpd -q -p 194.190.168.1 -p 216.239.35.0 -p 216.239.35.4 -p 162.159.200.1 -p 162.159.200.123
 
-    [ -f /etc/config/dhcp-opkg ] && cp /etc/config/dhcp /etc/config/dhcp-old && mv /etc/config/dhcp-opkg /etc/config/dhcp
-fi
+    opkg update || { echo "opkg update failed"; exit 1; }
+  
+    if [ -f "/etc/init.d/podkop" ]; then
+        msg "Podkop is already installed. Upgraded..."
+    else
+        msg "Installed podkop..."
+    fi
+    
+    if command -v curl &> /dev/null; then
+        check_response=$(curl -s "https://api.github.com/repos/itdoginfo/podkop/releases/latest")
 
-echo "What type of VPN or proxy will be used?"
-echo "1) VLESS, Shadowsocks (A sing-box will be installed)"
-echo "2) Wireguard"
-echo "3) AmneziaWG"
-echo "4) OpenVPN"
-echo "5) OpenConnect"
-echo "6) Skip this step"
+        if echo "$check_response" | grep -q 'API rate limit '; then
+            msg "You've reached rate limit from GitHub. Repeat in five minutes."
+            exit 1
+        fi
+    fi
 
-while true; do
-    read -r -p '' TUNNEL
-    case $TUNNEL in
+    download_success=0
+    while read -r url; do
+        filename=$(basename "$url")
+        filepath="$DOWNLOAD_DIR/$filename"
+               
+        attempt=0
+        while [ $attempt -lt $COUNT ]; do
+            msg "Download $filename (count $((attempt+1)))..."
+            if wget -q -O "$filepath" "$url"; then
+                if [ -s "$filepath" ]; then
+                    msg "$filename successfully downloaded"
+                    download_success=1
+                    break
+                fi
+            fi
+            msg "Download error $filename. Retry..."
+            rm -f "$filepath"
+            attempt=$((attempt+1))
+        done
+        
+        if [ $attempt -eq $COUNT ]; then
+            msg "Failed to download $filename after $COUNT attempts"
+        fi
+    done < <(wget -qO- "$REPO" | grep -o 'https://[^"[:space:]]*\.ipk')
+    
+    if [ $download_success -eq 0 ]; then
+        msg "No packages were downloaded successfully"
+        exit 1
+    fi
+    
+    for pkg in podkop luci-app-podkop; do
+        file=$(ls "$DOWNLOAD_DIR" | grep "^$pkg" | head -n 1)
+        if [ -n "$file" ]; then
+            msg "Installing $file"
+            opkg install "$DOWNLOAD_DIR/$file"
+            sleep 3
+        fi
+    done
 
-    1)
-        opkg install sing-box
-        break
-        ;;
+    ru=$(ls "$DOWNLOAD_DIR" | grep "luci-i18n-podkop-ru" | head -n 1)
+    if [ -n "$ru" ]; then
+        if opkg list-installed | grep -q luci-i18n-podkop-ru; then
+                msg "Upgraded ru translation..."
+                opkg remove luci-i18n-podkop*
+                opkg install "$DOWNLOAD_DIR/$ru"
+        else
+            msg "Русский язык интерфейса ставим? y/n (Need a Russian translation?)"
+            while true; do
+                read -r -p '' RUS
+                case $RUS in
+                y)
+                    opkg remove luci-i18n-podkop*
+                    opkg install "$DOWNLOAD_DIR/$ru"
+                    break
+                    ;;
+                n)
+                    break
+                    ;;
+                *)
+                    echo "Введите y или n"
+                    ;;
+                esac
+            done
+        fi
+    fi
 
-    2)
-        opkg install wireguard-tools luci-proto-wireguard luci-app-wireguard
-        printf "\e[1;32mUse these instructions to configure https://itdog.info/nastrojka-klienta-wireguard-na-openwrt/\e[0m\n"
-        break
-        ;;
+    find "$DOWNLOAD_DIR" -type f -name '*podkop*' -exec rm {} \;
+}
 
-    3)
-        echo "As long as it's not automated"
-        printf "\e[1;32mUse script from here https://github.com/Slava-Shchipunov/awg-openwrt\e[0m\n"
-        break
-        ;;
+check_system() {
+    # Get router model
+    MODEL=$(cat /tmp/sysinfo/model)
+    msg "Router model: $MODEL"
 
-    4)
-        opkg install opkg install openvpn-openssl luci-app-openvpn
-        printf "\e[1;32mUse these instructions to configure https://itdog.info/nastrojka-klienta-openvpn-na-openwrt/\e[0m\n"
-        break
-        ;;
+    # Check available space
+    AVAILABLE_SPACE=$(df /overlay | awk 'NR==2 {print $4}')
+    REQUIRED_SPACE=15360 # 15MB in KB
 
-    5)
-        opkg install opkg install openconnect luci-proto-openconnect
-        printf "\e[1;32mUse these instructions to configure https://itdog.info/nastrojka-klienta-openconnect-na-openwrt/\e[0m\n"
-        break
-        ;;
+    if [ "$AVAILABLE_SPACE" -lt "$REQUIRED_SPACE" ]; then
+        msg "Error: Insufficient space in flash"
+        msg "Available: $((AVAILABLE_SPACE/1024))MB"
+        msg "Required: $((REQUIRED_SPACE/1024))MB"
+        exit 1
+    fi
 
-    6)
-        echo "Skip"
-        break
-        ;;
+    if ! nslookup google.com >/dev/null 2>&1; then
+        msg "DNS not working"
+        exit 1
+    fi
 
-    *)
-        echo "Choose from the following options"
-        ;;
-    esac
-done
+    if opkg list-installed | grep -q https-dns-proxy; then
+        msg "Сonflicting package detected: https-dns-proxy. Remove?"
 
-echo "Installed podkop..."
-opkg install $DOWNLOAD_DIR/podkop*.ipk
-opkg install $DOWNLOAD_DIR/luci-app-podkop*.ipk
+        while true; do
+                read -r -p '' DNSPROXY
+                case $DNSPROXY in
 
-rm -f $DOWNLOAD_DIR/podkop*.ipk $DOWNLOAD_DIR/luci-app-podkop*.ipk
+                yes|y|Y|yes)
+                    opkg remove --force-depends luci-app-https-dns-proxy https-dns-proxy luci-i18n-https-dns-proxy*
+                    break
+                    ;;
+                *)
+                    msg "Exit"
+                    exit 1
+                    ;;
+        esac
+    done
+    fi
+}
+
+sing_box() {
+    if ! opkg list-installed | grep -q "^sing-box"; then
+        return
+    fi
+
+    sing_box_version=$(sing-box version | head -n 1 | awk '{print $3}')
+    required_version="1.11.1"
+
+    if [ "$(echo -e "$sing_box_version\n$required_version" | sort -V | head -n 1)" != "$required_version" ]; then
+        msg "sing-box version $sing_box_version is older than required $required_version"
+        msg "Removing old version..."
+        opkg remove sing-box
+    fi
+}
+
+main

luci-app-podkop/Makefile

@@ -1,19 +1,22 @@
-# See /LICENSE for more information.
-# This is free software, licensed under the GNU General Public License v2.
-
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-podkop
-PKG_VERSION:=0.1.8
+
+PKG_VERSION := $(if $(PKG_VERSION),$(PKG_VERSION),dev_$(shell date +%d%m%Y))
+
 PKG_RELEASE:=1
 
 LUCI_TITLE:=LuCI podkop app
 LUCI_DEPENDS:=+luci-base +podkop
 LUCI_PKGARCH:=all
+LUCI_LANG.ru:=Русский (Russian)
+LUCI_LANG.en:=English
 
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_MAINTAINER:=ITDog <podkop@itdog.info>
 
+LUCI_LANGUAGES:=en ru
+
 include $(TOPDIR)/feeds/luci/luci.mk
 
 # call BuildPackage - OpenWrt buildroot signature

luci-app-podkop/htdocs/luci-static/resources/view/podkop/additionalTab.js

@@ -0,0 +1,242 @@
+'use strict';
+'require form';
+'require baseclass';
+'require view.podkop.constants as constants';
+'require tools.widgets as widgets';
+
+function createAdditionalSection(mainSection, network) {
+    let o = mainSection.tab('additional', _('Additional Settings'));
+
+    o = mainSection.taboption('additional', form.Flag, 'yacd', _('Yacd enable'), _('<a href="http://openwrt.lan:9090/ui" target="_blank">openwrt.lan:9090/ui</a>'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.Flag, 'exclude_ntp', _('Exclude NTP'), _('For issues with open connections sing-box'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.Flag, 'quic_disable', _('QUIC disable'), _('For issues with the video stream'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.ListValue, 'update_interval', _('List Update Frequency'), _('Select how often the lists will be updated'));
+    Object.entries(constants.UPDATE_INTERVAL_OPTIONS).forEach(([key, label]) => {
+        o.value(key, _(label));
+    });
+    o.default = '1d';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.ListValue, 'dns_type', _('DNS Protocol Type'), _('Select DNS protocol to use'));
+    o.value('doh', _('DNS over HTTPS (DoH)'));
+    o.value('dot', _('DNS over TLS (DoT)'));
+    o.value('udp', _('UDP (Unprotected DNS)'));
+    o.default = 'udp';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.Value, 'dns_server', _('DNS Server'), _('Select or enter DNS server address'));
+    Object.entries(constants.DNS_SERVER_OPTIONS).forEach(([key, label]) => {
+        o.value(key, _(label));
+    });
+    o.default = '8.8.8.8';
+    o.rmempty = false;
+    o.ucisection = 'main';
+    o.validate = function (section_id, value) {
+        if (!value) {
+            return _('DNS server address cannot be empty');
+        }
+
+        const ipRegex = /^(\d{1,3}\.){3}\d{1,3}$/;
+        if (ipRegex.test(value)) {
+            const parts = value.split('.');
+            for (const part of parts) {
+                const num = parseInt(part);
+                if (num < 0 || num > 255) {
+                    return _('IP address parts must be between 0 and 255');
+                }
+            }
+            return true;
+        }
+
+        const domainRegex = /^([a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]+\.[a-zA-Z]{2,}(\/[^\s]*)?$/;
+        if (!domainRegex.test(value)) {
+            return _('Invalid DNS server format. Examples: 8.8.8.8 or dns.example.com or dns.example.com/nicedns for DoH');
+        }
+
+        return true;
+    };
+
+    o = mainSection.taboption('additional', form.Flag, 'split_dns_enabled', _('Split DNS'), _('DNS for the list via proxy'));
+    o.default = '1';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.ListValue, 'split_dns_type', _('Split DNS Protocol Type'), _('Select DNS protocol for split'));
+    o.value('doh', _('DNS over HTTPS (DoH)'));
+    o.value('dot', _('DNS over TLS (DoT)'));
+    o.value('udp', _('UDP (Unprotected DNS)'));
+    o.default = 'udp';
+    o.rmempty = false;
+    o.depends('split_dns_enabled', '1');
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.Value, 'split_dns_server', _('Split DNS Server'), _('Select or enter DNS server address'));
+    Object.entries(constants.DNS_SERVER_OPTIONS).forEach(([key, label]) => {
+        o.value(key, _(label));
+    });
+    o.default = '1.1.1.1';
+    o.rmempty = false;
+    o.depends('split_dns_enabled', '1');
+    o.ucisection = 'main';
+    o.validate = function (section_id, value) {
+        if (!value) {
+            return _('DNS server address cannot be empty');
+        }
+
+        const ipRegex = /^(\d{1,3}\.){3}\d{1,3}$/;
+        if (ipRegex.test(value)) {
+            const parts = value.split('.');
+            for (const part of parts) {
+                const num = parseInt(part);
+                if (num < 0 || num > 255) {
+                    return _('IP address parts must be between 0 and 255');
+                }
+            }
+            return true;
+        }
+
+        const domainRegex = /^([a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]+\.[a-zA-Z]{2,}(\/[^\s]*)?$/;
+        if (!domainRegex.test(value)) {
+            return _('Invalid DNS server format. Examples: 8.8.8.8 or dns.example.com or dns.example.com/nicedns for DoH');
+        }
+
+        return true;
+    };
+
+    o = mainSection.taboption('additional', form.Value, 'dns_rewrite_ttl', _('DNS Rewrite TTL'), _('Time in seconds for DNS record caching (default: 60)'));
+    o.default = '60';
+    o.rmempty = false;
+    o.ucisection = 'main';
+    o.validate = function (section_id, value) {
+        if (!value) {
+            return _('TTL value cannot be empty');
+        }
+
+        const ttl = parseInt(value);
+        if (isNaN(ttl) || ttl < 0) {
+            return _('TTL must be a positive number');
+        }
+
+        return true;
+    };
+
+    o = mainSection.taboption('additional', form.Value, 'cache_file', _('Cache File Path'), _('Select or enter path for sing-box cache file. Change this ONLY if you know what you are doing'));
+    o.value('/tmp/cache.db', 'RAM (/tmp/cache.db)');
+    o.value('/usr/share/sing-box/cache.db', 'Flash (/usr/share/sing-box/cache.db)');
+    o.default = '/tmp/cache.db';
+    o.rmempty = false;
+    o.ucisection = 'main';
+    o.validate = function (section_id, value) {
+        if (!value) {
+            return _('Cache file path cannot be empty');
+        }
+
+        if (!value.startsWith('/')) {
+            return _('Path must be absolute (start with /)');
+        }
+
+        if (!value.endsWith('cache.db')) {
+            return _('Path must end with cache.db');
+        }
+
+        const parts = value.split('/').filter(Boolean);
+        if (parts.length < 2) {
+            return _('Path must contain at least one directory (like /tmp/cache.db)');
+        }
+
+        return true;
+    };
+
+    o = mainSection.taboption('additional', widgets.DeviceSelect, 'iface', _('Source Network Interface'), _('Select the network interface from which the traffic will originate'));
+    o.ucisection = 'main';
+    o.default = 'br-lan';
+    o.noaliases = true;
+    o.nobridges = false;
+    o.noinactive = false;
+    o.multiple = true;
+    o.filter = function (section_id, value) {
+        if (['wan', 'phy0-ap0', 'phy1-ap0', 'pppoe-wan'].indexOf(value) !== -1) {
+            return false;
+        }
+
+        var device = this.devices.filter(function (dev) {
+            return dev.getName() === value;
+        })[0];
+
+        if (device) {
+            var type = device.getType();
+            return type !== 'wifi' && type !== 'wireless' && !type.includes('wlan');
+        }
+
+        return true;
+    };
+
+    o = mainSection.taboption('additional', form.Flag, 'mon_restart_ifaces', _('Interface monitoring'), _('Interface monitoring for bad WAN'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', widgets.NetworkSelect, 'restart_ifaces', _('Interface for monitoring'), _('Select the WAN interfaces to be monitored'));
+    o.ucisection = 'main';
+    o.depends('mon_restart_ifaces', '1');
+    o.multiple = true;
+    o.filter = function (section_id, value) {
+        return ['lan', 'loopback'].indexOf(value) === -1 && !value.startsWith('@');
+    };
+
+    o = mainSection.taboption('additional', form.Flag, 'dont_touch_dhcp', _('Dont touch my DHCP!'), _('Podkop will not change the DHCP config'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.Flag, 'detour', _('Proxy download of lists'), _('Downloading all lists via main Proxy/VPN'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    // Extra IPs and exclusions (main section)
+    o = mainSection.taboption('basic', form.Flag, 'exclude_from_ip_enabled', _('IP for exclusion'), _('Specify local IP addresses that will never use the configured route'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('basic', form.DynamicList, 'exclude_traffic_ip', _('Local IPs'), _('Enter valid IPv4 addresses'));
+    o.placeholder = 'IP';
+    o.depends('exclude_from_ip_enabled', '1');
+    o.rmempty = false;
+    o.ucisection = 'main';
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        const ipRegex = /^(\d{1,3}\.){3}\d{1,3}$/;
+        if (!ipRegex.test(value)) return _('Invalid IP format. Use format: X.X.X.X (like 192.168.1.1)');
+        const ipParts = value.split('.');
+        for (const part of ipParts) {
+            const num = parseInt(part);
+            if (num < 0 || num > 255) return _('IP address parts must be between 0 and 255');
+        }
+        return true;
+    };
+
+    o = mainSection.taboption('basic', form.Flag, 'socks5', _('Mixed enable'), _('Browser port: 2080'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+}
+
+return baseclass.extend({
+    createAdditionalSection
+}); 

luci-app-podkop/htdocs/luci-static/resources/view/podkop/configSection.js

@@ -0,0 +1,532 @@
+'use strict';
+'require baseclass';
+'require form';
+'require ui';
+'require network';
+'require view.podkop.constants as constants';
+'require tools.widgets as widgets';
+
+function validateUrl(url, protocols = ['http:', 'https:']) {
+    try {
+        const parsedUrl = new URL(url);
+        if (!protocols.includes(parsedUrl.protocol)) {
+            return _('URL must use one of the following protocols: ') + protocols.join(', ');
+        }
+        return true;
+    } catch (e) {
+        return _('Invalid URL format');
+    }
+}
+
+function createConfigSection(section, map, network) {
+    const s = section;
+
+    let o = s.tab('basic', _('Basic Settings'));
+
+    o = s.taboption('basic', form.ListValue, 'mode', _('Connection Type'), _('Select between VPN and Proxy connection methods for traffic routing'));
+    o.value('proxy', ('Proxy'));
+    o.value('vpn', ('VPN'));
+    o.value('block', ('Block'));
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.ListValue, 'proxy_config_type', _('Configuration Type'), _('Select how to configure the proxy'));
+    o.value('url', _('Connection URL'));
+    o.value('outbound', _('Outbound Config'));
+    o.default = 'url';
+    o.depends('mode', 'proxy');
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.TextValue, 'proxy_string', _('Proxy Configuration URL'), _(''));
+    o.depends('proxy_config_type', 'url');
+    o.rows = 5;
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.sectionDescriptions = new Map();
+    o.placeholder = 'vless://uuid@server:port?type=tcp&security=tls#main\n// backup ss://method:pass@server:port\n// backup2 vless://uuid@server:port?type=grpc&security=reality#alt';
+
+    o.renderWidget = function (section_id, option_index, cfgvalue) {
+        const original = form.TextValue.prototype.renderWidget.apply(this, [section_id, option_index, cfgvalue]);
+        const container = E('div', {});
+        container.appendChild(original);
+
+        if (cfgvalue) {
+            try {
+                const activeConfig = cfgvalue.split('\n')
+                    .map(line => line.trim())
+                    .find(line => line && !line.startsWith('//'));
+
+                if (activeConfig) {
+                    if (activeConfig.includes('#')) {
+                        const label = activeConfig.split('#').pop();
+                        if (label && label.trim()) {
+                            const decodedLabel = decodeURIComponent(label);
+                            const descDiv = E('div', { 'class': 'cbi-value-description' }, _('Current config: ') + decodedLabel);
+                            container.appendChild(descDiv);
+                        } else {
+                            const descDiv = E('div', { 'class': 'cbi-value-description' }, _('Config without description'));
+                            container.appendChild(descDiv);
+                        }
+                    } else {
+                        const descDiv = E('div', { 'class': 'cbi-value-description' }, _('Config without description'));
+                        container.appendChild(descDiv);
+                    }
+                }
+            } catch (e) {
+                console.error('Error parsing config label:', e);
+                const descDiv = E('div', { 'class': 'cbi-value-description' }, _('Config without description'));
+                container.appendChild(descDiv);
+            }
+        } else {
+            const defaultDesc = E('div', { 'class': 'cbi-value-description' },
+                _('Enter connection string starting with vless:// or ss:// for proxy configuration. Add comments with // for backup configs'));
+            container.appendChild(defaultDesc);
+        }
+
+        return container;
+    };
+
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) {
+            return true;
+        }
+
+        try {
+            const activeConfig = value.split('\n')
+                .map(line => line.trim())
+                .find(line => line && !line.startsWith('//'));
+
+            if (!activeConfig) {
+                return _('No active configuration found. At least one non-commented line is required.');
+            }
+
+            if (!activeConfig.startsWith('vless://') && !activeConfig.startsWith('ss://')) {
+                return _('URL must start with vless:// or ss://');
+            }
+
+            if (activeConfig.startsWith('ss://')) {
+                let encrypted_part;
+                try {
+                    let mainPart = activeConfig.includes('?') ? activeConfig.split('?')[0] : activeConfig.split('#')[0];
+                    encrypted_part = mainPart.split('/')[2].split('@')[0];
+                    try {
+                        let decoded = atob(encrypted_part);
+                        if (!decoded.includes(':')) {
+                            if (!encrypted_part.includes(':') && !encrypted_part.includes('-')) {
+                                return _('Invalid Shadowsocks URL format: missing method and password separator ":"');
+                            }
+                        }
+                    } catch (e) {
+                        if (!encrypted_part.includes(':') && !encrypted_part.includes('-')) {
+                            return _('Invalid Shadowsocks URL format: missing method and password separator ":"');
+                        }
+                    }
+                } catch (e) {
+                    return _('Invalid Shadowsocks URL format');
+                }
+
+                try {
+                    let serverPart = activeConfig.split('@')[1];
+                    if (!serverPart) return _('Invalid Shadowsocks URL: missing server address');
+                    let [server, portAndRest] = serverPart.split(':');
+                    if (!server) return _('Invalid Shadowsocks URL: missing server');
+                    let port = portAndRest ? portAndRest.split(/[?#]/)[0] : null;
+                    if (!port) return _('Invalid Shadowsocks URL: missing port');
+                    let portNum = parseInt(port);
+                    if (isNaN(portNum) || portNum < 1 || portNum > 65535) {
+                        return _('Invalid port number. Must be between 1 and 65535');
+                    }
+                } catch (e) {
+                    return _('Invalid Shadowsocks URL: missing or invalid server/port format');
+                }
+            }
+
+            if (activeConfig.startsWith('vless://')) {
+                let uuid = activeConfig.split('/')[2].split('@')[0];
+                if (!uuid || uuid.length === 0) return _('Invalid VLESS URL: missing UUID');
+
+                try {
+                    let serverPart = activeConfig.split('@')[1];
+                    if (!serverPart) return _('Invalid VLESS URL: missing server address');
+                    let [server, portAndRest] = serverPart.split(':');
+                    if (!server) return _('Invalid VLESS URL: missing server');
+                    let port = portAndRest ? portAndRest.split(/[/?#]/)[0] : null;
+                    if (!port) return _('Invalid VLESS URL: missing port');
+                    let portNum = parseInt(port);
+                    if (isNaN(portNum) || portNum < 1 || portNum > 65535) {
+                        return _('Invalid port number. Must be between 1 and 65535');
+                    }
+                } catch (e) {
+                    return _('Invalid VLESS URL: missing or invalid server/port format');
+                }
+
+                let queryString = activeConfig.split('?')[1];
+                if (!queryString) return _('Invalid VLESS URL: missing query parameters');
+
+                let params = new URLSearchParams(queryString.split('#')[0]);
+                let type = params.get('type');
+                const validTypes = ['tcp', 'raw', 'udp', 'grpc', 'http', 'ws'];
+                if (!type || !validTypes.includes(type)) {
+                    return _('Invalid VLESS URL: type must be one of tcp, raw, udp, grpc, http, ws');
+                }
+
+                let security = params.get('security');
+                const validSecurities = ['tls', 'reality', 'none'];
+                if (!security || !validSecurities.includes(security)) {
+                    return _('Invalid VLESS URL: security must be one of tls, reality, none');
+                }
+
+                if (security === 'reality') {
+                    if (!params.get('pbk')) return _('Invalid VLESS URL: missing pbk parameter for reality security');
+                    if (!params.get('fp')) return _('Invalid VLESS URL: missing fp parameter for reality security');
+                }
+            }
+
+            return true;
+        } catch (e) {
+            console.error('Validation error:', e);
+            return _('Invalid URL format: ') + e.message;
+        }
+    };
+
+    o = s.taboption('basic', form.TextValue, 'outbound_json', _('Outbound Configuration'), _('Enter complete outbound configuration in JSON format'));
+    o.depends('proxy_config_type', 'outbound');
+    o.rows = 10;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        try {
+            const parsed = JSON.parse(value);
+            if (!parsed.type || !parsed.server || !parsed.server_port) {
+                return _('JSON must contain at least type, server and server_port fields');
+            }
+            return true;
+        } catch (e) {
+            return _('Invalid JSON format');
+        }
+    };
+
+    o = s.taboption('basic', form.Flag, 'ss_uot', _('Shadowsocks UDP over TCP'), _('Apply for SS2022'));
+    o.default = '0';
+    o.depends('mode', 'proxy');
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = s.taboption('basic', widgets.DeviceSelect, 'interface', _('Network Interface'), _('Select network interface for VPN connection'));
+    o.depends('mode', 'vpn');
+    o.ucisection = s.section;
+    o.noaliases = true;
+    o.nobridges = false;
+    o.noinactive = false;
+    o.filter = function (section_id, value) {
+        if (['br-lan', 'eth0', 'eth1', 'wan', 'phy0-ap0', 'phy1-ap0', 'pppoe-wan', 'lan'].indexOf(value) !== -1) {
+            return false;
+        }
+
+        var device = this.devices.filter(function (dev) {
+            return dev.getName() === value;
+        })[0];
+
+        if (device) {
+            var type = device.getType();
+            return type !== 'wifi' && type !== 'wireless' && !type.includes('wlan');
+        }
+
+        return true;
+    };
+
+    o = s.taboption('basic', form.Flag, 'domain_list_enabled', _('Community Lists'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.DynamicList, 'domain_list', _('Service List'), _('Select predefined service for routing') + ' <a href="https://github.com/itdoginfo/allow-domains" target="_blank">github.com/itdoginfo/allow-domains</a>');
+    o.placeholder = 'Service list';
+    Object.entries(constants.DOMAIN_LIST_OPTIONS).forEach(([key, label]) => {
+        o.value(key, _(label));
+    });
+
+    o.depends('domain_list_enabled', '1');
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    let lastValues = [];
+    let isProcessing = false;
+
+    o.onchange = function (ev, section_id, value) {
+        if (isProcessing) return;
+        isProcessing = true;
+
+        try {
+            const values = Array.isArray(value) ? value : [value];
+            let newValues = [...values];
+            let notifications = [];
+
+            const selectedRegionalOptions = constants.REGIONAL_OPTIONS.filter(opt => newValues.includes(opt));
+
+            if (selectedRegionalOptions.length > 1) {
+                const lastSelected = selectedRegionalOptions[selectedRegionalOptions.length - 1];
+                const removedRegions = selectedRegionalOptions.slice(0, -1);
+                newValues = newValues.filter(v => v === lastSelected || !constants.REGIONAL_OPTIONS.includes(v));
+                notifications.push(E('p', { class: 'alert-message warning' }, [
+                    E('strong', {}, _('Regional options cannot be used together')), E('br'),
+                    _('Warning: %s cannot be used together with %s. Previous selections have been removed.')
+                        .format(removedRegions.join(', '), lastSelected)
+                ]));
+            }
+
+            if (newValues.includes('russia_inside')) {
+                const removedServices = newValues.filter(v => !constants.ALLOWED_WITH_RUSSIA_INSIDE.includes(v));
+                if (removedServices.length > 0) {
+                    newValues = newValues.filter(v => constants.ALLOWED_WITH_RUSSIA_INSIDE.includes(v));
+                    notifications.push(E('p', { class: 'alert-message warning' }, [
+                        E('strong', {}, _('Russia inside restrictions')), E('br'),
+                        _('Warning: Russia inside can only be used with %s. %s already in Russia inside and have been removed from selection.')
+                            .format(
+                                constants.ALLOWED_WITH_RUSSIA_INSIDE.map(key => constants.DOMAIN_LIST_OPTIONS[key]).filter(label => label !== 'Russia inside').join(', '),
+                                removedServices.join(', ')
+                            )
+                    ]));
+                }
+            }
+
+            if (JSON.stringify(newValues.sort()) !== JSON.stringify(values.sort())) {
+                this.getUIElement(section_id).setValue(newValues);
+            }
+
+            notifications.forEach(notification => ui.addNotification(null, notification));
+            lastValues = newValues;
+        } catch (e) {
+            console.error('Error in onchange handler:', e);
+        } finally {
+            isProcessing = false;
+        }
+    };
+
+    o = s.taboption('basic', form.ListValue, 'custom_domains_list_type', _('User Domain List Type'), _('Select how to add your custom domains'));
+    o.value('disabled', _('Disabled'));
+    o.value('dynamic', _('Dynamic List'));
+    o.value('text', _('Text List'));
+    o.default = 'disabled';
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.DynamicList, 'custom_domains', _('User Domains'), _('Enter domain names without protocols (example: sub.example.com or example.com)'));
+    o.placeholder = 'Domains list';
+    o.depends('custom_domains_list_type', 'dynamic');
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        const domainRegex = /^(?!-)[A-Za-z0-9-]+([-.][A-Za-z0-9-]+)*(\.[A-Za-z]{2,})?$/;
+        if (!domainRegex.test(value)) {
+            return _('Invalid domain format. Enter domain without protocol (example: sub.example.com or ru)');
+        }
+        return true;
+    };
+
+    o = s.taboption('basic', form.TextValue, 'custom_domains_text', _('User Domains List'), _('Enter domain names separated by comma, space or newline. You can add comments after //'));
+    o.placeholder = 'example.com, sub.example.com\n// Social networks\ndomain.com test.com // personal domains';
+    o.depends('custom_domains_list_type', 'text');
+    o.rows = 8;
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+
+        const domainRegex = /^(?!-)[A-Za-z0-9-]+([-.][A-Za-z0-9-]+)*(\.[A-Za-z]{2,})?$/;
+        const lines = value.split(/\n/).map(line => line.trim());
+        let hasValidDomain = false;
+
+        for (const line of lines) {
+            // Skip empty lines
+            if (!line) continue;
+
+            // Extract domain part (before any //)
+            const domainPart = line.split('//')[0].trim();
+
+            // Skip if line is empty after removing comments
+            if (!domainPart) continue;
+
+            // Process each domain in the line (separated by comma or space)
+            const domains = domainPart.split(/[,\s]+/).map(d => d.trim()).filter(d => d.length > 0);
+
+            for (const domain of domains) {
+                if (!domainRegex.test(domain)) {
+                    return _('Invalid domain format: %s. Enter domain without protocol').format(domain);
+                }
+                hasValidDomain = true;
+            }
+        }
+
+        if (!hasValidDomain) {
+            return _('At least one valid domain must be specified. Comments-only content is not allowed.');
+        }
+
+        return true;
+    };
+
+    o = s.taboption('basic', form.Flag, 'custom_local_domains_list_enabled', _('Local Domain Lists'), _('Use the list from the router filesystem'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.DynamicList, 'custom_local_domains', _('Local Domain Lists Path'), _('Enter the list file path'));
+    o.placeholder = '/path/file.lst';
+    o.depends('custom_local_domains_list_enabled', '1');
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        const pathRegex = /^\/[a-zA-Z0-9_\-\/\.]+$/;
+        if (!pathRegex.test(value)) {
+            return _('Invalid path format. Path must start with "/" and contain valid characters');
+        }
+        return true;
+    };
+
+    o = s.taboption('basic', form.Flag, 'custom_download_domains_list_enabled', _('Remote Domain Lists'), _('Download and use domain lists from remote URLs'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.DynamicList, 'custom_download_domains', _('Remote Domain URLs'), _('Enter full URLs starting with http:// or https://'));
+    o.placeholder = 'URL';
+    o.depends('custom_download_domains_list_enabled', '1');
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        return validateUrl(value);
+    };
+
+    o = s.taboption('basic', form.ListValue, 'custom_subnets_list_enabled', _('User Subnet List Type'), _('Select how to add your custom subnets'));
+    o.value('disabled', _('Disabled'));
+    o.value('dynamic', _('Dynamic List'));
+    o.value('text', _('Text List (comma/space/newline separated)'));
+    o.default = 'disabled';
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.DynamicList, 'custom_subnets', _('User Subnets'), _('Enter subnets in CIDR notation (example: 103.21.244.0/22) or single IP addresses'));
+    o.placeholder = 'IP or subnet';
+    o.depends('custom_subnets_list_enabled', 'dynamic');
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        const subnetRegex = /^(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?$/;
+        if (!subnetRegex.test(value)) return _('Invalid format. Use format: X.X.X.X or X.X.X.X/Y');
+        const [ip, cidr] = value.split('/');
+        if (ip === "0.0.0.0") {
+             return _('IP address 0.0.0.0 is not allowed');
+        }
+        const ipParts = ip.split('.');
+        for (const part of ipParts) {
+            const num = parseInt(part);
+            if (num < 0 || num > 255) return _('IP address parts must be between 0 and 255');
+        }
+        if (cidr !== undefined) {
+            const cidrNum = parseInt(cidr);
+            if (cidrNum < 0 || cidrNum > 32) return _('CIDR must be between 0 and 32');
+        }
+        return true;
+    };
+
+    o = s.taboption('basic', form.TextValue, 'custom_subnets_text', _('User Subnets List'), _('Enter subnets in CIDR notation or single IP addresses, separated by comma, space or newline. You can add comments after //'));
+    o.placeholder = '103.21.244.0/22\n// Google DNS\n8.8.8.8\n1.1.1.1/32, 9.9.9.9 // Cloudflare and Quad9';
+    o.depends('custom_subnets_list_enabled', 'text');
+    o.rows = 10;
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+
+        const subnetRegex = /^(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?$/;
+        const lines = value.split(/\n/).map(line => line.trim());
+        let hasValidSubnet = false;
+
+        for (const line of lines) {
+            // Skip empty lines
+            if (!line) continue;
+
+            // Extract subnet part (before any //)
+            const subnetPart = line.split('//')[0].trim();
+
+            // Skip if line is empty after removing comments
+            if (!subnetPart) continue;
+
+            // Process each subnet in the line (separated by comma or space)
+            const subnets = subnetPart.split(/[,\s]+/).map(s => s.trim()).filter(s => s.length > 0);
+
+            for (const subnet of subnets) {
+                if (!subnetRegex.test(subnet)) {
+                    return _('Invalid format: %s. Use format: X.X.X.X or X.X.X.X/Y').format(subnet);
+                }
+
+                const [ip, cidr] = subnet.split('/');
+                const ipParts = ip.split('.');
+                for (const part of ipParts) {
+                    const num = parseInt(part);
+                    if (num < 0 || num > 255) {
+                        return _('IP parts must be between 0 and 255 in: %s').format(subnet);
+                    }
+                }
+
+                if (cidr !== undefined) {
+                    const cidrNum = parseInt(cidr);
+                    if (cidrNum < 0 || cidrNum > 32) {
+                        return _('CIDR must be between 0 and 32 in: %s').format(subnet);
+                    }
+                }
+                hasValidSubnet = true;
+            }
+        }
+
+        if (!hasValidSubnet) {
+            return _('At least one valid subnet or IP must be specified. Comments-only content is not allowed.');
+        }
+
+        return true;
+    };
+
+    o = s.taboption('basic', form.Flag, 'custom_download_subnets_list_enabled', _('Remote Subnet Lists'), _('Download and use subnet lists from remote URLs'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.DynamicList, 'custom_download_subnets', _('Remote Subnet URLs'), _('Enter full URLs starting with http:// or https://'));
+    o.placeholder = 'URL';
+    o.depends('custom_download_subnets_list_enabled', '1');
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        return validateUrl(value);
+    };
+
+    o = s.taboption('basic', form.Flag, 'all_traffic_from_ip_enabled', _('IP for full redirection'), _('Specify local IP addresses whose traffic will always use the configured route'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.DynamicList, 'all_traffic_ip', _('Local IPs'), _('Enter valid IPv4 addresses'));
+    o.placeholder = 'IP';
+    o.depends('all_traffic_from_ip_enabled', '1');
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        const ipRegex = /^(\d{1,3}\.){3}\d{1,3}$/;
+        if (!ipRegex.test(value)) return _('Invalid IP format. Use format: X.X.X.X (like 192.168.1.1)');
+        const ipParts = value.split('.');
+        for (const part of ipParts) {
+            const num = parseInt(part);
+            if (num < 0 || num > 255) return _('IP address parts must be between 0 and 255');
+        }
+        return true;
+    };
+}
+
+return baseclass.extend({
+    createConfigSection
+});

luci-app-podkop/htdocs/luci-static/resources/view/podkop/constants.js

@@ -0,0 +1,107 @@
+'use strict';
+'require baseclass';
+
+const STATUS_COLORS = {
+    SUCCESS: '#4caf50',
+    ERROR: '#f44336',
+    WARNING: '#ff9800'
+};
+
+const FAKEIP_CHECK_DOMAIN = 'fakeip.podkop.fyi';
+const IP_CHECK_DOMAIN = 'ip.podkop.fyi';
+
+const REGIONAL_OPTIONS = ['russia_inside', 'russia_outside', 'ukraine_inside'];
+const ALLOWED_WITH_RUSSIA_INSIDE = [
+    'russia_inside',
+    'meta',
+    'twitter',
+    'discord',
+    'telegram',
+    'cloudflare',
+    'google_ai',
+    'google_play',
+    'hetzner',
+    'ovh'
+];
+
+const DOMAIN_LIST_OPTIONS = {
+    russia_inside: 'Russia inside',
+    russia_outside: 'Russia outside',
+    ukraine_inside: 'Ukraine',
+    geoblock: 'Geo Block',
+    block: 'Block',
+    porn: 'Porn',
+    news: 'News',
+    anime: 'Anime',
+    youtube: 'Youtube',
+    discord: 'Discord',
+    meta: 'Meta',
+    twitter: 'Twitter (X)',
+    hdrezka: 'HDRezka',
+    tiktok: 'Tik-Tok',
+    telegram: 'Telegram',
+    cloudflare: 'Cloudflare',
+    google_ai: 'Google AI',
+    google_play: 'Google Play',
+    hetzner: 'Hetzner ASN',
+    ovh: 'OVH ASN'
+};
+
+const UPDATE_INTERVAL_OPTIONS = {
+    '1h': 'Every hour',
+    '3h': 'Every 3 hours',
+    '12h': 'Every 12 hours',
+    '1d': 'Every day',
+    '3d': 'Every 3 days'
+};
+
+const DNS_SERVER_OPTIONS = {
+    '1.1.1.1': 'Cloudflare (1.1.1.1)',
+    '8.8.8.8': 'Google (8.8.8.8)',
+    '9.9.9.9': 'Quad9 (9.9.9.9)',
+    'dns.adguard-dns.com': 'AdGuard Default (dns.adguard-dns.com)',
+    'unfiltered.adguard-dns.com': 'AdGuard Unfiltered (unfiltered.adguard-dns.com)',
+    'family.adguard-dns.com': 'AdGuard Family (family.adguard-dns.com)'
+};
+
+const DIAGNOSTICS_UPDATE_INTERVAL = 10000; // 10 seconds
+const CACHE_TIMEOUT = DIAGNOSTICS_UPDATE_INTERVAL - 1000; // 9 seconds
+const ERROR_POLL_INTERVAL = 10000; // 10 seconds
+const COMMAND_TIMEOUT = 10000; // 10 seconds
+const FETCH_TIMEOUT = 10000; // 10 seconds
+const BUTTON_FEEDBACK_TIMEOUT = 1000; // 1 second
+const DIAGNOSTICS_INITIAL_DELAY = 100; // 100 milliseconds
+
+// Интервалы планирования команд в диагностике (в миллисекундах)
+const COMMAND_SCHEDULING = {
+    P0_PRIORITY: 0,      // Наивысший приоритет (без задержки)
+    P1_PRIORITY: 100,    // Очень высокий приоритет
+    P2_PRIORITY: 300,    // Высокий приоритет
+    P3_PRIORITY: 500,    // Выше среднего
+    P4_PRIORITY: 700,    // Стандартный приоритет
+    P5_PRIORITY: 900,    // Ниже среднего
+    P6_PRIORITY: 1100,   // Низкий приоритет
+    P7_PRIORITY: 1300,   // Очень низкий приоритет
+    P8_PRIORITY: 1500,   // Фоновое выполнение
+    P9_PRIORITY: 1700,   // Выполнение в режиме простоя
+    P10_PRIORITY: 1900   // Наименьший приоритет
+};
+
+return baseclass.extend({
+    STATUS_COLORS,
+    FAKEIP_CHECK_DOMAIN,
+    IP_CHECK_DOMAIN,
+    REGIONAL_OPTIONS,
+    ALLOWED_WITH_RUSSIA_INSIDE,
+    DOMAIN_LIST_OPTIONS,
+    UPDATE_INTERVAL_OPTIONS,
+    DNS_SERVER_OPTIONS,
+    DIAGNOSTICS_UPDATE_INTERVAL,
+    ERROR_POLL_INTERVAL,
+    COMMAND_TIMEOUT,
+    FETCH_TIMEOUT,
+    BUTTON_FEEDBACK_TIMEOUT,
+    DIAGNOSTICS_INITIAL_DELAY,
+    COMMAND_SCHEDULING,
+    CACHE_TIMEOUT
+});

luci-app-podkop/htdocs/luci-static/resources/view/podkop/diagnosticTab.js

@@ -0,0 +1,887 @@
+'use strict';
+'require baseclass';
+'require form';
+'require ui';
+'require uci';
+'require fs';
+'require view.podkop.constants as constants';
+'require view.podkop.utils as utils';
+
+// Cache system for network requests
+const fetchCache = {};
+
+// Helper function to fetch with cache
+async function cachedFetch(url, options = {}) {
+    const cacheKey = url;
+    const currentTime = Date.now();
+
+    // If we have a valid cached response, return it
+    if (fetchCache[cacheKey] && currentTime - fetchCache[cacheKey].timestamp < constants.CACHE_TIMEOUT) {
+        console.log(`Using cached response for ${url}`);
+        return Promise.resolve(fetchCache[cacheKey].response.clone());
+    }
+
+    // Otherwise, make a new request
+    try {
+        const response = await fetch(url, options);
+
+        // Cache the response
+        fetchCache[cacheKey] = {
+            response: response.clone(),
+            timestamp: currentTime
+        };
+
+        return response;
+    } catch (error) {
+        throw error;
+    }
+}
+
+// Helper functions for command execution with prioritization - Using from utils.js now
+function safeExec(command, args, priority, callback, timeout = constants.COMMAND_TIMEOUT) {
+    return utils.safeExec(command, args, priority, callback, timeout);
+}
+
+// Helper functions for handling checks
+function runCheck(checkFunction, priority, callback) {
+    // Default to highest priority execution if priority is not provided or invalid
+    let schedulingDelay = constants.COMMAND_SCHEDULING.P0_PRIORITY;
+
+    // If priority is a string, try to get the corresponding delay value
+    if (typeof priority === 'string' && constants.COMMAND_SCHEDULING[priority] !== undefined) {
+        schedulingDelay = constants.COMMAND_SCHEDULING[priority];
+    }
+
+    const executeCheck = async () => {
+        try {
+            const result = await checkFunction();
+            if (callback && typeof callback === 'function') {
+                callback(result);
+            }
+            return result;
+        } catch (error) {
+            if (callback && typeof callback === 'function') {
+                callback({ error });
+            }
+            return { error };
+        }
+    };
+
+    if (callback && typeof callback === 'function') {
+        setTimeout(executeCheck, schedulingDelay);
+        return;
+    } else {
+        return executeCheck();
+    }
+}
+
+function runAsyncTask(taskFunction, priority) {
+    // Default to highest priority execution if priority is not provided or invalid
+    let schedulingDelay = constants.COMMAND_SCHEDULING.P0_PRIORITY;
+
+    // If priority is a string, try to get the corresponding delay value
+    if (typeof priority === 'string' && constants.COMMAND_SCHEDULING[priority] !== undefined) {
+        schedulingDelay = constants.COMMAND_SCHEDULING[priority];
+    }
+
+    setTimeout(async () => {
+        try {
+            await taskFunction();
+        } catch (error) {
+            console.error('Async task error:', error);
+        }
+    }, schedulingDelay);
+}
+
+// Helper Functions for UI and formatting
+function createStatus(state, message, color) {
+    return {
+        state,
+        message: _(message),
+        color: constants.STATUS_COLORS[color]
+    };
+}
+
+function formatDiagnosticOutput(output) {
+    if (typeof output !== 'string') return '';
+    return output.trim()
+        .replace(/\x1b\[[0-9;]*m/g, '')
+        .replace(/\r\n/g, '\n')
+        .replace(/\r/g, '\n');
+}
+
+function copyToClipboard(text, button) {
+    const textarea = document.createElement('textarea');
+    textarea.value = text;
+    document.body.appendChild(textarea);
+    textarea.select();
+    try {
+        document.execCommand('copy');
+        const originalText = button.textContent;
+        button.textContent = _('Copied!');
+        setTimeout(() => button.textContent = originalText, constants.BUTTON_FEEDBACK_TIMEOUT);
+    } catch (err) {
+        ui.addNotification(null, E('p', {}, _('Failed to copy: ') + err.message));
+    }
+    document.body.removeChild(textarea);
+}
+
+// IP masking function
+function maskIP(ip) {
+    if (!ip) return '';
+    const parts = ip.split('.');
+    if (parts.length !== 4) return ip;
+    return ['XX', 'XX', 'XX', parts[3]].join('.');
+}
+
+// Status Check Functions
+async function checkFakeIP() {
+    try {
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), constants.FETCH_TIMEOUT);
+
+        try {
+            const response = await cachedFetch(`https://${constants.FAKEIP_CHECK_DOMAIN}/check`, { signal: controller.signal });
+            const data = await response.json();
+            clearTimeout(timeoutId);
+
+            if (data.fakeip === true) {
+                return createStatus('working', 'working', 'SUCCESS');
+            } else {
+                return createStatus('not_working', 'not working', 'ERROR');
+            }
+        } catch (fetchError) {
+            clearTimeout(timeoutId);
+            const message = fetchError.name === 'AbortError' ? 'timeout' : 'check error';
+            return createStatus('error', message, 'WARNING');
+        }
+    } catch (error) {
+        return createStatus('error', 'check error', 'WARNING');
+    }
+}
+
+async function checkFakeIPCLI() {
+    try {
+        return new Promise((resolve) => {
+            safeExec('nslookup', ['-timeout=2', constants.FAKEIP_CHECK_DOMAIN, '127.0.0.42'], 'P0_PRIORITY', result => {
+                if (result.stdout && result.stdout.includes('198.18')) {
+                    resolve(createStatus('working', 'working on router', 'SUCCESS'));
+                } else {
+                    resolve(createStatus('not_working', 'not working on router', 'ERROR'));
+                }
+            });
+        });
+    } catch (error) {
+        return createStatus('error', 'CLI check error', 'WARNING');
+    }
+}
+
+function checkDNSAvailability() {
+    return new Promise(async (resolve) => {
+        try {
+            safeExec('/usr/bin/podkop', ['check_dns_available'], 'P0_PRIORITY', dnsStatusResult => {
+                if (!dnsStatusResult || !dnsStatusResult.stdout) {
+                    return resolve({
+                        remote: createStatus('error', 'DNS check timeout', 'WARNING'),
+                        local: createStatus('error', 'DNS check timeout', 'WARNING')
+                    });
+                }
+
+                try {
+                    const dnsStatus = JSON.parse(dnsStatusResult.stdout);
+
+                    const remoteStatus = dnsStatus.is_available ?
+                        createStatus('available', `${dnsStatus.dns_type.toUpperCase()} (${dnsStatus.dns_server}) available`, 'SUCCESS') :
+                        createStatus('unavailable', `${dnsStatus.dns_type.toUpperCase()} (${dnsStatus.dns_server}) unavailable`, 'ERROR');
+
+                    const localStatus = dnsStatus.local_dns_working ?
+                        createStatus('available', 'Router DNS working', 'SUCCESS') :
+                        createStatus('unavailable', 'Router DNS not working', 'ERROR');
+
+                    return resolve({
+                        remote: remoteStatus,
+                        local: localStatus
+                    });
+                } catch (parseError) {
+                    return resolve({
+                        remote: createStatus('error', 'DNS check parse error', 'WARNING'),
+                        local: createStatus('error', 'DNS check parse error', 'WARNING')
+                    });
+                }
+            });
+        } catch (error) {
+            return resolve({
+                remote: createStatus('error', 'DNS check error', 'WARNING'),
+                local: createStatus('error', 'DNS check error', 'WARNING')
+            });
+        }
+    });
+}
+
+async function checkBypass() {
+    try {
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), constants.FETCH_TIMEOUT);
+
+        try {
+            const response1 = await cachedFetch(`https://${constants.FAKEIP_CHECK_DOMAIN}/check`, { signal: controller.signal });
+            const data1 = await response1.json();
+
+            const response2 = await cachedFetch(`https://${constants.IP_CHECK_DOMAIN}/check`, { signal: controller.signal });
+            const data2 = await response2.json();
+
+            clearTimeout(timeoutId);
+
+            if (data1.IP && data2.IP) {
+                if (data1.IP !== data2.IP) {
+                    return createStatus('working', 'working', 'SUCCESS');
+                } else {
+                    return createStatus('not_working', 'same IP for both domains', 'ERROR');
+                }
+            } else {
+                return createStatus('error', 'check error (no IP)', 'WARNING');
+            }
+        } catch (fetchError) {
+            clearTimeout(timeoutId);
+            const message = fetchError.name === 'AbortError' ? 'timeout' : 'check error';
+            return createStatus('error', message, 'WARNING');
+        }
+    } catch (error) {
+        return createStatus('error', 'check error', 'WARNING');
+    }
+}
+
+// Modal Functions
+function createModalContent(title, content) {
+    return [
+        E('div', {
+            'class': 'panel-body',
+            style: 'max-height: 70vh; overflow-y: auto; margin: 1em 0; padding: 1.5em; ' +
+                'font-family: monospace; white-space: pre-wrap; word-wrap: break-word; ' +
+                'line-height: 1.5; font-size: 14px;'
+        }, [
+            E('pre', { style: 'margin: 0;' }, content)
+        ]),
+        E('div', {
+            'class': 'right',
+            style: 'margin-top: 1em;'
+        }, [
+            E('button', {
+                'class': 'btn',
+                'click': ev => copyToClipboard('```txt\n' + content + '\n```', ev.target)
+            }, _('Copy to Clipboard')),
+            E('button', {
+                'class': 'btn',
+                'click': ui.hideModal
+            }, _('Close'))
+        ])
+    ];
+}
+
+function showConfigModal(command, title) {
+    // Create and show modal immediately with loading state
+    const modalContent = E('div', { 'class': 'panel-body' }, [
+        E('div', {
+            'class': 'panel-body',
+            style: 'max-height: 70vh; overflow-y: auto; margin: 1em 0; padding: 1.5em; ' +
+                'font-family: monospace; white-space: pre-wrap; word-wrap: break-word; ' +
+                'line-height: 1.5; font-size: 14px;'
+        }, [
+            E('pre', {
+                'id': 'modal-content-pre',
+                style: 'margin: 0;'
+            }, _('Loading...'))
+        ]),
+        E('div', {
+            'class': 'right',
+            style: 'margin-top: 1em;'
+        }, [
+            E('button', {
+                'class': 'btn',
+                'id': 'copy-button',
+                'click': ev => copyToClipboard('```txt\n' + document.getElementById('modal-content-pre').innerText + '\n```', ev.target)
+            }, _('Copy to Clipboard')),
+            E('button', {
+                'class': 'btn',
+                'click': ui.hideModal
+            }, _('Close'))
+        ])
+    ]);
+
+    ui.showModal(_(title), modalContent);
+
+    // Function to update modal content
+    const updateModalContent = (content) => {
+        const pre = document.getElementById('modal-content-pre');
+        if (pre) {
+            pre.textContent = content;
+        }
+    };
+
+    try {
+        let formattedOutput = '';
+
+        if (command === 'global_check') {
+            safeExec('/usr/bin/podkop', [command], 'P0_PRIORITY', res => {
+                formattedOutput = formatDiagnosticOutput(res.stdout || _('No output'));
+
+                try {
+                    const controller = new AbortController();
+                    const timeoutId = setTimeout(() => controller.abort(), constants.FETCH_TIMEOUT);
+
+                    cachedFetch(`https://${constants.FAKEIP_CHECK_DOMAIN}/check`, { signal: controller.signal })
+                        .then(response => response.json())
+                        .then(data => {
+                            clearTimeout(timeoutId);
+
+                            if (data.fakeip === true) {
+                                formattedOutput += '\n✅ ' + _('FakeIP is working in browser!') + '\n';
+                            } else {
+                                formattedOutput += '\n❌ ' + _('FakeIP is not working in browser') + '\n';
+                                formattedOutput += _('Check DNS server on current device (PC, phone)') + '\n';
+                                formattedOutput += _('Its must be router!') + '\n';
+                            }
+
+                            // Bypass check
+                            cachedFetch(`https://${constants.FAKEIP_CHECK_DOMAIN}/check`, { signal: controller.signal })
+                                .then(bypassResponse => bypassResponse.json())
+                                .then(bypassData => {
+                                    cachedFetch(`https://${constants.IP_CHECK_DOMAIN}/check`, { signal: controller.signal })
+                                        .then(bypassResponse2 => bypassResponse2.json())
+                                        .then(bypassData2 => {
+                                            formattedOutput += '━━━━━━━━━━━━━━━━━━━━━━━━━━━\n';
+
+                                            if (bypassData.IP && bypassData2.IP && bypassData.IP !== bypassData2.IP) {
+                                                formattedOutput += '✅ ' + _('Proxy working correctly') + '\n';
+                                                formattedOutput += _('Direct IP: ') + maskIP(bypassData.IP) + '\n';
+                                                formattedOutput += _('Proxy IP: ') + maskIP(bypassData2.IP) + '\n';
+                                            } else if (bypassData.IP === bypassData2.IP) {
+                                                formattedOutput += '❌ ' + _('Proxy is not working - same IP for both domains') + '\n';
+                                                formattedOutput += _('IP: ') + maskIP(bypassData.IP) + '\n';
+                                            } else {
+                                                formattedOutput += '❌ ' + _('Proxy check failed') + '\n';
+                                            }
+
+                                            updateModalContent(formattedOutput);
+                                        })
+                                        .catch(error => {
+                                            formattedOutput += '\n❌ ' + _('Check failed: ') + (error.name === 'AbortError' ? _('timeout') : error.message) + '\n';
+                                            updateModalContent(formattedOutput);
+                                        });
+                                })
+                                .catch(error => {
+                                    formattedOutput += '\n❌ ' + _('Check failed: ') + (error.name === 'AbortError' ? _('timeout') : error.message) + '\n';
+                                    updateModalContent(formattedOutput);
+                                });
+                        })
+                        .catch(error => {
+                            formattedOutput += '\n❌ ' + _('Check failed: ') + (error.name === 'AbortError' ? _('timeout') : error.message) + '\n';
+                            updateModalContent(formattedOutput);
+                        });
+                } catch (error) {
+                    formattedOutput += '\n❌ ' + _('Check failed: ') + error.message + '\n';
+                    updateModalContent(formattedOutput);
+                }
+            });
+        } else {
+            safeExec('/usr/bin/podkop', [command], 'P0_PRIORITY', res => {
+                formattedOutput = formatDiagnosticOutput(res.stdout || _('No output'));
+                updateModalContent(formattedOutput);
+            });
+        }
+    } catch (error) {
+        updateModalContent(_('Error: ') + error.message);
+    }
+}
+
+// Button Factory
+const ButtonFactory = {
+    createButton: function (config) {
+        return E('button', {
+            'class': `btn ${config.additionalClass || ''}`.trim(),
+            'click': config.onClick,
+            'style': config.style || ''
+        }, _(config.label));
+    },
+
+    createActionButton: function (config) {
+        return this.createButton({
+            label: config.label,
+            additionalClass: `cbi-button-${config.type || ''}`,
+            onClick: () => safeExec('/usr/bin/podkop', [config.action], 'P0_PRIORITY')
+                .then(() => config.reload && location.reload()),
+            style: config.style
+        });
+    },
+
+    createInitActionButton: function (config) {
+        return this.createButton({
+            label: config.label,
+            additionalClass: `cbi-button-${config.type || ''}`,
+            onClick: () => safeExec('/etc/init.d/podkop', [config.action], 'P0_PRIORITY')
+                .then(() => config.reload && location.reload()),
+            style: config.style
+        });
+    },
+
+    createModalButton: function (config) {
+        return this.createButton({
+            label: config.label,
+            onClick: () => showConfigModal(config.command, config.title),
+            additionalClass: `cbi-button-${config.type || ''}`,
+            style: config.style
+        });
+    }
+};
+
+// Create a loading placeholder for status text
+function createLoadingStatusText() {
+    return E('span', { 'class': 'loading-indicator' }, _('Loading...'));
+}
+
+// Create the status section with buttons loaded immediately but status indicators loading asynchronously
+let createStatusSection = async function () {
+    // Get initial podkop status
+    let initialPodkopStatus = { enabled: false };
+    try {
+        const result = await fs.exec('/usr/bin/podkop', ['get_status']);
+        if (result && result.stdout) {
+            const status = JSON.parse(result.stdout);
+            initialPodkopStatus.enabled = status.enabled === 1;
+        }
+    } catch (e) {
+        console.error('Error getting initial podkop status:', e);
+    }
+
+    return E('div', { 'class': 'cbi-section' }, [
+        E('div', { 'class': 'table', style: 'display: flex; gap: 20px;' }, [
+            // Podkop Status Panel
+            E('div', { 'id': 'podkop-status-panel', 'class': 'panel', 'style': 'flex: 1; padding: 15px;' }, [
+                E('div', { 'class': 'panel-heading' }, [
+                    E('strong', {}, _('Podkop Status')),
+                    E('br'),
+                    E('span', { 'id': 'podkop-status-text' }, createLoadingStatusText())
+                ]),
+                E('div', { 'class': 'panel-body', 'style': 'display: flex; flex-direction: column; gap: 8px;' }, [
+                    ButtonFactory.createActionButton({
+                        label: 'Restart Podkop',
+                        type: 'apply',
+                        action: 'restart',
+                        reload: true
+                    }),
+                    ButtonFactory.createActionButton({
+                        label: 'Stop Podkop',
+                        type: 'apply',
+                        action: 'stop',
+                        reload: true
+                    }),
+                    // Autostart button - create with initial state
+                    ButtonFactory.createInitActionButton({
+                        label: initialPodkopStatus.enabled ? 'Disable Autostart' : 'Enable Autostart',
+                        type: initialPodkopStatus.enabled ? 'remove' : 'apply',
+                        action: initialPodkopStatus.enabled ? 'disable' : 'enable',
+                        reload: true
+                    }),
+                    ButtonFactory.createModalButton({
+                        label: _('Global check'),
+                        command: 'global_check',
+                        title: _('Click here for all the info')
+                    }),
+                    ButtonFactory.createModalButton({
+                        label: 'View Logs',
+                        command: 'check_logs',
+                        title: 'Podkop Logs'
+                    }),
+                    ButtonFactory.createModalButton({
+                        label: _('Update Lists'),
+                        command: 'list_update',
+                        title: _('Lists Update Results')
+                    })
+                ])
+            ]),
+
+            // Sing-box Status Panel
+            E('div', { 'id': 'singbox-status-panel', 'class': 'panel', 'style': 'flex: 1; padding: 15px;' }, [
+                E('div', { 'class': 'panel-heading' }, [
+                    E('strong', {}, _('Sing-box Status')),
+                    E('br'),
+                    E('span', { 'id': 'singbox-status-text' }, createLoadingStatusText())
+                ]),
+                E('div', { 'class': 'panel-body', 'style': 'display: flex; flex-direction: column; gap: 8px;' }, [
+                    ButtonFactory.createModalButton({
+                        label: 'Show Config',
+                        command: 'show_sing_box_config',
+                        title: 'Sing-box Configuration'
+                    }),
+                    ButtonFactory.createModalButton({
+                        label: 'View Logs',
+                        command: 'check_sing_box_logs',
+                        title: 'Sing-box Logs'
+                    }),
+                    ButtonFactory.createModalButton({
+                        label: 'Check Connections',
+                        command: 'check_sing_box_connections',
+                        title: 'Active Connections'
+                    }),
+                    ButtonFactory.createModalButton({
+                        label: _('Check NFT Rules'),
+                        command: 'check_nft',
+                        title: _('NFT Rules')
+                    }),
+                    ButtonFactory.createModalButton({
+                        label: _('Check DNSMasq'),
+                        command: 'check_dnsmasq',
+                        title: _('DNSMasq Configuration')
+                    })
+                ])
+            ]),
+
+            // FakeIP Status Panel
+            E('div', { 'id': 'fakeip-status-panel', 'class': 'panel', 'style': 'flex: 1; padding: 15px;' }, [
+                E('div', { 'class': 'panel-heading' }, [
+                    E('strong', {}, _('FakeIP Status'))
+                ]),
+                E('div', { 'class': 'panel-body', 'style': 'display: flex; flex-direction: column; gap: 8px;' }, [
+                    E('div', { style: 'margin-bottom: 5px;' }, [
+                        E('div', {}, [
+                            E('span', { 'id': 'fakeip-browser-status' }, createLoadingStatusText())
+                        ]),
+                        E('div', {}, [
+                            E('span', { 'id': 'fakeip-router-status' }, createLoadingStatusText())
+                        ])
+                    ]),
+                    E('div', { style: 'margin-bottom: 5px;' }, [
+                        E('div', {}, [
+                            E('strong', {}, _('DNS Status')),
+                            E('br'),
+                            E('span', { 'id': 'dns-remote-status' }, createLoadingStatusText()),
+                            E('br'),
+                            E('span', { 'id': 'dns-local-status' }, createLoadingStatusText())
+                        ])
+                    ]),
+                    E('div', { style: 'margin-bottom: 5px;' }, [
+                        E('div', {}, [
+                            E('strong', { 'id': 'config-name-text' }, _('Main config')),
+                            E('br'),
+                            E('span', { 'id': 'bypass-status' }, createLoadingStatusText())
+                        ])
+                    ])
+                ])
+            ]),
+
+            // Version Information Panel
+            E('div', { 'id': 'version-info-panel', 'class': 'panel', 'style': 'flex: 1; padding: 15px;' }, [
+                E('div', { 'class': 'panel-heading' }, [
+                    E('strong', {}, _('Version Information'))
+                ]),
+                E('div', { 'class': 'panel-body' }, [
+                    E('div', { 'style': 'margin-top: 10px; font-family: monospace; white-space: pre-wrap;' }, [
+                        E('strong', {}, _('Podkop: ')), E('span', { 'id': 'podkop-version' }, _('Loading...')), '\n',
+                        E('strong', {}, _('LuCI App: ')), E('span', { 'id': 'luci-version' }, _('Loading...')), '\n',
+                        E('strong', {}, _('Sing-box: ')), E('span', { 'id': 'singbox-version' }, _('Loading...')), '\n',
+                        E('strong', {}, _('OpenWrt Version: ')), E('span', { 'id': 'openwrt-version' }, _('Loading...')), '\n',
+                        E('strong', {}, _('Device Model: ')), E('span', { 'id': 'device-model' }, _('Loading...'))
+                    ])
+                ])
+            ])
+        ])
+    ]);
+};
+
+// Global variables for tracking state
+let diagnosticsUpdateTimer = null;
+let isInitialCheck = true;
+showConfigModal.busy = false;
+
+function startDiagnosticsUpdates() {
+    if (diagnosticsUpdateTimer) {
+        clearInterval(diagnosticsUpdateTimer);
+    }
+
+    // Immediately update when started
+    updateDiagnostics();
+
+    // Then set up periodic updates
+    diagnosticsUpdateTimer = setInterval(updateDiagnostics, constants.DIAGNOSTICS_UPDATE_INTERVAL);
+}
+
+function stopDiagnosticsUpdates() {
+    if (diagnosticsUpdateTimer) {
+        clearInterval(diagnosticsUpdateTimer);
+        diagnosticsUpdateTimer = null;
+    }
+}
+
+// Update individual text element with new content
+function updateTextElement(elementId, content) {
+    const element = document.getElementById(elementId);
+    if (element) {
+        element.innerHTML = '';
+        element.appendChild(content);
+    }
+}
+
+async function updateDiagnostics() {
+    // Podkop Status check
+    safeExec('/usr/bin/podkop', ['get_status'], 'P0_PRIORITY', result => {
+        try {
+            const parsedPodkopStatus = JSON.parse(result.stdout || '{"enabled":0,"status":"error"}');
+
+            // Update Podkop status text
+            updateTextElement('podkop-status-text',
+                E('span', {
+                    'style': `color: ${parsedPodkopStatus.enabled ? constants.STATUS_COLORS.SUCCESS : constants.STATUS_COLORS.ERROR}`
+                }, [
+                    parsedPodkopStatus.enabled ? '✔ Autostart enabled' : '✘ Autostart disabled'
+                ])
+            );
+
+            // Update autostart button
+            const autostartButton = parsedPodkopStatus.enabled ?
+                ButtonFactory.createInitActionButton({
+                    label: 'Disable Autostart',
+                    type: 'remove',
+                    action: 'disable',
+                    reload: true
+                }) :
+                ButtonFactory.createInitActionButton({
+                    label: 'Enable Autostart',
+                    type: 'apply',
+                    action: 'enable',
+                    reload: true
+                });
+
+            // Find the autostart button and replace it
+            const panel = document.getElementById('podkop-status-panel');
+            if (panel) {
+                const buttons = panel.querySelectorAll('.cbi-button');
+                if (buttons.length >= 3) {
+                    buttons[2].parentNode.replaceChild(autostartButton, buttons[2]);
+                }
+            }
+        } catch (error) {
+            updateTextElement('podkop-status-text',
+                E('span', { 'style': `color: ${constants.STATUS_COLORS.ERROR}` }, '✘ Error')
+            );
+        }
+    });
+
+    // Sing-box Status check
+    safeExec('/usr/bin/podkop', ['get_sing_box_status'], 'P0_PRIORITY', result => {
+        try {
+            const parsedSingboxStatus = JSON.parse(result.stdout || '{"running":0,"enabled":0,"status":"error"}');
+
+            // Update Sing-box status text
+            updateTextElement('singbox-status-text',
+                E('span', {
+                    'style': `color: ${parsedSingboxStatus.running && !parsedSingboxStatus.enabled ?
+                        constants.STATUS_COLORS.SUCCESS : constants.STATUS_COLORS.ERROR}`
+                }, [
+                    parsedSingboxStatus.running && !parsedSingboxStatus.enabled ?
+                        '✔ running' : '✘ ' + parsedSingboxStatus.status
+                ])
+            );
+        } catch (error) {
+            updateTextElement('singbox-status-text',
+                E('span', { 'style': `color: ${constants.STATUS_COLORS.ERROR}` }, '✘ Error')
+            );
+        }
+    });
+
+    // Version Information checks
+    safeExec('/usr/bin/podkop', ['show_version'], 'P2_PRIORITY', result => {
+        updateTextElement('podkop-version',
+            document.createTextNode(result.stdout ? result.stdout.trim() : _('Unknown'))
+        );
+    });
+
+    safeExec('/usr/bin/podkop', ['show_luci_version'], 'P2_PRIORITY', result => {
+        updateTextElement('luci-version',
+            document.createTextNode(result.stdout ? result.stdout.trim() : _('Unknown'))
+        );
+    });
+
+    safeExec('/usr/bin/podkop', ['show_sing_box_version'], 'P2_PRIORITY', result => {
+        updateTextElement('singbox-version',
+            document.createTextNode(result.stdout ? result.stdout.trim() : _('Unknown'))
+        );
+    });
+
+    safeExec('/usr/bin/podkop', ['show_system_info'], 'P2_PRIORITY', result => {
+        if (result.stdout) {
+            updateTextElement('openwrt-version',
+                document.createTextNode(result.stdout.split('\n')[1].trim())
+            );
+            updateTextElement('device-model',
+                document.createTextNode(result.stdout.split('\n')[4].trim())
+            );
+        } else {
+            updateTextElement('openwrt-version', document.createTextNode(_('Unknown')));
+            updateTextElement('device-model', document.createTextNode(_('Unknown')));
+        }
+    });
+
+    // FakeIP and DNS status checks
+    runCheck(checkFakeIP, 'P3_PRIORITY', result => {
+        updateTextElement('fakeip-browser-status',
+            E('span', { style: `color: ${result.error ? constants.STATUS_COLORS.WARNING : result.color}` }, [
+                result.error ? '! ' : result.state === 'working' ? '✔ ' : result.state === 'not_working' ? '✘ ' : '! ',
+                result.error ? 'check error' : result.state === 'working' ? _('works in browser') : _('does not work in browser')
+            ])
+        );
+    });
+
+    runCheck(checkFakeIPCLI, 'P8_PRIORITY', result => {
+        updateTextElement('fakeip-router-status',
+            E('span', { style: `color: ${result.error ? constants.STATUS_COLORS.WARNING : result.color}` }, [
+                result.error ? '! ' : result.state === 'working' ? '✔ ' : result.state === 'not_working' ? '✘ ' : '! ',
+                result.error ? 'check error' : result.state === 'working' ? _('works on router') : _('does not work on router')
+            ])
+        );
+    });
+
+    runCheck(checkDNSAvailability, 'P4_PRIORITY', result => {
+        if (result.error) {
+            updateTextElement('dns-remote-status',
+                E('span', { style: `color: ${constants.STATUS_COLORS.WARNING}` }, '! DNS check error')
+            );
+            updateTextElement('dns-local-status',
+                E('span', { style: `color: ${constants.STATUS_COLORS.WARNING}` }, '! DNS check error')
+            );
+        } else {
+            updateTextElement('dns-remote-status',
+                E('span', { style: `color: ${result.remote.color}` }, [
+                    result.remote.state === 'available' ? '✔ ' : result.remote.state === 'unavailable' ? '✘ ' : '! ',
+                    result.remote.message
+                ])
+            );
+
+            updateTextElement('dns-local-status',
+                E('span', { style: `color: ${result.local.color}` }, [
+                    result.local.state === 'available' ? '✔ ' : result.local.state === 'unavailable' ? '✘ ' : '! ',
+                    result.local.message
+                ])
+            );
+        }
+    });
+
+    runCheck(checkBypass, 'P1_PRIORITY', result => {
+        updateTextElement('bypass-status',
+            E('span', { style: `color: ${result.error ? constants.STATUS_COLORS.WARNING : result.color}` }, [
+                result.error ? '! ' : result.state === 'working' ? '✔ ' : result.state === 'not_working' ? '✘ ' : '! ',
+                result.error ? 'check error' : result.message
+            ])
+        );
+    }, 'P1_PRIORITY');
+
+    // Config name
+    runAsyncTask(async () => {
+        try {
+            let configName = _('Main config');
+            const data = await uci.load('podkop');
+            const proxyString = uci.get('podkop', 'main', 'proxy_string');
+
+            if (proxyString) {
+                const activeConfig = proxyString.split('\n')
+                    .map(line => line.trim())
+                    .find(line => line && !line.startsWith('//'));
+
+                if (activeConfig) {
+                    if (activeConfig.includes('#')) {
+                        const label = activeConfig.split('#').pop();
+                        if (label && label.trim()) {
+                            configName = _('Config: ') + decodeURIComponent(label);
+                        }
+                    }
+                }
+            }
+
+            updateTextElement('config-name-text', document.createTextNode(configName));
+        } catch (e) {
+            console.error('Error getting config name from UCI:', e);
+        }
+    }, 'P1_PRIORITY');
+}
+
+function createDiagnosticsSection(mainSection) {
+    let o = mainSection.tab('diagnostics', _('Diagnostics'));
+
+    o = mainSection.taboption('diagnostics', form.DummyValue, '_status');
+    o.rawhtml = true;
+    o.cfgvalue = () => E('div', {
+        id: 'diagnostics-status',
+        'data-loading': 'true'
+    });
+}
+
+function setupDiagnosticsEventHandlers(node) {
+    const titleDiv = E('h2', { 'class': 'cbi-map-title' }, _('Podkop'));
+    node.insertBefore(titleDiv, node.firstChild);
+
+    // Function to initialize diagnostics
+    function initDiagnostics(container) {
+        if (container && container.hasAttribute('data-loading')) {
+            container.innerHTML = '';
+            showConfigModal.busy = false;
+            createStatusSection().then(section => {
+                container.appendChild(section);
+                startDiagnosticsUpdates();
+                // Start error polling when diagnostics tab is active
+                utils.startErrorPolling();
+            });
+        }
+    }
+
+    document.addEventListener('visibilitychange', function () {
+        const diagnosticsContainer = document.getElementById('diagnostics-status');
+        const diagnosticsTab = document.querySelector('.cbi-tab[data-tab="diagnostics"]');
+
+        if (document.hidden || !diagnosticsTab || !diagnosticsTab.classList.contains('cbi-tab-active')) {
+            stopDiagnosticsUpdates();
+            // Don't stop error polling here - it's managed in podkop.js for all tabs
+        } else if (diagnosticsContainer && diagnosticsContainer.hasAttribute('data-loading')) {
+            startDiagnosticsUpdates();
+            // Ensure error polling is running when diagnostics tab is active
+            utils.startErrorPolling();
+        }
+    });
+
+    setTimeout(() => {
+        const diagnosticsContainer = document.getElementById('diagnostics-status');
+        const diagnosticsTab = document.querySelector('.cbi-tab[data-tab="diagnostics"]');
+        const otherTabs = document.querySelectorAll('.cbi-tab:not([data-tab="diagnostics"])');
+
+        // Check for direct page load case
+        const noActiveTabsExist = !Array.from(otherTabs).some(tab => tab.classList.contains('cbi-tab-active'));
+
+        if (diagnosticsContainer && diagnosticsTab && (diagnosticsTab.classList.contains('cbi-tab-active') || noActiveTabsExist)) {
+            initDiagnostics(diagnosticsContainer);
+        }
+
+        const tabs = node.querySelectorAll('.cbi-tabmenu');
+        if (tabs.length > 0) {
+            tabs[0].addEventListener('click', function (e) {
+                const tab = e.target.closest('.cbi-tab');
+                if (tab) {
+                    const tabName = tab.getAttribute('data-tab');
+                    if (tabName === 'diagnostics') {
+                        const container = document.getElementById('diagnostics-status');
+                        container.setAttribute('data-loading', 'true');
+                        initDiagnostics(container);
+                    } else {
+                        stopDiagnosticsUpdates();
+                        // Don't stop error polling - it should continue on all tabs
+                    }
+                }
+            });
+        }
+    }, constants.DIAGNOSTICS_INITIAL_DELAY);
+
+    node.classList.add('fade-in');
+    return node;
+}
+
+return baseclass.extend({
+    createDiagnosticsSection,
+    setupDiagnosticsEventHandlers
+}); 

luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js

@@ -1,224 +1,93 @@
 'use strict';
 'require view';
 'require form';
-'require ui';
 'require network';
+'require view.podkop.configSection as configSection';
+'require view.podkop.diagnosticTab as diagnosticTab';
+'require view.podkop.additionalTab as additionalTab';
+'require view.podkop.utils as utils';
 
 return view.extend({
     async render() {
-        var m, s, o;
+        document.head.insertAdjacentHTML('beforeend', `
+            <style>
+                .cbi-value {
+                    margin-bottom: 10px !important;
+                }
 
-        m = new form.Map('podkop', _('Podkop configuration'));
+                #diagnostics-status .table > div {
+                    background: var(--background-color-primary);
+                    border: 1px solid var(--border-color-medium);
+                    border-radius: var(--border-radius);
+                }
 
+                #diagnostics-status .table > div pre,
+                #diagnostics-status .table > div div[style*="monospace"] {
+                    color: var(--color-text-primary);
+                }
 
-        s = m.section(form.TypedSection, 'main');
-        s.anonymous = true;
+                #diagnostics-status .alert-message {
+                    background: var(--background-color-primary);
+                    border-color: var(--border-color-medium);
+                }
 
-        o = s.tab('main', _('Main'));
+                #cbi-podkop:has(.cbi-tab-disabled[data-tab="basic"]) #cbi-podkop-extra {
+                    display: none;
+                }
+            </style>
+        `);
 
-        o = s.taboption('main', form.ListValue, 'mode', _('Mode'), _('Select VPN or Proxy'));
-        o.value('vpn', ('VPN'));
-        o.value('proxy', ('Proxy'));
+        const m = new form.Map('podkop', _(''), null, ['main', 'extra']);
 
-        o = s.taboption('main', form.Value, 'proxy_string', _('Proxy String'), _('String vless:// or ss://'));
-        o.depends('mode', 'proxy');
+        // Main Section
+        const mainSection = m.section(form.TypedSection, 'main');
+        mainSection.anonymous = true;
+        configSection.createConfigSection(mainSection, m, network);
 
-        // Get all interface
-        o = s.taboption('main', form.ListValue, 'interface', _('Interface'), _('Specify the interface'));
-        o.depends('mode', 'vpn');
+        // Additional Settings Tab (main section)
+        additionalTab.createAdditionalSection(mainSection, network);
 
-        try {
-            const devices = await network.getDevices();
+        // Diagnostics Tab (main section)
+        diagnosticTab.createDiagnosticsSection(mainSection);
+        const map_promise = m.render().then(node => {
+            // Set up diagnostics event handlers
+            diagnosticTab.setupDiagnosticsEventHandlers(node);
 
-            const excludeInterfaces = ['br-lan', 'eth0', 'eth1', 'wan', 'phy0-ap0', 'phy1-ap0'];
+            // Start critical error polling for all tabs
+            utils.startErrorPolling();
 
-            devices.forEach(function (device) {
-                if (device.dev && device.dev.name) {
-                    const deviceName = device.dev.name;
-                    const isExcluded = excludeInterfaces.includes(deviceName) || /^lan\d+$/.test(deviceName);
-
-                    if (!isExcluded) {
-                        o.value(deviceName, deviceName);
+            // Add event listener to keep error polling active when switching tabs
+            const tabs = node.querySelectorAll('.cbi-tabmenu');
+            if (tabs.length > 0) {
+                tabs[0].addEventListener('click', function (e) {
+                    const tab = e.target.closest('.cbi-tab');
+                    if (tab) {
+                        // Ensure error polling continues when switching tabs
+                        utils.startErrorPolling();
                     }
+                });
+            }
+
+            // Add visibility change handler to manage error polling
+            document.addEventListener('visibilitychange', function () {
+                if (document.hidden) {
+                    utils.stopErrorPolling();
                 } else {
-                    console.warn('Device name is undefined or empty');
+                    utils.startErrorPolling();
                 }
             });
-        } catch (error) {
-            console.error('Error fetching devices:', error);
-        }
 
-        o = s.taboption('main', form.Flag, 'domain_list_enabled', _('Domain list enable'), _('<a href="https://github.com/itdoginfo/allow-domains" target="_blank">github.com/itdoginfo/allow-domains</a>'));
-        o.default = '0';
-        o.rmempty = false;
+            return node;
+        });
 
-        o = s.taboption('main', form.ListValue, 'domain_list', _('Domain list'), _('Select a list'));
-        o.placeholder = 'placeholder';
-        o.value('ru_inside', 'Russia inside');
-        o.value('ru_outside', 'Russia outside');
-        o.value('ua', 'Ukraine');
-        o.depends('domain_list_enabled', '1');
-        o.rmempty = false;
+        // Extra Section
+        const extraSection = m.section(form.TypedSection, 'extra', _('Extra configurations'));
+        extraSection.anonymous = false;
+        extraSection.addremove = true;
+        extraSection.addbtntitle = _('Add Section');
+        extraSection.multiple = true;
+        configSection.createConfigSection(extraSection, m, network);
 
-        o = s.taboption('main', form.Flag, 'delist_domains_enabled', _('Delist domains from main list enable'));
-        o.default = '0';
-        o.rmempty = false;
-
-        o = s.taboption('main', form.DynamicList, 'delist_domains', _('Delist domains'), _('Domains to be excluded'));
-        o.placeholder = 'Delist domains';
-        o.depends('delist_domains_enabled', '1');
-        o.rmempty = false;
-
-        o = s.taboption('main', form.Flag, 'subnets_list_enabled', _('Subnets list enable'));
-        o.default = '0';
-        o.rmempty = false;
-
-        o = s.taboption('main', form.DynamicList, 'subnets', _('Subnets specify option'));
-        o.placeholder = 'Subnet list';
-        o.value('twitter', 'Twitter(x.com)');
-        o.value('meta', 'Meta');
-        o.value('discord', 'Discord(voice)');
-        o.depends('subnets_list_enabled', '1');
-        o.rmempty = false;
-
-        o = s.taboption('main', form.Flag, 'custom_domains_list_enabled', _('Custom domains enable'));
-        o.default = '0';
-        o.rmempty = false;
-
-        o = s.taboption('main', form.DynamicList, 'custom_domains', _('Your domains'));
-        o.placeholder = 'Domains list';
-        o.depends('custom_domains_list_enabled', '1');
-        o.rmempty = false;
-
-        o = s.taboption('main', form.Flag, 'custom_download_domains_list_enabled', _('URL domains enable'));
-        o.default = '0';
-        o.rmempty = false;
-
-        o = s.taboption('main', form.DynamicList, 'custom_download_domains', _('Your URL domains'));
-        o.placeholder = 'URL';
-        o.depends('custom_download_domains_list_enabled', '1');
-        o.rmempty = false;
-
-        o = s.taboption('main', form.Flag, 'custom_subnets_list_enabled', _('Custom subnets enable'));
-        o.default = '0';
-        o.rmempty = false;
-
-        o = s.taboption('main', form.DynamicList, 'custom_subnets', _('Your subnet'));
-        o.placeholder = 'Subnets list';
-        o.depends('custom_subnets_list_enabled', '1');
-        o.rmempty = false;
-
-        o = s.taboption('main', form.Flag, 'custom_download_subnets_list_enabled', _('URL subnets enable'));
-        o.default = '0';
-        o.rmempty = false;
-
-        o = s.taboption('main', form.DynamicList, 'custom_download_subnets', _('Your URL subnet'));
-        o.placeholder = 'URL';
-        o.depends('custom_download_subnets_list_enabled', '1');
-        o.rmempty = false;
-
-        o = s.taboption('main', form.Flag, 'all_traffic_from_ip_enabled', _('IP for full redirection'));
-        o.default = '0';
-        o.rmempty = false;
-
-        o = s.taboption('main', form.DynamicList, 'all_traffic_ip', _('Local IPs'));
-        o.placeholder = 'IP';
-        o.depends('all_traffic_from_ip_enabled', '1');
-        o.rmempty = false;
-
-        o = s.taboption('main', form.Flag, 'exclude_from_ip_enabled', _('IP for full exclude'));
-        o.default = '0';
-        o.rmempty = false;
-
-        o = s.taboption('main', form.DynamicList, 'exclude_traffic_ip', _('Local IPs'));
-        o.placeholder = 'IP';
-        o.depends('exclude_from_ip_enabled', '1');
-        o.rmempty = false;
-
-        o = s.taboption('main', form.Flag, 'yacd', _('Yacd enable'), _('http://openwrt.lan:9090:/ui'));
-        o.default = '0';
-        o.depends('mode', 'proxy');
-        o.rmempty = false;
-
-        o = s.taboption('main', form.Flag, 'socks5', _('Mixed enable'), _('Browser port: 2080'));
-        o.default = '0';
-        o.depends('mode', 'proxy');
-        o.rmempty = false;  
-
-        // Second section
-        s = m.section(form.TypedSection, 'second');
-        s.anonymous = true;
-
-        o = s.tab('second', _('Second'));
-
-        o = s.taboption('second', form.Flag, 'second_enable', _('Second enable'));
-        o.default = '0';
-        o.rmempty = false;
-
-        o = s.taboption('second', form.ListValue, 'mode', _('Mode'), _('Select VPN or Proxy'));
-        o.value('vpn', ('VPN'));
-        o.value('proxy', ('Proxy'));
-        o.depends('second_enable', '1');
-
-        o = s.taboption('second', form.Value, 'proxy_string', _('Proxy String'), _('String vless:// or ss://'));
-        o.depends('mode', 'proxy');
-
-        // Get all interface
-        o = s.taboption('second', form.ListValue, 'interface', _('Interface'), _('Specify the interface'));
-        o.depends('mode', 'vpn');
-
-        try {
-            const devices = await network.getDevices();
-
-            const excludeInterfaces = ['br-lan', 'eth0', 'eth1', 'wan', 'phy0-ap0', 'phy1-ap0'];
-
-            devices.forEach(function (device) {
-                if (device.dev && device.dev.name) {
-                    const deviceName = device.dev.name;
-                    const isExcluded = excludeInterfaces.includes(deviceName) || /^lan\d+$/.test(deviceName);
-
-                    if (!isExcluded) {
-                        o.value(deviceName, deviceName);
-                    }
-                } else {
-                    console.warn('Device name is undefined or empty');
-                }
-            });
-        } catch (error) {
-            console.error('Error fetching devices:', error);
-        }
-
-        o = s.taboption('second', form.Flag, 'domain_service_enabled', _('Domain service enable'));
-        o.default = '0';
-        o.rmempty = false;
-        o.depends('second_enable', '1');
-
-        o = s.taboption('second', form.ListValue, 'service_list', _('Service list'), _('Select a list'));
-        o.placeholder = 'placeholder';
-        o.value('youtube', 'Youtube');
-        o.depends('domain_service_enabled', '1');
-        o.rmempty = false;
-
-        o = s.taboption('second', form.Flag, 'custom_domains_list_enabled', _('Custom domains enable'));
-        o.default = '0';
-        o.rmempty = false;
-        o.depends('second_enable', '1');
-
-        o = s.taboption('second', form.DynamicList, 'custom_domains', _('Your domains'));
-        o.placeholder = 'Domains list';
-        o.depends('custom_domains_list_enabled', '1');
-        o.rmempty = false;
-
-        o = s.taboption('second', form.Flag, 'custom_subnets_list_enabled', _('Custom subnets enable'));
-        o.default = '0';
-        o.rmempty = false;
-        o.depends('second_enable', '1');
-
-        o = s.taboption('second', form.DynamicList, 'custom_subnets', _('Your subnet'));
-        o.placeholder = 'Subnets list';
-        o.depends('custom_subnets_list_enabled', '1');
-        o.rmempty = false;
-
-        return m.render();
+        return map_promise;
     }
 });

luci-app-podkop/htdocs/luci-static/resources/view/podkop/utils.js

@@ -0,0 +1,152 @@
+'use strict';
+'require baseclass';
+'require ui';
+'require fs';
+'require view.podkop.constants as constants';
+
+// Flag to track if this is the first error check
+let isInitialCheck = true;
+
+// Set to track which errors we've already seen
+const lastErrorsSet = new Set();
+
+// Timer for periodic error polling
+let errorPollTimer = null;
+
+// Helper function to fetch errors from the podkop command
+async function getPodkopErrors() {
+    return new Promise(resolve => {
+        safeExec('/usr/bin/podkop', ['check_logs'], 'P0_PRIORITY', result => {
+            if (!result || !result.stdout) return resolve([]);
+
+            const logs = result.stdout.split('\n');
+            const errors = logs.filter(log =>
+                log.includes('[critical]')
+            );
+
+            resolve(errors);
+        });
+    });
+}
+
+// Show error notification to the user
+function showErrorNotification(error, isMultiple = false) {
+    const notificationContent = E('div', { 'class': 'alert-message error' }, [
+        E('pre', { 'class': 'error-log' }, error)
+    ]);
+
+    ui.addNotification(null, notificationContent);
+}
+
+// Helper function for command execution with prioritization
+function safeExec(command, args, priority, callback, timeout = constants.COMMAND_TIMEOUT) {
+    // Default to highest priority execution if priority is not provided or invalid
+    let schedulingDelay = constants.COMMAND_SCHEDULING.P0_PRIORITY;
+
+    // If priority is a string, try to get the corresponding delay value
+    if (typeof priority === 'string' && constants.COMMAND_SCHEDULING[priority] !== undefined) {
+        schedulingDelay = constants.COMMAND_SCHEDULING[priority];
+    }
+
+    const executeCommand = async () => {
+        try {
+            const controller = new AbortController();
+            const timeoutId = setTimeout(() => controller.abort(), timeout);
+
+            const result = await Promise.race([
+                fs.exec(command, args),
+                new Promise((_, reject) => {
+                    controller.signal.addEventListener('abort', () => {
+                        reject(new Error('Command execution timed out'));
+                    });
+                })
+            ]);
+
+            clearTimeout(timeoutId);
+
+            if (callback && typeof callback === 'function') {
+                callback(result);
+            }
+
+            return result;
+        } catch (error) {
+            console.warn(`Command execution failed or timed out: ${command} ${args.join(' ')}`);
+            const errorResult = { stdout: '', stderr: error.message, error: error };
+
+            if (callback && typeof callback === 'function') {
+                callback(errorResult);
+            }
+
+            return errorResult;
+        }
+    };
+
+    if (callback && typeof callback === 'function') {
+        setTimeout(executeCommand, schedulingDelay);
+        return;
+    }
+    else {
+        return executeCommand();
+    }
+}
+
+// Check for critical errors and show notifications
+async function checkForCriticalErrors() {
+    try {
+        const errors = await getPodkopErrors();
+
+        if (errors && errors.length > 0) {
+            // Filter out errors we've already seen
+            const newErrors = errors.filter(error => !lastErrorsSet.has(error));
+
+            if (newErrors.length > 0) {
+                // On initial check, just store errors without showing notifications
+                if (!isInitialCheck) {
+                    // Show each new error as a notification
+                    newErrors.forEach(error => {
+                        showErrorNotification(error, newErrors.length > 1);
+                    });
+                }
+
+                // Add new errors to our set of seen errors
+                newErrors.forEach(error => lastErrorsSet.add(error));
+            }
+        }
+
+        // After first check, mark as no longer initial
+        isInitialCheck = false;
+    } catch (error) {
+        console.error('Error checking for critical messages:', error);
+    }
+}
+
+// Start polling for errors at regular intervals
+function startErrorPolling() {
+    if (errorPollTimer) {
+        clearInterval(errorPollTimer);
+    }
+
+    // Reset initial check flag to make sure we show errors
+    isInitialCheck = false;
+
+    // Immediately check for errors on start
+    checkForCriticalErrors();
+
+    // Then set up periodic checks
+    errorPollTimer = setInterval(checkForCriticalErrors, constants.ERROR_POLL_INTERVAL);
+}
+
+// Stop polling for errors
+function stopErrorPolling() {
+    if (errorPollTimer) {
+        clearInterval(errorPollTimer);
+        errorPollTimer = null;
+    }
+}
+
+return baseclass.extend({
+    startErrorPolling,
+    stopErrorPolling,
+    checkForCriticalErrors,
+    safeExec
+}); 

luci-app-podkop/po/ru/podkop.po

@@ -0,0 +1,878 @@
+msgid ""
+msgstr "Content-Type: text/plain; charset=UTF-8"
+
+msgid "Podkop configuration"
+msgstr "Настройка Podkop"
+
+msgid "Basic Settings"
+msgstr "Основные настройки"
+
+msgid "Additional Settings"
+msgstr "Дополнительные настройки"
+
+msgid "Secondary Config"
+msgstr "Второй маршрут"
+
+msgid "Secondary VPN/Proxy Enable"
+msgstr "Включить второй VPN/Proxy"
+
+msgid "Enable secondary VPN/Proxy configuration"
+msgstr "Включить конфигурацию второго VPN/Proxy"
+
+msgid "Connection Type"
+msgstr "Тип подключения"
+
+msgid "Select between VPN and Proxy connection methods for traffic routing"
+msgstr "Выберите между VPN и Proxy методами для маршрутизации трафика"
+
+msgid "Configuration Type"
+msgstr "Тип конфигурации"
+
+msgid "Select how to configure the proxy"
+msgstr "Выберите способ настройки прокси"
+
+msgid "Connection URL"
+msgstr "URL подключения"
+
+msgid "Outbound Config"
+msgstr "Конфигурация Outbound"
+
+msgid "Proxy Configuration URL"
+msgstr "URL конфигурации прокси"
+
+msgid "Enter connection string starting with vless:// or ss:// for proxy configuration. Add comments with // for saving other configs"
+msgstr "Введите строку подключения, начинающуюся с vless:// или ss:// для настройки прокси. Добавляйте комментарии с // для сохранения других конфигураций"
+
+msgid "Outbound Configuration"
+msgstr "Конфигурация исходящего соединения"
+
+msgid "Enter complete outbound configuration in JSON format"
+msgstr "Введите полную конфигурацию исходящего соединения в формате JSON"
+
+msgid "Network Interface"
+msgstr "Сетевой интерфейс"
+
+msgid "Select network interface for VPN connection"
+msgstr "Выберите сетевой интерфейс для VPN подключения"
+
+msgid "Community Lists"
+msgstr "Предустановленные списки"
+
+msgid "Service List"
+msgstr "Список сервисов"
+
+msgid "Select predefined service for routing"
+msgstr "Выберите предустановленные сервисы для маршрутизации"
+
+msgid "User Domain List Type"
+msgstr "Тип пользовательского списка доменов"
+
+msgid "Select how to add your custom domains"
+msgstr "Выберите способ добавления пользовательских доменов"
+
+msgid "Disabled"
+msgstr "Отключено"
+
+msgid "Dynamic List"
+msgstr "Динамический список"
+
+msgid "Text List"
+msgstr "Текстовый список"
+
+msgid "User Domains"
+msgstr "Пользовательские домены"
+
+msgid "Enter domain names without protocols (example: sub.example.com or example.com)"
+msgstr "Введите имена доменов без протоколов (пример: sub.example.com или example.com)"
+
+msgid "User Domains List"
+msgstr "Список пользовательских доменов"
+
+msgid "Enter domain names separated by comma, space or newline. You can add comments after //"
+msgstr "Введите имена доменов, разделяя их запятой, пробелом или с новой строки. Вы можете добавлять комментарии после //"
+
+msgid "Local Domain Lists"
+msgstr "Локальные списки доменов"
+
+msgid "Use the list from the router filesystem"
+msgstr "Использовать список из файловой системы роутера"
+
+msgid "Local Domain Lists Path"
+msgstr "Путь к локальным спискам доменов"
+
+msgid "Enter to the list file path"
+msgstr "Введите путь к файлу списка"
+
+msgid "Remote Domain Lists"
+msgstr "Удаленные списки доменов"
+
+msgid "Download and use domain lists from remote URLs"
+msgstr "Загрузка и использование списков доменов с удаленных URL"
+
+msgid "Remote Domain URLs"
+msgstr "URL удаленных доменов"
+
+msgid "Enter full URLs starting with http:// or https://"
+msgstr "Введите полные URL, начинающиеся с http:// или https://"
+
+msgid "User Subnet List Type"
+msgstr "Тип пользовательского списка подсетей"
+
+msgid "Select how to add your custom subnets"
+msgstr "Выберите способ добавления пользовательских подсетей"
+
+msgid "Text List (comma/space/newline separated)"
+msgstr "Текстовый список (разделенный запятыми/пробелами/новыми строками)"
+
+msgid "User Subnets"
+msgstr "Пользовательские подсети"
+
+msgid "Enter subnets in CIDR notation (example: 103.21.244.0/22) or single IP addresses"
+msgstr "Введите подсети в нотации CIDR (пример: 103.21.244.0/22) или отдельные IP-адреса"
+
+msgid "User Subnets List"
+msgstr "Список пользовательских подсетей"
+
+msgid "Enter subnets in CIDR notation or single IP addresses, separated by comma, space or newline"
+msgstr "Введите подсети в нотации CIDR или отдельные IP-адреса через запятую, пробел или новую строку"
+
+msgid "Remote Subnet Lists"
+msgstr "Удаленные списки подсетей"
+
+msgid "Download and use subnet lists from remote URLs"
+msgstr "Загрузка и использование списков подсетей с удаленных URL"
+
+msgid "Remote Subnet URLs"
+msgstr "URL удаленных подсетей"
+
+msgid "IP for full redirection"
+msgstr "Принудительные прокси IP"
+
+msgid "Specify local IP addresses whose traffic will always use the configured route"
+msgstr "Укажите локальные IP-адреса, трафик которых всегда будет использовать настроенный маршрут"
+
+msgid "Local IPs"
+msgstr "Локальные IP"
+
+msgid "Enter valid IPv4 addresses"
+msgstr "Введите действительные IPv4 адреса"
+
+msgid "IP for exclusion"
+msgstr "Исключения прокси IP"
+
+msgid "Specify local IP addresses that will never use the configured route"
+msgstr "Укажите локальные IP-адреса, которые никогда не будут использовать настроенный маршрут"
+
+msgid "Mixed enable"
+msgstr "Включить смешанный режим"
+
+msgid "Browser port: 2080"
+msgstr "Порт браузера: 2080"
+
+msgid "Yacd enable"
+msgstr "Включить Yacd"
+
+msgid "Exclude NTP"
+msgstr "Исключить NTP"
+
+msgid "For issues with open connections sing-box"
+msgstr "Для проблем с открытыми соединениями sing-box"
+
+msgid "QUIC disable"
+msgstr "Отключить QUIC"
+
+msgid "For issues with the video stream"
+msgstr "Для проблем с видеопотоком"
+
+msgid "List Update Frequency"
+msgstr "Частота обновления списков"
+
+msgid "Select how often the lists will be updated"
+msgstr "Выберите, как часто будут обновляться списки"
+
+msgid "Every hour"
+msgstr "Каждый час"
+
+msgid "Every 2 hours"
+msgstr "Каждые 2 часа"
+
+msgid "Every 3 hours"
+msgstr "Каждые 3 часа"
+
+msgid "Every 4 hours"
+msgstr "Каждые 4 часа"
+
+msgid "Every 6 hours"
+msgstr "Каждые 6 часов"
+
+msgid "Every 12 hours"
+msgstr "Каждые 12 часов"
+
+msgid "Every day"
+msgstr "Каждый день"
+
+msgid "Every 3 days"
+msgstr "Каждые 3 дня"
+
+msgid "Once a day at 04:00"
+msgstr "Раз в день в 04:00"
+
+msgid "Once a week on Sunday at 04:00"
+msgstr "Раз в неделю в воскресенье в 04:00"
+
+msgid "Invalid domain format. Enter domain without protocol (example: sub.example.com)"
+msgstr "Неверный формат домена. Введите домен без протокола (пример: sub.example.com)"
+
+msgid "URL must use http:// or https:// protocol"
+msgstr "URL должен использовать протокол http:// или https://"
+
+msgid "Invalid URL format. URL must start with http:// or https://"
+msgstr "Неверный формат URL. URL должен начинаться с http:// или https://"
+
+msgid "Invalid format. Use format: X.X.X.X or X.X.X.X/Y"
+msgstr "Неверный формат. Используйте формат: X.X.X.X или X.X.X.X/Y"
+
+msgid "IP address 0.0.0.0 is not allowed"
+msgstr "IP адрес не может быть 0.0.0.0"
+
+msgid "IP address parts must be between 0 and 255"
+msgstr "Части IP-адреса должны быть между 0 и 255"
+
+msgid "CIDR must be between 0 and 32"
+msgstr "CIDR должен быть между 0 и 32"
+
+msgid "Invalid IP format. Use format: X.X.X.X (like 192.168.1.1)"
+msgstr "Неверный формат IP. Используйте формат: X.X.X.X (например: 192.168.1.1)"
+
+msgid "Invalid domain format: %s. Enter domain without protocol"
+msgstr "Неверный формат домена: %s. Введите домен без протокола"
+
+msgid "Invalid format: %s. Use format: X.X.X.X or X.X.X.X/Y"
+msgstr "Неверный формат: %s. Используйте формат: X.X.X.X или X.X.X.X/Y"
+
+msgid "IP parts must be between 0 and 255 in: %s"
+msgstr "Части IP-адреса должны быть между 0 и 255 в: %s"
+
+msgid "CIDR must be between 0 and 32 in: %s"
+msgstr "CIDR должен быть между 0 и 32 в: %s"
+
+msgid "Invalid path format. Path must start with \"/\" and contain only valid characters (letters, numbers, \"-\", \"_\", \"/\", \".\")"
+msgstr "Неверный формат пути. Путь должен начинаться с \"/\" и содержать только допустимые символы (буквы, цифры, \"-\", \"_\", \"/\", \".\")"
+
+msgid "Invalid path format"
+msgstr "Неверный формат пути"
+
+msgid "JSON must contain at least type, server and server_port fields"
+msgstr "JSON должен содержать как минимум поля type, server и server_port"
+
+msgid "Invalid JSON format"
+msgstr "Неверный формат JSON"
+
+msgid "Warning: %s cannot be used together with %s. Previous selections have been removed."
+msgstr "Предупреждение: %s нельзя использовать вместе с %s. Предыдущие варианты были удалены."
+
+msgid "Regional options cannot be used together"
+msgstr "Нельзя использовать несколько региональных опций"
+
+msgid "Warning: Russia inside can only be used with Meta, Twitter, Discord, and Telegram. %s already in Russia inside and have been removed from selection."
+msgstr "Внимание: Russia inside может использоваться только с Meta, Twitter, Discord и Telegram. %s были удалены из выбора."
+
+msgid "Russia inside restrictions"
+msgstr "Ограничения Russia inside"
+
+msgid "URL must start with vless:// or ss://"
+msgstr "URL должен начинаться с vless:// или ss://"
+
+msgid "Invalid Shadowsocks URL format: missing method and password separator \":\""
+msgstr "Неверный формат URL Shadowsocks: отсутствует разделитель метода и пароля \":\""
+
+msgid "Invalid Shadowsocks URL format"
+msgstr "Неверный формат URL Shadowsocks"
+
+msgid "Invalid Shadowsocks URL: missing server address"
+msgstr "Неверный URL Shadowsocks: отсутствует адрес сервера"
+
+msgid "Invalid Shadowsocks URL: missing server"
+msgstr "Неверный URL Shadowsocks: отсутствует сервер"
+
+msgid "Invalid Shadowsocks URL: missing port"
+msgstr "Неверный URL Shadowsocks: отсутствует порт"
+
+msgid "Invalid port number. Must be between 1 and 65535"
+msgstr "Неверный номер порта. Должен быть между 1 и 65535"
+
+msgid "Invalid Shadowsocks URL: missing or invalid server/port format"
+msgstr "Неверный URL Shadowsocks: отсутствует или неверный формат сервера/порта"
+
+msgid "Invalid VLESS URL: missing UUID"
+msgstr "Неверный URL VLESS: отсутствует UUID"
+
+msgid "Invalid VLESS URL: missing server address"
+msgstr "Неверный URL VLESS: отсутствует адрес сервера"
+
+msgid "Invalid VLESS URL: missing server"
+msgstr "Неверный URL VLESS: отсутствует сервер"
+
+msgid "Invalid VLESS URL: missing port"
+msgstr "Неверный URL VLESS: отсутствует порт"
+
+msgid "Invalid VLESS URL: missing or invalid server/port format"
+msgstr "Неверный URL VLESS: отсутствует или неверный формат сервера/порта"
+
+msgid "Invalid VLESS URL: missing query parameters"
+msgstr "Неверный URL VLESS: отсутствуют параметры запроса"
+
+msgid "Invalid VLESS URL: missing type parameter"
+msgstr "Неверный URL VLESS: отсутствует параметр type"
+
+msgid "Invalid VLESS URL: missing security parameter"
+msgstr "Неверный URL VLESS: отсутствует параметр security"
+
+msgid "Invalid VLESS URL: missing pbk parameter for reality security"
+msgstr "Неверный URL VLESS: отсутствует параметр pbk для security reality"
+
+msgid "Invalid VLESS URL: missing fp parameter for reality security"
+msgstr "Неверный URL VLESS: отсутствует параметр fp для security reality"
+
+msgid "Invalid VLESS URL: missing sni parameter for tls security"
+msgstr "Неверный URL VLESS: отсутствует параметр sni для security tls"
+
+msgid "Invalid URL format: %s"
+msgstr "Неверный формат URL: %s"
+
+msgid "Remote Domain Lists URL"
+msgstr "URL удаленных списков доменов"
+
+msgid "Enter URL to download domain list"
+msgstr "Введите URL для загрузки списка доменов"
+
+msgid "Update Interval"
+msgstr "Интервал обновления"
+
+msgid "Select how often to update the lists"
+msgstr "Выберите, как часто обновлять списки"
+
+msgid "Last Update"
+msgstr "Последнее обновление"
+
+msgid "Last update time"
+msgstr "Время последнего обновления"
+
+msgid "Next Update"
+msgstr "Следующее обновление"
+
+msgid "Next scheduled update time"
+msgstr "Время следующего запланированного обновления"
+
+msgid "Version"
+msgstr "Версия"
+
+msgid "Component version"
+msgstr "Версия компонента"
+
+msgid "Installed"
+msgstr "Установлено"
+
+msgid "Not installed"
+msgstr "Не установлено"
+
+msgid "Unknown version"
+msgstr "Неизвестная версия"
+
+msgid "Error parsing version"
+msgstr "Ошибка разбора версии"
+
+msgid "Error parsing status"
+msgstr "Ошибка разбора статуса"
+
+msgid "Service is running"
+msgstr "Сервис запущен"
+
+msgid "Service is stopped"
+msgstr "Сервис остановлен"
+
+msgid "Service is enabled"
+msgstr "Сервис включен"
+
+msgid "Service is disabled"
+msgstr "Сервис отключен"
+
+msgid "Service Status"
+msgstr "Статус сервиса"
+
+msgid "working"
+msgstr "работает"
+
+msgid "not working"
+msgstr "не работает"
+
+msgid "check error"
+msgstr "ошибка проверки"
+
+msgid "Diagnostic check in progress..."
+msgstr "Выполняется диагностическая проверка..."
+
+msgid "Diagnostic check completed"
+msgstr "Диагностическая проверка завершена"
+
+msgid "Diagnostic check failed"
+msgstr "Диагностическая проверка не удалась"
+
+msgid "Update in progress..."
+msgstr "Выполняется обновление..."
+
+msgid "Update completed"
+msgstr "Обновление завершено"
+
+msgid "Update failed"
+msgstr "Обновление не удалось"
+
+msgid "Check in progress..."
+msgstr "Выполняется проверка..."
+
+msgid "Check completed"
+msgstr "Проверка завершена"
+
+msgid "Check failed"
+msgstr "Проверка не удалась"
+
+msgid "Version Information"
+msgstr "Информация о версии"
+
+msgid "Copied!"
+msgstr "Скопировано!"
+
+msgid "Podkop Status"
+msgstr "Статус Podkop"
+
+msgid "Start Podkop"
+msgstr "Запустить Podkop"
+
+msgid "Stop Podkop"
+msgstr "Остановить Podkop"
+
+msgid "Restart Podkop"
+msgstr "Перезапустить Podkop"
+
+msgid "Enable Podkop"
+msgstr "Включить Podkop"
+
+msgid "Disable Podkop"
+msgstr "Отключить Podkop"
+
+msgid "Loading diagnostics..."
+msgstr "Загрузка диагностики..."
+
+msgid "Error loading diagnostics"
+msgstr "Ошибка загрузки диагностики"
+
+msgid "Sing-box Status"
+msgstr "Статус Sing-box"
+
+msgid "Diagnostic Tools"
+msgstr "Инструменты диагностики"
+
+msgid "Unknown"
+msgstr "Неизвестно"
+
+msgid "Device Model: "
+msgstr "Модель устройства: "
+
+msgid "OpenWrt Version: "
+msgstr "Версия OpenWrt: "
+
+msgid "Sing-box: "
+msgstr "Sing-box: "
+
+msgid "LuCI App: "
+msgstr "LuCI App: "
+
+msgid "Podkop: "
+msgstr "Podkop: "
+
+msgid "Check NFT Rules"
+msgstr "Проверить правила NFT"
+
+msgid "Update Lists"
+msgstr "Обновить списки"
+
+msgid "Lists Update Results"
+msgstr "Результаты обновления списков"
+
+msgid "DNS Protocol Type"
+msgstr "Тип DNS протокола"
+
+msgid "Select DNS protocol to use"
+msgstr "Выберите протокол DNS"
+
+msgid "DNS over HTTPS (DoH)"
+msgstr "DNS через HTTPS (DoH)"
+
+msgid "DNS over TLS (DoT)"
+msgstr "DNS через TLS (DoT)"
+
+msgid "UDP (Unprotected DNS)"
+msgstr "UDP (Незащищённый DNS)"
+
+msgid "DNS Server"
+msgstr "DNS сервер"
+
+msgid "Select or enter DNS server address"
+msgstr "Выберите или введите адрес DNS сервера"
+
+msgid "DNS server address cannot be empty"
+msgstr "Адрес DNS сервера не может быть пустым"
+
+msgid "Invalid DNS server format. Examples: 8.8.8.8 or dns.example.com"
+msgstr "Неверный формат DNS сервера. Примеры: 8.8.8.8 или dns.example.com"
+
+msgid "DNS Rewrite TTL"
+msgstr "Перезапись TTL для DNS"
+
+msgid "Time in seconds for DNS record caching (default: 600)"
+msgstr "Время в секундах для кэширования DNS записей (по умолчанию: 600)"
+
+msgid "TTL value cannot be empty"
+msgstr "Значение TTL не может быть пустым"
+
+msgid "TTL must be a positive number"
+msgstr "TTL должно быть положительным числом"
+
+msgid "Cache File Path"
+msgstr "Путь к файлу кэша"
+
+msgid "Select or enter path for sing-box cache file. Change this ONLY if you know what you are doing"
+msgstr "Выберите или введите путь к файлу кэша sing-box. Меняйте ТОЛЬКО если знаете, что делаете"
+
+msgid "Cache file path cannot be empty"
+msgstr "Путь к файлу кэша не может быть пустым"
+
+msgid "Path must be absolute (start with /)"
+msgstr "Путь должен быть абсолютным (начинаться с /)"
+
+msgid "Path must end with cache.db"
+msgstr "Путь должен заканчиваться на cache.db"
+
+msgid "Path must contain at least one directory (like /tmp/cache.db)"
+msgstr "Путь должен содержать хотя бы одну директорию (например /tmp/cache.db)"
+
+msgid "Invalid path format. Must be like /tmp/cache.db"
+msgstr "Неверный формат пути. Пример: /tmp/cache.db"
+
+msgid "Select the network interface from which the traffic will originate"
+msgstr "Выберите сетевой интерфейс, с которого будет исходить трафик"
+
+msgid "Copy to Clipboard"
+msgstr "Копировать в буфер обмена"
+
+msgid "Close"
+msgstr "Закрыть"
+
+msgid "Loading..."
+msgstr "Загрузка..."
+
+msgid "Loading version information..."
+msgstr "Загрузка информации о версии..."
+
+msgid "Checking FakeIP..."
+msgstr "Проверка FakeIP..."
+
+msgid "timeout"
+msgstr "таймаут"
+
+msgid "Current config: "
+msgstr "Текущая конфигурация: "
+
+msgid "Invalid VLESS URL: type must be one of tcp, udp, grpc, http"
+msgstr "Неверный URL VLESS: тип должен быть одним из tcp, udp, grpc, http"
+
+msgid "Invalid VLESS URL: security must be one of tls, reality, none"
+msgstr "Неверный URL VLESS: security должен быть одним из tls, reality, none"
+
+msgid "Podkop"
+msgstr "Podkop"
+
+msgid "Proxy"
+msgstr "Прокси"
+
+msgid "VPN"
+msgstr "VPN"
+
+msgid "http://openwrt.lan:9090/ui"
+msgstr "http://openwrt.lan:9090/ui"
+
+msgid "Podkop Configuration"
+msgstr "Конфигурация Podkop"
+
+msgid "Active Connections"
+msgstr "Активные соединения"
+
+msgid "DNSMasq Configuration"
+msgstr "Конфигурация DNSMasq"
+
+msgid "Sing-box Configuration"
+msgstr "Конфигурация Sing-box"
+
+msgid "Extra configurations"
+msgstr "Дополнительные конфигурации"
+
+msgid "Add Section"
+msgstr "Добавить раздел"
+
+msgid "No output"
+msgstr "Нет вывода"
+
+msgid "Failed to copy: "
+msgstr "Не удалось скопировать: "
+
+msgid "Show Config"
+msgstr "Показать конфигурацию"
+
+msgid "View Logs"
+msgstr "Просмотр логов"
+
+msgid "Check Connections"
+msgstr "Проверить соединения"
+
+msgid "FakeIP Status"
+msgstr "Статус FakeIP"
+
+msgid "Device Model: "
+msgstr "Модель устройства: "
+
+msgid "OpenWrt Version: "
+msgstr "Версия OpenWrt: "
+
+msgid "Check DNSMasq"
+msgstr "Проверить DNSMasq"
+
+msgid "Check NFT Rules"
+msgstr "Проверить правила NFT"
+
+msgid "Update Lists"
+msgstr "Обновить списки"
+
+msgid "Lists Update Results"
+msgstr "Результаты обновления списков"
+
+msgid "NFT Rules"
+msgstr "Правила NFT"
+
+msgid "GitHub Connectivity"
+msgstr "Подключение к GitHub"
+
+msgid "Check GitHub"
+msgstr "Проверить GitHub"
+
+msgid "GitHub Connectivity Results"
+msgstr "Результаты проверки подключения к GitHub"
+
+msgid "Sing-Box Logs"
+msgstr "Логи Sing-Box"
+
+msgid "View recent sing-box logs from system journal"
+msgstr "Просмотр последних логов sing-box из системного журнала"
+
+msgid "View Sing-Box Logs"
+msgstr "Просмотр логов Sing-Box"
+
+msgid "Podkop Logs"
+msgstr "Логи Podkop"
+
+msgid "View recent podkop logs from system journal"
+msgstr "Просмотр последних логов podkop из системного журнала"
+
+msgid "View Podkop Logs"
+msgstr "Просмотр логов Podkop"
+
+msgid "Active Connections"
+msgstr "Активные соединения"
+
+msgid "View active sing-box network connections"
+msgstr "Просмотр активных сетевых подключений sing-box"
+
+msgid "DNSMasq Configuration"
+msgstr "Конфигурация DNSMasq"
+
+msgid "View current DNSMasq configuration settings"
+msgstr "Просмотр текущих настроек конфигурации DNSMasq"
+
+msgid "Sing-Box Configuration"
+msgstr "Конфигурация Sing-Box"
+
+msgid "Show current sing-box configuration"
+msgstr "Показать текущую конфигурацию sing-box"
+
+msgid "Show Sing-Box Config"
+msgstr "Показать конфигурацию Sing-Box"
+
+msgid "Diagnostic Tools"
+msgstr "Инструменты диагностики"
+
+msgid "Unknown"
+msgstr "Неизвестно"
+
+msgid "sing-box not running"
+msgstr "sing-box не запущен"
+
+msgid "DNS not configured"
+msgstr "DNS не настроен"
+
+msgid "running & enabled"
+msgstr "запущен и активирован"
+
+msgid "running but disabled"
+msgstr "запущен, но деактивирован"
+
+msgid "stopped but enabled"
+msgstr "остановлен, но активирован"
+
+msgid "stopped & disabled"
+msgstr "остановлен и деактивирован"
+
+msgid "works in browser"
+msgstr "работает в браузере"
+
+msgid "works on router"
+msgstr "работает на роутере"
+
+msgid "Check Router FakeIP"
+msgstr "Проверить FakeIP на роутере"
+
+msgid "FakeIP Router Check"
+msgstr "Проверка FakeIP на роутере"
+
+msgid "FakeIP CLI Check"
+msgstr "Проверка FakeIP через CLI"
+
+msgid "FakeIP CLI Check Results"
+msgstr "Результаты проверки FakeIP через CLI"
+
+msgid "does not work in browser"
+msgstr "не работает в браузере"
+
+msgid "does not work on router"
+msgstr "не работает на роутере"
+
+msgid "Diagnostics"
+msgstr "Диагностика"
+
+msgid "DNS Status"
+msgstr "Статус DNS"
+
+msgid "Bypass Status"
+msgstr "Статус обхода"
+
+msgid "proxy working correctly"
+msgstr "прокси работает корректно"
+
+msgid "vpn working correctly"
+msgstr "vpn работает корректно"
+
+msgid "proxy not working"
+msgstr "прокси не работает"
+
+msgid "vpn not working"
+msgstr "vpn не работает"
+
+msgid "proxy not running"
+msgstr "прокси не запущен"
+
+msgid "vpn not running"
+msgstr "vpn не запущен"
+
+msgid "proxy routing incorrect"
+msgstr "маршрутизация прокси некорректна"
+
+msgid "vpn routing incorrect"
+msgstr "маршрутизация vpn некорректна"
+
+msgid "First endpoint check failed"
+msgstr "Проверка первой конечной точки не удалась"
+
+msgid "IP comparison failed"
+msgstr "Сравнение IP-адресов не удалось"
+
+msgid "Bypass check error"
+msgstr "Ошибка проверки обхода"
+
+msgid "Main config"
+msgstr "Основная конфигурация"
+
+msgid "Config without description"
+msgstr "Конфигурация без описания"
+
+msgid "DNS working"
+msgstr "DNS работает"
+
+msgid "Router DNS working"
+msgstr "DNS роутера работает"
+
+msgid "Router DNS not working"
+msgstr "DNS роутера не работает"
+
+msgid "DNS check error"
+msgstr "Ошибка проверки DNS"
+
+msgid "available"
+msgstr "доступен"
+
+msgid "unavailable"
+msgstr "недоступен"
+
+msgid "Apply for SS2022"
+msgstr "Применить для SS2022"
+
+msgid "PODKOP CONFIGURATION"
+msgstr "КОНФИГУРАЦИЯ PODKOP"
+
+msgid "FAKEIP ROUTER TEST"
+msgstr "ПРОВЕРКА FAKEIP НА РОУТЕРЕ"
+
+msgid "FAKEIP BROWSER TEST"
+msgstr "ПРОВЕРКА FAKEIP В БРАУЗЕРЕ"
+
+msgid "FakeIP is working correctly on router (198.18.x.x)"
+msgstr "FakeIP работает корректно на роутере (198.18.x.x)"
+
+msgid "Click here for all the info"
+msgstr "Нажмите для просмотра всей информации"
+
+msgid "Check DNS server on current device (PC, phone)"
+msgstr "Проверьте DNS сервер на текущем устройстве (ПК, телефон)"
+
+msgid "Its must be router!"
+msgstr "Это должен быть роутер!"
+
+msgid "Global check"
+msgstr "Глобальная проверка"
+
+msgid "Starting lists update..."
+msgstr "Начало обновления списков..."
+
+msgid "DNS check passed"
+msgstr "Проверка DNS пройдена"
+
+msgid "DNS check failed after 60 attempts"
+msgstr "Проверка DNS не удалась после 60 попыток"
+
+msgid "GitHub connection check passed"
+msgstr "Проверка подключения к GitHub пройдена"
+
+msgid "GitHub connection check passed (via proxy)"
+msgstr "Проверка подключения к GitHub пройдена (через прокси)"
+
+msgid "GitHub connection check failed after 60 attempts"
+msgstr "Проверка подключения к GitHub не удалась после 60 попыток"
+
+msgid "Downloading and processing lists..."
+msgstr "Загрузка и обработка списков..."
+
+msgid "Lists update completed successfully"
+msgstr "Обновление списков успешно завершено"
+
+msgid "Lists update failed"
+msgstr "Обновление списков не удалось"
+
+msgid "Error: "
+msgstr "Ошибка: "

luci-app-podkop/root/etc/uci-defaults/50_luci-podkop

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+rm -f /var/luci-indexcache*
+rm -f /tmp/luci-indexcache*
+
+[ -x /etc/init.d/rpcd ] && /etc/init.d/rpcd reload
+
+logger -t "podkop" "$timestamp uci-defaults script executed"
+
+exit 0

luci-app-podkop/root/usr/share/rpcd/acl.d/luci-app-podkop.json

@@ -2,10 +2,17 @@
   "luci-app-podkop": {
     "description": "Grant UCI and RPC access to LuCI app podkop",
     "read": {
+      "file": {
+        "/etc/init.d/podkop": [
+          "exec"
+        ],
+        "/usr/bin/podkop": [
+          "exec"
+        ]
+      },
       "ubus": {
-        "luci.podkop": [
-          "get_sample1",
-          "get_sample2"
+        "service": [
+          "list"
         ]
       },
       "uci": [
@@ -18,4 +25,4 @@
       ]
     }
   }
-}
+}

podkop/Makefile

@@ -1,7 +1,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=podkop
-PKG_VERSION:=0.1.8
+
+PKG_VERSION := $(if $(PKG_VERSION),$(PKG_VERSION),dev_$(shell date +%d%m%Y))
+
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=ITDog <podkop@itdog.info>
@@ -12,9 +14,10 @@ include $(INCLUDE_DIR)/package.mk
 define Package/podkop
 	SECTION:=net
 	CATEGORY:=Network
-	DEPENDS:=+dnsmasq-full +curl +jq +kmod-nft-tproxy +coreutils-base64
+	DEPENDS:=+sing-box +curl +jq +kmod-nft-tproxy +coreutils-base64
+	CONFLICTS:=https-dns-proxy nextdns luci-app-passwall luci-app-passwall2
 	TITLE:=Domain routing app
-	URL:=https://itdog.info
+	URL:=https://podkop.net
 	PKGARCH:=all
 endef
 
@@ -28,25 +31,13 @@ endef
 define Build/Compile
 endef
 
-define Package/podkop/postinst
-#!/bin/sh
-
-if ! uci show ucitrack | grep -q 'podkop'; then
-    uci add ucitrack podkop
-    uci set ucitrack.@podkop[-1].init=podkop
-    uci commit ucitrack
-
-	/etc/init.d/ucitrack restart
-fi
-
-exit 0
-endef
-
 define Package/podkop/prerm
 #!/bin/sh
 
 grep -q "105 podkop" /etc/iproute2/rt_tables && sed -i "/105 podkop/d" /etc/iproute2/rt_tables
 
+/etc/init.d/podkop stop
+
 exit 0
 endef
 
@@ -62,11 +53,8 @@ define Package/podkop/install
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_CONF) ./files/etc/config/podkop $(1)/etc/config/podkop
 
-	$(INSTALL_DIR) $(1)/etc/podkop
-	$(INSTALL_DATA) ./files/etc/podkop/* $(1)/etc/podkop/
-
-	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
-	$(INSTALL_DATA) ./files/etc/hotplug.d/iface/50-podkop $(1)/etc/hotplug.d/iface/50-podkop
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) ./files/usr/bin/podkop $(1)/usr/bin/podkop
 endef
 
 $(eval $(call BuildPackage,podkop))

podkop/files/etc/config/podkop

@@ -1,36 +1,45 @@
 config main 'main'
 	option mode 'proxy'
-	option interface 'wg0'
+	#option interface ''
+	option proxy_config_type 'url'
+	#option outbound_json ''
 	option proxy_string ''
 	option domain_list_enabled '1'
-	option domain_list 'ru_inside'
+	list domain_list 'russia_inside'
 	option subnets_list_enabled '0'
-	list subnets 'twitter'
-	option custom_domains_list_enabled '0'
-	list custom_domains ''
+	option custom_domains_list_type 'disabled'
+	#list custom_domains ''
+	#option custom_domains_text ''
+	option custom_local_domains_list_enabled '0'
+	#list custom_local_domains ''
 	option custom_download_domains_list_enabled '0'
-	list custom_download_domains ''
-	option custom_subnets_list_enabled '0'
-	list custom_subnets ''
+	#list custom_download_domains ''
+	option custom_domains_list_type 'disable'
+	#list custom_subnets ''
+	#custom_subnets_text ''
 	option custom_download_subnets_list_enabled '0'
-	list custom_download_subnets ''
+	#list custom_download_subnets ''
 	option all_traffic_from_ip_enabled '0'
-	list all_traffic_ip ''
+	#list all_traffic_ip ''
 	option delist_domains_enabled '0'
-	list delist_domains ''
+	#list delist_domains ''
 	option exclude_from_ip_enabled '0'
-	list exclude_traffic_ip ''
+	#list exclude_traffic_ip ''
 	option yacd '0'
 	option socks5 '0'
-
-config second 'second'
-	option second_enable '0'
-	option mode 'proxy'
-	option interface 'wg1'
-	option proxy_string ''
-	option domain_list_enabled '0'
-	list domains 'youtube'
-	option custom_domains_list_enabled '0'
-	list custom_domains 'ifconfig.io'
-	option custom_subnets_list_enabled '0'
-	list custom_subnets ''
+	option exclude_ntp '0'
+	option quic_disable '0'
+	option dont_touch_dhcp '0'
+	option update_interval '1d'
+	option dns_type 'udp'
+	option dns_server '8.8.8.8'
+	option split_dns_enabled '1'
+	option split_dns_type 'udp'
+	option split_dns_server '1.1.1.1'
+	option dns_rewrite_ttl '60'
+	option cache_file '/tmp/cache.db'
+	list iface 'br-lan'
+	option mon_restart_ifaces '0'
+	#list restart_ifaces 'wan'
+	option ss_uot '0'
+	option detour '0'

podkop/files/etc/hotplug.d/iface/50-podkop

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-/etc/init.d/podkop add_route_interface

podkop/files/etc/init.d/podkop

@@ -1,914 +1,50 @@
 #!/bin/sh /etc/rc.common
 
 START=99
+USE_PROCD=1
 
 script=$(readlink "$initscript")
 NAME="$(basename ${script:-$initscript})"
 config_load "$NAME"
 
-EXTRA_COMMANDS="list_update add_route_interface version"
-EXTRA_HELP="        list_update     Updating domain and subnet lists
-        version          Show version
-        add_route_interface  Adding route for interface
-        sing_box_config_vless For test vless string"
+start_service() {
+    echo "Start podkop"
 
-cron_job="0 4 * * * /etc/init.d/podkop list_update"
+	config_get mon_restart_ifaces "main" "mon_restart_ifaces"
+	config_get restart_ifaces "main" "restart_ifaces"
 
-start() {
-    log "Start podkop"
-
-    dnsmasqfull
-    ucitrack
-    routing_table_create
-    add_mark
-
-    config_get mode "main" "mode"
-    case "$mode" in
-    "vpn")
-        log "VPN mode"
-        log "You are using VPN mode, make sure you have installed all the necessary packages, configured, created the zone and forwarding."
-        config_get interface "main" "interface" "0"
-        if [ -n "$interface" ]; then
-            add_route_interface "$interface" "podkop"
-        else
-            log "Interface undefined"
-        fi
-
-        config_get_bool second_enable "second" "second_enable" "0"
-        config_get mode "second" "mode" "0"
-        if [ "$second_enable" -eq "1" ] && [ "$mode" = "proxy" ]; then
-            config_get proxy_string second "proxy_string"
-            if [[ "$proxy_string" =~ ^ss:// ]]; then
-                sing_box_config_shadowsocks "$proxy_string" "1603"
-            elif [[ "$proxy_string" =~ ^vless:// ]]; then
-                sing_box_config_vless "$proxy_string" "1603"
-            else
-                log "Unsupported proxy type: $proxy_string"
-                exit 1
-            fi
-            add_route_tproxy podkop2
-            sing_box_config_check
-            sing_box_uci
-            /etc/init.d/sing-box restart
-            /etc/init.d/sing-box enable
-        fi
-
-        if [ "$second_enable" -eq "1" ] && [ "$mode" = "vpn" ]; then
-            log "VPN mode for second"
-            config_get interface "second" "interface" "0"
-            if [ -n "$interface" ]; then
-                add_route_interface "$interface" "podkop2"
-            else
-                log "Interface undefined"
-            fi
-        fi
-        ;;
-    "proxy")
-        log "Proxy mode"
-        if ! command -v sing-box >/dev/null 2>&1; then
-            log "Sing-box isn't installed. Proxy mode works with sing-box"
-            exit 1
-        fi
-
-        # Main - proxy, Second - proxy
-        config_get_bool second_enable "second" "second_enable" "0"
-        config_get mode "second" "mode" "0"
-        if [ "$second_enable" -eq "1" ] && [ "$mode" = "proxy" ]; then
-            log "Two proxy enable"
-            outbound_main=$(mktemp)
-            outbound_second=$(mktemp)
-
-            config_get proxy_string main "proxy_string"
-            if [[ "$proxy_string" =~ ^ss:// ]]; then
-                sing_box_config_outbound_shadowsocks "$proxy_string" "$outbound_main" main
-            elif [[ "$proxy_string" =~ ^vless:// ]]; then
-                sing_box_config_outbound_vless "$proxy_string" "$outbound_main" main
-            else
-                log "Unsupported proxy type: $proxy_string"
-                exit 1
-            fi
-
-            config_get proxy_string second "proxy_string"
-            if [[ "$proxy_string" =~ ^ss:// ]]; then
-                sing_box_config_outbound_shadowsocks "$proxy_string" "$outbound_second" second
-            elif [[ "$proxy_string" =~ ^vless:// ]]; then
-                sing_box_config_outbound_vless "$proxy_string" "$outbound_second" second
-            else
-                log "Unsupported proxy type: $proxy_string"
-                exit 1
-            fi
-
-            jq --argjson outbounds "$(jq -s '{"outbounds": (.[0].outbounds + .[1].outbounds)}' "$outbound_main" "$outbound_second")" \
-                '.outbounds += $outbounds.outbounds' /etc/podkop/sing-box-two-proxy-template.json >/etc/sing-box/config.json
-
-            rm -f "$outbound_main" "$outbound_second"
-
-            add_route_tproxy podkop
-            add_route_tproxy podkop2
-        fi
-
-        # Main proxy, second disable/vpn
-        config_get_bool second_enable "second" "second_enable" "0"
-        config_get mode "second" "mode" "0"
-        if [ "$second_enable" -eq "0" ] || [ "$mode" = "vpn" ]; then
-            config_get proxy_string main "proxy_string"
-            if [[ "$proxy_string" =~ ^ss:// ]]; then
-                sing_box_config_shadowsocks "$proxy_string" "1602"
-            elif [[ "$proxy_string" =~ ^vless:// ]]; then
-                sing_box_config_vless "$proxy_string" "1602"
-            else
-                log "Unsupported proxy type: $proxy_string"
-                exit 1
-            fi
-            add_route_tproxy podkop
-        fi
-
-        sing_box_config_check
-        sing_box_uci
-        /etc/init.d/sing-box restart
-        /etc/init.d/sing-box enable
-
-        # Main proxy, Second VPN
-        config_get_bool second_enable "second" "second_enable" "0"
-        config_get mode "second" "mode" "0"
-        if [ "$second_enable" -eq "1" ] && [ "$mode" = "vpn" ]; then
-            log "VPN mode for seconds"
-            log "You are using VPN mode, make sure you have installed all the necessary packages, configured, created the zone and forwarding."
-            config_get interface "second" "interface" "0"
-            if [ -n "$interface" ]; then
-                add_route_interface "$interface" "podkop2"
-            else
-                log "Interface undefined"
-            fi
-        fi
-        ;;
-    *)
-        log "Requires *vpn* or *proxy* value"
-        exit 1
-        ;;
-    esac
-
-    list_update
-
-    if [ "$domain_list_enabled" -eq 1 ] || [ "$subnets_list_enabled" -eq 1 ]; then
-        add_cron_job
-    fi
-
-    config_get_bool all_traffic_from_ip_enabled "main" "all_traffic_from_ip_enabled" "0"
-    if [ "$all_traffic_from_ip_enabled" -eq 1 ]; then
-        log "Adding an IP to redirect all traffic"
-        config_list_foreach main all_traffic_ip list_all_traffic_from_ip
-    fi
-
-    config_get_bool exclude_from_ip_enabled "main" "exclude_from_ip_enabled" "0"
-    if [ "$exclude_from_ip_enabled" -eq 1 ]; then
-        log "Adding an IP for exclusion"
-        config_list_foreach main exclude_traffic_ip list_exclude_traffic_from_ip
-    fi
-
-    config_get_bool yacd "main" "yacd" "0"
-    if [ "$yacd" -eq 1 ]; then
-        log "Yacd enable"
-        jq '.experimental.clash_api = {
-            "external_ui": "ui",
-            "external_controller": "0.0.0.0:9090"
-        }' /etc/sing-box/config.json >/tmp/sing-box-config-tmp.json && mv /tmp/sing-box-config-tmp.json /etc/sing-box/config.json
-        /etc/init.d/sing-box restart
-    fi
-
-    config_get_bool socks5 "main" "socks5" "0"
-    if [ "$socks5" -eq 1 ]; then
-        log "Socks5 local enable port 2080"
-        jq '.inbounds += [{
-            "type": "mixed",
-            "listen": "0.0.0.0",
-            "listen_port": 2080,
-            "set_system_proxy": false
-        }]' /etc/sing-box/config.json >/tmp/sing-box-config-tmp.json && mv /tmp/sing-box-config-tmp.json /etc/sing-box/config.json
-        /etc/init.d/sing-box restart
-    fi
+	procd_open_instance
+	procd_set_param command /usr/bin/podkop start
+	[ "$mon_restart_ifaces" = "1" ] && [ -n "$restart_ifaces" ] && procd_set_param netdev $restart_ifaces
+	procd_set_param stdout 1
+	procd_set_param stderr 1
+	procd_close_instance
 }
 
-stop() {
-    log "Stopping the podkop"
-    rm -f /tmp/dnsmasq.d/podkop*
-    remove_cron_job
-
-    log "Flush nft"
-    if nft list table inet PodkopTable >/dev/null 2>&1; then
-        nft delete table inet PodkopTable
-    fi
-
-    log "Flush ip rule"
-    if ip rule list | grep -q "podkop"; then
-        ip rule del fwmark 0x105 table podkop priority 105
-    fi
-
-    if ip rule list | grep -q "podkop2"; then
-        ip rule del fwmark 0x106 table podkop2 priority 106
-    fi
-
-    log "Flush ip route"
-    if ip route list table podkop; then
-        ip route flush table podkop
-    fi
-
-    if ip route list table podkop2; then
-        ip route flush table podkop2
-    fi
-
-    log "Stop sing-box"
-    config_get mode_main "main" "mode" "0"
-    config_get mode_second "second" "mode" "0"
-
-    if [ "$mode_main" = "proxy" ] || [ "$mode_second" = "proxy" ]; then
-        /etc/init.d/sing-box stop
-        /etc/init.d/sing-box disable
-    fi
+stop_service() {
+    /usr/bin/podkop stop
 }
 
-restart() {
-    stop
-    start
+reload_service() {
+    /usr/bin/podkop reload > /dev/null 2>&1
 }
 
-reload() {
-    stop
-    start
-}
+service_triggers() {
+    echo "service_triggers start"
 
-version() {
-    echo VERSION_FROM_MAKEFILE
-}
+	config_get mon_restart_ifaces "main" "mon_restart_ifaces"
+	config_get restart_ifaces "main" "restart_ifaces"
 
-log() {
-    local message="$1"
-    local timestamp=$(date +"%Y-%m-%d %H:%M:%S")
-    local CYAN="\033[0;36m"
-    local GREEN="\033[0;32m"
-    local RESET="\033[0m"
+	# Test without delay
+    #PROCD_RELOAD_DELAY=2000
 
-    echo -e "${CYAN}[$timestamp]${RESET} ${GREEN}$message${RESET}"
-}
+	procd_open_trigger
+		procd_add_config_trigger "config.change" "$NAME" "$initscript" restart 'on_config_change'
 
-add_cron_job() {
-    if ! crontab -l | grep -q "podkop"; then
-        #echo "$cron_job" >>/etc/crontabs/root
-        crontab -l | {
-            cat
-            echo "$cron_job"
-        } | crontab -
-        log "The cron job has been created"
-    fi
-}
-
-remove_cron_job() {
-    sed -i "\|podkop|d" /etc/crontabs/root
-    log "The cron job removed"
-}
-
-list_update() {
-    config_get_bool domain_list_enabled "main" "domain_list_enabled" "0"
-    if [ "$domain_list_enabled" -eq 1 ]; then
-        log "Adding a common domains list"
-        add_set "podkop_domains" "main"
-        config_get domain_list main "domain_list"
-        lists_domains_download "$domain_list"
-        dnsmasq_config_check podkop-domains.lst
-    fi
-
-    config_get_bool custom_domains_list_enabled "main" "custom_domains_list_enabled" "0"
-    if [ "$custom_domains_list_enabled" -eq 1 ]; then
-        log "Adding a custom domains list"
-        add_set "podkop_domains" "main"
-        rm -f /tmp/dnsmasq.d/podkop-custom-domains.lst
-        config_list_foreach main custom_domains "list_custom_domains_create" "podkop"
-        dnsmasq_config_check podkop-custom-domains.lst
-    fi
-
-    config_get_bool custom_download_domains_list_enabled "main" "custom_download_domains_list_enabled" "0"
-    if [ "$custom_download_domains_list_enabled" -eq 1 ]; then
-        log "Adding a custom domains list from URL"
-        add_set "podkop_domains" "main"
-        config_list_foreach main custom_download_domains "list_custom_download_domains_create" "podkop"
-    fi
-
-    config_get_bool delist_domains_enabled "main" "delist_domains_enabled" "0"
-    if [ "$delist_domains_enabled" -eq 1 ] && [ "$domain_list_enabled" -eq 1 ]; then
-        log "Exclude domains from the common list"
-        config_list_foreach main delist_domains "list_delist_domains"
-        dnsmasq_config_check podkop-domains.lst
-    fi
-
-    if [ "$domain_list_enabled" -eq 1 ] || [ "$custom_domains_list_enabled" -eq 1 ]; then
-        /etc/init.d/dnsmasq restart
-    fi
-
-    config_get_bool custom_domains_list_enabled "second" "custom_domains_list_enabled" "0"
-    if [ "$custom_domains_list_enabled" -eq 1 ]; then
-        log "Adding a custom domains list. Second podkop"
-        add_set "podkop2_domains" "second"
-        rm -f /tmp/dnsmasq.d/podkop2-custom-domains.lst
-        config_list_foreach second custom_domains "list_delist_domains"
-        config_list_foreach second custom_domains "list_custom_domains_create" "podkop2"
-        dnsmasq_config_check podkop2-custom-domains.lst
-    fi
-
-    config_get_bool domain_service_enabled "second" "domain_service_enabled" "0"
-    if [ "$domain_service_enabled" -eq 1 ]; then
-        log "Adding a service for podkop2"
-        add_set "podkop2_domains" "second"
-        config_get service_list second "service_list"
-        lists_services_download "$service_list"
-        config_list_foreach second custom_domains "list_delist_domains"
-        dnsmasq_config_check podkop2-domains.lst
-    fi
-
-    if [ "$custom_domains_list_enabled" -eq 1 ] || [ "$domain_service_enabled" -eq 1 ]; then
-        /etc/init.d/dnsmasq restart
-    fi
-
-    config_get_bool subnets_list_enabled "main" "subnets_list_enabled" "0"
-    if [ "$subnets_list_enabled" -eq 1 ]; then
-        log "Adding a subnets from list"
-        mkdir -p /tmp/podkop
-        add_set "podkop_subnets" "main"
-        config_list_foreach main subnets "list_subnets_download"
-    fi
-
-    config_get_bool custom_download_subnets_list_enabled "main" "custom_download_subnets_list_enabled" "0"
-    if [ "$custom_download_subnets_list_enabled" -eq 1 ]; then
-        log "Adding a subnets from URL"
-        mkdir -p /tmp/podkop
-        add_set "podkop_subnets" "main"
-        config_list_foreach main custom_download_subnets "list_subnets_download"
-    fi
-
-    config_get_bool custom_subnets_list_enabled "main" "custom_subnets_list_enabled" "0"
-    if [ "$custom_subnets_list_enabled" -eq 1 ]; then
-        log "Adding a custom subnets list"
-        add_set "podkop_subnets" "main"
-        config_list_foreach main custom_subnets "list_custom_subnets_create" "podkop"
-    fi
-
-    config_get_bool custom_subnets_list_enabled "second" "custom_subnets_list_enabled" "0"
-    if [ "$custom_subnets_list_enabled" -eq 1 ]; then
-        log "Adding a custom subnets list. Second"
-        add_set "podkop2_subnets" "second"
-        config_list_foreach second custom_subnets "list_custom_subnets_create" "podkop2"
-    fi
-}
-
-dnsmasqfull() {
-    if /usr/sbin/dnsmasq -v | grep -q "no-nftset"; then
-        log "Dnsmasq-full is not installed. Future: link only"
-        log "Use script or:"
-        log "cd /tmp/ && /bin/opkg download dnsmasq-full && /bin/opkg remove dnsmasq && /bin/opkg install dnsmasq-full --cache /tmp/ && cp /etc/config/dhcp /etc/config/dhcp-old && mv /etc/config/dhcp-opkg /etc/config/dhcp"
-        exit 1
-    fi
-}
-
-ucitrack() {
-    if grep -q "podkop" /etc/config/ucitrack; then
-        log "ucitrack config ok"
-    else
-        log "ucitrack config not found"
-    fi
-}
-
-routing_table_create() {
-    grep -q "105 podkop" /etc/iproute2/rt_tables || echo '105 podkop' >>/etc/iproute2/rt_tables
-    config_get_bool second_enable "second" "second_enable" "0"
-    if [ "$second_enable" -eq 1 ]; then
-        grep -q "106 podkop2" /etc/iproute2/rt_tables || echo '106 podkop2' >>/etc/iproute2/rt_tables
-    fi
-}
-
-add_set() {
-    local set_name="$1"
-    local connect="$2"
-
-    nft add table inet PodkopTable
-    log "Create set $set_name"
-    nft add chain inet PodkopTable mangle { type filter hook prerouting priority mangle \; policy accept \;}
-    nft add set inet PodkopTable "$set_name" { type ipv4_addr\; flags interval\; auto-merge\; }
-    config_get mode "$connect" "mode"
-    case "$mode" in
-    "vpn")
-        if ! nft list chain inet PodkopTable mangle | grep -q "ip daddr @"$set_name" meta mark set"; then
-            if [ "$connect" = "main" ]; then
-                nft add rule inet PodkopTable mangle ip daddr @"$set_name" meta mark set 0x105 counter
-            elif [ "$connect" = "second" ]; then
-                nft add rule inet PodkopTable mangle ip daddr @"$set_name" meta mark set 0x106 counter
-            fi
-        fi
-        ;;
-
-    "proxy")
-        #nft add chain inet PodkopTable mangle { type filter hook prerouting priority mangle \; }
-        #nft add chain inet PodkopTable proxy { type filter hook prerouting priority mangle \; }
-        if nft list table inet PodkopTable | grep -q "ip daddr @"$set_name" meta l4proto"; then
-            log "Nft rule tproxy exists"
-        else
-            log "Added nft rule tproxy"
-            if [ "$connect" = "main" ]; then
-                nft add rule inet PodkopTable mangle ip daddr @"$set_name" meta l4proto tcp meta mark set 0x105 counter
-                nft add rule inet PodkopTable mangle ip daddr @"$set_name" meta l4proto udp meta mark set 0x105 counter
-                nft add rule inet PodkopTable mangle iifname "br-lan" meta mark 0x105 meta l4proto tcp tproxy ip to :1602 counter
-                nft add rule inet PodkopTable mangle iifname "br-lan" meta mark 0x105 meta l4proto udp tproxy ip to :1602 counter
-            elif [ "$connect" = "second" ]; then
-                nft add rule inet PodkopTable mangle ip daddr @"$set_name" meta l4proto tcp meta mark set 0x106 counter
-                nft add rule inet PodkopTable mangle ip daddr @"$set_name" meta l4proto udp meta mark set 0x106 counter
-                nft add rule inet PodkopTable mangle iifname "br-lan" meta mark 0x106 meta l4proto tcp tproxy ip to :1603 counter
-                nft add rule inet PodkopTable mangle iifname "br-lan" meta mark 0x106 meta l4proto udp tproxy ip to :1603 counter
-            fi
-        fi
-        ;;
-
-    *)
-        log "Requires *vpn* or *proxy* value"
-        exit 1
-        ;;
-    esac
-}
-
-add_route_interface() {
-    local interface="$1"
-    local table="$2"
-    local retry_count=0
-    local max_retries=20
-
-    if ! ip link show "$interface" >/dev/null 2>&1; then
-        log "Interface "$interface" does not exist, not possible to create a route"
-        exit 1
-    fi
-
-    if ip route show table $table | grep -q "^default dev"; then
-        log "Route for "$interface" exists"
-        return 0
-    fi
-
-    log "Added route for "$interface""
-    while [ $retry_count -lt $max_retries ]; do
-        if ip route add table $table default dev "$interface" 2>&1 | grep -q "Network is down"; then
-            log "Error: Network is down. Let's try again in 3 seconds"
-            sleep 3
-            retry_count=$((retry_count + 1))
-        else
-            log "Route for "$interface" added"
-            return 0
-        fi
-    done
-
-    log "The maximum number of attempts has been exceeded. Failed to add a route."
-    exit 1
-}
-
-add_route_tproxy() {
-    local table=$1
-    if ! ip route list table $table | grep -q "local default dev lo scope host"; then
-        log "Added route for tproxy"
-        ip route add local 0.0.0.0/0 dev lo table $table
-    else
-        log "Route for tproxy exists"
-    fi
-}
-
-add_mark() {
-    if ! ip rule list | grep -q "from all fwmark 0x105 lookup podkop"; then
-        log "Create marking rule"
-        ip -4 rule add fwmark 0x105 table podkop priority 105
-    else
-        log "Marking rule exist"
-    fi
-
-    config_get_bool second_enable "second" "second_enable" "0"
-    if [ "$second_enable" -eq 1 ]; then
-        if ! ip rule list | grep -q "from all fwmark 0x106 lookup podkop2"; then
-            log "Create marking rule for podkop second"
-            ip -4 rule add fwmark 0x106 table podkop2 priority 106
-        else
-            log "Podkop second marking rule exist"
-        fi
-    fi
-}
-
-lists_domains_download() {
-    local URL="$1"
-
-    RU_INSIDE_DOMAINS=https://raw.githubusercontent.com/itdoginfo/allow-domains/main/Russia/inside-dnsmasq-nfset.lst
-    RU_OUTSIDE_DOMAINS=https://raw.githubusercontent.com/itdoginfo/allow-domains/main/Russia/outside-dnsmasq-nfset.lst
-    UA_DOMAINS=https://raw.githubusercontent.com/itdoginfo/allow-domains/main/Ukraine/inside-dnsmasq-nfset.lst
-
-    case "$URL" in
-    "ru_inside")
-        URL=$RU_INSIDE_DOMAINS
-        ;;
-    "ru_outside")
-        URL=$RU_OUTSIDE_DOMAINS
-        ;;
-    "ua")
-        URL=$UA_DOMAINS
-        ;;
-    *)
-        log "Unidentified list of domains"
-        exit 1
-        ;;
-    esac
-
-    count=0
-    while true; do
-        if curl -m 3 github.com; then
-            curl -f $URL --output /tmp/dnsmasq.d/podkop-domains.lst
-            sed -i 's/fw4#vpn_domains/PodkopTable#podkop_domains/g' /tmp/dnsmasq.d/podkop-domains.lst
-            return 0
-        else
-            log "GitHub is not available. Check the internet availability [$count sec]"
-            count=$((count + 1))
-        fi
-
-        if [ $count -lt 30 ]; then
-            sleep_interval=1
-        elif [ $count -ge 30 ] && [ $count -lt 60 ]; then
-            sleep_interval=5
-        elif [ $count -ge 60 ] && [ $count -lt 90 ]; then
-            sleep_interval=10
-        else
-            sleep_interval=30
-        fi
-
-        sleep $sleep_interval
-    done
-}
-
-lists_services_download() {
-    local URL="$1"
-
-    YOUTUBE=https://raw.githubusercontent.com/itdoginfo/allow-domains/refs/heads/main/Services/youtube.lst
-
-    case "$URL" in
-    "youtube")
-        URL=$YOUTUBE
-        ;;
-    *)
-        log "Unidentified list of domains"
-        exit 1
-        ;;
-    esac
-
-    count=0
-    while true; do
-        if curl -m 3 github.com; then
-            curl -f $URL --output /tmp/dnsmasq.d/podkop2-domains.lst
-            delist_downloaded_domains
-            sed -i 's/.*/nftset=\/&\/4#inet#PodkopTable#podkop2_domains/g' /tmp/dnsmasq.d/podkop2-domains.lst
-            return 0
-        else
-            log "GitHub is not available. Check the internet availability [$count sec]"
-            count=$((count + 1))
-        fi
-
-        if [ $count -lt 30 ]; then
-            sleep_interval=1
-        elif [ $count -ge 30 ] && [ $count -lt 60 ]; then
-            sleep_interval=5
-        elif [ $count -ge 60 ] && [ $count -lt 90 ]; then
-            sleep_interval=10
-        else
-            sleep_interval=30
-        fi
-
-        sleep $sleep_interval
-    done
-}
-
-list_subnets_download() {
-    TWITTER_SUBNETS=https://raw.githubusercontent.com/itdoginfo/allow-domains/main/Subnets/IPv4/Twitter.lst
-    META_SUBNETS=https://raw.githubusercontent.com/itdoginfo/allow-domains/main/Subnets/IPv4/Meta.lst
-    DISCORD_SUBNETS=https://raw.githubusercontent.com/itdoginfo/allow-domains/refs/heads/main/Subnets/IPv4/Discord.lst
-    local URL="$1"
-
-    case "$URL" in
-    "twitter")
-        URL=$TWITTER_SUBNETS
-        ;;
-    "meta")
-        URL=$META_SUBNETS
-        ;;
-    "discord")
-        URL=$DISCORD_SUBNETS
-        ;;
-    *)
-        log "Custom URL for subnet"
-        if curl --output /dev/null --silent --head --fail "$URL"; then
-            log "URL is valid"
-        else
-            log "URL $URL is not valid"
-        fi
-        ;;
-    esac
-
-    local filename=$(basename "$URL")
-    curl -f "$URL" --output "/tmp/podkop/$filename"
-    while IFS= read -r subnet; do
-        nft add element inet PodkopTable podkop_subnets { $subnet }
-    done <"/tmp/podkop/$filename"
-}
-
-list_custom_domains_create() {
-    local domain="$1"
-    local name="$2"
-    echo "nftset=/$domain/4#inet#PodkopTable#${name}_domains" >>"/tmp/dnsmasq.d/${name}-custom-domains.lst"
-    log "$domain added to the list"
-}
-
-list_custom_download_domains_create() {
-    local URL="$1"
-    local name="$2"
-    local filename=$(basename "$URL")
-    local config="/tmp/dnsmasq.d/${name}-${filename}.lst"
-
-    rm -f $config
-    curl -f "$URL" --output "/tmp/podkop/${filename}"
-    while IFS= read -r domain; do
-        echo "nftset=/$domain/4#inet#PodkopTable#${name}_domains" >>$config
-    done <"/tmp/podkop/$filename"
-    dnsmasq_config_check ${name}-${filename}.lst
-}
-
-list_custom_subnets_create() {
-    local subnet="$1"
-    local name="$2"
-    nft add element inet PodkopTable ${name}_subnets { $subnet }
-}
-
-list_all_traffic_from_ip() {
-    local ip="$1"
-    if ! nft list chain inet PodkopTable mangle | grep -q "ip saddr $ip"; then
-        nft insert rule inet PodkopTable mangle ip saddr $ip meta mark set 0x105 counter
-    fi
-}
-
-list_exclude_traffic_from_ip() {
-    local ip="$1"
-    if ! nft list chain inet PodkopTable mangle | grep -q "ip saddr $ip"; then
-        nft insert rule inet PodkopTable mangle ip saddr $ip meta mark set 0x0 counter
-    fi
-}
-
-list_delist_domains() {
-    local domain="$1"
-
-    if [ -f "/tmp/dnsmasq.d/podkop-domains.lst" ]; then
-        sed -i "/$domain/d" /tmp/dnsmasq.d/podkop-domains.lst
-        nft flush set inet PodkopTable podkop_domains
-        log "Strings containing '$domain' have been excluded from the list"
-    else
-        log "Config /tmp/dnsmasq.d/podkop-domains.lst not exists"
-    fi
-}
-
-delist_downloaded_domains() {
-    local domains="/tmp/dnsmasq.d/podkop2-domains.lst"
-
-    if [ -f "$domains" ]; then
-        while IFS= read -r line; do
-            list_delist_domains "$line"
-        done <"$domains"
-    else
-        log "$domains not found"
-    fi
-}
-
-dnsmasq_config_check() {
-    local config="$1"
-    if ! /usr/sbin/dnsmasq --conf-file=/tmp/dnsmasq.d/$config --test 2>&1 | grep -q "syntax check OK"; then
-        log "Dnsmasq config $config contains errors. Break"
-        exit 1
-    fi
-}
-
-sing_box_uci() {
-    local config="/etc/config/sing-box"
-    if grep -q "option enabled '0'" "$config" ||
-        grep -q "option user 'sing-box'" "$config"; then
-        sed -i \
-            -e "s/option enabled '0'/option enabled '1'/" \
-            -e "s/option user 'sing-box'/option user 'root'/" $config
-        log "Change sing-box UCI config"
-    else
-        log "Sing-box UCI config OK"
-    fi
-}
-
-sing_box_config_shadowsocks() {
-    local STRING="$1"
-    local listen_port="$2"
-
-    local encrypted_part=$(echo "$STRING" | cut -d'/' -f3 | cut -d'@' -f1 | base64 --decode)
-    local method=$(echo "$encrypted_part" | cut -d':' -f1)
-    local password=$(echo "$encrypted_part" | cut -d':' -f2-)
-
-    local server=$(echo "$STRING" | cut -d'@' -f2 | cut -d':' -f1)
-    local port=$(echo "$STRING" | sed -n 's|.*:\([0-9]\+\).*|\1|p')
-    local label=$(echo "$STRING" | cut -d'#' -f2)
-
-    template_config="/etc/podkop/sing-box-shadowsocks-template.json"
-
-    jq --arg server "$server" \
-        --arg port "$port" \
-        --arg method "$method" \
-        --arg password "$password" \
-        --arg listen_port "$listen_port" \
-        '.inbounds[] |=
-        if .type == "tproxy" then
-            .listen_port = ($listen_port | tonumber)
-        else
-            .
-        end |
-        .outbounds[] |= 
-        if .type == "shadowsocks" then 
-            .server = $server |
-            .server_port = ($port | tonumber) |
-            .method = $method |
-            .password = $password
-        else
-            .
-        end' "$template_config" >/etc/sing-box/config.json
-}
-
-sing_box_config_vless() {
-    local STRING="$1"
-    local listen_port="$2"
-
-    get_param() {
-        echo "$STRING" | sed -n "s/.*[?&]$1=\([^&?#]*\).*/\1/p"
-    }
-
-    uuid=$(echo "$STRING" | cut -d'/' -f3 | cut -d'@' -f1)
-    server=$(echo "$STRING" | cut -d'@' -f2 | cut -d':' -f1)
-    port=$(echo "$STRING" | cut -d'@' -f2 | cut -d':' -f2 | cut -d'?' -f1 | awk -F'/' '{print $1}')
-
-    type=$(get_param "type")
-    flow=$(get_param "flow")
-    sni=$(get_param "sni")
-    fp=$(get_param "fp")
-    security=$(get_param "security")
-    pbk=$(get_param "pbk")
-    sid=$(get_param "sid")
-    encoding=$(get_param "packetEncoding")
-    alpn=$(echo "$(get_param "alpn" | sed 's/%2C/,/g; s/%2F/\//g')" | jq -R -s -c 'split(",")' | sed 's/\\n//g')
-    label=$(echo "$STRING" | cut -d'#' -f2)
-
-    template_config="/etc/podkop/sing-box-vless-template.json"
-
-    jq --arg server "$server" \
-        --arg port "$port" \
-        --arg uuid "$uuid" \
-        --arg type "$type" \
-        --arg flow "$flow" \
-        --arg sni "$sni" \
-        --arg fp "$fp" \
-        --arg security "$security" \
-        --arg pbk "$pbk" \
-        --arg sid "$sid" \
-        --argjson alpn "$alpn" \
-        --arg encoding "$encoding" \
-        --arg listen_port "$listen_port" \
-        '.inbounds[] |=
-        if .type == "tproxy" then
-            .listen_port = ($listen_port | tonumber)
-        else
-            .
-        end |
-        .outbounds[] |= 
-           (.server = $server |
-            .server_port = ($port | tonumber) |
-            .uuid = $uuid |
-            if $security == "reality" then 
-                if $flow == "" then del(.flow) else .flow = $flow end |
-                if $encoding == "" then del(.packet_encoding) else .packet_encoding = $encoding end |
-                .tls.server_name = $sni |
-                .tls.utls.fingerprint = $fp |
-                .tls.reality.public_key = $pbk |
-                .tls.reality.short_id = $sid
-            elif $security == "tls" then
-                .tls.alpn = $alpn |
-                .tls.server_name = $sni |
-                del(.flow) |
-                del(.tls.utls) |
-                del(.tls.reality)
-            elif $security == "" or $security == "none" then
-                del(.flow) |
-                del(.tls)
-        else
-            .
-        end)' "$template_config" >/etc/sing-box/config.json
-}
-
-# make one function for full and outbound only
-sing_box_config_outbound_shadowsocks() {
-    local STRING="$1"
-    local outbound="$2"
-    local name="$3"
-
-    local encrypted_part=$(echo "$STRING" | cut -d'/' -f3 | cut -d'@' -f1 | base64 --decode)
-    local method=$(echo "$encrypted_part" | cut -d':' -f1)
-    local password=$(echo "$encrypted_part" | cut -d':' -f2-)
-
-    local server=$(echo "$STRING" | cut -d'@' -f2 | cut -d':' -f1)
-    local port=$(echo "$STRING" | cut -d':' -f3 | cut -d'#' -f1)
-    label=$(echo "$STRING" | cut -d'#' -f2)
-
-    template_config="/etc/podkop/sing-box-shadowsocks-outbound-template.json"
-
-    jq --arg server "$server" \
-        --arg port "$port" \
-        --arg method "$method" \
-        --arg password "$password" \
-        --arg tag "$name" \
-        '.outbounds[] |= 
-        if .type == "shadowsocks" then 
-            .server = $server |
-            .server_port = ($port | tonumber) |
-            .method = $method |
-            .password = $password |
-            .tag = $tag
-        else
-            .
-        end' "$template_config" >$outbound
-}
-
-sing_box_config_outbound_vless() {
-    local STRING="$1"
-    local outbound="$2"
-    local name="$3"
-
-    get_param() {
-        echo "$STRING" | sed -n "s/.*[?&]$1=\([^&?#]*\).*/\1/p"
-    }
-
-    uuid=$(echo "$STRING" | cut -d'/' -f3 | cut -d'@' -f1)
-    server=$(echo "$STRING" | cut -d'@' -f2 | cut -d':' -f1)
-    port=$(echo "$STRING" | cut -d'@' -f2 | cut -d':' -f2 | cut -d'?' -f1 | awk -F'/' '{print $1}')
-
-    type=$(get_param "type")
-    flow=$(get_param "flow")
-    sni=$(get_param "sni")
-    fp=$(get_param "fp")
-    security=$(get_param "security")
-    pbk=$(get_param "pbk")
-    sid=$(get_param "sid")
-    alpn=$(echo "$(get_param "alpn" | sed 's/%2C/,/g; s/%2F/\//g')" | jq -R -s -c 'split(",")' | sed 's/\\n//g')
-    encoding=$(get_param "packetEncoding")
-    label=$(echo "$STRING" | cut -d'#' -f2)
-
-    template_config="/etc/podkop/sing-box-vless-outbound-template.json"
-
-    jq --arg server "$server" \
-        --arg port "$port" \
-        --arg uuid "$uuid" \
-        --arg type "$type" \
-        --arg flow "$flow" \
-        --arg sni "$sni" \
-        --arg fp "$fp" \
-        --arg security "$security" \
-        --arg pbk "$pbk" \
-        --arg sid "$sid" \
-        --argjson alpn "$alpn" \
-        --arg encoding "$encoding" \
-        --arg tag "$name" \
-        '.outbounds[] |= 
-           (.server = $server |
-            .server_port = ($port | tonumber) |
-            .uuid = $uuid |
-            if $security == "reality" then 
-                if $flow == "" then del(.flow) else .flow = $flow end |
-                if $encoding == "" then del(.packet_encoding) else .packet_encoding = $encoding end |
-                .tls.server_name = $sni |
-                .tls.utls.fingerprint = $fp |
-                .tls.reality.public_key = $pbk |
-                .tls.reality.short_id = $sid |
-                .tag = $tag
-            elif $security == "tls" then
-                .tls.alpn = $alpn |
-                .tls.server_name = $sni |
-                del(.flow) |
-                del(.tls.utls) |
-                del(.tls.reality) |
-                .tag = $tag
-            elif $security == "" or $security == "none" then
-                del(.flow) |
-                del(.tls) |
-                .tag = $tag
-        else
-            .
-        end)' "$template_config" >$outbound
-}
-
-sing_box_config_check() {
-    if ! sing-box -c /etc/sing-box/config.json check >/dev/null 2>&1; then
-        log "Sing-box configuration is invalid"
-        exit 1
-    fi
-}
+        if [ "$mon_restart_ifaces" = "1" ]; then
+			for iface in $restart_ifaces; do
+            	procd_add_interface_trigger "interface.*.up" "$iface" /etc/init.d/podkop reload
+			done
+		fi
+	procd_close_trigger
+}

podkop/files/etc/podkop/sing-box-shadowsocks-outbound-template.json

@@ -1,16 +0,0 @@
-{
-  "outbounds": [
-    {
-      "type": "shadowsocks",
-      "server": "$HOST",
-      "server_port": "$PORT",
-      "method": "$METHOD",
-      "password": "$PASS",
-      "udp_over_tcp": {
-        "enabled": true,
-        "version": 2
-      },
-      "tag": "$TAG"
-    }
-  ]
-}

podkop/files/etc/podkop/sing-box-shadowsocks-template.json

@@ -1,29 +0,0 @@
-{
-  "log": {
-    "level": "warn"
-  },
-  "inbounds": [
-    {
-      "type": "tproxy",
-      "listen": "::",
-      "listen_port": 1602,
-      "sniff": false
-    }
-  ],
-  "outbounds": [
-    {
-      "type": "shadowsocks",
-      "server": "$HOST",
-      "server_port": "$PORT",
-      "method": "$METHOD",
-      "password": "$PASS",
-      "udp_over_tcp": {
-        "enabled": true,
-        "version": 2
-      }
-    }
-  ],
-  "route": {
-    "auto_detect_interface": true
-  }
-}

podkop/files/etc/podkop/sing-box-two-proxy-template.json

@@ -1,35 +0,0 @@
-{
-  "log": {
-    "level": "warn"
-  },
-  "inbounds": [
-    {
-      "type": "tproxy",
-      "listen": "::",
-      "listen_port": 1602,
-      "sniff": false,
-      "tag": "main"
-    },
-    {
-      "type": "tproxy",
-      "listen": "::",
-      "listen_port": 1603,
-      "sniff": false,
-      "tag": "second"
-    }
-  ],
-  "outbounds": [],
-  "route": {
-    "rules": [
-      {
-        "inbound": "main",
-        "outbound": "main"
-      },
-      {
-        "inbound": "second",
-        "outbound": "second"
-      }
-    ],
-    "auto_detect_interface": true
-  }
-}

podkop/files/etc/podkop/sing-box-vless-outbound-template.json

@@ -1,26 +0,0 @@
-{
-  "outbounds": [
-    {
-      "type": "vless",
-      "server": "$HOST",
-      "server_port": "$PORT",
-      "uuid": "$UUID",
-      "flow": "xtls-rprx-vision",
-      "tls": {
-        "enabled": true,
-        "insecure": false,
-        "server_name": "$FAKE_SERVER",
-        "utls": {
-          "enabled": true,
-          "fingerprint": "chrome"
-        },
-        "reality": {
-          "enabled": true,
-          "public_key": "$PUBLIC_KEY",
-          "short_id": "$SHORT_ID"
-        }
-      },
-      "tag": "$TAG"
-    }
-  ]
-}

podkop/files/etc/podkop/sing-box-vless-template.json

@@ -1,39 +0,0 @@
-{
-  "log": {
-    "level": "warn"
-  },
-  "inbounds": [
-    {
-      "type": "tproxy",
-      "listen": "::",
-      "listen_port": 1602,
-      "sniff": false
-    }
-  ],
-  "outbounds": [
-    {
-      "type": "vless",
-      "server": "$HOST",
-      "server_port": "$PORT",
-      "uuid": "$UUID",
-      "flow": "xtls-rprx-vision",
-      "tls": {
-        "enabled": true,
-        "insecure": false,
-        "server_name": "$FAKE_SERVER",
-        "utls": {
-          "enabled": true,
-          "fingerprint": "chrome"
-        },
-        "reality": {
-          "enabled": true,
-          "public_key": "$PUBLIC_KEY",
-          "short_id": "$SHORT_ID"
-        }
-      }
-    }
-  ],
-  "route": {
-    "auto_detect_interface": true
-  }
-}