Update

feat(podkop): add show config + version features

README.md

@@ -2,11 +2,13 @@
 
 - Это альфа версия, которая находится в активной разработке. Из версии в версию что-то может меняться.
 - Основной функционал работает, но побочные штуки сейчас могут сбоить.
-- При обновлении всегда заходите в конфигурацию и проверяйте свои настройки. Конфигурация может измениться.
+- При обновлении **обязатально** сбрасывайте кэш LuCI.
+- Также при обновлении всегда заходите в конфигурацию и проверяйте свои настройки. Конфигурация может измениться.
 - Необходимо минимум 15МБ свободного места на роутере. Роутерами с флешками на 16МБ сразу мимо.
 - При старте программы редактируется конфиг Dnsmasq.
 - Podkop редактирует конфиг sing-box. Обязательно сохраните ваш конфиг sing-box перед установкой, если он вам нужен.
 - Информация здесь может быть устаревшей. Все изменения фиксируются в телеграм-чате https://t.me/itdogchat - топик **Podkop**.
+- Если у вас не что-то не работает, то следуюет сходить в телеграм чат, прочитать закрепы и выполнить что там написано..
 - Если у вас установлен Getdomains, его следует удалить.
 
 # Удаление GetDomains скриптом
@@ -90,7 +92,14 @@ Luci: Services/podkop
 - [ ] `service network restart` ломает маршруты при sing-box
 - [ ] Совпадение секции с ruleset ломает конфиг sing-box
 - [ ] В каких-то случаях плохо отрабатывает localfile
-
+- [ ] exit 1 если в конфиге присуствует
+```
+        option doh_backup_noresolv '0'
+        list doh_backup_server ''
+        list doh_backup_server ''
+        list doh_server '127.0.0.1#5053'
+        list doh_server '127.0.0.1#5054'
+```
 # ToDo
 Этот раздел не означает задачи, которые нужно брать и делать. Это общий список хотелок. Если вы хотите помочь, пожалуйста, спросите сначала в телеграмме.
 
@@ -140,6 +149,8 @@ Luci: Services/podkop
 - [ ] Диагностика: Proxy check completed successfully предположительно не показывает IP, если вернулся это IPv6.
 - [ ] Диагностика: podkop_domains: 0 elements как проверять что доходят запросы при fakeip? Мб врубать логи dnsmasq и их чекать.
 - [ ] Сделать галку запрещающую подкопу редачить dhcp. Допилить в исключение вместе с пустыми полями proxy и vpn
+- [ ] Валидации предустановленных значений. Если прописаны другие, то вывод в лог о неизвестной переменной и продолжение работы
+- [ ] Добавление в список доменов домены первого уровня (LuCI)
 
 Приоритет 2
 - [x] Списки доменов и подсетей с роутера

install.sh

@@ -4,15 +4,38 @@ REPO="https://api.github.com/repos/itdoginfo/podkop/releases/latest"
 
 IS_SHOULD_RESTART_NETWORK=
 DOWNLOAD_DIR="/tmp/podkop"
+COUNT=3
+
+rm -rf "$DOWNLOAD_DIR"
 mkdir -p "$DOWNLOAD_DIR"
 
 main() {
     check_system
-
-    wget -qO- "$REPO" | grep -o 'https://[^"]*\.ipk' | while read -r url; do
+    sing_box
+    
+    wget -qO- "$REPO" | grep -o 'https://[^"[:space:]]*\.ipk' | while read -r url; do
         filename=$(basename "$url")
-        echo "Download $filename..."
-        wget -q -O "$DOWNLOAD_DIR/$filename" "$url"
+        filepath="$DOWNLOAD_DIR/$filename"
+
+        attempt=0
+        while [ $attempt -lt $COUNT ]; do
+            if [ -f "$filepath" ] && [ -s "$filepath" ]; then
+                echo "$filename has already been uploaded"
+                break
+            fi
+
+            echo "Download $filename (count $((attempt+1)))..."
+            wget -q -O "$filepath" "$url"
+            
+            if [ -s "$filepath" ]; then
+                echo "$filename successfully downloaded"
+                break
+            else
+                echo "Download error $filename. Retry..."
+                rm -f "$filepath"
+            fi
+            attempt=$((attempt+1))
+        done
     done
 
     echo "opkg update"
@@ -28,7 +51,6 @@ main() {
             case $UPDATE in
             y)
                 echo "Upgraded podkop..."
-                sed -i '/second/d' /etc/config/podkop
                 break
                 ;;
 
@@ -50,6 +72,7 @@ main() {
     opkg install $DOWNLOAD_DIR/podkop*.ipk
     opkg install $DOWNLOAD_DIR/luci-app-podkop*.ipk
 
+
     echo "Русский язык интерфейса ставим? y/n (Need a Russian translation?)"
     while true; do
         read -r -p '' RUS
@@ -78,12 +101,12 @@ main() {
 }
 
 add_tunnel() {
-    echo "What type of VPN or proxy will be used? We also can automatically configure Wireguard and Amnezia WireGuard."
+    echo "Will you be using Wireguard, AmneziaWG, OpenVPN, OpenConnect? If yes, select a number and they will be automatically installed"
     echo "1) Wireguard"
     echo "2) AmneziaWG"
     echo "3) OpenVPN"
     echo "4) OpenConnect"
-    echo "5) Skip this step"
+    echo "5) I use VLESS/SS. Skip this step"
 
     while true; do
         read -r -p '' TUNNEL
@@ -379,6 +402,15 @@ check_system() {
         echo "Available: $((AVAILABLE_SPACE/1024))MB"
         echo "Required: $((REQUIRED_SPACE/1024))MB"
         exit 1
+    fi  
+}
+
+sing_box() {
+    sing_box_version=$(sing-box version | head -n 1 | awk '{print $3}')
+    required_version="1.11.1"
+
+    if [ "$(echo -e "$sing_box_version\n$required_version" | sort -V | head -n 1)" != "$required_version" ]; then
+        opkg remove sing-box
     fi
 }
 

luci-app-podkop/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-podkop
-PKG_VERSION:=0.3.0
+PKG_VERSION:=0.3.7
 PKG_RELEASE:=1
 
 LUCI_TITLE:=LuCI podkop app

luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js

@@ -7,10 +7,20 @@
 
 return view.extend({
     async render() {
+        document.getElementsByTagName('head')[0].insertAdjacentHTML('beforeend', `
+            <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
+            <meta http-equiv="Pragma" content="no-cache">
+            <meta http-equiv="Expires" content="0">
+        `);
+
         var m, s, o;
 
         m = new form.Map('podkop', _('Podkop configuration'), null, ['main', 'second']);
-
+        fs.exec('/etc/init.d/podkop', ['show_version']).then(function (res) {
+            if (res.stdout) {
+                m.title = _('Podkop') + ' v' + res.stdout.trim();
+            }
+        });
         s = m.section(form.TypedSection, 'main');
         s.anonymous = true;
 
@@ -394,13 +404,16 @@ return view.extend({
 
         o = s.taboption('additional', form.Flag, 'yacd', _('Yacd enable'), _('http://openwrt.lan:9090/ui'));
         o.default = '0';
-        o.depends('mode', 'proxy');
         o.rmempty = false;
         o.ucisection = 'main';
 
         o = s.taboption('additional', form.Flag, 'exclude_ntp', _('Exclude NTP'), _('For issues with open connections sing-box'));
         o.default = '0';
-        o.depends('mode', 'proxy');
+        o.rmempty = false;
+        o.ucisection = 'main';
+
+        o = s.taboption('additional', form.Flag, 'quic_disable', _('QUIC disable'), _('For issues with the video stream'));
+        o.default = '0';
         o.rmempty = false;
         o.ucisection = 'main';
 
@@ -552,6 +565,50 @@ return view.extend({
                 });
         };
 
+        o = s.taboption('diagnostics', form.Button, '_show_config');
+        o.title = _('Show Config');
+        o.description = _('Show current podkop configuration with masked sensitive data');
+        o.inputtitle = _('Show Config');
+        o.inputstyle = 'apply';
+        o.onclick = function () {
+            return fs.exec('/etc/init.d/podkop', ['show_config'])
+                .then(function (res) {
+                    const formattedOutput = formatDiagnosticOutput(res.stdout || _('No output'));
+
+                    const modalElement = ui.showModal(_('Podkop Configuration'), [
+                        E('div', { class: 'cbi-section' }, [
+                            E('pre', { class: 'cbi-value-field' }, formattedOutput)
+                        ]),
+                        E('div', { style: 'display: flex; justify-content: space-between; margin-top: 1em;' }, [
+                            E('button', {
+                                'class': 'btn cbi-button-save',
+                                'click': function () {
+                                    const textarea = document.createElement('textarea');
+                                    textarea.value = '```\n' + formattedOutput + '\n```';
+                                    document.body.appendChild(textarea);
+                                    textarea.select();
+                                    try {
+                                        document.execCommand('copy');
+                                        ui.hideModal();
+                                    } catch (err) {
+                                        ui.addNotification(null, E('p', {}, _('Failed to copy: ') + err.message));
+                                    }
+                                    document.body.removeChild(textarea);
+                                }
+                            }, _('Copy to Clipboard')),
+                            E('button', {
+                                'class': 'btn cbi-button-neutral',
+                                'click': ui.hideModal
+                            }, _('Close'))
+                        ])
+                    ], 'large');
+
+                    if (modalElement && modalElement.parentElement) {
+                        modalElement.parentElement.classList.add('modal-overlay-large');
+                    }
+                });
+        };
+
         o = s.taboption('diagnostics', form.Button, '_list_update');
         o.title = _('Update lists');
         o.description = _('Update all lists in config');

podkop/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=podkop
-PKG_VERSION:=0.3.0
+PKG_VERSION:=0.3.7
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=ITDog <podkop@itdog.info>

podkop/files/etc/config/podkop

@@ -28,5 +28,6 @@ config main 'main'
 	option yacd '0'
 	option socks5 '0'
 	option exclude_ntp '0'
+	option quic_disable '0'
 	option update_interval '1d'
 	option custom_domains_text

podkop/files/etc/init.d/podkop

@@ -7,7 +7,7 @@ script=$(readlink "$initscript")
 NAME="$(basename ${script:-$initscript})"
 config_load "$NAME"
 
-EXTRA_COMMANDS="list_update check_proxy check_nft check_github check_logs check_all check_three"
+EXTRA_COMMANDS="list_update check_proxy check_nft check_github check_logs check_all check_three main show_config show_version"
 EXTRA_HELP="        list_update     Updating domain and subnet lists
         sing_box_config_vless For test vless string
         check_proxy          Check if sing-box proxy works correctly
@@ -15,7 +15,10 @@ EXTRA_HELP="        list_update     Updating domain and subnet lists
         check_github        Check GitHub connectivity and lists availability
         check_logs         Show podkop logs from system journal
         check_all          Run all checks
-        check_three         Run check_proxy, check_nft and check_github"
+        check_three         Run check_proxy, check_nft and check_github
+        main                Main function
+        show_config         Show current configuration with masked sensitive data
+        show_version        Show current version"
 
 [ ! -L /usr/sbin/podkop ] && ln -s /etc/init.d/podkop /usr/sbin/podkop
 
@@ -40,71 +43,27 @@ start_service() {
     required_version="1.11.1"
 
     if [ "$(echo -e "$sing_box_version\n$required_version" | sort -V | head -n 1)" != "$required_version" ]; then
-        echo "The version of sing-box ($sing_box_version) is lower than the minimum version. Update sing-box: opkg update && opkg install sing-box"
+        echo "The version of sing-box ($sing_box_version) is lower than the minimum version. Update sing-box: opkg update && opkg remove sing-box && opkg install sing-box"
+        exit 1
+    fi
+
+    if opkg list-installed | grep -qE "iptables|kmod-iptab"; then
+        echo "Found incompatible iptables packages. If you're using FriendlyWrt: https://t.me/itdogchat/44512/181082"
+        exit 1
+    fi
+
+    if ! ip addr | grep -q "br-lan"; then
+        log "Interface br-lan not found"
         exit 1
     fi
     
-    config_foreach wget_github
+    migration
 
-    mkdir -p /tmp/podkop
-
-    # base
-    route_table_rule_mark
-    create_nft_table
-    sing_box_uci
-
-    # sing-box
-    sing_box_inbound_proxy 1602
-    sing_box_dns
-    sing_box_dns_rule_fakeip
-    sing_box_rule_dns
-    sing_box_cache_file
-    process_socks5
-
-    # sing-box outbounds and rules
-    config_foreach sing_box_outdound
-    config_foreach process_domains_for_section
-    config_foreach process_remote_ruleset
-    config_foreach sing_box_rule_preset
-    config_foreach process_domains_list_local
-    config_foreach process_domains_list_url
-    config_foreach process_subnet_for_section
-    config_foreach process_subnet_for_section_remote
-    config_foreach process_all_traffic_for_section
-    config_foreach add_cron_job
-
-    #Future: exclude at the fakeip?
-    config_get_bool exclude_from_ip_enabled "main" "exclude_from_ip_enabled" "0"
-    if [ "$exclude_from_ip_enabled" -eq 1 ]; then
-        log "Adding an IP for exclusion"
-        config_list_foreach main exclude_traffic_ip sing_box_rules_source_ip_cidr $exclude_traffic_ip direct-out
-    fi
-
-    config_get_bool yacd "main" "yacd" "0"
-    if [ "$yacd" -eq 1 ]; then
-        log "Yacd enable"
-        jq '.experimental.clash_api = {
-            "external_ui": "ui",
-            "external_controller": "0.0.0.0:9090"
-        }' $SING_BOX_CONFIG >/tmp/sing-box-config-tmp.json && mv /tmp/sing-box-config-tmp.json $SING_BOX_CONFIG
-    fi
-
-    config_get_bool exclude_ntp "main" "exclude_ntp" "0"
-    if [ "$exclude_ntp" -eq 1 ]; then
-        log "NTP traffic exclude for proxy"
-        nft insert rule inet PodkopTable mangle udp dport 123 return
-    fi
-
-    sing_box_config_check
-    /etc/init.d/sing-box restart
-    /etc/init.d/sing-box enable
-
-    config_get proxy_string "main" "proxy_string"
-    config_get interface "main" "interface"
-
-    if [ -n "$proxy_string" ] || [ -n "$interface" ]; then
-        dnsmasq_add
-    fi
+	procd_open_instance
+	procd_set_param command /bin/sh -c "/etc/init.d/podkop main &"
+	procd_set_param stdout 1
+	procd_set_param stderr 1
+	procd_close_instance
 }
 
 stop_service() {
@@ -171,6 +130,123 @@ nolog() {
     echo -e "${CYAN}[$timestamp]${RESET} ${GREEN}$message${RESET}"
 }
 
+main() {
+    sleep 5
+
+    config_foreach wget_github
+
+    mkdir -p /tmp/podkop
+  
+    # base
+    route_table_rule_mark
+    create_nft_table
+    sing_box_uci
+
+    # sing-box
+    sing_box_inbound_proxy 1602
+    sing_box_dns
+    sing_box_dns_rule_fakeip
+    sing_box_rule_dns
+    sing_box_cache_file
+    process_socks5
+
+    # sing-box outbounds and rules
+    config_foreach sing_box_outdound
+    config_foreach process_domains_for_section
+    config_foreach process_remote_ruleset
+    config_foreach sing_box_rule_preset
+    config_foreach process_domains_list_local
+    config_foreach process_domains_list_url
+    config_foreach process_subnet_for_section
+    config_foreach process_subnet_for_section_remote
+    config_foreach process_all_traffic_for_section
+    config_foreach add_cron_job
+
+    # Future: exclude at the fakeip?
+    config_get_bool exclude_from_ip_enabled "main" "exclude_from_ip_enabled" "0"
+    if [ "$exclude_from_ip_enabled" -eq 1 ]; then
+        log "Adding an IP for exclusion"
+        config_list_foreach main exclude_traffic_ip sing_box_rules_source_ip_cidr $exclude_traffic_ip direct-out
+    fi
+
+    config_get_bool yacd "main" "yacd" "0"
+    if [ "$yacd" -eq 1 ]; then
+        log "Yacd enable"
+        jq '.experimental.clash_api = {
+            "external_ui": "ui",
+            "external_controller": "0.0.0.0:9090"
+        }' $SING_BOX_CONFIG >/tmp/sing-box-config-tmp.json && mv /tmp/sing-box-config-tmp.json $SING_BOX_CONFIG
+    fi
+
+    config_get_bool exclude_ntp "main" "exclude_ntp" "0"
+    if [ "$exclude_ntp" -eq 1 ]; then
+        log "NTP traffic exclude for proxy"
+        nft insert rule inet PodkopTable mangle udp dport 123 return
+    fi
+
+    config_get_bool quic_disable "main" "quic_disable" "0"
+    if [ "$quic_disable" -eq 1 ]; then
+        log "Rule for disable QUIC"
+        sing_box_quic_reject
+    fi
+
+    sing_box_config_check
+    /etc/init.d/sing-box restart
+    /etc/init.d/sing-box enable
+
+    config_get proxy_string "main" "proxy_string"
+    config_get interface "main" "interface"
+
+    if [ -n "$proxy_string" ] || [ -n "$interface" ]; then
+        dnsmasq_add
+    fi
+}
+
+# Migrations funcs
+migration() {
+    # list migrate
+    local CONFIG="/etc/config/podkop"
+
+    if grep -q "ru_inside" $CONFIG; then
+        log "Depricated list found: ru_inside"
+        sed -i '/ru_inside/d' $CONFIG
+    fi
+
+    if grep -q "list domain_list 'ru_outside'" $CONFIG; then
+        log "Depricated list found: sru_outside"
+        sed -i '/ru_outside/d' $CONFIG
+    fi
+
+    if grep -q "list domain_list 'ua'" $CONFIG; then
+        log "Depricated list found: ua"
+        sed -i '/ua/d' $CONFIG
+    fi
+
+    # Subnet list
+    if grep -q "list subnets" $CONFIG; then
+        log "Depricated second section found"
+        sed -i '/list subnets/d' $CONFIG
+    fi 
+
+    # second remove
+    if grep -q "config second 'second'" $CONFIG; then
+        log "Depricated second section found"
+        sed -i '/second/d' $CONFIG
+    fi
+
+    # cron update
+    if grep -qE "^\s*option update_interval '[0-9*/,-]+( [0-9*/,-]+){4}'" $CONFIG; then
+        log "Depricated update_interval"
+        sed -i "s|^\(\s*option update_interval\) '[0-9*/,-]\+\( [0-9*/,-]\+\)\{4\}'|\1 '1d'|" $CONFIG
+    fi
+
+    # dnsmasq https
+    if grep -q "^filter-rr=HTTPS" "/etc/dnsmasq.conf"; then
+        log "Found and removed filter-rr=HTTPS in dnsmasq config"
+        sed -i '/^filter-rr=HTTPS/d' "/etc/dnsmasq.conf"
+    fi
+}
+
 # Main funcs
 
 route_table_rule_mark() {
@@ -219,12 +295,10 @@ dnsmasq_add() {
     uci set dhcp.@dnsmasq[0].filter_aaaa="1"
     uci set dhcp.@dnsmasq[0].cachesize="0"
     uci -q delete dhcp.@dnsmasq[0].server
-    uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#5353"
+    uci add_list dhcp.@dnsmasq[0].server="127.0.0.42"
     uci add_list dhcp.@dnsmasq[0].server='/use-application-dns.net/'
     uci commit dhcp
 
-    grep -q "filter-rr=HTTPS" /etc/dnsmasq.conf || echo "filter-rr=HTTPS" >> /etc/dnsmasq.conf
-
     /etc/init.d/dnsmasq restart
 }
 
@@ -236,8 +310,6 @@ dnsmasq_rm() {
     uci -q delete dhcp.@dnsmasq[0].server
     uci commit dhcp
 
-    sed -i '/filter-rr=HTTPS/d' /etc/dnsmasq.conf
-
     /etc/init.d/dnsmasq restart
 }
 
@@ -279,7 +351,8 @@ process_subnets_text() {
 }
 
 wget_github() {
-    local count=0
+    local count_nslookup=0
+    local count_curl=0
 
     config_get domain_list_enabled "$section" "domain_list_enabled"
     config_get subnets_list_enabled "$section" "subnets_list_enabled"
@@ -290,18 +363,39 @@ wget_github() {
         [ "$custom_download_domains_list_enabled" -eq 1 ] || [ "$custom_download_subnets_list_enabled" -eq 1 ] ; then
 
         while true; do
-            if ! curl -m 3 github.com; then
-                log "GitHub is not available. Check the internet availability [$count sec]"
-                count=$((count + 1))
+            if ! nslookup google.com >/dev/null 2>&1; then
+                log "DNS not working. Retrying... [$count_nslookup sec]"
+                count_nslookup=$((count_nslookup + 1))
             else
                 return
             fi
 
-            if [ $count -lt 30 ]; then
+            if [ $count_nslookup -lt 30 ]; then
                 sleep_interval=1
-            elif [ $count -ge 30 ] && [ $count -lt 60 ]; then
+            elif [ $count_nslookup -ge 30 ] && [ $count_nslookup -lt 60 ]; then
                 sleep_interval=5
-            elif [ $count -ge 60 ] && [ $count -lt 90 ]; then
+            elif [ $count_nslookup -ge 60 ] && [ $count_nslookup -lt 90 ]; then
+                sleep_interval=10
+            else
+                sleep_interval=30
+            fi
+
+            sleep $sleep_interval
+        done
+
+        while true; do
+            if ! curl -m 3 github.com; then
+                log "GitHub is not available. Check the internet availability [$count_curl sec]"
+                count_curl=$((count_curl + 1))
+            else
+                return
+            fi
+
+            if [ $count_curl -lt 30 ]; then
+                sleep_interval=1
+            elif [ $count_curl -ge 30 ] && [ $count_curl -lt 60 ]; then
+                sleep_interval=5
+            elif [ $count_curl -ge 60 ] && [ $count_curl -lt 90 ]; then
                 sleep_interval=10
             else
                 sleep_interval=30
@@ -429,8 +523,8 @@ sing_box_inbound_proxy() {
             {
                 "tag": "dns-in",
                 "type": "direct",
-                "listen": "127.0.0.1",
-                "listen_port": 5353
+                "listen": "127.0.0.42",
+                "listen_port": 53
             }
         ],
         "outbounds": [
@@ -471,6 +565,12 @@ sing_box_dns_rule_fakeip() {
     jq \
     '.dns += {
         "rules": [
+              {
+            "query_type": [
+                "HTTPS"
+            ],
+            "action": "reject"
+            },
             {
             "server": "fakeip-server",
             "rule_set": []
@@ -481,20 +581,24 @@ sing_box_dns_rule_fakeip() {
 
 sing_box_dns_rule_fakeip_section() {
     local rule_set=$1
-
+    echo $rule_set
     log "Adding section to fakeip route rules in sing-box"
+
     jq \
     --arg rule_set "$rule_set" \
     '.dns.rules |= map(
         if .server == "fakeip-server" then 
-            .rule_set += [$rule_set] 
+            if any(.rule_set[]?; . == $rule_set) then 
+                .
+            else 
+                .rule_set += [$rule_set] 
+            end
         else 
             . 
         end
-    )' $SING_BOX_CONFIG >/tmp/sing-box-config-tmp.json && mv /tmp/sing-box-config-tmp.json $SING_BOX_CONFIG
+    )' "$SING_BOX_CONFIG" >/tmp/sing-box-config-tmp.json && mv /tmp/sing-box-config-tmp.json "$SING_BOX_CONFIG"
 }
 
-
 sing_box_cache_file() {
     log "Configure cache.db in sing-box"
     jq \
@@ -515,7 +619,7 @@ sing_box_outdound() {
     case "$mode" in
     "vpn")
         log "VPN mode"
-        log "You are using VPN mode, make sure you have installed all the necessary packages, configured, created the zone and forwarding."
+        log "You are using VPN mode, make sure you have installed all the necessary packages and configured."
         config_get interface "$section" "interface"
         sing_box_outbound_interface $section $interface
         ;;
@@ -603,7 +707,7 @@ sing_box_rule_dns() {
 sing_box_config_check() {
     if ! sing-box -c $SING_BOX_CONFIG check >/dev/null 2>&1; then
         log "Sing-box configuration is invalid"
-        return
+        exit 1
     fi
 }
 
@@ -627,8 +731,8 @@ sing_box_config_outbound_json() {
     {
         "tag": "dns-in",
         "type": "direct",
-        "listen": "127.0.0.1",
-        "listen_port": 5353
+        "listen": "127.0.0.42",
+        "listen_port": 53
     }    
   ],
   "outbounds": [],
@@ -954,27 +1058,37 @@ process_domains_for_section() {
 }
 
 sing_box_ruleset_remote() {
-    log "Configure ruleset remote in sing-box"
-
     local tag=$1
     local type=$2
     local update_interval=$3
 
     url="$SRS_MAIN_URL/$tag.srs"
 
-    jq \
-    --arg tag "$tag" \
-    --arg type "$type" \
-    --arg url "$url" \
-    --arg update_interval "$update_interval" \
-    '.route |= (if . == null then {rule_set: []} else . end) |
-            .route.rule_set += [{
+    local tag_exists=$(jq -r --arg tag "$tag" '
+        .route.rule_set[]? | select(.tag == $tag) | .tag
+    ' "$SING_BOX_CONFIG")
+
+    if [[ -n "$tag_exists" ]]; then
+        log "Ruleset with tag $tag already exists. Skipping addition."
+    else
+        jq \
+        --arg tag "$tag" \
+        --arg type "$type" \
+        --arg url "$url" \
+        --arg update_interval "$update_interval" \
+        '
+        .route.rule_set += [
+            {
                 "tag": $tag,
                 "type": $type,
                 "format": "binary",
                 "url": $url,
                 "update_interval": $update_interval
-            }]' $SING_BOX_CONFIG >/tmp/sing-box-config-tmp.json && mv /tmp/sing-box-config-tmp.json $SING_BOX_CONFIG
+            }
+        ]' "$SING_BOX_CONFIG" > /tmp/sing-box-config-tmp.json && mv /tmp/sing-box-config-tmp.json "$SING_BOX_CONFIG"
+
+        log "Added new ruleset with tag $tag"
+    fi
 }
 
 list_subnets_download() {
@@ -1018,7 +1132,7 @@ sing_box_rules() {
     local rule_set="$1"
     local outbound="$2"
 
-    # Check if there is an outbound rule for “tproxy-in”
+    # Check if there is an outbound rule for "tproxy-in"
     local rule_exists=$(jq -r '.route.rules[] | select(.outbound == "'"$outbound"'" and .inbound == ["tproxy-in"])' "$SING_BOX_CONFIG")
 
     if [[ -n "$rule_exists" ]]; then
@@ -1042,6 +1156,25 @@ sing_box_rules() {
     fi
 }
 
+sing_box_quic_reject() {
+    local quic_rule_exists=$(jq -e '.route.rules[] | select(.protocol == "quic" and .action == "reject")' "$SING_BOX_CONFIG")
+
+    if [[ -z "$quic_rule_exists" ]]; then
+        jq '
+        .route.rules |= (
+            reduce .[] as $rule ([];
+                if $rule.protocol == "dns" and $rule.action == "hijack-dns" then
+                    . + [$rule, {"protocol": "quic", "action": "reject"}]
+                else
+                    . + [$rule]
+                end
+            )
+        )' "$SING_BOX_CONFIG" >/tmp/sing-box-config-tmp.json && mv /tmp/sing-box-config-tmp.json "$SING_BOX_CONFIG"
+
+        log "QUIC reject rule added successfully"
+    fi
+}
+
 process_remote_ruleset() {
     config_get_bool domain_list_enabled "$section" "domain_list_enabled" "0"
     if [ "$domain_list_enabled" -eq 1 ]; then
@@ -1246,18 +1379,31 @@ check_proxy() {
 
     nolog "Checking proxy connection..."
 
-    for attempt in `seq 1 5`; do
-        response=$(sing-box tools fetch ifconfig.me -D /etc/sing-box 2>/dev/null)
-        if ! echo "$response" | grep -q "403 Forbidden"; then
-            nolog "Proxy check completed successfully"
-            #echo "$response" | sed 's/\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)/XXX.\2.\3.\4/'
-            echo "$response" | sed -n 's/^[0-9]\+\.[0-9]\+\.[0-9]\+\.\([0-9]\+\)$/X.X.X.\1/p'
-            return 0
-        fi
-    done
 
-    nolog "Failed to get a non-403 response after 5 attempts"
-    return 1
+   for attempt in `seq 1 5`; do
+       response=$(sing-box tools fetch ifconfig.me -D /etc/sing-box 2>/dev/null)
+       if echo "$response" | grep -q "^<html\|403 Forbidden"; then
+           continue
+       fi
+       if [[ $response =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+           ip=$(echo "$response" | sed -n 's/^[0-9]\+\.[0-9]\+\.[0-9]\+\.\([0-9]\+\)$/X.X.X.\1/p')
+           nolog "$ip - should match proxy IP"
+           return 0
+       elif echo "$response" | grep -q "^[0-9a-fA-F:]*::[0-9a-fA-F:]*$\|^[0-9a-fA-F:]\+$"; then
+           ip=$(echo "$response" | sed 's/\([0-9a-fA-F]\+:[0-9a-fA-F]\+:[0-9a-fA-F]\+\):.*/\1:XXXX:XXXX:XXXX/')
+           nolog "$ip - should match proxy IP"
+           return 0
+       fi
+       if [ $attempt -eq 5 ]; then
+           nolog "Failed to get valid IP address after 5 attempts"
+           if [ -z "$response" ]; then
+               nolog "Error: Empty response"
+           else
+               nolog "Error response: $response"
+           fi
+           return 1
+       fi
+   done
 }
 
 check_nft() {
@@ -1268,7 +1414,6 @@ check_nft() {
 
     nolog "Checking PodkopTable rules..."
     
-    # Список всех возможных сетов
     local sets="podkop_domains podkop_subnets podkop_subnets_discord localv4"
     
     nolog "Sets statistics:"
@@ -1281,7 +1426,6 @@ check_nft() {
         fi
     done
 
-    # Показываем правила с счетчиками
     nolog "Current chains and rules:"
     nft list table inet PodkopTable | grep "chain\|counter"
 
@@ -1314,7 +1458,6 @@ check_logs() {
     nolog "Showing podkop logs from system journal..."
     
     if command -v logread >/dev/null 2>&1; then
-        # Попытка получить последние 50 записей
         logread -e "podkop" | tail -n 50
     else
         nolog "Error: logread command not found"
@@ -1343,3 +1486,33 @@ check_all() {
 
     check_three
 }
+
+show_config() {
+    nolog "Current podkop configuration:"
+    
+    if [ ! -f /etc/config/podkop ]; then
+        nolog "Configuration file not found"
+        return 1
+    fi
+
+    tmp_config=$(mktemp)
+    
+    cat /etc/config/podkop | sed \
+        -e 's/\(option proxy_string\).*/\1 '\''MASKED'\''/g' \
+        -e 's/\(option outbound_json\).*/\1 '\''MASKED'\''/g' \
+        -e 's/\(option second_proxy_string\).*/\1 '\''MASKED'\''/g' \
+        -e 's/\(option second_outbound_json\).*/\1 '\''MASKED'\''/g' \
+        -e 's/\(vless:\/\/[^@]*@\)/vless:\/\/MASKED@/g' \
+        -e 's/\(ss:\/\/[^@]*@\)/ss:\/\/MASKED@/g' \
+        -e 's/\(pbk=[^&]*\)/pbk=MASKED/g' \
+        -e 's/\(sid=[^&]*\)/sid=MASKED/g' \
+        > "$tmp_config"
+
+    cat "$tmp_config"
+    rm -f "$tmp_config"
+}
+
+show_version() {
+    local version=$(opkg info podkop | grep -m 1 "Version:" | cut -d' ' -f2)
+    echo "$version"
+}