v0.3.41. Improved Diagnotics: WAN, WARP, versions, etc

Update localisation

README.md

@@ -73,16 +73,14 @@ Luci: Services/podkop
 
 **Custom subnets enable** - Добавить подсети или IP-адреса. Для подсетей задать маску.
 
-# Известные баги
-- [x] Не отрабатывает service podkop stop, если podkop запущен и не может, к пример, зарезолвить домен с сломанным DNS
-- [x] Update list из remote url domain не удаляет старые домены. А добавляет новые. Для подсетей тоже самое скорее всего. Пересоздавать ruleset?
-
 # ToDo
 Этот раздел не означает задачи, которые нужно брать и делать. Это общий список хотелок. Если вы хотите помочь, пожалуйста, спросите сначала в телеграмме.
 
-- [ ] Сделать галку запрещающую подкопу редачить dhcp. Допилить в исключение вместе с пустыми полями proxy и vpn (нужно wiki)
-- [ ] Рестарт сервиса без рестарта dnsmasq
-- [ ] `ash: can't kill pid 9848: No such process` при обновлении
+- [ ] Не грузится диагностика полностью при одной нерабочей комманде. Подумать как это можно дебажить легко. https://t.me/itdogchat/142500/378956
+- [ ] При добавлении github ломается скачивание скрипта установки и любые другие скрипты с github соотвественно. Скорее всего нужно делать опцией добавление в nft самого роутера как src.
+
+Диагностика
+- [x] Используется ли warp. Сравнивать endpoint с префиксами CF
 
 Низкий приоритет
 - [ ] Галочка, которая режет доступ к doh серверам
@@ -94,6 +92,23 @@ Luci: Services/podkop
 - [ ] Unit тесты (BATS)
 - [ ] Интеграционые тесты бекенда (OpenWrt rootfs + BATS)
 
+# Don't touch my dhcp
+Нужно в первую очередь, чтоб использовать опцию `server`.
+
+В случае если опция активна, podkop не трогает /etc/config/dhcp. И вам требуется самостоятельно указать следующие значения:
+```
+	option noresolv '1'
+	option cachesize '0'
+	list server '127.0.0.42'
+```
+Без этого podkop работать не будет.
+
+# Bad WAN
+При использовании опции **Interface monitoring** необходимо рестартовать podkop, чтоб init.d подхватил это
+```
+service podkop restart
+```
+
 # Разработка
 Есть два варианта:
 - Просто поставить пакет на роутер или виртуалку и прям редактировать через SFTP (opkg install openssh-sftp-server)

install.sh

@@ -160,13 +160,13 @@ add_tunnel() {
             ;;
 
         3)
-            opkg install opkg install openvpn-openssl luci-app-openvpn
+            opkg install openvpn-openssl luci-app-openvpn
             printf "\e[1;32mUse these instructions to configure https://itdog.info/nastrojka-klienta-openvpn-na-openwrt/\e[0m\n"
             break
             ;;
 
         4)
-            opkg install opkg install openconnect luci-proto-openconnect
+            opkg install openconnect luci-proto-openconnect
             printf "\e[1;32mUse these instructions to configure https://itdog.info/nastrojka-klienta-openconnect-na-openwrt/\e[0m\n"
             break
             ;;
@@ -248,8 +248,8 @@ install_awg_packages() {
         fi
     fi
     
-    if opkg list-installed | grep -q luci-app-amneziawg; then
-        echo "luci-app-amneziawg already installed"
+    if opkg list-installed | grep -qE 'luci-app-amneziawg|luci-proto-amneziawg'; then
+        echo "luci-app-amneziawg or luci-proto-amneziawg already installed"
     else
         LUCI_APP_AMNEZIAWG_FILENAME="luci-app-amneziawg${PKGPOSTFIX}"
         DOWNLOAD_URL="${BASE_URL}v${VERSION}/${LUCI_APP_AMNEZIAWG_FILENAME}"
@@ -425,6 +425,25 @@ check_system() {
         exit 1
     fi
 
+    if opkg list-installed | grep -q https-dns-proxy; then
+        printf "\033[31;1mСonflicting package detected: https-dns-proxy. Remove? yes/no\033[0m\n"
+
+        while true; do
+                read -r -p '' DNSPROXY
+                case $DNSPROXY in
+
+                yes|y|Y|yes)
+                    opkg remove --force-depends luci-app-https-dns-proxy https-dns-proxy
+                    break
+                    ;;
+                *)
+                    echo "Exit"
+                    exit 1
+                    ;;
+        esac
+    done
+    fi
+
     if opkg list-installed | grep -qE "iptables|kmod-iptab"; then
         printf "\033[31;1mFound incompatible iptables packages. If you're using FriendlyWrt: https://t.me/itdogchat/44512/181082\033[0m\n"
     fi

luci-app-podkop/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-podkop
-PKG_VERSION:=0.3.35
+PKG_VERSION:=0.3.41
 PKG_RELEASE:=1
 
 LUCI_TITLE:=LuCI podkop app

luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js

@@ -62,6 +62,23 @@ function getNetworkInterfaces(o, section_id, excludeInterfaces = []) {
     });
 }
 
+function getNetworkNetworks(o, section_id, excludeInterfaces = []) {
+	return network.getNetworks().then(networks => {
+		o.keylist = [];
+		o.vallist = [];
+
+		networks.forEach(net => {
+			const name = net.getName();
+			const ifname = net.getIfname();
+			if (name && !excludeInterfaces.includes(name)) {
+				o.value(name, ifname ? `${name} (${ifname})` : name);
+			}
+		});
+	}).catch(error => {
+		console.error('Failed to get networks:', error);
+	});
+}
+
 function createConfigSection(section, map, network) {
     const s = section;
 
@@ -82,6 +99,7 @@ function createConfigSection(section, map, network) {
     o = s.taboption('basic', form.TextValue, 'proxy_string', _('Proxy Configuration URL'), _(''));
     o.depends('proxy_config_type', 'url');
     o.rows = 5;
+    o.rmempty = false;
     o.ucisection = s.section;
     o.sectionDescriptions = new Map();
     o.placeholder = 'vless://uuid@server:port?type=tcp&security=tls#main\n// backup ss://method:pass@server:port\n// backup2 vless://uuid@server:port?type=grpc&security=reality#alt';
@@ -206,9 +224,9 @@ function createConfigSection(section, map, network) {
 
                 let params = new URLSearchParams(queryString.split('#')[0]);
                 let type = params.get('type');
-                const validTypes = ['tcp', 'udp', 'grpc', 'http'];
+                const validTypes = ['tcp', 'raw', 'udp', 'grpc', 'http'];
                 if (!type || !validTypes.includes(type)) {
-                    return _('Invalid VLESS URL: type must be one of tcp, udp, grpc, http');
+                    return _('Invalid VLESS URL: type must be one of tcp, raw, udp, grpc, http');
                 }
 
                 let security = params.get('security');
@@ -261,7 +279,7 @@ function createConfigSection(section, map, network) {
     o.depends('mode', 'vpn');
     o.ucisection = s.section;
     o.load = function (section_id) {
-        return getNetworkInterfaces(this, section_id, ['br-lan', 'eth0', 'eth1', 'wan', 'phy0-ap0', 'phy1-ap0', 'pppoe-wan']).then(() => {
+        return getNetworkInterfaces(this, section_id, ['br-lan', 'eth0', 'eth1', 'wan', 'phy0-ap0', 'phy1-ap0', 'pppoe-wan', 'lan']).then(() => {
             return this.super('load', section_id);
         });
     };
@@ -788,7 +806,12 @@ let createStatusSection = function (podkopStatus, singboxStatus, podkop, luci, s
                             bypassStatus.message
                         ])
                     ])
-                ])
+                ]),
+                ButtonFactory.createModalButton({
+                    label: _('Global check'),
+                    command: 'global_check',
+                    title: _('Click here for all the info')
+                })
             ]),
 
             // Version Information Panel
@@ -1026,9 +1049,9 @@ return view.extend({
                 return true;
             }
 
-            const domainRegex = /^([a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]+\.[a-zA-Z]{2,}$/;
+            const domainRegex = /^([a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]+\.[a-zA-Z]{2,}(\/[^\s]*)?$/;
             if (!domainRegex.test(value)) {
-                return _('Invalid DNS server format. Examples: 8.8.8.8 or dns.example.com');
+                return _('Invalid DNS server format. Examples: 8.8.8.8 or dns.example.com or dns.example.com/nicedns for DoH');
             }
 
             return true;
@@ -1087,6 +1110,25 @@ return view.extend({
             });
         };
 
+        o = mainSection.taboption('additional', form.Flag, 'mon_restart_ifaces', _('Interface monitoring'), _('Interface monitoring for bad WAN'));
+        o.default = '0';
+        o.rmempty = false;
+        o.ucisection = 'main';
+
+        o = mainSection.taboption('additional', form.MultiValue, 'restart_ifaces', _('Interface for monitoring'), _('Select the WAN interfaces to be monitored'));
+        o.ucisection = 'main';
+        o.depends('mon_restart_ifaces', '1');
+        o.load = function (section_id) {
+            return getNetworkNetworks(this, section_id, ['lan', 'loopback']).then(() => {
+                return this.super('load', section_id);
+            });
+        };
+
+        o = mainSection.taboption('additional', form.Flag, 'dont_touch_dhcp', _('Dont touch my DHCP!'), _('Podkop will not change the DHCP config'));
+        o.default = '0';
+        o.rmempty = false;
+        o.ucisection = 'main';
+
         // Extra IPs and exclusions (main section)
         o = mainSection.taboption('basic', form.Flag, 'exclude_from_ip_enabled', _('IP for exclusion'), _('Specify local IP addresses that will never use the configured route'));
         o.default = '0';

luci-app-podkop/po/ru/podkop.po

@@ -88,8 +88,8 @@ msgstr "Введите имена доменов без протоколов (п
 msgid "User Domains List"
 msgstr "Список пользовательских доменов"
 
-msgid "Enter domain names separated by comma, space or newline (example: sub.example.com, example.com or one domain per line)"
-msgstr "Введите имена доменов через запятую, пробел или новую строку (пример: sub.example.com, example.com или один домен на строку)"
+msgid "Enter domain names separated by comma, space or newline. You can add comments after //"
+msgstr "Введите имена доменов, разделяя их запятой, пробелом или с новой строки. Вы можете добавлять комментарии после //"
 
 msgid "Local Domain Lists"
 msgstr "Локальные списки доменов"
@@ -556,6 +556,9 @@ msgstr "Путь должен содержать хотя бы одну дире
 msgid "Invalid path format. Must be like /tmp/cache.db"
 msgstr "Неверный формат пути. Пример: /tmp/cache.db"
 
+msgid "Select the network interface from which the traffic will originate"
+msgstr "Выберите сетевой интерфейс, с которого будет исходить трафик"
+
 msgid "Copy to Clipboard"
 msgstr "Копировать в буфер обмена"
 
@@ -812,4 +815,7 @@ msgid "available"
 msgstr "доступен"
 
 msgid "unavailable"
-msgstr "недоступен"
+msgstr "недоступен"
+
+msgid "Apply for SS2022"
+msgstr "Применить для SS2022"

podkop/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=podkop
-PKG_VERSION:=0.3.35
+PKG_VERSION:=0.3.41
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=ITDog <podkop@itdog.info>
@@ -13,6 +13,7 @@ define Package/podkop
 	SECTION:=net
 	CATEGORY:=Network
 	DEPENDS:=+sing-box +curl +jq +kmod-nft-tproxy +coreutils-base64
+	CONFLICTS:=https-dns-proxy
 	TITLE:=Domain routing app
 	URL:=https://itdog.info
 	PKGARCH:=all

podkop/files/etc/config/podkop

@@ -36,4 +36,6 @@ config main 'main'
 	option dns_rewrite_ttl '60'
 	option cache_file '/tmp/cache.db'
 	list iface 'br-lan'
+	option mon_restart_ifaces '0'
+	#list restart_ifaces 'wan'
 	option ss_uot '0'

podkop/files/etc/init.d/podkop

@@ -6,37 +6,16 @@ USE_PROCD=1
 script=$(readlink "$initscript")
 NAME="$(basename ${script:-$initscript})"
 config_load "$NAME"
-RESOLV_CONF="/etc/resolv.conf"
 
 start_service() {
     echo "Start podkop"
 
-    sing_box_version=$(sing-box version | head -n 1 | awk '{print $3}')
-    required_version="1.11.1"
+	config_get mon_restart_ifaces "main" "mon_restart_ifaces"
+	config_get restart_ifaces "main" "restart_ifaces"
 
-    if [ "$(echo -e "$sing_box_version\n$required_version" | sort -V | head -n 1)" != "$required_version" ]; then
-        echo "The version of sing-box ($sing_box_version) is lower than the minimum version. Update sing-box: opkg update && opkg remove sing-box && opkg install sing-box"
-        exit 1
-    fi
-
-    if opkg list-installed | grep -q iptables-mod-extra; then
-        echo "Conflicting package detected: iptables-mod-extra"
-    fi
-
-    if opkg list-installed | grep -q kmod-ipt-nat; then
-        echo "Conflicting package detected: kmod-ipt-nat"
-    fi
-
-    if grep -qE 'doh_backup_noresolv|doh_backup_server|doh_server' /etc/config/dhcp; then
-        printf "\033[31;1mDetected https-dns-proxy. Disable or uninstall it for correct functionality.\033[0m\n"
-    fi
-
-    if { ! grep -q "search lan" "$RESOLV_CONF" || ! grep -q "nameserver 127.0.0.1" "$RESOLV_CONF"; } && ! grep -q "search tail" "$RESOLV_CONF"; then
-        echo "/etc/resolv.conf does not contain 'search lan' or 'nameserver 127.0.0.1' entries"
-    fi
-    
 	procd_open_instance
-	procd_set_param command /bin/sh -c "/usr/bin/podkop start"
+	procd_set_param command /usr/bin/podkop start
+	[ "$mon_restart_ifaces" = "1" ] && [ -n "$restart_ifaces" ] && procd_set_param netdev $restart_ifaces
 	procd_set_param stdout 1
 	procd_set_param stderr 1
 	procd_close_instance
@@ -46,17 +25,23 @@ stop_service() {
     /usr/bin/podkop stop
 }
 
-restart_service() {
-    stop
-    start
-}
-
 reload_service() {
-    stop
-    start
+    /usr/bin/podkop reload > /dev/null 2>&1
 }
 
 service_triggers() {
     echo "service_triggers start"
-    procd_add_config_trigger "config.change" "$NAME" "$initscript" reload 'on_config_change'
+
+	config_get mon_restart_ifaces "main" "mon_restart_ifaces"
+	config_get restart_ifaces "main" "restart_ifaces"
+
+	procd_open_trigger
+		procd_add_config_trigger "config.change" "$NAME" "$initscript" restart 'on_config_change'
+
+        if [ "$mon_restart_ifaces" = "1" ]; then
+			for iface in $restart_ifaces; do
+				procd_add_reload_interface_trigger $iface
+			done
+		fi
+	procd_close_trigger
 }

podkop/files/usr/bin/podkop

@@ -45,7 +45,7 @@ nolog() {
     echo -e "${CYAN}[$timestamp]${RESET} ${GREEN}$message${RESET}"
 }
 
-start() {
+start_main() {
     log "Starting podkop"
 
     # checking
@@ -61,18 +61,10 @@ start() {
         log "[critical] Conflicting package detected: iptables-mod-extra"
     fi
 
-    if opkg list-installed | grep -q kmod-ipt-nat; then
-        log "[critical] Conflicting package detected: kmod-ipt-nat"
-    fi
-
     if grep -qE 'doh_backup_noresolv|doh_backup_server|doh_server' /etc/config/dhcp; then
         log "[critical] Detected https-dns-proxy. Disable or uninstall it for correct functionality."
     fi
 
-    if { ! grep -q "search lan" "$RESOLV_CONF" || ! grep -q "nameserver 127.0.0.1" "$RESOLV_CONF"; } && ! grep -q "search tail" "$RESOLV_CONF"; then
-        log "[critical] /etc/resolv.conf does not contain 'search lan' or 'nameserver 127.0.0.1' entries"
-    fi
-
     migration
 
     config_foreach process_validate_service
@@ -140,7 +132,12 @@ start() {
 
     sing_box_config_check
     /etc/init.d/sing-box start
-    /etc/init.d/sing-box enable
+    #/etc/init.d/sing-box enable
+    log "Nice"
+}
+
+start() {
+    start_main
 
     config_get proxy_string "main" "proxy_string"
     config_get interface "main" "interface"
@@ -154,13 +151,13 @@ start() {
     fi
 }
 
-stop() {
+stop_main() {
     log "Stopping the podkop"
 
     if [ -f /var/run/podkop_list_update.pid ]; then
         pid=$(cat /var/run/podkop_list_update.pid)
         if kill -0 "$pid"; then
-            kill "$pid"
+            kill "$pid" 2>/dev/null
             log "Stopped list_update"
         fi
         rm -f /var/run/podkop_list_update.pid
@@ -168,11 +165,6 @@ stop() {
 
     remove_cron_job
 
-    config_get_bool dont_touch_dhcp "main" "dont_touch_dhcp" "0"
-    if [ "$dont_touch_dhcp" -eq 0 ]; then
-        dnsmasq_restore
-    fi 
-
     rm -rf /tmp/podkop/*.lst
 
     log "Flush nft"
@@ -192,8 +184,22 @@ stop() {
 
     log "Stop sing-box"
     /etc/init.d/sing-box stop
-    /etc/init.d/sing-box disable
+    #/etc/init.d/sing-box disable
+}
 
+stop() {
+    config_get_bool dont_touch_dhcp "main" "dont_touch_dhcp" "0"
+    if [ "$dont_touch_dhcp" -eq 0 ]; then
+        dnsmasq_restore
+    fi
+
+    stop_main
+}
+
+reload() {
+    log "Podkop reload"
+    stop_main
+    start_main
 }
 
 # Migrations and validation funcs
@@ -365,7 +371,8 @@ dnsmasq_add_resolver() {
     uci -q delete dhcp.@dnsmasq[0].podkop_server
     for server in $(uci get dhcp.@dnsmasq[0].server 2>/dev/null); do
         if [[ "$server" == "127.0.0.42" ]]; then
-            log "Dnsmasq save config error: server=127.0.0.42"
+            log "Dnsmasq save config error: server=127.0.0.42 is already configured. Skip editing DHCP"
+            return
         else
             uci add_list dhcp.@dnsmasq[0].podkop_server="$server"
         fi
@@ -596,10 +603,12 @@ sing_box_uci() {
         log "Change sing-box UCI config"
     fi
 
-    if grep -q '#\s*list ifaces' "$config"; then
-        sed -i '/ifaces/s/#//g' $config
-        log "Uncommented list ifaces"
-    fi
+    [ -f /etc/rc.d/S99sing-box ] && log "Disable sing-box" && /etc/init.d/sing-box disable
+
+    # if grep -q '#\s*list ifaces' "$config"; then
+    #     sed -i '/ifaces/s/#//g' $config
+    #     log "Uncommented list ifaces"
+    # fi
 }
 
 add_socks5_for_section() {
@@ -1818,6 +1827,7 @@ check_sing_box_logs() {
 }
 
 check_fakeip() {
+    # Not used
     nolog "Checking fakeip functionality..."
     
     if ! command -v nslookup >/dev/null 2>&1; then
@@ -1940,7 +1950,7 @@ show_sing_box_config() {
 }
 
 show_config() {
-    nolog "Current podkop configuration:"
+    nolog "📄 Current podkop configuration:"
     
     if [ ! -f /etc/config/podkop ]; then
         nolog "Configuration file not found"
@@ -1959,6 +1969,7 @@ show_config() {
         -e 's/\(pbk=[^&]*\)/pbk=MASKED/g' \
         -e 's/\(sid=[^&]*\)/sid=MASKED/g' \
         -e 's/\(option dns_server '\''[^'\'']*\.dns\.nextdns\.io'\''\)/option dns_server '\''MASKED.dns.nextdns.io'\''/g' \
+        -e "s|\(option dns_server 'dns\.nextdns\.io\)/[^']*|\1/MASKED|"
         > "$tmp_config"
 
     cat "$tmp_config"
@@ -1966,17 +1977,17 @@ show_config() {
 }
 
 show_version() {
-    local version=$(opkg info podkop | grep -m 1 "Version:" | cut -d' ' -f2)
+    local version=$(opkg list-installed podkop | awk '{print $3}')
     echo "$version"
 }
 
 show_luci_version() {
-    local version=$(opkg info luci-app-podkop | grep -m 1 "Version:" | cut -d' ' -f2)
+    local version=$(opkg list-installed luci-app-podkop | awk '{print $3}')
     echo "$version"
 }
 
 show_sing_box_version() {
-    local version=$(opkg info sing-box | grep -m 1 "Version:" | cut -d' ' -f2)
+    local version=$(sing-box version | head -n 1 | awk '{print $3}')
     echo "$version"
 }
 
@@ -2076,6 +2087,9 @@ check_dns_available() {
     if echo "$dns_server" | grep -q "\.dns\.nextdns\.io$"; then
         local nextdns_id=$(echo "$dns_server" | cut -d'.' -f1)
         display_dns_server="$(echo "$nextdns_id" | sed 's/./*/g').dns.nextdns.io"
+    elif echo "$dns_server" | grep -q "^dns\.nextdns\.io/"; then
+        local masked_path=$(echo "$dns_server" | cut -d'/' -f2- | sed 's/./*/g')
+        display_dns_server="dns.nextdns.io/$masked_path"
     fi
 
     if [ "$dns_type" = "doh" ]; then
@@ -2153,6 +2167,137 @@ sing_box_add_secure_dns_probe_domain() {
     log "DNS probe domain ${domain} configured with override to port ${override_port}"
 }
 
+global_check() {
+    nolog "📡 Global check run!"
+
+    nolog "Podkop $(opkg list-installed podkop | awk '{print $3}')"
+    nolog "LuCi App $(opkg list-installed luci-app-podkop | awk '{print $3}')"
+    nolog "Sing-box $(sing-box version | head -n 1 | awk '{print $3}')"
+    nolog "$(grep OPENWRT_RELEASE /etc/os-release | cut -d'"' -f2)"
+    nolog "Device: $(cat /tmp/sysinfo/model)"
+
+    printf "\n"
+    show_config
+    printf "\n"
+
+    nolog "Checking fakeip functionality..."
+        
+    nolog "➡️ DNS resolution: system DNS server"
+    nslookup -timeout=2 $TEST_DOMAIN
+    
+    local working_resolver=$(find_working_resolver)
+    if [ -z "$working_resolver" ]; then
+        nolog "❌ No working resolver found, skipping resolver check"
+    else      
+        nolog "➡️ DNS resolution: external resolver ($working_resolver)"
+        nslookup -timeout=2 $TEST_DOMAIN $working_resolver
+    fi
+    
+    # Main FakeIP check
+    nolog "➡️ DNS resolution: sing-box DNS server (127.0.0.42)"
+    local result=$(nslookup -timeout=2 $TEST_DOMAIN 127.0.0.42 2>&1)
+    echo "$result"
+    
+    if echo "$result" | grep -q "198.18"; then
+        nolog "✅ FakeIP is working correctly! Domain resolved to FakeIP range (198.18.x.x)"
+    else
+        nolog "❌ FakeIP test failed. Domain did not resolve to FakeIP range"
+        nolog "Checking if sing-box is running..."
+        
+        if ! pgrep -f "sing-box" >/dev/null; then
+            nolog "sing-box is not running"
+        else
+            nolog "sing-box is running, but FakeIP might not be configured correctly"
+            nolog "Checking DNS configuration in sing-box..."
+            
+            if [ -f "$SING_BOX_CONFIG" ]; then
+                local fakeip_enabled=$(jq -r '.dns.fakeip.enabled' "$SING_BOX_CONFIG")
+                local fakeip_range=$(jq -r '.dns.fakeip.inet4_range' "$SING_BOX_CONFIG")
+                
+                nolog "FakeIP enabled: $fakeip_enabled"
+                nolog "FakeIP range: $fakeip_range"
+                
+                local dns_rules=$(jq -r '.dns.rules[] | select(.server == "fakeip-server") | .domain' "$SING_BOX_CONFIG")
+                nolog "FakeIP domain: $dns_rules"
+            else
+                nolog "sing-box config file not found"
+            fi
+        fi
+    fi
+    printf "\n"
+
+    if grep -E "^nameserver\s+([0-9]{1,3}\.){3}[0-9]{1,3}" "$RESOLV_CONF" | grep -vqE "127\.0\.0\.1|0\.0\.0\.0"; then
+        nolog "❌ /etc/resolv.conf contains an external nameserver:"
+        cat /etc/resolv.conf
+        echo ""
+    else
+        nolog "✅ /etc/resolv.conf OK"
+    fi
+
+    cachesize="$(uci get dhcp.@dnsmasq[0].cachesize 2>/dev/null)"
+    noresolv="$(uci get dhcp.@dnsmasq[0].noresolv 2>/dev/null)"
+    server="$(uci get dhcp.@dnsmasq[0].server 2>/dev/null)"
+
+    if [ "$cachesize" != "0" ] || [ "$noresolv" != "1" ] || [ "$server" != "127.0.0.42" ]; then
+        nolog "❌ The configuration differs from the template. 📄 DHCP config:"
+        awk '/^config /{p=($2=="dnsmasq")} p' /etc/config/dhcp
+    elif [ "$(uci get podkop.main.dont_touch_dhcp 2>/dev/null)" = "1" ]; then
+        nolog "⚠️ Enable dont_touch_dhcp. 📄 DHCP config:"
+        awk '/^config /{p=($2=="dnsmasq")} p' /etc/config/dhcp
+    else
+        nolog "✅ /etc/config/dhcp"
+    fi
+
+    if ! pgrep -f "sing-box" >/dev/null; then
+        nolog "❌ sing-box is not running"
+    else
+        nolog "✅ sing-box is running"
+    fi
+
+    nolog "📄 NFT Table Podkop"
+    if ! nft list table inet PodkopTable >/dev/null 2>&1; then
+        nolog "PodkopTable not found"
+    else
+        nft list table inet PodkopTable
+    fi
+
+    nolog "📄 WAN config"
+    if uci show network.wan >/dev/null 2>&1; then
+        awk '
+            /^config / {
+                p = ($2 == "interface" && $3 == "'\''wan'\''")
+            }
+            p {
+                if ($1 == "option" && ($2 == "username" || $2 == "password")) {
+                    print "        option", $2, "'\''******'\''"
+                } else {
+                    print
+                }
+            }
+            ' /etc/config/network
+    else
+        nolog "WAN not exists"
+    fi
+
+    CLOUDFLARE_OCTETS="103.21 103.22 103.31 104.16 104.17 104.18 104.19 104.20 104.21 104.22 104.23 \
+     104.24 104.25 104.26 104.27 104.28 108.162 131.0 141.101 162.158 162.159 172.64 172.65 172.66 \ 
+     172.67 172.68 172.69 172.70 172.71 173.245 188.114 190.93 197.234 198.41"
+
+    if uci show network | grep -q endpoint_host; then
+        uci show network | grep endpoint_host | cut -d'=' -f2 | tr -d "'\" " | while read -r host; do
+            if [ "$host" = "engage.cloudflareclient.com" ]; then
+                nolog "⚠️ WARP detected ($host)"
+                continue
+            fi
+
+            ip_prefix=$(echo "$host" | cut -d'.' -f1,2)
+            if echo "$CLOUDFLARE_OCTETS" | grep -wq "$ip_prefix"; then
+                nolog "⚠️ WARP detected ($host)"
+            fi
+        done
+    fi
+}
+
 case "$1" in
     start)
         start
@@ -2160,9 +2305,8 @@ case "$1" in
     stop)
         stop
         ;;
-    restart)
-        stop
-        start
+    reload)
+        reload
         ;;
     main)
         main
@@ -2221,8 +2365,11 @@ case "$1" in
     check_dns_available)
         check_dns_available
         ;;
+    global_check)
+        global_check
+        ;;
     *)
-        echo "Usage: $0 {start|stop|restart|reload|enable|disable|main|list_update|check_proxy|check_nft|check_github|check_logs|check_sing_box_connections|check_sing_box_logs|check_fakeip|check_dnsmasq|show_config|show_version|show_sing_box_config|show_luci_version|show_sing_box_version|show_system_info|get_status|get_sing_box_status|check_dns_available}"
+        echo "Usage: $0 {start|stop|reload|enable|disable|main|list_update|check_proxy|check_nft|check_github|check_logs|check_sing_box_connections|check_sing_box_logs|check_fakeip|check_dnsmasq|show_config|show_version|show_sing_box_config|show_luci_version|show_sing_box_version|show_system_info|get_status|get_sing_box_status|check_dns_available|global_check}"
         exit 1
         ;;
 esac