Delay setting option

User Subnet validation for glob ip, init.d/zapret proper check, passwall in conflicts

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,74 @@
+---
+name: 🐛 Сообщение об ошибке
+description: Создавайте только, если проблема точно не на вашей стороне.
+title: "[BUG] "
+labels: ["bug"]
+assignees: []
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Спасибо за создание отчета об ошибке!
+        
+        Перед отправкой, пожалуйста:
+        - Проверьте [существующие issues](https://github.com/itdoginfo/podkop/issues)
+        - Просмотрите [документацию](https://podkop.net)
+
+  - type: textarea
+    id: description
+    attributes:
+      label: 📝 Описание проблемы
+      description: Четкое и краткое описание того, что не работает
+      placeholder: Опишите проблему
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: Шаги для воспроизведения
+      description: Шаги для воспроизведения проблемы. Если вы настраваете что-то по мануалу, приложите ссылку на него.
+      placeholder: |
+        1. 
+        2. 
+        3. 
+        4. 
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: ✅ Ожидаемое поведение
+      description: Четкое и краткое описание того, что должно было произойти
+      placeholder: Опишите ожидаемое поведение
+    validations:
+      required: true
+
+  - type: textarea
+    id: environment
+    attributes:
+      label: 🖥️ Информация о системе
+      description: |
+        Информация о вашей системе (заполните всё применимое)
+      value: |
+        - **OpenWrt версия**: 
+        - **Podkop версия**: 
+        - **Роутер модель**: 
+        - **Sing-box версия**: 
+      render: markdown
+    validations:
+      required: true
+
+  - type: textarea
+    id: config
+    attributes:
+      label: ⚙️ Конфигурация
+      description: |
+        Релевантные части конфигурации (удалите чувствительную информацию!)
+      placeholder: |
+        Например:
+        - Содержимое /etc/config/podkop
+        - Конфигурация sing-box (если релевантно)
+        - Дополнительные конфиги, которые потребуются wireless/network/dhcp и т.д.
+      render: shell

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: 💬 Если у вас что-то не работает, прежде всего прочитайте README проекта
+    url: https://github.com/itdoginfo/podkop
+    about: README проекта
+  - name: 📚 Если вы не нашли в README документацию, то вот ссылка на неё
+    url: https://podkop.net
+    about: Официальная документация PodKop

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,68 @@
+---
+name: ✨ Запрос новой функции
+description: Предложите новую функцию или улучшение для Podkop
+title: "[FEATURE] "
+labels: ["enhancement", "needs-discussion"]
+assignees: []
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Спасибо за предложение новой функции!
+        
+        Перед отправкой, пожалуйста:
+        - Проверьте [существующие запросы](https://github.com/itdoginfo/podkop/issues?q=is%3Aissue+label%3Aenhancement)
+        - Убедитесь, что функции не существует в [документации](https://podkop.net)
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Краткое описание
+      description: Краткое описание предлагаемой функции
+      placeholder: В одном предложении опишите, что вы хотите добавить...
+    validations:
+      required: true
+
+  - type: textarea
+    id: problem
+    attributes:
+      label: Проблема, которую решает
+      description: |
+        Описание проблемы или неудобства, которое решит эта функция
+      placeholder: |
+        Сейчас нет возможности [...]
+    validations:
+      required: true
+
+  - type: textarea
+    id: solution
+    attributes:
+      label: 💡 Предлагаемое решение
+      description: Четкое и краткое описание того, что вы хотите реализовать
+      placeholder: |
+        Я хочу, чтобы Podkop мог [...]
+        Предлагаю добавить функцию, которая [...]
+        Можно было бы улучшить [...] путем [...]
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Workaround
+      description: |
+        Опишите альтернативные решения или функции, которые вы рассматривали
+        Есть ли обходные пути, которые вы используете сейчас?
+      placeholder: |
+        Сейчас я решаю это проблему путем [...]
+        Альтернативой могло бы быть [...]
+        Пробовал использовать [...], но это не подходит потому что [...]
+
+  - type: textarea
+    id: implementation
+    attributes:
+      label: Идеи реализации (опционально)
+      description: |
+        Если у вас есть идеи о том, как это можно реализовать, поделитесь ими. Помните про ограничения LuCI.
+      placeholder: |
+        Это можно реализовать с помощью [...]

.github/pull_request_template.md

@@ -0,0 +1,12 @@
+# Описание изменений
+
+Краткое описание ваших изменений и их цель.
+
+## Что изменено
+
+Детальное описание изменений:
+- 
+- 
+- 
+
+(Этим вы экономите время ревьювера)

.github/workflows/build.yml

@@ -10,28 +10,22 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4.2.1
+        with:
+          fetch-depth: 0
 
-      - name: Check version match
+      - name: Extract version
+        id: version
         run: |
-          PODKOP_VERSION=$(grep '^PKG_VERSION:=' podkop/Makefile | cut -d '=' -f 2)
-          LUCI_APP_PODKOP_VERSION=$(grep '^PKG_VERSION:=' luci-app-podkop/Makefile | cut -d '=' -f 2)
-
-          TAG_VERSION=${GITHUB_REF#refs/tags/v}
-
-          echo "Podkop version: $PODKOP_VERSION"
-          echo "Luci-app-podkop version: $LUCI_APP_PODKOP_VERSION"
-          echo "Tag version: $TAG_VERSION"
-
-          if [ "$PODKOP_VERSION" != "$TAG_VERSION" ] || [ "$LUCI_APP_PODKOP_VERSION" != "$TAG_VERSION" ]; then
-            echo "Error: Version mismatch"
-            exit 1
-          fi
+          VERSION=$(git describe --tags --exact-match 2>/dev/null || echo "dev_$(date +%d%m%Y)")
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
 
       - name: Build and push
         uses: docker/build-push-action@v6.9.0
         with:
           context: .
           tags: podkop:ci
+          build-args: |
+            PKG_VERSION=${{ steps.version.outputs.version }}
 
       - name: Create Docker container
         run: docker create --name podkop podkop:ci

.shellcheckrc

@@ -0,0 +1 @@
+disable=SC3036,SC3010,SC3014,SC3015,SC3020,SC3003

Dockerfile

@@ -1,6 +1,7 @@
-FROM openwrt/sdk:x86_64-v23.05.5
+FROM itdoginfo/openwrt-sdk:24.10.1
 
-RUN ./scripts/feeds update -a && ./scripts/feeds install luci-base && mkdir -p /builder/package/feeds/utilites/ && mkdir -p /builder/package/feeds/luci/
+ARG PKG_VERSION
+ENV PKG_VERSION=${PKG_VERSION}
 
 COPY ./podkop /builder/package/feeds/utilites/podkop
 COPY ./luci-app-podkop /builder/package/feeds/luci/luci-app-podkop

Dockerfile-SDK

@@ -0,0 +1,3 @@
+FROM openwrt/sdk:x86_64-v24.10.1
+
+RUN ./scripts/feeds update -a && ./scripts/feeds install luci-base && mkdir -p /builder/package/feeds/utilites/ && mkdir -p /builder/package/feeds/luci/

README.md

@@ -1,187 +1,52 @@
 # Вещи, которые вам нужно знать перед установкой
 
-- Это альфа версия, которая находится в активной разработке. Из версии в версию что-то может меняться.
-- Основной функционал работает, но побочные штуки сейчас могут сбоить.
-- При обновлении **обязательно** сбрасывайте кэш LuCI.
+- Это бета-версия, которая находится в активной разработке. Из версии в версию что-то может меняться.
+- При возникновении проблем, нужен технически грамотный фидбэк в чат.
+- При обновлении **обязательно** [сбрасывайте кэш LuCI](https://podkop.net/docs/clear-browser-cache/).
 - Также при обновлении всегда заходите в конфигурацию и проверяйте свои настройки. Конфигурация может измениться.
-- Необходимо минимум 15МБ свободного места на роутере. Роутерами с флешками на 16МБ сразу мимо.
+- Необходимо минимум 15МБ свободного места на роутере. Роутеры с флешками на 16МБ сразу мимо.
 - При старте программы редактируется конфиг Dnsmasq.
 - Podkop редактирует конфиг sing-box. Обязательно сохраните ваш конфиг sing-box перед установкой, если он вам нужен.
-- Информация здесь может быть устаревшей. Все изменения фиксируются в телеграм-чате https://t.me/itdogchat - топик **Podkop**.
-- Если у вас не что-то не работает, то следуюет сходить в телеграм чат, прочитать закрепы и выполнить что там написано..
-- Если у вас установлен Getdomains, его следует удалить.
+- Информация здесь может быть устаревшей. Все изменения фиксируются в [телеграм-чате](https://t.me/itdogchat/81758/420321).
+- [Если у вас не что-то не работает.](https://podkop.net/docs/diagnostics/)
+- Если у вас установлен Getdomains, [его следует удалить](https://github.com/itdoginfo/domain-routing-openwrt?tab=readme-ov-file#%D1%81%D0%BA%D1%80%D0%B8%D0%BF%D1%82-%D0%B4%D0%BB%D1%8F-%D1%83%D0%B4%D0%B0%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F).
 
-# Удаление GetDomains скриптом
-```
-sh <(wget -O - https://raw.githubusercontent.com/itdoginfo/domain-routing-openwrt/refs/heads/master/getdomains-uninstall.sh)
-```
-
-Оставляет туннели, зоны, forwarding. А также stubby и dnscrypt. Они не помешают. Конфиг sing-box будет перезаписан в podkop.
+# Документация
+https://podkop.net/
 
 # Установка Podkop
-Пакет работает на всех архитектурах.
-Тестировался на **ванильной** OpenWrt 23.05 и OpenWrt 24.10.
-На FriendlyWrt 23.05 присуствуют зависимости от iptables, которые ломают tproxy. Если у вас появляется warning про это в логах, следуйте инструкции по приведённой там ссылке.
+Полная информация в [документации](https://podkop.net/docs/install/)
 
-Поддержки APK на данный момент нет. APK будет сделан после того как разгребу основное.
-
-## Автоматическая
+Вкратце, достаточно одного скрипта для установки и обновления:
 ```
 sh <(wget -O - https://raw.githubusercontent.com/itdoginfo/podkop/refs/heads/main/install.sh)
 ```
 
-Скрипт также предложит выбрать, какой туннель будет использоваться. Для выбранного туннеля будут установлены нужные пакеты, а для Wireguard и AmneziaWG также будет предложена автоматическая настройка - прямо в консоли скрипт запросит данные конфига. Для AmneziaWG можно также выбрать вариант с использованием конфига обычного Wireguard и автоматической обфускацией до AmneziaWG.
-
-Для AmneziaWG скрипт проверяет наличие пакетов под вашу платформу в [стороннем репозитории](https://github.com/Slava-Shchipunov/awg-openwrt/releases), так как в официальном репозитории OpenWRT они отсутствуют, и автоматически их устанавливает.
-
-## Вручную
-Сделать `opkg update`, чтоб установились зависимости.
-Скачать пакеты `podkop_*.ipk` и `luci-app-podkop_*.ipk` из релиза. `opkg install` сначала первый, потом второй.
-
-# Обновление
-Та же самая команда, что для установки. Скрипт обнаружит уже установленный podkop и предложит обновиться.
-```
-sh <(wget -O - https://raw.githubusercontent.com/itdoginfo/podkop/refs/heads/main/install.sh)
-```
-
-# Удаление
-```
-opkg remove luci-i18n-podkop-ru luci-app-podkop podkop
-```
-
-# Использование
-Конфиг: /etc/config/podkop
-
-Luci: Services/podkop
-
-## Режимы
-
-### Proxy
-Для VLESS и Shadowsocks. Другие протоколы тоже будут, кидайте в чат примеры строк без чувствительных данных.
-
-В этом режиме просто копируйте строку в **Proxy String** и из неё автоматически настроится sing-box.
-
-### VPN
-Здесь у вас должен быть уже настроен WG/OpenVPN/OpenConnect etc, зона Zone и Forwarding не обязательны.
-
-Просто выбрать интерфейс из списка.
-
-## Настройка доменов и подсетей
-**Community Lists** - Включить списки комьюнити
-
-**Custom domains enable** - Добавить свои домены
-
-**Custom subnets enable** - Добавить подсети или IP-адреса. Для подсетей задать маску.
-
-# Известные баги
-- [x] Не отрабатывает service podkop stop, если podkop запущен и не может, к пример, зарезолвить домен с сломанным DNS
-- [x] Update list из remote url domain не удаляет старые домены. А добавляет новые. Для подсетей тоже самое скорее всего. Пересоздавать ruleset?
-
 # ToDo
 Этот раздел не означает задачи, которые нужно брать и делать. Это общий список хотелок. Если вы хотите помочь, пожалуйста, спросите сначала в телеграмме.
 
-- [ ] Interface trigger
-- [ ] Управление sing-box с помощью podkop. sing-box disable
-- [ ] Сделать галку запрещающую подкопу редачить dhcp. Допилить в исключение вместе с пустыми полями proxy и vpn (нужно wiki)
-- [ ] Рестарт сервиса без рестарта dnsmasq
-- [ ] `ash: can't kill pid 9848: No such process` при обновлении
-- [ ] Luci: Добавить валидацию "Proxy Configuration URL". Если пустое, то ошибка. Как с интерфейсом.
-- [ ] После выключения и включения может быть: `Dnsmasq save config error: server=127.0.0.42`
-- [ ] Не грузится диагностика полностью при одной нерабочей комманде. Подумать как это можно дебажить легко. https://t.me/itdogchat/142500/378956
-- [ ] DoH возможность добавлять сервера c path. Взять пример из NextDNS
+Основные задачи в issues.
 
-Низкий приоритет
-- [ ] Галочка, которая режет доступ к doh серверам
-- [ ] IPv6. Только после наполнения Wiki
+## Рефактор
+- [ ] Очевидные повторения в `/usr/bin/podkop` загнать в переменые
+- [ ] Возможно поменять структуру
 
-Рефактор
-- [ ] Handle для sing-box
-- [ ] Handle для dnsmasq
+## Списки
+- [ ] CloudFront
+- [ ] DO 
+- [ ] HODCA
+
+## Будущее
+- [ ] [Подписка](https://github.com/itdoginfo/podkop/issues/118). Здесь нужна реализация, чтоб для каждой секции помимо ручного выбора, был выбор фильтрации по тегу. Например, для main выбираем ключевые слова NL, DE, FI. А для extra секции фильтруем по RU. И создаётся outbound c urltest в которых перечислены outbound из фильтров.
+- [ ] Опция, когда все запросы (с роутера в первую очередь), а не только br-lan идут в прокси. С этим связана #95. Требуется много переделать для nftables.
+- [ ] Весь трафик в Proxy\VPN. Вопрос, что делать с экстрасекциями в этом случае. FakeIP здесь скорее не нужен, а значит только main секция остаётся. Всё что касается fakeip проверок, придётся выключать в этом режиме.
+- [x] Поддержка Source format. Нужна расшифровка в json и если присуствуют подсети, заносить их в custom subnet nftset.
+- [ ] Переделывание функции формирования кастомных списков в JSON. Обрабатывать сразу скопом, а не по одному.
+- [ ] При успешном запуске переходит в фоновый режим и следит за состоянием sing-box. Если вдруг идёт exit 1, выполняется dnsmasq restore и снова следит за состоянием. Вопрос в том, как это искусcтвенно провернуть. Попробовать положить прокси и посмотреть, останется ли работать DNS в этом случае. И здесь, вероятно, можно обойтись триггером в init.d. [Issue](https://github.com/itdoginfo/podkop/issues/111)
+- [ ] Формирование конфига sing-box в /tmp
+- [ ] Галочка, которая режет доступ к doh серверам.
+- [ ] IPv6. Только после наполнения Wiki.
+
+## Тесты
 - [ ] Unit тесты (BATS)
 - [ ] Интеграционые тесты бекенда (OpenWrt rootfs + BATS)
-
-# Don't touch my dhcp
-Нужно в первую очередь, чтоб использовать опцию `server`.
-
-В случае если опция активна, podkop не трогает /etc/config/dhcp. И вам требуется самостоятельно указать следующие значения:
-```
-	option noresolv '1'
-	option cachesize '0'
-	list server '127.0.0.42'
-```
-Без этого podkop работать не будет.
-
-# Разработка
-Есть два варианта:
-- Просто поставить пакет на роутер или виртуалку и прям редактировать через SFTP (opkg install openssh-sftp-server)
-- SDK, чтоб собирать пакеты
-
-Для сборки пакетов нужен SDK, один из вариантов скачать прям файл и разархивировать
-https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/
-Нужен файл с SDK в имени
-
-```
-wget https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/openwrt-sdk-23.05.5-x86-64_gcc-12.3.0_musl.Linux-x86_64.tar.xz
-tar xf openwrt-sdk-23.05.5-x86-64_gcc-12.3.0_musl.Linux-x86_64.tar.xz
-mv openwrt-sdk-23.05.5-x86-64_gcc-12.3.0_musl.Linux-x86_64 SDK
-```
-Последнее для удобства.
-
-Создаём директорию для пакета
-```
-mkdir package/utilites
-```
-
-Симлинк из репозитория
-```
-ln -s ~/podkop/podkop package/utilites/podkop
-ln -s ~/podkop/luci-app-podkop package/luci-app-podkop
-```
-
-В первый раз для сборки luci-app необходимо обновить пакеты
-```
-./scripts/feeds update -a
-```
-
-Для make можно добавить флаг -j N, где N - количество ядер для сборки. Первый раз пройдёт быстрее.
-
-При первом make выводится менюшка, можно просто save, exit и всё. Первый раз долго грузит зависимости.
-
-Сборка пакета. Сами пакеты собираются быстро.
-```
-make package/podkop/{clean,compile} V=s
-```
-
-Также для luci
-```
-make package/luci-app-podkop/{clean,compile} V=s
-```
-
-.ipk лежат в `bin/packages/x86_64/base/`
-
-## Примеры строк
-https://github.com/itdoginfo/podkop/blob/main/String-example.md
-
-## Ошибки
-```
-Makefile:17: /SDK/feeds/luci/luci.mk: No such file or directory
-make[2]: *** No rule to make target '/SDK/feeds/luci/luci.mk'.  Stop.
-time: package/luci/luci-app-podkop/clean#0.00#0.00#0.00
-    ERROR: package/luci/luci-app-podkop failed to build.
-make[1]: *** [package/Makefile:129: package/luci/luci-app-podkop/clean] Error 1
-make[1]: Leaving directory '/SDK'
-make: *** [/SDK/include/toplevel.mk:226: package/luci-app-podkop/clean] Error 2
-```
-
-Не загружены пакеты для luci
-
-## make зависимости
-https://openwrt.org/docs/guide-developer/toolchain/install-buildsystem
-
-Ubuntu
-```
-sudo apt update
-sudo apt install build-essential clang flex bison g++ gawk \
-gcc-multilib g++-multilib gettext git libncurses-dev libssl-dev \
-python3-distutils rsync unzip zlib1g-dev file wget
-```

String-example.md

@@ -57,6 +57,11 @@ vless://uuid@server:443?security=tls&sni=server&fp=chrome&type=ws&path=/websocke
 vless://33333@example.com:443/?type=ws&encryption=none&path=%2Fwebsocket&security=tls&sni=example.com&fp=chrome#vless-tls-ws-4
 ```
 
+7.
+```
+vless://id@sub.domain.example:443?type=ws&path=%2Fdir%2Fpath&host=sub.domain.example&security=tls#configname
+```
+
 ## No security
 ```
 vless://8b60389a-7a01-4365-9244-c87f12bb98cf@example.com:443?type=tcp&security=none#vless-tls-no-encrypt

install.sh

@@ -1,53 +1,35 @@
 #!/bin/sh
 
 REPO="https://api.github.com/repos/itdoginfo/podkop/releases/latest"
-
-IS_SHOULD_RESTART_NETWORK=
 DOWNLOAD_DIR="/tmp/podkop"
 COUNT=3
 
 rm -rf "$DOWNLOAD_DIR"
 mkdir -p "$DOWNLOAD_DIR"
 
+msg() {
+    printf "\033[32;1m%s\033[0m\n" "$1"
+}
+
 main() {
     check_system
     sing_box
 
-    opkg update
+    /usr/sbin/ntpd -q -p 194.190.168.1 -p 216.239.35.0 -p 216.239.35.4 -p 162.159.200.1 -p 162.159.200.123
+
+    opkg update || { echo "opkg update failed"; exit 1; }
   
     if [ -f "/etc/init.d/podkop" ]; then
-        printf "\033[32;1mPodkop is already installed. Just upgrade it? (y/n)\033[0m\n"
-        printf "\033[32;1my - Only upgrade podkop\033[0m\n"
-        printf "\033[32;1mn - Upgrade and install tunnels (WG, AWG, OpenVPN, OC)\033[0m\n"
-
-        while true; do
-            read -r -p '' UPDATE
-            case $UPDATE in
-            y)
-                echo "Upgraded podkop..."
-                break
-                ;;
-
-            n)
-                add_tunnel
-                break
-                ;;
-
-            *)
-                echo "Please enter y or n"
-                ;;
-            esac
-        done
+        msg "Podkop is already installed. Upgraded..."
     else
-        echo "Installed podkop..."
-        add_tunnel
+        msg "Installed podkop..."
     fi
     
     if command -v curl &> /dev/null; then
         check_response=$(curl -s "https://api.github.com/repos/itdoginfo/podkop/releases/latest")
 
         if echo "$check_response" | grep -q 'API rate limit '; then
-            echo "You've reached rate limit from GitHub. Repeat in five minutes."
+            msg "You've reached rate limit from GitHub. Repeat in five minutes."
             exit 1
         fi
     fi
@@ -59,33 +41,33 @@ main() {
                
         attempt=0
         while [ $attempt -lt $COUNT ]; do
-            echo "Download $filename (count $((attempt+1)))..."
+            msg "Download $filename (count $((attempt+1)))..."
             if wget -q -O "$filepath" "$url"; then
                 if [ -s "$filepath" ]; then
-                    echo "$filename successfully downloaded"
+                    msg "$filename successfully downloaded"
                     download_success=1
                     break
                 fi
             fi
-            echo "Download error $filename. Retry..."
+            msg "Download error $filename. Retry..."
             rm -f "$filepath"
             attempt=$((attempt+1))
         done
         
         if [ $attempt -eq $COUNT ]; then
-            echo "Failed to download $filename after $COUNT attempts"
+            msg "Failed to download $filename after $COUNT attempts"
         fi
     done < <(wget -qO- "$REPO" | grep -o 'https://[^"[:space:]]*\.ipk')
     
     if [ $download_success -eq 0 ]; then
-        echo "No packages were downloaded successfully"
+        msg "No packages were downloaded successfully"
         exit 1
     fi
     
     for pkg in podkop luci-app-podkop; do
         file=$(ls "$DOWNLOAD_DIR" | grep "^$pkg" | head -n 1)
         if [ -n "$file" ]; then
-            echo "Installing $file"
+            msg "Installing $file"
             opkg install "$DOWNLOAD_DIR/$file"
             sleep 3
         fi
@@ -93,340 +75,72 @@ main() {
 
     ru=$(ls "$DOWNLOAD_DIR" | grep "luci-i18n-podkop-ru" | head -n 1)
     if [ -n "$ru" ]; then
-        printf "\033[32;1mРусский язык интерфейса ставим? y/n (Need a Russian translation?)\033[0m "
-        while true; do
-            read -r -p '' RUS
-            case $RUS in
-            y)
+        if opkg list-installed | grep -q luci-i18n-podkop-ru; then
+                msg "Upgraded ru translation..."
+                opkg remove luci-i18n-podkop*
                 opkg install "$DOWNLOAD_DIR/$ru"
-                break
-                ;;
-            n)
-                break
-                ;;
-            *)
-                echo "Введите y или n"
-                ;;
-            esac
-        done
+        else
+            msg "Русский язык интерфейса ставим? y/n (Need a Russian translation?)"
+            while true; do
+                read -r -p '' RUS
+                case $RUS in
+                y)
+                    opkg remove luci-i18n-podkop*
+                    opkg install "$DOWNLOAD_DIR/$ru"
+                    break
+                    ;;
+                n)
+                    break
+                    ;;
+                *)
+                    echo "Введите y или n"
+                    ;;
+                esac
+            done
+        fi
     fi
 
     find "$DOWNLOAD_DIR" -type f -name '*podkop*' -exec rm {} \;
-
-    if [ "$IS_SHOULD_RESTART_NETWORK" ]; then
-        printf "\033[32;1mRestart network\033[0m\n"
-        /etc/init.d/network restart
-    fi
-}
-
-add_tunnel() {
-    printf "\033[32;1mWill you be using Wireguard, AmneziaWG, OpenVPN, OpenConnect? If yes, select a number and they will be automatically installed\033[0m\n"
-    echo "1) Wireguard"
-    echo "2) AmneziaWG"
-    echo "3) OpenVPN"
-    echo "4) OpenConnect"
-    echo "5) I use VLESS/SS. Skip this step"
-
-    while true; do
-        read -r -p '' TUNNEL
-        case $TUNNEL in
-
-        1)
-            opkg install wireguard-tools luci-proto-wireguard luci-app-wireguard
-
-            printf "\033[32;1mDo you want to configure the wireguard interface? (y/n): \033[0m\n"
-            read IS_SHOULD_CONFIGURE_WG_INTERFACE
-
-            if [ "$IS_SHOULD_CONFIGURE_WG_INTERFACE" = "y" ] || [ "$IS_SHOULD_CONFIGURE_WG_INTERFACE" = "Y" ]; then
-                wg_awg_setup Wireguard
-            else
-            printf "\e[1;32mUse these instructions to manual configure https://itdog.info/nastrojka-klienta-wireguard-na-openwrt/\e[0m\n"
-            fi
-
-            break
-            ;;
-
-        2)
-            install_awg_packages
-
-            printf "\033[32;1mThere are no instructions for manual configure yet. Do you want to configure the amneziawg interface? (y/n): \033[0m\n"
-            read IS_SHOULD_CONFIGURE_WG_INTERFACE
-
-            if [ "$IS_SHOULD_CONFIGURE_WG_INTERFACE" = "y" ] || [ "$IS_SHOULD_CONFIGURE_WG_INTERFACE" = "Y" ]; then
-                wg_awg_setup AmneziaWG
-            fi
-
-            break
-            ;;
-
-        3)
-            opkg install openvpn-openssl luci-app-openvpn
-            printf "\e[1;32mUse these instructions to configure https://itdog.info/nastrojka-klienta-openvpn-na-openwrt/\e[0m\n"
-            break
-            ;;
-
-        4)
-            opkg install openconnect luci-proto-openconnect
-            printf "\e[1;32mUse these instructions to configure https://itdog.info/nastrojka-klienta-openconnect-na-openwrt/\e[0m\n"
-            break
-            ;;
-
-        5)
-            echo "Installation without additional dependencies."
-            break
-            ;;
-
-        *)
-            echo "Choose from the following options"
-            ;;
-        esac
-    done
-}
-
-handler_network_restart() {
-    IS_SHOULD_RESTART_NETWORK=true
-}
-
-install_awg_packages() {
-    # Получение pkgarch с наибольшим приоритетом
-    PKGARCH=$(opkg print-architecture | awk 'BEGIN {max=0} {if ($3 > max) {max = $3; arch = $2}} END {print arch}')
-
-    TARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 1)
-    SUBTARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 2)
-    VERSION=$(ubus call system board | jsonfilter -e '@.release.version')
-    PKGPOSTFIX="_v${VERSION}_${PKGARCH}_${TARGET}_${SUBTARGET}.ipk"
-    BASE_URL="https://github.com/Slava-Shchipunov/awg-openwrt/releases/download/"
-
-    AWG_DIR="/tmp/amneziawg"
-    mkdir -p "$AWG_DIR"
-    
-    if opkg list-installed | grep -q kmod-amneziawg; then
-        echo "kmod-amneziawg already installed"
-    else
-        KMOD_AMNEZIAWG_FILENAME="kmod-amneziawg${PKGPOSTFIX}"
-        DOWNLOAD_URL="${BASE_URL}v${VERSION}/${KMOD_AMNEZIAWG_FILENAME}"
-        wget -O "$AWG_DIR/$KMOD_AMNEZIAWG_FILENAME" "$DOWNLOAD_URL"
-
-        if [ $? -eq 0 ]; then
-            echo "kmod-amneziawg file downloaded successfully"
-        else
-            echo "Error downloading kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
-            exit 1
-        fi
-        
-        opkg install "$AWG_DIR/$KMOD_AMNEZIAWG_FILENAME"
-
-        if [ $? -eq 0 ]; then
-            echo "kmod-amneziawg file downloaded successfully"
-        else
-            echo "Error installing kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
-            exit 1
-        fi
-    fi
-
-    if opkg list-installed | grep -q amneziawg-tools; then
-        echo "amneziawg-tools already installed"
-    else
-        AMNEZIAWG_TOOLS_FILENAME="amneziawg-tools${PKGPOSTFIX}"
-        DOWNLOAD_URL="${BASE_URL}v${VERSION}/${AMNEZIAWG_TOOLS_FILENAME}"
-        wget -O "$AWG_DIR/$AMNEZIAWG_TOOLS_FILENAME" "$DOWNLOAD_URL"
-
-        if [ $? -eq 0 ]; then
-            echo "amneziawg-tools file downloaded successfully"
-        else
-            echo "Error downloading amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
-            exit 1
-        fi
-
-        opkg install "$AWG_DIR/$AMNEZIAWG_TOOLS_FILENAME"
-
-        if [ $? -eq 0 ]; then
-            echo "amneziawg-tools file downloaded successfully"
-        else
-            echo "Error installing amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
-            exit 1
-        fi
-    fi
-    
-    if opkg list-installed | grep -qE 'luci-app-amneziawg|luci-proto-amneziawg'; then
-        echo "luci-app-amneziawg or luci-proto-amneziawg already installed"
-    else
-        LUCI_APP_AMNEZIAWG_FILENAME="luci-app-amneziawg${PKGPOSTFIX}"
-        DOWNLOAD_URL="${BASE_URL}v${VERSION}/${LUCI_APP_AMNEZIAWG_FILENAME}"
-        wget -O "$AWG_DIR/$LUCI_APP_AMNEZIAWG_FILENAME" "$DOWNLOAD_URL"
-
-        if [ $? -eq 0 ]; then
-            echo "luci-app-amneziawg file downloaded successfully"
-        else
-            echo "Error downloading luci-app-amneziawg. Please, install luci-app-amneziawg manually and run the script again"
-            exit 1
-        fi
-
-        opkg install "$AWG_DIR/$LUCI_APP_AMNEZIAWG_FILENAME"
-
-        if [ $? -eq 0 ]; then
-            echo "luci-app-amneziawg file downloaded successfully"
-        else
-            echo "Error installing luci-app-amneziawg. Please, install luci-app-amneziawg manually and run the script again"
-            exit 1
-        fi
-    fi
-
-    rm -rf "$AWG_DIR"
-}
-
-wg_awg_setup() {
-    PROTOCOL_NAME=$1
-    printf "\033[32;1mConfigure ${PROTOCOL_NAME}\033[0m\n"
-    if [ "$PROTOCOL_NAME" = 'Wireguard' ]; then
-        INTERFACE_NAME="wg0"
-        CONFIG_NAME="wireguard_wg0"
-        PROTO="wireguard"
-        ZONE_NAME="wg"
-    fi
-
-    if [ "$PROTOCOL_NAME" = 'AmneziaWG' ]; then
-        INTERFACE_NAME="awg0"
-        CONFIG_NAME="amneziawg_awg0"
-        PROTO="amneziawg"
-        ZONE_NAME="awg"
-        
-        echo "Do you want to use AmneziaWG config or basic Wireguard config + automatic obfuscation?"
-        echo "1) AmneziaWG"
-        echo "2) Wireguard + automatic obfuscation"
-        read CONFIG_TYPE
-    fi
-
-    read -r -p "Enter the private key (from [Interface]):"$'\n' WG_PRIVATE_KEY_INT
-
-    while true; do
-        read -r -p "Enter internal IP address with subnet, example 192.168.100.5/24 (from [Interface]):"$'\n' WG_IP
-        if echo "$WG_IP" | egrep -oq '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]+$'; then
-            break
-        else
-            echo "This IP is not valid. Please repeat"
-        fi
-    done
-
-    read -r -p "Enter the public key (from [Peer]):"$'\n' WG_PUBLIC_KEY_INT
-    read -r -p "If use PresharedKey, Enter this (from [Peer]). If your don't use leave blank:"$'\n' WG_PRESHARED_KEY_INT
-    read -r -p "Enter Endpoint host without port (Domain or IP) (from [Peer]):"$'\n' WG_ENDPOINT_INT
-
-    read -r -p "Enter Endpoint host port (from [Peer]) [51820]:"$'\n' WG_ENDPOINT_PORT_INT
-    WG_ENDPOINT_PORT_INT=${WG_ENDPOINT_PORT_INT:-51820}
-    if [ "$WG_ENDPOINT_PORT_INT" = '51820' ]; then
-        echo $WG_ENDPOINT_PORT_INT
-    fi
-
-    if [ "$PROTOCOL_NAME" = 'AmneziaWG' ]; then
-        if [ "$CONFIG_TYPE" = '1' ]; then
-            read -r -p "Enter Jc value (from [Interface]):"$'\n' AWG_JC
-            read -r -p "Enter Jmin value (from [Interface]):"$'\n' AWG_JMIN
-            read -r -p "Enter Jmax value (from [Interface]):"$'\n' AWG_JMAX
-            read -r -p "Enter S1 value (from [Interface]):"$'\n' AWG_S1
-            read -r -p "Enter S2 value (from [Interface]):"$'\n' AWG_S2
-            read -r -p "Enter H1 value (from [Interface]):"$'\n' AWG_H1
-            read -r -p "Enter H2 value (from [Interface]):"$'\n' AWG_H2
-            read -r -p "Enter H3 value (from [Interface]):"$'\n' AWG_H3
-            read -r -p "Enter H4 value (from [Interface]):"$'\n' AWG_H4
-        elif [ "$CONFIG_TYPE" = '2' ]; then
-            #Default values to wg automatic obfuscation
-            AWG_JC=4
-            AWG_JMIN=40
-            AWG_JMAX=70
-            AWG_S1=0
-            AWG_S2=0
-            AWG_H1=1
-            AWG_H2=2
-            AWG_H3=3
-            AWG_H4=4
-        fi
-    fi
-    
-    uci set network.${INTERFACE_NAME}=interface
-    uci set network.${INTERFACE_NAME}.proto=$PROTO
-    uci set network.${INTERFACE_NAME}.private_key=$WG_PRIVATE_KEY_INT
-    uci set network.${INTERFACE_NAME}.listen_port='51821'
-    uci set network.${INTERFACE_NAME}.addresses=$WG_IP
-
-    if [ "$PROTOCOL_NAME" = 'AmneziaWG' ]; then
-        uci set network.${INTERFACE_NAME}.awg_jc=$AWG_JC
-        uci set network.${INTERFACE_NAME}.awg_jmin=$AWG_JMIN
-        uci set network.${INTERFACE_NAME}.awg_jmax=$AWG_JMAX
-        uci set network.${INTERFACE_NAME}.awg_s1=$AWG_S1
-        uci set network.${INTERFACE_NAME}.awg_s2=$AWG_S2
-        uci set network.${INTERFACE_NAME}.awg_h1=$AWG_H1
-        uci set network.${INTERFACE_NAME}.awg_h2=$AWG_H2
-        uci set network.${INTERFACE_NAME}.awg_h3=$AWG_H3
-        uci set network.${INTERFACE_NAME}.awg_h4=$AWG_H4
-    fi
-
-    if ! uci show network | grep -q ${CONFIG_NAME}; then
-        uci add network ${CONFIG_NAME}
-    fi
-
-    uci set network.@${CONFIG_NAME}[0]=$CONFIG_NAME
-    uci set network.@${CONFIG_NAME}[0].name="${INTERFACE_NAME}_client"
-    uci set network.@${CONFIG_NAME}[0].public_key=$WG_PUBLIC_KEY_INT
-    uci set network.@${CONFIG_NAME}[0].preshared_key=$WG_PRESHARED_KEY_INT
-    uci set network.@${CONFIG_NAME}[0].route_allowed_ips='0'
-    uci set network.@${CONFIG_NAME}[0].persistent_keepalive='25'
-    uci set network.@${CONFIG_NAME}[0].endpoint_host=$WG_ENDPOINT_INT
-    uci set network.@${CONFIG_NAME}[0].allowed_ips='0.0.0.0/0'
-    uci set network.@${CONFIG_NAME}[0].endpoint_port=$WG_ENDPOINT_PORT_INT
-    uci commit network
-
-    if ! uci show firewall | grep -q "@zone.*name='${ZONE_NAME}'"; then
-        printf "\033[32;1mZone Create\033[0m\n"
-        uci add firewall zone
-        uci set firewall.@zone[-1].name=$ZONE_NAME
-        uci set firewall.@zone[-1].network=$INTERFACE_NAME
-        uci set firewall.@zone[-1].forward='REJECT'
-        uci set firewall.@zone[-1].output='ACCEPT'
-        uci set firewall.@zone[-1].input='REJECT'
-        uci set firewall.@zone[-1].masq='1'
-        uci set firewall.@zone[-1].mtu_fix='1'
-        uci set firewall.@zone[-1].family='ipv4'
-        uci commit firewall
-    fi
-
-    if ! uci show firewall | grep -q "@forwarding.*name='${ZONE_NAME}'"; then
-        printf "\033[32;1mConfigured forwarding\033[0m\n"
-        uci add firewall forwarding
-        uci set firewall.@forwarding[-1]=forwarding
-        uci set firewall.@forwarding[-1].name="${ZONE_NAME}-lan"
-        uci set firewall.@forwarding[-1].dest=${ZONE_NAME}
-        uci set firewall.@forwarding[-1].src='lan'
-        uci set firewall.@forwarding[-1].family='ipv4'
-        uci commit firewall
-    fi
-
-    handler_network_restart
 }
 
 check_system() {
     # Get router model
     MODEL=$(cat /tmp/sysinfo/model)
-    echo "Router model: $MODEL"
+    msg "Router model: $MODEL"
 
     # Check available space
     AVAILABLE_SPACE=$(df /overlay | awk 'NR==2 {print $4}')
     REQUIRED_SPACE=15360 # 15MB in KB
 
     if [ "$AVAILABLE_SPACE" -lt "$REQUIRED_SPACE" ]; then
-        printf "\033[31;1mError: Insufficient space in flash\033[0m\n"
-        echo "Available: $((AVAILABLE_SPACE/1024))MB"
-        echo "Required: $((REQUIRED_SPACE/1024))MB"
+        msg "Error: Insufficient space in flash"
+        msg "Available: $((AVAILABLE_SPACE/1024))MB"
+        msg "Required: $((REQUIRED_SPACE/1024))MB"
         exit 1
     fi
 
     if ! nslookup google.com >/dev/null 2>&1; then
-        printf "\033[31;1mDNS not working\033[0m\n"
+        msg "DNS not working"
         exit 1
     fi
 
-    if opkg list-installed | grep -qE "iptables|kmod-iptab"; then
-        printf "\033[31;1mFound incompatible iptables packages. If you're using FriendlyWrt: https://t.me/itdogchat/44512/181082\033[0m\n"
+    if opkg list-installed | grep -q https-dns-proxy; then
+        msg "Сonflicting package detected: https-dns-proxy. Remove?"
+
+        while true; do
+                read -r -p '' DNSPROXY
+                case $DNSPROXY in
+
+                yes|y|Y|yes)
+                    opkg remove --force-depends luci-app-https-dns-proxy https-dns-proxy luci-i18n-https-dns-proxy*
+                    break
+                    ;;
+                *)
+                    msg "Exit"
+                    exit 1
+                    ;;
+        esac
+    done
     fi
 }
 
@@ -439,6 +153,8 @@ sing_box() {
     required_version="1.11.1"
 
     if [ "$(echo -e "$sing_box_version\n$required_version" | sort -V | head -n 1)" != "$required_version" ]; then
+        msg "sing-box version $sing_box_version is older than required $required_version"
+        msg "Removing old version..."
         opkg remove sing-box
     fi
 }

luci-app-podkop/Makefile

@@ -1,7 +1,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-podkop
-PKG_VERSION:=0.3.36
+
+PKG_VERSION := $(if $(PKG_VERSION),$(PKG_VERSION),dev_$(shell date +%d%m%Y))
+
 PKG_RELEASE:=1
 
 LUCI_TITLE:=LuCI podkop app

luci-app-podkop/htdocs/luci-static/resources/view/podkop/additionalTab.js

@@ -0,0 +1,254 @@
+'use strict';
+'require form';
+'require baseclass';
+'require view.podkop.constants as constants';
+'require tools.widgets as widgets';
+
+function createAdditionalSection(mainSection, network) {
+    let o = mainSection.tab('additional', _('Additional Settings'));
+
+    o = mainSection.taboption('additional', form.Flag, 'yacd', _('Yacd enable'), _('<a href="http://openwrt.lan:9090/ui" target="_blank">openwrt.lan:9090/ui</a>'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.Flag, 'exclude_ntp', _('Exclude NTP'), _('For issues with open connections sing-box'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.Flag, 'quic_disable', _('QUIC disable'), _('For issues with the video stream'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.ListValue, 'update_interval', _('List Update Frequency'), _('Select how often the lists will be updated'));
+    Object.entries(constants.UPDATE_INTERVAL_OPTIONS).forEach(([key, label]) => {
+        o.value(key, _(label));
+    });
+    o.default = '1d';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.ListValue, 'dns_type', _('DNS Protocol Type'), _('Select DNS protocol to use'));
+    o.value('doh', _('DNS over HTTPS (DoH)'));
+    o.value('dot', _('DNS over TLS (DoT)'));
+    o.value('udp', _('UDP (Unprotected DNS)'));
+    o.default = 'udp';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.Value, 'dns_server', _('DNS Server'), _('Select or enter DNS server address'));
+    Object.entries(constants.DNS_SERVER_OPTIONS).forEach(([key, label]) => {
+        o.value(key, _(label));
+    });
+    o.default = '8.8.8.8';
+    o.rmempty = false;
+    o.ucisection = 'main';
+    o.validate = function (section_id, value) {
+        if (!value) {
+            return _('DNS server address cannot be empty');
+        }
+
+        const ipRegex = /^(\d{1,3}\.){3}\d{1,3}$/;
+        if (ipRegex.test(value)) {
+            const parts = value.split('.');
+            for (const part of parts) {
+                const num = parseInt(part);
+                if (num < 0 || num > 255) {
+                    return _('IP address parts must be between 0 and 255');
+                }
+            }
+            return true;
+        }
+
+        const domainRegex = /^([a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]+\.[a-zA-Z]{2,}(\/[^\s]*)?$/;
+        if (!domainRegex.test(value)) {
+            return _('Invalid DNS server format. Examples: 8.8.8.8 or dns.example.com or dns.example.com/nicedns for DoH');
+        }
+
+        return true;
+    };
+
+    o = mainSection.taboption('additional', form.Flag, 'split_dns_enabled', _('Split DNS'), _('DNS for the list via proxy'));
+    o.default = '1';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.ListValue, 'split_dns_type', _('Split DNS Protocol Type'), _('Select DNS protocol for split'));
+    o.value('doh', _('DNS over HTTPS (DoH)'));
+    o.value('dot', _('DNS over TLS (DoT)'));
+    o.value('udp', _('UDP (Unprotected DNS)'));
+    o.default = 'udp';
+    o.rmempty = false;
+    o.depends('split_dns_enabled', '1');
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.Value, 'split_dns_server', _('Split DNS Server'), _('Select or enter DNS server address'));
+    Object.entries(constants.DNS_SERVER_OPTIONS).forEach(([key, label]) => {
+        o.value(key, _(label));
+    });
+    o.default = '1.1.1.1';
+    o.rmempty = false;
+    o.depends('split_dns_enabled', '1');
+    o.ucisection = 'main';
+    o.validate = function (section_id, value) {
+        if (!value) {
+            return _('DNS server address cannot be empty');
+        }
+
+        const ipRegex = /^(\d{1,3}\.){3}\d{1,3}$/;
+        if (ipRegex.test(value)) {
+            const parts = value.split('.');
+            for (const part of parts) {
+                const num = parseInt(part);
+                if (num < 0 || num > 255) {
+                    return _('IP address parts must be between 0 and 255');
+                }
+            }
+            return true;
+        }
+
+        const domainRegex = /^([a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]+\.[a-zA-Z]{2,}(\/[^\s]*)?$/;
+        if (!domainRegex.test(value)) {
+            return _('Invalid DNS server format. Examples: 8.8.8.8 or dns.example.com or dns.example.com/nicedns for DoH');
+        }
+
+        return true;
+    };
+
+    o = mainSection.taboption('additional', form.Value, 'dns_rewrite_ttl', _('DNS Rewrite TTL'), _('Time in seconds for DNS record caching (default: 60)'));
+    o.default = '60';
+    o.rmempty = false;
+    o.ucisection = 'main';
+    o.validate = function (section_id, value) {
+        if (!value) {
+            return _('TTL value cannot be empty');
+        }
+
+        const ttl = parseInt(value);
+        if (isNaN(ttl) || ttl < 0) {
+            return _('TTL must be a positive number');
+        }
+
+        return true;
+    };
+
+    o = mainSection.taboption('additional', form.Value, 'cache_file', _('Cache File Path'), _('Select or enter path for sing-box cache file. Change this ONLY if you know what you are doing'));
+    o.value('/tmp/cache.db', 'RAM (/tmp/cache.db)');
+    o.value('/usr/share/sing-box/cache.db', 'Flash (/usr/share/sing-box/cache.db)');
+    o.default = '/tmp/cache.db';
+    o.rmempty = false;
+    o.ucisection = 'main';
+    o.validate = function (section_id, value) {
+        if (!value) {
+            return _('Cache file path cannot be empty');
+        }
+
+        if (!value.startsWith('/')) {
+            return _('Path must be absolute (start with /)');
+        }
+
+        if (!value.endsWith('cache.db')) {
+            return _('Path must end with cache.db');
+        }
+
+        const parts = value.split('/').filter(Boolean);
+        if (parts.length < 2) {
+            return _('Path must contain at least one directory (like /tmp/cache.db)');
+        }
+
+        return true;
+    };
+
+    o = mainSection.taboption('additional', widgets.DeviceSelect, 'iface', _('Source Network Interface'), _('Select the network interface from which the traffic will originate'));
+    o.ucisection = 'main';
+    o.default = 'br-lan';
+    o.noaliases = true;
+    o.nobridges = false;
+    o.noinactive = false;
+    o.multiple = true;
+    o.filter = function (section_id, value) {
+        if (['wan', 'phy0-ap0', 'phy1-ap0', 'pppoe-wan'].indexOf(value) !== -1) {
+            return false;
+        }
+
+        var device = this.devices.filter(function (dev) {
+            return dev.getName() === value;
+        })[0];
+
+        if (device) {
+            var type = device.getType();
+            return type !== 'wifi' && type !== 'wireless' && !type.includes('wlan');
+        }
+
+        return true;
+    };
+
+    o = mainSection.taboption('additional', form.Flag, 'mon_restart_ifaces', _('Interface monitoring'), _('Interface monitoring for bad WAN'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', widgets.NetworkSelect, 'restart_ifaces', _('Interface for monitoring'), _('Select the WAN interfaces to be monitored'));
+    o.ucisection = 'main';
+    o.depends('mon_restart_ifaces', '1');
+    o.multiple = true;
+    o.filter = function (section_id, value) {
+        return ['lan', 'loopback'].indexOf(value) === -1 && !value.startsWith('@');
+    };
+
+    o = mainSection.taboption('additional', form.Value, 'procd_reload_delay', _('Interface Monitoring Delay'), _('Delay in milliseconds before reloading podkop after interface UP'));
+    o.ucisection = 'main';
+    o.depends('mon_restart_ifaces', '1');
+    o.default = '2000';
+    o.rmempty = false;
+    o.validate = function (section_id, value) {
+        if (!value) {
+            return _('Delay value cannot be empty');
+        }
+        return true;
+    };
+
+    o = mainSection.taboption('additional', form.Flag, 'dont_touch_dhcp', _('Dont touch my DHCP!'), _('Podkop will not change the DHCP config'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.Flag, 'detour', _('Proxy download of lists'), _('Downloading all lists via main Proxy/VPN'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    // Extra IPs and exclusions (main section)
+    o = mainSection.taboption('basic', form.Flag, 'exclude_from_ip_enabled', _('IP for exclusion'), _('Specify local IP addresses that will never use the configured route'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('basic', form.DynamicList, 'exclude_traffic_ip', _('Local IPs'), _('Enter valid IPv4 addresses'));
+    o.placeholder = 'IP';
+    o.depends('exclude_from_ip_enabled', '1');
+    o.rmempty = false;
+    o.ucisection = 'main';
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        const ipRegex = /^(\d{1,3}\.){3}\d{1,3}$/;
+        if (!ipRegex.test(value)) return _('Invalid IP format. Use format: X.X.X.X (like 192.168.1.1)');
+        const ipParts = value.split('.');
+        for (const part of ipParts) {
+            const num = parseInt(part);
+            if (num < 0 || num > 255) return _('IP address parts must be between 0 and 255');
+        }
+        return true;
+    };
+
+    o = mainSection.taboption('basic', form.Flag, 'socks5', _('Mixed enable'), _('Browser port: 2080'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = 'main';
+}
+
+return baseclass.extend({
+    createAdditionalSection
+}); 

luci-app-podkop/htdocs/luci-static/resources/view/podkop/configSection.js

@@ -0,0 +1,532 @@
+'use strict';
+'require baseclass';
+'require form';
+'require ui';
+'require network';
+'require view.podkop.constants as constants';
+'require tools.widgets as widgets';
+
+function validateUrl(url, protocols = ['http:', 'https:']) {
+    try {
+        const parsedUrl = new URL(url);
+        if (!protocols.includes(parsedUrl.protocol)) {
+            return _('URL must use one of the following protocols: ') + protocols.join(', ');
+        }
+        return true;
+    } catch (e) {
+        return _('Invalid URL format');
+    }
+}
+
+function createConfigSection(section, map, network) {
+    const s = section;
+
+    let o = s.tab('basic', _('Basic Settings'));
+
+    o = s.taboption('basic', form.ListValue, 'mode', _('Connection Type'), _('Select between VPN and Proxy connection methods for traffic routing'));
+    o.value('proxy', ('Proxy'));
+    o.value('vpn', ('VPN'));
+    o.value('block', ('Block'));
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.ListValue, 'proxy_config_type', _('Configuration Type'), _('Select how to configure the proxy'));
+    o.value('url', _('Connection URL'));
+    o.value('outbound', _('Outbound Config'));
+    o.default = 'url';
+    o.depends('mode', 'proxy');
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.TextValue, 'proxy_string', _('Proxy Configuration URL'), _(''));
+    o.depends('proxy_config_type', 'url');
+    o.rows = 5;
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.sectionDescriptions = new Map();
+    o.placeholder = 'vless://uuid@server:port?type=tcp&security=tls#main\n// backup ss://method:pass@server:port\n// backup2 vless://uuid@server:port?type=grpc&security=reality#alt';
+
+    o.renderWidget = function (section_id, option_index, cfgvalue) {
+        const original = form.TextValue.prototype.renderWidget.apply(this, [section_id, option_index, cfgvalue]);
+        const container = E('div', {});
+        container.appendChild(original);
+
+        if (cfgvalue) {
+            try {
+                const activeConfig = cfgvalue.split('\n')
+                    .map(line => line.trim())
+                    .find(line => line && !line.startsWith('//'));
+
+                if (activeConfig) {
+                    if (activeConfig.includes('#')) {
+                        const label = activeConfig.split('#').pop();
+                        if (label && label.trim()) {
+                            const decodedLabel = decodeURIComponent(label);
+                            const descDiv = E('div', { 'class': 'cbi-value-description' }, _('Current config: ') + decodedLabel);
+                            container.appendChild(descDiv);
+                        } else {
+                            const descDiv = E('div', { 'class': 'cbi-value-description' }, _('Config without description'));
+                            container.appendChild(descDiv);
+                        }
+                    } else {
+                        const descDiv = E('div', { 'class': 'cbi-value-description' }, _('Config without description'));
+                        container.appendChild(descDiv);
+                    }
+                }
+            } catch (e) {
+                console.error('Error parsing config label:', e);
+                const descDiv = E('div', { 'class': 'cbi-value-description' }, _('Config without description'));
+                container.appendChild(descDiv);
+            }
+        } else {
+            const defaultDesc = E('div', { 'class': 'cbi-value-description' },
+                _('Enter connection string starting with vless:// or ss:// for proxy configuration. Add comments with // for backup configs'));
+            container.appendChild(defaultDesc);
+        }
+
+        return container;
+    };
+
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) {
+            return true;
+        }
+
+        try {
+            const activeConfig = value.split('\n')
+                .map(line => line.trim())
+                .find(line => line && !line.startsWith('//'));
+
+            if (!activeConfig) {
+                return _('No active configuration found. At least one non-commented line is required.');
+            }
+
+            if (!activeConfig.startsWith('vless://') && !activeConfig.startsWith('ss://')) {
+                return _('URL must start with vless:// or ss://');
+            }
+
+            if (activeConfig.startsWith('ss://')) {
+                let encrypted_part;
+                try {
+                    let mainPart = activeConfig.includes('?') ? activeConfig.split('?')[0] : activeConfig.split('#')[0];
+                    encrypted_part = mainPart.split('/')[2].split('@')[0];
+                    try {
+                        let decoded = atob(encrypted_part);
+                        if (!decoded.includes(':')) {
+                            if (!encrypted_part.includes(':') && !encrypted_part.includes('-')) {
+                                return _('Invalid Shadowsocks URL format: missing method and password separator ":"');
+                            }
+                        }
+                    } catch (e) {
+                        if (!encrypted_part.includes(':') && !encrypted_part.includes('-')) {
+                            return _('Invalid Shadowsocks URL format: missing method and password separator ":"');
+                        }
+                    }
+                } catch (e) {
+                    return _('Invalid Shadowsocks URL format');
+                }
+
+                try {
+                    let serverPart = activeConfig.split('@')[1];
+                    if (!serverPart) return _('Invalid Shadowsocks URL: missing server address');
+                    let [server, portAndRest] = serverPart.split(':');
+                    if (!server) return _('Invalid Shadowsocks URL: missing server');
+                    let port = portAndRest ? portAndRest.split(/[?#]/)[0] : null;
+                    if (!port) return _('Invalid Shadowsocks URL: missing port');
+                    let portNum = parseInt(port);
+                    if (isNaN(portNum) || portNum < 1 || portNum > 65535) {
+                        return _('Invalid port number. Must be between 1 and 65535');
+                    }
+                } catch (e) {
+                    return _('Invalid Shadowsocks URL: missing or invalid server/port format');
+                }
+            }
+
+            if (activeConfig.startsWith('vless://')) {
+                let uuid = activeConfig.split('/')[2].split('@')[0];
+                if (!uuid || uuid.length === 0) return _('Invalid VLESS URL: missing UUID');
+
+                try {
+                    let serverPart = activeConfig.split('@')[1];
+                    if (!serverPart) return _('Invalid VLESS URL: missing server address');
+                    let [server, portAndRest] = serverPart.split(':');
+                    if (!server) return _('Invalid VLESS URL: missing server');
+                    let port = portAndRest ? portAndRest.split(/[/?#]/)[0] : null;
+                    if (!port) return _('Invalid VLESS URL: missing port');
+                    let portNum = parseInt(port);
+                    if (isNaN(portNum) || portNum < 1 || portNum > 65535) {
+                        return _('Invalid port number. Must be between 1 and 65535');
+                    }
+                } catch (e) {
+                    return _('Invalid VLESS URL: missing or invalid server/port format');
+                }
+
+                let queryString = activeConfig.split('?')[1];
+                if (!queryString) return _('Invalid VLESS URL: missing query parameters');
+
+                let params = new URLSearchParams(queryString.split('#')[0]);
+                let type = params.get('type');
+                const validTypes = ['tcp', 'raw', 'udp', 'grpc', 'http', 'ws'];
+                if (!type || !validTypes.includes(type)) {
+                    return _('Invalid VLESS URL: type must be one of tcp, raw, udp, grpc, http, ws');
+                }
+
+                let security = params.get('security');
+                const validSecurities = ['tls', 'reality', 'none'];
+                if (!security || !validSecurities.includes(security)) {
+                    return _('Invalid VLESS URL: security must be one of tls, reality, none');
+                }
+
+                if (security === 'reality') {
+                    if (!params.get('pbk')) return _('Invalid VLESS URL: missing pbk parameter for reality security');
+                    if (!params.get('fp')) return _('Invalid VLESS URL: missing fp parameter for reality security');
+                }
+            }
+
+            return true;
+        } catch (e) {
+            console.error('Validation error:', e);
+            return _('Invalid URL format: ') + e.message;
+        }
+    };
+
+    o = s.taboption('basic', form.TextValue, 'outbound_json', _('Outbound Configuration'), _('Enter complete outbound configuration in JSON format'));
+    o.depends('proxy_config_type', 'outbound');
+    o.rows = 10;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        try {
+            const parsed = JSON.parse(value);
+            if (!parsed.type || !parsed.server || !parsed.server_port) {
+                return _('JSON must contain at least type, server and server_port fields');
+            }
+            return true;
+        } catch (e) {
+            return _('Invalid JSON format');
+        }
+    };
+
+    o = s.taboption('basic', form.Flag, 'ss_uot', _('Shadowsocks UDP over TCP'), _('Apply for SS2022'));
+    o.default = '0';
+    o.depends('mode', 'proxy');
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = s.taboption('basic', widgets.DeviceSelect, 'interface', _('Network Interface'), _('Select network interface for VPN connection'));
+    o.depends('mode', 'vpn');
+    o.ucisection = s.section;
+    o.noaliases = true;
+    o.nobridges = false;
+    o.noinactive = false;
+    o.filter = function (section_id, value) {
+        if (['br-lan', 'eth0', 'eth1', 'wan', 'phy0-ap0', 'phy1-ap0', 'pppoe-wan', 'lan'].indexOf(value) !== -1) {
+            return false;
+        }
+
+        var device = this.devices.filter(function (dev) {
+            return dev.getName() === value;
+        })[0];
+
+        if (device) {
+            var type = device.getType();
+            return type !== 'wifi' && type !== 'wireless' && !type.includes('wlan');
+        }
+
+        return true;
+    };
+
+    o = s.taboption('basic', form.Flag, 'domain_list_enabled', _('Community Lists'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.DynamicList, 'domain_list', _('Service List'), _('Select predefined service for routing') + ' <a href="https://github.com/itdoginfo/allow-domains" target="_blank">github.com/itdoginfo/allow-domains</a>');
+    o.placeholder = 'Service list';
+    Object.entries(constants.DOMAIN_LIST_OPTIONS).forEach(([key, label]) => {
+        o.value(key, _(label));
+    });
+
+    o.depends('domain_list_enabled', '1');
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    let lastValues = [];
+    let isProcessing = false;
+
+    o.onchange = function (ev, section_id, value) {
+        if (isProcessing) return;
+        isProcessing = true;
+
+        try {
+            const values = Array.isArray(value) ? value : [value];
+            let newValues = [...values];
+            let notifications = [];
+
+            const selectedRegionalOptions = constants.REGIONAL_OPTIONS.filter(opt => newValues.includes(opt));
+
+            if (selectedRegionalOptions.length > 1) {
+                const lastSelected = selectedRegionalOptions[selectedRegionalOptions.length - 1];
+                const removedRegions = selectedRegionalOptions.slice(0, -1);
+                newValues = newValues.filter(v => v === lastSelected || !constants.REGIONAL_OPTIONS.includes(v));
+                notifications.push(E('p', { class: 'alert-message warning' }, [
+                    E('strong', {}, _('Regional options cannot be used together')), E('br'),
+                    _('Warning: %s cannot be used together with %s. Previous selections have been removed.')
+                        .format(removedRegions.join(', '), lastSelected)
+                ]));
+            }
+
+            if (newValues.includes('russia_inside')) {
+                const removedServices = newValues.filter(v => !constants.ALLOWED_WITH_RUSSIA_INSIDE.includes(v));
+                if (removedServices.length > 0) {
+                    newValues = newValues.filter(v => constants.ALLOWED_WITH_RUSSIA_INSIDE.includes(v));
+                    notifications.push(E('p', { class: 'alert-message warning' }, [
+                        E('strong', {}, _('Russia inside restrictions')), E('br'),
+                        _('Warning: Russia inside can only be used with %s. %s already in Russia inside and have been removed from selection.')
+                            .format(
+                                constants.ALLOWED_WITH_RUSSIA_INSIDE.map(key => constants.DOMAIN_LIST_OPTIONS[key]).filter(label => label !== 'Russia inside').join(', '),
+                                removedServices.join(', ')
+                            )
+                    ]));
+                }
+            }
+
+            if (JSON.stringify(newValues.sort()) !== JSON.stringify(values.sort())) {
+                this.getUIElement(section_id).setValue(newValues);
+            }
+
+            notifications.forEach(notification => ui.addNotification(null, notification));
+            lastValues = newValues;
+        } catch (e) {
+            console.error('Error in onchange handler:', e);
+        } finally {
+            isProcessing = false;
+        }
+    };
+
+    o = s.taboption('basic', form.ListValue, 'custom_domains_list_type', _('User Domain List Type'), _('Select how to add your custom domains'));
+    o.value('disabled', _('Disabled'));
+    o.value('dynamic', _('Dynamic List'));
+    o.value('text', _('Text List'));
+    o.default = 'disabled';
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.DynamicList, 'custom_domains', _('User Domains'), _('Enter domain names without protocols (example: sub.example.com or example.com)'));
+    o.placeholder = 'Domains list';
+    o.depends('custom_domains_list_type', 'dynamic');
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        const domainRegex = /^(?!-)[A-Za-z0-9-]+([-.][A-Za-z0-9-]+)*(\.[A-Za-z]{2,})?$/;
+        if (!domainRegex.test(value)) {
+            return _('Invalid domain format. Enter domain without protocol (example: sub.example.com or ru)');
+        }
+        return true;
+    };
+
+    o = s.taboption('basic', form.TextValue, 'custom_domains_text', _('User Domains List'), _('Enter domain names separated by comma, space or newline. You can add comments after //'));
+    o.placeholder = 'example.com, sub.example.com\n// Social networks\ndomain.com test.com // personal domains';
+    o.depends('custom_domains_list_type', 'text');
+    o.rows = 8;
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+
+        const domainRegex = /^(?!-)[A-Za-z0-9-]+([-.][A-Za-z0-9-]+)*(\.[A-Za-z]{2,})?$/;
+        const lines = value.split(/\n/).map(line => line.trim());
+        let hasValidDomain = false;
+
+        for (const line of lines) {
+            // Skip empty lines
+            if (!line) continue;
+
+            // Extract domain part (before any //)
+            const domainPart = line.split('//')[0].trim();
+
+            // Skip if line is empty after removing comments
+            if (!domainPart) continue;
+
+            // Process each domain in the line (separated by comma or space)
+            const domains = domainPart.split(/[,\s]+/).map(d => d.trim()).filter(d => d.length > 0);
+
+            for (const domain of domains) {
+                if (!domainRegex.test(domain)) {
+                    return _('Invalid domain format: %s. Enter domain without protocol').format(domain);
+                }
+                hasValidDomain = true;
+            }
+        }
+
+        if (!hasValidDomain) {
+            return _('At least one valid domain must be specified. Comments-only content is not allowed.');
+        }
+
+        return true;
+    };
+
+    o = s.taboption('basic', form.Flag, 'custom_local_domains_list_enabled', _('Local Domain Lists'), _('Use the list from the router filesystem'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.DynamicList, 'custom_local_domains', _('Local Domain Lists Path'), _('Enter the list file path'));
+    o.placeholder = '/path/file.lst';
+    o.depends('custom_local_domains_list_enabled', '1');
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        const pathRegex = /^\/[a-zA-Z0-9_\-\/\.]+$/;
+        if (!pathRegex.test(value)) {
+            return _('Invalid path format. Path must start with "/" and contain valid characters');
+        }
+        return true;
+    };
+
+    o = s.taboption('basic', form.Flag, 'custom_download_domains_list_enabled', _('Remote Domain Lists'), _('Download and use domain lists from remote URLs'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.DynamicList, 'custom_download_domains', _('Remote Domain URLs'), _('Enter full URLs starting with http:// or https://'));
+    o.placeholder = 'URL';
+    o.depends('custom_download_domains_list_enabled', '1');
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        return validateUrl(value);
+    };
+
+    o = s.taboption('basic', form.ListValue, 'custom_subnets_list_enabled', _('User Subnet List Type'), _('Select how to add your custom subnets'));
+    o.value('disabled', _('Disabled'));
+    o.value('dynamic', _('Dynamic List'));
+    o.value('text', _('Text List (comma/space/newline separated)'));
+    o.default = 'disabled';
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.DynamicList, 'custom_subnets', _('User Subnets'), _('Enter subnets in CIDR notation (example: 103.21.244.0/22) or single IP addresses'));
+    o.placeholder = 'IP or subnet';
+    o.depends('custom_subnets_list_enabled', 'dynamic');
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        const subnetRegex = /^(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?$/;
+        if (!subnetRegex.test(value)) return _('Invalid format. Use format: X.X.X.X or X.X.X.X/Y');
+        const [ip, cidr] = value.split('/');
+        if (ip === "0.0.0.0") {
+             return _('IP address 0.0.0.0 is not allowed');
+        }
+        const ipParts = ip.split('.');
+        for (const part of ipParts) {
+            const num = parseInt(part);
+            if (num < 0 || num > 255) return _('IP address parts must be between 0 and 255');
+        }
+        if (cidr !== undefined) {
+            const cidrNum = parseInt(cidr);
+            if (cidrNum < 0 || cidrNum > 32) return _('CIDR must be between 0 and 32');
+        }
+        return true;
+    };
+
+    o = s.taboption('basic', form.TextValue, 'custom_subnets_text', _('User Subnets List'), _('Enter subnets in CIDR notation or single IP addresses, separated by comma, space or newline. You can add comments after //'));
+    o.placeholder = '103.21.244.0/22\n// Google DNS\n8.8.8.8\n1.1.1.1/32, 9.9.9.9 // Cloudflare and Quad9';
+    o.depends('custom_subnets_list_enabled', 'text');
+    o.rows = 10;
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+
+        const subnetRegex = /^(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?$/;
+        const lines = value.split(/\n/).map(line => line.trim());
+        let hasValidSubnet = false;
+
+        for (const line of lines) {
+            // Skip empty lines
+            if (!line) continue;
+
+            // Extract subnet part (before any //)
+            const subnetPart = line.split('//')[0].trim();
+
+            // Skip if line is empty after removing comments
+            if (!subnetPart) continue;
+
+            // Process each subnet in the line (separated by comma or space)
+            const subnets = subnetPart.split(/[,\s]+/).map(s => s.trim()).filter(s => s.length > 0);
+
+            for (const subnet of subnets) {
+                if (!subnetRegex.test(subnet)) {
+                    return _('Invalid format: %s. Use format: X.X.X.X or X.X.X.X/Y').format(subnet);
+                }
+
+                const [ip, cidr] = subnet.split('/');
+                const ipParts = ip.split('.');
+                for (const part of ipParts) {
+                    const num = parseInt(part);
+                    if (num < 0 || num > 255) {
+                        return _('IP parts must be between 0 and 255 in: %s').format(subnet);
+                    }
+                }
+
+                if (cidr !== undefined) {
+                    const cidrNum = parseInt(cidr);
+                    if (cidrNum < 0 || cidrNum > 32) {
+                        return _('CIDR must be between 0 and 32 in: %s').format(subnet);
+                    }
+                }
+                hasValidSubnet = true;
+            }
+        }
+
+        if (!hasValidSubnet) {
+            return _('At least one valid subnet or IP must be specified. Comments-only content is not allowed.');
+        }
+
+        return true;
+    };
+
+    o = s.taboption('basic', form.Flag, 'custom_download_subnets_list_enabled', _('Remote Subnet Lists'), _('Download and use subnet lists from remote URLs'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.DynamicList, 'custom_download_subnets', _('Remote Subnet URLs'), _('Enter full URLs starting with http:// or https://'));
+    o.placeholder = 'URL';
+    o.depends('custom_download_subnets_list_enabled', '1');
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        return validateUrl(value);
+    };
+
+    o = s.taboption('basic', form.Flag, 'all_traffic_from_ip_enabled', _('IP for full redirection'), _('Specify local IP addresses whose traffic will always use the configured route'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.DynamicList, 'all_traffic_ip', _('Local IPs'), _('Enter valid IPv4 addresses'));
+    o.placeholder = 'IP';
+    o.depends('all_traffic_from_ip_enabled', '1');
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        const ipRegex = /^(\d{1,3}\.){3}\d{1,3}$/;
+        if (!ipRegex.test(value)) return _('Invalid IP format. Use format: X.X.X.X (like 192.168.1.1)');
+        const ipParts = value.split('.');
+        for (const part of ipParts) {
+            const num = parseInt(part);
+            if (num < 0 || num > 255) return _('IP address parts must be between 0 and 255');
+        }
+        return true;
+    };
+}
+
+return baseclass.extend({
+    createConfigSection
+});

luci-app-podkop/htdocs/luci-static/resources/view/podkop/constants.js

@@ -0,0 +1,113 @@
+'use strict';
+'require baseclass';
+
+const STATUS_COLORS = {
+    SUCCESS: '#4caf50',
+    ERROR: '#f44336',
+    WARNING: '#ff9800'
+};
+
+const FAKEIP_CHECK_DOMAIN = 'fakeip.podkop.fyi';
+const IP_CHECK_DOMAIN = 'ip.podkop.fyi';
+
+const REGIONAL_OPTIONS = ['russia_inside', 'russia_outside', 'ukraine_inside'];
+const ALLOWED_WITH_RUSSIA_INSIDE = [
+    'russia_inside',
+    'meta',
+    'twitter',
+    'discord',
+    'telegram',
+    'cloudflare',
+    'google_ai',
+    'google_play',
+    'hetzner',
+    'ovh',
+    'hodca',
+    'digitalocean',
+    'cloudfront'
+];
+
+const DOMAIN_LIST_OPTIONS = {
+    russia_inside: 'Russia inside',
+    russia_outside: 'Russia outside',
+    ukraine_inside: 'Ukraine',
+    geoblock: 'Geo Block',
+    block: 'Block',
+    porn: 'Porn',
+    news: 'News',
+    anime: 'Anime',
+    youtube: 'Youtube',
+    discord: 'Discord',
+    meta: 'Meta',
+    twitter: 'Twitter (X)',
+    hdrezka: 'HDRezka',
+    tiktok: 'Tik-Tok',
+    telegram: 'Telegram',
+    cloudflare: 'Cloudflare',
+    google_ai: 'Google AI',
+    google_play: 'Google Play',
+    hodca: 'H.O.D.C.A',
+    hetzner: 'Hetzner ASN',
+    ovh: 'OVH ASN',
+    digitalocean: 'Digital Ocean ASN',
+    cloudfront: 'CloudFront ASN'
+};
+
+const UPDATE_INTERVAL_OPTIONS = {
+    '1h': 'Every hour',
+    '3h': 'Every 3 hours',
+    '12h': 'Every 12 hours',
+    '1d': 'Every day',
+    '3d': 'Every 3 days'
+};
+
+const DNS_SERVER_OPTIONS = {
+    '1.1.1.1': 'Cloudflare (1.1.1.1)',
+    '8.8.8.8': 'Google (8.8.8.8)',
+    '9.9.9.9': 'Quad9 (9.9.9.9)',
+    'dns.adguard-dns.com': 'AdGuard Default (dns.adguard-dns.com)',
+    'unfiltered.adguard-dns.com': 'AdGuard Unfiltered (unfiltered.adguard-dns.com)',
+    'family.adguard-dns.com': 'AdGuard Family (family.adguard-dns.com)'
+};
+
+const DIAGNOSTICS_UPDATE_INTERVAL = 10000; // 10 seconds
+const CACHE_TIMEOUT = DIAGNOSTICS_UPDATE_INTERVAL - 1000; // 9 seconds
+const ERROR_POLL_INTERVAL = 10000; // 10 seconds
+const COMMAND_TIMEOUT = 10000; // 10 seconds
+const FETCH_TIMEOUT = 10000; // 10 seconds
+const BUTTON_FEEDBACK_TIMEOUT = 1000; // 1 second
+const DIAGNOSTICS_INITIAL_DELAY = 100; // 100 milliseconds
+
+// Интервалы планирования команд в диагностике (в миллисекундах)
+const COMMAND_SCHEDULING = {
+    P0_PRIORITY: 0,      // Наивысший приоритет (без задержки)
+    P1_PRIORITY: 100,    // Очень высокий приоритет
+    P2_PRIORITY: 300,    // Высокий приоритет
+    P3_PRIORITY: 500,    // Выше среднего
+    P4_PRIORITY: 700,    // Стандартный приоритет
+    P5_PRIORITY: 900,    // Ниже среднего
+    P6_PRIORITY: 1100,   // Низкий приоритет
+    P7_PRIORITY: 1300,   // Очень низкий приоритет
+    P8_PRIORITY: 1500,   // Фоновое выполнение
+    P9_PRIORITY: 1700,   // Выполнение в режиме простоя
+    P10_PRIORITY: 1900   // Наименьший приоритет
+};
+
+return baseclass.extend({
+    STATUS_COLORS,
+    FAKEIP_CHECK_DOMAIN,
+    IP_CHECK_DOMAIN,
+    REGIONAL_OPTIONS,
+    ALLOWED_WITH_RUSSIA_INSIDE,
+    DOMAIN_LIST_OPTIONS,
+    UPDATE_INTERVAL_OPTIONS,
+    DNS_SERVER_OPTIONS,
+    DIAGNOSTICS_UPDATE_INTERVAL,
+    ERROR_POLL_INTERVAL,
+    COMMAND_TIMEOUT,
+    FETCH_TIMEOUT,
+    BUTTON_FEEDBACK_TIMEOUT,
+    DIAGNOSTICS_INITIAL_DELAY,
+    COMMAND_SCHEDULING,
+    CACHE_TIMEOUT
+});

luci-app-podkop/htdocs/luci-static/resources/view/podkop/diagnosticTab.js

@@ -0,0 +1,887 @@
+'use strict';
+'require baseclass';
+'require form';
+'require ui';
+'require uci';
+'require fs';
+'require view.podkop.constants as constants';
+'require view.podkop.utils as utils';
+
+// Cache system for network requests
+const fetchCache = {};
+
+// Helper function to fetch with cache
+async function cachedFetch(url, options = {}) {
+    const cacheKey = url;
+    const currentTime = Date.now();
+
+    // If we have a valid cached response, return it
+    if (fetchCache[cacheKey] && currentTime - fetchCache[cacheKey].timestamp < constants.CACHE_TIMEOUT) {
+        console.log(`Using cached response for ${url}`);
+        return Promise.resolve(fetchCache[cacheKey].response.clone());
+    }
+
+    // Otherwise, make a new request
+    try {
+        const response = await fetch(url, options);
+
+        // Cache the response
+        fetchCache[cacheKey] = {
+            response: response.clone(),
+            timestamp: currentTime
+        };
+
+        return response;
+    } catch (error) {
+        throw error;
+    }
+}
+
+// Helper functions for command execution with prioritization - Using from utils.js now
+function safeExec(command, args, priority, callback, timeout = constants.COMMAND_TIMEOUT) {
+    return utils.safeExec(command, args, priority, callback, timeout);
+}
+
+// Helper functions for handling checks
+function runCheck(checkFunction, priority, callback) {
+    // Default to highest priority execution if priority is not provided or invalid
+    let schedulingDelay = constants.COMMAND_SCHEDULING.P0_PRIORITY;
+
+    // If priority is a string, try to get the corresponding delay value
+    if (typeof priority === 'string' && constants.COMMAND_SCHEDULING[priority] !== undefined) {
+        schedulingDelay = constants.COMMAND_SCHEDULING[priority];
+    }
+
+    const executeCheck = async () => {
+        try {
+            const result = await checkFunction();
+            if (callback && typeof callback === 'function') {
+                callback(result);
+            }
+            return result;
+        } catch (error) {
+            if (callback && typeof callback === 'function') {
+                callback({ error });
+            }
+            return { error };
+        }
+    };
+
+    if (callback && typeof callback === 'function') {
+        setTimeout(executeCheck, schedulingDelay);
+        return;
+    } else {
+        return executeCheck();
+    }
+}
+
+function runAsyncTask(taskFunction, priority) {
+    // Default to highest priority execution if priority is not provided or invalid
+    let schedulingDelay = constants.COMMAND_SCHEDULING.P0_PRIORITY;
+
+    // If priority is a string, try to get the corresponding delay value
+    if (typeof priority === 'string' && constants.COMMAND_SCHEDULING[priority] !== undefined) {
+        schedulingDelay = constants.COMMAND_SCHEDULING[priority];
+    }
+
+    setTimeout(async () => {
+        try {
+            await taskFunction();
+        } catch (error) {
+            console.error('Async task error:', error);
+        }
+    }, schedulingDelay);
+}
+
+// Helper Functions for UI and formatting
+function createStatus(state, message, color) {
+    return {
+        state,
+        message: _(message),
+        color: constants.STATUS_COLORS[color]
+    };
+}
+
+function formatDiagnosticOutput(output) {
+    if (typeof output !== 'string') return '';
+    return output.trim()
+        .replace(/\x1b\[[0-9;]*m/g, '')
+        .replace(/\r\n/g, '\n')
+        .replace(/\r/g, '\n');
+}
+
+function copyToClipboard(text, button) {
+    const textarea = document.createElement('textarea');
+    textarea.value = text;
+    document.body.appendChild(textarea);
+    textarea.select();
+    try {
+        document.execCommand('copy');
+        const originalText = button.textContent;
+        button.textContent = _('Copied!');
+        setTimeout(() => button.textContent = originalText, constants.BUTTON_FEEDBACK_TIMEOUT);
+    } catch (err) {
+        ui.addNotification(null, E('p', {}, _('Failed to copy: ') + err.message));
+    }
+    document.body.removeChild(textarea);
+}
+
+// IP masking function
+function maskIP(ip) {
+    if (!ip) return '';
+    const parts = ip.split('.');
+    if (parts.length !== 4) return ip;
+    return ['XX', 'XX', 'XX', parts[3]].join('.');
+}
+
+// Status Check Functions
+async function checkFakeIP() {
+    try {
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), constants.FETCH_TIMEOUT);
+
+        try {
+            const response = await cachedFetch(`https://${constants.FAKEIP_CHECK_DOMAIN}/check`, { signal: controller.signal });
+            const data = await response.json();
+            clearTimeout(timeoutId);
+
+            if (data.fakeip === true) {
+                return createStatus('working', 'working', 'SUCCESS');
+            } else {
+                return createStatus('not_working', 'not working', 'ERROR');
+            }
+        } catch (fetchError) {
+            clearTimeout(timeoutId);
+            const message = fetchError.name === 'AbortError' ? 'timeout' : 'check error';
+            return createStatus('error', message, 'WARNING');
+        }
+    } catch (error) {
+        return createStatus('error', 'check error', 'WARNING');
+    }
+}
+
+async function checkFakeIPCLI() {
+    try {
+        return new Promise((resolve) => {
+            safeExec('nslookup', ['-timeout=2', constants.FAKEIP_CHECK_DOMAIN, '127.0.0.42'], 'P0_PRIORITY', result => {
+                if (result.stdout && result.stdout.includes('198.18')) {
+                    resolve(createStatus('working', 'working on router', 'SUCCESS'));
+                } else {
+                    resolve(createStatus('not_working', 'not working on router', 'ERROR'));
+                }
+            });
+        });
+    } catch (error) {
+        return createStatus('error', 'CLI check error', 'WARNING');
+    }
+}
+
+function checkDNSAvailability() {
+    return new Promise(async (resolve) => {
+        try {
+            safeExec('/usr/bin/podkop', ['check_dns_available'], 'P0_PRIORITY', dnsStatusResult => {
+                if (!dnsStatusResult || !dnsStatusResult.stdout) {
+                    return resolve({
+                        remote: createStatus('error', 'DNS check timeout', 'WARNING'),
+                        local: createStatus('error', 'DNS check timeout', 'WARNING')
+                    });
+                }
+
+                try {
+                    const dnsStatus = JSON.parse(dnsStatusResult.stdout);
+
+                    const remoteStatus = dnsStatus.is_available ?
+                        createStatus('available', `${dnsStatus.dns_type.toUpperCase()} (${dnsStatus.dns_server}) available`, 'SUCCESS') :
+                        createStatus('unavailable', `${dnsStatus.dns_type.toUpperCase()} (${dnsStatus.dns_server}) unavailable`, 'ERROR');
+
+                    const localStatus = dnsStatus.local_dns_working ?
+                        createStatus('available', 'Router DNS working', 'SUCCESS') :
+                        createStatus('unavailable', 'Router DNS not working', 'ERROR');
+
+                    return resolve({
+                        remote: remoteStatus,
+                        local: localStatus
+                    });
+                } catch (parseError) {
+                    return resolve({
+                        remote: createStatus('error', 'DNS check parse error', 'WARNING'),
+                        local: createStatus('error', 'DNS check parse error', 'WARNING')
+                    });
+                }
+            });
+        } catch (error) {
+            return resolve({
+                remote: createStatus('error', 'DNS check error', 'WARNING'),
+                local: createStatus('error', 'DNS check error', 'WARNING')
+            });
+        }
+    });
+}
+
+async function checkBypass() {
+    try {
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), constants.FETCH_TIMEOUT);
+
+        try {
+            const response1 = await cachedFetch(`https://${constants.FAKEIP_CHECK_DOMAIN}/check`, { signal: controller.signal });
+            const data1 = await response1.json();
+
+            const response2 = await cachedFetch(`https://${constants.IP_CHECK_DOMAIN}/check`, { signal: controller.signal });
+            const data2 = await response2.json();
+
+            clearTimeout(timeoutId);
+
+            if (data1.IP && data2.IP) {
+                if (data1.IP !== data2.IP) {
+                    return createStatus('working', 'working', 'SUCCESS');
+                } else {
+                    return createStatus('not_working', 'same IP for both domains', 'ERROR');
+                }
+            } else {
+                return createStatus('error', 'check error (no IP)', 'WARNING');
+            }
+        } catch (fetchError) {
+            clearTimeout(timeoutId);
+            const message = fetchError.name === 'AbortError' ? 'timeout' : 'check error';
+            return createStatus('error', message, 'WARNING');
+        }
+    } catch (error) {
+        return createStatus('error', 'check error', 'WARNING');
+    }
+}
+
+// Modal Functions
+function createModalContent(title, content) {
+    return [
+        E('div', {
+            'class': 'panel-body',
+            style: 'max-height: 70vh; overflow-y: auto; margin: 1em 0; padding: 1.5em; ' +
+                'font-family: monospace; white-space: pre-wrap; word-wrap: break-word; ' +
+                'line-height: 1.5; font-size: 14px;'
+        }, [
+            E('pre', { style: 'margin: 0;' }, content)
+        ]),
+        E('div', {
+            'class': 'right',
+            style: 'margin-top: 1em;'
+        }, [
+            E('button', {
+                'class': 'btn',
+                'click': ev => copyToClipboard('```txt\n' + content + '\n```', ev.target)
+            }, _('Copy to Clipboard')),
+            E('button', {
+                'class': 'btn',
+                'click': ui.hideModal
+            }, _('Close'))
+        ])
+    ];
+}
+
+function showConfigModal(command, title) {
+    // Create and show modal immediately with loading state
+    const modalContent = E('div', { 'class': 'panel-body' }, [
+        E('div', {
+            'class': 'panel-body',
+            style: 'max-height: 70vh; overflow-y: auto; margin: 1em 0; padding: 1.5em; ' +
+                'font-family: monospace; white-space: pre-wrap; word-wrap: break-word; ' +
+                'line-height: 1.5; font-size: 14px;'
+        }, [
+            E('pre', {
+                'id': 'modal-content-pre',
+                style: 'margin: 0;'
+            }, _('Loading...'))
+        ]),
+        E('div', {
+            'class': 'right',
+            style: 'margin-top: 1em;'
+        }, [
+            E('button', {
+                'class': 'btn',
+                'id': 'copy-button',
+                'click': ev => copyToClipboard('```txt\n' + document.getElementById('modal-content-pre').innerText + '\n```', ev.target)
+            }, _('Copy to Clipboard')),
+            E('button', {
+                'class': 'btn',
+                'click': ui.hideModal
+            }, _('Close'))
+        ])
+    ]);
+
+    ui.showModal(_(title), modalContent);
+
+    // Function to update modal content
+    const updateModalContent = (content) => {
+        const pre = document.getElementById('modal-content-pre');
+        if (pre) {
+            pre.textContent = content;
+        }
+    };
+
+    try {
+        let formattedOutput = '';
+
+        if (command === 'global_check') {
+            safeExec('/usr/bin/podkop', [command], 'P0_PRIORITY', res => {
+                formattedOutput = formatDiagnosticOutput(res.stdout || _('No output'));
+
+                try {
+                    const controller = new AbortController();
+                    const timeoutId = setTimeout(() => controller.abort(), constants.FETCH_TIMEOUT);
+
+                    cachedFetch(`https://${constants.FAKEIP_CHECK_DOMAIN}/check`, { signal: controller.signal })
+                        .then(response => response.json())
+                        .then(data => {
+                            clearTimeout(timeoutId);
+
+                            if (data.fakeip === true) {
+                                formattedOutput += '\n✅ ' + _('FakeIP is working in browser!') + '\n';
+                            } else {
+                                formattedOutput += '\n❌ ' + _('FakeIP is not working in browser') + '\n';
+                                formattedOutput += _('Check DNS server on current device (PC, phone)') + '\n';
+                                formattedOutput += _('Its must be router!') + '\n';
+                            }
+
+                            // Bypass check
+                            cachedFetch(`https://${constants.FAKEIP_CHECK_DOMAIN}/check`, { signal: controller.signal })
+                                .then(bypassResponse => bypassResponse.json())
+                                .then(bypassData => {
+                                    cachedFetch(`https://${constants.IP_CHECK_DOMAIN}/check`, { signal: controller.signal })
+                                        .then(bypassResponse2 => bypassResponse2.json())
+                                        .then(bypassData2 => {
+                                            formattedOutput += '━━━━━━━━━━━━━━━━━━━━━━━━━━━\n';
+
+                                            if (bypassData.IP && bypassData2.IP && bypassData.IP !== bypassData2.IP) {
+                                                formattedOutput += '✅ ' + _('Proxy working correctly') + '\n';
+                                                formattedOutput += _('Direct IP: ') + maskIP(bypassData.IP) + '\n';
+                                                formattedOutput += _('Proxy IP: ') + maskIP(bypassData2.IP) + '\n';
+                                            } else if (bypassData.IP === bypassData2.IP) {
+                                                formattedOutput += '❌ ' + _('Proxy is not working - same IP for both domains') + '\n';
+                                                formattedOutput += _('IP: ') + maskIP(bypassData.IP) + '\n';
+                                            } else {
+                                                formattedOutput += '❌ ' + _('Proxy check failed') + '\n';
+                                            }
+
+                                            updateModalContent(formattedOutput);
+                                        })
+                                        .catch(error => {
+                                            formattedOutput += '\n❌ ' + _('Check failed: ') + (error.name === 'AbortError' ? _('timeout') : error.message) + '\n';
+                                            updateModalContent(formattedOutput);
+                                        });
+                                })
+                                .catch(error => {
+                                    formattedOutput += '\n❌ ' + _('Check failed: ') + (error.name === 'AbortError' ? _('timeout') : error.message) + '\n';
+                                    updateModalContent(formattedOutput);
+                                });
+                        })
+                        .catch(error => {
+                            formattedOutput += '\n❌ ' + _('Check failed: ') + (error.name === 'AbortError' ? _('timeout') : error.message) + '\n';
+                            updateModalContent(formattedOutput);
+                        });
+                } catch (error) {
+                    formattedOutput += '\n❌ ' + _('Check failed: ') + error.message + '\n';
+                    updateModalContent(formattedOutput);
+                }
+            });
+        } else {
+            safeExec('/usr/bin/podkop', [command], 'P0_PRIORITY', res => {
+                formattedOutput = formatDiagnosticOutput(res.stdout || _('No output'));
+                updateModalContent(formattedOutput);
+            });
+        }
+    } catch (error) {
+        updateModalContent(_('Error: ') + error.message);
+    }
+}
+
+// Button Factory
+const ButtonFactory = {
+    createButton: function (config) {
+        return E('button', {
+            'class': `btn ${config.additionalClass || ''}`.trim(),
+            'click': config.onClick,
+            'style': config.style || ''
+        }, _(config.label));
+    },
+
+    createActionButton: function (config) {
+        return this.createButton({
+            label: config.label,
+            additionalClass: `cbi-button-${config.type || ''}`,
+            onClick: () => safeExec('/usr/bin/podkop', [config.action], 'P0_PRIORITY')
+                .then(() => config.reload && location.reload()),
+            style: config.style
+        });
+    },
+
+    createInitActionButton: function (config) {
+        return this.createButton({
+            label: config.label,
+            additionalClass: `cbi-button-${config.type || ''}`,
+            onClick: () => safeExec('/etc/init.d/podkop', [config.action], 'P0_PRIORITY')
+                .then(() => config.reload && location.reload()),
+            style: config.style
+        });
+    },
+
+    createModalButton: function (config) {
+        return this.createButton({
+            label: config.label,
+            onClick: () => showConfigModal(config.command, config.title),
+            additionalClass: `cbi-button-${config.type || ''}`,
+            style: config.style
+        });
+    }
+};
+
+// Create a loading placeholder for status text
+function createLoadingStatusText() {
+    return E('span', { 'class': 'loading-indicator' }, _('Loading...'));
+}
+
+// Create the status section with buttons loaded immediately but status indicators loading asynchronously
+let createStatusSection = async function () {
+    // Get initial podkop status
+    let initialPodkopStatus = { enabled: false };
+    try {
+        const result = await fs.exec('/usr/bin/podkop', ['get_status']);
+        if (result && result.stdout) {
+            const status = JSON.parse(result.stdout);
+            initialPodkopStatus.enabled = status.enabled === 1;
+        }
+    } catch (e) {
+        console.error('Error getting initial podkop status:', e);
+    }
+
+    return E('div', { 'class': 'cbi-section' }, [
+        E('div', { 'class': 'table', style: 'display: flex; gap: 20px;' }, [
+            // Podkop Status Panel
+            E('div', { 'id': 'podkop-status-panel', 'class': 'panel', 'style': 'flex: 1; padding: 15px;' }, [
+                E('div', { 'class': 'panel-heading' }, [
+                    E('strong', {}, _('Podkop Status')),
+                    E('br'),
+                    E('span', { 'id': 'podkop-status-text' }, createLoadingStatusText())
+                ]),
+                E('div', { 'class': 'panel-body', 'style': 'display: flex; flex-direction: column; gap: 8px;' }, [
+                    ButtonFactory.createActionButton({
+                        label: 'Restart Podkop',
+                        type: 'apply',
+                        action: 'restart',
+                        reload: true
+                    }),
+                    ButtonFactory.createActionButton({
+                        label: 'Stop Podkop',
+                        type: 'apply',
+                        action: 'stop',
+                        reload: true
+                    }),
+                    // Autostart button - create with initial state
+                    ButtonFactory.createInitActionButton({
+                        label: initialPodkopStatus.enabled ? 'Disable Autostart' : 'Enable Autostart',
+                        type: initialPodkopStatus.enabled ? 'remove' : 'apply',
+                        action: initialPodkopStatus.enabled ? 'disable' : 'enable',
+                        reload: true
+                    }),
+                    ButtonFactory.createModalButton({
+                        label: _('Global check'),
+                        command: 'global_check',
+                        title: _('Click here for all the info')
+                    }),
+                    ButtonFactory.createModalButton({
+                        label: 'View Logs',
+                        command: 'check_logs',
+                        title: 'Podkop Logs'
+                    }),
+                    ButtonFactory.createModalButton({
+                        label: _('Update Lists'),
+                        command: 'list_update',
+                        title: _('Lists Update Results')
+                    })
+                ])
+            ]),
+
+            // Sing-box Status Panel
+            E('div', { 'id': 'singbox-status-panel', 'class': 'panel', 'style': 'flex: 1; padding: 15px;' }, [
+                E('div', { 'class': 'panel-heading' }, [
+                    E('strong', {}, _('Sing-box Status')),
+                    E('br'),
+                    E('span', { 'id': 'singbox-status-text' }, createLoadingStatusText())
+                ]),
+                E('div', { 'class': 'panel-body', 'style': 'display: flex; flex-direction: column; gap: 8px;' }, [
+                    ButtonFactory.createModalButton({
+                        label: 'Show Config',
+                        command: 'show_sing_box_config',
+                        title: 'Sing-box Configuration'
+                    }),
+                    ButtonFactory.createModalButton({
+                        label: 'View Logs',
+                        command: 'check_sing_box_logs',
+                        title: 'Sing-box Logs'
+                    }),
+                    ButtonFactory.createModalButton({
+                        label: 'Check Connections',
+                        command: 'check_sing_box_connections',
+                        title: 'Active Connections'
+                    }),
+                    ButtonFactory.createModalButton({
+                        label: _('Check NFT Rules'),
+                        command: 'check_nft',
+                        title: _('NFT Rules')
+                    }),
+                    ButtonFactory.createModalButton({
+                        label: _('Check DNSMasq'),
+                        command: 'check_dnsmasq',
+                        title: _('DNSMasq Configuration')
+                    })
+                ])
+            ]),
+
+            // FakeIP Status Panel
+            E('div', { 'id': 'fakeip-status-panel', 'class': 'panel', 'style': 'flex: 1; padding: 15px;' }, [
+                E('div', { 'class': 'panel-heading' }, [
+                    E('strong', {}, _('FakeIP Status'))
+                ]),
+                E('div', { 'class': 'panel-body', 'style': 'display: flex; flex-direction: column; gap: 8px;' }, [
+                    E('div', { style: 'margin-bottom: 5px;' }, [
+                        E('div', {}, [
+                            E('span', { 'id': 'fakeip-browser-status' }, createLoadingStatusText())
+                        ]),
+                        E('div', {}, [
+                            E('span', { 'id': 'fakeip-router-status' }, createLoadingStatusText())
+                        ])
+                    ]),
+                    E('div', { style: 'margin-bottom: 5px;' }, [
+                        E('div', {}, [
+                            E('strong', {}, _('DNS Status')),
+                            E('br'),
+                            E('span', { 'id': 'dns-remote-status' }, createLoadingStatusText()),
+                            E('br'),
+                            E('span', { 'id': 'dns-local-status' }, createLoadingStatusText())
+                        ])
+                    ]),
+                    E('div', { style: 'margin-bottom: 5px;' }, [
+                        E('div', {}, [
+                            E('strong', { 'id': 'config-name-text' }, _('Main config')),
+                            E('br'),
+                            E('span', { 'id': 'bypass-status' }, createLoadingStatusText())
+                        ])
+                    ])
+                ])
+            ]),
+
+            // Version Information Panel
+            E('div', { 'id': 'version-info-panel', 'class': 'panel', 'style': 'flex: 1; padding: 15px;' }, [
+                E('div', { 'class': 'panel-heading' }, [
+                    E('strong', {}, _('Version Information'))
+                ]),
+                E('div', { 'class': 'panel-body' }, [
+                    E('div', { 'style': 'margin-top: 10px; font-family: monospace; white-space: pre-wrap;' }, [
+                        E('strong', {}, _('Podkop: ')), E('span', { 'id': 'podkop-version' }, _('Loading...')), '\n',
+                        E('strong', {}, _('LuCI App: ')), E('span', { 'id': 'luci-version' }, _('Loading...')), '\n',
+                        E('strong', {}, _('Sing-box: ')), E('span', { 'id': 'singbox-version' }, _('Loading...')), '\n',
+                        E('strong', {}, _('OpenWrt Version: ')), E('span', { 'id': 'openwrt-version' }, _('Loading...')), '\n',
+                        E('strong', {}, _('Device Model: ')), E('span', { 'id': 'device-model' }, _('Loading...'))
+                    ])
+                ])
+            ])
+        ])
+    ]);
+};
+
+// Global variables for tracking state
+let diagnosticsUpdateTimer = null;
+let isInitialCheck = true;
+showConfigModal.busy = false;
+
+function startDiagnosticsUpdates() {
+    if (diagnosticsUpdateTimer) {
+        clearInterval(diagnosticsUpdateTimer);
+    }
+
+    // Immediately update when started
+    updateDiagnostics();
+
+    // Then set up periodic updates
+    diagnosticsUpdateTimer = setInterval(updateDiagnostics, constants.DIAGNOSTICS_UPDATE_INTERVAL);
+}
+
+function stopDiagnosticsUpdates() {
+    if (diagnosticsUpdateTimer) {
+        clearInterval(diagnosticsUpdateTimer);
+        diagnosticsUpdateTimer = null;
+    }
+}
+
+// Update individual text element with new content
+function updateTextElement(elementId, content) {
+    const element = document.getElementById(elementId);
+    if (element) {
+        element.innerHTML = '';
+        element.appendChild(content);
+    }
+}
+
+async function updateDiagnostics() {
+    // Podkop Status check
+    safeExec('/usr/bin/podkop', ['get_status'], 'P0_PRIORITY', result => {
+        try {
+            const parsedPodkopStatus = JSON.parse(result.stdout || '{"enabled":0,"status":"error"}');
+
+            // Update Podkop status text
+            updateTextElement('podkop-status-text',
+                E('span', {
+                    'style': `color: ${parsedPodkopStatus.enabled ? constants.STATUS_COLORS.SUCCESS : constants.STATUS_COLORS.ERROR}`
+                }, [
+                    parsedPodkopStatus.enabled ? '✔ Autostart enabled' : '✘ Autostart disabled'
+                ])
+            );
+
+            // Update autostart button
+            const autostartButton = parsedPodkopStatus.enabled ?
+                ButtonFactory.createInitActionButton({
+                    label: 'Disable Autostart',
+                    type: 'remove',
+                    action: 'disable',
+                    reload: true
+                }) :
+                ButtonFactory.createInitActionButton({
+                    label: 'Enable Autostart',
+                    type: 'apply',
+                    action: 'enable',
+                    reload: true
+                });
+
+            // Find the autostart button and replace it
+            const panel = document.getElementById('podkop-status-panel');
+            if (panel) {
+                const buttons = panel.querySelectorAll('.cbi-button');
+                if (buttons.length >= 3) {
+                    buttons[2].parentNode.replaceChild(autostartButton, buttons[2]);
+                }
+            }
+        } catch (error) {
+            updateTextElement('podkop-status-text',
+                E('span', { 'style': `color: ${constants.STATUS_COLORS.ERROR}` }, '✘ Error')
+            );
+        }
+    });
+
+    // Sing-box Status check
+    safeExec('/usr/bin/podkop', ['get_sing_box_status'], 'P0_PRIORITY', result => {
+        try {
+            const parsedSingboxStatus = JSON.parse(result.stdout || '{"running":0,"enabled":0,"status":"error"}');
+
+            // Update Sing-box status text
+            updateTextElement('singbox-status-text',
+                E('span', {
+                    'style': `color: ${parsedSingboxStatus.running && !parsedSingboxStatus.enabled ?
+                        constants.STATUS_COLORS.SUCCESS : constants.STATUS_COLORS.ERROR}`
+                }, [
+                    parsedSingboxStatus.running && !parsedSingboxStatus.enabled ?
+                        '✔ running' : '✘ ' + parsedSingboxStatus.status
+                ])
+            );
+        } catch (error) {
+            updateTextElement('singbox-status-text',
+                E('span', { 'style': `color: ${constants.STATUS_COLORS.ERROR}` }, '✘ Error')
+            );
+        }
+    });
+
+    // Version Information checks
+    safeExec('/usr/bin/podkop', ['show_version'], 'P2_PRIORITY', result => {
+        updateTextElement('podkop-version',
+            document.createTextNode(result.stdout ? result.stdout.trim() : _('Unknown'))
+        );
+    });
+
+    safeExec('/usr/bin/podkop', ['show_luci_version'], 'P2_PRIORITY', result => {
+        updateTextElement('luci-version',
+            document.createTextNode(result.stdout ? result.stdout.trim() : _('Unknown'))
+        );
+    });
+
+    safeExec('/usr/bin/podkop', ['show_sing_box_version'], 'P2_PRIORITY', result => {
+        updateTextElement('singbox-version',
+            document.createTextNode(result.stdout ? result.stdout.trim() : _('Unknown'))
+        );
+    });
+
+    safeExec('/usr/bin/podkop', ['show_system_info'], 'P2_PRIORITY', result => {
+        if (result.stdout) {
+            updateTextElement('openwrt-version',
+                document.createTextNode(result.stdout.split('\n')[1].trim())
+            );
+            updateTextElement('device-model',
+                document.createTextNode(result.stdout.split('\n')[4].trim())
+            );
+        } else {
+            updateTextElement('openwrt-version', document.createTextNode(_('Unknown')));
+            updateTextElement('device-model', document.createTextNode(_('Unknown')));
+        }
+    });
+
+    // FakeIP and DNS status checks
+    runCheck(checkFakeIP, 'P3_PRIORITY', result => {
+        updateTextElement('fakeip-browser-status',
+            E('span', { style: `color: ${result.error ? constants.STATUS_COLORS.WARNING : result.color}` }, [
+                result.error ? '! ' : result.state === 'working' ? '✔ ' : result.state === 'not_working' ? '✘ ' : '! ',
+                result.error ? 'check error' : result.state === 'working' ? _('works in browser') : _('does not work in browser')
+            ])
+        );
+    });
+
+    runCheck(checkFakeIPCLI, 'P8_PRIORITY', result => {
+        updateTextElement('fakeip-router-status',
+            E('span', { style: `color: ${result.error ? constants.STATUS_COLORS.WARNING : result.color}` }, [
+                result.error ? '! ' : result.state === 'working' ? '✔ ' : result.state === 'not_working' ? '✘ ' : '! ',
+                result.error ? 'check error' : result.state === 'working' ? _('works on router') : _('does not work on router')
+            ])
+        );
+    });
+
+    runCheck(checkDNSAvailability, 'P4_PRIORITY', result => {
+        if (result.error) {
+            updateTextElement('dns-remote-status',
+                E('span', { style: `color: ${constants.STATUS_COLORS.WARNING}` }, '! DNS check error')
+            );
+            updateTextElement('dns-local-status',
+                E('span', { style: `color: ${constants.STATUS_COLORS.WARNING}` }, '! DNS check error')
+            );
+        } else {
+            updateTextElement('dns-remote-status',
+                E('span', { style: `color: ${result.remote.color}` }, [
+                    result.remote.state === 'available' ? '✔ ' : result.remote.state === 'unavailable' ? '✘ ' : '! ',
+                    result.remote.message
+                ])
+            );
+
+            updateTextElement('dns-local-status',
+                E('span', { style: `color: ${result.local.color}` }, [
+                    result.local.state === 'available' ? '✔ ' : result.local.state === 'unavailable' ? '✘ ' : '! ',
+                    result.local.message
+                ])
+            );
+        }
+    });
+
+    runCheck(checkBypass, 'P1_PRIORITY', result => {
+        updateTextElement('bypass-status',
+            E('span', { style: `color: ${result.error ? constants.STATUS_COLORS.WARNING : result.color}` }, [
+                result.error ? '! ' : result.state === 'working' ? '✔ ' : result.state === 'not_working' ? '✘ ' : '! ',
+                result.error ? 'check error' : result.message
+            ])
+        );
+    }, 'P1_PRIORITY');
+
+    // Config name
+    runAsyncTask(async () => {
+        try {
+            let configName = _('Main config');
+            const data = await uci.load('podkop');
+            const proxyString = uci.get('podkop', 'main', 'proxy_string');
+
+            if (proxyString) {
+                const activeConfig = proxyString.split('\n')
+                    .map(line => line.trim())
+                    .find(line => line && !line.startsWith('//'));
+
+                if (activeConfig) {
+                    if (activeConfig.includes('#')) {
+                        const label = activeConfig.split('#').pop();
+                        if (label && label.trim()) {
+                            configName = _('Config: ') + decodeURIComponent(label);
+                        }
+                    }
+                }
+            }
+
+            updateTextElement('config-name-text', document.createTextNode(configName));
+        } catch (e) {
+            console.error('Error getting config name from UCI:', e);
+        }
+    }, 'P1_PRIORITY');
+}
+
+function createDiagnosticsSection(mainSection) {
+    let o = mainSection.tab('diagnostics', _('Diagnostics'));
+
+    o = mainSection.taboption('diagnostics', form.DummyValue, '_status');
+    o.rawhtml = true;
+    o.cfgvalue = () => E('div', {
+        id: 'diagnostics-status',
+        'data-loading': 'true'
+    });
+}
+
+function setupDiagnosticsEventHandlers(node) {
+    const titleDiv = E('h2', { 'class': 'cbi-map-title' }, _('Podkop'));
+    node.insertBefore(titleDiv, node.firstChild);
+
+    // Function to initialize diagnostics
+    function initDiagnostics(container) {
+        if (container && container.hasAttribute('data-loading')) {
+            container.innerHTML = '';
+            showConfigModal.busy = false;
+            createStatusSection().then(section => {
+                container.appendChild(section);
+                startDiagnosticsUpdates();
+                // Start error polling when diagnostics tab is active
+                utils.startErrorPolling();
+            });
+        }
+    }
+
+    document.addEventListener('visibilitychange', function () {
+        const diagnosticsContainer = document.getElementById('diagnostics-status');
+        const diagnosticsTab = document.querySelector('.cbi-tab[data-tab="diagnostics"]');
+
+        if (document.hidden || !diagnosticsTab || !diagnosticsTab.classList.contains('cbi-tab-active')) {
+            stopDiagnosticsUpdates();
+            // Don't stop error polling here - it's managed in podkop.js for all tabs
+        } else if (diagnosticsContainer && diagnosticsContainer.hasAttribute('data-loading')) {
+            startDiagnosticsUpdates();
+            // Ensure error polling is running when diagnostics tab is active
+            utils.startErrorPolling();
+        }
+    });
+
+    setTimeout(() => {
+        const diagnosticsContainer = document.getElementById('diagnostics-status');
+        const diagnosticsTab = document.querySelector('.cbi-tab[data-tab="diagnostics"]');
+        const otherTabs = document.querySelectorAll('.cbi-tab:not([data-tab="diagnostics"])');
+
+        // Check for direct page load case
+        const noActiveTabsExist = !Array.from(otherTabs).some(tab => tab.classList.contains('cbi-tab-active'));
+
+        if (diagnosticsContainer && diagnosticsTab && (diagnosticsTab.classList.contains('cbi-tab-active') || noActiveTabsExist)) {
+            initDiagnostics(diagnosticsContainer);
+        }
+
+        const tabs = node.querySelectorAll('.cbi-tabmenu');
+        if (tabs.length > 0) {
+            tabs[0].addEventListener('click', function (e) {
+                const tab = e.target.closest('.cbi-tab');
+                if (tab) {
+                    const tabName = tab.getAttribute('data-tab');
+                    if (tabName === 'diagnostics') {
+                        const container = document.getElementById('diagnostics-status');
+                        container.setAttribute('data-loading', 'true');
+                        initDiagnostics(container);
+                    } else {
+                        stopDiagnosticsUpdates();
+                        // Don't stop error polling - it should continue on all tabs
+                    }
+                }
+            });
+        }
+    }, constants.DIAGNOSTICS_INITIAL_DELAY);
+
+    node.classList.add('fade-in');
+    return node;
+}
+
+return baseclass.extend({
+    createDiagnosticsSection,
+    setupDiagnosticsEventHandlers
+}); 

luci-app-podkop/htdocs/luci-static/resources/view/podkop/utils.js

@@ -0,0 +1,152 @@
+'use strict';
+'require baseclass';
+'require ui';
+'require fs';
+'require view.podkop.constants as constants';
+
+// Flag to track if this is the first error check
+let isInitialCheck = true;
+
+// Set to track which errors we've already seen
+const lastErrorsSet = new Set();
+
+// Timer for periodic error polling
+let errorPollTimer = null;
+
+// Helper function to fetch errors from the podkop command
+async function getPodkopErrors() {
+    return new Promise(resolve => {
+        safeExec('/usr/bin/podkop', ['check_logs'], 'P0_PRIORITY', result => {
+            if (!result || !result.stdout) return resolve([]);
+
+            const logs = result.stdout.split('\n');
+            const errors = logs.filter(log =>
+                log.includes('[critical]')
+            );
+
+            resolve(errors);
+        });
+    });
+}
+
+// Show error notification to the user
+function showErrorNotification(error, isMultiple = false) {
+    const notificationContent = E('div', { 'class': 'alert-message error' }, [
+        E('pre', { 'class': 'error-log' }, error)
+    ]);
+
+    ui.addNotification(null, notificationContent);
+}
+
+// Helper function for command execution with prioritization
+function safeExec(command, args, priority, callback, timeout = constants.COMMAND_TIMEOUT) {
+    // Default to highest priority execution if priority is not provided or invalid
+    let schedulingDelay = constants.COMMAND_SCHEDULING.P0_PRIORITY;
+
+    // If priority is a string, try to get the corresponding delay value
+    if (typeof priority === 'string' && constants.COMMAND_SCHEDULING[priority] !== undefined) {
+        schedulingDelay = constants.COMMAND_SCHEDULING[priority];
+    }
+
+    const executeCommand = async () => {
+        try {
+            const controller = new AbortController();
+            const timeoutId = setTimeout(() => controller.abort(), timeout);
+
+            const result = await Promise.race([
+                fs.exec(command, args),
+                new Promise((_, reject) => {
+                    controller.signal.addEventListener('abort', () => {
+                        reject(new Error('Command execution timed out'));
+                    });
+                })
+            ]);
+
+            clearTimeout(timeoutId);
+
+            if (callback && typeof callback === 'function') {
+                callback(result);
+            }
+
+            return result;
+        } catch (error) {
+            console.warn(`Command execution failed or timed out: ${command} ${args.join(' ')}`);
+            const errorResult = { stdout: '', stderr: error.message, error: error };
+
+            if (callback && typeof callback === 'function') {
+                callback(errorResult);
+            }
+
+            return errorResult;
+        }
+    };
+
+    if (callback && typeof callback === 'function') {
+        setTimeout(executeCommand, schedulingDelay);
+        return;
+    }
+    else {
+        return executeCommand();
+    }
+}
+
+// Check for critical errors and show notifications
+async function checkForCriticalErrors() {
+    try {
+        const errors = await getPodkopErrors();
+
+        if (errors && errors.length > 0) {
+            // Filter out errors we've already seen
+            const newErrors = errors.filter(error => !lastErrorsSet.has(error));
+
+            if (newErrors.length > 0) {
+                // On initial check, just store errors without showing notifications
+                if (!isInitialCheck) {
+                    // Show each new error as a notification
+                    newErrors.forEach(error => {
+                        showErrorNotification(error, newErrors.length > 1);
+                    });
+                }
+
+                // Add new errors to our set of seen errors
+                newErrors.forEach(error => lastErrorsSet.add(error));
+            }
+        }
+
+        // After first check, mark as no longer initial
+        isInitialCheck = false;
+    } catch (error) {
+        console.error('Error checking for critical messages:', error);
+    }
+}
+
+// Start polling for errors at regular intervals
+function startErrorPolling() {
+    if (errorPollTimer) {
+        clearInterval(errorPollTimer);
+    }
+
+    // Reset initial check flag to make sure we show errors
+    isInitialCheck = false;
+
+    // Immediately check for errors on start
+    checkForCriticalErrors();
+
+    // Then set up periodic checks
+    errorPollTimer = setInterval(checkForCriticalErrors, constants.ERROR_POLL_INTERVAL);
+}
+
+// Stop polling for errors
+function stopErrorPolling() {
+    if (errorPollTimer) {
+        clearInterval(errorPollTimer);
+        errorPollTimer = null;
+    }
+}
+
+return baseclass.extend({
+    startErrorPolling,
+    stopErrorPolling,
+    checkForCriticalErrors,
+    safeExec
+}); 

luci-app-podkop/po/ru/podkop.po

@@ -232,6 +232,9 @@ msgstr "Неверный формат URL. URL должен начинаться
 msgid "Invalid format. Use format: X.X.X.X or X.X.X.X/Y"
 msgstr "Неверный формат. Используйте формат: X.X.X.X или X.X.X.X/Y"
 
+msgid "IP address 0.0.0.0 is not allowed"
+msgstr "IP адрес не может быть 0.0.0.0"
+
 msgid "IP address parts must be between 0 and 255"
 msgstr "Части IP-адреса должны быть между 0 и 255"
 
@@ -745,10 +748,10 @@ msgstr "Проверка FakeIP через CLI"
 msgid "FakeIP CLI Check Results"
 msgstr "Результаты проверки FakeIP через CLI"
 
-msgid "not works in browser"
+msgid "does not work in browser"
 msgstr "не работает в браузере"
 
-msgid "not works on router"
+msgid "does not work on router"
 msgstr "не работает на роутере"
 
 msgid "Diagnostics"
@@ -819,3 +822,78 @@ msgstr "недоступен"
 
 msgid "Apply for SS2022"
 msgstr "Применить для SS2022"
+
+msgid "PODKOP CONFIGURATION"
+msgstr "КОНФИГУРАЦИЯ PODKOP"
+
+msgid "FAKEIP ROUTER TEST"
+msgstr "ПРОВЕРКА FAKEIP НА РОУТЕРЕ"
+
+msgid "FAKEIP BROWSER TEST"
+msgstr "ПРОВЕРКА FAKEIP В БРАУЗЕРЕ"
+
+msgid "FakeIP is working correctly on router (198.18.x.x)"
+msgstr "FakeIP работает корректно на роутере (198.18.x.x)"
+
+msgid "Click here for all the info"
+msgstr "Нажмите для просмотра всей информации"
+
+msgid "Check DNS server on current device (PC, phone)"
+msgstr "Проверьте DNS сервер на текущем устройстве (ПК, телефон)"
+
+msgid "Its must be router!"
+msgstr "Это должен быть роутер!"
+
+msgid "Global check"
+msgstr "Глобальная проверка"
+
+msgid "Starting lists update..."
+msgstr "Начало обновления списков..."
+
+msgid "DNS check passed"
+msgstr "Проверка DNS пройдена"
+
+msgid "DNS check failed after 60 attempts"
+msgstr "Проверка DNS не удалась после 60 попыток"
+
+msgid "GitHub connection check passed"
+msgstr "Проверка подключения к GitHub пройдена"
+
+msgid "GitHub connection check passed (via proxy)"
+msgstr "Проверка подключения к GitHub пройдена (через прокси)"
+
+msgid "GitHub connection check failed after 60 attempts"
+msgstr "Проверка подключения к GitHub не удалась после 60 попыток"
+
+msgid "Downloading and processing lists..."
+msgstr "Загрузка и обработка списков..."
+
+msgid "Lists update completed successfully"
+msgstr "Обновление списков успешно завершено"
+
+msgid "Lists update failed"
+msgstr "Обновление списков не удалось"
+
+msgid "Error: "
+msgstr "Ошибка: "
+
+msgid "Interface monitoring"
+msgstr "Мониторинг интерфейсов"
+
+msgid "Interface monitoring for bad WAN"
+msgstr "Мониторинг интерфейсов для плохого WAN"
+
+msgid "Interface for monitoring"
+msgstr "Интерфейс для мониторинга"
+
+msgid "Select the WAN interfaces to be monitored"
+msgstr "Выберите WAN интерфейсы для мониторинга"
+
+msgid "Interface Monitoring Delay"
+msgstr "Задержка при мониторинге интерфейсов"
+
+msgid "Delay in milliseconds before reloading podkop after interface UP"
+msgstr "Задержка в миллисекундах перед перезагрузкой podkop после поднятия интерфейса"
+
+msgid "Delay value cannot be empty"
+msgstr "Значение не может быть пустым"

luci-app-podkop/po/templates/podkop.pot

@@ -232,6 +232,9 @@ msgstr ""
 msgid "Invalid format. Use format: X.X.X.X or X.X.X.X/Y"
 msgstr ""
 
+msgid "IP address 0.0.0.0 is not allowed"
+msgstr ""
+
 msgid "IP address parts must be between 0 and 255"
 msgstr ""
 
@@ -1096,10 +1099,10 @@ msgstr ""
 msgid "FakeIP CLI Check Results"
 msgstr ""
 
-msgid "not works in browser"
+msgid "does not work in browser"
 msgstr ""
 
-msgid "not works on router"
+msgid "does not work on router"
 msgstr ""
 
 msgid "Diagnostics"
@@ -1170,3 +1173,81 @@ msgstr ""
 
 msgid "unavailable"
 msgstr ""
+
+msgid "PODKOP CONFIGURATION"
+msgstr ""
+
+msgid "FAKEIP ROUTER TEST"
+msgstr ""
+
+msgid "FAKEIP BROWSER TEST"
+msgstr ""
+
+msgid "FakeIP is working correctly on router (198.18.x.x)"
+msgstr ""
+
+msgid "Click here for all the info"
+msgstr ""
+
+msgid "Check DNS server on current device (PC, phone)"
+msgstr ""
+
+msgid "Its must be router!"
+msgstr ""
+
+msgid "Global check"
+msgstr ""
+
+msgid "Starting lists update..."
+msgstr ""
+
+msgid "DNS check passed"
+msgstr ""
+
+msgid "DNS check failed after 60 attempts"
+msgstr ""
+
+msgid "GitHub connection check passed"
+msgstr ""
+
+msgid "GitHub connection check passed (via proxy)"
+msgstr ""
+
+msgid "GitHub connection check failed after 60 attempts"
+msgstr ""
+
+msgid "Downloading and processing lists..."
+msgstr ""
+
+msgid "Lists update completed successfully"
+msgstr ""
+
+msgid "Lists update failed"
+msgstr ""
+
+msgid "Loading..."
+msgstr ""
+
+msgid "Error: "
+msgstr ""
+
+msgid "Interface monitoring"
+msgstr ""
+
+msgid "Interface monitoring for bad WAN"
+msgstr ""
+
+msgid "Interface for monitoring"
+msgstr ""
+
+msgid "Select the WAN interfaces to be monitored"
+msgstr ""
+
+msgid "Interface Monitoring Delay"
+msgstr ""
+
+msgid "Delay in milliseconds before reloading podkop after interface UP"
+msgstr ""
+
+msgid "Delay value cannot be empty"
+msgstr ""

podkop/Makefile

@@ -1,7 +1,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=podkop
-PKG_VERSION:=0.3.36
+
+PKG_VERSION := $(if $(PKG_VERSION),$(PKG_VERSION),dev_$(shell date +%d%m%Y))
+
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=ITDog <podkop@itdog.info>
@@ -13,8 +15,9 @@ define Package/podkop
 	SECTION:=net
 	CATEGORY:=Network
 	DEPENDS:=+sing-box +curl +jq +kmod-nft-tproxy +coreutils-base64
+	CONFLICTS:=https-dns-proxy nextdns luci-app-passwall luci-app-passwall2
 	TITLE:=Domain routing app
-	URL:=https://itdog.info
+	URL:=https://podkop.net
 	PKGARCH:=all
 endef
 

podkop/files/etc/config/podkop

@@ -21,8 +21,6 @@ config main 'main'
 	#list custom_download_subnets ''
 	option all_traffic_from_ip_enabled '0'
 	#list all_traffic_ip ''
-	option delist_domains_enabled '0'
-	#list delist_domains ''
 	option exclude_from_ip_enabled '0'
 	#list exclude_traffic_ip ''
 	option yacd '0'
@@ -31,10 +29,16 @@ config main 'main'
 	option quic_disable '0'
 	option dont_touch_dhcp '0'
 	option update_interval '1d'
-	option dns_type 'doh'
+	option dns_type 'udp'
 	option dns_server '8.8.8.8'
+	option split_dns_enabled '1'
+	option split_dns_type 'udp'
+	option split_dns_server '1.1.1.1'
 	option dns_rewrite_ttl '60'
 	option cache_file '/tmp/cache.db'
 	list iface 'br-lan'
-	list restart_ifaces 'wan'
+	option mon_restart_ifaces '0'
+	#list restart_ifaces 'wan'
+	option procd_reload_delay '2000'
 	option ss_uot '0'
+	option detour '0'

podkop/files/etc/init.d/podkop

@@ -10,11 +10,12 @@ config_load "$NAME"
 start_service() {
     echo "Start podkop"
 
+	config_get mon_restart_ifaces "main" "mon_restart_ifaces"
 	config_get restart_ifaces "main" "restart_ifaces"
 
 	procd_open_instance
 	procd_set_param command /usr/bin/podkop start
-	[ -z "$restart_ifaces" ] || procd_set_param netdev $restart_ifaces
+	[ "$mon_restart_ifaces" = "1" ] && [ -n "$restart_ifaces" ] && procd_set_param netdev $restart_ifaces
 	procd_set_param stdout 1
 	procd_set_param stderr 1
 	procd_close_instance
@@ -31,12 +32,19 @@ reload_service() {
 service_triggers() {
     echo "service_triggers start"
 
-    config_get restart_ifaces "main" "restart_ifaces"
-	procd_open_trigger
-		procd_add_config_trigger "config.change" "$NAME" "$initscript" reload 'on_config_change'
+	config_get mon_restart_ifaces "main" "mon_restart_ifaces"
+	config_get restart_ifaces "main" "restart_ifaces"
+	config_get procd_reload_delay "main" "procd_reload_delay" "2000"
 
-		for iface in $restart_ifaces; do
-			procd_add_reload_interface_trigger $iface
-		done
+    PROCD_RELOAD_DELAY=$procd_reload_delay
+
+	procd_open_trigger
+		procd_add_config_trigger "config.change" "$NAME" "$initscript" restart 'on_config_change'
+
+        if [ "$mon_restart_ifaces" = "1" ]; then
+			for iface in $restart_ifaces; do
+            	procd_add_interface_trigger "interface.*.up" "$iface" /etc/init.d/podkop reload
+			done
+		fi
 	procd_close_trigger
 }