Merge pull request #171 from itdoginfo/fix

Fix
fix: revert changes from issue #148
2025-12-06 11:36:50 +03:00 · 2025-09-17 19:17:58 +03:00 · 2025-09-17 21:14:57 +05:00 · 2025-09-17 21:09:03 +05:00 · 2025-09-17 13:04:32 +03:00 · 2025-09-17 13:31:00 +05:00
29 changed files with 3909 additions and 2194 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,74 @@
+---
+name: 🐛 Сообщение об ошибке
+description: Создавайте только, если проблема точно не на вашей стороне.
+title: "[BUG] "
+labels: ["bug"]
+assignees: []
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Спасибо за создание отчета об ошибке!
+        
+        Перед отправкой, пожалуйста:
+        - Проверьте [существующие issues](https://github.com/itdoginfo/podkop/issues)
+        - Просмотрите [документацию](https://podkop.net)
+
+  - type: textarea
+    id: description
+    attributes:
+      label: 📝 Описание проблемы
+      description: Четкое и краткое описание того, что не работает
+      placeholder: Опишите проблему
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduction
+    attributes:
+      label: Шаги для воспроизведения
+      description: Шаги для воспроизведения проблемы. Если вы настраваете что-то по мануалу, приложите ссылку на него.
+      placeholder: |
+        1. 
+        2. 
+        3. 
+        4. 
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: ✅ Ожидаемое поведение
+      description: Четкое и краткое описание того, что должно было произойти
+      placeholder: Опишите ожидаемое поведение
+    validations:
+      required: true
+
+  - type: textarea
+    id: environment
+    attributes:
+      label: 🖥️ Информация о системе
+      description: |
+        Информация о вашей системе (заполните всё применимое)
+      value: |
+        - **OpenWrt версия**: 
+        - **Podkop версия**: 
+        - **Роутер модель**: 
+        - **Sing-box версия**: 
+      render: markdown
+    validations:
+      required: true
+
+  - type: textarea
+    id: config
+    attributes:
+      label: ⚙️ Конфигурация
+      description: |
+        Релевантные части конфигурации (удалите чувствительную информацию!)
+      placeholder: |
+        Например:
+        - Содержимое /etc/config/podkop
+        - Конфигурация sing-box (если релевантно)
+        - Дополнительные конфиги, которые потребуются wireless/network/dhcp и т.д.
+      render: shell
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: 💬 Если у вас что-то не работает, прежде всего прочитайте README проекта
+    url: https://github.com/itdoginfo/podkop
+    about: README проекта
+  - name: 📚 Если вы не нашли в README документацию, то вот ссылка на неё
+    url: https://podkop.net
+    about: Официальная документация PodKop
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -0,0 +1,68 @@
+---
+name: ✨ Запрос новой функции
+description: Предложите новую функцию или улучшение для Podkop
+title: "[FEATURE] "
+labels: ["enhancement", "needs-discussion"]
+assignees: []
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Спасибо за предложение новой функции!
+        
+        Перед отправкой, пожалуйста:
+        - Проверьте [существующие запросы](https://github.com/itdoginfo/podkop/issues?q=is%3Aissue+label%3Aenhancement)
+        - Убедитесь, что функции не существует в [документации](https://podkop.net)
+
+  - type: textarea
+    id: summary
+    attributes:
+      label: Краткое описание
+      description: Краткое описание предлагаемой функции
+      placeholder: В одном предложении опишите, что вы хотите добавить...
+    validations:
+      required: true
+
+  - type: textarea
+    id: problem
+    attributes:
+      label: Проблема, которую решает
+      description: |
+        Описание проблемы или неудобства, которое решит эта функция
+      placeholder: |
+        Сейчас нет возможности [...]
+    validations:
+      required: true
+
+  - type: textarea
+    id: solution
+    attributes:
+      label: 💡 Предлагаемое решение
+      description: Четкое и краткое описание того, что вы хотите реализовать
+      placeholder: |
+        Я хочу, чтобы Podkop мог [...]
+        Предлагаю добавить функцию, которая [...]
+        Можно было бы улучшить [...] путем [...]
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Workaround
+      description: |
+        Опишите альтернативные решения или функции, которые вы рассматривали
+        Есть ли обходные пути, которые вы используете сейчас?
+      placeholder: |
+        Сейчас я решаю это проблему путем [...]
+        Альтернативой могло бы быть [...]
+        Пробовал использовать [...], но это не подходит потому что [...]
+
+  - type: textarea
+    id: implementation
+    attributes:
+      label: Идеи реализации (опционально)
+      description: |
+        Если у вас есть идеи о том, как это можно реализовать, поделитесь ими. Помните про ограничения LuCI.
+      placeholder: |
+        Это можно реализовать с помощью [...]
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -0,0 +1,12 @@
+# Описание изменений
+
+Краткое описание ваших изменений и их цель.
+
+## Что изменено
+
+Детальное описание изменений:
+- 
+- 
+- 
+
+(Этим вы экономите время ревьювера)
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -10,28 +10,22 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.2.1
+        with:
+          fetch-depth: 0

-      - name: Check version match
+      - name: Extract version
+        id: version
        run: |
-          PODKOP_VERSION=$(grep '^PKG_VERSION:=' podkop/Makefile | cut -d '=' -f 2)
-          LUCI_APP_PODKOP_VERSION=$(grep '^PKG_VERSION:=' luci-app-podkop/Makefile | cut -d '=' -f 2)
-
-          TAG_VERSION=${GITHUB_REF#refs/tags/v}
-
-          echo "Podkop version: $PODKOP_VERSION"
-          echo "Luci-app-podkop version: $LUCI_APP_PODKOP_VERSION"
-          echo "Tag version: $TAG_VERSION"
-
-          if [ "$PODKOP_VERSION" != "$TAG_VERSION" ] || [ "$LUCI_APP_PODKOP_VERSION" != "$TAG_VERSION" ]; then
-            echo "Error: Version mismatch"
-            exit 1
-          fi
+          VERSION=$(git describe --tags --exact-match 2>/dev/null || echo "dev_$(date +%d%m%Y)")
+          echo "version=$VERSION" >> $GITHUB_OUTPUT

      - name: Build and push
        uses: docker/build-push-action@v6.9.0
        with:
          context: .
          tags: podkop:ci
+          build-args: |
+            PKG_VERSION=${{ steps.version.outputs.version }}

      - name: Create Docker container
        run: docker create --name podkop podkop:ci
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+.idea
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 FROM itdoginfo/openwrt-sdk:24.10.1

+ARG PKG_VERSION
+ENV PKG_VERSION=${PKG_VERSION}
+
 COPY ./podkop /builder/package/feeds/utilites/podkop
 COPY ./luci-app-podkop /builder/package/feeds/luci/luci-app-podkop

--- a/README.md
+++ b/README.md
@@ -2,14 +2,15 @@

 - Это бета-версия, которая находится в активной разработке. Из версии в версию что-то может меняться.
 - При возникновении проблем, нужен технически грамотный фидбэк в чат.
- При обновлении **обязательно** [сбрасывайте кэш LuCI](https://podkop.net/docs/clearbrowsercache/).
+- При обновлении **обязательно** [сбрасывайте кэш LuCI](https://podkop.net/docs/clear-browser-cache/).
 - Также при обновлении всегда заходите в конфигурацию и проверяйте свои настройки. Конфигурация может измениться.
- Необходимо минимум 15МБ свободного места на роутере. Роутеры с флешками на 16МБ сразу мимо.
+- Необходимо минимум 25МБ свободного места на роутере. Роутеры с флешками на 16МБ сразу мимо.
 - При старте программы редактируется конфиг Dnsmasq.
 - Podkop редактирует конфиг sing-box. Обязательно сохраните ваш конфиг sing-box перед установкой, если он вам нужен.
 - Информация здесь может быть устаревшей. Все изменения фиксируются в [телеграм-чате](https://t.me/itdogchat/81758/420321).
 - [Если у вас не что-то не работает.](https://podkop.net/docs/diagnostics/)
 - Если у вас установлен Getdomains, [его следует удалить](https://github.com/itdoginfo/domain-routing-openwrt?tab=readme-ov-file#%D1%81%D0%BA%D1%80%D0%B8%D0%BF%D1%82-%D0%B4%D0%BB%D1%8F-%D1%83%D0%B4%D0%B0%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F).
+- Требуется версия OpenWrt 24.10.

 # Документация
 https://podkop.net/
@@ -17,43 +18,38 @@ https://podkop.net/
 # Установка Podkop
 Полная информация в [документации](https://podkop.net/docs/install/)

-Вкратце, достаточно одного скрипта для установки:
+Вкратце, достаточно одного скрипта для установки и обновления:
 ```
 sh <(wget -O - https://raw.githubusercontent.com/itdoginfo/podkop/refs/heads/main/install.sh)
 ```

-Для обновления:
-```
-sh <(wget -qO- https://raw.githubusercontent.com/itdoginfo/podkop/refs/heads/main/install.sh) --upgrade
-```
-
 # ToDo
 Этот раздел не означает задачи, которые нужно брать и делать. Это общий список хотелок. Если вы хотите помочь, пожалуйста, спросите сначала в телеграмме.

 Основные задачи в issues.

 ## Рефактор
- [ ] Очевидные повторения в `/usr/bin/podkop` загнать в переменые
- [ ] Возможно поменять структуру
+- [x] Очевидные повторения в `/usr/bin/podkop` загнать в переменые
+- [x] Возможно поменять структуру

 ## Списки
- [ ] Speedtest
- [x] Google AI
- [x] Google PlayMarket. Здесь уточнить, что точно не работает через корректную настройку FakeIP, а не dnsmasq+nft.
- [x] Hetzner ASN (AS24940)
- [x] OVH ASN (AS16276)
+- [x] CloudFront
+- [x] DO 
+- [x] HODCA

 ## Будущее
- [ ] После наполнения вики про туннели, убрать всё что связано с их установкой из скрипта. Только с AWG что-то решить, лучше чтоб был скрипт в сторонем репозитории. 
- [ ] Подписка. Здесь нужна реализация, чтоб для каждой секции помимо ручного выбора, был выбор фильтрации по тегу. Например, для main выбираем ключевые слова NL, DE, FI. А для extra секции фильтруем по RU. И создаётся outbound c urltest в которых перечислены outbound из фильтров.
- [ ] Опция, когда все запросы (с роутера в первую очередь), а не только br-lan идут в прокси. С этим связана #95. Требуется много переделать для nftables.
+- [ ] [Подписка](https://github.com/itdoginfo/podkop/issues/118). Здесь нужна реализация, чтоб для каждой секции помимо ручного выбора, был выбор фильтрации по тегу. Например, для main выбираем ключевые слова NL, DE, FI. А для extra секции фильтруем по RU. И создаётся outbound c urltest в которых перечислены outbound из фильтров.
+- [x] Опция, когда все запросы (с роутера в первую очередь), а не только br-lan идут в прокси. С этим связана #95. Требуется много переделать для nftables.
 - [ ] Весь трафик в Proxy\VPN. Вопрос, что делать с экстрасекциями в этом случае. FakeIP здесь скорее не нужен, а значит только main секция остаётся. Всё что касается fakeip проверок, придётся выключать в этом режиме.
- [ ] Поддержка Source format. Нужна расшифровка в json и если присуствуют подсети, заносить их в custom subnet nftset.
- [ ] Переделывание функции формирования кастомных списков в JSON. Обрабатывать сразу скопом, а не по одному.
- [ ] При успешном запуске переходит в фоновый режим и следит за состоянием sing-box. Если вдруг идёт exit 1, выполняется dnsmasq restore и снова следит за состоянием. Вопрос в том, как это искусcтвенно провернуть. Попробовать положить прокси и посмотреть, останется ли работать DNS в этом случае. И здесь, вероятно, можно обойтись триггером в init.d.
+- [x] Поддержка Source format. Нужна расшифровка в json и если присуствуют подсети, заносить их в custom subnet nftset.
+- [x] Переделывание функции формирования кастомных списков в JSON. Обрабатывать сразу скопом, а не по одному.
+- [ ] При успешном запуске переходит в фоновый режим и следит за состоянием sing-box. Если вдруг идёт exit 1, выполняется dnsmasq restore и снова следит за состоянием. Вопрос в том, как это искусcтвенно провернуть. Попробовать положить прокси и посмотреть, останется ли работать DNS в этом случае. И здесь, вероятно, можно обойтись триггером в init.d. [Issue](https://github.com/itdoginfo/podkop/issues/111)
+- [x] Формирование конфига sing-box в /tmp
 - [ ] Галочка, которая режет доступ к doh серверам.
 - [ ] IPv6. Только после наполнения Wiki.

 ## Тесты
 - [ ] Unit тесты (BATS)
- [ ] Интеграционые тесты бекенда (OpenWrt rootfs + BATS)
+- [ ] Интеграционые тесты бекенда (OpenWrt rootfs + BATS)
+
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/itdoginfo/podkop)
--- a/String-example.md
+++ b/String-example.md
@@ -20,11 +20,11 @@ ss://MjAyMi1ibGFrZTMtYWVzLTEyOC1nY206Y21lZklCdDhwMTJaZm1QWUplMnNCNThRd3R3NXNKeVp

 ## Reality
 ```
-vless://eb445f4b-ddb4-4c79-86d5-0833fc674379@example.com:443?type=tcp&security=reality&pbk=ARQzddtXPJZHinwkPbgVpah9uwPTuzdjU9GpbUkQJkc&fp=chrome&sni=yahoo.com&sid=6cabf01472a3&spx=%2F&flow=xtls-rprx-vision#vless-reality
+vless://8100b6eb-3fd1-4e73-8ccf-b4ac961232d6@example.com:443?type=tcp&security=reality&pbk=ARQzddtXPJZHinwkPbgVpah9uwPTuzdjU9GpbUkQJkc&fp=chrome&sni=sni.server.com&sid=6cabf01472a3&spx=%2F&flow=xtls-rprx-vision#vless-reality
 ```

 ```
-vless://UUID@IP:2082?security=reality&sni=dash.cloudflare.com&alpn=h2,http/1.1&allowInsecure=1&fp=chrome&pbk=pukkey&sid=id&type=grpc&encryption=none#vless-reality-strange
+vless://8100b6eb-3fd1-4e73-8ccf-b4ac961232d6@123.123.123.123:2082?security=reality&sni=sni.server.com&alpn=h2,http/1.1&allowInsecure=1&fp=chrome&pbk=ARQzddtXPJZHinwkPbgVpah9uwPTuzdjU9GpbUkQJkc&sid=6cabf01472a3&type=grpc&encryption=none#vless-reality-strange
 ```

 ## TLS
@@ -35,29 +35,34 @@ vless://8100b6eb-3fd1-4e73-8ccf-b4ac961232d6@example.com:443?type=tcp&security=t

 2.
 ```
-vless://8b60389a-7a01-4365-9244-c87f12bb98cf@example.com:443?security=tls&sni=SITE&fp=chrome&type=tcp&flow=xtls-rprx-vision&encryption=none#vless-tls-withot-alpn
+vless://8100b6eb-3fd1-4e73-8ccf-b4ac961232d6@example.com:443?security=tls&sni=sni.server.com&fp=chrome&type=tcp&flow=xtls-rprx-vision&encryption=none#vless-tls-withot-alpn
 ```
 3. 
 ```
-vless://8b60389a-7a01-4365-9244-c87f12bb98cf@example.com:443/?type=ws&encryption=none&path=%2Fwebsocket&security=tls&sni=sni.server.com&fp=chrome#vless-tls-ws
+vless://8100b6eb-3fd1-4e73-8ccf-b4ac961232d6@example.com:443/?type=ws&encryption=none&path=%2Fwebsocket&security=tls&sni=sni.server.com&fp=chrome#vless-tls-ws
 ```

 4.
 ```
-vless://[someid]@[someserver]?security=tls&sni=[somesni]&type=ws&path=/?ed%3D2560&host=[somesni]&encryption=none#vless-tls-ws-2
+vless://8100b6eb-3fd1-4e73-8ccf-b4ac961232d6@example.com:443?security=tls&sni=sni.server.com&type=ws&path=/?ed%3D2560&host=sni.server.com&encryption=none#vless-tls-ws-2
 ```

 5.
 ```
-vless://uuid@server:443?security=tls&sni=server&fp=chrome&type=ws&path=/websocket&encryption=none#vless-tls-ws-3
+vless://8100b6eb-3fd1-4e73-8ccf-b4ac961232d6@example.com:443?security=tls&sni=sni.server.com&fp=chrome&type=ws&path=/websocket&encryption=none#vless-tls-ws-3
 ```

 6.
 ```
-vless://33333@example.com:443/?type=ws&encryption=none&path=%2Fwebsocket&security=tls&sni=example.com&fp=chrome#vless-tls-ws-4
+vless://8100b6eb-3fd1-4e73-8ccf-b4ac961232d6@example.com:443/?type=ws&encryption=none&path=%2Fwebsocket&security=tls&sni=sni.server.com&fp=chrome#vless-tls-ws-4
+```
+
+7.
+```
+vless://8100b6eb-3fd1-4e73-8ccf-b4ac961232d6@sub.example.com:443?type=ws&path=%2Fdir%2Fpath&host=sub.example.com&security=tls#configname
 ```

 ## No security
 ```
-vless://8b60389a-7a01-4365-9244-c87f12bb98cf@example.com:443?type=tcp&security=none#vless-tls-no-encrypt
+vless://8100b6eb-3fd1-4e73-8ccf-b4ac961232d6@example.com:443?type=tcp&security=none#vless-tls-no-encrypt
 ```
--- a/install.sh
+++ b/install.sh
@@ -1,66 +1,35 @@
 #!/bin/sh

 REPO="https://api.github.com/repos/itdoginfo/podkop/releases/latest"
-
-IS_SHOULD_RESTART_NETWORK=
 DOWNLOAD_DIR="/tmp/podkop"
 COUNT=3
-UPGRADE=0

 rm -rf "$DOWNLOAD_DIR"
 mkdir -p "$DOWNLOAD_DIR"

-for arg in "$@"; do
-    if [ "$arg" = "--upgrade" ]; then
-        UPGRADE=1
-    fi
-done
+msg() {
+    printf "\033[32;1m%s\033[0m\n" "$1"
+}

 main() {
    check_system
    sing_box
-    
-    opkg update
+
+    /usr/sbin/ntpd -q -p 194.190.168.1 -p 216.239.35.0 -p 216.239.35.4 -p 162.159.200.1 -p 162.159.200.123
+
+    opkg update || { echo "opkg update failed"; exit 1; }
  
    if [ -f "/etc/init.d/podkop" ]; then
-        if [ "$UPGRADE" -eq 1 ]; then
-            echo "Upgraded podkop with flag..."
-            break
-        else
-            printf "\033[32;1mPodkop is already installed. Just upgrade it?\033[0m\n"
-            printf "\033[32;1my - Only upgrade podkop\033[0m\n"
-            printf "\033[32;1mn - Upgrade and install tunnels (WG, AWG, OpenVPN, OC)\033[0m\n"
-
-            while true; do
-                printf "\033[32;1mEnter (y/n): \033[0m"
-                read -r -p '' UPDATE
-                case $UPDATE in
-                y)
-                    echo "Upgraded podkop..."
-                    break
-                    ;;
-
-                n)
-                    add_tunnel
-                    break
-                    ;;
-
-                *)
-                    echo "Please enter y or n"
-                    ;;
-                esac
-            done
-        fi
+        msg "Podkop is already installed. Upgraded..."
    else
-        echo "Installed podkop..."
-        add_tunnel
+        msg "Installed podkop..."
    fi
    
    if command -v curl &> /dev/null; then
        check_response=$(curl -s "https://api.github.com/repos/itdoginfo/podkop/releases/latest")

        if echo "$check_response" | grep -q 'API rate limit '; then
-            echo "You've reached rate limit from GitHub. Repeat in five minutes."
+            msg "You've reached rate limit from GitHub. Repeat in five minutes."
            exit 1
        fi
    fi
@@ -72,33 +41,33 @@ main() {
               
        attempt=0
        while [ $attempt -lt $COUNT ]; do
-            echo "Download $filename (count $((attempt+1)))..."
+            msg "Download $filename (count $((attempt+1)))..."
            if wget -q -O "$filepath" "$url"; then
                if [ -s "$filepath" ]; then
-                    echo "$filename successfully downloaded"
+                    msg "$filename successfully downloaded"
                    download_success=1
                    break
                fi
            fi
-            echo "Download error $filename. Retry..."
+            msg "Download error $filename. Retry..."
            rm -f "$filepath"
            attempt=$((attempt+1))
        done
        
        if [ $attempt -eq $COUNT ]; then
-            echo "Failed to download $filename after $COUNT attempts"
+            msg "Failed to download $filename after $COUNT attempts"
        fi
    done < <(wget -qO- "$REPO" | grep -o 'https://[^"[:space:]]*\.ipk')
    
    if [ $download_success -eq 0 ]; then
-        echo "No packages were downloaded successfully"
+        msg "No packages were downloaded successfully"
        exit 1
    fi
    
    for pkg in podkop luci-app-podkop; do
        file=$(ls "$DOWNLOAD_DIR" | grep "^$pkg" | head -n 1)
        if [ -n "$file" ]; then
-            echo "Installing $file"
+            msg "Installing $file"
            opkg install "$DOWNLOAD_DIR/$file"
            sleep 3
        fi
@@ -106,341 +75,66 @@ main() {

    ru=$(ls "$DOWNLOAD_DIR" | grep "luci-i18n-podkop-ru" | head -n 1)
    if [ -n "$ru" ]; then
-        printf "\033[32;1mРусский язык интерфейса ставим? y/n (Need a Russian translation?)\033[0m "
-        while true; do
-            read -r -p '' RUS
-            case $RUS in
-            y)
+        if opkg list-installed | grep -q luci-i18n-podkop-ru; then
+                msg "Upgraded ru translation..."
                opkg remove luci-i18n-podkop*
                opkg install "$DOWNLOAD_DIR/$ru"
-                break
-                ;;
-            n)
-                break
-                ;;
-            *)
-                echo "Введите y или n"
-                ;;
-            esac
-        done
+        else
+            msg "Русский язык интерфейса ставим? y/n (Need a Russian translation?)"
+            while true; do
+                read -r -p '' RUS
+                case $RUS in
+                y)
+                    opkg remove luci-i18n-podkop*
+                    opkg install "$DOWNLOAD_DIR/$ru"
+                    break
+                    ;;
+                n)
+                    break
+                    ;;
+                *)
+                    echo "Введите y или n"
+                    ;;
+                esac
+            done
+        fi
    fi

    find "$DOWNLOAD_DIR" -type f -name '*podkop*' -exec rm {} \;
-
-    if [ "$IS_SHOULD_RESTART_NETWORK" ]; then
-        printf "\033[32;1mRestart network\033[0m\n"
-        /etc/init.d/network restart
-    fi
-}
-
-add_tunnel() {
-    printf "\033[32;1mWill you be using Wireguard, AmneziaWG, OpenVPN, OpenConnect? If yes, select a number and they will be automatically installed\033[0m\n"
-    echo "1) Wireguard"
-    echo "2) AmneziaWG"
-    echo "3) OpenVPN"
-    echo "4) OpenConnect"
-    echo "5) I use VLESS/SS. Skip this step"
-
-    while true; do
-        read -r -p '' TUNNEL
-        case $TUNNEL in
-
-        1)
-            opkg install wireguard-tools luci-proto-wireguard luci-app-wireguard
-
-            printf "\033[32;1mDo you want to configure the wireguard interface? (y/n): \033[0m\n"
-            read IS_SHOULD_CONFIGURE_WG_INTERFACE
-
-            if [ "$IS_SHOULD_CONFIGURE_WG_INTERFACE" = "y" ] || [ "$IS_SHOULD_CONFIGURE_WG_INTERFACE" = "Y" ]; then
-                wg_awg_setup Wireguard
-            else
-            printf "\e[1;32mUse these instructions to manual configure https://itdog.info/nastrojka-klienta-wireguard-na-openwrt/\e[0m\n"
-            fi
-
-            break
-            ;;
-
-        2)
-            install_awg_packages
-
-            printf "\033[32;1mThere are no instructions for manual configure yet. Do you want to configure the amneziawg interface? (y/n): \033[0m\n"
-            read IS_SHOULD_CONFIGURE_WG_INTERFACE
-
-            if [ "$IS_SHOULD_CONFIGURE_WG_INTERFACE" = "y" ] || [ "$IS_SHOULD_CONFIGURE_WG_INTERFACE" = "Y" ]; then
-                wg_awg_setup AmneziaWG
-            fi
-
-            break
-            ;;
-
-        3)
-            opkg install openvpn-openssl luci-app-openvpn
-            printf "\e[1;32mUse these instructions to configure https://itdog.info/nastrojka-klienta-openvpn-na-openwrt/\e[0m\n"
-            break
-            ;;
-
-        4)
-            opkg install openconnect luci-proto-openconnect
-            printf "\e[1;32mUse these instructions to configure https://itdog.info/nastrojka-klienta-openconnect-na-openwrt/\e[0m\n"
-            break
-            ;;
-
-        5)
-            echo "Installation without additional dependencies."
-            break
-            ;;
-
-        *)
-            echo "Choose from the following options"
-            ;;
-        esac
-    done
-}
-
-handler_network_restart() {
-    IS_SHOULD_RESTART_NETWORK=true
-}
-
-install_awg_packages() {
-    # Получение pkgarch с наибольшим приоритетом
-    PKGARCH=$(opkg print-architecture | awk 'BEGIN {max=0} {if ($3 > max) {max = $3; arch = $2}} END {print arch}')
-
-    TARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 1)
-    SUBTARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 2)
-    VERSION=$(ubus call system board | jsonfilter -e '@.release.version')
-    PKGPOSTFIX="_v${VERSION}_${PKGARCH}_${TARGET}_${SUBTARGET}.ipk"
-    BASE_URL="https://github.com/Slava-Shchipunov/awg-openwrt/releases/download/"
-
-    AWG_DIR="/tmp/amneziawg"
-    mkdir -p "$AWG_DIR"
-    
-    if opkg list-installed | grep -q kmod-amneziawg; then
-        echo "kmod-amneziawg already installed"
-    else
-        KMOD_AMNEZIAWG_FILENAME="kmod-amneziawg${PKGPOSTFIX}"
-        DOWNLOAD_URL="${BASE_URL}v${VERSION}/${KMOD_AMNEZIAWG_FILENAME}"
-        wget -O "$AWG_DIR/$KMOD_AMNEZIAWG_FILENAME" "$DOWNLOAD_URL"
-
-        if [ $? -eq 0 ]; then
-            echo "kmod-amneziawg file downloaded successfully"
-        else
-            echo "Error downloading kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
-            exit 1
-        fi
-        
-        opkg install "$AWG_DIR/$KMOD_AMNEZIAWG_FILENAME"
-
-        if [ $? -eq 0 ]; then
-            echo "kmod-amneziawg file downloaded successfully"
-        else
-            echo "Error installing kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
-            exit 1
-        fi
-    fi
-
-    if opkg list-installed | grep -q amneziawg-tools; then
-        echo "amneziawg-tools already installed"
-    else
-        AMNEZIAWG_TOOLS_FILENAME="amneziawg-tools${PKGPOSTFIX}"
-        DOWNLOAD_URL="${BASE_URL}v${VERSION}/${AMNEZIAWG_TOOLS_FILENAME}"
-        wget -O "$AWG_DIR/$AMNEZIAWG_TOOLS_FILENAME" "$DOWNLOAD_URL"
-
-        if [ $? -eq 0 ]; then
-            echo "amneziawg-tools file downloaded successfully"
-        else
-            echo "Error downloading amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
-            exit 1
-        fi
-
-        opkg install "$AWG_DIR/$AMNEZIAWG_TOOLS_FILENAME"
-
-        if [ $? -eq 0 ]; then
-            echo "amneziawg-tools file downloaded successfully"
-        else
-            echo "Error installing amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
-            exit 1
-        fi
-    fi
-    
-    if opkg list-installed | grep -qE 'luci-app-amneziawg|luci-proto-amneziawg'; then
-        echo "luci-app-amneziawg or luci-proto-amneziawg already installed"
-    else
-        LUCI_APP_AMNEZIAWG_FILENAME="luci-app-amneziawg${PKGPOSTFIX}"
-        DOWNLOAD_URL="${BASE_URL}v${VERSION}/${LUCI_APP_AMNEZIAWG_FILENAME}"
-        wget -O "$AWG_DIR/$LUCI_APP_AMNEZIAWG_FILENAME" "$DOWNLOAD_URL"
-
-        if [ $? -eq 0 ]; then
-            echo "luci-app-amneziawg file downloaded successfully"
-        else
-            echo "Error downloading luci-app-amneziawg. Please, install luci-app-amneziawg manually and run the script again"
-            exit 1
-        fi
-
-        opkg install "$AWG_DIR/$LUCI_APP_AMNEZIAWG_FILENAME"
-
-        if [ $? -eq 0 ]; then
-            echo "luci-app-amneziawg file downloaded successfully"
-        else
-            echo "Error installing luci-app-amneziawg. Please, install luci-app-amneziawg manually and run the script again"
-            exit 1
-        fi
-    fi
-
-    rm -rf "$AWG_DIR"
-}
-
-wg_awg_setup() {
-    PROTOCOL_NAME=$1
-    printf "\033[32;1mConfigure ${PROTOCOL_NAME}\033[0m\n"
-    if [ "$PROTOCOL_NAME" = 'Wireguard' ]; then
-        INTERFACE_NAME="wg0"
-        CONFIG_NAME="wireguard_wg0"
-        PROTO="wireguard"
-        ZONE_NAME="wg"
-    fi
-
-    if [ "$PROTOCOL_NAME" = 'AmneziaWG' ]; then
-        INTERFACE_NAME="awg0"
-        CONFIG_NAME="amneziawg_awg0"
-        PROTO="amneziawg"
-        ZONE_NAME="awg"
-        
-        echo "Do you want to use AmneziaWG config or basic Wireguard config + automatic obfuscation?"
-        echo "1) AmneziaWG"
-        echo "2) Wireguard + automatic obfuscation"
-        read CONFIG_TYPE
-    fi
-
-    read -r -p "Enter the private key (from [Interface]):"$'\n' WG_PRIVATE_KEY_INT
-
-    while true; do
-        read -r -p "Enter internal IP address with subnet, example 192.168.100.5/24 (from [Interface]):"$'\n' WG_IP
-        if echo "$WG_IP" | egrep -oq '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]+$'; then
-            break
-        else
-            echo "This IP is not valid. Please repeat"
-        fi
-    done
-
-    read -r -p "Enter the public key (from [Peer]):"$'\n' WG_PUBLIC_KEY_INT
-    read -r -p "If use PresharedKey, Enter this (from [Peer]). If your don't use leave blank:"$'\n' WG_PRESHARED_KEY_INT
-    read -r -p "Enter Endpoint host without port (Domain or IP) (from [Peer]):"$'\n' WG_ENDPOINT_INT
-
-    read -r -p "Enter Endpoint host port (from [Peer]) [51820]:"$'\n' WG_ENDPOINT_PORT_INT
-    WG_ENDPOINT_PORT_INT=${WG_ENDPOINT_PORT_INT:-51820}
-    if [ "$WG_ENDPOINT_PORT_INT" = '51820' ]; then
-        echo $WG_ENDPOINT_PORT_INT
-    fi
-
-    if [ "$PROTOCOL_NAME" = 'AmneziaWG' ]; then
-        if [ "$CONFIG_TYPE" = '1' ]; then
-            read -r -p "Enter Jc value (from [Interface]):"$'\n' AWG_JC
-            read -r -p "Enter Jmin value (from [Interface]):"$'\n' AWG_JMIN
-            read -r -p "Enter Jmax value (from [Interface]):"$'\n' AWG_JMAX
-            read -r -p "Enter S1 value (from [Interface]):"$'\n' AWG_S1
-            read -r -p "Enter S2 value (from [Interface]):"$'\n' AWG_S2
-            read -r -p "Enter H1 value (from [Interface]):"$'\n' AWG_H1
-            read -r -p "Enter H2 value (from [Interface]):"$'\n' AWG_H2
-            read -r -p "Enter H3 value (from [Interface]):"$'\n' AWG_H3
-            read -r -p "Enter H4 value (from [Interface]):"$'\n' AWG_H4
-        elif [ "$CONFIG_TYPE" = '2' ]; then
-            #Default values to wg automatic obfuscation
-            AWG_JC=4
-            AWG_JMIN=40
-            AWG_JMAX=70
-            AWG_S1=0
-            AWG_S2=0
-            AWG_H1=1
-            AWG_H2=2
-            AWG_H3=3
-            AWG_H4=4
-        fi
-    fi
-    
-    uci set network.${INTERFACE_NAME}=interface
-    uci set network.${INTERFACE_NAME}.proto=$PROTO
-    uci set network.${INTERFACE_NAME}.private_key=$WG_PRIVATE_KEY_INT
-    uci set network.${INTERFACE_NAME}.listen_port='51821'
-    uci set network.${INTERFACE_NAME}.addresses=$WG_IP
-
-    if [ "$PROTOCOL_NAME" = 'AmneziaWG' ]; then
-        uci set network.${INTERFACE_NAME}.awg_jc=$AWG_JC
-        uci set network.${INTERFACE_NAME}.awg_jmin=$AWG_JMIN
-        uci set network.${INTERFACE_NAME}.awg_jmax=$AWG_JMAX
-        uci set network.${INTERFACE_NAME}.awg_s1=$AWG_S1
-        uci set network.${INTERFACE_NAME}.awg_s2=$AWG_S2
-        uci set network.${INTERFACE_NAME}.awg_h1=$AWG_H1
-        uci set network.${INTERFACE_NAME}.awg_h2=$AWG_H2
-        uci set network.${INTERFACE_NAME}.awg_h3=$AWG_H3
-        uci set network.${INTERFACE_NAME}.awg_h4=$AWG_H4
-    fi
-
-    if ! uci show network | grep -q ${CONFIG_NAME}; then
-        uci add network ${CONFIG_NAME}
-    fi
-
-    uci set network.@${CONFIG_NAME}[0]=$CONFIG_NAME
-    uci set network.@${CONFIG_NAME}[0].name="${INTERFACE_NAME}_client"
-    uci set network.@${CONFIG_NAME}[0].public_key=$WG_PUBLIC_KEY_INT
-    uci set network.@${CONFIG_NAME}[0].preshared_key=$WG_PRESHARED_KEY_INT
-    uci set network.@${CONFIG_NAME}[0].route_allowed_ips='0'
-    uci set network.@${CONFIG_NAME}[0].persistent_keepalive='25'
-    uci set network.@${CONFIG_NAME}[0].endpoint_host=$WG_ENDPOINT_INT
-    uci set network.@${CONFIG_NAME}[0].allowed_ips='0.0.0.0/0'
-    uci set network.@${CONFIG_NAME}[0].endpoint_port=$WG_ENDPOINT_PORT_INT
-    uci commit network
-
-    if ! uci show firewall | grep -q "@zone.*name='${ZONE_NAME}'"; then
-        printf "\033[32;1mZone Create\033[0m\n"
-        uci add firewall zone
-        uci set firewall.@zone[-1].name=$ZONE_NAME
-        uci set firewall.@zone[-1].network=$INTERFACE_NAME
-        uci set firewall.@zone[-1].forward='REJECT'
-        uci set firewall.@zone[-1].output='ACCEPT'
-        uci set firewall.@zone[-1].input='REJECT'
-        uci set firewall.@zone[-1].masq='1'
-        uci set firewall.@zone[-1].mtu_fix='1'
-        uci set firewall.@zone[-1].family='ipv4'
-        uci commit firewall
-    fi
-
-    if ! uci show firewall | grep -q "@forwarding.*name='${ZONE_NAME}'"; then
-        printf "\033[32;1mConfigured forwarding\033[0m\n"
-        uci add firewall forwarding
-        uci set firewall.@forwarding[-1]=forwarding
-        uci set firewall.@forwarding[-1].name="${ZONE_NAME}-lan"
-        uci set firewall.@forwarding[-1].dest=${ZONE_NAME}
-        uci set firewall.@forwarding[-1].src='lan'
-        uci set firewall.@forwarding[-1].family='ipv4'
-        uci commit firewall
-    fi
-
-    handler_network_restart
 }

 check_system() {
    # Get router model
    MODEL=$(cat /tmp/sysinfo/model)
-    echo "Router model: $MODEL"
+    msg "Router model: $MODEL"
+
+    # Check OpenWrt version
+    openwrt_version=$(cat /etc/openwrt_release | grep DISTRIB_RELEASE | cut -d"'" -f2 | cut -d'.' -f1)
+    if [ "$openwrt_version" = "23" ]; then
+        msg "OpenWrt 23.05 не поддерживается начиная с podkop 0.5.0"
+        msg "Для OpenWrt 23.05 используйте podkop версии 0.4.11 или устанавливайте зависимости и podkop вручную"
+        msg "Подробности: https://podkop.net/docs/install/#%d1%83%d1%81%d1%82%d0%b0%d0%bd%d0%be%d0%b2%d0%ba%d0%b0-%d0%bd%d0%b0-2305"
+        exit 1
+    fi

    # Check available space
    AVAILABLE_SPACE=$(df /overlay | awk 'NR==2 {print $4}')
    REQUIRED_SPACE=15360 # 15MB in KB

    if [ "$AVAILABLE_SPACE" -lt "$REQUIRED_SPACE" ]; then
-        printf "\033[31;1mError: Insufficient space in flash\033[0m\n"
-        echo "Available: $((AVAILABLE_SPACE/1024))MB"
-        echo "Required: $((REQUIRED_SPACE/1024))MB"
+        msg "Error: Insufficient space in flash"
+        msg "Available: $((AVAILABLE_SPACE/1024))MB"
+        msg "Required: $((REQUIRED_SPACE/1024))MB"
        exit 1
    fi

    if ! nslookup google.com >/dev/null 2>&1; then
-        printf "\033[31;1mDNS not working\033[0m\n"
+        msg "DNS not working"
        exit 1
    fi

    if opkg list-installed | grep -q https-dns-proxy; then
-        printf "\033[31;1mСonflicting package detected: https-dns-proxy. Remove? yes/no\033[0m\n"
+        msg "Сonflicting package detected: https-dns-proxy. Remove?"

        while true; do
                read -r -p '' DNSPROXY
@@ -451,16 +145,12 @@ check_system() {
                    break
                    ;;
                *)
-                    echo "Exit"
+                    msg "Exit"
                    exit 1
                    ;;
        esac
    done
    fi
-
-    if opkg list-installed | grep -q "iptables-mod-extra"; then
-        printf "\033[31;1mFound incompatible iptables packages. If you're using FriendlyWrt: https://t.me/itdogchat/44512/181082\033[0m\n"
-    fi
 }

 sing_box() {
@@ -469,9 +159,11 @@ sing_box() {
    fi

    sing_box_version=$(sing-box version | head -n 1 | awk '{print $3}')
-    required_version="1.11.1"
+    required_version="1.12.4"

    if [ "$(echo -e "$sing_box_version\n$required_version" | sort -V | head -n 1)" != "$required_version" ]; then
+        msg "sing-box version $sing_box_version is older than required $required_version"
+        msg "Removing old version..."
        opkg remove sing-box
    fi
 }
--- a/luci-app-podkop/Makefile
+++ b/luci-app-podkop/Makefile
@@ -1,7 +1,9 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-podkop
-PKG_VERSION:=0.4.4
+
+PKG_VERSION := $(if $(PKG_VERSION),$(PKG_VERSION),dev_$(shell date +%d%m%Y))
+
 PKG_RELEASE:=1

 LUCI_TITLE:=LuCI podkop app
--- a/luci-app-podkop/htdocs/luci-static/resources/view/podkop/additionalTab.js
+++ b/luci-app-podkop/htdocs/luci-static/resources/view/podkop/additionalTab.js
@@ -34,7 +34,7 @@ function createAdditionalSection(mainSection, network) {
    o.value('doh', _('DNS over HTTPS (DoH)'));
    o.value('dot', _('DNS over TLS (DoT)'));
    o.value('udp', _('UDP (Unprotected DNS)'));
-    o.default = 'doh';
+    o.default = 'udp';
    o.rmempty = false;
    o.ucisection = 'main';

@@ -50,20 +50,47 @@ function createAdditionalSection(mainSection, network) {
            return _('DNS server address cannot be empty');
        }

-        const ipRegex = /^(\d{1,3}\.){3}\d{1,3}$/;
-        if (ipRegex.test(value)) {
-            const parts = value.split('.');
-            for (const part of parts) {
-                const num = parseInt(part);
-                if (num < 0 || num > 255) {
-                    return _('IP address parts must be between 0 and 255');
-                }
-            }
-            return true;
+        const ipRegex = /^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}(:[0-9]{1,5})?$/;
+        const domainRegex = /^(?:https:\/\/)?([a-zA-Z0-9]+(-[a-zA-Z0-9]+)*\.)+[a-zA-Z]{2,63}(:[0-9]{1,5})?(\/[^?#\s]*)?$/;
+
+        if (!ipRegex.test(value) && !domainRegex.test(value)) {
+            return _('Invalid DNS server format. Examples: 8.8.8.8 or dns.example.com or dns.example.com/nicedns for DoH');
        }

-        const domainRegex = /^([a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]+\.[a-zA-Z]{2,}(\/[^\s]*)?$/;
-        if (!domainRegex.test(value)) {
+        return true;
+    };
+
+    o = mainSection.taboption('additional', form.Flag, 'split_dns_enabled', _('Split DNS'), _('DNS for the list via proxy'));
+    o.default = '1';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.ListValue, 'split_dns_type', _('Split DNS Protocol Type'), _('Select DNS protocol for split'));
+    o.value('doh', _('DNS over HTTPS (DoH)'));
+    o.value('dot', _('DNS over TLS (DoT)'));
+    o.value('udp', _('UDP (Unprotected DNS)'));
+    o.default = 'udp';
+    o.rmempty = false;
+    o.depends('split_dns_enabled', '1');
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.Value, 'split_dns_server', _('Split DNS Server'), _('Select or enter DNS server address'));
+    Object.entries(constants.DNS_SERVER_OPTIONS).forEach(([key, label]) => {
+        o.value(key, _(label));
+    });
+    o.default = '1.1.1.1';
+    o.rmempty = false;
+    o.depends('split_dns_enabled', '1');
+    o.ucisection = 'main';
+    o.validate = function (section_id, value) {
+        if (!value) {
+            return _('DNS server address cannot be empty');
+        }
+
+        const ipRegex = /^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}(:[0-9]{1,5})?$/;
+        const domainRegex = /^(?:https:\/\/)?([a-zA-Z0-9]+(-[a-zA-Z0-9]+)*\.)+[a-zA-Z]{2,63}(:[0-9]{1,5})?(\/[^?#\s]*)?$/;
+
+        if (!ipRegex.test(value) && !domainRegex.test(value)) {
            return _('Invalid DNS server format. Examples: 8.8.8.8 or dns.example.com or dns.example.com/nicedns for DoH');
        }

@@ -87,10 +114,17 @@ function createAdditionalSection(mainSection, network) {
        return true;
    };

-    o = mainSection.taboption('additional', form.Value, 'cache_file', _('Cache File Path'), _('Select or enter path for sing-box cache file. Change this ONLY if you know what you are doing'));
-    o.value('/tmp/cache.db', 'RAM (/tmp/cache.db)');
+    o = mainSection.taboption('additional', form.ListValue, 'config_path', _('Config File Path'), _('Select path for sing-box config file. Change this ONLY if you know what you are doing'));
+    o.value('/etc/sing-box/config.json', 'Flash (/etc/sing-box/config.json)');
+    o.value('/tmp/sing-box/config.json', 'RAM (/tmp/sing-box/config.json)');
+    o.default = '/etc/sing-box/config.json';
+    o.rmempty = false;
+    o.ucisection = 'main';
+
+    o = mainSection.taboption('additional', form.Value, 'cache_path', _('Cache File Path'), _('Select or enter path for sing-box cache file. Change this ONLY if you know what you are doing'));
+    o.value('/tmp/sing-box/cache.db', 'RAM (/tmp/sing-box/cache.db)');
    o.value('/usr/share/sing-box/cache.db', 'Flash (/usr/share/sing-box/cache.db)');
-    o.default = '/tmp/cache.db';
+    o.default = '/tmp/sing-box/cache.db';
    o.rmempty = false;
    o.ucisection = 'main';
    o.validate = function (section_id, value) {
@@ -151,6 +185,18 @@ function createAdditionalSection(mainSection, network) {
        return ['lan', 'loopback'].indexOf(value) === -1 && !value.startsWith('@');
    };

+    o = mainSection.taboption('additional', form.Value, 'procd_reload_delay', _('Interface Monitoring Delay'), _('Delay in milliseconds before reloading podkop after interface UP'));
+    o.ucisection = 'main';
+    o.depends('mon_restart_ifaces', '1');
+    o.default = '2000';
+    o.rmempty = false;
+    o.validate = function (section_id, value) {
+        if (!value) {
+            return _('Delay value cannot be empty');
+        }
+        return true;
+    };
+
    o = mainSection.taboption('additional', form.Flag, 'dont_touch_dhcp', _('Dont touch my DHCP!'), _('Podkop will not change the DHCP config'));
    o.default = '0';
    o.rmempty = false;
@@ -161,6 +207,7 @@ function createAdditionalSection(mainSection, network) {
    o.rmempty = false;
    o.ucisection = 'main';

+    // TODO(ampetelin): Can be moved to advanced settings in luci
    // Extra IPs and exclusions (main section)
    o = mainSection.taboption('basic', form.Flag, 'exclude_from_ip_enabled', _('IP for exclusion'), _('Specify local IP addresses that will never use the configured route'));
    o.default = '0';
--- a/luci-app-podkop/htdocs/luci-static/resources/view/podkop/configSection.js
+++ b/luci-app-podkop/htdocs/luci-static/resources/view/podkop/configSection.js
@@ -32,6 +32,7 @@ function createConfigSection(section, map, network) {
    o = s.taboption('basic', form.ListValue, 'proxy_config_type', _('Configuration Type'), _('Select how to configure the proxy'));
    o.value('url', _('Connection URL'));
    o.value('outbound', _('Outbound Config'));
+    o.value('urltest', _('URLTest'));
    o.default = 'url';
    o.depends('mode', 'proxy');
    o.ucisection = s.section;
@@ -179,10 +180,6 @@ function createConfigSection(section, map, network) {
                    if (!params.get('pbk')) return _('Invalid VLESS URL: missing pbk parameter for reality security');
                    if (!params.get('fp')) return _('Invalid VLESS URL: missing fp parameter for reality security');
                }
-
-                if (security === 'tls' && type !== 'tcp' && !params.get('sni')) {
-                    return _('Invalid VLESS URL: missing sni parameter for tls security');
-                }
            }

            return true;
@@ -209,11 +206,16 @@ function createConfigSection(section, map, network) {
        }
    };

+    o = s.taboption('basic', form.DynamicList, 'urltest_proxy_links', _('URLTest Proxy Links'));
+    o.depends('proxy_config_type', 'urltest');
+    o.placeholder = 'vless:// or ss:// link';
+    o.rmempty = false;
+
    o = s.taboption('basic', form.Flag, 'ss_uot', _('Shadowsocks UDP over TCP'), _('Apply for SS2022'));
    o.default = '0';
    o.depends('mode', 'proxy');
    o.rmempty = false;
-    o.ucisection = 'main';
+    o.ucisection = s.section;

    o = s.taboption('basic', widgets.DeviceSelect, 'interface', _('Network Interface'), _('Select network interface for VPN connection'));
    o.depends('mode', 'vpn');
@@ -238,18 +240,17 @@ function createConfigSection(section, map, network) {
        return true;
    };

-    o = s.taboption('basic', form.Flag, 'domain_list_enabled', _('Community Lists'));
+    o = s.taboption('basic', form.Flag, 'community_lists_enabled', _('Community Lists'));
    o.default = '0';
    o.rmempty = false;
    o.ucisection = s.section;

-    o = s.taboption('basic', form.DynamicList, 'domain_list', _('Service List'), _('Select predefined service for routing') + ' <a href="https://github.com/itdoginfo/allow-domains" target="_blank">github.com/itdoginfo/allow-domains</a>');
+    o = s.taboption('basic', form.DynamicList, 'community_lists', _('Service List'), _('Select predefined service for routing') + ' <a href="https://github.com/itdoginfo/allow-domains" target="_blank">github.com/itdoginfo/allow-domains</a>');
    o.placeholder = 'Service list';
    Object.entries(constants.DOMAIN_LIST_OPTIONS).forEach(([key, label]) => {
        o.value(key, _(label));
    });
-
-    o.depends('domain_list_enabled', '1');
+    o.depends('community_lists_enabled', '1');
    o.rmempty = false;
    o.ucisection = s.section;

@@ -306,7 +307,7 @@ function createConfigSection(section, map, network) {
        }
    };

-    o = s.taboption('basic', form.ListValue, 'custom_domains_list_type', _('User Domain List Type'), _('Select how to add your custom domains'));
+    o = s.taboption('basic', form.ListValue, 'user_domain_list_type', _('User Domain List Type'), _('Select how to add your custom domains'));
    o.value('disabled', _('Disabled'));
    o.value('dynamic', _('Dynamic List'));
    o.value('text', _('Text List'));
@@ -314,9 +315,9 @@ function createConfigSection(section, map, network) {
    o.rmempty = false;
    o.ucisection = s.section;

-    o = s.taboption('basic', form.DynamicList, 'custom_domains', _('User Domains'), _('Enter domain names without protocols (example: sub.example.com or example.com)'));
+    o = s.taboption('basic', form.DynamicList, 'user_domains', _('User Domains'), _('Enter domain names without protocols (example: sub.example.com or example.com)'));
    o.placeholder = 'Domains list';
-    o.depends('custom_domains_list_type', 'dynamic');
+    o.depends('user_domain_list_type', 'dynamic');
    o.rmempty = false;
    o.ucisection = s.section;
    o.validate = function (section_id, value) {
@@ -328,9 +329,9 @@ function createConfigSection(section, map, network) {
        return true;
    };

-    o = s.taboption('basic', form.TextValue, 'custom_domains_text', _('User Domains List'), _('Enter domain names separated by comma, space or newline. You can add comments after //'));
+    o = s.taboption('basic', form.TextValue, 'user_domains_text', _('User Domains List'), _('Enter domain names separated by comma, space or newline. You can add comments after //'));
    o.placeholder = 'example.com, sub.example.com\n// Social networks\ndomain.com test.com // personal domains';
-    o.depends('custom_domains_list_type', 'text');
+    o.depends('user_domain_list_type', 'text');
    o.rows = 8;
    o.rmempty = false;
    o.ucisection = s.section;
@@ -369,14 +370,14 @@ function createConfigSection(section, map, network) {
        return true;
    };

-    o = s.taboption('basic', form.Flag, 'custom_local_domains_list_enabled', _('Local Domain Lists'), _('Use the list from the router filesystem'));
+    o = s.taboption('basic', form.Flag, 'local_domain_lists_enabled', _('Local Domain Lists'), _('Use the list from the router filesystem'));
    o.default = '0';
    o.rmempty = false;
    o.ucisection = s.section;

-    o = s.taboption('basic', form.DynamicList, 'custom_local_domains', _('Local Domain Lists Path'), _('Enter the list file path'));
+    o = s.taboption('basic', form.DynamicList, 'local_domain_lists', _('Local Domain List Paths'), _('Enter the list file path'));
    o.placeholder = '/path/file.lst';
-    o.depends('custom_local_domains_list_enabled', '1');
+    o.depends('local_domain_lists_enabled', '1');
    o.rmempty = false;
    o.ucisection = s.section;
    o.validate = function (section_id, value) {
@@ -388,14 +389,14 @@ function createConfigSection(section, map, network) {
        return true;
    };

-    o = s.taboption('basic', form.Flag, 'custom_download_domains_list_enabled', _('Remote Domain Lists'), _('Download and use domain lists from remote URLs'));
+    o = s.taboption('basic', form.Flag, 'remote_domain_lists_enabled', _('Remote Domain Lists'), _('Download and use domain lists from remote URLs'));
    o.default = '0';
    o.rmempty = false;
    o.ucisection = s.section;

-    o = s.taboption('basic', form.DynamicList, 'custom_download_domains', _('Remote Domain URLs'), _('Enter full URLs starting with http:// or https://'));
+    o = s.taboption('basic', form.DynamicList, 'remote_domain_lists', _('Remote Domain URLs'), _('Enter full URLs starting with http:// or https://'));
    o.placeholder = 'URL';
-    o.depends('custom_download_domains_list_enabled', '1');
+    o.depends('remote_domain_lists_enabled', '1');
    o.rmempty = false;
    o.ucisection = s.section;
    o.validate = function (section_id, value) {
@@ -403,7 +404,26 @@ function createConfigSection(section, map, network) {
        return validateUrl(value);
    };

-    o = s.taboption('basic', form.ListValue, 'custom_subnets_list_enabled', _('User Subnet List Type'), _('Select how to add your custom subnets'));
+    o = s.taboption('basic', form.Flag, 'local_subnet_lists_enabled', _('Local Subnet Lists'), _('Use the list from the router filesystem'));
+    o.default = '0';
+    o.rmempty = false;
+    o.ucisection = s.section;
+
+    o = s.taboption('basic', form.DynamicList, 'local_subnet_lists', _('Local Subnet List Paths'), _('Enter the list file path'));
+    o.placeholder = '/path/file.lst';
+    o.depends('local_subnet_lists_enabled', '1');
+    o.rmempty = false;
+    o.ucisection = s.section;
+    o.validate = function (section_id, value) {
+        if (!value || value.length === 0) return true;
+        const pathRegex = /^\/[a-zA-Z0-9_\-\/\.]+$/;
+        if (!pathRegex.test(value)) {
+            return _('Invalid path format. Path must start with "/" and contain valid characters');
+        }
+        return true;
+    };
+
+    o = s.taboption('basic', form.ListValue, 'user_subnet_list_type', _('User Subnet List Type'), _('Select how to add your custom subnets'));
    o.value('disabled', _('Disabled'));
    o.value('dynamic', _('Dynamic List'));
    o.value('text', _('Text List (comma/space/newline separated)'));
@@ -411,9 +431,9 @@ function createConfigSection(section, map, network) {
    o.rmempty = false;
    o.ucisection = s.section;

-    o = s.taboption('basic', form.DynamicList, 'custom_subnets', _('User Subnets'), _('Enter subnets in CIDR notation (example: 103.21.244.0/22) or single IP addresses'));
+    o = s.taboption('basic', form.DynamicList, 'user_subnets', _('User Subnets'), _('Enter subnets in CIDR notation (example: 103.21.244.0/22) or single IP addresses'));
    o.placeholder = 'IP or subnet';
-    o.depends('custom_subnets_list_enabled', 'dynamic');
+    o.depends('user_subnet_list_type', 'dynamic');
    o.rmempty = false;
    o.ucisection = s.section;
    o.validate = function (section_id, value) {
@@ -421,6 +441,9 @@ function createConfigSection(section, map, network) {
        const subnetRegex = /^(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?$/;
        if (!subnetRegex.test(value)) return _('Invalid format. Use format: X.X.X.X or X.X.X.X/Y');
        const [ip, cidr] = value.split('/');
+        if (ip === "0.0.0.0") {
+             return _('IP address 0.0.0.0 is not allowed');
+        }
        const ipParts = ip.split('.');
        for (const part of ipParts) {
            const num = parseInt(part);
@@ -433,9 +456,9 @@ function createConfigSection(section, map, network) {
        return true;
    };

-    o = s.taboption('basic', form.TextValue, 'custom_subnets_text', _('User Subnets List'), _('Enter subnets in CIDR notation or single IP addresses, separated by comma, space or newline. You can add comments after //'));
+    o = s.taboption('basic', form.TextValue, 'user_subnets_text', _('User Subnets List'), _('Enter subnets in CIDR notation or single IP addresses, separated by comma, space or newline. You can add comments after //'));
    o.placeholder = '103.21.244.0/22\n// Google DNS\n8.8.8.8\n1.1.1.1/32, 9.9.9.9 // Cloudflare and Quad9';
-    o.depends('custom_subnets_list_enabled', 'text');
+    o.depends('user_subnet_list_type', 'text');
    o.rows = 10;
    o.rmempty = false;
    o.ucisection = s.section;
@@ -490,14 +513,14 @@ function createConfigSection(section, map, network) {
        return true;
    };

-    o = s.taboption('basic', form.Flag, 'custom_download_subnets_list_enabled', _('Remote Subnet Lists'), _('Download and use subnet lists from remote URLs'));
+    o = s.taboption('basic', form.Flag, 'remote_subnet_lists_enabled', _('Remote Subnet Lists'), _('Download and use subnet lists from remote URLs'));
    o.default = '0';
    o.rmempty = false;
    o.ucisection = s.section;

-    o = s.taboption('basic', form.DynamicList, 'custom_download_subnets', _('Remote Subnet URLs'), _('Enter full URLs starting with http:// or https://'));
+    o = s.taboption('basic', form.DynamicList, 'remote_subnet_lists', _('Remote Subnet URLs'), _('Enter full URLs starting with http:// or https://'));
    o.placeholder = 'URL';
-    o.depends('custom_download_subnets_list_enabled', '1');
+    o.depends('remote_subnet_lists_enabled', '1');
    o.rmempty = false;
    o.ucisection = s.section;
    o.validate = function (section_id, value) {
@@ -530,4 +553,4 @@ function createConfigSection(section, map, network) {

 return baseclass.extend({
    createConfigSection
-}); 
+});
--- a/luci-app-podkop/htdocs/luci-static/resources/view/podkop/constants.js
+++ b/luci-app-podkop/htdocs/luci-static/resources/view/podkop/constants.js
@@ -21,7 +21,10 @@ const ALLOWED_WITH_RUSSIA_INSIDE = [
    'google_ai',
    'google_play',
    'hetzner',
-    'ovh'
+    'ovh',
+    'hodca',
+    'digitalocean',
+    'cloudfront'
 ];

 const DOMAIN_LIST_OPTIONS = {
@@ -43,8 +46,11 @@ const DOMAIN_LIST_OPTIONS = {
    cloudflare: 'Cloudflare',
    google_ai: 'Google AI',
    google_play: 'Google Play',
+    hodca: 'H.O.D.C.A',
    hetzner: 'Hetzner ASN',
-    ovh: 'OVH ASN'
+    ovh: 'OVH ASN',
+    digitalocean: 'Digital Ocean ASN',
+    cloudfront: 'CloudFront ASN'
 };

 const UPDATE_INTERVAL_OPTIONS = {
--- a/luci-app-podkop/htdocs/luci-static/resources/view/podkop/diagnosticTab.js
+++ b/luci-app-podkop/htdocs/luci-static/resources/view/podkop/diagnosticTab.js
@@ -726,7 +726,7 @@ async function updateDiagnostics() {
        updateTextElement('fakeip-browser-status',
            E('span', { style: `color: ${result.error ? constants.STATUS_COLORS.WARNING : result.color}` }, [
                result.error ? '! ' : result.state === 'working' ? '✔ ' : result.state === 'not_working' ? '✘ ' : '! ',
-                result.error ? 'check error' : result.state === 'working' ? _('works in browser') : _('not works in browser')
+                result.error ? 'check error' : result.state === 'working' ? _('works in browser') : _('does not work in browser')
            ])
        );
    });
@@ -735,7 +735,7 @@ async function updateDiagnostics() {
        updateTextElement('fakeip-router-status',
            E('span', { style: `color: ${result.error ? constants.STATUS_COLORS.WARNING : result.color}` }, [
                result.error ? '! ' : result.state === 'working' ? '✔ ' : result.state === 'not_working' ? '✘ ' : '! ',
-                result.error ? 'check error' : result.state === 'working' ? _('works on router') : _('not works on router')
+                result.error ? 'check error' : result.state === 'working' ? _('works on router') : _('does not work on router')
            ])
        );
    });
--- a/luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js
+++ b/luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js
@@ -30,6 +30,10 @@ return view.extend({
                    background: var(--background-color-primary);
                    border-color: var(--border-color-medium);
                }
+
+                #cbi-podkop:has(.cbi-tab-disabled[data-tab="basic"]) #cbi-podkop-extra {
+                    display: none;
+                }
            </style>
        `);

--- a/luci-app-podkop/po/ru/podkop.po
+++ b/luci-app-podkop/po/ru/podkop.po
@@ -97,8 +97,8 @@ msgstr "Локальные списки доменов"
 msgid "Use the list from the router filesystem"
 msgstr "Использовать список из файловой системы роутера"

-msgid "Local Domain Lists Path"
-msgstr "Путь к локальным спискам доменов"
+msgid "Local Domain List Paths"
+msgstr "Пути к локальным спискам доменов"

 msgid "Enter to the list file path"
 msgstr "Введите путь к файлу списка"
@@ -232,6 +232,9 @@ msgstr "Неверный формат URL. URL должен начинаться
 msgid "Invalid format. Use format: X.X.X.X or X.X.X.X/Y"
 msgstr "Неверный формат. Используйте формат: X.X.X.X или X.X.X.X/Y"

+msgid "IP address 0.0.0.0 is not allowed"
+msgstr "IP адрес не может быть 0.0.0.0"
+
 msgid "IP address parts must be between 0 and 255"
 msgstr "Части IP-адреса должны быть между 0 и 255"

@@ -745,10 +748,10 @@ msgstr "Проверка FakeIP через CLI"
 msgid "FakeIP CLI Check Results"
 msgstr "Результаты проверки FakeIP через CLI"

-msgid "not works in browser"
+msgid "does not work in browser"
 msgstr "не работает в браузере"

-msgid "not works on router"
+msgid "does not work on router"
 msgstr "не работает на роутере"

 msgid "Diagnostics"
@@ -872,4 +875,34 @@ msgid "Lists update failed"
 msgstr "Обновление списков не удалось"

 msgid "Error: "
-msgstr "Ошибка: "
+msgstr "Ошибка: "
+
+msgid "Interface monitoring"
+msgstr "Мониторинг интерфейсов"
+
+msgid "Interface monitoring for bad WAN"
+msgstr "Мониторинг интерфейсов для плохого WAN"
+
+msgid "Interface for monitoring"
+msgstr "Интерфейс для мониторинга"
+
+msgid "Select the WAN interfaces to be monitored"
+msgstr "Выберите WAN интерфейсы для мониторинга"
+
+msgid "Interface Monitoring Delay"
+msgstr "Задержка при мониторинге интерфейсов"
+
+msgid "Delay in milliseconds before reloading podkop after interface UP"
+msgstr "Задержка в миллисекундах перед перезагрузкой podkop после поднятия интерфейса"
+
+msgid "Delay value cannot be empty"
+msgstr "Значение не может быть пустым"
+
+msgid "Local Subnet Lists"
+msgstr "Локальные списки подсетей"
+
+msgid "Local Subnet List Paths"
+msgstr "Пути к локальным спискам подсетей"
+
+msgid "Config File Path"
+msgstr "Путь к файлу конфигурации"
--- a/luci-app-podkop/po/templates/podkop.pot
+++ b/luci-app-podkop/po/templates/podkop.pot
@@ -97,7 +97,7 @@ msgstr ""
 msgid "Use the list from the router filesystem"
 msgstr ""

-msgid "Local Domain Lists Path"
+msgid "Local Domain List Paths"
 msgstr ""

 msgid "Enter to the list file path"
@@ -232,6 +232,9 @@ msgstr ""
 msgid "Invalid format. Use format: X.X.X.X or X.X.X.X/Y"
 msgstr ""

+msgid "IP address 0.0.0.0 is not allowed"
+msgstr ""
+
 msgid "IP address parts must be between 0 and 255"
 msgstr ""

@@ -1096,10 +1099,10 @@ msgstr ""
 msgid "FakeIP CLI Check Results"
 msgstr ""

-msgid "not works in browser"
+msgid "does not work in browser"
 msgstr ""

-msgid "not works on router"
+msgid "does not work on router"
 msgstr ""

 msgid "Diagnostics"
@@ -1226,4 +1229,34 @@ msgid "Loading..."
 msgstr ""

 msgid "Error: "
+msgstr ""
+
+msgid "Interface monitoring"
+msgstr ""
+
+msgid "Interface monitoring for bad WAN"
+msgstr ""
+
+msgid "Interface for monitoring"
+msgstr ""
+
+msgid "Select the WAN interfaces to be monitored"
+msgstr ""
+
+msgid "Interface Monitoring Delay"
+msgstr ""
+
+msgid "Delay in milliseconds before reloading podkop after interface UP"
+msgstr ""
+
+msgid "Delay value cannot be empty"
+msgstr ""
+
+msgid "Local Subnet Lists"
+msgstr ""
+
+msgid "Local Subnet List Paths"
+msgstr ""
+
+msgid "Config File Path"
 msgstr ""
--- a/podkop/Makefile
+++ b/podkop/Makefile
@@ -1,7 +1,9 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=podkop
-PKG_VERSION:=0.4.4
+
+PKG_VERSION := $(if $(PKG_VERSION),$(PKG_VERSION),dev_$(shell date +%d%m%Y))
+
 PKG_RELEASE:=1

 PKG_MAINTAINER:=ITDog <podkop@itdog.info>
@@ -13,7 +15,7 @@ define Package/podkop
 	SECTION:=net
 	CATEGORY:=Network
 	DEPENDS:=+sing-box +curl +jq +kmod-nft-tproxy +coreutils-base64
-	CONFLICTS:=https-dns-proxy
+	CONFLICTS:=https-dns-proxy nextdns luci-app-passwall luci-app-passwall2
 	TITLE:=Domain routing app
 	URL:=https://podkop.net
 	PKGARCH:=all
@@ -53,6 +55,9 @@ define Package/podkop/install

 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) ./files/usr/bin/podkop $(1)/usr/bin/podkop
+
+	$(INSTALL_DIR) $(1)/usr/lib/podkop
+	$(CP) ./files/usr/lib/* $(1)/usr/lib/podkop/
 endef

 $(eval $(call BuildPackage,podkop))
--- a/podkop/files/etc/config/podkop
+++ b/podkop/files/etc/config/podkop
@@ -4,25 +4,24 @@ config main 'main'
 	option proxy_config_type 'url'
 	#option outbound_json ''
 	option proxy_string ''
-	option domain_list_enabled '1'
-	list domain_list 'russia_inside'
-	option subnets_list_enabled '0'
-	option custom_domains_list_type 'disabled'
-	#list custom_domains ''
-	#option custom_domains_text ''
-	option custom_local_domains_list_enabled '0'
-	#list custom_local_domains ''
-	option custom_download_domains_list_enabled '0'
-	#list custom_download_domains ''
-	option custom_domains_list_type 'disable'
-	#list custom_subnets ''
-	#custom_subnets_text ''
-	option custom_download_subnets_list_enabled '0'
-	#list custom_download_subnets ''
+	option community_lists_enabled '1'
+	list community_lists 'russia_inside'
+	option user_domain_list_type 'disabled'
+	#list user_domains ''
+	#option user_domains_text ''
+	option local_domain_lists_enabled '0'
+	#list local_domain_lists ''
+	option remote_domain_lists_enabled '0'
+	#list remote_domain_lists ''
+	option user_subnet_list_type 'disable'
+	#list user_subnets ''
+	#option user_subnets_text ''
+	option local_subnet_lists_enabled '0'
+	#list local_subnet_lists ''
+	option remote_subnet_lists_enabled '0'
+	#list remote_subnet_lists ''
 	option all_traffic_from_ip_enabled '0'
 	#list all_traffic_ip ''
-	option delist_domains_enabled '0'
-	#list delist_domains ''
 	option exclude_from_ip_enabled '0'
 	#list exclude_traffic_ip ''
 	option yacd '0'
@@ -31,12 +30,18 @@ config main 'main'
 	option quic_disable '0'
 	option dont_touch_dhcp '0'
 	option update_interval '1d'
-	option dns_type 'doh'
+	option dns_type 'udp'
 	option dns_server '8.8.8.8'
+	option split_dns_enabled '1'
+	option split_dns_type 'udp'
+	option split_dns_server '1.1.1.1'
 	option dns_rewrite_ttl '60'
-	option cache_file '/tmp/cache.db'
+	option config_path '/etc/sing-box/config.json'
+	option cache_path '/tmp/sing-box/cache.db'
 	list iface 'br-lan'
 	option mon_restart_ifaces '0'
 	#list restart_ifaces 'wan'
+	option procd_reload_delay '2000'
 	option ss_uot '0'
-	option detour '0'
+	option detour '0'
+	option shutdown_correctly '1'
--- a/podkop/files/etc/init.d/podkop
+++ b/podkop/files/etc/init.d/podkop
@@ -34,13 +34,16 @@ service_triggers() {

 	config_get mon_restart_ifaces "main" "mon_restart_ifaces"
 	config_get restart_ifaces "main" "restart_ifaces"
+	config_get procd_reload_delay "main" "procd_reload_delay" "2000"
+
+    PROCD_RELOAD_DELAY=$procd_reload_delay

 	procd_open_trigger
 		procd_add_config_trigger "config.change" "$NAME" "$initscript" restart 'on_config_change'

        if [ "$mon_restart_ifaces" = "1" ]; then
 			for iface in $restart_ifaces; do
-				procd_add_reload_interface_trigger $iface
+            	procd_add_interface_trigger "interface.*.up" "$iface" /etc/init.d/podkop reload
 			done
 		fi
 	procd_close_trigger
--- a/podkop/files/usr/bin/podkop
+++ b/podkop/files/usr/bin/podkop
--- a/podkop/files/usr/lib/constants.sh
+++ b/podkop/files/usr/lib/constants.sh
@@ -0,0 +1,66 @@
+# shellcheck disable=SC2034
+
+## Common
+PODKOP_CONFIG="/etc/config/podkop"
+RESOLV_CONF="/etc/resolv.conf"
+DNS_RESOLVERS="1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 9.9.9.9 9.9.9.11 94.140.14.14 94.140.15.15 208.67.220.220 208.67.222.222 77.88.8.1 77.88.8.8"
+CHECK_PROXY_IP_DOMAIN="ip.podkop.fyi"
+FAKEIP_TEST_DOMAIN="fakeip.podkop.fyi"
+TMP_SING_BOX_FOLDER="/tmp/sing-box"
+TMP_RULESET_FOLDER="$TMP_SING_BOX_FOLDER/rulesets"
+CLOUDFLARE_OCTETS="8.47 162.159 188.114" # Endpoints https://github.com/ampetelin/warp-endpoint-checker
+
+## nft
+NFT_TABLE_NAME="PodkopTable"
+NFT_LOCALV4_SET_NAME="localv4"
+NFT_COMMON_SET_NAME="podkop_subnets"
+NFT_DISCORD_SET_NAME="podkop_discord_subnets"
+NFT_INTERFACE_SET_NAME="interfaces"
+
+## sing-box
+# Log
+SB_DEFAULT_LOG_LEVEL="warn"
+# DNS
+SB_DNS_SERVER_TAG="dns-server"
+SB_SPLIT_DNS_SERVER_TAG="split-dns-server"
+SB_FAKEIP_DNS_SERVER_TAG="fakeip-server"
+SB_FAKEIP_INET4_RANGE="198.18.0.0/15"
+SB_DNS_DOMAIN_RESOLVER_TAG="dns-domain-resolver"
+SB_FAKEIP_DNS_RULE_TAG="fakeip-dns-rule-tag"
+SB_INVERT_FAKEIP_DNS_RULE_TAG="invert-fakeip-dns-rule-tag"
+# Inbounds
+SB_TPROXY_INBOUND_TAG="tproxy-in"
+SB_TPROXY_INBOUND_ADDRESS="127.0.0.1"
+SB_TPROXY_INBOUND_PORT=1602
+SB_DNS_INBOUND_TAG="dns-in"
+SB_DNS_INBOUND_ADDRESS="127.0.0.42"
+SB_DNS_INBOUND_PORT=53
+SB_MIXED_INBOUND_TAG="mixed-in"
+SB_MIXED_INBOUND_ADDRESS="0.0.0.0" # TODO(ampetelin): maybe to determine address?
+SB_MIXED_INBOUND_PORT=2080
+SB_SERVICE_MIXED_INBOUND_TAG="service-mixed-in"
+SB_SERVICE_MIXED_INBOUND_ADDRESS="127.0.0.1"
+SB_SERVICE_MIXED_INBOUND_PORT=4534
+# Outbounds
+SB_DIRECT_OUTBOUND_TAG="direct-out"
+SB_MAIN_OUTBOUND_TAG="main-out"
+# Route
+SB_REJECT_RULE_TAG="reject-rule-tag"
+
+## Lists
+GITHUB_RAW_URL="https://raw.githubusercontent.com/itdoginfo/allow-domains/main"
+SRS_MAIN_URL="https://github.com/itdoginfo/allow-domains/releases/latest/download"
+DOMAINS_RU_INSIDE="${GITHUB_RAW_URL}/Russia/inside-dnsmasq-nfset.lst"
+DOMAINS_RU_OUTSIDE="${GITHUB_RAW_URL}/Russia/outside-dnsmasq-nfset.lst"
+DOMAINS_UA="${GITHUB_RAW_URL}/Ukraine/inside-dnsmasq-nfset.lst"
+DOMAINS_YOUTUBE="${GITHUB_RAW_URL}/Services/youtube.lst"
+SUBNETS_TWITTER="${GITHUB_RAW_URL}/Subnets/IPv4/twitter.lst"
+SUBNETS_META="${GITHUB_RAW_URL}/Subnets/IPv4/meta.lst"
+SUBNETS_DISCORD="${GITHUB_RAW_URL}/Subnets/IPv4/discord.lst"
+SUBNETS_TELERAM="${GITHUB_RAW_URL}/Subnets/IPv4/telegram.lst"
+SUBNETS_CLOUDFLARE="${GITHUB_RAW_URL}/Subnets/IPv4/cloudflare.lst"
+SUBNETS_HETZNER="${GITHUB_RAW_URL}/Subnets/IPv4/hetzner.lst"
+SUBNETS_OVH="${GITHUB_RAW_URL}/Subnets/IPv4/ovh.lst"
+SUBNETS_DIGITALOCEAN="${GITHUB_RAW_URL}/Subnets/IPv4/digitalocean.lst"
+SUBNETS_CLOUDFRONT="${GITHUB_RAW_URL}/Subnets/IPv4/cloudfront.lst"
+COMMUNITY_SERVICES="russia_inside russia_outside ukraine_inside geoblock block porn news anime youtube hdrezka tiktok google_ai google_play hodca discord meta twitter cloudflare cloudfront digitalocean hetzner ovh telegram"
--- a/podkop/files/usr/lib/helpers.jq
+++ b/podkop/files/usr/lib/helpers.jq
@@ -0,0 +1,14 @@
+def extend_key_value(current_value; new_value):
+    if (current_value | type) == "array" then
+        if (new_value | type) == "array" then
+            current_value + new_value
+        else
+            current_value + [new_value]
+        end
+    else
+        if (new_value | type) == "array" then
+            [current_value] + new_value
+        else
+            [current_value, new_value]
+        end
+    end;
--- a/podkop/files/usr/lib/helpers.sh
+++ b/podkop/files/usr/lib/helpers.sh
@@ -0,0 +1,365 @@
+# Check if string is valid IPv4
+is_ipv4() {
+    local ip="$1"
+    local regex="^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$"
+    [[ "$ip" =~ $regex ]]
+}
+
+# Check if string is valid IPv4 with CIDR mask
+is_ipv4_cidr() {
+    local ip="$1"
+    local regex="^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}(\/(3[0-2]|2[0-9]|1[0-9]|[0-9]))$"
+    [[ "$ip" =~ $regex ]]
+}
+
+is_ipv4_ip_or_ipv4_cidr() {
+    is_ipv4 "$1" || is_ipv4_cidr "$1"
+}
+
+is_domain() {
+    local str="$1"
+    local regex='^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)*$'
+
+    [[ "$str" =~ $regex ]]
+}
+
+is_domain_suffix() {
+    local str="$1"
+    local normalized="${str#.}"
+
+    is_domain "$normalized"
+}
+
+# Checks if the given string is a valid base64-encoded sequence
+is_base64() {
+    local str="$1"
+
+    if echo "$str" | base64 -d > /dev/null 2>&1; then
+        return 0
+    fi
+    return 1
+}
+
+# Checks if the given string looks like a Shadowsocks userinfo
+is_shadowsocks_userinfo_format() {
+    local str="$1"
+    local regex='^[^:]+:[^:]+(:[^:]+)?$'
+
+    [[ "$str" =~ $regex ]]
+}
+
+# Checks if the given file exists
+file_exists() {
+    local filepath="$1"
+
+    if [[ -f "$filepath" ]]; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+# Returns the inbound tag name by appending the postfix to the given section
+get_inbound_tag_by_section() {
+    local section="$1"
+    local postfix="in"
+
+    echo "$section-$postfix"
+}
+
+# Returns the outbound tag name by appending the postfix to the given section
+get_outbound_tag_by_section() {
+    local section="$1"
+    local postfix="out"
+
+    echo "$section-$postfix"
+}
+
+# Constructs and returns a ruleset tag using section, name, optional type, and a fixed postfix
+get_ruleset_tag() {
+    local section="$1"
+    local name="$2"
+    local type="$3"
+    local postfix="ruleset"
+
+    if [ -n "$type" ]; then
+        echo "$section-$name-$type-$postfix"
+    else
+        echo "$section-$name-$postfix"
+    fi
+}
+
+# Determines the ruleset format based on the file extension (json → source, srs → binary)
+get_ruleset_format_by_file_extension() {
+    local file_extension="$1"
+
+    local format
+    case "$file_extension" in
+    json) format="source" ;;
+    srs) format="binary" ;;
+    *)
+        log "Unsupported file extension: .$file_extension"
+        return 1
+        ;;
+    esac
+
+    echo "$format"
+}
+
+# Converts a comma-separated string into a JSON array string
+comma_string_to_json_array() {
+    local input="$1"
+
+    if [ -z "$input" ]; then
+        echo "[]"
+        return
+    fi
+
+    local replaced="${input//,/\",\"}"
+
+    echo "[\"$replaced\"]"
+}
+
+# Decodes a URL-encoded string
+url_decode() {
+    local encoded="$1"
+    printf '%b' "$(echo "$encoded" | sed 's/+/ /g; s/%/\\x/g')"
+}
+
+# Extracts the userinfo (username[:password]) part from a URL
+url_get_userinfo() {
+    local url="$1"
+    echo "$url" | sed -n -e 's#^[^:/?]*://##' -e '/@/!d' -e 's/@.*//p'
+}
+
+# Extracts the host part from a URL
+url_get_host() {
+    local url="$1"
+    echo "$url" | sed -n -e 's#^[^:/?]*://##' -e 's#^[^/]*@##' -e 's#\([:/].*\|$\)##p'
+}
+
+# Extracts the port number from a URL
+url_get_port() {
+    local url="$1"
+    echo "$url" | sed -n -e 's#^[^:/?]*://##' -e 's#^[^/]*@##' -e 's#^[^/]*:\([0-9][0-9]*\).*#\1#p'
+}
+
+# Extracts the path from a URL (without query or fragment; returns "/" if empty)
+url_get_path() {
+    local url="$1"
+    echo "$url" | sed -n -e 's#^[^:/?]*://##' -e 's#^[^/]*##' -e 's#\([^?]*\).*#\1#p'
+}
+
+# Extracts the value of a specific query parameter from a URL
+url_get_query_param() {
+    local url="$1"
+    local param="$2"
+
+    local raw
+    raw=$(echo "$url" | sed -n "s/.*[?&]$param=\([^&?#]*\).*/\1/p")
+
+    [ -z "$raw" ] && echo "" && return
+
+    echo "$raw"
+}
+
+# Extracts the basename (filename without extension) from a URL
+url_get_basename() {
+    local url="$1"
+
+    local filename="${url##*/}"
+    local basename="${filename%%.*}"
+
+    echo "$basename"
+}
+
+# Extracts and returns the file extension from the given URL
+url_get_file_extension() {
+    local url="$1"
+
+    local basename="${url##*/}"
+    case "$basename" in
+    *.*) echo "${basename##*.}" ;;
+    *) echo "" ;;
+    esac
+}
+
+# Decodes and returns a base64-encoded string
+base64_decode() {
+    local str="$1"
+    local decoded_url
+
+    decoded_url="$(echo "$str" | base64 -d 2> /dev/null)"
+
+    echo "$decoded_url"
+}
+
+# Generates a unique 16-character ID based on the current timestamp and a random number
+gen_id() {
+    printf '%s%s' "$(date +%s)" "$RANDOM" | md5sum | cut -c1-16
+}
+
+# Adds a missing UCI option with the given value if it does not exist
+migration_add_new_option() {
+    local package="$1"
+    local section="$2"
+    local option="$3"
+    local value="$4"
+
+    local current
+    current="$(uci -q get "$package.$section.$option")"
+    if [ -z "$current" ]; then
+        log "Adding missing option '$option' with value '$value'"
+        uci set "$package.$section.$option=$value"
+        uci commit "$package"
+        return 0
+    else
+        return 1
+    fi
+}
+
+# Migrates a configuration key in an OpenWrt config file from old_key_name to new_key_name
+migration_rename_config_key() {
+    local config="$1"
+    local key_type="$2"
+    local old_key_name="$3"
+    local new_key_name="$4"
+
+    if grep -q "$key_type $old_key_name" "$config"; then
+        log "Deprecated $key_type found: $old_key_name migrating to $new_key_name"
+        sed -i "s/$key_type $old_key_name/$key_type $new_key_name/g" "$config"
+    fi
+}
+
+# Download URL content directly
+download_to_stream() {
+    local url="$1"
+    local http_proxy_address="$2"
+    local retries="${3:-3}"
+    local wait="${4:-2}"
+
+    for attempt in $(seq 1 "$retries"); do
+        if [ -n "$http_proxy_address" ]; then
+            http_proxy="http://$http_proxy_address" https_proxy="http://$http_proxy_address" wget -qO- "$url" | sed 's/\r$//' && break
+        else
+            wget -qO- "$url" | sed 's/\r$//' && break
+        fi
+
+        log "Attempt $attempt/$retries to download $url failed" "warn"
+        sleep "$wait"
+    done
+}
+
+# Download URL to file
+download_to_file() {
+    local url="$1"
+    local filepath="$2"
+    local http_proxy_address="$3"
+    local retries="${4:-3}"
+    local wait="${5:-2}"
+
+    for attempt in $(seq 1 "$retries"); do
+        if [ -n "$http_proxy_address" ]; then
+            http_proxy="http://$http_proxy_address" https_proxy="http://$http_proxy_address" wget -O "$filepath" "$url" && break
+        else
+            wget -O "$filepath" "$url" && break
+        fi
+
+        log "Attempt $attempt/$retries to download $url failed" "warn"
+        sleep "$wait"
+    done
+
+    if grep -q $'\r' "$filepath"; then
+        log "Downloaded file has Windows line endings (CRLF). Converting to Unix (LF)"
+        sed -i 's/\r$//' "$filepath"
+    fi
+}
+
+# Decompiles a sing-box SRS binary file into a JSON ruleset file
+decompile_srs_file() {
+    local binary_filepath="$1"
+    local output_filepath="$2"
+
+    log "Decompiling $binary_filepath to $output_filepath" "debug"
+
+    if ! file_exists "$binary_filepath"; then
+        log "File $binary_filepath not found" "error"
+        return 1
+    fi
+
+    sing-box rule-set decompile "$binary_filepath" -o "$output_filepath"
+    if [[ $? -ne 0 ]]; then
+        log "Decompilation command failed for $binary_filepath" "error"
+        return 1
+    fi
+}
+
+#######################################
+# Parses a whitespace-separated string, validates items as either domains
+# or IPv4 addresses/subnets, and returns a comma-separated string of valid items.
+# Arguments:
+#   $1 - Input string (space-separated list of items)
+#   $2 - Type of validation ("domains" or "subnets")
+# Outputs:
+#   Comma-separated string of valid domains or subnets
+#######################################
+parse_domain_or_subnet_string_to_commas_string() {
+    local string="$1"
+    local type="$2"
+
+    tmpfile=$(mktemp)
+    printf "%s\n" "$string" | sed 's/\/\/.*//' | tr ', ' '\n' | grep -v '^$' > "$tmpfile"
+
+    result="$(parse_domain_or_subnet_file_to_comma_string "$tmpfile" "$type")"
+    rm -f "$tmpfile"
+
+    echo "$result"
+}
+
+#######################################
+# Parses a file line by line, validates entries as either domains or subnets,
+# and returns a single comma-separated string of valid items.
+# Arguments:
+#   $1 - Path to the input file
+#   $2 - Type of validation ("domains" or "subnets")
+# Outputs:
+#   Comma-separated string of valid domains or subnets
+#######################################
+parse_domain_or_subnet_file_to_comma_string() {
+    local filepath="$1"
+    local type="$2"
+
+    local result
+    while IFS= read -r line; do
+        line=$(echo "$line" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
+
+        [ -z "$line" ] && continue
+
+        case "$type" in
+        domains)
+            if ! is_domain_suffix "$line"; then
+                log "'$line' is not a valid domain" "debug"
+                continue
+            fi
+            ;;
+        subnets)
+            if ! is_ipv4 "$line" && ! is_ipv4_cidr "$line"; then
+                log "'$line' is not IPv4 or IPv4 CIDR" "debug"
+                continue
+            fi
+            ;;
+        *)
+            log "Unknown type: $type" "error"
+            return 1
+            ;;
+        esac
+
+        if [ -z "$result" ]; then
+            result="$line"
+        else
+            result="$result,$line"
+        fi
+    done < "$filepath"
+
+    echo "$result"
+}
--- a/podkop/files/usr/lib/logging.sh
+++ b/podkop/files/usr/lib/logging.sh
@@ -0,0 +1,30 @@
+COLOR_CYAN="\033[0;36m"
+COLOR_GREEN="\033[0;32m"
+COLOR_RESET="\033[0m"
+
+log() {
+    local message="$1"
+    local level="$2"
+
+    if [ "$level" == "" ]; then
+        level="info"
+    fi
+
+    logger -t "podkop" "[$level] $message"
+}
+
+nolog() {
+    local message="$1"
+    local timestamp
+    timestamp=$(date +"%Y-%m-%d %H:%M:%S")
+
+    echo -e "${COLOR_CYAN}[$timestamp]${COLOR_RESET} ${COLOR_GREEN}$message${COLOR_RESET}"
+}
+
+echolog() {
+    local message="$1"
+    local level="$2"
+
+    log "$message" "$level"
+    nolog "$message"
+}
--- a/podkop/files/usr/lib/nft.sh
+++ b/podkop/files/usr/lib/nft.sh
@@ -0,0 +1,30 @@
+# Create an nftables table in the inet family
+nft_create_table() {
+    local name="$1"
+
+    nft add table inet "$name"
+}
+
+# Create a set within a table for storing IPv4 addresses
+nft_create_ipv4_set() {
+    local table="$1"
+    local name="$2"
+
+    nft add set inet "$table" "$name" '{ type ipv4_addr; flags interval; auto-merge; }'
+}
+
+nft_create_ifname_set() {
+    local table="$1"
+    local name="$2"
+
+    nft add set inet "$table" "$name" '{ type ifname; flags interval; }'
+}
+
+# Add one or more elements to a set
+nft_add_set_elements() {
+    local table="$1"
+    local set="$2"
+    local elements="$3"
+
+    nft add element inet "$table" "$set" "{ $elements }"
+}
--- a/podkop/files/usr/lib/sing_box_config_facade.sh
+++ b/podkop/files/usr/lib/sing_box_config_facade.sh
@@ -0,0 +1,232 @@
+PODKOP_LIB="/usr/lib/podkop"
+. "$PODKOP_LIB/helpers.sh"
+. "$PODKOP_LIB/sing_box_config_manager.sh"
+
+sing_box_cf_add_dns_server() {
+    local config="$1"
+    local type="$2"
+    local tag="$3"
+    local server="$4"
+    local domain_resolver="$5"
+    local detour="$6"
+
+    local server_address server_port
+    server_address=$(url_get_host "$server")
+    server_port=$(url_get_port "$server")
+
+    case "$type" in
+    udp)
+        [ -z "$server_port" ] && server_port=53
+        config=$(sing_box_cm_add_udp_dns_server "$config" "$tag" "$server_address" "$server_port" "$domain_resolver" \
+            "$detour")
+        ;;
+    dot)
+        [ -z "$server_port" ] && server_port=853
+        config=$(sing_box_cm_add_tls_dns_server "$config" "$tag" "$server_address" "$server_port" "$domain_resolver" \
+            "$detour")
+        ;;
+    doh)
+        [ -z "$server_port" ] && server_port=443
+        local path headers
+        path=$(url_get_path "$server")
+        headers="" # TODO(ampetelin): implement it if necessary
+        config=$(sing_box_cm_add_https_dns_server "$config" "$tag" "$server_address" "$server_port" "$path" "$headers" \
+            "$domain_resolver" "$detour")
+        ;;
+    *)
+        log "Unsupported DNS server type: $type"
+        exit 1
+        ;;
+    esac
+
+    echo "$config"
+}
+
+sing_box_cf_add_mixed_inbound_and_route_rule() {
+    local config="$1"
+    local tag="$2"
+    local listen_address="$3"
+    local listen_port="$4"
+    local outbound="$5"
+
+    config=$(sing_box_cm_add_mixed_inbound "$config" "$tag" "$listen_address" "$listen_port")
+    config=$(sing_box_cm_add_route_rule "$config" "" "$tag" "$outbound")
+
+    echo "$config"
+}
+
+sing_box_cf_add_proxy_outbound() {
+    local config="$1"
+    local section="$2"
+    local url="$3"
+    local udp_over_tcp="$4"
+
+    url=$(url_decode "$url")
+
+    local scheme="${url%%://*}"
+    case "$scheme" in
+    vless)
+        local tag host port uuid flow packet_encoding
+        tag=$(get_outbound_tag_by_section "$section")
+        host=$(url_get_host "$url")
+        port=$(url_get_port "$url")
+        uuid=$(url_get_userinfo "$url")
+        flow=$(url_get_query_param "$url" "flow")
+        packet_encoding=$(url_get_query_param "$url" "packetEncoding")
+
+        config=$(sing_box_cm_add_vless_outbound "$config" "$tag" "$host" "$port" "$uuid" "$flow" "" "$packet_encoding")
+
+        local transport
+        transport=$(url_get_query_param "$url" "type")
+        case "$transport" in
+        tcp | raw) ;;
+        ws)
+            local ws_path ws_host ws_early_data
+            ws_path=$(url_get_query_param "$url" "path")
+            ws_host=$(url_get_query_param "$url" "host")
+            ws_early_data=$(url_get_query_param "$url" "ed")
+
+            config=$(sing_box_cm_set_vless_ws_transport "$config" "$tag" "$ws_path" "$ws_host" "$ws_early_data")
+            ;;
+        grpc)
+            # TODO(ampetelin): Add handling of optional gRPC parameters; example links are needed.
+            config=$(sing_box_cm_set_vless_grpc_transport "$config" "$tag")
+            ;;
+        *)
+            log "Unknown transport '$transport' detected." "error"
+            ;;
+        esac
+
+        local security
+        security=$(url_get_query_param "$url" "security")
+        case "$security" in
+        tls | reality)
+            local sni insecure alpn fingerprint public_key short_id
+            sni=$(url_get_query_param "$url" "sni")
+            insecure=$(url_get_query_param "$url" "allowInsecure")
+            alpn=$(comma_string_to_json_array "$(url_get_query_param "$url" "alpn")")
+            fingerprint=$(url_get_query_param "$url" "fp")
+            public_key=$(url_get_query_param "$url" "pbk")
+            short_id=$(url_get_query_param "$url" "sid")
+
+            config=$(
+                sing_box_cm_set_vless_tls \
+                    "$config" \
+                    "$tag" \
+                    "$sni" \
+                    "$([ "$insecure" == "1" ] && echo true)" \
+                    "$([ "$alpn" == "[]" ] && echo null || echo "$alpn")" \
+                    "$fingerprint" \
+                    "$public_key" \
+                    "$short_id"
+            )
+            ;;
+        none) ;;
+        *)
+            log "Unknown security '$security' detected." "error"
+            ;;
+        esac
+        ;;
+    ss)
+        local userinfo tag host port method password udp_over_tcp
+
+        userinfo=$(url_get_userinfo "$url")
+        if ! is_shadowsocks_userinfo_format "$userinfo"; then
+            userinfo=$(base64_decode "$userinfo")
+            if [ $? -ne 0 ]; then
+                log "Cannot decode shadowsocks userinfo or it does not match the expected format. Aborted." "fatal"
+                exit 1
+            fi
+        fi
+
+        tag=$(get_outbound_tag_by_section "$section")
+        host=$(url_get_host "$url")
+        port=$(url_get_port "$url")
+        method="${userinfo%%:*}"
+        password="${userinfo#*:}"
+
+        config=$(
+            sing_box_cm_add_shadowsocks_outbound \
+                "$config" \
+                "$tag" \
+                "$host" \
+                "$port" \
+                "$method" \
+                "$password" \
+                "" \
+                "$([ "$udp_over_tcp" == "1" ] && echo 2)" # if udp_over_tcp is enabled, enable version 2
+        )
+        ;;
+    *)
+        log "Unsupported proxy $scheme type"
+        exit 1
+        ;;
+    esac
+
+    echo "$config"
+}
+
+sing_box_cf_add_json_outbound() {
+    local config="$1"
+    local section="$2"
+    local json_outbound="$3"
+
+    local tag
+    tag=$(get_outbound_tag_by_section "$section")
+
+    config=$(sing_box_cm_add_raw_outbound "$config" "$tag" "$json_outbound")
+
+    echo "$config"
+}
+
+sing_box_cf_add_interface_outbound() {
+    local config="$1"
+    local section="$2"
+    local interface_name="$3"
+
+    local tag
+    tag=$(get_outbound_tag_by_section "$section")
+
+    config=$(sing_box_cm_add_interface_outbound "$config" "$tag" "$interface_name")
+
+    echo "$config"
+}
+
+sing_box_cf_proxy_domain() {
+    local config="$1"
+    local inbound="$2"
+    local domain="$3"
+    local outbound="$4"
+
+    tag="$(gen_id)"
+    config=$(sing_box_cm_add_route_rule "$config" "$tag" "$inbound" "$outbound")
+    config=$(sing_box_cm_patch_route_rule "$config" "$tag" "domain" "$domain")
+
+    echo "$config"
+}
+
+sing_box_cf_override_domain_port() {
+    local config="$1"
+    local domain="$2"
+    local port="$3"
+
+    tag="$(gen_id)"
+    config=$(sing_box_cm_add_options_route_rule "$config" "$tag")
+    config=$(sing_box_cm_patch_route_rule "$config" "$tag" "domain" "$domain")
+    config=$(sing_box_cm_patch_route_rule "$config" "$tag" "override_port" "$port")
+
+    echo "$config"
+}
+
+sing_box_cf_add_single_key_reject_rule() {
+    local config="$1"
+    local inbound="$2"
+    local key="$3"
+    local value="$4"
+
+    tag="$(gen_id)"
+    config=$(sing_box_cm_add_reject_route_rule "$config" "$tag" "$inbound")
+    config=$(sing_box_cm_patch_route_rule "$config" "$tag" "$key" "$value")
+
+    echo "$config"
+}
--- a/podkop/files/usr/lib/sing_box_config_manager.sh
+++ b/podkop/files/usr/lib/sing_box_config_manager.sh
Author	SHA1	Message	Date
Kirill Sobakin	340c2b3505	Merge pull request #171 from itdoginfo/fix Fix	2025-09-17 19:17:58 +03:00
Andrey Petelin	515c0be38b	fix: revert changes from issue #148	2025-09-17 21:14:57 +05:00
Andrey Petelin	59c59bcb17	fix: Improve shadowsocks userinfo decoding with format validation and error handling`	2025-09-17 21:09:03 +05:00
Kirill Sobakin	e5eff41a0f	Merge pull request #170 from itdoginfo/fix Fix: Mask urltest_proxy_links and move sing-box config check to init config function	2025-09-17 13:04:32 +03:00
Andrey Petelin	bb1c06951c	fix: Exclusion of ruleset subnets from dns rules (#148 )	2025-09-17 13:31:00 +05:00
Andrey Petelin	4999840340	fix: Support comments in user domain/subnet parsing	2025-09-17 11:58:55 +05:00
Andrey Petelin	6c5a271105	fix: Move sing-box config check to after temp file creation	2025-09-16 20:11:13 +05:00
Andrey Petelin	e336bb831c	fix: Mask urltest_proxy_links in config output	2025-09-16 19:45:32 +05:00
Kirill Sobakin	00db99723c	Merge pull request #169 from itdoginfo/urltest fix: Correct boolean value for interrupt_exist_connections in JSON	2025-09-16 15:14:43 +03:00
Andrey Petelin	5439504de7	fix: Correct boolean value for interrupt_exist_connections in JSON generation	2025-09-16 17:12:19 +05:00
Kirill Sobakin	c3072162de	Merge pull request #168 from itdoginfo/urltest feat: Add URLTest proxy configuration type with dynamic list support	2025-09-16 15:10:37 +03:00
Andrey Petelin	d021636f85	chore: Fix placeholder text typo in proxy links field	2025-09-16 17:09:37 +05:00
Andrey Petelin	a06aac0613	feat: Add URLTest proxy configuration type with dynamic list support	2025-09-16 16:58:39 +05:00
Kirill Sobakin	29159243ea	Merge pull request #167 from itdoginfo/fix Fix	2025-09-16 11:44:27 +03:00
Andrey Petelin	269123600a	fix: Correct variable usage in domain/subnet parsing function (#165 )	2025-09-16 13:39:40 +05:00
Andrey Petelin	49add27f81	fix: Improve domain validation to support suffix matching (#166 )	2025-09-16 13:19:02 +05:00
itdoginfo	c929c74da5	DeepWiki	2025-09-15 23:29:04 +03:00
itdoginfo	bb91144a91	Update	2025-09-15 22:22:10 +03:00
itdoginfo	2291d9fb9d	Check 23.05	2025-09-15 22:15:10 +03:00
Kirill Sobakin	f722a513d0	Merge pull request #163 from itdoginfo/fix fix: Use correct variable for detour service address	2025-09-15 17:27:15 +03:00
Andrey Petelin	a71707f174	fix: Use correct variable for detour service address	2025-09-15 19:22:52 +05:00
Kirill Sobakin	983f05345b	Merge pull request #161 from itdoginfo/refactoring Refactoring	2025-09-15 15:52:22 +03:00
Andrey Petelin	ee246895de	fix: Redirect base64 decode errors to /dev/null	2025-09-15 17:41:17 +05:00
Andrey Petelin	27719f90ee	feat: Add support for DoH URLs with paths and UDP port specification	2025-09-14 17:51:20 +05:00
Andrey Petelin	4a17cf66a3	refactor: Add file existence checks and improve startup reliability	2025-09-14 09:26:26 +05:00
Andrey Petelin	db956452d1	refactor: Move logging functions to library file	2025-09-14 09:10:42 +05:00
Andrey Petelin	4897d3d292	refactor: Split nftables rules for TCP and UDP protocols separately	2025-09-14 08:55:34 +05:00
itdoginfo	0aa0a4a9c8	Add /usr/lib/podkop path	2025-09-13 19:23:09 +03:00
Andrey Petelin	7d082c5def	chore: Update README task status from done to pending	2025-09-12 14:05:11 +05:00
Andrey Petelin	8845749517	chore: Update README.md to mark completed tasks	2025-09-12 14:03:32 +05:00
Andrey Petelin	054ed355cf	fix: Add packet_encoding support for VLESS outbound configuration	2025-09-11 17:52:47 +05:00
Andrey Petelin	304c57edfa	fix: Fix translation for "Local Subnet List Paths"	2025-09-11 17:04:22 +05:00
Andrey Petelin	8dd33cdde2	fix: Remove non-existent filename variable	2025-09-11 17:01:39 +05:00
Andrey Petelin	3d3fbe3bfb	fix: Fix variable name in HTTP proxy check for wget command	2025-09-11 16:58:40 +05:00
Andrey Petelin	427ea3bc9a	fix: Remove unused server_address variable from DNS configuration	2025-09-11 16:56:30 +05:00
Andrey Petelin	a7f6a993ac	chore: shfmt formatting	2025-09-11 16:40:06 +05:00
Andrey Petelin	074c1a9349	chore: Remove TODO comments from user domains and subnets text input fields	2025-09-11 15:32:39 +05:00
Andrey Petelin	b6a6db71a8	refactor: Implement user domain and subnet list handling	2025-09-11 15:31:21 +05:00
Andrey Petelin	38fcb59ed7	fix: Reload config after commit to ensure runtime consistency	2025-09-11 13:37:49 +05:00
Andrey Petelin	5a2ffcfd38	refactor: Add graceful shutdown handling for dnsmasq reconfiguration	2025-09-11 11:43:58 +05:00
Andrey Petelin	49f12b212d	chore: Update required sing-box version to 1.12.0	2025-09-10 19:44:31 +05:00
Andrey Petelin	489c61baa2	refactor: Move constants to constants.sh	2025-09-10 19:40:12 +05:00
Andrey Petelin	d4b5431db4	refactor: Refactor nft rules to use named sets for interfaces and localv4	2025-09-10 17:52:14 +05:00
Andrey Petelin	d0ea39abd0	refactor: Rename TEST_DOMAIN variable to FAKEIP_TEST_DOMAIN	2025-09-10 15:39:23 +05:00
Andrey Petelin	d4e754d2eb	refactor: Rename FAKEIP constant to SB_FAKEIP_INET4_RANG	2025-09-10 14:14:15 +05:00
Andrey Petelin	82f9ae4c6a	refactor: Remove redundant FakeIP config verification	2025-09-10 14:10:17 +05:00
Andrey Petelin	775b0073d3	refactor: Fixed nft rule for routing tagged traffic to localhost tproxy	2025-09-10 13:33:07 +05:00
Andrey Petelin	b477a8abc0	fix: Assign domain resolver tag correctly to DNS servers	2025-09-09 16:30:11 +05:00
Andrey Petelin	81e0c86060	refactor: Add block section support	2025-09-09 15:51:09 +05:00
Andrey Petelin	191522f396	chore: Rename download_to_tempfile to download_to_file for clarity	2025-09-09 11:48:03 +05:00
Andrey Petelin	79cea7a31a	chore: remove .shellcheckrc file	2025-09-09 11:20:19 +05:00
Andrey Petelin	6c094aceae	fix: Ensure unique values when patching local source ruleset	2025-09-09 11:15:29 +05:00
Andrey Petelin	1e8c2b50f7	chore: Rename NFT_GENERAL_SET_NAME to NFT_COMMON_SET_NAME	2025-09-08 23:10:53 +05:00
Andrey Petelin	27d2366208	chore: Remove list_update refactor TODO	2025-09-08 23:03:28 +05:00
Andrey Petelin	c1133827a2	fix: Pass HTTP proxy address to download functions for remote subnet imports	2025-09-08 23:00:26 +05:00
Andrey Petelin	a187192a88	chore: Move and rename _get_download_detour_tag to get_download_detour_tag	2025-09-08 22:55:42 +05:00
Andrey Petelin	fe30cf9e55	refactor: Refactoring list_update function	2025-09-08 22:43:27 +05:00
Andrey Petelin	9496a88774	refactor: Add ip addresses to nft set for local ruleset handling	2025-09-08 10:46:29 +05:00
Andrey Petelin	f54e92cd7a	fix: Update config key from cache_file to cache_path in cache file configuration	2025-09-08 10:38:49 +05:00
Andrey Petelin	d70a04b144	refactor: Improve dnsmasq configuration logic for DNS handling	2025-09-07 18:11:46 +05:00
Andrey Petelin	e5be9c3fd1	refactor: Avoid unnecessary sing-box config writes by comparing hashes before saving (#128 )	2025-09-07 12:45:27 +05:00
Andrey Petelin	9762b9cca4	refactor: Remove unused functions	2025-09-07 12:14:02 +05:00
Andrey Petelin	9d861cf3e0	feat: Add sing-box config path option (#128 )	2025-09-07 12:12:08 +05:00
Andrey Petelin	49836e4adc	feat: Add local subnet lists support with UI and backend integration (#156 )	2025-09-05 21:23:55 +05:00
Andrey Petelin	5273935d25	chore: fix my perfect English	2025-09-05 17:01:36 +05:00
Andrey Petelin	d03167f49d	chore: fix my perfect English	2025-09-05 16:49:05 +05:00
Andrey Petelin	da89c5c7df	refactor: rename parameters for migration	2025-09-05 15:02:24 +05:00
Andrey Petelin	acfc95e86d	refactor: Refactoring configuration of local domain lists	2025-09-05 14:50:43 +05:00
Andrey Petelin	17c1d09aa8	refactor: Enable cron job scheduling	2025-09-04 20:11:16 +05:00
Andrey Petelin	c7e21010bd	refactor: Add download helper functions to helpers.sh and remove from main script	2025-09-04 20:09:44 +05:00
Andrey Petelin	f70e2ac557	refactor: Simplify cron job logic and renaming variable	2025-09-04 20:02:43 +05:00
Andrey Petelin	cb4e3036be	chore: Remove module logging from log function	2025-09-04 18:00:28 +05:00
Andrey Petelin	12fc6bd9ac	chore: undo renaming of taboption classarg	2025-09-04 16:43:39 +05:00
Andrey Petelin	2794cad533	fix: Remove direct outbound from DNS server configuration to prevent invalid detour	2025-09-04 12:35:53 +05:00
Andrey Petelin	9b182a3045	fix: fix detour parameter for remote ruleset	2025-09-04 12:28:38 +05:00
Andrey Petelin	f07d90a524	refactor: intermediate refactoring commit	2025-09-04 12:10:05 +05:00
Andrey Petelin	75fc377c22	Merge branch 'main' into refactoring	2025-09-04 11:52:52 +05:00
itdoginfo	33ecb771f9	Fix UDP over TCP for extra section	2025-09-02 14:44:14 +03:00
itdoginfo	86038e2756	Delay setting option	2025-09-02 14:09:35 +03:00
Andrey Petelin	db91c628c8	Merge remote-tracking branch 'origin/refactoring' into refactoring # Conflicts: # podkop/files/usr/lib/sing_box_config_manager.sh	2025-08-31 20:25:16 +05:00
Andrey Petelin	41ce41945c	feat: Add domain_resolver and detour parameters to DNS server configurations in sing-box manager script	2025-08-31 20:22:57 +05:00
Andrey Petelin	2753a44440	feat: Add domain_resolver parameter to DNS server configurations in sing-box manager script	2025-08-31 19:43:21 +05:00
Andrey Petelin	cd1a4e2a8e	chore: update example links with valid values	2025-08-31 13:19:04 +05:00
Andrey Petelin	7e041da8c6	feat: add sing-box configuration manager script and jq helpers	2025-08-31 13:09:55 +05:00
itdoginfo	f3f5bca555	Add HODCA, CloudFront, DO	2025-08-29 15:02:43 +03:00
itdoginfo	174f16bc76	Update	2025-08-28 19:11:37 +03:00
itdoginfo	7c63a35faa	Old value #131	2025-08-28 18:40:53 +03:00
itdoginfo	86a86df982	Fix template	2025-08-28 18:12:35 +03:00
itdoginfo	ac445bc227	Fix template config	2025-08-28 18:08:10 +03:00
itdoginfo	4398e6885b	Add template for issues and PR	2025-08-28 18:06:08 +03:00
itdoginfo	9974b42cc2	NFT: output chain for traffic from the router	2025-08-27 00:31:56 +03:00
itdoginfo	8cd990f8a3	Fix extension for list	2025-08-26 14:25:28 +03:00
itdoginfo	c509fd38c7	Fix version for docker	2025-08-26 14:16:08 +03:00
itdoginfo	38991a803a	Fix	2025-08-25 19:44:16 +03:00
itdoginfo	29c34e31db	Fix	2025-08-25 19:41:04 +03:00
itdoginfo	a77e8fae7d	Disable tag check	2025-08-25 19:13:01 +03:00
itdoginfo	6d83737336	Auto version for make	2025-08-25 19:11:12 +03:00
itdoginfo	84115e2f3b	v0.4.7	2025-08-25 17:02:46 +03:00
itdoginfo	2dbdb9d2c1	Global check: WG Route	2025-08-24 16:13:41 +03:00
itdoginfo	88c6717152	Disable delay	2025-08-24 13:44:49 +03:00
itdoginfo	b3986308ce	Cut WRP prefix	2025-08-24 13:44:39 +03:00
itdoginfo	a15c3cf171	Update #147	2025-08-24 11:59:40 +03:00
itdoginfo	4c91223f85	Merge pull request #136 from SaltyMonkey:main User Subnet validation for glob ip, init.d/zapret proper check, passwall in conflicts	2025-08-24 11:05:55 +03:00
itdoginfo	7cf7b1f626	Merge branch 'main' into main	2025-08-24 11:04:39 +03:00
SaltyMonkey	a2536534f8	Remove opkg list-installed checks for packages from conflicts	2025-08-24 10:00:13 +03:00
itdoginfo	c49354fe38	Merge pull request #149 from ampetelin:json_srs_lists Added support for JSON and SRS	2025-08-23 18:53:37 +03:00
Andrey Petelin	6e01e036eb	handle missing ip_cidr in rulesets	2025-08-23 20:42:43 +05:00
Andrey Petelin	7484d0c203	Fixed logging of custom ruleset preparation	2025-08-23 19:36:34 +05:00
Andrey Petelin	0eb4ca4ea9	Removed filepath from wget when downloading via proxy	2025-08-23 19:33:47 +05:00
Andrey Petelin	c2d95162b7	Added support for JSON and SRS rulesets	2025-08-20 21:42:46 +05:00
SaltyMonkey	1fc2947fbc	Log messages for nextdns	2025-07-25 09:41:58 +03:00
SaltyMonkey	ea931d8463	added nextdns package in conflicts	2025-07-25 09:38:48 +03:00
SaltyMonkey	e2f36c35d4	Log messages for luci-app-passwall and luci-app-passwall in binary	2025-07-12 01:08:39 +03:00
SaltyMonkey	e8f8dcc5e7	added passwall and passwall2(paid version?) in conflicts	2025-07-12 01:00:00 +03:00
SaltyMonkey	1e2174bb80	User Subnets validation: 0.0.0.0 is not allowed	2025-07-12 00:40:51 +03:00
SaltyMonkey	85e515ef15	Fix /etc/init.d/zapret check in global_check, cleanup useless whitespaces	2025-07-12 00:29:33 +03:00
itdoginfo	418cdc4366	rm iptables-mod-extra check	2025-06-30 16:56:39 +03:00
itdoginfo	25b0dcaad5	v0.4.6	2025-06-30 16:27:44 +03:00
itdoginfo	cc59e756dd	br_netfilter. Cache size unset. Mixed & source_ip_cidr	2025-06-30 16:26:31 +03:00
itdoginfo	210714c499	unnecessary check	2025-06-30 16:24:33 +03:00
itdoginfo	8b6c336584	Change to 1.1.1.1	2025-06-27 23:54:52 +03:00
itdoginfo	5c543c1608	Change to procd_add_interface_trigger. Added PROCD_RELOAD_DELAY	2025-06-27 23:54:31 +03:00
itdoginfo	ac274d8796	v0.4.5	2025-06-25 23:38:55 +03:00
itdoginfo	ce1f86ceb7	Added split dns. Func for build sing-box config	2025-06-25 23:34:39 +03:00
itdoginfo	1fd67eefb3	Fix eng phrase	2025-06-25 23:32:33 +03:00
itdoginfo	e7b726d27c	Merge pull request #127 from procudin/fix/extra-configs-visibility fix: hide extra configs for non-basic tabs	2025-06-23 13:58:25 +03:00
Artem Prokudin	adb16e7f74	fix: hide extra configs for non-basic tabs	2025-06-15 10:57:16 +03:00
itdoginfo	51da8c22fd	Update	2025-06-03 15:47:13 +03:00
itdoginfo	41351dafd2	Removed the installation awg/wg/ovpn/oc. Refactoring	2025-06-03 15:45:27 +03:00