Add many new scripts for manage service

zapret/Makefile

@@ -76,15 +76,19 @@ define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/90-zapret $(1)/etc/hotplug.d/iface/90-zapret
 	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/zapret $(1)/etc/init.d/zapret
+	$(INSTALL_BIN) ./init.d.sh $(1)/etc/init.d/zapret
 	$(INSTALL_CONF) ./config.default $(1)/opt/zapret/config.default
 	$(INSTALL_CONF) ./ipset/zapret-hosts-google.txt       $(1)/opt/zapret/ipset/zapret-hosts-google.txt
 	$(INSTALL_CONF) ./ipset/zapret-hosts-user-exclude.txt $(1)/opt/zapret/ipset/zapret-hosts-user-exclude.txt
 	$(INSTALL_CONF) ./ipset/zapret-ip-exclude.txt         $(1)/opt/zapret/ipset/zapret-ip-exclude.txt
-	$(INSTALL_BIN) ./sync_config.sh $(1)/opt/zapret/sync_config.sh
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_BIN) ./uci-def-cfg.sh $(1)/etc/uci-defaults/zapret-uci-def-cfg.sh
-	$(INSTALL_BIN) ./uci-def-cfg.sh $(1)/opt/zapret/uci-def-cfg.sh
+	$(INSTALL_BIN) ./uci-def-cfg.sh     $(1)/etc/uci-defaults/zapret-uci-def-cfg.sh
+	$(INSTALL_BIN) ./uci-def-cfg.sh     $(1)/opt/zapret/uci-def-cfg.sh
+	$(INSTALL_BIN) ./comfunc.sh         $(1)/opt/zapret/comfunc.sh
+	$(INSTALL_BIN) ./def-cfg.sh         $(1)/opt/zapret/def-cfg.sh
+	$(INSTALL_BIN) ./renew-cfg.sh       $(1)/opt/zapret/renew-cfg.sh
+	$(INSTALL_BIN) ./restore-def-cfg.sh $(1)/opt/zapret/restore-def-cfg.sh
+	$(INSTALL_BIN) ./sync_config.sh     $(1)/opt/zapret/sync_config.sh
 endef
 
 define Package/$(PKG_NAME)/preinst
@@ -132,15 +136,6 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
 		echo "Current file $${ZAPRET_CONFIG} backuped to $${ZAPRET_CONFIG_BACKUP}"
 		cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
 	fi
-	# create empty txt files into ipset directory
-	[ ! -f "/opt/zapret/ipset/zapret-hosts-google.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-google.txt"
-	#[ ! -f "/opt/zapret/ipset/zapret-hosts-auto.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-auto.txt"
-	[ ! -f "/opt/zapret/ipset/zapret-hosts-user.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user.txt"
-	[ ! -f "/opt/zapret/ipset/zapret-hosts-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user-ipban.txt"
-	#[ ! -f "/opt/zapret/ipset/zapret-ip.txt" ] && touch "/opt/zapret/ipset/zapret-ip.txt"
-	[ ! -f "/opt/zapret/ipset/zapret-ip-user.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user.txt"
-	[ ! -f "/opt/zapret/ipset/zapret-ip-user-exclude.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user-exclude.txt"
-	[ ! -f "/opt/zapret/ipset/zapret-ip-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user-ipban.txt"
 	# check existing uci-config
 	[ -f "/etc/config/zapret" ] && ZAPRET_CFG_EXISTS=1 || ZAPRET_CFG_EXISTS=0
 	# create or merge uci-config
@@ -150,13 +145,15 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
 	rm -f /etc/uci-defaults/zapret-uci-def-cfg.sh
 	# copy (sync) all params from uci-config to main config
 	/opt/zapret/sync_config.sh
+	# check service status
+	[ "$$( /etc/init.d/zapret status 2>/dev/null )" = "running" ] && ZAPRET_RUNNING=1 || ZAPRET_RUNNING=0
+	if [ "$${ZAPRET_RUNNING}" = "0" ]; then
+		ps w | grep '/opt/zapret/nfq/nfqws' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
+		exit 0
+	fi
 	# check main config
-	sh -n "$$ZAPRET_CONFIG"
-	ZAPRET_CONFIG_ERRCODE=$$?
-	[ "$$ZAPRET_CONFIG_ERRCODE" != "0" ] && cp -f "$$ZAPRET_CONFIG_DEF" "$$ZAPRET_CONFIG"
-	sh -n "$$ZAPRET_CONFIG"
-	ZAPRET_CONFIG_ERRCODE=$$?
-	[ "$$ZAPRET_CONFIG_ERRCODE" != "0" ] && exit 58
+	sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
+	sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || exit 58
 	# enable main service
 	/etc/init.d/zapret enable
 	# stop all
@@ -181,12 +178,8 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
 	ZAPRET_CONFIG_DEF="/opt/zapret/config.default"
 	OPENWRT_FW_INCLUDE=/etc/firewall.zapret
 	# check main config
-	sh -n "$$ZAPRET_CONFIG"
-	ZAPRET_CONFIG_ERRCODE=$$?
-	[ "$$ZAPRET_CONFIG_ERRCODE" != "0" ] && cp -f "$$ZAPRET_CONFIG_DEF" "$$ZAPRET_CONFIG"
-	sh -n "$$ZAPRET_CONFIG"
-	ZAPRET_CONFIG_ERRCODE=$$?
-	if [ "$$ZAPRET_CONFIG_ERRCODE" != "0" ]; then
+	sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
+	if ! sh -n "$${ZAPRET_CONFIG}" 2>/dev/null ; then
 		ps w | grep '/opt/zapret/nfq/nfqws' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
 		exit 0
 	fi

zapret/comfunc.sh

@@ -0,0 +1,124 @@
+#!/bin/sh
+# Copyright (c) 2024 remittor
+
+EXEDIR=/opt/zapret
+ZAPRET_BASE=/opt/zapret
+
+ZAPRET_INITD=/etc/init.d/zapret
+ZAPRET_ORIG_INITD="$ZAPRET_BASE/init.d/openwrt/zapret"
+
+ZAPRET_CONFIG="$ZAPRET_BASE/config"
+ZAPRET_CONFIG_NEW="$ZAPRET_BASE/config.new"
+ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default"
+
+ZAPRET_CFG=/etc/config/zapret
+ZAPRET_CFG_NAME=zapret
+ZAPRET_CFG_SEC_NAME="$( uci -q get $ZAPRET_CFG_NAME.config )"
+
+. $ZAPRET_BASE/def-cfg.sh
+
+function adapt_for_sed
+{
+	local str=$( ( echo $1|sed -r 's/([\$\.\*\/\[\\^])/\\\1/g'|sed 's/[]]/\\]/g' )>&1 )
+	echo "$str"
+}
+
+function is_valid_config
+{
+	local fname=${1:-$ZAPRET_CONFIG}
+	sh -n "$fname" &>/dev/null
+	return $?
+}
+
+function get_ppid_by_pid
+{
+	local pid=$1
+	local ppid="$( cat /proc/$pid/status 2>/dev/null | grep '^PPid:' | awk '{print $2}' )"
+	echo "$ppid"
+}
+
+function get_proc_path_by_pid
+{
+	local pid=$1
+	local path=$( cat /proc/$pid/cmdline 2>/dev/null | tr '\0' '\n' | head -n1 )
+	echo "$path"
+}
+
+function get_proc_cmd_by_pid
+{
+	local pid=$1
+	local delim="$2"
+	local cmdline
+	if [ "$delim" = "" ]; then
+		cmdline="$( cat /proc/$pid/cmdline 2>/dev/null | tr '\0' '\n' )"
+	else
+		cmdline="$( cat /proc/$pid/cmdline 2>/dev/null | tr '\0' "$delim" )"
+	fi
+	echo "$cmdline"
+}
+
+function is_run_via_procd
+{
+	local pname
+	[ "$$" = "1" ] && return 0	
+	pname="$( get_proc_path_by_pid $$ )"
+	[ "$pname" = "/sbin/procd" ] && return 0
+	[ "$PPID" = "1" ] && return 0
+	pname="$( get_proc_path_by_pid $PPID )"
+	[ "$pname" = "/sbin/procd" ] && return 0
+	return 1
+}
+
+function is_run_on_boot
+{
+	local cmdline="$( get_proc_cmd_by_pid $$ ' ' )"
+	if echo "$cmdline" | grep -q " /etc/rc.d/S" ; then
+		if echo "$cmdline" | grep -q " boot $" ; then
+			return 0
+		fi
+	fi
+	return 1
+}
+
+function get_run_on_boot_option
+{
+	if [ "$( uci -q get $ZAPRET_CFG_NAME.config.run_on_boot )" = "1" ]; then
+		echo 1
+	else
+		echo 0
+	fi
+}
+
+function create_default_cfg
+{
+	local cfgname=${1:-$ZAPRET_CFG_NAME}
+	local cfgfile=/etc/config/$cfgname
+	rm -f $cfgfile
+	touch $cfgfile
+	uci set $cfgname.config=main
+	set_cfg_default_values $cfgname
+	return 0
+}
+
+function merge_cfg_with_def_values
+{
+	local cfgname=${1:-$ZAPRET_CFG_NAME}
+	local force=$2
+	local cfgfile=/etc/config/$cfgname
+	local NEWCFGNAME="zapret-default"
+	local NEWCFGFILE="/etc/config/$NEWCFGNAME"
+
+	local cfg_sec_name="$( uci -q get $ZAPRET_CFG_NAME.config )"
+	[ -z "$cfg_sec_name" ] && create_default_cfg
+
+	create_default_cfg "$NEWCFGNAME"
+	[ ! -f "$NEWCFGFILE" ] && return 1 
+
+	uci -m -f $cfgfile import "$NEWCFGNAME"
+	uci commit "$NEWCFGNAME"
+	uci -m -f "$NEWCFGFILE" import $cfgname
+	uci commit $cfgname
+	rm -f "$NEWCFGFILE"	
+	return 0
+}
+

zapret/def-cfg.sh

@@ -0,0 +1,66 @@
+#!/bin/sh
+# Copyright (c) 2024 remittor
+
+function set_cfg_default_values
+{
+	local cfgname=${1:-$ZAPRET_CFG_NAME}
+	local TAB="$( echo -n -e '\t' )"
+	uci batch <<-EOF
+		set $cfgname.config.run_on_boot='0'
+		# settings for zapret service
+		set $cfgname.config.FWTYPE='nftables'
+		set $cfgname.config.POSTNAT='1'
+		set $cfgname.config.FLOWOFFLOAD='none'
+		set $cfgname.config.INIT_APPLY_FW='1'
+		set $cfgname.config.DISABLE_IPV4='0'
+		set $cfgname.config.DISABLE_IPV6='1'
+		set $cfgname.config.MODE_FILTER='hostlist'
+		# autohostlist options
+		set $cfgname.config.AUTOHOSTLIST_RETRANS_THRESHOLD='3'
+		set $cfgname.config.AUTOHOSTLIST_FAIL_THRESHOLD='3'
+		set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60'
+		set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0'
+		# nfqws options
+		set $cfgname.config.NFQWS_ENABLE='1'
+		set $cfgname.config.DESYNC_MARK='0x40000000'
+		set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000'
+		set $cfgname.config.NFQWS_PORTS_TCP='80,443'
+		set $cfgname.config.NFQWS_PORTS_UDP='443'
+		set $cfgname.config.NFQWS_TCP_PKT_OUT='9'
+		set $cfgname.config.NFQWS_TCP_PKT_IN='3'
+		set $cfgname.config.NFQWS_UDP_PKT_OUT='9'
+		set $cfgname.config.NFQWS_UDP_PKT_IN='0'
+		set $cfgname.config.NFQWS_PORTS_TCP_KEEPALIVE='0'
+		set $cfgname.config.NFQWS_PORTS_UDP_KEEPALIVE='0'
+		set $cfgname.config.NFQWS_OPT="
+			--filter-tcp=80 <HOSTLIST>
+			--dpi-desync=fake,split2
+			--dpi-desync-autottl=2
+			--dpi-desync-fooling=md5sig
+			--new
+			--filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
+			--dpi-desync=fake,split2
+			--dpi-desync-repeats=11
+			--dpi-desync-fooling=md5sig
+			--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
+			--new
+			--filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
+			--dpi-desync=fake
+			--dpi-desync-repeats=11
+			--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
+			--new
+			--filter-udp=443 <HOSTLIST_NOAUTO>
+			--dpi-desync=fake
+			--dpi-desync-repeats=11
+			--new
+			--filter-tcp=80,443 <HOSTLIST>
+			--dpi-desync=fake,disorder2
+			--dpi-desync-repeats=6
+			--dpi-desync-autottl=2
+			--dpi-desync-fooling=md5sig
+		"
+		# save changes
+		commit $cfgname
+	EOF
+	return 0
+}

zapret/init.d.sh

@@ -0,0 +1,71 @@
+#!/bin/sh /etc/rc.common
+# Copyright (c) 2024 remittor
+
+USE_PROCD=1
+# after network
+START=21
+
+SCRIPT_FILENAME=$1
+
+. /opt/zapret/comfunc.sh
+
+if ! is_valid_config ; then
+	logger -p err -t ZAPRET "Wrong main config: $ZAPRET_CONFIG"
+	exit 91
+fi
+
+. $ZAPRET_ORIG_INITD
+
+EXEDIR=/opt/zapret
+ZAPRET_BASE=/opt/zapret
+
+is_run_on_boot && IS_RUN_ON_BOOT=1 || IS_RUN_ON_BOOT=0
+
+
+function enable
+{
+	local run_on_boot=""
+	if [ "$IS_RUN_ON_BOOT" = "1" ]; then
+		if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
+			run_on_boot=$( get_run_on_boot_option )
+			if [ $run_on_boot != 1 ]; then
+				logger -p notice -t ZAPRET "Attempt to enable service, but service blocked!"
+				return 61
+			fi
+		fi
+	fi
+	if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
+		uci set $ZAPRET_CFG_NAME.config.run_on_boot=1
+		uci commit
+	fi
+	/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD enable
+}
+
+function enabled
+{
+	local run_on_boot=""
+	if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
+		run_on_boot=$( get_run_on_boot_option )
+		if [ $run_on_boot != 1 ]; then
+			logger -p notice -t ZAPRET "Service is blocked!"
+			return 61
+		fi
+	fi
+	/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD enabled
+}
+
+function boot
+{
+	local run_on_boot=""
+	if [ "$IS_RUN_ON_BOOT" = "1" ]; then
+		if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
+			run_on_boot=$( get_run_on_boot_option )
+			if [ $run_on_boot != 1 ]; then
+				logger -p notice -t ZAPRET "Attempt to run service on boot! Service is blocked!"
+				return 61
+			fi
+		fi
+	fi
+	/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD start "$@"
+}
+

zapret/renew-cfg.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+# Copyright (c) 2024 remittor
+
+. /opt/zapret/comfunc.sh
+
+merge_cfg_with_def_values
+
+CONFIGS_SYNC=0
+
+[ ! -f "$ZAPRET_CONFIG" ] && CONFIGS_SYNC=1
+[ "$1" = "sync" ] && CONFIGS_SYNC=1
+
+if [ "$CONFIGS_SYNC" = "1" ]; then
+	# renew main config
+	/opt/zapret/sync_config.sh
+fi

zapret/restore-def-cfg.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+# Copyright (c) 2024 remittor
+
+. /opt/zapret/comfunc.sh
+
+create_default_cfg
+
+if [ "$1" = "sync" ]; then
+	# renew main config
+	/opt/zapret/sync_config.sh
+fi

zapret/sync_config.sh

@@ -1,32 +1,7 @@
 #!/bin/sh
 # Copyright (c) 2024 remittor
 
-EXEDIR=/opt/zapret
-ZAPRET_BASE=/opt/zapret
-ZAPRET_CONFIG="$ZAPRET_BASE/config"
-ZAPRET_CONFIG_NEW="$ZAPRET_BASE/config.new"
-ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default"
-ZAPRET_CFG=/etc/config/zapret
-
-ZAPRET_CFG_SEC_NAME="$( uci -q get zapret.config )"
-
-if [ -z "$ZAPRET_CFG_SEC_NAME" ]; then
-	# wrong uci-config
-	return 96
-fi
-
-function get_sed_compat
-{
-	local str=$( ( echo $1|sed -r 's/([\$\.\*\/\[\\^])/\\\1/g'|sed 's/[]]/\\]/g' )>&1 )
-	echo "$str"
-}
-
-function is_valid_sh_syntax
-{
-	local fname=${1:-$ZAPRET_CONFIG}
-	sh -n "$fname" &>/dev/null
-	return $?
-}
+. /opt/zapret/comfunc.sh
 
 function uncomment_param
 {
@@ -49,7 +24,7 @@ function append_param
 function set_param_value
 {
 	local param=$1
-	local value=$( get_sed_compat "$2" )
+	local value=$( adapt_for_sed "$2" )
 	local fname=${3:-$ZAPRET_CONFIG}
 	sed -i "s/^$param=.*/$param=$value/g" $fname
 }
@@ -57,7 +32,7 @@ function set_param_value
 function set_param_value_str
 {
 	local param=$1
-	local value=$( get_sed_compat "$2" )
+	local value=$( adapt_for_sed "$2" )
 	local fname=${3:-$ZAPRET_CONFIG}
 	sed -i "s/^$param=.*/$param=\"$value\"/g" $fname
 }
@@ -90,6 +65,7 @@ fi
 
 cp -f "$ZAPRET_CONFIG" "$ZAPRET_CONFIG_NEW"
 
+ZAPRET_CONFIG__SAVED="$ZAPRET_CONFIG"
 ZAPRET_CONFIG="$ZAPRET_CONFIG_NEW"
 
 sync_param FWTYPE
@@ -118,9 +94,9 @@ sync_param NFQWS_PORTS_TCP_KEEPALIVE
 sync_param NFQWS_PORTS_UDP_KEEPALIVE
 sync_param NFQWS_OPT str
 
-ZAPRET_CONFIG="$ZAPRET_BASE/config"
+ZAPRET_CONFIG="$ZAPRET_CONFIG__SAVED"
 
-if is_valid_sh_syntax "$ZAPRET_CONFIG_NEW" ; then
+if is_valid_config "$ZAPRET_CONFIG_NEW" ; then
 	cp -f "$ZAPRET_CONFIG_NEW" "$ZAPRET_CONFIG"
 	rm -f "$ZAPRET_CONFIG_NEW"
 else

zapret/uci-def-cfg.sh

@@ -1,143 +1,18 @@
 #!/bin/sh
 # Copyright (c) 2024 remittor
 
-SCRIPT_SOURCED=0
-case ${0##*/} in ash|-ash) SCRIPT_SOURCED=1;; esac
-#[[ $_ != $0 ]] && echo "Script is being sourced" || echo "Script is a subshell"
+. /opt/zapret/comfunc.sh
 
-ZAPRET_BASE=/opt/zapret
-ZAPRET_CONFIG="$ZAPRET_BASE/config"
-ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default"
-ZAPRET_CFG_FILE=/etc/config/zapret
-ZAPRET_CFG_NAME=zapret
+# create empty txt files into ipset directory
+[ ! -f "/opt/zapret/ipset/zapret-hosts-google.txt"     ] && touch "/opt/zapret/ipset/zapret-hosts-google.txt"
+#[ ! -f "/opt/zapret/ipset/zapret-hosts-auto.txt"      ] && touch "/opt/zapret/ipset/zapret-hosts-auto.txt"
+[ ! -f "/opt/zapret/ipset/zapret-hosts-user.txt"       ] && touch "/opt/zapret/ipset/zapret-hosts-user.txt"
+[ ! -f "/opt/zapret/ipset/zapret-hosts-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user-ipban.txt"
+#[ ! -f "/opt/zapret/ipset/zapret-ip.txt"              ] && touch "/opt/zapret/ipset/zapret-ip.txt"
+[ ! -f "/opt/zapret/ipset/zapret-ip-user.txt"          ] && touch "/opt/zapret/ipset/zapret-ip-user.txt"
+[ ! -f "/opt/zapret/ipset/zapret-ip-user-exclude.txt"  ] && touch "/opt/zapret/ipset/zapret-ip-user-exclude.txt"
+[ ! -f "/opt/zapret/ipset/zapret-ip-user-ipban.txt"    ] && touch "/opt/zapret/ipset/zapret-ip-user-ipban.txt"
 
-CFG_OPT_FORCE=0
-CFG_OPT_MERGE=0
-CFG_OPT_SYNC_CFG=0
-
-
-function set_default_values
-{
-	local cfgname=${1:-$ZAPRET_CFG_NAME}
-	local TAB="$( echo -n -e '\t' )"
-	uci batch <<-EOF
-		set $cfgname.config.autostart='0'
-		# settings for zapret service
-		set $cfgname.config.FWTYPE='nftables'
-		set $cfgname.config.POSTNAT='1'
-		set $cfgname.config.FLOWOFFLOAD='none'
-		set $cfgname.config.INIT_APPLY_FW='1'
-		set $cfgname.config.DISABLE_IPV4='0'
-		set $cfgname.config.DISABLE_IPV6='1'
-		set $cfgname.config.MODE_FILTER='hostlist'
-		# autohostlist options
-		set $cfgname.config.AUTOHOSTLIST_RETRANS_THRESHOLD='3'
-		set $cfgname.config.AUTOHOSTLIST_FAIL_THRESHOLD='3'
-		set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60'
-		set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0'
-		# nfqws options
-		set $cfgname.config.NFQWS_ENABLE='1'
-		set $cfgname.config.DESYNC_MARK='0x40000000'
-		set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000'
-		set $cfgname.config.NFQWS_PORTS_TCP='80,443'
-		set $cfgname.config.NFQWS_PORTS_UDP='443'
-		set $cfgname.config.NFQWS_TCP_PKT_OUT='9'
-		set $cfgname.config.NFQWS_TCP_PKT_IN='3'
-		set $cfgname.config.NFQWS_UDP_PKT_OUT='9'
-		set $cfgname.config.NFQWS_UDP_PKT_IN='0'
-		set $cfgname.config.NFQWS_PORTS_TCP_KEEPALIVE='0'
-		set $cfgname.config.NFQWS_PORTS_UDP_KEEPALIVE='0'
-		set $cfgname.config.NFQWS_OPT="
-			--filter-tcp=80 <HOSTLIST>
-			--dpi-desync=fake,split2
-			--dpi-desync-autottl=2
-			--dpi-desync-fooling=md5sig
-			--new
-			--filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-			--dpi-desync=fake,split2
-			--dpi-desync-repeats=11
-			--dpi-desync-fooling=md5sig
-			--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
-			--new
-			--filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-			--dpi-desync=fake
-			--dpi-desync-repeats=11
-			--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
-			--new
-			--filter-udp=443 <HOSTLIST_NOAUTO>
-			--dpi-desync=fake
-			--dpi-desync-repeats=11
-			--new
-			--filter-tcp=80,443 <HOSTLIST>
-			--dpi-desync=fake,disorder2
-			--dpi-desync-repeats=6
-			--dpi-desync-autottl=2
-			--dpi-desync-fooling=md5sig
-		"
-		# save changes
-		commit $cfgname
-	EOF
-	return 0
-}
-
-function create_default_config
-{
-	local cfgname=${1:-$ZAPRET_CFG_NAME}
-	local cfgfile=/etc/config/$cfgname
-	rm -f $cfgfile
-	touch $cfgfile
-	uci set $cfgname.config=main
-	set_default_values $cfgname
-	return 0
-}
-
-function merge_config_with_def_values
-{
-	local cfgname=${1:-$ZAPRET_CFG_NAME}
-	local force=$2
-	local cfgfile=/etc/config/$cfgname
-	local NEWCFGNAME="zapret-default"
-	local NEWCFGFILE="/etc/config/$NEWCFGNAME"
-
-	create_default_config "$NEWCFGNAME"
-	[ ! -f "$NEWCFGFILE" ] && return 1 
-
-	uci -m -f $cfgfile import "$NEWCFGNAME"
-	uci commit "$NEWCFGNAME"
-	uci -m -f "$NEWCFGFILE" import $cfgname
-	uci commit $cfgname
-	rm -f "$NEWCFGFILE"	
-	return 0
-}
-
-
-if [ "$SCRIPT_SOURCED" != "1" ]; then
-	while getopts "fms" SCRIPT_OPT; do
-		case $SCRIPT_OPT in
-			f) CFG_OPT_FORCE=1;;
-			m) CFG_OPT_MERGE=1;;
-			s) CFG_OPT_SYNC_CFG=1;;
-		esac
-	done
-
-	if [ ! -f "$ZAPRET_CFG_FILE" ]; then
-		CFG_OPT_FORCE=1
-	fi
-
-	if [ "$CFG_OPT_FORCE" = "1" ]; then
-		create_default_config
-		[ "$CFG_OPT_SYNC_CFG" = "1" ] && /opt/zapret/sync_config.sh
-		return 0
-	fi
-fi
-
-
-CFG_OPT_MERGE=1
-merge_config_with_def_values
-
-if [ ! -f "$ZAPRET_CONFIG" ]; then
-	# create main config
-	/opt/zapret/sync_config.sh
-fi
-
-return 0
+# create or merge uci-config
+$ZAPRET_BASE/renew-cfg.sh
+