Bump version to v69-20241118

Reason: for compatibility with OpenWrt 24+

luci-app-zapret/Makefile

@@ -5,8 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-zapret
-PKG_RELEASE:=20241110
-PKG_VERSION:=68-$(PKG_RELEASE)
+PKG_VERSION:=69-20241118
 PKG_LICENSE:=MIT
 
 LUCI_TITLE:=LuCI support for zapret

luci-app-zapret/htdocs/luci-static/resources/view/zapret/service.js

@@ -27,6 +27,10 @@ return view.extend({
     },
     
     disableButtons: function(flag, button, elems = { }) {
+        let error_code = 0;
+        if (Number.isInteger(button) && button < 0) {
+            error_code = button;
+        }
         let btn = this.get_svc_buttons(elems);
         btn.enable.disabled  = flag;
         btn.disable.disabled = flag;
@@ -34,14 +38,15 @@ return view.extend({
         btn.restart.disabled = flag;
         btn.stop.disabled    = flag;
         btn.update.disabled  = true; // TODO
-        btn.reset.disabled   = flag;
+        btn.reset.disabled   = (error_code == 0) ? flag : false;
     },
 
     getAppStatus: function() {
         return Promise.all([
-            tools.getInitState(tools.appName),    // svc_state
-            fs.exec(tools.execPath, [ 'info' ]),  // svc_info
-            fs.exec('/bin/ps'),                   // process list
+            tools.getInitState(tools.appName),      // svc_boot
+            fs.exec(tools.execPath, [ 'enabled' ]), // svc_en
+            fs.exec(tools.execPath, [ 'info' ]),    // svc_info
+            fs.exec('/bin/ps'),                     // process list
             fs.exec('/bin/opkg', [ 'list-installed', '*zapret*' ]),  // installed packages
             uci.load(tools.appName),              // config
         ]).catch(e => {
@@ -58,33 +63,38 @@ return view.extend({
             let elem_status = elems.status || document.getElementById("status");
             elem_status.innerHTML = tools.makeStatusString(null);
             ui.addNotification(null, E('p', _('Unable to read the contents') + ': setAppStatus()'));
-            this.disableButtons(true, null, elems);
+            this.disableButtons(true, -1, elems);
             return;
         }
-        let svc_autorun = status_array[0] ? true : false;
-        let svc_info = status_array[1];   // stdout: JSON as text
-        let proc_list = status_array[2];  // stdout: multiline text
-        let pkg_list = status_array[3];   // stdout: installed packages
+        let svc_boot  = status_array[0] ? true : false;
+        let svc_en    = status_array[1];   // stdout: empty or error text
+        let svc_info  = status_array[2];   // stdout: JSON as text
+        let proc_list = status_array[3];   // stdout: multiline text
+        let pkg_list  = status_array[4];   // stdout: installed packages
+        
+        console.log('svc_en: ' + svc_en.code);
+        svc_en = (svc_en.code == 0) ? true : false;
+        
         if (svc_info.code != 0) {
             ui.addNotification(null, E('p', _('Unable to read the service info') + ': setAppStatus()'));
-            this.disableButtons(true, null, elems);
+            this.disableButtons(true, -1, elems);
             return;
         }
         if (proc_list.code != 0) {
             ui.addNotification(null, E('p', _('Unable to read process list') + ': setAppStatus()'));
-            this.disableButtons(true, null, elems);
+            this.disableButtons(true, -1, elems);
             return;
         }
         if (pkg_list.code != 0) {
             ui.addNotification(null, E('p', _('Unable to enumerate installed packages') + ': setAppStatus()'));
-            this.disableButtons(true, null, elems);
+            this.disableButtons(true, -1, elems);
             return;
         }
         let svcinfo;
         if (force_app_status) {
             svcinfo = force_app_status;
         } else {
-            svcinfo = tools.decode_svc_info(svc_autorun, svc_info, proc_list, cfg);
+            svcinfo = tools.decode_svc_info(svc_en, svc_info, proc_list, cfg);
         }
         let btn = this.get_svc_buttons(elems);
         btn.update.disabled = true;   // TODO
@@ -93,10 +103,10 @@ return view.extend({
         if (Number.isInteger(svcinfo)) {
             ui.addNotification(null, E('p', _('Error')
                 + ' %s: return code = %s'.format('decode_svc_info', svcinfo + ' ')));
-            this.disableButtons(true, null, elems);
+            this.disableButtons(true, -1, elems);
         } else {
-            btn.enable.disabled  = (svc_autorun) ? true : false;
-            btn.disable.disabled = (svc_autorun) ? false : true;
+            btn.enable.disabled  = (svc_en) ? true : false;
+            btn.disable.disabled = (svc_en) ? false : true;
             if (!svcinfo.dmn.inited) {
                 btn.start.disabled = false;
                 btn.restart.disabled = true;
@@ -154,8 +164,8 @@ return view.extend({
         }
         else if (action == 'reset') {
             exec_cmd = tools.defaultCfgPath;
-            exec_arg = [ '-f' ];
-            errmsg = _('Unable to run uci-def-cfg.sh script.');
+            exec_arg = [ 'sync' ];  // restore config + sync configs
+            errmsg = _('Unable to run restore-def-cfg.sh script.');
             action = null;
         } else {
             ui.addNotification(null, E('p', 'ERROR: unknown action'));
@@ -227,7 +237,7 @@ return view.extend({
             'class': btn_style_action,
         }, _('Reset settings'));
         resetcfg_btn.onclick = ui.createHandlerFn(this, () => {
-            cancel_button.disabled = true;
+            //cancel_button.disabled = true;
             return this.serviceActionEx('reset', resetcfg_btn, true);
         });
 
@@ -253,7 +263,7 @@ return view.extend({
         }
         let cfg = uci.get(tools.appName, 'config');
 
-        let pkg_list = status_array[3];
+        let pkg_list = status_array[4];
         if (pkg_list === undefined || typeof(pkg_list) !== 'object' || pkg_list.code != 0) {
             ui.addNotification(null, E('p', _('Unable to enumerate installed packages') + ': setAppStatus()'));
             return;

luci-app-zapret/htdocs/luci-static/resources/view/zapret/tools.js

@@ -38,7 +38,7 @@ return baseclass.extend({
     appName           : 'zapret',
     execPath          : '/etc/init.d/zapret',
     syncCfgPath       : '/opt/zapret/sync_config.sh',
-    defaultCfgPath    : '/opt/zapret/uci-def-cfg.sh',
+    defaultCfgPath    : '/opt/zapret/restore-def-cfg.sh',
 
     hostsGoogleFN     : '/opt/zapret/ipset/zapret-hosts-google.txt',
     hostsUserFN       : '/opt/zapret/ipset/zapret-hosts-user.txt',
@@ -429,6 +429,10 @@ return baseclass.extend({
                 value = value.replace(/\r/g, '');
                 if (value != "" && value != "\t") {
                     value = '\n' + value + '\n';
+                    if (this.multiline == 2) {
+                        value = value.replace(/"/g, '');
+                        value = value.replace(/'/g, '');
+                    }
                 }
             } else {
                 value = value.replace(/\r\n/g, ' ');

luci-app-zapret/root/usr/share/luci/menu.d/luci-app-zapret.json

@@ -10,6 +10,7 @@
 			"acl": [ "luci-app-zapret" ],
 			"fs": {
 				"/opt/zapret/sync_config.sh": "executable",
+				"/opt/zapret/restore-def-cfg.sh": "executable",
 				"/etc/init.d/zapret": "executable"
 			},
 			"uci": { "zapret": true }

luci-app-zapret/root/usr/share/rpcd/acl.d/luci-app-zapret.json

@@ -10,7 +10,7 @@
 				"/etc/init.d/zapret*": [ "exec" ],
 				"/bin/ps*": [ "exec" ],
 				"/bin/opkg*": [ "exec" ],
-				"/opt/zapret/uci-def-cfg.sh*": [ "exec" ],
+				"/opt/zapret/restore-def-cfg.sh*": [ "exec" ],
 				"/opt/zapret/sync_config.sh*": [ "exec" ]
 			},
 			"uci": [ "zapret", "network" ],

zapret-ip2net/Makefile

@@ -1,8 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=zapret-ip2net
-PKG_VERSION:=68
-PKG_RELEASE:=20241110
+PKG_VERSION:=69-20241118
 
 PKG_MAINTAINER:=bol-van
 PKG_LICENSE:=MIT
@@ -10,8 +9,8 @@ PKG_LICENSE_FILES:=docs/LICENSE.txt
 
 PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=41b4c6650b13707654066b5af007d531dd348286
-PKG_SOURCE_DATE:=2024-11-10
+PKG_SOURCE_VERSION:=256c2d7e50de0f91fdec8439a08c8e22c3b3b115
+PKG_SOURCE_DATE:=2024-11-18
 
 #PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 #PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?

zapret-mdig/Makefile

@@ -1,8 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=zapret-mdig
-PKG_VERSION:=68
-PKG_RELEASE:=20241110
+PKG_VERSION:=69-20241118
 
 PKG_MAINTAINER:=bol-van
 PKG_LICENSE:=MIT
@@ -10,8 +9,8 @@ PKG_LICENSE_FILES:=docs/LICENSE.txt
 
 PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=41b4c6650b13707654066b5af007d531dd348286
-PKG_SOURCE_DATE:=2024-11-10
+PKG_SOURCE_VERSION:=256c2d7e50de0f91fdec8439a08c8e22c3b3b115
+PKG_SOURCE_DATE:=2024-11-18
 
 #PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 #PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?

zapret-tpws/Makefile

@@ -1,8 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=zapret-tpws
-PKG_VERSION:=68
-PKG_RELEASE:=20241110
+PKG_VERSION:=69-20241118
 
 PKG_MAINTAINER:=bol-van
 PKG_LICENSE:=MIT
@@ -10,8 +9,8 @@ PKG_LICENSE_FILES:=docs/LICENSE.txt
 
 PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=41b4c6650b13707654066b5af007d531dd348286
-PKG_SOURCE_DATE:=2024-11-10
+PKG_SOURCE_VERSION:=256c2d7e50de0f91fdec8439a08c8e22c3b3b115
+PKG_SOURCE_DATE:=2024-11-18
 
 #PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 #PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?

zapret/Makefile

@@ -5,8 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=zapret
-PKG_VERSION:=68
-PKG_RELEASE:=20241110
+PKG_VERSION:=69-20241118
 
 PKG_MAINTAINER:=bol-van
 PKG_LICENSE:=MIT
@@ -14,8 +13,8 @@ PKG_LICENSE_FILES:=docs/LICENSE.txt
 
 PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=41b4c6650b13707654066b5af007d531dd348286
-PKG_SOURCE_DATE:=2024-11-10
+PKG_SOURCE_VERSION:=256c2d7e50de0f91fdec8439a08c8e22c3b3b115
+PKG_SOURCE_DATE:=2024-11-18
 
 #PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 #PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?
@@ -77,15 +76,19 @@ define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/90-zapret $(1)/etc/hotplug.d/iface/90-zapret
 	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/zapret $(1)/etc/init.d/zapret
+	$(INSTALL_BIN) ./init.d.sh $(1)/etc/init.d/zapret
 	$(INSTALL_CONF) ./config.default $(1)/opt/zapret/config.default
 	$(INSTALL_CONF) ./ipset/zapret-hosts-google.txt       $(1)/opt/zapret/ipset/zapret-hosts-google.txt
 	$(INSTALL_CONF) ./ipset/zapret-hosts-user-exclude.txt $(1)/opt/zapret/ipset/zapret-hosts-user-exclude.txt
 	$(INSTALL_CONF) ./ipset/zapret-ip-exclude.txt         $(1)/opt/zapret/ipset/zapret-ip-exclude.txt
-	$(INSTALL_BIN) ./sync_config.sh $(1)/opt/zapret/sync_config.sh
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_BIN) ./uci-def-cfg.sh $(1)/etc/uci-defaults/zapret-uci-def-cfg.sh
-	$(INSTALL_BIN) ./uci-def-cfg.sh $(1)/opt/zapret/uci-def-cfg.sh
+	$(INSTALL_BIN) ./uci-def-cfg.sh     $(1)/etc/uci-defaults/zapret-uci-def-cfg.sh
+	$(INSTALL_BIN) ./uci-def-cfg.sh     $(1)/opt/zapret/uci-def-cfg.sh
+	$(INSTALL_BIN) ./comfunc.sh         $(1)/opt/zapret/comfunc.sh
+	$(INSTALL_BIN) ./def-cfg.sh         $(1)/opt/zapret/def-cfg.sh
+	$(INSTALL_BIN) ./renew-cfg.sh       $(1)/opt/zapret/renew-cfg.sh
+	$(INSTALL_BIN) ./restore-def-cfg.sh $(1)/opt/zapret/restore-def-cfg.sh
+	$(INSTALL_BIN) ./sync_config.sh     $(1)/opt/zapret/sync_config.sh
 endef
 
 define Package/$(PKG_NAME)/preinst
@@ -133,15 +136,6 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
 		echo "Current file $${ZAPRET_CONFIG} backuped to $${ZAPRET_CONFIG_BACKUP}"
 		cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
 	fi
-	# create empty txt files into ipset directory
-	[ ! -f "/opt/zapret/ipset/zapret-hosts-google.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-google.txt"
-	#[ ! -f "/opt/zapret/ipset/zapret-hosts-auto.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-auto.txt"
-	[ ! -f "/opt/zapret/ipset/zapret-hosts-user.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user.txt"
-	[ ! -f "/opt/zapret/ipset/zapret-hosts-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user-ipban.txt"
-	#[ ! -f "/opt/zapret/ipset/zapret-ip.txt" ] && touch "/opt/zapret/ipset/zapret-ip.txt"
-	[ ! -f "/opt/zapret/ipset/zapret-ip-user.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user.txt"
-	[ ! -f "/opt/zapret/ipset/zapret-ip-user-exclude.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user-exclude.txt"
-	[ ! -f "/opt/zapret/ipset/zapret-ip-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user-ipban.txt"
 	# check existing uci-config
 	[ -f "/etc/config/zapret" ] && ZAPRET_CFG_EXISTS=1 || ZAPRET_CFG_EXISTS=0
 	# create or merge uci-config
@@ -151,6 +145,9 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
 	rm -f /etc/uci-defaults/zapret-uci-def-cfg.sh
 	# copy (sync) all params from uci-config to main config
 	/opt/zapret/sync_config.sh
+	# check main config
+	sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
+	sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || exit 58
 	# enable main service
 	/etc/init.d/zapret enable
 	# stop all
@@ -172,7 +169,14 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
 	EXEDIR=/opt/zapret
 	ZAPRET_BASE=/opt/zapret
 	ZAPRET_CONFIG=/opt/zapret/config
+	ZAPRET_CONFIG_DEF="/opt/zapret/config.default"
 	OPENWRT_FW_INCLUDE=/etc/firewall.zapret
+	# check main config
+	sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
+	if ! sh -n "$${ZAPRET_CONFIG}" 2>/dev/null ; then
+		ps w | grep '/opt/zapret/nfq/nfqws' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
+		exit 0
+	fi
 	. "$${ZAPRET_CONFIG}"
 	. "$${ZAPRET_BASE}/common/base.sh"
 	. "$${ZAPRET_BASE}/common/fwtype.sh"

zapret/comfunc.sh

@@ -0,0 +1,124 @@
+#!/bin/sh
+# Copyright (c) 2024 remittor
+
+EXEDIR=/opt/zapret
+ZAPRET_BASE=/opt/zapret
+
+ZAPRET_INITD=/etc/init.d/zapret
+ZAPRET_ORIG_INITD="$ZAPRET_BASE/init.d/openwrt/zapret"
+
+ZAPRET_CONFIG="$ZAPRET_BASE/config"
+ZAPRET_CONFIG_NEW="$ZAPRET_BASE/config.new"
+ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default"
+
+ZAPRET_CFG=/etc/config/zapret
+ZAPRET_CFG_NAME=zapret
+ZAPRET_CFG_SEC_NAME="$( uci -q get $ZAPRET_CFG_NAME.config )"
+
+. $ZAPRET_BASE/def-cfg.sh
+
+function adapt_for_sed
+{
+	local str=$( ( echo $1|sed -r 's/([\$\.\*\/\[\\^])/\\\1/g'|sed 's/[]]/\\]/g' )>&1 )
+	echo "$str"
+}
+
+function is_valid_config
+{
+	local fname=${1:-$ZAPRET_CONFIG}
+	sh -n "$fname" &>/dev/null
+	return $?
+}
+
+function get_ppid_by_pid
+{
+	local pid=$1
+	local ppid="$( cat /proc/$pid/status 2>/dev/null | grep '^PPid:' | awk '{print $2}' )"
+	echo "$ppid"
+}
+
+function get_proc_path_by_pid
+{
+	local pid=$1
+	local path=$( cat /proc/$pid/cmdline 2>/dev/null | tr '\0' '\n' | head -n1 )
+	echo "$path"
+}
+
+function get_proc_cmd_by_pid
+{
+	local pid=$1
+	local delim="$2"
+	local cmdline
+	if [ "$delim" = "" ]; then
+		cmdline="$( cat /proc/$pid/cmdline 2>/dev/null | tr '\0' '\n' )"
+	else
+		cmdline="$( cat /proc/$pid/cmdline 2>/dev/null | tr '\0' "$delim" )"
+	fi
+	echo "$cmdline"
+}
+
+function is_run_via_procd
+{
+	local pname
+	[ "$$" = "1" ] && return 0	
+	pname="$( get_proc_path_by_pid $$ )"
+	[ "$pname" = "/sbin/procd" ] && return 0
+	[ "$PPID" = "1" ] && return 0
+	pname="$( get_proc_path_by_pid $PPID )"
+	[ "$pname" = "/sbin/procd" ] && return 0
+	return 1
+}
+
+function is_run_on_boot
+{
+	local cmdline="$( get_proc_cmd_by_pid $$ ' ' )"
+	if echo "$cmdline" | grep -q " /etc/rc.d/S" ; then
+		if echo "$cmdline" | grep -q " boot $" ; then
+			return 0
+		fi
+	fi
+	return 1
+}
+
+function get_run_on_boot_option
+{
+	if [ "$( uci -q get $ZAPRET_CFG_NAME.config.run_on_boot )" = "1" ]; then
+		echo 1
+	else
+		echo 0
+	fi
+}
+
+function create_default_cfg
+{
+	local cfgname=${1:-$ZAPRET_CFG_NAME}
+	local cfgfile=/etc/config/$cfgname
+	rm -f $cfgfile
+	touch $cfgfile
+	uci set $cfgname.config=main
+	set_cfg_default_values $cfgname
+	return 0
+}
+
+function merge_cfg_with_def_values
+{
+	local cfgname=${1:-$ZAPRET_CFG_NAME}
+	local force=$2
+	local cfgfile=/etc/config/$cfgname
+	local NEWCFGNAME="zapret-default"
+	local NEWCFGFILE="/etc/config/$NEWCFGNAME"
+
+	local cfg_sec_name="$( uci -q get $ZAPRET_CFG_NAME.config )"
+	[ -z "$cfg_sec_name" ] && create_default_cfg
+
+	create_default_cfg "$NEWCFGNAME"
+	[ ! -f "$NEWCFGFILE" ] && return 1 
+
+	uci -m -f $cfgfile import "$NEWCFGNAME"
+	uci commit "$NEWCFGNAME"
+	uci -m -f "$NEWCFGFILE" import $cfgname
+	uci commit $cfgname
+	rm -f "$NEWCFGFILE"	
+	return 0
+}
+

zapret/def-cfg.sh

@@ -0,0 +1,66 @@
+#!/bin/sh
+# Copyright (c) 2024 remittor
+
+function set_cfg_default_values
+{
+	local cfgname=${1:-$ZAPRET_CFG_NAME}
+	local TAB="$( echo -n -e '\t' )"
+	uci batch <<-EOF
+		set $cfgname.config.run_on_boot='0'
+		# settings for zapret service
+		set $cfgname.config.FWTYPE='nftables'
+		set $cfgname.config.POSTNAT='1'
+		set $cfgname.config.FLOWOFFLOAD='none'
+		set $cfgname.config.INIT_APPLY_FW='1'
+		set $cfgname.config.DISABLE_IPV4='0'
+		set $cfgname.config.DISABLE_IPV6='1'
+		set $cfgname.config.MODE_FILTER='hostlist'
+		# autohostlist options
+		set $cfgname.config.AUTOHOSTLIST_RETRANS_THRESHOLD='3'
+		set $cfgname.config.AUTOHOSTLIST_FAIL_THRESHOLD='3'
+		set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60'
+		set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0'
+		# nfqws options
+		set $cfgname.config.NFQWS_ENABLE='1'
+		set $cfgname.config.DESYNC_MARK='0x40000000'
+		set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000'
+		set $cfgname.config.NFQWS_PORTS_TCP='80,443'
+		set $cfgname.config.NFQWS_PORTS_UDP='443'
+		set $cfgname.config.NFQWS_TCP_PKT_OUT='9'
+		set $cfgname.config.NFQWS_TCP_PKT_IN='3'
+		set $cfgname.config.NFQWS_UDP_PKT_OUT='9'
+		set $cfgname.config.NFQWS_UDP_PKT_IN='0'
+		set $cfgname.config.NFQWS_PORTS_TCP_KEEPALIVE='0'
+		set $cfgname.config.NFQWS_PORTS_UDP_KEEPALIVE='0'
+		set $cfgname.config.NFQWS_OPT="
+			--filter-tcp=80 <HOSTLIST>
+			--dpi-desync=fake,split2
+			--dpi-desync-autottl=2
+			--dpi-desync-fooling=md5sig
+			--new
+			--filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
+			--dpi-desync=fake,split2
+			--dpi-desync-repeats=11
+			--dpi-desync-fooling=md5sig
+			--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
+			--new
+			--filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
+			--dpi-desync=fake
+			--dpi-desync-repeats=11
+			--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
+			--new
+			--filter-udp=443 <HOSTLIST_NOAUTO>
+			--dpi-desync=fake
+			--dpi-desync-repeats=11
+			--new
+			--filter-tcp=80,443 <HOSTLIST>
+			--dpi-desync=fake,disorder2
+			--dpi-desync-repeats=6
+			--dpi-desync-autottl=2
+			--dpi-desync-fooling=md5sig
+		"
+		# save changes
+		commit $cfgname
+	EOF
+	return 0
+}

zapret/init.d.sh

@@ -0,0 +1,73 @@
+#!/bin/sh /etc/rc.common
+# Copyright (c) 2024 remittor
+
+USE_PROCD=1
+# after network
+START=21
+
+SCRIPT_FILENAME=$1
+
+. /opt/zapret/comfunc.sh
+
+if ! is_valid_config ; then
+	logger -p err -t ZAPRET "Wrong main config: $ZAPRET_CONFIG"
+	exit 91
+fi
+
+. $ZAPRET_ORIG_INITD
+
+EXEDIR=/opt/zapret
+ZAPRET_BASE=/opt/zapret
+
+is_run_on_boot && IS_RUN_ON_BOOT=1 || IS_RUN_ON_BOOT=0
+
+
+function enable
+{
+	local run_on_boot=""
+	if [ "$IS_RUN_ON_BOOT" = "1" ]; then
+		if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
+			run_on_boot=$( get_run_on_boot_option )
+			if [ $run_on_boot != 1 ]; then
+				logger -p notice -t ZAPRET "Attempt to enable service, but service blocked!"
+				return 61
+			fi
+		fi
+	fi
+	if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
+		uci set $ZAPRET_CFG_NAME.config.run_on_boot=1
+		uci commit
+	fi
+	/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD enable
+}
+
+function enabled
+{
+	local run_on_boot=""
+	if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
+		run_on_boot=$( get_run_on_boot_option )
+		if [ $run_on_boot != 1 ]; then
+			if [ "$IS_RUN_ON_BOOT" = "1" ]; then
+				logger -p notice -t ZAPRET "Service is blocked!"
+			fi
+			return 61
+		fi
+	fi
+	/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD enabled
+}
+
+function boot
+{
+	local run_on_boot=""
+	if [ "$IS_RUN_ON_BOOT" = "1" ]; then
+		if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
+			run_on_boot=$( get_run_on_boot_option )
+			if [ $run_on_boot != 1 ]; then
+				logger -p notice -t ZAPRET "Attempt to run service on boot! Service is blocked!"
+				return 61
+			fi
+		fi
+	fi
+	/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD start "$@"
+}
+

zapret/renew-cfg.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+# Copyright (c) 2024 remittor
+
+. /opt/zapret/comfunc.sh
+
+merge_cfg_with_def_values
+
+CONFIGS_SYNC=0
+
+[ ! -f "$ZAPRET_CONFIG" ] && CONFIGS_SYNC=1
+[ "$1" = "sync" ] && CONFIGS_SYNC=1
+
+if [ "$CONFIGS_SYNC" = "1" ]; then
+	# renew main config
+	/opt/zapret/sync_config.sh
+fi

zapret/restore-def-cfg.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+# Copyright (c) 2024 remittor
+
+. /opt/zapret/comfunc.sh
+
+create_default_cfg
+
+if [ "$1" = "sync" ]; then
+	# renew main config
+	/opt/zapret/sync_config.sh
+fi

zapret/sync_config.sh

@@ -1,24 +1,7 @@
 #!/bin/sh
 # Copyright (c) 2024 remittor
 
-EXEDIR=/opt/zapret
-ZAPRET_BASE=/opt/zapret
-ZAPRET_CONFIG="$ZAPRET_BASE/config"
-ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default"
-ZAPRET_CFG=/etc/config/zapret
-
-ZAPRET_CFG_SEC_NAME="$( uci -q get zapret.config )"
-
-if [ -z "$ZAPRET_CFG_SEC_NAME" ]; then
-	# wrong uci-config
-	return 1
-fi
-
-function get_sed_compat
-{
-	local str=$( ( echo $1|sed -r 's/([\$\.\*\/\[\\^])/\\\1/g'|sed 's/[]]/\\]/g' )>&1 )
-	echo "$str"
-}
+. /opt/zapret/comfunc.sh
 
 function uncomment_param
 {
@@ -41,7 +24,7 @@ function append_param
 function set_param_value
 {
 	local param=$1
-	local value=$( get_sed_compat "$2" )
+	local value=$( adapt_for_sed "$2" )
 	local fname=${3:-$ZAPRET_CONFIG}
 	sed -i "s/^$param=.*/$param=$value/g" $fname
 }
@@ -49,7 +32,7 @@ function set_param_value
 function set_param_value_str
 {
 	local param=$1
-	local value=$( get_sed_compat "$2" )
+	local value=$( adapt_for_sed "$2" )
 	local fname=${3:-$ZAPRET_CONFIG}
 	sed -i "s/^$param=.*/$param=\"$value\"/g" $fname
 }
@@ -80,6 +63,11 @@ if [ ! -f "$ZAPRET_CONFIG" ]; then
 	fi
 fi
 
+cp -f "$ZAPRET_CONFIG" "$ZAPRET_CONFIG_NEW"
+
+ZAPRET_CONFIG__SAVED="$ZAPRET_CONFIG"
+ZAPRET_CONFIG="$ZAPRET_CONFIG_NEW"
+
 sync_param FWTYPE
 sync_param POSTNAT
 sync_param FLOWOFFLOAD
@@ -105,3 +93,13 @@ sync_param NFQWS_UDP_PKT_IN str
 sync_param NFQWS_PORTS_TCP_KEEPALIVE
 sync_param NFQWS_PORTS_UDP_KEEPALIVE
 sync_param NFQWS_OPT str
+
+ZAPRET_CONFIG="$ZAPRET_CONFIG__SAVED"
+
+if is_valid_config "$ZAPRET_CONFIG_NEW" ; then
+	cp -f "$ZAPRET_CONFIG_NEW" "$ZAPRET_CONFIG"
+	rm -f "$ZAPRET_CONFIG_NEW"
+else
+	rm -f "$ZAPRET_CONFIG_NEW"
+	return 97
+fi

zapret/uci-def-cfg.sh

@@ -1,143 +1,18 @@
 #!/bin/sh
 # Copyright (c) 2024 remittor
 
-SCRIPT_SOURCED=0
-case ${0##*/} in ash|-ash) SCRIPT_SOURCED=1;; esac
-#[[ $_ != $0 ]] && echo "Script is being sourced" || echo "Script is a subshell"
+. /opt/zapret/comfunc.sh
 
-ZAPRET_BASE=/opt/zapret
-ZAPRET_CONFIG="$ZAPRET_BASE/config"
-ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default"
-ZAPRET_CFG_FILE=/etc/config/zapret
-ZAPRET_CFG_NAME=zapret
+# create empty txt files into ipset directory
+[ ! -f "/opt/zapret/ipset/zapret-hosts-google.txt"     ] && touch "/opt/zapret/ipset/zapret-hosts-google.txt"
+#[ ! -f "/opt/zapret/ipset/zapret-hosts-auto.txt"      ] && touch "/opt/zapret/ipset/zapret-hosts-auto.txt"
+[ ! -f "/opt/zapret/ipset/zapret-hosts-user.txt"       ] && touch "/opt/zapret/ipset/zapret-hosts-user.txt"
+[ ! -f "/opt/zapret/ipset/zapret-hosts-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user-ipban.txt"
+#[ ! -f "/opt/zapret/ipset/zapret-ip.txt"              ] && touch "/opt/zapret/ipset/zapret-ip.txt"
+[ ! -f "/opt/zapret/ipset/zapret-ip-user.txt"          ] && touch "/opt/zapret/ipset/zapret-ip-user.txt"
+[ ! -f "/opt/zapret/ipset/zapret-ip-user-exclude.txt"  ] && touch "/opt/zapret/ipset/zapret-ip-user-exclude.txt"
+[ ! -f "/opt/zapret/ipset/zapret-ip-user-ipban.txt"    ] && touch "/opt/zapret/ipset/zapret-ip-user-ipban.txt"
 
-CFG_OPT_FORCE=0
-CFG_OPT_MERGE=0
-CFG_OPT_SYNC_CFG=0
-
-
-function set_default_values
-{
-	local cfgname=${1:-$ZAPRET_CFG_NAME}
-	local TAB="$( echo -n -e '\t' )"
-	uci batch <<-EOF
-		set $cfgname.config.autostart='0'
-		# settings for zapret service
-		set $cfgname.config.FWTYPE='nftables'
-		set $cfgname.config.POSTNAT='1'
-		set $cfgname.config.FLOWOFFLOAD='none'
-		set $cfgname.config.INIT_APPLY_FW='1'
-		set $cfgname.config.DISABLE_IPV4='0'
-		set $cfgname.config.DISABLE_IPV6='1'
-		set $cfgname.config.MODE_FILTER='hostlist'
-		# autohostlist options
-		set $cfgname.config.AUTOHOSTLIST_RETRANS_THRESHOLD='3'
-		set $cfgname.config.AUTOHOSTLIST_FAIL_THRESHOLD='3'
-		set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60'
-		set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0'
-		# nfqws options
-		set $cfgname.config.NFQWS_ENABLE='1'
-		set $cfgname.config.DESYNC_MARK='0x40000000'
-		set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000'
-		set $cfgname.config.NFQWS_PORTS_TCP='80,443'
-		set $cfgname.config.NFQWS_PORTS_UDP='443'
-		set $cfgname.config.NFQWS_TCP_PKT_OUT='9'
-		set $cfgname.config.NFQWS_TCP_PKT_IN='3'
-		set $cfgname.config.NFQWS_UDP_PKT_OUT='9'
-		set $cfgname.config.NFQWS_UDP_PKT_IN='0'
-		set $cfgname.config.NFQWS_PORTS_TCP_KEEPALIVE='0'
-		set $cfgname.config.NFQWS_PORTS_UDP_KEEPALIVE='0'
-		set $cfgname.config.NFQWS_OPT="
-			--filter-tcp=80 <HOSTLIST>
-			--dpi-desync=fake,split2
-			--dpi-desync-autottl=2
-			--dpi-desync-fooling=md5sig
-			--new
-			--filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-			--dpi-desync=fake,split2
-			--dpi-desync-repeats=11
-			--dpi-desync-fooling=md5sig
-			--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
-			--new
-			--filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-			--dpi-desync=fake
-			--dpi-desync-repeats=11
-			--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
-			--new
-			--filter-udp=443 <HOSTLIST_NOAUTO>
-			--dpi-desync=fake
-			--dpi-desync-repeats=11
-			--new
-			--filter-tcp=80,443 <HOSTLIST>
-			--dpi-desync=fake,disorder2
-			--dpi-desync-repeats=6
-			--dpi-desync-autottl=2
-			--dpi-desync-fooling=md5sig
-		"
-		# save changes
-		commit $cfgname
-	EOF
-	return 0
-}
-
-function create_default_config
-{
-	local cfgname=${1:-$ZAPRET_CFG_NAME}
-	local cfgfile=/etc/config/$cfgname
-	rm -f $cfgfile
-	touch $cfgfile
-	uci set $cfgname.config=main
-	set_default_values $cfgname
-	return 0
-}
-
-function merge_config_with_def_values
-{
-	local cfgname=${1:-$ZAPRET_CFG_NAME}
-	local force=$2
-	local cfgfile=/etc/config/$cfgname
-	local NEWCFGNAME="zapret-default"
-	local NEWCFGFILE="/etc/config/$NEWCFGNAME"
-
-	create_default_config "$NEWCFGNAME"
-	[ ! -f "$NEWCFGFILE" ] && return 1 
-
-	uci -m -f $cfgfile import "$NEWCFGNAME"
-	uci commit "$NEWCFGNAME"
-	uci -m -f "$NEWCFGFILE" import $cfgname
-	uci commit $cfgname
-	rm -f "$NEWCFGFILE"	
-	return 0
-}
-
-
-if [ "$SCRIPT_SOURCED" != "1" ]; then
-	while getopts "fms" SCRIPT_OPT; do
-		case $SCRIPT_OPT in
-			f) CFG_OPT_FORCE=1;;
-			m) CFG_OPT_MERGE=1;;
-			s) CFG_OPT_SYNC_CFG=1;;
-		esac
-	done
-
-	if [ ! -f "$ZAPRET_CFG_FILE" ]; then
-		CFG_OPT_FORCE=1
-	fi
-
-	if [ "$CFG_OPT_FORCE" = "1" ]; then
-		create_default_config
-		[ "$CFG_OPT_SYNC_CFG" = "1" ] && /opt/zapret/sync_config.sh
-		return 0
-	fi
-fi
-
-
-CFG_OPT_MERGE=1
-merge_config_with_def_values
-
-if [ ! -f "$ZAPRET_CONFIG" ]; then
-	# create main config
-	/opt/zapret/sync_config.sh
-fi
-
-return 0
+# create or merge uci-config
+$ZAPRET_BASE/renew-cfg.sh
+