Bump version to v70-20250109

Source: https://github.com/bol-van/zapret-win-bundle/blob/master/zapret-winws/preset_russia.cmd

.github/workflows/build.yml

@@ -65,8 +65,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        #branch: [ openwrt-22.03, openwrt-23.05 ]
-        branch: [ openwrt-23.05 ]
+        branch: [ openwrt-23.05, SNAPSHOT ]
         arch:
           - aarch64_cortex-a53
           - aarch64_cortex-a72
@@ -94,14 +93,15 @@ jobs:
           - mipsel_74kc
           - mipsel_mips32
           - x86_64
-        #include:
-        #  - branch: SNAPSHOT
-        #    arch: x86_64
-        #exclude:
-        #  - branch: openwrt-22.03
-        #    arch: arm_fa526
-        #  - branch: openwrt-22.03
-        #    arch: arm_mpcore
+        include:
+          - branch: SNAPSHOT
+            arch: aarch64_cortex-a76
+            #arch: riscv64_riscv64
+        exclude:
+          - branch: SNAPSHOT
+            arch: arm_mpcore
+          - branch: SNAPSHOT
+            arch: arm_cortex-a9_vfpv3-d16
     container:
       image: openwrt/sdk:${{ matrix.arch }}-${{ matrix.branch }}
       options: --user root
@@ -119,6 +119,9 @@ jobs:
         run: |
           # gpg --verbose --recv-keys 0x1D53D1877742E911
           gpg --verbose --import <(wget -qO- 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/0x1D53D1877742E911.asc')
+          # disable check signatures
+          sed -i 's/gpg --/#gpg --/g' setup.sh
+          # disable cleanup keys
           sed -r -i 's/^rm.+//' setup.sh
           ./setup.sh
           ls -lh
@@ -163,14 +166,14 @@ jobs:
           PKGLIST=`echo package/zapret-openwrt/{zapret,zapret-tpws,zapret-mdig,zapret-ip2net,luci-app-zapret}/compile`
           make $PKGLIST V=s CONFIG_CCACHE=1 BUILD_LOG=1
           
-          find ./bin/packages/*/base -type f ! -regex ".*\(zapret\).*\.ipk$" -delete
+          find ./bin/packages/*/base -type f ! -regex ".*\(zapret\).*\.[ai]pk$" -delete
           
           #echo ">>>>>>> build a repository index to make the output directory usable as local OPKG source"
           #ln -s `which usign` staging_dir/host/bin/usign
           #echo "$SIGN_KEY" | base64 -d > key-build
           #make package/index
           
-          tar -C ./bin/packages/*/base -cvf $GITHUB_WORKSPACE/ipk-$BRANCH-$ARCH.tar --transform "s|^\./|${BRANCH/openwrt-}/$ARCH/|" --show-transformed-names .
+          tar -C ./bin/packages/*/base -cvf $GITHUB_WORKSPACE/pkg-$BRANCH-$ARCH.tar --transform "s|^\./|${BRANCH/openwrt-}/$ARCH/|" --show-transformed-names .
           ./staging_dir/host/bin/ccache --max-size=10M --show-stats
 
       - name: Compress build logs
@@ -186,8 +189,8 @@ jobs:
         if: steps.build.outcome == 'success'
         uses: actions/upload-artifact@v4
         with:
-          name: ipk-${{ matrix.branch }}-${{ matrix.arch }}
-          path: ./**/ipk-${{ matrix.branch }}-${{ matrix.arch }}.tar
+          name: pkg-${{ matrix.branch }}-${{ matrix.arch }}
+          path: pkg-*.tar
           if-no-files-found: error
 
       - name: Upload build logs
@@ -195,7 +198,7 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: logs-${{ matrix.branch }}-${{ matrix.arch }}
-          path: ./**/logs-*.tar.xz
+          path: logs-*.tar.xz
 
   release:
     needs: [ check, build ]
@@ -205,22 +208,21 @@ jobs:
     strategy:
       max-parallel: 1
       matrix:
-        #branch: [ '22.03', '23.05' ]
-        branch: [ '23.05' ]
+        branch: [ 'SNAPSHOT', '23.05' ]
     steps:
       - name: Download artifacts
         uses: actions/download-artifact@v4
         with:
-          pattern: ipk-*
+          pattern: pkg-*
 
-      - name: Put ipk into zip
+      - name: Put packages into zip
         env:
           BRANCH: ${{ matrix.branch }}
           TAG: ${{ needs.check.outputs.tag }}
           DATE: ${{ needs.check.outputs.date }}
         run: |
           mkdir -p public
-          find . -name "ipk-openwrt-$BRANCH-*.tar" -exec tar -xvf {} --wildcards '*.ipk' \;
+          find . -name "*-$BRANCH-*.tar" -exec tar -xvf {} --wildcards '*.*pk' \;
           find $BRANCH -mindepth 1 -type d -exec sh -c 'zip -0 ./public/zapret_${TAG}_$(basename {}).zip -j {} {}/*' \;
           ls -lh ./public/*.zip
 

README.md

@@ -1,11 +1,19 @@
 [![build](https://github.com/remittor/zapret-openwrt/actions/workflows/build.yml/badge.svg)](https://github.com/remittor/zapret-openwrt/actions/workflows/build.yml)
 # zapret-openwrt
 
+Zapret is not a VPN! Zapret is an Anti-DPI utility!
+
 [Instructions for installing](https://github.com/remittor/zapret-openwrt/wiki/Installing-zapret‐openwrt-package)
 
 [Download page](https://github.com/remittor/zapret-openwrt/releases)
 
-Screenshot:
+## Screenshots
 
 ![image](https://github.com/user-attachments/assets/b79940b3-6a0d-4310-bd58-e461be004397)
 
+## Donations
+
+<img src=https://cdn-icons-png.flaticon.com/16/14446/14446252.png alt="USDT" style="vertical-align: middle;"/> USDT (ethereum network)
+```
+0x840E78D3E47A7ed4987bc36b4A4f0C5240bd7DE8
+```

luci-app-zapret/Makefile

@@ -5,9 +5,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-zapret
-PKG_RELEASE:=20241110
-PKG_VERSION:=68-$(PKG_RELEASE)
+PKG_VERSION:=70.20250109
 PKG_LICENSE:=MIT
+PKG_MAINTAINER:=remittor <https://github.com/remittor>
 
 LUCI_TITLE:=LuCI support for zapret
 LUCI_DEPENDS:=+zapret
@@ -20,8 +20,8 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
 	rm -rf /tmp/luci-modulecache/
 	#killall -HUP rpcd 2>/dev/null
 	/etc/init.d/rpcd reload
-	/sbin/luci-reload
-	/etc/init.d/uhttpd reload
+	[ -f "/sbin/luci-reload" ] && /sbin/luci-reload
+	[ -f "/etc/init.d/uhttpd" ] && /etc/init.d/uhttpd reload
 fi
 exit 0
 endef

luci-app-zapret/htdocs/luci-static/resources/view/zapret/service.js

@@ -27,6 +27,10 @@ return view.extend({
     },
     
     disableButtons: function(flag, button, elems = { }) {
+        let error_code = 0;
+        if (Number.isInteger(button) && button < 0) {
+            error_code = button;
+        }
         let btn = this.get_svc_buttons(elems);
         btn.enable.disabled  = flag;
         btn.disable.disabled = flag;
@@ -34,15 +38,16 @@ return view.extend({
         btn.restart.disabled = flag;
         btn.stop.disabled    = flag;
         btn.update.disabled  = true; // TODO
-        btn.reset.disabled   = flag;
+        btn.reset.disabled   = (error_code == 0) ? flag : false;
     },
 
     getAppStatus: function() {
         return Promise.all([
-            tools.getInitState(tools.appName),    // svc_state
-            fs.exec(tools.execPath, [ 'info' ]),  // svc_info
-            fs.exec('/bin/ps'),                   // process list
-            fs.exec('/bin/opkg', [ 'list-installed', '*zapret*' ]),  // installed packages
+            tools.getInitState(tools.appName),      // svc_boot
+            fs.exec(tools.execPath, [ 'enabled' ]), // svc_en
+            fs.exec(tools.execPath, [ 'info' ]),    // svc_info
+            fs.exec('/bin/busybox', [ 'ps' ]),      // process list
+            fs.exec(tools.packager.path, tools.packager.args),  // installed packages
             uci.load(tools.appName),              // config
         ]).catch(e => {
             ui.addNotification(null, E('p', _('Unable to execute or read contents')
@@ -58,33 +63,38 @@ return view.extend({
             let elem_status = elems.status || document.getElementById("status");
             elem_status.innerHTML = tools.makeStatusString(null);
             ui.addNotification(null, E('p', _('Unable to read the contents') + ': setAppStatus()'));
-            this.disableButtons(true, null, elems);
+            this.disableButtons(true, -1, elems);
             return;
         }
-        let svc_autorun = status_array[0] ? true : false;
-        let svc_info = status_array[1];   // stdout: JSON as text
-        let proc_list = status_array[2];  // stdout: multiline text
-        let pkg_list = status_array[3];   // stdout: installed packages
+        let svc_boot  = status_array[0] ? true : false;
+        let svc_en    = status_array[1];   // stdout: empty or error text
+        let svc_info  = status_array[2];   // stdout: JSON as text
+        let proc_list = status_array[3];   // stdout: multiline text
+        let pkg_list  = status_array[4];   // stdout: installed packages
+        
+        //console.log('svc_en: ' + svc_en.code);
+        svc_en = (svc_en.code == 0) ? true : false;
+        
         if (svc_info.code != 0) {
             ui.addNotification(null, E('p', _('Unable to read the service info') + ': setAppStatus()'));
-            this.disableButtons(true, null, elems);
+            this.disableButtons(true, -1, elems);
             return;
         }
         if (proc_list.code != 0) {
             ui.addNotification(null, E('p', _('Unable to read process list') + ': setAppStatus()'));
-            this.disableButtons(true, null, elems);
+            this.disableButtons(true, -1, elems);
             return;
         }
         if (pkg_list.code != 0) {
             ui.addNotification(null, E('p', _('Unable to enumerate installed packages') + ': setAppStatus()'));
-            this.disableButtons(true, null, elems);
+            this.disableButtons(true, -1, elems);
             return;
         }
         let svcinfo;
         if (force_app_status) {
             svcinfo = force_app_status;
         } else {
-            svcinfo = tools.decode_svc_info(svc_autorun, svc_info, proc_list, cfg);
+            svcinfo = tools.decode_svc_info(svc_en, svc_info, proc_list, cfg);
         }
         let btn = this.get_svc_buttons(elems);
         btn.update.disabled = true;   // TODO
@@ -93,10 +103,10 @@ return view.extend({
         if (Number.isInteger(svcinfo)) {
             ui.addNotification(null, E('p', _('Error')
                 + ' %s: return code = %s'.format('decode_svc_info', svcinfo + ' ')));
-            this.disableButtons(true, null, elems);
+            this.disableButtons(true, -1, elems);
         } else {
-            btn.enable.disabled  = (svc_autorun) ? true : false;
-            btn.disable.disabled = (svc_autorun) ? false : true;
+            btn.enable.disabled  = (svc_en) ? true : false;
+            btn.disable.disabled = (svc_en) ? false : true;
             if (!svcinfo.dmn.inited) {
                 btn.start.disabled = false;
                 btn.restart.disabled = true;
@@ -154,8 +164,8 @@ return view.extend({
         }
         else if (action == 'reset') {
             exec_cmd = tools.defaultCfgPath;
-            exec_arg = [ '-f' ];
-            errmsg = _('Unable to run uci-def-cfg.sh script.');
+            exec_arg = [ 'sync' ];  // restore config + sync configs
+            errmsg = _('Unable to run restore-def-cfg.sh script.');
             action = null;
         } else {
             ui.addNotification(null, E('p', 'ERROR: unknown action'));
@@ -227,7 +237,7 @@ return view.extend({
             'class': btn_style_action,
         }, _('Reset settings'));
         resetcfg_btn.onclick = ui.createHandlerFn(this, () => {
-            cancel_button.disabled = true;
+            //cancel_button.disabled = true;
             return this.serviceActionEx('reset', resetcfg_btn, true);
         });
 
@@ -253,7 +263,7 @@ return view.extend({
         }
         let cfg = uci.get(tools.appName, 'config');
 
-        let pkg_list = status_array[3];
+        let pkg_list = status_array[4];
         if (pkg_list === undefined || typeof(pkg_list) !== 'object' || pkg_list.code != 0) {
             ui.addNotification(null, E('p', _('Unable to enumerate installed packages') + ': setAppStatus()'));
             return;

luci-app-zapret/htdocs/luci-static/resources/view/zapret/tools.js

@@ -35,10 +35,11 @@ document.head.append(E('style', {'type': 'text/css'},
 `));
 
 return baseclass.extend({
+    packager          : null,
     appName           : 'zapret',
     execPath          : '/etc/init.d/zapret',
     syncCfgPath       : '/opt/zapret/sync_config.sh',
-    defaultCfgPath    : '/opt/zapret/uci-def-cfg.sh',
+    defaultCfgPath    : '/opt/zapret/restore-def-cfg.sh',
 
     hostsGoogleFN     : '/opt/zapret/ipset/zapret-hosts-google.txt',
     hostsUserFN       : '/opt/zapret/ipset/zapret-hosts-user.txt',
@@ -82,7 +83,24 @@ return baseclass.extend({
         expect: { result: false }
     }),
 
+    init_consts: function() {
+        if (!this.packager) {
+            this.packager = { };
+            if (L.hasSystemFeature('apk')) {
+                this.packager.name = 'apk';
+                this.packager.path = '/usr/bin/apk';
+                this.packager.args = [ 'list', '-I', '*zapret*' ];
+            } else {
+                this.packager.name = 'opkg';
+                this.packager.path = '/bin/opkg';
+                this.packager.args = [ 'list-installed', '*zapret*' ];
+            }
+            //console.log('PACKAGER: ' + this.packager.name);
+        }
+    },
+
     getInitState: function(name) {
+        this.init_consts();
         return this.callInitState(name).then(res => {
             if (res) {
                 return res[name].enabled ? true : false;
@@ -114,12 +132,33 @@ return baseclass.extend({
         let lines = pkg_list.trim().split('\n');
         for (let i = 0; i < lines.length; i++) {
             let line = lines[i].trim();
-            if (line.length >= 4) {
-                let word_list = line.split(' - ');
-                let name = word_list[0].trim();
-                let ver = word_list[1].trim();
-                pkg_dict[name] = ver;
+            let name;
+            let ver;
+            if (this.packager.name == 'apk') {
+                let fullname = line.split(' ')[0];
+                let mpos = fullname.lastIndexOf("-");
+                if (mpos <= 0)
+                    continue;
+                if (fullname.substring(mpos+1, mpos+2) == 'r') {
+                    // release number
+                    fullname = fullname.substring(0, mpos);
+                }
+                mpos = fullname.lastIndexOf("-");
+                if (mpos <= 0)
+                    continue;
+                name = fullname.substring(0, mpos).trim();
+                ver = fullname.substring(mpos+1).trim();
+            } else {
+                if (!line.includes(' - '))
+                    continue;
+                name = line.split(' - ')[0].trim();
+                ver  = line.split(' - ')[1].trim();
+                let spos = ver.indexOf(" ");
+                if (spos > 0) {
+                    ver = ver.substring(0, spos);
+                }
             }
+            pkg_dict[name] = ver;
         }
         return pkg_dict;
     },
@@ -429,6 +468,10 @@ return baseclass.extend({
                 value = value.replace(/\r/g, '');
                 if (value != "" && value != "\t") {
                     value = '\n' + value + '\n';
+                    if (this.multiline == 2) {
+                        value = value.replace(/"/g, '');
+                        value = value.replace(/'/g, '');
+                    }
                 }
             } else {
                 value = value.replace(/\r\n/g, ' ');

luci-app-zapret/root/usr/share/luci/menu.d/luci-app-zapret.json

@@ -10,6 +10,7 @@
 			"acl": [ "luci-app-zapret" ],
 			"fs": {
 				"/opt/zapret/sync_config.sh": "executable",
+				"/opt/zapret/restore-def-cfg.sh": "executable",
 				"/etc/init.d/zapret": "executable"
 			},
 			"uci": { "zapret": true }

luci-app-zapret/root/usr/share/rpcd/acl.d/luci-app-zapret.json

@@ -8,9 +8,10 @@
 				"/opt/zapret/ipset/*": [ "read" ],
 				"/etc/crontabs/root": [ "read" ],
 				"/etc/init.d/zapret*": [ "exec" ],
-				"/bin/ps*": [ "exec" ],
+				"/bin/busybox*": [ "exec" ],
 				"/bin/opkg*": [ "exec" ],
-				"/opt/zapret/uci-def-cfg.sh*": [ "exec" ],
+				"/usr/bin/apk*": [ "exec" ],
+				"/opt/zapret/restore-def-cfg.sh*": [ "exec" ],
 				"/opt/zapret/sync_config.sh*": [ "exec" ]
 			},
 			"uci": [ "zapret", "network" ],

zapret-ip2net/Makefile

@@ -1,8 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=zapret-ip2net
-PKG_VERSION:=68
-PKG_RELEASE:=20241110
+PKG_VERSION:=70.20250109
 
 PKG_MAINTAINER:=bol-van
 PKG_LICENSE:=MIT
@@ -10,8 +9,8 @@ PKG_LICENSE_FILES:=docs/LICENSE.txt
 
 PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=41b4c6650b13707654066b5af007d531dd348286
-PKG_SOURCE_DATE:=2024-11-10
+PKG_SOURCE_VERSION:=f21bd0c63c4997cad7d792c29053a2a7556663e8
+PKG_SOURCE_DATE:=2025-01-09
 
 #PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 #PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?

zapret-mdig/Makefile

@@ -1,8 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=zapret-mdig
-PKG_VERSION:=68
-PKG_RELEASE:=20241110
+PKG_VERSION:=70.20250109
 
 PKG_MAINTAINER:=bol-van
 PKG_LICENSE:=MIT
@@ -10,8 +9,8 @@ PKG_LICENSE_FILES:=docs/LICENSE.txt
 
 PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=41b4c6650b13707654066b5af007d531dd348286
-PKG_SOURCE_DATE:=2024-11-10
+PKG_SOURCE_VERSION:=f21bd0c63c4997cad7d792c29053a2a7556663e8
+PKG_SOURCE_DATE:=2025-01-09
 
 #PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 #PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?

zapret-tpws/Makefile

@@ -1,8 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=zapret-tpws
-PKG_VERSION:=68
-PKG_RELEASE:=20241110
+PKG_VERSION:=70.20250109
 
 PKG_MAINTAINER:=bol-van
 PKG_LICENSE:=MIT
@@ -10,8 +9,8 @@ PKG_LICENSE_FILES:=docs/LICENSE.txt
 
 PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=41b4c6650b13707654066b5af007d531dd348286
-PKG_SOURCE_DATE:=2024-11-10
+PKG_SOURCE_VERSION:=f21bd0c63c4997cad7d792c29053a2a7556663e8
+PKG_SOURCE_DATE:=2025-01-09
 
 #PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 #PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?

zapret/Makefile

@@ -5,8 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=zapret
-PKG_VERSION:=68
-PKG_RELEASE:=20241110
+PKG_VERSION:=70.20250109
 
 PKG_MAINTAINER:=bol-van
 PKG_LICENSE:=MIT
@@ -14,8 +13,8 @@ PKG_LICENSE_FILES:=docs/LICENSE.txt
 
 PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=41b4c6650b13707654066b5af007d531dd348286
-PKG_SOURCE_DATE:=2024-11-10
+PKG_SOURCE_VERSION:=f21bd0c63c4997cad7d792c29053a2a7556663e8
+PKG_SOURCE_DATE:=2025-01-09
 
 #PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 #PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?
@@ -77,15 +76,19 @@ define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/90-zapret $(1)/etc/hotplug.d/iface/90-zapret
 	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/zapret $(1)/etc/init.d/zapret
+	$(INSTALL_BIN) ./init.d.sh $(1)/etc/init.d/zapret
 	$(INSTALL_CONF) ./config.default $(1)/opt/zapret/config.default
 	$(INSTALL_CONF) ./ipset/zapret-hosts-google.txt       $(1)/opt/zapret/ipset/zapret-hosts-google.txt
 	$(INSTALL_CONF) ./ipset/zapret-hosts-user-exclude.txt $(1)/opt/zapret/ipset/zapret-hosts-user-exclude.txt
 	$(INSTALL_CONF) ./ipset/zapret-ip-exclude.txt         $(1)/opt/zapret/ipset/zapret-ip-exclude.txt
-	$(INSTALL_BIN) ./sync_config.sh $(1)/opt/zapret/sync_config.sh
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_BIN) ./uci-def-cfg.sh $(1)/etc/uci-defaults/zapret-uci-def-cfg.sh
-	$(INSTALL_BIN) ./uci-def-cfg.sh $(1)/opt/zapret/uci-def-cfg.sh
+	$(INSTALL_BIN) ./uci-def-cfg.sh     $(1)/etc/uci-defaults/zapret-uci-def-cfg.sh
+	$(INSTALL_BIN) ./uci-def-cfg.sh     $(1)/opt/zapret/uci-def-cfg.sh
+	$(INSTALL_BIN) ./comfunc.sh         $(1)/opt/zapret/comfunc.sh
+	$(INSTALL_BIN) ./def-cfg.sh         $(1)/opt/zapret/def-cfg.sh
+	$(INSTALL_BIN) ./renew-cfg.sh       $(1)/opt/zapret/renew-cfg.sh
+	$(INSTALL_BIN) ./restore-def-cfg.sh $(1)/opt/zapret/restore-def-cfg.sh
+	$(INSTALL_BIN) ./sync_config.sh     $(1)/opt/zapret/sync_config.sh
 endef
 
 define Package/$(PKG_NAME)/preinst
@@ -133,15 +136,6 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
 		echo "Current file $${ZAPRET_CONFIG} backuped to $${ZAPRET_CONFIG_BACKUP}"
 		cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
 	fi
-	# create empty txt files into ipset directory
-	[ ! -f "/opt/zapret/ipset/zapret-hosts-google.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-google.txt"
-	#[ ! -f "/opt/zapret/ipset/zapret-hosts-auto.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-auto.txt"
-	[ ! -f "/opt/zapret/ipset/zapret-hosts-user.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user.txt"
-	[ ! -f "/opt/zapret/ipset/zapret-hosts-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user-ipban.txt"
-	#[ ! -f "/opt/zapret/ipset/zapret-ip.txt" ] && touch "/opt/zapret/ipset/zapret-ip.txt"
-	[ ! -f "/opt/zapret/ipset/zapret-ip-user.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user.txt"
-	[ ! -f "/opt/zapret/ipset/zapret-ip-user-exclude.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user-exclude.txt"
-	[ ! -f "/opt/zapret/ipset/zapret-ip-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user-ipban.txt"
 	# check existing uci-config
 	[ -f "/etc/config/zapret" ] && ZAPRET_CFG_EXISTS=1 || ZAPRET_CFG_EXISTS=0
 	# create or merge uci-config
@@ -151,6 +145,9 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
 	rm -f /etc/uci-defaults/zapret-uci-def-cfg.sh
 	# copy (sync) all params from uci-config to main config
 	/opt/zapret/sync_config.sh
+	# check main config
+	sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
+	sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || exit 58
 	# enable main service
 	/etc/init.d/zapret enable
 	# stop all
@@ -172,7 +169,14 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
 	EXEDIR=/opt/zapret
 	ZAPRET_BASE=/opt/zapret
 	ZAPRET_CONFIG=/opt/zapret/config
+	ZAPRET_CONFIG_DEF="/opt/zapret/config.default"
 	OPENWRT_FW_INCLUDE=/etc/firewall.zapret
+	# check main config
+	sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
+	if ! sh -n "$${ZAPRET_CONFIG}" 2>/dev/null ; then
+		ps w | grep '/opt/zapret/nfq/nfqws' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
+		exit 0
+	fi
 	. "$${ZAPRET_CONFIG}"
 	. "$${ZAPRET_BASE}/common/base.sh"
 	. "$${ZAPRET_BASE}/common/fwtype.sh"

zapret/comfunc.sh

@@ -0,0 +1,124 @@
+#!/bin/sh
+# Copyright (c) 2024 remittor
+
+EXEDIR=/opt/zapret
+ZAPRET_BASE=/opt/zapret
+
+ZAPRET_INITD=/etc/init.d/zapret
+ZAPRET_ORIG_INITD="$ZAPRET_BASE/init.d/openwrt/zapret"
+
+ZAPRET_CONFIG="$ZAPRET_BASE/config"
+ZAPRET_CONFIG_NEW="$ZAPRET_BASE/config.new"
+ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default"
+
+ZAPRET_CFG=/etc/config/zapret
+ZAPRET_CFG_NAME=zapret
+ZAPRET_CFG_SEC_NAME="$( uci -q get $ZAPRET_CFG_NAME.config )"
+
+. $ZAPRET_BASE/def-cfg.sh
+
+function adapt_for_sed
+{
+	local str=$( ( echo $1|sed -r 's/([\$\.\*\/\[\\^])/\\\1/g'|sed 's/[]]/\\]/g' )>&1 )
+	echo "$str"
+}
+
+function is_valid_config
+{
+	local fname=${1:-$ZAPRET_CONFIG}
+	sh -n "$fname" &>/dev/null
+	return $?
+}
+
+function get_ppid_by_pid
+{
+	local pid=$1
+	local ppid="$( cat /proc/$pid/status 2>/dev/null | grep '^PPid:' | awk '{print $2}' )"
+	echo "$ppid"
+}
+
+function get_proc_path_by_pid
+{
+	local pid=$1
+	local path=$( cat /proc/$pid/cmdline 2>/dev/null | tr '\0' '\n' | head -n1 )
+	echo "$path"
+}
+
+function get_proc_cmd_by_pid
+{
+	local pid=$1
+	local delim="$2"
+	local cmdline
+	if [ "$delim" = "" ]; then
+		cmdline="$( cat /proc/$pid/cmdline 2>/dev/null | tr '\0' '\n' )"
+	else
+		cmdline="$( cat /proc/$pid/cmdline 2>/dev/null | tr '\0' "$delim" )"
+	fi
+	echo "$cmdline"
+}
+
+function is_run_via_procd
+{
+	local pname
+	[ "$$" = "1" ] && return 0	
+	pname="$( get_proc_path_by_pid $$ )"
+	[ "$pname" = "/sbin/procd" ] && return 0
+	[ "$PPID" = "1" ] && return 0
+	pname="$( get_proc_path_by_pid $PPID )"
+	[ "$pname" = "/sbin/procd" ] && return 0
+	return 1
+}
+
+function is_run_on_boot
+{
+	local cmdline="$( get_proc_cmd_by_pid $$ ' ' )"
+	if echo "$cmdline" | grep -q " /etc/rc.d/S" ; then
+		if echo "$cmdline" | grep -q " boot $" ; then
+			return 0
+		fi
+	fi
+	return 1
+}
+
+function get_run_on_boot_option
+{
+	if [ "$( uci -q get $ZAPRET_CFG_NAME.config.run_on_boot )" = "1" ]; then
+		echo 1
+	else
+		echo 0
+	fi
+}
+
+function create_default_cfg
+{
+	local cfgname=${1:-$ZAPRET_CFG_NAME}
+	local cfgfile=/etc/config/$cfgname
+	rm -f $cfgfile
+	touch $cfgfile
+	uci set $cfgname.config=main
+	set_cfg_default_values $cfgname
+	return 0
+}
+
+function merge_cfg_with_def_values
+{
+	local cfgname=${1:-$ZAPRET_CFG_NAME}
+	local force=$2
+	local cfgfile=/etc/config/$cfgname
+	local NEWCFGNAME="zapret-default"
+	local NEWCFGFILE="/etc/config/$NEWCFGNAME"
+
+	local cfg_sec_name="$( uci -q get $ZAPRET_CFG_NAME.config )"
+	[ -z "$cfg_sec_name" ] && create_default_cfg
+
+	create_default_cfg "$NEWCFGNAME"
+	[ ! -f "$NEWCFGFILE" ] && return 1 
+
+	uci -m -f $cfgfile import "$NEWCFGNAME"
+	uci commit "$NEWCFGNAME"
+	uci -m -f "$NEWCFGFILE" import $cfgname
+	uci commit $cfgname
+	rm -f "$NEWCFGFILE"	
+	return 0
+}
+

zapret/config.default

@@ -93,7 +93,7 @@ NFQWS_PORTS_UDP_KEEPALIVE=0
 # use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
 # hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
 # <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
-NFQWS_OPT="--filter-tcp=80 <HOSTLIST> --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --new --filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt --dpi-desync=fake,split2 --dpi-desync-repeats=11 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --new --filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --new --filter-udp=443 <HOSTLIST_NOAUTO> --dpi-desync=fake --dpi-desync-repeats=11 --new --filter-tcp=80,443 <HOSTLIST> --dpi-desync=fake,disorder2 --dpi-desync-repeats=6 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig"
+NFQWS_OPT="--filter-tcp=80 <HOSTLIST> --dpi-desync=fake,fakedsplit --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --new --filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-repeats=11 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --new --filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --new --filter-udp=443 <HOSTLIST_NOAUTO> --dpi-desync=fake --dpi-desync-repeats=11 --new --filter-tcp=443 <HOSTLIST> --dpi-desync=fake,multidisorder --dpi-desync-split-pos=midsld --dpi-desync-repeats=6 --dpi-desync-fooling=badseq,md5sig"
 
 
 # FlowOffload mode : donttouch,none,software,hardware

zapret/def-cfg.sh

@@ -0,0 +1,67 @@
+#!/bin/sh
+# Copyright (c) 2024 remittor
+
+function set_cfg_default_values
+{
+	local cfgname=${1:-$ZAPRET_CFG_NAME}
+	local TAB="$( echo -n -e '\t' )"
+	uci batch <<-EOF
+		set $cfgname.config.run_on_boot='0'
+		# settings for zapret service
+		set $cfgname.config.FWTYPE='nftables'
+		set $cfgname.config.POSTNAT='1'
+		set $cfgname.config.FLOWOFFLOAD='none'
+		set $cfgname.config.INIT_APPLY_FW='1'
+		set $cfgname.config.DISABLE_IPV4='0'
+		set $cfgname.config.DISABLE_IPV6='1'
+		set $cfgname.config.MODE_FILTER='hostlist'
+		# autohostlist options
+		set $cfgname.config.AUTOHOSTLIST_RETRANS_THRESHOLD='3'
+		set $cfgname.config.AUTOHOSTLIST_FAIL_THRESHOLD='3'
+		set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60'
+		set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0'
+		# nfqws options
+		set $cfgname.config.NFQWS_ENABLE='1'
+		set $cfgname.config.DESYNC_MARK='0x40000000'
+		set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000'
+		set $cfgname.config.NFQWS_PORTS_TCP='80,443'
+		set $cfgname.config.NFQWS_PORTS_UDP='443'
+		set $cfgname.config.NFQWS_TCP_PKT_OUT='9'
+		set $cfgname.config.NFQWS_TCP_PKT_IN='3'
+		set $cfgname.config.NFQWS_UDP_PKT_OUT='9'
+		set $cfgname.config.NFQWS_UDP_PKT_IN='0'
+		set $cfgname.config.NFQWS_PORTS_TCP_KEEPALIVE='0'
+		set $cfgname.config.NFQWS_PORTS_UDP_KEEPALIVE='0'
+		set $cfgname.config.NFQWS_OPT="
+			--filter-tcp=80 <HOSTLIST>
+			--dpi-desync=fake,fakedsplit
+			--dpi-desync-autottl=2
+			--dpi-desync-fooling=md5sig
+			--new
+			--filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
+			--dpi-desync=fake,multidisorder
+			--dpi-desync-split-pos=1,midsld
+			--dpi-desync-repeats=11
+			--dpi-desync-fooling=md5sig
+			--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
+			--new
+			--filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
+			--dpi-desync=fake
+			--dpi-desync-repeats=11
+			--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
+			--new
+			--filter-udp=443 <HOSTLIST_NOAUTO>
+			--dpi-desync=fake
+			--dpi-desync-repeats=11
+			--new
+			--filter-tcp=443 <HOSTLIST>
+			--dpi-desync=fake,multidisorder
+			--dpi-desync-split-pos=midsld
+			--dpi-desync-repeats=6
+			--dpi-desync-fooling=badseq,md5sig
+		"
+		# save changes
+		commit $cfgname
+	EOF
+	return 0
+}

zapret/init.d.sh

@@ -0,0 +1,73 @@
+#!/bin/sh /etc/rc.common
+# Copyright (c) 2024 remittor
+
+USE_PROCD=1
+# after network
+START=21
+
+SCRIPT_FILENAME=$1
+
+. /opt/zapret/comfunc.sh
+
+if ! is_valid_config ; then
+	logger -p err -t ZAPRET "Wrong main config: $ZAPRET_CONFIG"
+	exit 91
+fi
+
+. $ZAPRET_ORIG_INITD
+
+EXEDIR=/opt/zapret
+ZAPRET_BASE=/opt/zapret
+
+is_run_on_boot && IS_RUN_ON_BOOT=1 || IS_RUN_ON_BOOT=0
+
+
+function enable
+{
+	local run_on_boot=""
+	if [ "$IS_RUN_ON_BOOT" = "1" ]; then
+		if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
+			run_on_boot=$( get_run_on_boot_option )
+			if [ $run_on_boot != 1 ]; then
+				logger -p notice -t ZAPRET "Attempt to enable service, but service blocked!"
+				return 61
+			fi
+		fi
+	fi
+	if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
+		uci set $ZAPRET_CFG_NAME.config.run_on_boot=1
+		uci commit
+	fi
+	/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD enable
+}
+
+function enabled
+{
+	local run_on_boot=""
+	if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
+		run_on_boot=$( get_run_on_boot_option )
+		if [ $run_on_boot != 1 ]; then
+			if [ "$IS_RUN_ON_BOOT" = "1" ]; then
+				logger -p notice -t ZAPRET "Service is blocked!"
+			fi
+			return 61
+		fi
+	fi
+	/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD enabled
+}
+
+function boot
+{
+	local run_on_boot=""
+	if [ "$IS_RUN_ON_BOOT" = "1" ]; then
+		if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
+			run_on_boot=$( get_run_on_boot_option )
+			if [ $run_on_boot != 1 ]; then
+				logger -p notice -t ZAPRET "Attempt to run service on boot! Service is blocked!"
+				return 61
+			fi
+		fi
+	fi
+	/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD start "$@"
+}
+

zapret/renew-cfg.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+# Copyright (c) 2024 remittor
+
+. /opt/zapret/comfunc.sh
+
+merge_cfg_with_def_values
+
+CONFIGS_SYNC=0
+
+[ ! -f "$ZAPRET_CONFIG" ] && CONFIGS_SYNC=1
+[ "$1" = "sync" ] && CONFIGS_SYNC=1
+
+if [ "$CONFIGS_SYNC" = "1" ]; then
+	# renew main config
+	/opt/zapret/sync_config.sh
+fi

zapret/restore-def-cfg.sh

@@ -0,0 +1,18 @@
+#!/bin/sh
+# Copyright (c) 2024 remittor
+
+. /opt/zapret/comfunc.sh
+
+cfg_run_on_boot="$( uci -q get zapret.config.run_on_boot )"
+
+create_default_cfg
+
+if [ "$cfg_run_on_boot" = "1" ]; then
+	uci set zapret.config.run_on_boot=1
+	uci commit
+fi
+
+if [ "$1" = "sync" ]; then
+	# renew main config
+	/opt/zapret/sync_config.sh
+fi

zapret/sync_config.sh

@@ -1,24 +1,7 @@
 #!/bin/sh
 # Copyright (c) 2024 remittor
 
-EXEDIR=/opt/zapret
-ZAPRET_BASE=/opt/zapret
-ZAPRET_CONFIG="$ZAPRET_BASE/config"
-ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default"
-ZAPRET_CFG=/etc/config/zapret
-
-ZAPRET_CFG_SEC_NAME="$( uci -q get zapret.config )"
-
-if [ -z "$ZAPRET_CFG_SEC_NAME" ]; then
-	# wrong uci-config
-	return 1
-fi
-
-function get_sed_compat
-{
-	local str=$( ( echo $1|sed -r 's/([\$\.\*\/\[\\^])/\\\1/g'|sed 's/[]]/\\]/g' )>&1 )
-	echo "$str"
-}
+. /opt/zapret/comfunc.sh
 
 function uncomment_param
 {
@@ -41,7 +24,7 @@ function append_param
 function set_param_value
 {
 	local param=$1
-	local value=$( get_sed_compat "$2" )
+	local value=$( adapt_for_sed "$2" )
 	local fname=${3:-$ZAPRET_CONFIG}
 	sed -i "s/^$param=.*/$param=$value/g" $fname
 }
@@ -49,7 +32,7 @@ function set_param_value
 function set_param_value_str
 {
 	local param=$1
-	local value=$( get_sed_compat "$2" )
+	local value=$( adapt_for_sed "$2" )
 	local fname=${3:-$ZAPRET_CONFIG}
 	sed -i "s/^$param=.*/$param=\"$value\"/g" $fname
 }
@@ -80,6 +63,11 @@ if [ ! -f "$ZAPRET_CONFIG" ]; then
 	fi
 fi
 
+cp -f "$ZAPRET_CONFIG" "$ZAPRET_CONFIG_NEW"
+
+ZAPRET_CONFIG__SAVED="$ZAPRET_CONFIG"
+ZAPRET_CONFIG="$ZAPRET_CONFIG_NEW"
+
 sync_param FWTYPE
 sync_param POSTNAT
 sync_param FLOWOFFLOAD
@@ -105,3 +93,13 @@ sync_param NFQWS_UDP_PKT_IN str
 sync_param NFQWS_PORTS_TCP_KEEPALIVE
 sync_param NFQWS_PORTS_UDP_KEEPALIVE
 sync_param NFQWS_OPT str
+
+ZAPRET_CONFIG="$ZAPRET_CONFIG__SAVED"
+
+if is_valid_config "$ZAPRET_CONFIG_NEW" ; then
+	cp -f "$ZAPRET_CONFIG_NEW" "$ZAPRET_CONFIG"
+	rm -f "$ZAPRET_CONFIG_NEW"
+else
+	rm -f "$ZAPRET_CONFIG_NEW"
+	return 97
+fi

zapret/uci-def-cfg.sh

@@ -1,143 +1,18 @@
 #!/bin/sh
 # Copyright (c) 2024 remittor
 
-SCRIPT_SOURCED=0
-case ${0##*/} in ash|-ash) SCRIPT_SOURCED=1;; esac
-#[[ $_ != $0 ]] && echo "Script is being sourced" || echo "Script is a subshell"
+. /opt/zapret/comfunc.sh
 
-ZAPRET_BASE=/opt/zapret
-ZAPRET_CONFIG="$ZAPRET_BASE/config"
-ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default"
-ZAPRET_CFG_FILE=/etc/config/zapret
-ZAPRET_CFG_NAME=zapret
+# create empty txt files into ipset directory
+[ ! -f "/opt/zapret/ipset/zapret-hosts-google.txt"     ] && touch "/opt/zapret/ipset/zapret-hosts-google.txt"
+#[ ! -f "/opt/zapret/ipset/zapret-hosts-auto.txt"      ] && touch "/opt/zapret/ipset/zapret-hosts-auto.txt"
+[ ! -f "/opt/zapret/ipset/zapret-hosts-user.txt"       ] && touch "/opt/zapret/ipset/zapret-hosts-user.txt"
+[ ! -f "/opt/zapret/ipset/zapret-hosts-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user-ipban.txt"
+#[ ! -f "/opt/zapret/ipset/zapret-ip.txt"              ] && touch "/opt/zapret/ipset/zapret-ip.txt"
+[ ! -f "/opt/zapret/ipset/zapret-ip-user.txt"          ] && touch "/opt/zapret/ipset/zapret-ip-user.txt"
+[ ! -f "/opt/zapret/ipset/zapret-ip-user-exclude.txt"  ] && touch "/opt/zapret/ipset/zapret-ip-user-exclude.txt"
+[ ! -f "/opt/zapret/ipset/zapret-ip-user-ipban.txt"    ] && touch "/opt/zapret/ipset/zapret-ip-user-ipban.txt"
 
-CFG_OPT_FORCE=0
-CFG_OPT_MERGE=0
-CFG_OPT_SYNC_CFG=0
-
-
-function set_default_values
-{
-	local cfgname=${1:-$ZAPRET_CFG_NAME}
-	local TAB="$( echo -n -e '\t' )"
-	uci batch <<-EOF
-		set $cfgname.config.autostart='0'
-		# settings for zapret service
-		set $cfgname.config.FWTYPE='nftables'
-		set $cfgname.config.POSTNAT='1'
-		set $cfgname.config.FLOWOFFLOAD='none'
-		set $cfgname.config.INIT_APPLY_FW='1'
-		set $cfgname.config.DISABLE_IPV4='0'
-		set $cfgname.config.DISABLE_IPV6='1'
-		set $cfgname.config.MODE_FILTER='hostlist'
-		# autohostlist options
-		set $cfgname.config.AUTOHOSTLIST_RETRANS_THRESHOLD='3'
-		set $cfgname.config.AUTOHOSTLIST_FAIL_THRESHOLD='3'
-		set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60'
-		set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0'
-		# nfqws options
-		set $cfgname.config.NFQWS_ENABLE='1'
-		set $cfgname.config.DESYNC_MARK='0x40000000'
-		set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000'
-		set $cfgname.config.NFQWS_PORTS_TCP='80,443'
-		set $cfgname.config.NFQWS_PORTS_UDP='443'
-		set $cfgname.config.NFQWS_TCP_PKT_OUT='9'
-		set $cfgname.config.NFQWS_TCP_PKT_IN='3'
-		set $cfgname.config.NFQWS_UDP_PKT_OUT='9'
-		set $cfgname.config.NFQWS_UDP_PKT_IN='0'
-		set $cfgname.config.NFQWS_PORTS_TCP_KEEPALIVE='0'
-		set $cfgname.config.NFQWS_PORTS_UDP_KEEPALIVE='0'
-		set $cfgname.config.NFQWS_OPT="
-			--filter-tcp=80 <HOSTLIST>
-			--dpi-desync=fake,split2
-			--dpi-desync-autottl=2
-			--dpi-desync-fooling=md5sig
-			--new
-			--filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-			--dpi-desync=fake,split2
-			--dpi-desync-repeats=11
-			--dpi-desync-fooling=md5sig
-			--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
-			--new
-			--filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
-			--dpi-desync=fake
-			--dpi-desync-repeats=11
-			--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
-			--new
-			--filter-udp=443 <HOSTLIST_NOAUTO>
-			--dpi-desync=fake
-			--dpi-desync-repeats=11
-			--new
-			--filter-tcp=80,443 <HOSTLIST>
-			--dpi-desync=fake,disorder2
-			--dpi-desync-repeats=6
-			--dpi-desync-autottl=2
-			--dpi-desync-fooling=md5sig
-		"
-		# save changes
-		commit $cfgname
-	EOF
-	return 0
-}
-
-function create_default_config
-{
-	local cfgname=${1:-$ZAPRET_CFG_NAME}
-	local cfgfile=/etc/config/$cfgname
-	rm -f $cfgfile
-	touch $cfgfile
-	uci set $cfgname.config=main
-	set_default_values $cfgname
-	return 0
-}
-
-function merge_config_with_def_values
-{
-	local cfgname=${1:-$ZAPRET_CFG_NAME}
-	local force=$2
-	local cfgfile=/etc/config/$cfgname
-	local NEWCFGNAME="zapret-default"
-	local NEWCFGFILE="/etc/config/$NEWCFGNAME"
-
-	create_default_config "$NEWCFGNAME"
-	[ ! -f "$NEWCFGFILE" ] && return 1 
-
-	uci -m -f $cfgfile import "$NEWCFGNAME"
-	uci commit "$NEWCFGNAME"
-	uci -m -f "$NEWCFGFILE" import $cfgname
-	uci commit $cfgname
-	rm -f "$NEWCFGFILE"	
-	return 0
-}
-
-
-if [ "$SCRIPT_SOURCED" != "1" ]; then
-	while getopts "fms" SCRIPT_OPT; do
-		case $SCRIPT_OPT in
-			f) CFG_OPT_FORCE=1;;
-			m) CFG_OPT_MERGE=1;;
-			s) CFG_OPT_SYNC_CFG=1;;
-		esac
-	done
-
-	if [ ! -f "$ZAPRET_CFG_FILE" ]; then
-		CFG_OPT_FORCE=1
-	fi
-
-	if [ "$CFG_OPT_FORCE" = "1" ]; then
-		create_default_config
-		[ "$CFG_OPT_SYNC_CFG" = "1" ] && /opt/zapret/sync_config.sh
-		return 0
-	fi
-fi
-
-
-CFG_OPT_MERGE=1
-merge_config_with_def_values
-
-if [ ! -f "$ZAPRET_CONFIG" ]; then
-	# create main config
-	/opt/zapret/sync_config.sh
-fi
-
-return 0
+# create or merge uci-config
+$ZAPRET_BASE/renew-cfg.sh
+