- 09 Mar, 2026 4 commits
-
-
Vitaly Lipatov authored
-
Vitaly Lipatov authored
Co-Authored-By:Claude Opus 4.6 <noreply@anthropic.com>
-
Vitaly Lipatov authored
Remove check_passwords/ (john the ripper scripts) and nx/get-list.pl (contains hardcoded DB credentials). Co-Authored-By: -
Vitaly Lipatov authored
Kernels 6.x output "I/O error, dev sde, sector ..." without the blk_update_request/end_request prefix. Add this format to the grep pattern so --list works on modern kernels. Co-Authored-By:
-
- 08 Mar, 2026 6 commits
-
-
Vitaly Lipatov authored
- Remove "direct" gateway, use socks5:// proxies for all checks - Add IPv6 proxy addresses for dual-stack gateway checking - beget nodes have no IPv6 (proxy_v6=None), correctly shown as NOIP - Add egw/dgw/igw to sidebar under Маршрутизаторы section - Sort all sidebar items alphabetically within sections Co-Authored-By: -
Vitaly Lipatov authored
Co-Authored-By: -
Vitaly Lipatov authored
Prevents loss of comments and preserves file order. Co-Authored-By: -
Vitaly Lipatov authored
Co-Authored-By: -
Vitaly Lipatov authored
- route-health.sh: collect per-gateway status (loss, vpn, iperf) into JSON - route-health.sh: write health.json for web-api consumption - web-api: add GET /api/health endpoint serving health.json - web-api: add POST/GET /api/googlevideo for CDN pattern management - web-api: add health status sidebar with auto-refresh (30s) Co-Authored-By: -
Vitaly Lipatov authored
- Add POST/GET /api/googlevideo endpoints for pattern management - Add collect-googlevideo.sh daemon (tails BIND query log for CDN domains) - Normalizes rr3---sn-XXX.googlevideo.com to rr[1-8]---sn-XXX pattern Co-Authored-By:
-
- 07 Mar, 2026 1 commit
-
-
Vitaly Lipatov authored
- route-update.sh: add flock to prevent concurrent runs - route-update.sh: measure and save execution duration - route-web-api.py: skip IPv6 checks for domains without AAAA (NOIP) - route-web-api.py: move "Проверить" button first, add Enter key handler - route-web-api.py: show update duration in status bar - route-web-api.py: expose duration in /api/status Co-Authored-By:
-
- 05 Mar, 2026 1 commit
-
-
Vitaly Lipatov authored
Volatile detection: - Remove single-record restriction (count<=1) that missed multi-record domains like youtube.com with 4 rotating AAAA records - Add diff-resolvers check: domain is volatile if local and extra DNS return different IPs (catches cached TTL > threshold cases) - expand_volatile_subnets now also processes domains with accumulated volatile_ips from prior runs, not only current volatile_domains (fixes race where cached TTL > threshold causes empty volatile_domains but IPs were already collected) IP validation: - Validate resolved IPs with python3 ipaddress before ip-batch loading - Filter out invalid entries (e.g. malformed IPv6) with WARNING log - Prevents ip-batch failures from corrupting route tables Co-Authored-By:
-
- 04 Mar, 2026 6 commits
-
-
Vitaly Lipatov authored
Co-Authored-By: -
Vitaly Lipatov authored
Replace grep '[g-zG-Z]' with list_has_domains() that filters out IPv4 (digits/dots/slashes) and IPv6 (hex/colons/slashes) patterns, then checks if anything remains. This correctly handles IPv6 IP-only lists where hex digits a-f caused false positive domain detection. Co-Authored-By: -
Vitaly Lipatov authored
[a-zA-Z] matches hex digits a-f in IPv6 addresses, causing IP-only lists like antifilter-ip6 (127k entries) to be treated as domain lists. This triggered useless history merge (sort -u on ~2.5M lines = 77 min) and DNS resolution attempts. Use [g-zG-Z] instead, which correctly distinguishes domain names from IPv6 hex notation. Co-Authored-By: -
Vitaly Lipatov authored
Resolve history accumulation (20 snapshots + sort -u) is only useful for domain lists where DNS round-robin returns different IPs each time. For IP/subnet-only lists (like antifilter-ip6 with 127k entries), every snapshot is identical, making the merge a waste of ~77 minutes. Co-Authored-By: -
Vitaly Lipatov authored
detect_volatile_domains() and expand_volatile_subnets() now run dig queries in parallel (10 concurrent) via temp script + xargs -P. Reduces wall time from ~3min to ~20sec for lists with 200+ domains (telegram 135 + whatsapp 69). Co-Authored-By: -
Vitaly Lipatov authored
Volatile domain detection (short TTL, single record) was IPv4-only. Now works for both A and AAAA records. For IPv6 volatile domains (e.g. Akamai CDN rotation), computes covering /48+ subnets from accumulated IPs across runs, so new rotated IPs hit the bypass route instead of default gateway. Co-Authored-By:
-
- 03 Mar, 2026 1 commit
-
-
Vitaly Lipatov authored
Shows what users actually get from the office via policy routing, without going through any SOCKS5 proxy. Co-Authored-By:
-
- 02 Mar, 2026 6 commits
-
-
Vitaly Lipatov authored
Fetch HTML once to find asset URLs, then download the asset through every gateway in parallel. Show SLOW badge on each throttled gateway. Throttle details section lists all affected gateways with sizes/times. Co-Authored-By: -
Vitaly Lipatov authored
Override dgw gateway status from OK to SLOW in the badge when TSPU throttling is detected. Tooltip shows asset name, size and time. Co-Authored-By: -
Vitaly Lipatov authored
Download the HTML page via dgw, parse CSS/JS asset URLs, and try downloading them. If an asset stalls at ~16KB after timeout — report as TSPU throttling (typical TCP initial window cutoff signature). Runs in parallel with existing gateway checks. Co-Authored-By: -
Vitaly Lipatov authored
Protect read-modify-write cycles in handle_add/remove/move and consistent reads in /api/list with _list_lock to prevent data loss when multiple users modify lists simultaneously. Co-Authored-By: -
Vitaly Lipatov authored
- Replace per-entry move/remove buttons with single dropdown button (⇄) - Add context menu on right-click (check, move, remove) - Move "remove" into dropdown/context menu as last item (red) - Keep "?" check button inline for quick access - Add CSS spinner animation on check result block during loading - Show check result block immediately with domain name and spinner - Align sidebar IPs with flexbox columns - Reduce button padding for compact 3-column layout Co-Authored-By: -
Vitaly Lipatov authored
- Add third list "geo" (web-geo.list) for geo-blocked domains routed via gre - Add warp gateway to CHECK_GATEWAYS for site availability checks - Add left sidebar with all egw/ogw proxy servers (17 egw + 4 ogw) - Replace "Без правила" button with "Geo (gre)" button - Update makeEntry() to show two move buttons per entry (to other two lists) - Update OpenAPI spec with geo mode in all endpoints - Update documentation with web-geo.list and gre symlinks - Widen layout from 900px to 1300px for sidebar + 3 columns Co-Authored-By:
-
- 28 Feb, 2026 6 commits
-
-
Vitaly Lipatov authored
Helps accumulate more DNS round-robin IPs over time. Co-Authored-By: -
Vitaly Lipatov authored
Filter out invalid entries after DNS resolve: - IPv4: validate format and octet range (0-255) - IPv6: validate hex:colon format - Log WARNING when garbage entries are filtered Prevents broken IPs like 1886.110.224.97 from entering routing tables. Co-Authored-By: -
Vitaly Lipatov authored
Co-Authored-By: -
Vitaly Lipatov authored
route-health.sh creates gw-* state directories for per-gateway health tracking inside .state/routes.d/GROUP/. route-update.sh was incorrectly treating them as orphaned list-state and deleting them every run. Co-Authored-By: -
Vitaly Lipatov authored
New container cloned from xray.hetzner, traffic routed via gre.beget to Cloudflare WARP. Exit via Cloudflare PoP (ARN Stockholm). Co-Authored-By: -
Vitaly Lipatov authored
Co-Authored-By:
-
- 25 Feb, 2026 9 commits
-
-
Vitaly Lipatov authored
- Flush routes per dead gateway instead of waiting for entire group to die - Add iperf3 bandwidth (success=0 → dead) as third health signal - Ping threshold: >=50% loss is now dead (was 100%) - State tracking per gateway (.state/GROUP/gw-TAG/) - GRE detection: use link UP instead of RX bytes delta (fixes false disconnected status on idle tunnels) - Timer interval: 20s (was 1min) Co-Authored-By: -
Vitaly Lipatov authored
Query vpn_status (connected=0/1) alongside ping data. If VPN tunnel is reported disconnected, gateway is immediately marked dead without waiting for ping loss to accumulate. VPN status is checked with 1m window (vs 3m for ping) since it updates every 10s. Shows vpn=DOWN marker in --show output for affected gateways. Co-Authored-By: -
Vitaly Lipatov authored
Auto-detects VPN type and reports status to InfluxDB via Telegraf exec: - IKEv2/strongSwan: swanctl or ipsec* interface + RX bytes - OpenVPN: process + tun0 interface - GRE: gre1 interface + RX bytes changing - OpenConnect: process + vpns/tun interface - Xray: process + SOCKS port listening - AmneziaWG/WireGuard: interface + recent handshake Deployed to all 11 egw/ogw containers with Telegraf integration. Co-Authored-By: -
Vitaly Lipatov authored
- Check domain accessibility through all gateways via SOCKS5 in parallel - Resolve domain IPs (v4+v6) and find matches in active route lists - Distinguish proxy errors (PROXY?) from site blocks (BLOCK) - Show whois summary (registrar, org, dates, nameservers) - Add per-entry check button in bypass/direct lists - Rate-limit: one check at a time (threading.Lock) Co-Authored-By: -
Vitaly Lipatov authored
Switch bandwidth source from net.bytes_recv (current traffic) to iperf3.recv_bps (tunnel throughput). Add gre.vdska gateway (91.232.225.127). Co-Authored-By: -
Vitaly Lipatov authored
Rename gre.beget/ikev2.beget to gre.beget.ogw/ikev2.beget.ogw to match telegraf gateway names. Add /api/bandwidth endpoint querying InfluxDB for 30-min average throughput. Display as first table row. Co-Authored-By: -
Vitaly Lipatov authored
Co-Authored-By: -
Vitaly Lipatov authored
Add --json FILE option to check-blocked.sh for machine-readable output. Add check-blocked-web.py: minimal web server displaying results as a color-coded HTML table with auto-refresh every 5 min. Co-Authored-By: -
Vitaly Lipatov authored
Co-Authored-By:
-
