From cfd35b6bf8b4a3214e689a8e88ed641297523b89 Mon Sep 17 00:00:00 2001
From: Stan Grishin <stangri@melmac.ca>
Date: Mon, 27 Jan 2025 04:36:07 +0000
Subject: [PATCH] pbr: bugfixes: boot-up and negative dest_addr

* bugfix: more robust boot-up behaviour, obsoleting following config
  options: procd_boot_delay, procd_boot_timeout, procd_wan_ignore_status
* bugfix: fix typo in processing negations on dest_addr

Signed-off-by: Stan Grishin <stangri@melmac.ca>
---
 net/pbr/Makefile             |  2 +-
 net/pbr/files/etc/config/pbr |  1 -
 net/pbr/files/etc/init.d/pbr | 55 ++++++++++++++----------------------
 3 files changed, 22 insertions(+), 36 deletions(-)

diff --git a/net/pbr/Makefile b/net/pbr/Makefile
index 4d6cc98bd7..53c6643333 100644
--- a/net/pbr/Makefile
+++ b/net/pbr/Makefile
@@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=pbr
 PKG_VERSION:=1.1.8
-PKG_RELEASE:=4
+PKG_RELEASE:=6
 PKG_LICENSE:=AGPL-3.0-or-later
 PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
 
diff --git a/net/pbr/files/etc/config/pbr b/net/pbr/files/etc/config/pbr
index 3fbc58537d..f6d50ebd4f 100644
--- a/net/pbr/files/etc/config/pbr
+++ b/net/pbr/files/etc/config/pbr
@@ -8,7 +8,6 @@ config pbr 'config'
 	list ignored_interface 'vpnserver'
 	option boot_timeout '30'
 	option rule_create_option 'add'
-	option procd_boot_delay '0'
 	option procd_reload_delay '1'
 	option webui_show_ignore_target '0'
 	option nft_rule_counter '0'
diff --git a/net/pbr/files/etc/init.d/pbr b/net/pbr/files/etc/init.d/pbr
index d5f0b26d04..9fa2696474 100755
--- a/net/pbr/files/etc/init.d/pbr
+++ b/net/pbr/files/etc/init.d/pbr
@@ -47,7 +47,6 @@ readonly xrayIfacePrefix='xray_'
 readonly rtTablesFile='/etc/iproute2/rt_tables'
 
 # package config options
-procd_boot_timeout=
 enabled=
 fw_mask=
 icmp_interface=
@@ -55,10 +54,8 @@ ignored_interface=
 ipv6_enabled=
 nft_user_set_policy=
 nft_user_set_counter=
-procd_boot_delay=
 procd_reload_delay=
 procd_lan_device=
-procd_wan_ignore_status=
 procd_wan_interface=
 procd_wan6_interface=
 procd_wan6_metric='128'
@@ -94,6 +91,7 @@ ifacesSupported=
 firewallWanZone=
 wanGW4=
 wanGW6=
+pbr_boot_flag=
 serviceStartTrigger=
 processDnsPolicyError=
 processPolicyError=
@@ -460,10 +458,8 @@ load_package_config() {
 	config_get_bool strict_enforcement        'config' 'strict_enforcement' '1'
 	config_get      supported_interface       'config' 'supported_interface'
 	config_get      verbosity                 'config' 'verbosity' '2'
-	config_get      procd_boot_delay          'config' 'procd_boot_delay' '0'
-	config_get      procd_boot_timeout        'config' 'procd_boot_timeout' '30'
+	config_get      procd_reload_delay        'config' 'procd_reload_delay' '0'
 	config_get      procd_lan_device          'config' 'procd_lan_device'  'br-lan'
-	config_get      procd_wan_ignore_status   'config' 'procd_wan_ignore_status' '1'
 	config_get      procd_wan_interface       'config' 'procd_wan_interface'  'wan'
 	config_get      procd_wan6_interface      'config' 'procd_wan6_interface' 'wan6'
 	config_get      wan_ip_rules_priority     'config' 'wan_ip_rules_priority' '30000'
@@ -506,7 +502,6 @@ load_package_config() {
 		${nft_set_policy:+ policy "$nft_set_policy";} \
 		${nft_set_timeout:+ timeout "$nft_set_timeout";} \
 		"
-
 }
 
 # shellcheck disable=SC2317
@@ -621,21 +616,13 @@ load_network() {
 
 is_wan_up() {
 	local sleepCount='1' param="$1"
-	[ "$procd_wan_ignore_status" -eq '1' ] && return 0
-	[ "$param" = 'on_boot' ] || procd_boot_timeout='1'
 	if [ -z "$(uci_get network "$procd_wan_interface")" ]; then
 		state add 'errorSummary' 'errorNoWanInterface' "$procd_wan_interface"
 		state add 'errorSummary' 'errorNoWanInterfaceHint'
 		return 1
 	fi
-	while [ -z "$wanGW" ]; do
-		load_network "$param"
-		if [ "$((sleepCount))" -gt "$((procd_boot_timeout))" ] || [ -n "$wanGW" ]; then break; fi
-		output "$serviceName waiting for $procd_wan_interface gateway...\n"
-		sleep 1
-		network_flush_cache
-		sleepCount=$((sleepCount+1))
-	done
+	network_flush_cache
+	load_network "$param"
 	if [ -n "$wanGW" ]; then
 		return 0
 	else
@@ -1283,7 +1270,7 @@ policy_routing() {
 
 		if [ -n "$dest_addr" ]; then 
 			if [ "${dest_addr:0:1}" = "!" ]; then
-				negation='!='; value="${src_addr//\!}"; nftset_suffix='_neg';
+				negation='!='; value="${dest_addr//\!}"; nftset_suffix='_neg';
 			else
 				unset negation; value="$dest_addr"; unset nftset_suffix;
 			fi
@@ -1976,13 +1963,10 @@ user_file_process() {
 }
 
 boot() {
-	local procd_boot_delay
-	config_load "$packageName"
-	config_get procd_boot_delay 'config' 'procd_boot_delay' '0'
 	nft_file 'delete'
 	ubus -t 30 wait_for network.interface 2>/dev/null
-	{ is_integer "$procd_boot_delay" && sleep "$procd_boot_delay"; \
-		rc_procd start_service 'on_boot' && service_started 'on_boot'; } &
+	pbr_boot_flag=1
+	rc_procd start_service 'on_boot' && service_started 'on_boot'
 }
 
 on_firewall_reload() { 
@@ -2010,6 +1994,7 @@ on_interface_reload() {
 start_service() {
 	local resolverStoredHash resolverNewHash i param="$1" reloadedIface
 
+	[ -n "$pbr_boot_flag" ] && return 0
 	load_environment "${param:-on_start}" "$(load_validate_config)" || return 1
 	is_wan_up "$param" || return 1
 
@@ -2176,14 +2161,19 @@ service_triggers() {
 		load_validate_policy
 		load_validate_include
 	procd_close_validate
-	procd_open_trigger
-		procd_add_config_trigger "config.change" 'openvpn' "/etc/init.d/${packageName}" reload 'on_openvpn_change'
-		procd_add_config_trigger "config.change" "${packageName}" "/etc/init.d/${packageName}" reload
-		for n in $ifacesSupported; do 
-			procd_add_interface_trigger "interface.*" "$n" "/etc/init.d/${packageName}" on_interface_reload "$n"
-		done
-	procd_close_trigger
-#	procd_add_raw_trigger "interface.*.up" 4000 "/etc/init.d/${packageName}" restart 'on_interface_up'
+	if [ -n "$pbr_boot_flag" ]; then
+		output "Setting triggers (on_boot) "
+# shellcheck disable=SC2015
+		procd_add_raw_trigger "interface.*.up" 5000 "/etc/init.d/${packageName}" start && output_okn || output_failn
+	else
+		procd_open_trigger
+			procd_add_config_trigger "config.change" 'openvpn' "/etc/init.d/${packageName}" reload 'on_openvpn_change'
+			procd_add_config_trigger "config.change" "${packageName}" "/etc/init.d/${packageName}" reload
+			for n in $ifacesSupported; do 
+				procd_add_interface_trigger "interface.*" "$n" "/etc/init.d/${packageName}" on_interface_reload "$n"
+			done
+		procd_close_trigger
+	fi
 	if [ "$serviceStartTrigger" = 'on_start' ]; then
 		output 3 "$serviceName monitoring interfaces: ${ifacesSupported}\n"
 	fi
@@ -2368,11 +2358,8 @@ load_validate_config() {
 		'icmp_interface:or("", tor, uci("network", "@interface"))' \
 		'ignored_interface:list(or(tor, uci("network", "@interface")))' \
 		'supported_interface:list(or(ignore, tor, regex("xray_.*"), uci("network", "@interface")))' \
-		'procd_boot_delay:integer:0' \
-		'procd_boot_timeout:integer:30' \
 		'procd_reload_delay:integer:0' \
 		'procd_lan_device:list(or(network)):br-lan' \
-		'procd_wan_ignore_status:bool:1' \
 		'procd_wan_interface:network:wan' \
 		'procd_wan6_interface:network:wan6' \
 		'wan_ip_rules_priority:uinteger:30000' \
-- 
2.30.2