From ddf480e6edc7eef819392d6cc3e0ffe5e0fc9269 Mon Sep 17 00:00:00 2001
From: CyberMind-FR <gandalf@Gk2.net>
Date: Tue, 17 Mar 2026 07:39:09 +0100
Subject: [PATCH] fix(droplet,dpi): Resolve publish hang and broken pipe errors

- dropletctl: Remove pipe to grep that blocked on background children
- metablogizerctl: Background HAProxy generate/reload (~90s with 95 certs)
- dpi-lan-collector: Pre-compute flow counts in single pass instead of
  spawning grep per client (eliminates broken pipe errors)

Publish time reduced from ~2 min to ~35 seconds.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../files/usr/sbin/dropletctl                 |  3 +-
 .../files/usr/sbin/metablogizerctl            | 18 ++++++----
 .../files/usr/sbin/dpi-lan-collector          | 33 +++++++++++++++----
 3 files changed, 39 insertions(+), 15 deletions(-)

diff --git a/package/secubox/secubox-app-droplet/files/usr/sbin/dropletctl b/package/secubox/secubox-app-droplet/files/usr/sbin/dropletctl
index 1ab7ac5b..6ede6811 100644
--- a/package/secubox/secubox-app-droplet/files/usr/sbin/dropletctl
+++ b/package/secubox/secubox-app-droplet/files/usr/sbin/dropletctl
@@ -181,9 +181,10 @@ NFOEOF
         log_info "Registered MetaBlog site on port $port"
 
         # Use metablogizerctl to fully publish (creates uhttpd, HAProxy, mitmproxy routes)
+        # Note: HAProxy config regeneration runs in background (~90s), publish returns immediately
         if command -v metablogizerctl >/dev/null 2>&1; then
             log_info "Running metablogizerctl publish..."
-            metablogizerctl publish "$name" 2>&1 | grep -E "^\[" || true
+            metablogizerctl publish "$name" 2>&1
         fi
     fi
 
diff --git a/package/secubox/secubox-app-metablogizer/files/usr/sbin/metablogizerctl b/package/secubox/secubox-app-metablogizer/files/usr/sbin/metablogizerctl
index 409cafa8..44830f20 100644
--- a/package/secubox/secubox-app-metablogizer/files/usr/sbin/metablogizerctl
+++ b/package/secubox/secubox-app-metablogizer/files/usr/sbin/metablogizerctl
@@ -507,11 +507,14 @@ cmd_publish() {
 
 	uci commit haproxy
 
-	# Regenerate HAProxy config and reload container
-	/usr/sbin/haproxyctl generate 2>/dev/null
-	/usr/sbin/haproxyctl reload 2>/dev/null
+	# Regenerate HAProxy config and reload container (in background - takes ~90s with many vhosts)
+	(
+		/usr/sbin/haproxyctl generate >/dev/null 2>&1
+		/usr/sbin/haproxyctl reload >/dev/null 2>&1
+	) &
 
 	log_info "Site published!"
+	log_info "HAProxy config regenerating in background..."
 	echo ""
 	echo "URL: https://$domain"
 	echo ""
@@ -555,8 +558,9 @@ cmd_delete() {
 		uci delete haproxy.metablog_${name} 2>/dev/null
 		uci delete haproxy.metablog_${name}_srv 2>/dev/null
 		uci commit haproxy
-		/usr/sbin/haproxyctl generate 2>/dev/null
-		/etc/init.d/haproxy reload 2>/dev/null
+		# Background HAProxy regeneration (takes ~90s with many vhosts)
+		(/usr/sbin/haproxyctl generate >/dev/null 2>&1 && /etc/init.d/haproxy reload >/dev/null 2>&1) &
+		log_info "HAProxy config regenerating in background..."
 	fi
 
 	# Remove site config
@@ -994,9 +998,9 @@ _emancipate_haproxy() {
 
 	uci commit haproxy
 
-	# Generate HAProxy config
+	# Generate HAProxy config (in background - takes ~90s with many vhosts)
 	if command -v haproxyctl >/dev/null 2>&1; then
-		haproxyctl generate 2>/dev/null
+		haproxyctl generate >/dev/null 2>&1 &
 	fi
 }
 
diff --git a/package/secubox/secubox-dpi-dual/files/usr/sbin/dpi-lan-collector b/package/secubox/secubox-dpi-dual/files/usr/sbin/dpi-lan-collector
index d767b987..a84775a2 100644
--- a/package/secubox/secubox-dpi-dual/files/usr/sbin/dpi-lan-collector
+++ b/package/secubox/secubox-dpi-dual/files/usr/sbin/dpi-lan-collector
@@ -57,21 +57,39 @@ collect_iface_stats() {
 collect_lan_clients() {
     local timestamp=$(date -Iseconds)
     local now=$(date +%s)
+    local flow_counts_file="/tmp/dpi_flow_counts_$$"
 
-    # Use awk to parse ARP table and generate JSON
-    awk -v lan_if="$LAN_IF" -v ts="$timestamp" -v now="$now" '
+    # Pre-compute flow counts per source IP in a single pass (avoids broken pipes from spawning grep per client)
+    awk '{
+        for (i = 1; i <= NF; i++) {
+            if ($i ~ /^src=/) {
+                split($i, a, "=")
+                ips[a[2]]++
+                break
+            }
+        }
+    }
+    END {
+        for (ip in ips) print ip, ips[ip]
+    }' /proc/net/nf_conntrack 2>/dev/null > "$flow_counts_file"
+
+    # Parse ARP table and look up pre-computed flow counts
+    awk -v lan_if="$LAN_IF" -v ts="$timestamp" -v now="$now" -v counts_file="$flow_counts_file" '
     BEGIN {
+        # Load flow counts into associative array
+        while ((getline line < counts_file) > 0) {
+            split(line, parts)
+            flow_counts[parts[1]] = parts[2]
+        }
+        close(counts_file)
+
         printf "{\"timestamp\":\"%s\",\"clients\":[", ts
         first = 1
     }
     NR > 1 && $6 == lan_if && $4 != "00:00:00:00:00:00" {
         ip = $1
         mac = $4
-        # Count flows from conntrack
-        cmd = "grep -c \"src=" ip "\" /proc/net/nf_conntrack 2>/dev/null || echo 0"
-        cmd | getline flows
-        close(cmd)
-        flows = flows + 0
+        flows = (ip in flow_counts) ? flow_counts[ip] : 0
 
         if (first == 0) printf ","
         printf "{\"ip\":\"%s\",\"mac\":\"%s\",\"flows\":%d,\"last_seen\":%d}", ip, mac, flows, now
@@ -82,6 +100,7 @@ collect_lan_clients() {
     }
     ' /proc/net/arp > "$CLIENTS_FILE.tmp"
 
+    rm -f "$flow_counts_file"
     mv "$CLIENTS_FILE.tmp" "$CLIENTS_FILE"
 }