Pull request 2353: AGDNS-2688-check-host

Merge in DNS/adguard-home from AGDNS-2688-check-host to master

Squashed commit of the following:

commit bd9ed498b0e36fa044e6921fa946062ac40fe616
Merge: 8dffd94a3 c41af2763
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Fri Mar 14 13:42:34 2025 +0300

    Merge branch 'master' into AGDNS-2688-check-host

commit 8dffd94a3bc700cf014cbb16aee9c6339bdc7ffa
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Wed Mar 12 17:12:56 2025 +0300

    filtering: imp code

commit d9a01c8fa60c70e3fd19c40c1a58aec00ae64a6a
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Mar 11 20:33:18 2025 +0300

    all: imp code

commit f1aca5f2eb71a1d8bb155a309c618e7a80f8fde5
Author: Ildar Kamalov <ik@adguard.com>
Date:   Tue Mar 11 16:05:32 2025 +0300

    ADG-9783 update check form

commit a8ebb0401dbaa08fdd04171b1ac66b87d0228c7b
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Mon Mar 10 16:41:55 2025 +0300

    dnsforward: imp docs

commit 36f5db9075cc525c13905e0318dfbc4089355523
Merge: 9a746ee9a 66fba942c
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Mon Mar 10 16:09:22 2025 +0300

    Merge branch 'master' into AGDNS-2688-check-host

commit 9a746ee9a05895676a60980eb4bd1381fe8d8e4b
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Mon Mar 10 16:06:48 2025 +0300

    all: imp docs

commit 0a25e1e8f3536053e30049497bb42a58c6a153d6
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Thu Mar 6 21:48:44 2025 +0300

    all: imp code

commit ec618bc484190dde52a0dc57d144bade8dfc22e2
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Thu Mar 6 17:38:35 2025 +0300

    all: imp code

commit 979c5cfd4c34e2aac46ea11b7fcba8d2929966b8
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Wed Mar 5 21:22:54 2025 +0300

    all: add tests

commit ce0d6117ad7f341edcc018a68acedaa0b718bef1
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Mar 4 15:13:06 2025 +0300

    all: check host

internal/dnsforward/config.go

@@ -16,7 +16,6 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtls"
 	"github.com/AdguardTeam/AdGuardHome/internal/client"
-	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/AdguardTeam/golibs/container"
@@ -34,9 +33,6 @@ import (
 type Config struct {
 	// Callbacks for other modules
 
-	// FilterHandler is an optional additional filtering callback.
-	FilterHandler func(cliAddr netip.Addr, clientID string, settings *filtering.Settings) `yaml:"-"`
-
 	// ClientsContainer stores the information about special handling of some
 	// DNS clients.
 	ClientsContainer ClientsContainer `yaml:"-"`

internal/dnsforward/dnsforward_internal_test.go

@@ -27,6 +27,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering/hashprefix"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering/safesearch"
+	"github.com/AdguardTeam/AdGuardHome/internal/schedule"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/AdguardTeam/golibs/logutil/slogutil"
@@ -106,6 +107,21 @@ func startDeferStop(t *testing.T, s *Server) {
 	testutil.CleanupAndRequireSuccess(t, s.Stop)
 }
 
+// applyEmptyClientFiltering is a helper function for tests with
+// [filtering.Config] that does nothing.
+func applyEmptyClientFiltering(_ string, _ netip.Addr, _ *filtering.Settings) {}
+
+// emptyFilteringBlockedServices is a helper function that returns an empty
+// filtering blocked services for tests.
+func emptyFilteringBlockedServices() (bsvc *filtering.BlockedServices) {
+	return &filtering.BlockedServices{
+		Schedule: schedule.EmptyWeekly(),
+	}
+}
+
+// createTestServer is a helper function that returns a properly initialized
+// *Server for use in tests, given the provided parameters.  It also populates
+// the filtering configuration with default parameters.
 func createTestServer(
 	t *testing.T,
 	filterConf *filtering.Config,
@@ -123,6 +139,12 @@ func createTestServer(
 		Data: []byte(rules),
 	}}
 
+	filterConf.BlockedServices = cmp.Or(filterConf.BlockedServices, emptyFilteringBlockedServices())
+
+	if filterConf.ApplyClientFiltering == nil {
+		filterConf.ApplyClientFiltering = applyEmptyClientFiltering
+	}
+
 	f, err := filtering.New(filterConf, filters)
 	require.NoError(t, err)
 
@@ -926,9 +948,6 @@ func TestClientRulesForCNAMEMatching(t *testing.T) {
 		UDPListenAddrs: []*net.UDPAddr{{}},
 		TCPListenAddrs: []*net.TCPAddr{{}},
 		Config: Config{
-			FilterHandler: func(_ netip.Addr, _ string, settings *filtering.Settings) {
-				settings.FilteringEnabled = false
-			},
 			UpstreamMode: UpstreamModeLoadBalance,
 			EDNSClientSubnet: &EDNSClientSubnet{
 				Enabled: false,
@@ -1020,10 +1039,12 @@ func TestBlockedCustomIP(t *testing.T) {
 	}}
 
 	f, err := filtering.New(&filtering.Config{
-		ProtectionEnabled: true,
-		BlockingMode:      filtering.BlockingModeCustomIP,
-		BlockingIPv4:      netip.Addr{},
-		BlockingIPv6:      netip.Addr{},
+		ProtectionEnabled:    true,
+		ApplyClientFiltering: applyEmptyClientFiltering,
+		BlockedServices:      emptyFilteringBlockedServices(),
+		BlockingMode:         filtering.BlockingModeCustomIP,
+		BlockingIPv4:         netip.Addr{},
+		BlockingIPv6:         netip.Addr{},
 	}, filters)
 	require.NoError(t, err)
 
@@ -1176,7 +1197,9 @@ func TestBlockedBySafeBrowsing(t *testing.T) {
 
 func TestRewrite(t *testing.T) {
 	c := &filtering.Config{
-		BlockingMode: filtering.BlockingModeDefault,
+		ApplyClientFiltering: applyEmptyClientFiltering,
+		BlockedServices:      emptyFilteringBlockedServices(),
+		BlockingMode:         filtering.BlockingModeDefault,
 		Rewrites: []*filtering.LegacyRewrite{{
 			Domain: "test.com",
 			Answer: "1.2.3.4",
@@ -1322,7 +1345,9 @@ func TestPTRResponseFromDHCPLeases(t *testing.T) {
 	const localDomain = "lan"
 
 	flt, err := filtering.New(&filtering.Config{
-		BlockingMode: filtering.BlockingModeDefault,
+		ApplyClientFiltering: applyEmptyClientFiltering,
+		BlockedServices:      emptyFilteringBlockedServices(),
+		BlockingMode:         filtering.BlockingModeDefault,
 	}, nil)
 	require.NoError(t, err)
 
@@ -1411,8 +1436,10 @@ func TestPTRResponseFromHosts(t *testing.T) {
 	})
 
 	flt, err := filtering.New(&filtering.Config{
-		BlockingMode: filtering.BlockingModeDefault,
-		EtcHosts:     hc,
+		ApplyClientFiltering: applyEmptyClientFiltering,
+		BlockedServices:      emptyFilteringBlockedServices(),
+		BlockingMode:         filtering.BlockingModeDefault,
+		EtcHosts:             hc,
 	}, nil)
 	require.NoError(t, err)
 

internal/dnsforward/filter.go

@@ -17,9 +17,7 @@ import (
 func (s *Server) clientRequestFilteringSettings(dctx *dnsContext) (setts *filtering.Settings) {
 	setts = s.dnsFilter.Settings()
 	setts.ProtectionEnabled = dctx.protectionEnabled
-	if s.conf.FilterHandler != nil {
-		s.conf.FilterHandler(dctx.proxyCtx.Addr.Addr(), dctx.clientID, setts)
-	}
+	s.dnsFilter.ApplyAdditionalFiltering(dctx.proxyCtx.Addr.Addr(), dctx.clientID, setts)
 
 	return setts
 }

internal/dnsforward/filter_internal_test.go

@@ -45,8 +45,10 @@ func TestHandleDNSRequest_handleDNSRequest(t *testing.T) {
 	}}
 
 	f, err := filtering.New(&filtering.Config{
-		ProtectionEnabled: true,
-		BlockingMode:      filtering.BlockingModeDefault,
+		ProtectionEnabled:    true,
+		ApplyClientFiltering: applyEmptyClientFiltering,
+		BlockedServices:      emptyFilteringBlockedServices(),
+		BlockingMode:         filtering.BlockingModeDefault,
 	}, filters)
 	require.NoError(t, err)
 	f.SetEnabled(true)