cherry-pick: 4276 upd quic port

Merge in DNS/adguard-home from 4276-doq-port to master

Closes #4276.

Squashed commit of the following:

commit cbdde622b54d0d5d11d1b4809f95a41ace990a1b
Merge: d32c13e9 2c33ab6a
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Wed Mar 23 15:47:43 2022 +0300

    Merge branch 'master' into 4276-doq-port

commit d32c13e98f0fed2c863160e4e2de02ae3038e3df
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Mon Mar 21 21:55:09 2022 +0300

    all: fix link

commit 0afd702f5192d727927df2f8d95b9317811a1be0
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Mon Mar 21 21:47:38 2022 +0300

    all: imp docs, log changes

commit 9a77fc3daf78d32c577f1bc49aa1f8bc352d44e3
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Mon Mar 21 21:41:30 2022 +0300

    home: upd quic port

CHANGELOG.md

@@ -23,6 +23,14 @@ and this project adheres to
 
 ### Changed
 
+- The default DNS-over-QUIC port number is now `853` instead of `754` in
+  accoradance with the latest [RFC draft][doq-draft-10] ([#4276]).
+- Reverse DNS now has a greater priority as the source of runtime clients'
+  informmation than ARP neighborhood.
+- Improved detection of runtime clients through more resilient ARP processing
+  ([#3597]).
+- The TTL of responses served from the optimistic cache is now lowered to 10
+  seconds.
 - Domain-specific private reverse DNS upstream servers are now validated to
   allow only `*.in-addr.arpa` and `*.ip6.arpa` domains pointing to
   locally-served networks ([#3381]).  **Note:**  If you already have invalid
@@ -85,8 +93,10 @@ In this release, the schema version has changed from 12 to 13.
 [#4213]: https://github.com/AdguardTeam/AdGuardHome/issues/4213
 [#4221]: https://github.com/AdguardTeam/AdGuardHome/issues/4221
 [#4238]: https://github.com/AdguardTeam/AdGuardHome/issues/4238
+[#4276]: https://github.com/AdguardTeam/AdGuardHome/issues/4276
 
-[repr]: https://reproducible-builds.org/docs/source-date-epoch/
+[repr]:         https://reproducible-builds.org/docs/source-date-epoch/
+[doq-draft-10]: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-10#section-10.2
 
 
 
@@ -229,7 +239,7 @@ See also the [v0.107.0 GitHub milestone][ms-v0.107.0].
 - New possible value of `6h` for `querylog_interval` setting ([#2504]).
 - Blocking access using ClientIDs ([#2624], [#3162]).
 - `source` directives support in `/etc/network/interfaces` on Linux ([#3257]).
-- RFC 9000 support in DNS-over-QUIC.
+- [RFC 9000][rfc-9000] support in QUIC.
 - Completely disabling statistics by setting the statistics interval to zero
   ([#2141]).
 - The ability to completely purge DHCP leases ([#1691]).
@@ -454,6 +464,7 @@ In this release, the schema version has changed from 10 to 12.
 [#3933]: https://github.com/AdguardTeam/AdGuardHome/pull/3933
 
 [ms-v0.107.0]: https://github.com/AdguardTeam/AdGuardHome/milestone/23?closed=1
+[rfc-9000]:    https://datatracker.ietf.org/doc/html/rfc9000
 
 
 

internal/home/config.go

@@ -291,18 +291,20 @@ func parseConfig() (err error) {
 	uc := aghalg.UniqChecker{}
 	addPorts(
 		uc,
-		config.BindPort,
+		tcpPort(config.BindPort),
-		config.BetaBindPort,
+		tcpPort(config.BetaBindPort),
-		config.DNS.Port,
+		udpPort(config.DNS.Port),
 	)
 
 	if config.TLS.Enabled {
 		addPorts(
 			uc,
-			config.TLS.PortHTTPS,
+			// TODO(e.burkov):  Consider adding a udpPort with the same value if
-			config.TLS.PortDNSOverTLS,
+			// we ever support the HTTP/3 for web admin interface.
-			config.TLS.PortDNSOverQUIC,
+			tcpPort(config.TLS.PortHTTPS),
-			config.TLS.PortDNSCrypt,
+			tcpPort(config.TLS.PortDNSOverTLS),
+			udpPort(config.TLS.PortDNSOverQUIC),
+			tcpPort(config.TLS.PortDNSCrypt),
 		)
 	}
 	if err = uc.Validate(aghalg.IntIsBefore); err != nil {
@@ -320,11 +322,23 @@ func parseConfig() (err error) {
 	return nil
 }
 
-// addPorts is a helper for ports validation.  It skips zero ports.
+// udpPort is the port number for UDP protocol.
-func addPorts(uc aghalg.UniqChecker, ports ...int) {
+type udpPort int
+
+// tcpPort is the port number for TCP protocol.
+type tcpPort int
+
+// addPorts is a helper for ports validation.  It skips zero ports.  Each of
+// ports should be either a udpPort or a tcpPort.
+func addPorts(uc aghalg.UniqChecker, ports ...interface{}) {
 	for _, p := range ports {
-		if p != 0 {
+		switch p := p.(type) {
-			uc.Add(p)
+		case tcpPort, udpPort:
+			if p != 0 {
+				uc.Add(p)
+			}
+		default:
+			// Go on.
 		}
 	}
 }

internal/home/controlinstall.go

@@ -108,7 +108,7 @@ func (req *checkConfReq) validateWeb(uc aghalg.UniqChecker) (err error) {
 	defer func() { err = errors.Annotate(err, "validating ports: %w") }()
 
 	port := req.Web.Port
-	addPorts(uc, config.BetaBindPort, port)
+	addPorts(uc, tcpPort(config.BetaBindPort), tcpPort(port))
 	if err = uc.Validate(aghalg.IntIsBefore); err != nil {
 		// Avoid duplicating the error into the status of DNS.
 		uc[port] = 1
@@ -134,7 +134,7 @@ func (req *checkConfReq) validateDNS(uc aghalg.UniqChecker) (canAutofix bool, er
 	defer func() { err = errors.Annotate(err, "validating ports: %w") }()
 
 	port := req.DNS.Port
-	addPorts(uc, port)
+	addPorts(uc, udpPort(port))
 	if err = uc.Validate(aghalg.IntIsBefore); err != nil {
 		return false, err
 	}

internal/home/home.go

@@ -299,17 +299,17 @@ func setupConfig(args options) (err error) {
 		uc := aghalg.UniqChecker{}
 		addPorts(
 			uc,
-			args.bindPort,
+			tcpPort(args.bindPort),
-			config.BetaBindPort,
+			tcpPort(config.BetaBindPort),
-			config.DNS.Port,
+			udpPort(config.DNS.Port),
 		)
 		if config.TLS.Enabled {
 			addPorts(
 				uc,
-				config.TLS.PortHTTPS,
+				tcpPort(config.TLS.PortHTTPS),
-				config.TLS.PortDNSOverTLS,
+				tcpPort(config.TLS.PortDNSOverTLS),
-				config.TLS.PortDNSOverQUIC,
+				udpPort(config.TLS.PortDNSOverQUIC),
-				config.TLS.PortDNSCrypt,
+				tcpPort(config.TLS.PortDNSCrypt),
 			)
 		}
 		if err = uc.Validate(aghalg.IntIsBefore); err != nil {

internal/home/tls.go

@@ -254,13 +254,13 @@ func (t *TLSMod) handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 		uc := aghalg.UniqChecker{}
 		addPorts(
 			uc,
-			config.BindPort,
+			tcpPort(config.BindPort),
-			config.BetaBindPort,
+			tcpPort(config.BetaBindPort),
-			config.DNS.Port,
+			udpPort(config.DNS.Port),
-			setts.PortHTTPS,
+			tcpPort(setts.PortHTTPS),
-			setts.PortDNSOverTLS,
+			tcpPort(setts.PortDNSOverTLS),
-			setts.PortDNSOverQUIC,
+			udpPort(setts.PortDNSOverQUIC),
-			setts.PortDNSCrypt,
+			tcpPort(setts.PortDNSCrypt),
 		)
 
 		err = uc.Validate(aghalg.IntIsBefore)
@@ -347,13 +347,13 @@ func (t *TLSMod) handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 		uc := aghalg.UniqChecker{}
 		addPorts(
 			uc,
-			config.BindPort,
+			tcpPort(config.BindPort),
-			config.BetaBindPort,
+			tcpPort(config.BetaBindPort),
-			config.DNS.Port,
+			udpPort(config.DNS.Port),
-			data.PortHTTPS,
+			tcpPort(data.PortHTTPS),
-			data.PortDNSOverTLS,
+			tcpPort(data.PortDNSOverTLS),
-			data.PortDNSOverQUIC,
+			udpPort(data.PortDNSOverQUIC),
-			data.PortDNSCrypt,
+			tcpPort(data.PortDNSCrypt),
 		)
 
 		err = uc.Validate(aghalg.IntIsBefore)