Pull request: all: allow clientid in access settings

Updates #2624. Updates #3162. Squashed commit of the following: commit 68860da717a23a0bfeba14b7fe10b5e4ad38726d Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jun 29 15:41:33 2021 +0300 all: imp types, names commit ebd4ec26636853d0d58c4e331e6a78feede20813 Merge: 239eb721 16e5e09c Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jun 29 15:14:33 2021 +0300 Merge branch 'master' into 2624-clientid-access commit 239eb7215abc47e99a0300a0f4cf56002689b1a9 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jun 29 15:13:10 2021 +0300 all: fix client blocking check commit e6bece3ea8367b3cbe3d90702a3368c870ad4f13 Merge: 9935f2a3 9d1656b5 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jun 29 13:12:28 2021 +0300 Merge branch 'master' into 2624-clientid-access commit 9935f2a30bcfae2b853f3ef610c0ab7a56a8f448 Author: Ildar Kamalov <ik@adguard.com> Date: Tue Jun 29 11:26:51 2021 +0300 client: show block button for client id commit ed786a6a74a081cd89e9d67df3537a4fadd54831 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Jun 25 15:56:23 2021 +0300 client: imp i18n commit 4fed21c68473ad408960c08a7d87624cabce1911 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Jun 25 15:34:09 2021 +0300 all: imp i18n, docs commit 55e65c0d6b939560c53dcb834a4557eb3853d194 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Jun 25 13:34:01 2021 +0300 all: fix cache, imp code, docs, tests commit c1e5a83e76deb44b1f92729bb9ddfcc6a96ac4a8 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Jun 24 19:27:12 2021 +0300 all: allow clientid in access settings
2021-06-29 15:53:28 +03:00
parent 16e5e09c2e
commit e08a64ebe4
33 changed files with 955 additions and 604 deletions
--- a/internal/home/clients.go
+++ b/internal/home/clients.go
@@ -78,10 +78,13 @@ type RuntimeClientWHOISInfo struct {
 type clientsContainer struct {
 	// TODO(a.garipov): Perhaps use a number of separate indices for
 	// different types (string, net.IP, and so on).
-	list    map[string]*Client        // name -> client
-	idIndex map[string]*Client        // ID -> client
-	ipToRC  map[string]*RuntimeClient // IP -> runtime client
-	lock    sync.Mutex
+	list    map[string]*Client // name -> client
+	idIndex map[string]*Client // ID -> client
+
+	// ipToRC is the IP address to *RuntimeClient map.
+	ipToRC *aghnet.IPMap
+
+	lock sync.Mutex

 	allTags *aghstrings.Set

@@ -109,7 +112,7 @@ func (clients *clientsContainer) Init(
 	}
 	clients.list = make(map[string]*Client)
 	clients.idIndex = make(map[string]*Client)
-	clients.ipToRC = make(map[string]*RuntimeClient)
+	clients.ipToRC = aghnet.NewIPMap(0)

 	clients.allTags = aghstrings.NewSet(clientTags...)

@@ -250,18 +253,17 @@ func (clients *clientsContainer) onHostsChanged() {
 	clients.addFromHostsFile()
 }

-// Exists checks if client with this ID already exists.
-func (clients *clientsContainer) Exists(id string, source clientSource) (ok bool) {
+// Exists checks if client with this IP address already exists.
+func (clients *clientsContainer) Exists(ip net.IP, source clientSource) (ok bool) {
 	clients.lock.Lock()
 	defer clients.lock.Unlock()

-	_, ok = clients.findLocked(id)
+	_, ok = clients.findLocked(ip.String())
 	if ok {
 		return true
 	}

-	var rc *RuntimeClient
-	rc, ok = clients.ipToRC[id]
+	rc, ok := clients.findRuntimeClientLocked(ip)
 	if !ok {
 		return false
 	}
@@ -288,13 +290,14 @@ func (clients *clientsContainer) findMultiple(ids []string) (c *querylog.Client,
 	for _, id := range ids {
 		var name string
 		whois := &querylog.ClientWHOIS{}
+		ip := net.ParseIP(id)

 		c, ok := clients.Find(id)
 		if ok {
 			name = c.Name
-		} else {
-			var rc RuntimeClient
-			rc, ok = clients.FindRuntimeClient(id)
+		} else if ip != nil {
+			var rc *RuntimeClient
+			rc, ok = clients.FindRuntimeClient(ip)
 			if !ok {
 				continue
 			}
@@ -303,8 +306,7 @@ func (clients *clientsContainer) findMultiple(ids []string) (c *querylog.Client,
 			whois = toQueryLogWHOIS(rc.WHOISInfo)
 		}

-		ip := net.ParseIP(id)
-		disallowed, disallowedRule := clients.dnsServer.IsBlockedIP(ip)
+		disallowed, disallowedRule := clients.dnsServer.IsBlockedClient(ip, id)

 		return &querylog.Client{
 			Name:           name,
@@ -356,10 +358,10 @@ func (clients *clientsContainer) findUpstreams(
 		return c.upstreamConfig, nil
 	}

-	var conf proxy.UpstreamConfig
+	var conf *proxy.UpstreamConfig
 	conf, err = proxy.ParseUpstreamsConfig(
 		upstreams,
-		upstream.Options{
+		&upstream.Options{
 			Bootstrap: config.DNS.BootstrapDNS,
 			Timeout:   config.DNS.UpstreamTimeout.Duration,
 		},
@@ -368,9 +370,9 @@ func (clients *clientsContainer) findUpstreams(
 		return nil, err
 	}

-	c.upstreamConfig = &conf
+	c.upstreamConfig = conf

-	return &conf, nil
+	return conf, nil
 }

 // findLocked searches for a client by its ID.  For internal use only.
@@ -423,22 +425,35 @@ func (clients *clientsContainer) findLocked(id string) (c *Client, ok bool) {
 	return nil, false
 }

+// findRuntimeClientLocked finds a runtime client by their IP address.  For
+// internal use only.
+func (clients *clientsContainer) findRuntimeClientLocked(ip net.IP) (rc *RuntimeClient, ok bool) {
+	var v interface{}
+	v, ok = clients.ipToRC.Get(ip)
+	if !ok {
+		return nil, false
+	}
+
+	rc, ok = v.(*RuntimeClient)
+	if !ok {
+		log.Error("clients: bad type %T in ipToRC for %s", v, ip)
+
+		return nil, false
+	}
+
+	return rc, true
+}
+
 // FindRuntimeClient finds a runtime client by their IP.
-func (clients *clientsContainer) FindRuntimeClient(ip string) (RuntimeClient, bool) {
-	ipAddr := net.ParseIP(ip)
-	if ipAddr == nil {
-		return RuntimeClient{}, false
+func (clients *clientsContainer) FindRuntimeClient(ip net.IP) (rc *RuntimeClient, ok bool) {
+	if ip == nil {
+		return nil, false
 	}

 	clients.lock.Lock()
 	defer clients.lock.Unlock()

-	rc, ok := clients.ipToRC[ip]
-	if ok {
-		return *rc, true
-	}
-
-	return RuntimeClient{}, false
+	return clients.findRuntimeClientLocked(ip)
 }

 // check validates the client.
@@ -621,17 +636,17 @@ func (clients *clientsContainer) Update(name string, c *Client) (err error) {
 }

 // SetWHOISInfo sets the WHOIS information for a client.
-func (clients *clientsContainer) SetWHOISInfo(ip string, wi *RuntimeClientWHOISInfo) {
+func (clients *clientsContainer) SetWHOISInfo(ip net.IP, wi *RuntimeClientWHOISInfo) {
 	clients.lock.Lock()
 	defer clients.lock.Unlock()

-	_, ok := clients.findLocked(ip)
+	_, ok := clients.findLocked(ip.String())
 	if ok {
 		log.Debug("clients: client for %s is already created, ignore whois info", ip)
 		return
 	}

-	rc, ok := clients.ipToRC[ip]
+	rc, ok := clients.findRuntimeClientLocked(ip)
 	if ok {
 		rc.WHOISInfo = wi
 		log.Debug("clients: set whois info for runtime client %s: %+v", rc.Host, wi)
@@ -646,14 +661,15 @@ func (clients *clientsContainer) SetWHOISInfo(ip string, wi *RuntimeClientWHOISI
 	}

 	rc.WHOISInfo = wi
-	clients.ipToRC[ip] = rc
+
+	clients.ipToRC.Set(ip, rc)

 	log.Debug("clients: set whois info for runtime client with ip %s: %+v", ip, wi)
 }

 // AddHost adds a new IP-hostname pairing.  The priorities of the sources is
 // taken into account.  ok is true if the pairing was added.
-func (clients *clientsContainer) AddHost(ip, host string, src clientSource) (ok bool, err error) {
+func (clients *clientsContainer) AddHost(ip net.IP, host string, src clientSource) (ok bool, err error) {
 	clients.lock.Lock()
 	defer clients.lock.Unlock()

@@ -663,9 +679,9 @@ func (clients *clientsContainer) AddHost(ip, host string, src clientSource) (ok
 }

 // addHostLocked adds a new IP-hostname pairing.  For internal use only.
-func (clients *clientsContainer) addHostLocked(ip, host string, src clientSource) (ok bool) {
+func (clients *clientsContainer) addHostLocked(ip net.IP, host string, src clientSource) (ok bool) {
 	var rc *RuntimeClient
-	rc, ok = clients.ipToRC[ip]
+	rc, ok = clients.findRuntimeClientLocked(ip)
 	if ok {
 		if rc.Source > src {
 			return false
@@ -679,10 +695,10 @@ func (clients *clientsContainer) addHostLocked(ip, host string, src clientSource
 			WHOISInfo: &RuntimeClientWHOISInfo{},
 		}

-		clients.ipToRC[ip] = rc
+		clients.ipToRC.Set(ip, rc)
 	}

-	log.Debug("clients: added %q -> %q [%d]", ip, host, len(clients.ipToRC))
+	log.Debug("clients: added %s -> %q [%d]", ip, host, clients.ipToRC.Len())

 	return true
 }
@@ -690,12 +706,21 @@ func (clients *clientsContainer) addHostLocked(ip, host string, src clientSource
 // rmHostsBySrc removes all entries that match the specified source.
 func (clients *clientsContainer) rmHostsBySrc(src clientSource) {
 	n := 0
-	for k, v := range clients.ipToRC {
-		if v.Source == src {
-			delete(clients.ipToRC, k)
+	clients.ipToRC.Range(func(ip net.IP, v interface{}) (cont bool) {
+		rc, ok := v.(*RuntimeClient)
+		if !ok {
+			log.Error("clients: bad type %T in ipToRC for %s", v, ip)
+
+			return true
+		}
+
+		if rc.Source == src {
+			clients.ipToRC.Del(ip)
 			n++
 		}
-	}
+
+		return true
+	})

 	log.Debug("clients: removed %d client aliases", n)
 }
@@ -715,16 +740,23 @@ func (clients *clientsContainer) addFromHostsFile() {
 	clients.rmHostsBySrc(ClientSourceHostsFile)

 	n := 0
-	for ip, names := range hosts {
+	hosts.Range(func(ip net.IP, v interface{}) (cont bool) {
+		names, ok := v.([]string)
+		if !ok {
+			log.Error("dns: bad type %T in ipToRC for %s", v, ip)
+		}
+
 		for _, name := range names {
-			ok := clients.addHostLocked(ip, name, ClientSourceHostsFile)
+			ok = clients.addHostLocked(ip, name, ClientSourceHostsFile)
 			if ok {
 				n++
 			}
 		}
-	}

-	log.Debug("Clients: added %d client aliases from system hosts-file", n)
+		return true
+	})
+
+	log.Debug("clients: added %d client aliases from system hosts-file", n)
 }

 // addFromSystemARP adds the IP-hostname pairings from the output of the arp -a
@@ -752,15 +784,16 @@ func (clients *clientsContainer) addFromSystemARP() {
 	// TODO(a.garipov): Rewrite to use bufio.Scanner.
 	lines := strings.Split(string(data), "\n")
 	for _, ln := range lines {
-		open := strings.Index(ln, " (")
-		close := strings.Index(ln, ") ")
-		if open == -1 || close == -1 || open >= close {
+		lparen := strings.Index(ln, " (")
+		rparen := strings.Index(ln, ") ")
+		if lparen == -1 || rparen == -1 || lparen >= rparen {
 			continue
 		}

-		host := ln[:open]
-		ip := ln[open+2 : close]
-		if aghnet.ValidateDomainName(host) != nil || net.ParseIP(ip) == nil {
+		host := ln[:lparen]
+		ipStr := ln[lparen+2 : rparen]
+		ip := net.ParseIP(ipStr)
+		if aghnet.ValidateDomainName(host) != nil || ip == nil {
 			continue
 		}

@@ -796,7 +829,7 @@ func (clients *clientsContainer) updateFromDHCP(add bool) {
 			continue
 		}

-		ok := clients.addHostLocked(l.IP.String(), l.Hostname, ClientSourceDHCP)
+		ok := clients.addHostLocked(l.IP, l.Hostname, ClientSourceDHCP)
 		if ok {
 			n++
 		}
--- a/internal/home/clients_test.go
+++ b/internal/home/clients_test.go
@@ -26,6 +26,7 @@ func TestClients(t *testing.T) {

 		ok, err := clients.Add(c)
 		require.NoError(t, err)
+
 		assert.True(t, ok)

 		c = &Client{
@@ -35,23 +36,27 @@ func TestClients(t *testing.T) {

 		ok, err = clients.Add(c)
 		require.NoError(t, err)
+
 		assert.True(t, ok)

 		c, ok = clients.Find("1.1.1.1")
 		require.True(t, ok)
+
 		assert.Equal(t, "client1", c.Name)

 		c, ok = clients.Find("1:2:3::4")
 		require.True(t, ok)
+
 		assert.Equal(t, "client1", c.Name)

 		c, ok = clients.Find("2.2.2.2")
 		require.True(t, ok)
+
 		assert.Equal(t, "client2", c.Name)

-		assert.False(t, clients.Exists("1.2.3.4", ClientSourceHostsFile))
-		assert.True(t, clients.Exists("1.1.1.1", ClientSourceHostsFile))
-		assert.True(t, clients.Exists("2.2.2.2", ClientSourceHostsFile))
+		assert.False(t, clients.Exists(net.IP{1, 2, 3, 4}, ClientSourceHostsFile))
+		assert.True(t, clients.Exists(net.IP{1, 1, 1, 1}, ClientSourceHostsFile))
+		assert.True(t, clients.Exists(net.IP{2, 2, 2, 2}, ClientSourceHostsFile))
 	})

 	t.Run("add_fail_name", func(t *testing.T) {
@@ -101,8 +106,8 @@ func TestClients(t *testing.T) {
 		})
 		require.NoError(t, err)

-		assert.False(t, clients.Exists("1.1.1.1", ClientSourceHostsFile))
-		assert.True(t, clients.Exists("1.1.1.2", ClientSourceHostsFile))
+		assert.False(t, clients.Exists(net.IP{1, 1, 1, 1}, ClientSourceHostsFile))
+		assert.True(t, clients.Exists(net.IP{1, 1, 1, 2}, ClientSourceHostsFile))

 		err = clients.Update("client1", &Client{
 			IDs:            []string{"1.1.1.2"},
@@ -113,21 +118,25 @@ func TestClients(t *testing.T) {

 		c, ok := clients.Find("1.1.1.2")
 		require.True(t, ok)
+
 		assert.Equal(t, "client1-renamed", c.Name)
 		assert.True(t, c.UseOwnSettings)

 		nilCli, ok := clients.list["client1"]
 		require.False(t, ok)
+
 		assert.Nil(t, nilCli)

 		require.Len(t, c.IDs, 1)
+
 		assert.Equal(t, "1.1.1.2", c.IDs[0])
 	})

 	t.Run("del_success", func(t *testing.T) {
 		ok := clients.Del("client1-renamed")
 		require.True(t, ok)
-		assert.False(t, clients.Exists("1.1.1.2", ClientSourceHostsFile))
+
+		assert.False(t, clients.Exists(net.IP{1, 1, 1, 2}, ClientSourceHostsFile))
 	})

 	t.Run("del_fail", func(t *testing.T) {
@@ -136,37 +145,44 @@ func TestClients(t *testing.T) {
 	})

 	t.Run("addhost_success", func(t *testing.T) {
-		ok, err := clients.AddHost("1.1.1.1", "host", ClientSourceARP)
+		ip := net.IP{1, 1, 1, 1}
+
+		ok, err := clients.AddHost(ip, "host", ClientSourceARP)
 		require.NoError(t, err)
+
 		assert.True(t, ok)

-		ok, err = clients.AddHost("1.1.1.1", "host2", ClientSourceARP)
+		ok, err = clients.AddHost(ip, "host2", ClientSourceARP)
 		require.NoError(t, err)
+
 		assert.True(t, ok)

-		ok, err = clients.AddHost("1.1.1.1", "host3", ClientSourceHostsFile)
+		ok, err = clients.AddHost(ip, "host3", ClientSourceHostsFile)
 		require.NoError(t, err)
+
 		assert.True(t, ok)

-		assert.True(t, clients.Exists("1.1.1.1", ClientSourceHostsFile))
+		assert.True(t, clients.Exists(ip, ClientSourceHostsFile))
 	})

 	t.Run("dhcp_replaces_arp", func(t *testing.T) {
-		ok, err := clients.AddHost("1.2.3.4", "from_arp", ClientSourceARP)
+		ip := net.IP{1, 2, 3, 4}
+
+		ok, err := clients.AddHost(ip, "from_arp", ClientSourceARP)
 		require.NoError(t, err)
+
 		assert.True(t, ok)
+		assert.True(t, clients.Exists(ip, ClientSourceARP))

-		assert.True(t, clients.Exists("1.2.3.4", ClientSourceARP))
-
-		ok, err = clients.AddHost("1.2.3.4", "from_dhcp", ClientSourceDHCP)
+		ok, err = clients.AddHost(ip, "from_dhcp", ClientSourceDHCP)
 		require.NoError(t, err)
-		assert.True(t, ok)

-		assert.True(t, clients.Exists("1.2.3.4", ClientSourceDHCP))
+		assert.True(t, ok)
+		assert.True(t, clients.Exists(ip, ClientSourceDHCP))
 	})

 	t.Run("addhost_fail", func(t *testing.T) {
-		ok, err := clients.AddHost("1.1.1.1", "host1", ClientSourceRDNS)
+		ok, err := clients.AddHost(net.IP{1, 1, 1, 1}, "host1", ClientSourceRDNS)
 		require.NoError(t, err)
 		assert.False(t, ok)
 	})
@@ -183,31 +199,39 @@ func TestClientsWHOIS(t *testing.T) {
 	}

 	t.Run("new_client", func(t *testing.T) {
-		clients.SetWHOISInfo("1.1.1.255", whois)
+		ip := net.IP{1, 1, 1, 255}
+		clients.SetWHOISInfo(ip, whois)
+		v, _ := clients.ipToRC.Get(ip)
+		require.NotNil(t, v)

-		require.NotNil(t, clients.ipToRC["1.1.1.255"])
+		rc, ok := v.(*RuntimeClient)
+		require.True(t, ok)
+		require.NotNil(t, rc)

-		h := clients.ipToRC["1.1.1.255"]
-		require.NotNil(t, h)
-
-		assert.Equal(t, h.WHOISInfo, whois)
+		assert.Equal(t, rc.WHOISInfo, whois)
 	})

 	t.Run("existing_auto-client", func(t *testing.T) {
-		ok, err := clients.AddHost("1.1.1.1", "host", ClientSourceRDNS)
+		ip := net.IP{1, 1, 1, 1}
+		ok, err := clients.AddHost(ip, "host", ClientSourceRDNS)
 		require.NoError(t, err)
+
 		assert.True(t, ok)

-		clients.SetWHOISInfo("1.1.1.1", whois)
+		clients.SetWHOISInfo(ip, whois)
+		v, _ := clients.ipToRC.Get(ip)
+		require.NotNil(t, v)

-		require.NotNil(t, clients.ipToRC["1.1.1.1"])
-		h := clients.ipToRC["1.1.1.1"]
-		require.NotNil(t, h)
+		rc, ok := v.(*RuntimeClient)
+		require.True(t, ok)
+		require.NotNil(t, rc)

-		assert.Equal(t, h.WHOISInfo, whois)
+		assert.Equal(t, rc.WHOISInfo, whois)
 	})

 	t.Run("can't_set_manually-added", func(t *testing.T) {
+		ip := net.IP{1, 1, 1, 2}
+
 		ok, err := clients.Add(&Client{
 			IDs:  []string{"1.1.1.2"},
 			Name: "client1",
@@ -215,8 +239,10 @@ func TestClientsWHOIS(t *testing.T) {
 		require.NoError(t, err)
 		assert.True(t, ok)

-		clients.SetWHOISInfo("1.1.1.2", whois)
-		require.Nil(t, clients.ipToRC["1.1.1.2"])
+		clients.SetWHOISInfo(ip, whois)
+		v, _ := clients.ipToRC.Get(ip)
+		require.Nil(t, v)
+
 		assert.True(t, clients.Del("client1"))
 	})
 }
@@ -228,16 +254,18 @@ func TestClientsAddExisting(t *testing.T) {
 	clients.Init(nil, nil, nil)

 	t.Run("simple", func(t *testing.T) {
+		ip := net.IP{1, 1, 1, 1}
+
 		// Add a client.
 		ok, err := clients.Add(&Client{
-			IDs:  []string{"1.1.1.1", "1:2:3::4", "aa:aa:aa:aa:aa:aa", "2.2.2.0/24"},
+			IDs:  []string{ip.String(), "1:2:3::4", "aa:aa:aa:aa:aa:aa", "2.2.2.0/24"},
 			Name: "client1",
 		})
 		require.NoError(t, err)
 		assert.True(t, ok)

 		// Now add an auto-client with the same IP.
-		ok, err = clients.AddHost("1.1.1.1", "test", ClientSourceRDNS)
+		ok, err = clients.AddHost(ip, "test", ClientSourceRDNS)
 		require.NoError(t, err)
 		assert.True(t, ok)
 	})
@@ -245,7 +273,7 @@ func TestClientsAddExisting(t *testing.T) {
 	t.Run("complicated", func(t *testing.T) {
 		var err error

-		testIP := net.IP{1, 2, 3, 4}
+		ip := net.IP{1, 2, 3, 4}

 		// First, init a DHCP server with a single static lease.
 		config := dhcpd.ServerConfig{
@@ -267,7 +295,7 @@ func TestClientsAddExisting(t *testing.T) {

 		err = clients.dhcpServer.AddStaticLease(&dhcpd.Lease{
 			HWAddr:   net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
-			IP:       testIP,
+			IP:       ip,
 			Hostname: "testhost",
 			Expiry:   time.Now().Add(time.Hour),
 		})
@@ -275,7 +303,7 @@ func TestClientsAddExisting(t *testing.T) {

 		// Add a new client with the same IP as for a client with MAC.
 		ok, err := clients.Add(&Client{
-			IDs:  []string{testIP.String()},
+			IDs:  []string{ip.String()},
 			Name: "client2",
 		})
 		require.NoError(t, err)
--- a/internal/home/clientshttp.go
+++ b/internal/home/clientshttp.go
@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"net"
 	"net/http"
+
+	"github.com/AdguardTeam/golibs/log"
 )

 // clientJSON is a common structure used by several handlers to deal with
@@ -44,13 +46,13 @@ type clientJSON struct {
 type runtimeClientJSON struct {
 	WHOISInfo *RuntimeClientWHOISInfo `json:"whois_info"`

-	IP     string `json:"ip"`
 	Name   string `json:"name"`
 	Source string `json:"source"`
+	IP     net.IP `json:"ip"`
 }

 type clientListJSON struct {
-	Clients        []clientJSON        `json:"clients"`
+	Clients        []*clientJSON       `json:"clients"`
 	RuntimeClients []runtimeClientJSON `json:"auto_clients"`
 	Tags           []string            `json:"supported_tags"`
 }
@@ -66,11 +68,20 @@ func (clients *clientsContainer) handleGetClients(w http.ResponseWriter, _ *http
 		cj := clientToJSON(c)
 		data.Clients = append(data.Clients, cj)
 	}
-	for ip, rc := range clients.ipToRC {
+
+	clients.ipToRC.Range(func(ip net.IP, v interface{}) (cont bool) {
+		rc, ok := v.(*RuntimeClient)
+		if !ok {
+			log.Error("dns: bad type %T in ipToRC for %s", v, ip)
+
+			return true
+		}
+
 		cj := runtimeClientJSON{
-			IP:        ip,
-			Name:      rc.Host,
 			WHOISInfo: rc.WHOISInfo,
+
+			Name: rc.Host,
+			IP:   ip,
 		}

 		cj.Source = "etc/hosts"
@@ -86,7 +97,9 @@ func (clients *clientsContainer) handleGetClients(w http.ResponseWriter, _ *http
 		}

 		data.RuntimeClients = append(data.RuntimeClients, cj)
-	}
+
+		return true
+	})

 	data.Tags = clientTags

@@ -118,8 +131,8 @@ func jsonToClient(cj clientJSON) (c *Client) {
 }

 // Convert Client object to JSON
-func clientToJSON(c *Client) clientJSON {
-	cj := clientJSON{
+func clientToJSON(c *Client) (cj *clientJSON) {
+	return &clientJSON{
 		Name:                c.Name,
 		IDs:                 c.IDs,
 		Tags:                c.Tags,
@@ -134,19 +147,6 @@ func clientToJSON(c *Client) clientJSON {

 		Upstreams: c.Upstreams,
 	}
-
-	return cj
-}
-
-// runtimeClientToJSON converts a RuntimeClient into a JSON struct.
-func runtimeClientToJSON(ip string, rc RuntimeClient) (cj clientJSON) {
-	cj = clientJSON{
-		Name:      rc.Host,
-		IDs:       []string{ip},
-		WHOISInfo: rc.WHOISInfo,
-	}
-
-	return cj
 }

 // Add a new client
@@ -230,7 +230,7 @@ func (clients *clientsContainer) handleUpdateClient(w http.ResponseWriter, r *ht
 // Get the list of clients by IP address list
 func (clients *clientsContainer) handleFindClient(w http.ResponseWriter, r *http.Request) {
 	q := r.URL.Query()
-	data := []map[string]clientJSON{}
+	data := []map[string]*clientJSON{}
 	for i := 0; i < len(q); i++ {
 		idStr := q.Get(fmt.Sprintf("ip%d", i))
 		if idStr == "" {
@@ -239,20 +239,16 @@ func (clients *clientsContainer) handleFindClient(w http.ResponseWriter, r *http

 		ip := net.ParseIP(idStr)
 		c, ok := clients.Find(idStr)
-		var cj clientJSON
+		var cj *clientJSON
 		if !ok {
-			var found bool
-			cj, found = clients.findRuntime(ip, idStr)
-			if !found {
-				continue
-			}
+			cj = clients.findRuntime(ip, idStr)
 		} else {
 			cj = clientToJSON(c)
-			disallowed, rule := clients.dnsServer.IsBlockedIP(ip)
+			disallowed, rule := clients.dnsServer.IsBlockedClient(ip, idStr)
 			cj.Disallowed, cj.DisallowedRule = &disallowed, &rule
 		}

-		data = append(data, map[string]clientJSON{
+		data = append(data, map[string]*clientJSON{
 			idStr: cj,
 		})
 	}
@@ -265,39 +261,37 @@ func (clients *clientsContainer) handleFindClient(w http.ResponseWriter, r *http
 }

 // findRuntime looks up the IP in runtime and temporary storages, like
-// /etc/hosts tables, DHCP leases, or blocklists.
-func (clients *clientsContainer) findRuntime(ip net.IP, idStr string) (cj clientJSON, found bool) {
-	if ip == nil {
-		return cj, false
-	}
-
-	rc, ok := clients.FindRuntimeClient(idStr)
+// /etc/hosts tables, DHCP leases, or blocklists.  cj is guaranteed to be
+// non-nil.
+func (clients *clientsContainer) findRuntime(ip net.IP, idStr string) (cj *clientJSON) {
+	rc, ok := clients.FindRuntimeClient(ip)
 	if !ok {
 		// It is still possible that the IP used to be in the runtime
 		// clients list, but then the server was reloaded.  So, check
 		// the DNS server's blocked IP list.
 		//
 		// See https://github.com/AdguardTeam/AdGuardHome/issues/2428.
-		disallowed, rule := clients.dnsServer.IsBlockedIP(ip)
-		if rule == "" {
-			return clientJSON{}, false
-		}
-
-		cj = clientJSON{
+		disallowed, rule := clients.dnsServer.IsBlockedClient(ip, idStr)
+		cj = &clientJSON{
 			IDs:            []string{idStr},
 			Disallowed:     &disallowed,
 			DisallowedRule: &rule,
 			WHOISInfo:      &RuntimeClientWHOISInfo{},
 		}

-		return cj, true
+		return cj
 	}

-	cj = runtimeClientToJSON(idStr, rc)
-	disallowed, rule := clients.dnsServer.IsBlockedIP(ip)
+	cj = &clientJSON{
+		Name:      rc.Host,
+		IDs:       []string{idStr},
+		WHOISInfo: rc.WHOISInfo,
+	}
+
+	disallowed, rule := clients.dnsServer.IsBlockedClient(ip, idStr)
 	cj.Disallowed, cj.DisallowedRule = &disallowed, &rule

-	return cj, true
+	return cj
 }

 // RegisterClientsHandlers registers HTTP handlers
--- a/internal/home/dns.go
+++ b/internal/home/dns.go
@@ -105,8 +105,8 @@ func isRunning() bool {
 	return Context.dnsServer != nil && Context.dnsServer.IsRunning()
 }

-func onDNSRequest(d *proxy.DNSContext) {
-	ip := aghnet.IPFromAddr(d.Addr)
+func onDNSRequest(pctx *proxy.DNSContext) {
+	ip := aghnet.IPFromAddr(pctx.Addr)
 	if ip == nil {
 		// This would be quite weird if we get here.
 		return
--- a/internal/home/home.go
+++ b/internal/home/home.go
@@ -503,7 +503,7 @@ Please note, that this is crucial for a server to be able to use privileged port
 You have two options:
 1. Run AdGuard Home with root privileges
 2. On Linux you can grant the CAP_NET_BIND_SERVICE capability:
-https://github.com/AdguardTeam/AdGuardHome/internal/wiki/Getting-Started#running-without-superuser`
+https://github.com/AdguardTeam/AdGuardHome/wiki/Getting-Started#running-without-superuser`

 		log.Fatal(msg)
 	}
--- a/internal/home/rdns.go
+++ b/internal/home/rdns.go
@@ -102,12 +102,7 @@ func (r *RDNS) isCached(ip net.IP) (ok bool) {
 func (r *RDNS) Begin(ip net.IP) {
 	r.ensurePrivateCache()

-	if r.isCached(ip) {
-		return
-	}
-
-	id := ip.String()
-	if r.clients.Exists(id, ClientSourceRDNS) {
+	if r.isCached(ip) || r.clients.Exists(ip, ClientSourceRDNS) {
 		return
 	}

@@ -138,6 +133,6 @@ func (r *RDNS) workerLoop() {

 		// Don't handle any errors since AddHost doesn't return non-nil
 		// errors for now.
-		_, _ = r.clients.AddHost(ip.String(), host, ClientSourceRDNS)
+		_, _ = r.clients.AddHost(ip, host, ClientSourceRDNS)
 	}
 }
--- a/internal/home/rdns_test.go
+++ b/internal/home/rdns_test.go
@@ -8,6 +8,7 @@ import (
 	"testing"
 	"time"

+	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghstrings"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
 	"github.com/AdguardTeam/dnsproxy/upstream"
@@ -84,7 +85,7 @@ func TestRDNS_Begin(t *testing.T) {
 			clients: &clientsContainer{
 				list:    map[string]*Client{},
 				idIndex: tc.cliIDIndex,
-				ipToRC:  map[string]*RuntimeClient{},
+				ipToRC:  aghnet.NewIPMap(0),
 				allTags: aghstrings.NewSet(),
 			},
 		}
@@ -204,7 +205,7 @@ func TestRDNS_WorkerLoop(t *testing.T) {
 		cc := &clientsContainer{
 			list:    map[string]*Client{},
 			idIndex: map[string]*Client{},
-			ipToRC:  map[string]*RuntimeClient{},
+			ipToRC:  aghnet.NewIPMap(0),
 			allTags: aghstrings.NewSet(),
 		}
 		ch := make(chan net.IP)
@@ -236,7 +237,7 @@ func TestRDNS_WorkerLoop(t *testing.T) {
 				return
 			}

-			assert.True(t, cc.Exists(tc.cliIP.String(), ClientSourceRDNS))
+			assert.True(t, cc.Exists(tc.cliIP, ClientSourceRDNS))
 		})
 	}
 }
--- a/internal/home/whois.go
+++ b/internal/home/whois.go
@@ -252,7 +252,6 @@ func (w *WHOIS) workerLoop() {
 			continue
 		}

-		id := ip.String()
-		w.clients.SetWHOISInfo(id, info)
+		w.clients.SetWHOISInfo(ip, info)
 	}
 }