Pull request 2263: AGDNS-2280 Upd dnsproxy, golibs

Squashed commit of the following:

commit 8d83eebba851e8e09bb08b1c94a247cb049a1b75
Merge: c6574a33c b6ed76965
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Mon Aug 5 16:59:50 2024 +0300

    Merge branch 'master' into AGDNS-2280-upd-golibs

commit c6574a33c62171190199c8c07118d0ecd2174801
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Wed Jul 31 19:56:58 2024 +0300

    all: upd proxy, golibs

internal/aghnet/net_freebsd.go

@@ -6,10 +6,10 @@ import (
 	"bufio"
 	"fmt"
 	"io"
-	"net"
 	"strings"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
+	"github.com/AdguardTeam/golibs/netutil"
 )
 
 func ifaceHasStaticIP(ifaceName string) (ok bool, err error) {
@@ -38,9 +38,13 @@ func (n interfaceName) rcConfStaticConfig(r io.Reader) (_ []string, cont bool, e
 		// TODO(e.burkov):  Expand the check to cover possible
 		// configurations from man rc.conf(5).
 		fields := strings.Fields(line[cfgLeft:cfgRight])
-		if len(fields) >= 2 &&
-			strings.EqualFold(fields[0], "inet") &&
-			net.ParseIP(fields[1]) != nil {
+		switch {
+		case
+			len(fields) < 2,
+			!strings.EqualFold(fields[0], "inet"),
+			!netutil.IsValidIPString(fields[1]):
+			continue
+		default:
 			return nil, false, s.Err()
 		}
 	}

internal/aghnet/net_openbsd.go

@@ -6,10 +6,10 @@ import (
 	"bufio"
 	"fmt"
 	"io"
-	"net"
 	"strings"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
+	"github.com/AdguardTeam/golibs/netutil"
 )
 
 func ifaceHasStaticIP(ifaceName string) (ok bool, err error) {
@@ -25,7 +25,13 @@ func hostnameIfStaticConfig(r io.Reader) (_ []string, ok bool, err error) {
 	for s.Scan() {
 		line := strings.TrimSpace(s.Text())
 		fields := strings.Fields(line)
-		if len(fields) >= 2 && fields[0] == "inet" && net.ParseIP(fields[1]) != nil {
+		switch {
+		case
+			len(fields) < 2,
+			fields[0] != "inet",
+			!netutil.IsValidIPString(fields[1]):
+			continue
+		default:
 			return nil, false, s.Err()
 		}
 	}

internal/aghtls/aghtls.go

@@ -5,9 +5,10 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
-	"net/netip"
+	"slices"
 
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 )
 
 // init makes sure that the cipher name map is filled.
@@ -75,15 +76,5 @@ func SaferCipherSuites() (safe []uint16) {
 // CertificateHasIP returns true if cert has at least a single IP address among
 // its subjectAltNames.
 func CertificateHasIP(cert *x509.Certificate) (ok bool) {
-	if len(cert.IPAddresses) > 0 {
-		return true
-	}
-
-	for _, name := range cert.DNSNames {
-		if _, err := netip.ParseAddr(name); err == nil {
-			return true
-		}
-	}
-
-	return false
+	return len(cert.IPAddresses) > 0 || slices.ContainsFunc(cert.DNSNames, netutil.IsValidIPString)
 }

internal/dnsforward/config.go

@@ -697,7 +697,7 @@ func matchesDomainWildcard(host, pat string) (ok bool) {
 // the DNS names and patterns from certificate.  dnsNames must be sorted.
 func anyNameMatches(dnsNames []string, sni string) (ok bool) {
 	// Check sni is either a valid hostname or a valid IP address.
-	if netutil.ValidateHostname(sni) != nil && net.ParseIP(sni) == nil {
+	if !netutil.IsValidHostname(sni) && !netutil.IsValidIPString(sni) {
 		return false
 	}
 

internal/dnsforward/dialcontext.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 )
 
 // DialContext is an [aghnet.DialContextFunc] that uses s to resolve hostnames.
@@ -28,7 +29,7 @@ func (s *Server) DialContext(ctx context.Context, network, addr string) (conn ne
 		Timeout: time.Minute * 5,
 	}
 
-	if net.ParseIP(host) != nil {
+	if netutil.IsValidIPString(host) {
 		return dialer.DialContext(ctx, network, addr)
 	}
 

internal/home/middlewares.go

@@ -5,12 +5,15 @@ import (
 	"net/http"
 
 	"github.com/AdguardTeam/golibs/ioutil"
+	"github.com/c2h5oh/datasize"
 )
 
 // middlerware is a wrapper function signature.
 type middleware func(http.Handler) http.Handler
 
 // withMiddlewares consequently wraps h with all the middlewares.
+//
+// TODO(e.burkov):  Use [httputil.Wrap].
 func withMiddlewares(h http.Handler, middlewares ...middleware) (wrapped http.Handler) {
 	wrapped = h
 
@@ -23,11 +26,11 @@ func withMiddlewares(h http.Handler, middlewares ...middleware) (wrapped http.Ha
 
 const (
 	// defaultReqBodySzLim is the default maximum request body size.
-	defaultReqBodySzLim = 64 * 1024
+	defaultReqBodySzLim datasize.ByteSize = 64 * datasize.KB
 
 	// largerReqBodySzLim is the maximum request body size for APIs expecting
 	// larger requests.
-	largerReqBodySzLim = 4 * 1024 * 1024
+	largerReqBodySzLim datasize.ByteSize = 4 * datasize.MB
 )
 
 // expectsLargerRequests shows if this request should use a larger body size
@@ -38,26 +41,28 @@ const (
 // See https://github.com/AdguardTeam/AdGuardHome/issues/2666 and
 // https://github.com/AdguardTeam/AdGuardHome/issues/2675.
 func expectsLargerRequests(r *http.Request) (ok bool) {
-	m := r.Method
-	if m != http.MethodPost {
+	if r.Method != http.MethodPost {
 		return false
 	}
 
-	p := r.URL.Path
-	return p == "/control/access/set" ||
-		p == "/control/filtering/set_rules"
+	switch r.URL.Path {
+	case "/control/access/set", "/control/filtering/set_rules":
+		return true
+	default:
+		return false
+	}
 }
 
 // limitRequestBody wraps underlying handler h, making it's request's body Read
 // method limited.
 func limitRequestBody(h http.Handler) (limited http.Handler) {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		var szLim uint64 = defaultReqBodySzLim
+		szLim := defaultReqBodySzLim
 		if expectsLargerRequests(r) {
 			szLim = largerReqBodySzLim
 		}
 
-		reader := ioutil.LimitReader(r.Body, szLim)
+		reader := ioutil.LimitReader(r.Body, szLim.Bytes())
 
 		// HTTP handlers aren't supposed to call r.Body.Close(), so just
 		// replace the body in a clone.

internal/home/middlewares_test.go

@@ -14,29 +14,29 @@ import (
 
 func TestLimitRequestBody(t *testing.T) {
 	errReqLimitReached := &ioutil.LimitError{
-		Limit: defaultReqBodySzLim,
+		Limit: defaultReqBodySzLim.Bytes(),
 	}
 
 	testCases := []struct {
+		wantErr error
 		name    string
 		body    string
 		want    []byte
-		wantErr error
 	}{{
+		wantErr: nil,
 		name:    "not_so_big",
 		body:    "somestr",
 		want:    []byte("somestr"),
-		wantErr: nil,
 	}, {
+		wantErr: errReqLimitReached,
 		name:    "so_big",
 		body:    string(make([]byte, defaultReqBodySzLim+1)),
 		want:    make([]byte, defaultReqBodySzLim),
-		wantErr: errReqLimitReached,
 	}, {
+		wantErr: nil,
 		name:    "empty",
 		body:    "",
 		want:    []byte(nil),
-		wantErr: nil,
 	}}
 
 	makeHandler := func(t *testing.T, err *error) http.HandlerFunc {

internal/home/web.go

@@ -17,7 +17,7 @@ import (
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
-	"github.com/AdguardTeam/golibs/pprofutil"
+	"github.com/AdguardTeam/golibs/netutil/httputil"
 	"github.com/NYTimes/gziphandler"
 	"github.com/quic-go/quic-go/http3"
 	"golang.org/x/net/http2"
@@ -333,7 +333,7 @@ func startPprof(port uint16) {
 	runtime.SetMutexProfileFraction(1)
 
 	mux := http.NewServeMux()
-	pprofutil.RoutePprof(mux)
+	httputil.RoutePprof(mux)
 
 	go func() {
 		defer log.OnPanic("pprof server")

internal/next/websvc/websvc.go

@@ -24,7 +24,7 @@ import (
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/mathutil"
-	"github.com/AdguardTeam/golibs/pprofutil"
+	"github.com/AdguardTeam/golibs/netutil/httputil"
 	httptreemux "github.com/dimfeld/httptreemux/v5"
 )
 
@@ -107,7 +107,7 @@ func (svc *Service) setupPprof(c *PprofConfig) {
 	runtime.SetMutexProfileFraction(1)
 
 	pprofMux := http.NewServeMux()
-	pprofutil.RoutePprof(pprofMux)
+	httputil.RoutePprof(pprofMux)
 
 	svc.pprofPort = c.Port
 	addr := netip.AddrPortFrom(netip.AddrFrom4([4]byte{127, 0, 0, 1}), c.Port)