Pull request: all: fix some typos

Merge in DNS/adguard-home from fix-typos to master

Squashed commit of the following:

commit d6a79ea60fea9e9f8bebbe845f403787b93e6f66
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Tue Aug 17 15:54:09 2021 +0300

    all: fix some typos

AGHTechDoc.md

@@ -232,7 +232,7 @@ Deactivate DNSStubListener and update DNS server address.  Create a new file: `/
 	DNS=127.0.0.1
 	DNSStubListener=no
 
-Specifying "127.0.0.1" as DNS server address is necessry because otherwise the nameserver will be "127.0.0.53" which doesn't work without DNSStubListener.
+Specifying "127.0.0.1" as DNS server address is necessary because otherwise the nameserver will be "127.0.0.53" which doesn't work without DNSStubListener.
 
 Activate another resolv.conf file:
 
@@ -421,7 +421,8 @@ Enable DHCP server algorithm:
 
 DHCP leases are used in several ways by DNS module.
 
-* For "A" DNS reqeust we reply with an IP address leased by our DHCP server.
+* For "A" DNS request we reply with an IP address leased by our DHCP server.
+
 
 		< A bills-notebook.lan.
 		> A bills-notebook.lan. = 192.168.1.100
@@ -564,7 +565,7 @@ Request:
 		"gateway_ip":"192.169.56.1",
 		"subnet_mask":"255.255.255.0",
 		"range_start":"192.169.56.100",
-		"range_end":"192.169.56.200", // Note: first 3 octects must match "range_start"
+		"range_end":"192.169.56.200", // Note: first 3 octets must match "range_start"
 		"lease_duration":60,
 	},
 	"v6":{

CHANGELOG.md

@@ -27,7 +27,7 @@ and this project adheres to
 - Settable timeouts for querying the upstream servers ([#2280]).
 - Configuration file parameters to change group and user ID on startup on Unix
   ([#2763]).
-- Experimental OpenBSD support for AMD64 and 64-bit ARM CPUs ([#2439]).
+- Experimental OpenBSD support for AMD64 and 64-bit ARM CPUs ([#2439], [#3225]).
 - Support for custom port in DNS-over-HTTPS profiles for Apple's devices
   ([#3172]).
 - `darwin/arm64` support ([#2443]).
@@ -43,6 +43,7 @@ and this project adheres to
 
 ### Changed
 
+- Better OpenWrt detection ([#3435]).
 - DNS-over-HTTPS queries that come from HTTP proxies in the `trusted_proxies`
   list now use the real IP address of the client instead of the address of the
   proxy ([#2799]).
@@ -64,6 +65,11 @@ and this project adheres to
 
 ### Fixed
 
+- Inaccurate using of service actions in the installation script ([#3450]).
+- Client ID checking ([#3437]).
+- Discovering other DHCP servers on `darwin` and `freebsd` ([#3417]).
+- Switching listening address to unspecified one when bound to a single
+  specified IPv4 address on Darwin (macOS) ([#2807]).
 - Incomplete HTTP response for static IP address.
 - DNSCrypt queries weren't appearing in query log ([#3372]).
 - Wrong IP address for proxied DNS-over-HTTPS queries ([#2799]).
@@ -97,6 +103,7 @@ and this project adheres to
 [#2624]: https://github.com/AdguardTeam/AdGuardHome/issues/2624
 [#2763]: https://github.com/AdguardTeam/AdGuardHome/issues/2763
 [#2799]: https://github.com/AdguardTeam/AdGuardHome/issues/2799
+[#2807]: https://github.com/AdguardTeam/AdGuardHome/issues/2807
 [#3012]: https://github.com/AdguardTeam/AdGuardHome/issues/3012
 [#3013]: https://github.com/AdguardTeam/AdGuardHome/issues/3013
 [#3136]: https://github.com/AdguardTeam/AdGuardHome/issues/3136
@@ -109,6 +116,7 @@ and this project adheres to
 [#3194]: https://github.com/AdguardTeam/AdGuardHome/issues/3194
 [#3198]: https://github.com/AdguardTeam/AdGuardHome/issues/3198
 [#3217]: https://github.com/AdguardTeam/AdGuardHome/issues/3217
+[#3225]: https://github.com/AdguardTeam/AdGuardHome/issues/3225
 [#3256]: https://github.com/AdguardTeam/AdGuardHome/issues/3256
 [#3257]: https://github.com/AdguardTeam/AdGuardHome/issues/3257
 [#3289]: https://github.com/AdguardTeam/AdGuardHome/issues/3289
@@ -116,6 +124,10 @@ and this project adheres to
 [#3343]: https://github.com/AdguardTeam/AdGuardHome/issues/3343
 [#3351]: https://github.com/AdguardTeam/AdGuardHome/issues/3351
 [#3372]: https://github.com/AdguardTeam/AdGuardHome/issues/3372
+[#3417]: https://github.com/AdguardTeam/AdGuardHome/issues/3417
+[#3435]: https://github.com/AdguardTeam/AdGuardHome/issues/3435
+[#3437]: https://github.com/AdguardTeam/AdGuardHome/issues/3437
+[#3450]: https://github.com/AdguardTeam/AdGuardHome/issues/3450
 
 
 

client/src/__locales/be.json

@@ -112,6 +112,8 @@
     "for_last_24_hours": "за 24 гадзіны",
     "for_last_days": "за апошні {{count}} дзень",
     "for_last_days_plural": "за апошнія {{count}} дзён",
+    "stats_disabled": "Статыстыка была адключаная. Вы можаце ўключыць яго <0>на старонцы налад </0>.",
+    "stats_disabled_short": "Статыстыка была адключаная",
     "no_domains_found": "Дамены не знойдзены",
     "requests_count": "Колькасць запытаў",
     "top_blocked_domains": "Часта блакаваныя дамены",
@@ -326,7 +328,7 @@
     "install_devices_windows_list_2": "Перайдзіце ў \"Сеціва і інтэрнэт\", а потым у \"Цэнтр кіравання сеціва і агульным доступам\"",
     "install_devices_windows_list_3": "У левым боку экрана знайдзіце \"Змена параметраў адаптара\" і клікніце па ім.",
     "install_devices_windows_list_4": "Вылучыце ваша актыўнае падлучэнне, потым клікніце па ім правай клавішай мышы і выберыце \"Уласцівасці\".",
-    "install_devices_windows_list_5": "Знайдзіце ў спісе пункт \"IP версіі 4 (TCP/IP)\", вылучыце яго і потым ізноў націсніце \"Уласцівасці\".",
+    "install_devices_windows_list_5": "Знайдзіце ў спісе пункт \"IP версіі 4 (TCP/IPv4)\", вылучыце яго і потым ізноў націсніце \"Уласцівасці\".",
     "install_devices_windows_list_6": "Абярыце \"Выкарыстаць наступныя адрасы DNS-сервераў\" і ўвядзіце адрас AdGuard Home.",
     "install_devices_macos_list_1": "Клікніце па абразку Apple і перайдзіце ў «Сістэмныя налады».",
     "install_devices_macos_list_2": "Клікніце па іконцы «Сеціва».",
@@ -497,7 +499,7 @@
     "statistics_configuration": "Канфігурацыя статыстыкі",
     "statistics_retention": "Захаванне статыстыкі",
     "statistics_retention_desc": "Калі вы зменшыце значэнне інтэрвалу, некаторыя дадзеныя могуць быць згублены",
-    "statistics_clear": " Ачысціць статыстыку",
+    "statistics_clear": "Ачысціць статыстыку",
     "statistics_clear_confirm": "Вы ўпэўнены, што хочаце ачысціць статыстыку?",
     "statistics_retention_confirm": "Вы ўпэўнены, што хочаце змяніць тэрмін захоўвання статыстыкі? Пры скарачэнні інтэрвалу дадзеныя могуць быць згублены",
     "statistics_cleared": "Статыстыка паспяхова вычышчана",
@@ -595,6 +597,8 @@
     "cache_ttl_min_override_desc": "Перавызначыць TTL-значэнне (мінімальнае), атрыманае з upstream-сервера",
     "cache_ttl_max_override_desc": "Усталюйце максімальнае TTL-значэнне (секунды) для запісаў у кэшы DNS",
     "ttl_cache_validation": "Мінімальнае значэнне TTL кэша павінна быць менш ці роўна максімальнаму значэнню",
+    "cache_optimistic": "Аптымістычнае кэшаванне",
+    "cache_optimistic_desc": "Прымусьце AdGuard Home адказваць з кэша, нават калі тэрмін дзеяння запісаў скончыўся, а таксама паспрабуйце абнавіць іх.",
     "filter_category_general": "Галоўныя",
     "filter_category_security": "Бяспека",
     "filter_category_regional": "Рэгіянальныя",

client/src/__locales/cs.json

@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "Prodlužte nejkratší hodnotu TTL (v sekundách) obdrženou z odchozího serveru při ukládání DNS odpovědí do mezipaměti",
     "cache_ttl_max_override_desc": "Nastavte maximální hodnotu TTL (v sekundách) pro položky v mezipaměti DNS",
     "ttl_cache_validation": "Minimální hodnota TTL mezipaměti musí být menší nebo rovna maximální hodnotě",
-    "cache_optimistic": "Optimistický režim",
+    "cache_optimistic": "Optimistické ukládání do mezipaměti",
     "cache_optimistic_desc": "Nechte AdGuard Home odpovědět z mezipaměti, i když už platnost položek skončila. Také se je pokuste obnovit.",
     "filter_category_general": "Obecné",
     "filter_category_security": "Bezpečnost",

client/src/__locales/da.json

@@ -326,10 +326,10 @@
     "install_devices_router_list_4": "På visse routertyper kan en tilpasset DNS-server ikke opsættes. I så tilfælde kan det hjælpe, hvis du opsætter AdGuard Home som en <0>DHCP-server</0>. Ellers bør du tjekke i routermanualen, hvordan du tilpasser DNS-servere i din givne routermodel.",
     "install_devices_windows_list_1": "Åbn Kontrolpanel via menuen Start eller Windows-søgning.",
     "install_devices_windows_list_2": "Gå til kategorien Netværk og Internet og derefter til Netværks- og delingscenter.",
-    "install_devices_windows_list_3": "Til venstre finder du punktet Skift adapterindstillinger, klik på dette.",
+    "install_devices_windows_list_3": "Find punktet \"Skift adapterindstillinger\" til venstre på skærmen, klik på det.",
     "install_devices_windows_list_4": "Vælg din aktive forbindelse, højreklik på den og vælg Egenskaber.",
-    "install_devices_windows_list_5": "Find Internet Protocol Version 4 (TCP/IP) på listen, vælg den og klik derefter på Egenskaber igen.",
-    "install_devices_windows_list_6": "Vælg Brug følgende DNS-serveradresser og angiv dine AdGuard Home-serveradresser.",
+    "install_devices_windows_list_5": "Find \"Internet Protocol Version 4 (TCP/IPv4)\" (eller for IPv6, \"Internet Protocol Version 6 (TCP/IPv6)\") på listen, vælg den og klik derefter på Egenskaber igen.",
+    "install_devices_windows_list_6": "Vælg \"Brug følgende DNS-serveradresser og angiv dine AdGuard Home-serveradresser.",
     "install_devices_macos_list_1": "Klik på Apple-ikonet og gå til Systemindstillinger.",
     "install_devices_macos_list_2": "Klik på Netværk.",
     "install_devices_macos_list_3": "Vælg den første forbindelse på din liste, og klik på Avanceret.",
@@ -499,7 +499,7 @@
     "statistics_configuration": "Statistikopsætning",
     "statistics_retention": "Statistikbevarelse",
     "statistics_retention_desc": "Mindskes intervalværdien, vil nogle data gå tabt",
-    "statistics_clear": " Ryd statistikker",
+    "statistics_clear": "Ryd statistikker",
     "statistics_clear_confirm": "Sikker på, at du vil slette statistikkerne?",
     "statistics_retention_confirm": "Sikker på, at du vil ændre på statistikbevaring? Mindskes intervalværdien, vil nogle data gå tabt",
     "statistics_cleared": "Statistikkerne er ryddet",
@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "Forlæng korte time-to-live værdier (sekunder) modtaget fra upstream-serveren, når DNS-svar cachelagres",
     "cache_ttl_max_override_desc": "Indstil en maksimal time-to-live (sekunder) for registreringer i DNS-cachen",
     "ttl_cache_validation": "Minimum cache TTL-værdi skal være mindre end eller lig med den maksimale værdi",
-    "cache_optimistic": "Optimistisk",
+    "cache_optimistic": "Optimistisk caching",
     "cache_optimistic_desc": "Får AdGuard Home til at svare fra cachen, selv når posterne er udløbet, og prøver også at opdatere dem.",
     "filter_category_general": "Generelt",
     "filter_category_security": "Sikkerhed",

client/src/__locales/de.json

@@ -499,7 +499,7 @@
     "statistics_configuration": "Statistikkonfiguration",
     "statistics_retention": "Statistiken speichern",
     "statistics_retention_desc": "Wenn Sie den Zeitraum verringern, werden einige Daten verloren gehen",
-    "statistics_clear": " Statistiken leeren",
+    "statistics_clear": "Statistiken leeren",
     "statistics_clear_confirm": "Möchten Sie die Statistiken wirklich löschen?",
     "statistics_retention_confirm": "Möchten Sie wirklich die Aufbewahrung der Statistiken ändern? Wenn Sie den Zeitabstand verringern, gehen einige Daten verloren.",
     "statistics_cleared": "Statistiken wurden erfolgreich gelöscht",
@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "Überschreibt den TTL-Minimalwert, der vom vorgeschalteten Server empfangen wurde. Dieser Wert darf nicht mehr als 3600 (Sek.) (≙ 1 Stunde) betragen.",
     "cache_ttl_max_override_desc": "Überschreibt den TLL-Maximalwert, der vom vorgeschalteten Server empfangen wurde.",
     "ttl_cache_validation": "Der minimale Cache des TTL-Wertes muss kleiner oder gleich dem maximalen Wert sein",
-    "cache_optimistic": "Optimistisch",
+    "cache_optimistic": "Optimistisches Caching",
     "cache_optimistic_desc": "Sorgt dafür, dass AdGuard Home auch dann aus dem Zwischenspeicher antwortet, wenn die Einträge abgelaufen sind, und versucht zudem, diese zu aktualisieren.",
     "filter_category_general": "Allgemein",
     "filter_category_security": "Sicherheit",

client/src/__locales/en.json

@@ -98,7 +98,7 @@
     "copyright": "Copyright",
     "homepage": "Homepage",
     "report_an_issue": "Report an issue",
-    "privacy_policy": "Privacy policy",
+    "privacy_policy": "Privacy Policy",
     "enable_protection": "Enable protection",
     "enabled_protection": "Enabled protection",
     "disable_protection": "Disable protection",
@@ -499,7 +499,7 @@
     "statistics_configuration": "Statistics configuration",
     "statistics_retention": "Statistics retention",
     "statistics_retention_desc": "If you decrease the interval value, some data will be lost",
-    "statistics_clear": " Clear statistics",
+    "statistics_clear": "Clear statistics",
     "statistics_clear_confirm": "Are you sure you want to clear statistics?",
     "statistics_retention_confirm": "Are you sure you want to change statistics retention? If you decrease the interval value, some data will be lost",
     "statistics_cleared": "Statistics successfully cleared",
@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "Extend short time-to-live values (seconds) received from the upstream server when caching DNS responses",
     "cache_ttl_max_override_desc": "Set a maximum time-to-live value (seconds) for entries in the DNS cache",
     "ttl_cache_validation": "Minimum cache TTL value must be less than or equal to the maximum value",
-    "cache_optimistic": "Optimistic",
+    "cache_optimistic": "Optimistic caching",
     "cache_optimistic_desc": "Make AdGuard Home respond from the cache even when the entries are expired and also try to refresh them.",
     "filter_category_general": "General",
     "filter_category_security": "Security",

client/src/__locales/es.json

@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "Amplia el corto tiempo de vida de los valores recibidos del servidor DNS de subida al almacenar en caché las respuestas DNS",
     "cache_ttl_max_override_desc": "Establece un valor de tiempo de vida máximo para las entradas en la caché DNS",
     "ttl_cache_validation": "El valor TTL mínimo de la caché debe ser menor o igual al valor máximo",
-    "cache_optimistic": "Optimista",
+    "cache_optimistic": "Caché optimista",
     "cache_optimistic_desc": "Haz que AdGuard Home responda desde la caché incluso cuando las entradas estén expiradas y también intente actualizarlas.",
     "filter_category_general": "General",
     "filter_category_security": "Seguridad",

client/src/__locales/fr.json

@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "Prolonger les valeurs courtes de durée de vie (en secondes) reçues du serveur en amont lors de la mise en cache des réponses DNS",
     "cache_ttl_max_override_desc": "Établir la valeur de durée de vie TTL maximale (en secondes) pour les saisies dans le cache du DNS",
     "ttl_cache_validation": "La valeur TTL minimale du cache doit être inférieure ou égale à la valeur maximale",
-    "cache_optimistic": "Optimiste",
+    "cache_optimistic": "Caching optimiste",
     "cache_optimistic_desc": "Faites en sorte qu'AdGuard Home réponde à partir du cache même lorsque les entrées ont expiré et essayez également de les actualiser.",
     "filter_category_general": "Général",
     "filter_category_security": "Sécurité",

client/src/__locales/hr.json

@@ -491,6 +491,7 @@
     "interval_days": "{{count}} dan",
     "interval_days_plural": "{{count}} dana",
     "domain": "Domena",
+    "punycode": "Punycode",
     "answer": "Odgovor",
     "filter_added_successfully": "Popis je uspješno dodan",
     "filter_removed_successfully": "Ovaj popis je uspješno uklonjen",
@@ -596,7 +597,7 @@
     "cache_ttl_min_override_desc": "Povećajte kratke vrijednosti TTL-a (u sekundama) primljene od upstream poslužitelja prilikom predmemoriranja DNS odgovora",
     "cache_ttl_max_override_desc": "Postavite maksimalnu vrijednost TTL-a (u sekundama) za zapise u DNS predmemoriju",
     "ttl_cache_validation": "Minimalna vrijednost TTL predmemorije mora biti manja ili jednaka maksimalnoj vrijednosti",
-    "cache_optimistic": "optimistički",
+    "cache_optimistic": "Optimistično predmemoriranje",
     "cache_optimistic_desc": "Učinite da AdGuard Home reagira iz predmemorije čak i kada su unosi istekli i pokušajte ih osvježiti.",
     "filter_category_general": "Općenito",
     "filter_category_security": "Sigurnost",

client/src/__locales/hu.json

@@ -5,14 +5,18 @@
     "upstream_parallel": "Használjon párhuzamos lekéréseket a domainek feloldásának felgyorsításához az összes upstream kiszolgálóra való egyidejű lekérdezéssel.",
     "parallel_requests": "Párhuzamos lekérések",
     "load_balancing": "Terheléselosztás",
-    "load_balancing_desc": "Egyszerre csak egy szerverről történjen lekérdezés. Az AdGuard Home egy súlyozott, véletlenszerű algoritmust fog használni a megfelelő szerver kiválasztására, így a leggyorsabb szervert gyakrabban fogja használni.",
+    "load_balancing_desc": "Egyszerre csak egy szerverről történjen lekérdezés. Az AdGuard Home egy súlyozott, véletlenszerű algoritmust fog használni a megfelelő szerver kiválasztására, így a leggyorsabb szervert fogja a leggyakrabban használni.",
     "bootstrap_dns": "Bootstrap DNS kiszolgálók",
     "bootstrap_dns_desc": "A Bootstrap DNS szerverek a DoH/DoT feloldók IP-címeinek feloldására szolgálnak.",
     "local_ptr_title": "Privát DNS szerverek",
-    "local_ptr_desc": "Azok a DNS szerverek, amiket az AdGuard Home a helyi PTR kérésekhez használ. Ezeket a szervereket arra használjuk, hogy az rDNS segítségével fel lehessen oldani a kliensek hosztneveit. Ha nincs beállítva ilyen, akkor az AdGuard Home alapértelmezés szerint az OS nevét fogja feloldani.",
+    "local_ptr_desc": "Azok a DNS szerverek, amiket az AdGuard Home a helyi PTR kérésekhez használ. Ezeket a szervereket arra használjuk, hogy reverse DNS által feloldjuk a kliensek hosztneveit privát IP címekre, például \"192.168.12.34\". Ha nincs beállítva, akkor az AdGuard Home, kivéve az ő saját címét, az operációs rendszer alapértelmezett DNS feloldók címeit fogja használni.",
+    "local_ptr_default_resolver": "Alapesetben az AdGuard Home a következő reverse DNS feloldókat használja: {{ip}}.",
+    "local_ptr_no_default_resolver": "Az AdGuard Home nem tudta meghatározni a privát reverse DNS feloldókat ehhez a rendszerhez.",
     "local_ptr_placeholder": "Adjon meg soronként egy kiszolgáló címet",
     "resolve_clients_title": "Kliensek IP címeinek fordított feloldása",
-    "resolve_clients_desc": "Ha engedélyezve van, az AdGuard Home megpróbálja átfordítani a kliensek IP címeit hosztnevekre, PTR lekérdezéseket küldve a megfelelő feloldóknak (privát DNS szerverek a helyi kliensek számára, upstream szerverek a nyilvános IP címmel rendelkező ügyfelek számára).",
+    "resolve_clients_desc": "Fordítva oldja fel a kliensek IP címeit a hosztneveikre azáltal, hogy PTR lekérdezéseket küld a megfelelő feloldóknak (privát DNS szerverek a helyi kliensek számára, upstream szerverek a nyilvános IP címmel rendelkező kliensek számára).",
+    "use_private_ptr_resolvers_title": "Privát reverse DNS feloldók használata",
+    "use_private_ptr_resolvers_desc": "Reverse DNS keresések végzése a helyileg kiszolgált címekre ezeknek a szervereknek a használatával. Ha le van tiltva, az AdGuard Home az NXDOMAIN használatával válaszol minden ilyen PTR kérésre, kivéve azokat a klienseket, amelyeket már ismer a DHCP, /etc/hosts, stb. által.",
     "check_dhcp_servers": "DHCP szerverek keresése",
     "save_config": "Konfiguráció mentése",
     "enabled_dhcp": "DHCP szerver engedélyezve",
@@ -64,6 +68,9 @@
     "dhcp_new_static_lease": "Új statikus bérlet",
     "dhcp_static_leases_not_found": "Nem találhatóak statikus DHCP bérletek",
     "dhcp_add_static_lease": "Statikus bérlet hozzáadása",
+    "dhcp_reset_leases": "Bérletek alaphelyzetbe",
+    "dhcp_reset_leases_confirm": "Biztosan visszaállítja az összes bérletet?",
+    "dhcp_reset_leases_success": "DHCP bérletek alaphelyzetbe állítva",
     "dhcp_reset": "Biztosan visszaállítja a DHCP beállításokat?",
     "country": "Ország",
     "city": "Város",
@@ -105,6 +112,8 @@
     "for_last_24_hours": "az utóbbi 24 órában",
     "for_last_days": "az utóbbi {{count}} napban",
     "for_last_days_plural": "az utóbbi {{count}} napban",
+    "stats_disabled": "Ezek a statisztikák ki lettek kapcsolva. Be tudja kapcsolni őket a <0>beállítások oldalon</0>.",
+    "stats_disabled_short": "A statisztikák ki lettek kapcsolva",
     "no_domains_found": "Nem található domain",
     "requests_count": "Kérések száma",
     "top_blocked_domains": "Legtöbbet blokkolt domainek",
@@ -307,9 +316,9 @@
     "install_devices_title": "Állítsa be az eszközeit",
     "install_devices_desc": "Az AdGuard Home használatának megkezdéséhez be kell állítania az eszközeit, hogy azok használni tudják.",
     "install_submit_title": "Gratulálunk!",
-    "install_submit_desc": "A telepítési folyamat befejeződött, minden készen áll az AdGuard Home használatára.",
+    "install_submit_desc": "A telepítési folyamat befejeződött, használatba veheti az AdGuard Home-ot.",
     "install_devices_router": "Router",
-    "install_devices_router_desc": "Ez a beállítás lefed minden eszközt, amik az Ön routeréhez csatlakoznak, így azokat nem kell külön, kézzel beállítania.",
+    "install_devices_router_desc": "Ez a beállítás automatikusan kihat az összes eszközre, amik az otthoni routeréhez kapcsolódnak, nem szükséges őket egyenként, kézileg beállítani.",
     "install_devices_address": "Az AdGuard DNS szerver a következő címeket figyeli",
     "install_devices_router_list_1": "Nyissa meg a router beállításait. Ez általában a böngészőn keresztül történik egy URL megadásával (pl. http://192.168.0.1/ vagy http://192.168.1.1/). Ez az oldal valószínűleg felhasználónevet és jelszót fog kérni. Ha nem tudja a belépési adatokat, ellenőrizze a router dobozát, a router alján levő fehér címkét vagy a technikai dokumentációt az interneten. Végső esetben visszaállíthatja a routert, azonban ne feledje, hogyha ezt az eljárást választja, akkor valószínűleg elveszíti annak összes beállítását. Ha a router beállításához alkalmazásra van szükség, telepítse az alkalmazást a telefonjára vagy a számítógépére, és használja azt az útválasztó beállításainak eléréséhez.",
     "install_devices_router_list_2": "Keresse meg a DHCP/DNS beállításokat. Keresse a DNS szót egy olyan mező mellett, amely egy 4 csoportból álló, 1-3 számjegyű számsort vár.",
@@ -319,8 +328,8 @@
     "install_devices_windows_list_2": "Válassza a Hálózat és internet kategóriát, majd pedig a Hálózati és megosztási központot.",
     "install_devices_windows_list_3": "A képernyő bal oldalán keresse meg az Adapterbeállítások módosítása lehetőséget és kattintson rá.",
     "install_devices_windows_list_4": "Válassza ki a jelenleg is használt kapcsolatot, majd jobb egérgombbal kattintson rá és a megjelenő menüből válassza a Tulajdonságok elemet.",
-    "install_devices_windows_list_5": "Keresse meg az Internet Protocol Version 4 (TCP/IP) elemet a listában, válassza ki, majd ismét kattintson a Tulajdonságokra.",
-    "install_devices_windows_list_6": "Válassza a Következő DNS címek használata lehetőséget és adja meg az AdGuard Home szerver címeit.",
+    "install_devices_windows_list_5": "Keresse meg az Internet Protocol Version 4 (TCP/IPv4) elemet a listában, válassza ki, majd ismét kattintson a Tulajdonságokra.",
+    "install_devices_windows_list_6": "Válassza a \"Következő DNS címek használata\" lehetőséget és adja meg az AdGuard Home szerver címeit.",
     "install_devices_macos_list_1": "Kattintson az Apple ikonra és válassza a Rendszerbeállításokat.",
     "install_devices_macos_list_2": "Kattintson a Hálózat lehetőségre.",
     "install_devices_macos_list_3": "Válassza ki az első kapcsolatot a listából és kattintson a Haladó beállításokra.",
@@ -419,11 +428,11 @@
     "access_title": "Hozzáférési beállítások",
     "access_desc": "Itt konfigurálhatja az AdGuard Home DNS-kiszolgáló hozzáférési szabályait.",
     "access_allowed_title": "Engedélyezett kliensek",
-    "access_allowed_desc": "A CIDR vagy IP címek listája. Ha konfigurálva van, az AdGuard Home csak az ezekről az IP-címekről fogadja el a kéréseket.",
+    "access_allowed_desc": "CIDR-ek, IP-címek vagy kliensazonosítók listája. Ha be van állítva, akkor az AdGuard Home csak azokat a lekérdezéseket engedélyezi, amelyek ezektől a kliensektől érkeznek.",
     "access_disallowed_title": "Nem engedélyezett kliensek",
-    "access_disallowed_desc": "A CIDR vagy IP címek listája. Ha konfigurálva van, az AdGuard Home eldobja a lekérdezéseket ezekről az IP-címekről.",
+    "access_disallowed_desc": "CIDR-ek, IP-címek vagy kliensazonosítók listája. Ha be van állítva, akkor az AdGuard Home eldobja azokat a lekérdezéseket, amelyek ezektől a kliensektől érkeznek. Ha engedélyezett kliensek vannak ide bekonfigurálva, akkor pedig az a mező ki lesz hagyva.",
     "access_blocked_title": "Nem engedélyezett domainek",
-    "access_blocked_desc": "Ne keverje össze ezt a szűrőkkel. Az AdGuard Home az összes DNS kérést el fogja dobni, ami ezekkel a domainekkel kapcsolatos. Itt megadhatja a pontos domainneveket, a helyettesítő karaktereket és az urlfilter-szabályokat, pl. 'example.org', '*.example.org' vagy '||example.org^'.",
+    "access_blocked_desc": "Ne keverje össze ezt a szűrőkkel. Az AdGuard Home az összes DNS kérést el fogja dobni, ami ezekkel a domainekkel megegyezik, és ezek a lekérések nem is fognak megjelenni a lekérdezési naplóban sem. Megadhatja a pontos domain neveket, a helyettesítő karaktereket vagy az URL szűrési szabályokat, pl. ennek megfelelően \"example.org\", \"*.example.org\", vagy \"||example.org^\".",
     "access_settings_saved": "A hozzáférési beállítások sikeresen mentésre kerültek",
     "updates_checked": "A frissítések sikeresen ellenőrizve lettek",
     "updates_version_equal": "Az AdGuard Home naprakész",
@@ -477,10 +486,12 @@
     "encryption_key_source_content": "Privát kulcs tartalmának megadása",
     "stats_params": "Statisztikai beállítások",
     "config_successfully_saved": "A beállítások sikeresen el lettek mentve",
+    "interval_6_hour": "6 óra",
     "interval_24_hour": "24 óra",
     "interval_days": "{{count}} nap",
     "interval_days_plural": "{{count}} nap",
     "domain": "Domain",
+    "punycode": "Punycode",
     "answer": "Válasz",
     "filter_added_successfully": "A lista sikeresen hozzá lett adva",
     "filter_removed_successfully": "A lista sikeresen el lett távolítva",
@@ -488,7 +499,7 @@
     "statistics_configuration": "Statisztikai beállítások",
     "statistics_retention": "Statisztika megőrzése",
     "statistics_retention_desc": "Ha csökkenti az intervallum értékét, az előtte levő adatok elvesznek",
-    "statistics_clear": " Statisztikák visszaállítása",
+    "statistics_clear": "Statisztikák visszaállítása",
     "statistics_clear_confirm": "Biztosan vissza akarja állítani a statisztikákat?",
     "statistics_retention_confirm": "Biztos benne, hogy megváltoztatja a statisztika megőrzési idejét? Ha csökkentette az értéket, a megadottnál korábbi adatok elvesznek",
     "statistics_cleared": "A statisztikák sikeresen vissza lettek állítva",
@@ -523,8 +534,8 @@
     "rewrite_domain_name": "Domain név: CNAME rekord hozzáadása",
     "rewrite_A": "<0>A</0>: speciális érték, megtartja az upstream felől érkező <0>A</0> rekordokat",
     "rewrite_AAAA": "<0>AAAA</0>: speciális érték, megtartja az upstream felől érkező <0>AAAA</0> rekordokat",
-    "disable_ipv6": "IPv6 letiltása",
-    "disable_ipv6_desc": "Ha ez a szolgáltatás engedélyezve van, akkor az összes IPv6-cím (AAAA típus) DNS-lekérdezése elveszik.",
+    "disable_ipv6": "IPv6 címek feloldásának tiltása",
+    "disable_ipv6_desc": "Összes DNS kérés eldobása az IPv6 címekhez (AAAA típus).",
     "fastest_addr": "Leggyorsabb IP-cím",
     "fastest_addr_desc": "Kérdezze le az összes DNS-kiszolgálót, és adja vissza a leggyorsabb IP-címet a válaszok közül. Ez lelassítja a DNS-lekérdezéseket, mivel az összes DNS-kiszolgáló esetében meg kell várnunk a válaszokat, de javítja az összeköttetést.",
     "autofix_warning_text": "Ha a \"Javítás\" lehetőségre kattint, az AdGuard Home megpróbálja beállítani a rendszerét, hogy használja az AdGuard Home DNS szervert.",
@@ -561,7 +572,7 @@
     "list_updated": "{{count}} lista frissítve lett",
     "list_updated_plural": "{{count}} lista frissítve lett",
     "dnssec_enable": "DNSSEC engedélyezése",
-    "dnssec_enable_desc": "Állítsa be a DNSSEC jelzőt a kimenő DNS-lekérdezésekbe, és ellenőrizze az eredményt (szükséges a DNSSEC-kompatibilis feloldás)",
+    "dnssec_enable_desc": "DNSSEC flag beállítása a kimenő DNS kérésekhez, majd az eredmény ellenőrzése (DNSSEC-engedélyezett feloldó szükséges).",
     "validated_with_dnssec": "DNSSEC által ellenőrizve",
     "all_queries": "Minden kérés",
     "show_blocked_responses": "Blokkolva",
@@ -586,12 +597,14 @@
     "cache_ttl_min_override_desc": "Megnöveli a DNS kiszolgálótól kapott rövid TTL értékeket (másodpercben), ha gyorsítótárazza a DNS kéréseket",
     "cache_ttl_max_override_desc": "Állítson be egy maximális TTL értéket (másodpercben) a DNS gyorsítótár bejegyzéseihez",
     "ttl_cache_validation": "A minimális gyorsítótár TTL értéknek kisebbnek vagy egyenlőnek kell lennie a maximum értékkel",
+    "cache_optimistic": "Optimista gyorsítótár",
+    "cache_optimistic_desc": "Lehetővé teszi, hogy az AdGuard Home a gyorsítótárból válaszoljon, még abban az esetben is, ha az ott lévő bejegyzések lejértak, és próbálja meg frissíteni őket.",
     "filter_category_general": "Általános",
     "filter_category_security": "Biztonság",
     "filter_category_regional": "Regionális",
     "filter_category_other": "Egyéb",
     "filter_category_general_desc": "Olyan listák, amelyek blokkolják a nyomkövetést és a hirdetéseket a legtöbb eszközön",
-    "filter_category_security_desc": "Olyan listák, amelyek a kártékony, adathalász vagy átverős oldalak tiltására vannak kifejlesztve",
+    "filter_category_security_desc": "Kifejezetten a rosszindulatú, adathalász és átverős domainek blokkolására tervezett listák",
     "filter_category_regional_desc": "Olyan listák, amelyek a regionális hirdetések, valamint a nyomkövető szerverek ellen vannak kifejlesztve",
     "filter_category_other_desc": "További tiltólisták",
     "setup_config_to_enable_dhcp_server": "Konfiguráció beállítása a DHCP-kiszolgáló engedélyezéséhez",

client/src/__locales/id.json

@@ -8,11 +8,15 @@
     "load_balancing_desc": "Permintaan satu server pada satu waktu. AdGuard Home akan menggunakan algoritma acak tertimbang untuk memilih server sehingga server tercepat akan lebih sering digunakan.",
     "bootstrap_dns": "Server DNS bootstrap",
     "bootstrap_dns_desc": "Server Bootstrap DNS dapat digunakan untuk meresolve alamat IP pada DoH/DoT resolvers yang Anda tentukan sebagai upstreams.",
-    "local_ptr_title": "Server DNS pribadi",
-    "local_ptr_desc": "Server DNS yang digunakan AdGuard Home untuk kueri PTR lokal. Server ini digunakan untuk menetapkan nama host klien bersama alamat IP pribadi, sebagai contoh \"192.168.12.34\", menggunakan rDNS. Jika tidka diatur, AdGuard Home akan menggunakan resolver DNS bawaan/default OS Anda.",
+    "local_ptr_title": "Server pembalik DNS pribadi",
+    "local_ptr_desc": "Server DNS yang digunakan AdGuard Home untuk kueri PTR lokal. Server ini digunakan untuk menyelesaikan nama host klien dengan alamat IP pribadi, misalnya \"192.168.12.34\", menggunakan DNS terbalik. Jika tidak disetel, AdGuard Home menggunakan alamat resolver DNS default OS Anda kecuali untuk alamat AdGuard Home itu sendiri.",
+    "local_ptr_default_resolver": "Secara bawaan, AdGuard Home menggunakan pemecah DNS terbalik: {{ip}}.",
+    "local_ptr_no_default_resolver": "AdGuard Home tidak dapat menentukan pemecah DNS terbalik yang sesuai untuk sistem ini.",
     "local_ptr_placeholder": "Masukkan satu alamat server per baris",
     "resolve_clients_title": "Aktifkan resolusi hostname klien",
-    "resolve_clients_desc": "Jika diaktifkan, AdGuard Home akan mencoba menyelesaikan hostname klien secara otomatis dari alamat IP mereka dengan mengirimkan kueri PTR ke penyelesai yang sesuai (server DNS pribadi untuk klien lokal, server upstream untuk klien dengan IP publik).",
+    "resolve_clients_desc": "Menyelesaikan alamat IP klien secara terbalik ke nama host mereka dengan mengirimkan kueri PTR ke resolver yang sesuai (server DNS pribadi untuk klien lokal, server upstream untuk klien dengan alamat IP publik).",
+    "use_private_ptr_resolvers_title": "Gunakan server pembalik DNS pribadi",
+    "use_private_ptr_resolvers_desc": "Lakukan pencarian DNS terbalik untuk alamat yang disajikan secara lokal menggunakan server upstream ini. Jika dinonaktifkan, Adguard Home merespon dengan NXDOMAIN untuk semua permintaan PTR tersebut kecuali untuk klien yang diketahui dari DHCP, /etc/hosts, dan seterusnya.",
     "check_dhcp_servers": "Cek untuk server DHCP",
     "save_config": "Simpan pengaturan",
     "enabled_dhcp": "Server DHCP diaktifkan",
@@ -64,6 +68,9 @@
     "dhcp_new_static_lease": "Static lease baru",
     "dhcp_static_leases_not_found": "DHCP static lease tidak ditemukan",
     "dhcp_add_static_lease": "Tambah static lease",
+    "dhcp_reset_leases": "Atur ulang semua kontrak",
+    "dhcp_reset_leases_confirm": "Apakah Anda yakin ingin mengatur ulang kontrak Anda?",
+    "dhcp_reset_leases_success": "Kontrak DHCP berhasil diatur ulang",
     "dhcp_reset": "Apakah anda yakin ingin mengatur ulang konfigurasi DHCP anda?",
     "country": "Negara",
     "city": "Kota",
@@ -105,6 +112,8 @@
     "for_last_24_hours": "untuk 24 jam terakhir",
     "for_last_days": "untuk {{count}} hari terakhir",
     "for_last_days_plural": "selama {{count}} hari terakhir",
+    "stats_disabled": "Statistik telah dinonaktifkan. Anda dapat mengaktifkannya dari <0>halaman setelan</0>.",
+    "stats_disabled_short": "Statistik telah dinonaktifkan",
     "no_domains_found": "Domain tidak ditemukan",
     "requests_count": "Jumlah permintaan",
     "top_blocked_domains": "Domain diblokir teratas",
@@ -124,10 +133,10 @@
     "block_domain_use_filters_and_hosts": "Blokir domain menggunakan filter dan file hosts",
     "filters_block_toggle_hint": "Anda dapat menyiapkan aturan pemblokiran di pengaturan <a>Penyaringan</a>.",
     "use_adguard_browsing_sec": "Gunakan layanan web Keamanan Penjelajahan AdGuard",
-    "use_adguard_browsing_sec_hint": "AdGuard Home akan mengecek jika domain diblacklist oleh layanan web keamanan penjelajahan. Akan menggunakan lookup API yang ramah privasi untuk melakukan cek: hanya awalan singkat hash SHA256 dari nama domain yang dikirim ke server.",
+    "use_adguard_browsing_sec_hint": "AdGuard Home akan memeriksa apakah domain diblokir oleh layanan web keamanan penjelajahan. Ini akan menggunakan API pencarian yang ramah privasi untuk melakukan pemeriksaan: hanya awalan singkat dari hash nama domain SHA256 yang dikirim ke server.",
     "use_adguard_parental": "Gunakan layanan web kontrol orang tua AdGuard",
     "use_adguard_parental_hint": "AdGuard Home akan mengecek jika domain mengandung materi dewasa. Akan menggunakan API yang ramah privasi yang sama sebagai layanan web keamanan penjelajahan.",
-    "enforce_safe_search": "Paksa penelusuran aman",
+    "enforce_safe_search": "Pakai pencarian aman",
     "enforce_save_search_hint": "AdGuard Home dapat memaksa penelusuran aman pada mesin pencari berikut: Google, Youtube, Bing, DuckDuckGo, Yandex, dan Pixabay.",
     "no_servers_specified": "Sever tidak disebutkan",
     "general_settings": "Pengaturan umum",
@@ -268,7 +277,7 @@
     "form_enter_rate_limit": "Masukkan batas nilai",
     "rate_limit": "Batas nilai",
     "edns_enable": "Aktifkan EDNS Klien Subnet",
-    "edns_cs_desc": "Apabila dinyalakan, AdGuard Home akan mengirim subnet klien ke server-server DNS.",
+    "edns_cs_desc": "Kirim subnet klien ke server DNS.",
     "rate_limit_desc": "Jumlah permintaan per detik yang diperbolehkan untuk satu klien. Atur ke 0 untuk tidak terbatas.",
     "blocking_ipv4_desc": "Alamat IP akan dikembalikan untuk permintaan A yang diblokir",
     "blocking_ipv6_desc": "Alamat IP akan dipulihkan untuk permintaan AAAA yang diblokir",
@@ -309,7 +318,7 @@
     "install_submit_title": "Selamat!",
     "install_submit_desc": "Prosedur pengaturan telah selesai, dan anda siap untuk mulai menggunakan AdGuard Home.",
     "install_devices_router": "Router",
-    "install_devices_router_desc": "Pengaturan ini akan secara otomatis mencakup semua perangkat yang terhubung ke router rumah anda dan anda tak perlu mengkonfigurasikan secara manual.",
+    "install_devices_router_desc": "Setelan ini akan secara otomatis mencakup semua perangkat yang terhubung ke router rumah anda dan anda tak perlu mengkonfigurasikan secara manual.",
     "install_devices_address": "Server DNS AdGuard Home akan menggunakan alamat berikut",
     "install_devices_router_list_1": "Buka preferensi untuk router Anda. Biasanya, Anda dapat mengaksesnya dari browser Anda melalui URL, seperti http://192.168.0.1/ atau http://192.168.1.1/. Anda mungkin diminta untuk memasukkan kata sandi. Jika Anda tidak mengingatnya, Anda sering kali dapat mengatur ulang kata sandi dengan menekan tombol pada perute itu sendiri, tetapi perlu diketahui bahwa jika prosedur ini dipilih, Anda mungkin akan kehilangan seluruh konfigurasi perute. Jika router Anda memerlukan aplikasi untuk menyiapkannya, instal aplikasi tersebut di ponsel atau PC Anda dan gunakan untuk mengakses pengaturan router.",
     "install_devices_router_list_2": "Temukan pengaturan DHCP / DNS. Cari huruf DNS di sebelah bidang yang memungkinkan dua atau tiga set angka, masing-masing dipecah menjadi empat grup dengan satu hingga tiga digit.",
@@ -317,10 +326,10 @@
     "install_devices_router_list_4": "Anda tidak dapat menyetel server DNS kustom pada beberapa tipe router. Dalam hal ini mungkin membantu jika Anda mengatur AdGuard Home sebagai <0>server DHCP</0>. Jika tidak, Anda harus mencari petunjuk tentang cara mengkustomisasi server DNS untuk model router khusus Anda.",
     "install_devices_windows_list_1": "Buka Panel Kontrol melalui menu Start atau pencarian Windows.",
     "install_devices_windows_list_2": "Masuk ke kategori Jaringan dan Internet (Network and Internet) dan kemudian ke Pusat Jaringan dan Berbagi (Network and Sharing Center).",
-    "install_devices_windows_list_3": "Di sisi kiri layar temukan Ubah pengaturan adaptor dan klik.",
+    "install_devices_windows_list_3": "Di sisi kiri layar temukan \"Ubah pengaturan adaptor\" dan klik di atasnya.",
     "install_devices_windows_list_4": "Pilih koneksi aktif Anda, klik kanan padanya dan pilih Properties.",
-    "install_devices_windows_list_5": "Temukan Internet Protocol Version 4 (TCP / IP) dalam daftar, pilih dan kemudian klik Properties lagi.",
-    "install_devices_windows_list_6": "Pilih Gunakan alamat server DNS dan masukkan alamat server AdGuard Anda.",
+    "install_devices_windows_list_5": "Temukan \"Internet Protocol Version 4 (TCP/IPv4)\" (atau, untuk IPv6, \"Internet Protocol Version 6 (TCP/IPv6)\") dalam daftar, pilih dan kemudian klik Properties lagi.",
+    "install_devices_windows_list_6": "Pilih \"Gunakan alamat server DNS berikut\" dan masukkan alamat server Beranda AdGuard Anda.",
     "install_devices_macos_list_1": "Klik pada ikon Apple dan pergi ke System Preferences.",
     "install_devices_macos_list_2": "Klik pada Jaringan (Network)",
     "install_devices_macos_list_3": "Pilih koneksi pertama dalam daftar dan klik Advanced.",
@@ -329,7 +338,7 @@
     "install_devices_android_list_2": "Ketuk Wi-Fi pada menu. Layar akan mencantumkan semua jaringan yang tersedia dan akan ditampilkan (tidak mungkin untuk mengatur DNS khusus untuk koneksi seluler).",
     "install_devices_android_list_3": "Tekan lama jaringan yang terhubung, dan ketuk Ubah Jaringan.",
     "install_devices_android_list_4": "Pada beberapa perangkat, Anda mungkin perlu mencentang kotak Advanced untuk melihat pengaturan lebih lanjut. Untuk menyesuaikan pengaturan DNS Android Anda, Anda perlu mengalihkan pengaturan IP dari DHCP ke Statis.",
-    "install_devices_android_list_5": "Ubah nilai DNS 1 & DNS 2 ke alamat server AdGuard Home",
+    "install_devices_android_list_5": "Ubah nilai DNS 1 dan DNS 2 ke alamat server AdGuard Home Anda.",
     "install_devices_ios_list_1": "Dari layar beranda, ketuk Pengaturan.",
     "install_devices_ios_list_2": "Pilih Wi-Fi di menu sebelah kiri (tidak mungkin untuk mengkonfigurasi DNS untuk jaringan seluler).",
     "install_devices_ios_list_3": "Ketuk nama jaringan yang saat ini aktif.",
@@ -399,7 +408,7 @@
     "client_edit": "Ubah Klien",
     "client_identifier": "Identifikasi",
     "ip_address": "Alamat IP",
-    "client_identifier_desc": "Klien dapat diidentifikasi oleh alamat IP, CIDR, alamat MAC atau ID klien khusus (dapat digunakan untuk DoT/DoH/DoQ). <0>Di sini</0> Anda dapat mempelajari lebih lanjut tentang bagaimana mengidentifikasi klien.",
+    "client_identifier_desc": "Klien dapat diidentifikasi oleh alamat IP, CIDR, alamat MAC atau ID klien khusus (dapat digunakan untuk DoT/DoH/DoQ). <0>Di sini</0> Anda dapat mempelajari lebih lanjut tentang cara mengidentifikasi klien.",
     "form_enter_ip": "Masukkan IP",
     "form_enter_subnet_ip": "Masukkan alamat IP di subnet \"{{cidr}}\"",
     "form_enter_mac": "Masukkan MAC",
@@ -419,11 +428,11 @@
     "access_title": "Pengaturan akses",
     "access_desc": "Disini anda dapat mengatur aturan akses untuk server AdGuard Home DNS.",
     "access_allowed_title": "Klien yang diizinkan",
-    "access_allowed_desc": "Daftar CIDR atau alamat IP. Jika dikonfigurasi, AdGuard Home hanya akan menerima permintaan dari alamat IP ini.",
+    "access_allowed_desc": "Daftar CIDR, alamat IP, atau ID klien. Jika dikonfigurasi, AdGuard Home hanya akan menerima permintaan dari klien ini.",
     "access_disallowed_title": "Klien yang tidak diizinkan",
-    "access_disallowed_desc": "Daftar CIDR atau alamat IP. Jika dikonfigurasi, AdGuard Home akan membatalkan permintaan dari alamat IP ini.",
+    "access_disallowed_desc": "Daftar CIDR, alamat IP, atau ID klien. Jika dikonfigurasi, AdGuard Home akan menghapus permintaan dari klien ini. Jika klien yang diizinkan dikonfigurasi, bidang ini diabaikan.",
     "access_blocked_title": "Domain yang diblokir",
-    "access_blocked_desc": "Jangan bingung antara ini dengan filter. AdGuard Home akan membatalkan kueri DNS dengan domain ini dalam pertanyaan kueri. Di sini Anda dapat menentukan nama domain yang tepat, karakter pengganti, dan aturan filter URL, mis. \"example.org\", \"*.example.org\" atau \"||example.org^\".",
+    "access_blocked_desc": "Jangan bingung dengan filter. AdGuard Home menghapus kueri DNS yang cocok dengan domain ini, dan kueri ini bahkan tidak muncul di log kueri. Anda dapat menentukan nama domain, karakter pengganti, atau aturan filter URL yang tepat, mis. \"example.org\", \"*.example.org\", atau \"||example.org^\" yang sesuai.",
     "access_settings_saved": "Pengaturan akses berhasil disimpan",
     "updates_checked": "Pembaruan berhasil dicek",
     "updates_version_equal": "AdGuard Home sudah tebaru",
@@ -477,10 +486,12 @@
     "encryption_key_source_content": "Tempel konten kunci pribadi",
     "stats_params": "Konfigurasi statistik",
     "config_successfully_saved": "Konfigurasi berhasil disimpan",
+    "interval_6_hour": "6 jam",
     "interval_24_hour": "24 jam",
     "interval_days": "{{count}} hari",
     "interval_days_plural": "{{count}} hari",
     "domain": "Domain",
+    "punycode": "Kode kecil",
     "answer": "Jawab",
     "filter_added_successfully": "Filter telah berhasil ditambahkan",
     "filter_removed_successfully": "Daftar ini telah sukses dihapus",
@@ -488,7 +499,7 @@
     "statistics_configuration": "Konfigurasi statistik",
     "statistics_retention": "Statistik disimpan",
     "statistics_retention_desc": "Jika Anda menurunkan nilai interval, beberapa data akan hilang",
-    "statistics_clear": " Hapus statistik",
+    "statistics_clear": "Hapus statistik",
     "statistics_clear_confirm": "Apakah Anda yakin ingin menghapus statistik?",
     "statistics_retention_confirm": "Apakah Anda yakin ingin mengubah retensi statistik? Jika Anda menurunkan nilai interval, beberapa data akan hilang",
     "statistics_cleared": "Statistik berhasil dihapus",
@@ -523,8 +534,8 @@
     "rewrite_domain_name": "Nama domain: tambah ke rekaman CNAME",
     "rewrite_A": "<0>A</0>: nilai khusus, biarkan <0>A</0> merekam dari upstream",
     "rewrite_AAAA": "<0>AAAA</0>: nilai khusus, biarkan <0>AAAA</0> merekam dari upstream",
-    "disable_ipv6": "Matikan IPv6",
-    "disable_ipv6_desc": "Apabila fitur ini dinyalakan, semua permintaan DNS untuk alamat-alamat IPv6 (tipe AAAA) akan diputus.",
+    "disable_ipv6": "Nonaktifkan penyelesaian alamat IPv6",
+    "disable_ipv6_desc": "Jatuhkan semua kueri DNS untuk alamat IPv6 (ketik AAAA).",
     "fastest_addr": "Alamat IP tercepat",
     "fastest_addr_desc": "Kuiri semua server DNS dan kembalikan alamat IP tercepat diantara semua tanggapan. Ini memperlambat pencarian DNS Sebagai Rumah AdGuard harus menunggu tanggapan dari semua server DNS, tapi meningkatkan konektivitas keseluruhan.",
     "autofix_warning_text": "Apabila anda menekan \"Perbaiki\", AdGuardHome akan mengatur sistem anda untuk menggunakan server DNS AdGuardHome.",
@@ -586,6 +597,8 @@
     "cache_ttl_min_override_desc": "Perpanjang nilai waktu-online singkat (detik) yang diterima dari server upstream saat menyimpan respons DNS",
     "cache_ttl_max_override_desc": "Tetapkan nilai waktu-online maksimum (detik) untuk entri di cache DNS",
     "ttl_cache_validation": "Nilai TTL cache minimum harus kurang dari atau sama dengan nilai maksimum",
+    "cache_optimistic": "Caching yang optimis",
+    "cache_optimistic_desc": "Buat AdGuard Home merespons dari cache bahkan ketika entri telah kedaluwarsa dan juga mencoba untuk menyegarkannya.",
     "filter_category_general": "Umum",
     "filter_category_security": "Keamanan",
     "filter_category_regional": "Wilayah",

client/src/__locales/it.json

@@ -98,7 +98,7 @@
     "copyright": "Copyright",
     "homepage": "Pagina principale",
     "report_an_issue": "Segnala un problema",
-    "privacy_policy": "Politica sulla riservatezza",
+    "privacy_policy": "Politica sulla Riservatezza",
     "enable_protection": "Attiva protezione",
     "enabled_protection": "Protezione attiva",
     "disable_protection": "Disattiva protezione",
@@ -174,21 +174,21 @@
     "elapsed": "Trascorso",
     "filters_and_hosts_hint": "AdGuard Home è in grado di comprendere la sintassi delle regole blocca-annunci o quelle dei file hosts.",
     "no_blocklist_added": "Non è stata aggiunta alcuna lista di blocco",
-    "no_whitelist_added": "Non è stata aggiunta alcuna lista bianca",
+    "no_whitelist_added": "Non è stata aggiunta alcuna Lista bianca",
     "add_blocklist": "Aggiungi lista di blocco",
-    "add_allowlist": "Aggiungi lista bianca",
+    "add_allowlist": "Aggiungi Lista bianca",
     "cancel_btn": "Annulla",
     "enter_name_hint": "Inserisci nome",
     "enter_url_or_path_hint": "Inmetti un URL o il percorso assoluto della lista",
     "check_updates_btn": "Ricerca aggiornamenti",
     "new_blocklist": "Nuova lista di blocco",
-    "new_allowlist": "Nuova lista bianca",
+    "new_allowlist": "Nuova Lista bianca",
     "edit_blocklist": "Modifica lista di blocco",
-    "edit_allowlist": "Modifica lista bianca",
+    "edit_allowlist": "Modifica Lista bianca",
     "choose_blocklist": "Scegli liste di blocco",
     "choose_allowlist": "Scegli liste bianche",
     "enter_valid_blocklist": "Inserisci un URL valido nella lista di blocco.",
-    "enter_valid_allowlist": "Inserisci un URL valido nella lista bianca.",
+    "enter_valid_allowlist": "Inserisci un URL valido nella Lista bianca.",
     "form_error_url_format": "Formato url non valido",
     "form_error_url_or_path_format": "URL o percorso assoluto della lista non valido",
     "custom_filter_rules": "Regole filtri personalizzate",
@@ -499,7 +499,7 @@
     "statistics_configuration": "Configurazione delle statistiche",
     "statistics_retention": "Conservazione delle statistiche",
     "statistics_retention_desc": "Se il valore di intervallo dovesse diminuire, alcuni dati andranno persi",
-    "statistics_clear": " Azzera statistiche",
+    "statistics_clear": "Azzera statistiche",
     "statistics_clear_confirm": "Sei sicuro di voler azzerare le statistiche?",
     "statistics_retention_confirm": "Sei sicuro di voler modificare la conservazione delle statistiche? Se il valore di intervallo dovesse diminuire, alcuni dati andranno persi",
     "statistics_cleared": "Statistiche azzerate correttamente",
@@ -551,7 +551,7 @@
     "filtered_custom_rules": "Filtrato dalle regole filtro personalizzate",
     "choose_from_list": "Scegli dalla lista",
     "add_custom_list": "Aggiungi lista personalizzata",
-    "host_whitelisted": "L\\'host è stato aggiunto alla lista bianca",
+    "host_whitelisted": "L\\'host è stato aggiunto alla Lista bianca",
     "check_ip": "Indirizzi IP: {{ip}}",
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "Motivo: {{reason}}",
@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "Estende i valori brevi (in secondi) ricevuti dal server upstream durante la memorizzazione nella cache delle risposte DNS",
     "cache_ttl_max_override_desc": "Imposta un periodo massimo di attivazione (in secondi) per le voci nella cache DNS",
     "ttl_cache_validation": "Il valore minimo della cache TTL deve essere inferiore o uguale al valore massimo",
-    "cache_optimistic": "Ottimistico",
+    "cache_optimistic": "Optimistic caching",
     "cache_optimistic_desc": "Fai in modo che AdGuard Home risponda dalla cache anche quando le voci risultano scadute e prova anche ad aggiornarle.",
     "filter_category_general": "Generali",
     "filter_category_security": "Sicurezza",

client/src/__locales/ja.json

@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "DNS応答をキャッシュするとき、上流サーバから受信した短いTTL（秒単位）を延長します",
     "cache_ttl_max_override_desc": "DNSキャッシュ内のエントリの最大TTL（秒単位）を設定します",
     "ttl_cache_validation": "最小キャッシュTTL値は最大値以下にする必要があります",
-    "cache_optimistic": "Optimistic (オプティミスティック)",
+    "cache_optimistic": "Optimistic cashing (オプティミスティック・キャッシュ)",
     "cache_optimistic_desc": "エントリの有効期限が切れた場合でも、AdGuard Homeがキャッシュから応答するようにし、エントリの更新も試みます。",
     "filter_category_general": "一般",
     "filter_category_security": "セキュリティ",

client/src/__locales/ko.json

@@ -499,7 +499,7 @@
     "statistics_configuration": "통계 구성",
     "statistics_retention": "통계 저장 기간",
     "statistics_retention_desc": "값을 줄이면 설정한 값보다 오래된 데이터가 소멸됩니다.",
-    "statistics_clear": " 통계 초기화",
+    "statistics_clear": "통계 초기화",
     "statistics_clear_confirm": "통계를 정말로 초기화하시겠습니까?",
     "statistics_retention_confirm": "정말로 통계 저장 기간을 변경하시겠습니까? 저장 주기를 낮출 경우, 일부 데이터가 손실됩니다",
     "statistics_cleared": "통계를 성공적으로 초기화했습니다.",
@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "업스트림 서버에서 수신한 TTL 값(최소)을 무시합니다",
     "cache_ttl_max_override_desc": "업스트림 서버에서 수신한 TTL 값(최대)을 무시합니다",
     "ttl_cache_validation": "최소 캐시 TTL 값은 최대 값보다 이하여야 합니다",
-    "cache_optimistic": "캐시 유지",
+    "cache_optimistic": "옵티미스틱 캐시",
     "cache_optimistic_desc": "세션이 만료되었거나 새로고침을 시도하는 경우에도 AdGuard Home이 캐시를 기반으로 응답하도록 합니다.",
     "filter_category_general": "일반 목록",
     "filter_category_security": "보안 목록",

client/src/__locales/nl.json

@@ -1,6 +1,6 @@
 {
-    "client_settings": "Cliënt Instellingen",
-    "example_upstream_reserved": "Je kan een DNS upstream specifiëren <0>voor specifieke domein(en)</0>",
+    "client_settings": "Cliëntinstellingen",
+    "example_upstream_reserved": "Je kan een DNS-upstream opgeven <0>voor specifieke domein(en)</0>",
     "example_upstream_comment": "Je kan je commentaar specifiëren",
     "upstream_parallel": "Parallelle verzoeken gebruiken om te versnellen door gelijktijdig verzoeken te sturen naar alle upstream servers.",
     "parallel_requests": "Parallelle verzoeken",
@@ -223,7 +223,7 @@
     "domain_or_client": "Domein of cliënt",
     "type_table_header": "Type",
     "response_table_header": "Antwoord",
-    "response_code": "Reactie code",
+    "response_code": "Reactiecode",
     "client_table_header": "Gebruiker",
     "empty_response_status": "Leeg",
     "show_all_filter_type": "Toon alles",
@@ -499,7 +499,7 @@
     "statistics_configuration": "Statistieken configuratie",
     "statistics_retention": "Statistieken retentie",
     "statistics_retention_desc": "Als je de interval waarde vermindert, zullen sommige gegevens verloren gaan",
-    "statistics_clear": " Statistieken wissen",
+    "statistics_clear": "Statistieken wissen",
     "statistics_clear_confirm": "Alle statistieken werkelijk wissen?",
     "statistics_retention_confirm": "Weet u zeker dat u de bewaartermijn van de statistieken wilt wijzigen? Als u de intervalwaarde verlaagt, gaan sommige gegevens verloren",
     "statistics_cleared": "Statistieken succesvol gewist",
@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "Uitbreiden van korte Time-To-Live waardes (seconden) ontvangen van de upstream server bij het cachen van DNS antwoorden",
     "cache_ttl_max_override_desc": "Instellen van maximum time-to-live waarde (seconden) voor opslag in de DNS cache",
     "ttl_cache_validation": "Minimale waarde TTL-cache moet kleiner dan of gelijk zijn aan de maximale waarde",
-    "cache_optimistic": "Optimistisch",
+    "cache_optimistic": "Optimistisch cachen",
     "cache_optimistic_desc": "Laat AdGuard Home reageren vanuit de cache, zelfs als de vermeldingen zijn verlopen en probeer deze ook te vernieuwen.",
     "filter_category_general": "Algemeen",
     "filter_category_security": "Beveiliging",

client/src/__locales/no.json

@@ -253,6 +253,7 @@
     "source_label": "Kilde",
     "found_in_known_domain_db": "Funnet i databasen over kjente domener.",
     "category_label": "Kategori",
+    "rule_label": "Oppføring",
     "list_label": "Liste",
     "unknown_filter": "Ukjent filter {{filterId}}",
     "known_tracker": "Kjent sporer",
@@ -262,6 +263,7 @@
     "install_settings_listen": "Lytt til grensesnitt",
     "install_settings_port": "Port",
     "install_settings_interface_link": "Ditt AdGuard Home-admin-nettgrensesnitt vil være tilgjengelig på de følgende adressene:",
+    "form_error_port": "Skriv inn en gyldig portverdi",
     "install_settings_dns": "DNS-tjener",
     "install_settings_dns_desc": "Du vil måtte sette opp enhetene eller ruteren din(e) til å bruke DNS-tjeneren på disse adressene:",
     "install_settings_all_interfaces": "Alle grensesnitt",

client/src/__locales/pl.json

@@ -98,7 +98,7 @@
     "copyright": "Prawo autorskie",
     "homepage": "Strona główna",
     "report_an_issue": "Zgłoś problem",
-    "privacy_policy": "Polityka prywatności",
+    "privacy_policy": "Polityka Prywatności",
     "enable_protection": "Włącz ochronę",
     "enabled_protection": "Ochrona włączona ",
     "disable_protection": "Wyłącz ochronę",
@@ -499,7 +499,7 @@
     "statistics_configuration": "Konfiguracja statystyk",
     "statistics_retention": "Przechowywanie statystyk",
     "statistics_retention_desc": "Jeśli zmniejszysz wartość interwału, niektóre dane zostaną utracone",
-    "statistics_clear": " Wyczyść statystyki",
+    "statistics_clear": "Wyczyść statystyki",
     "statistics_clear_confirm": "Czy na pewno chcesz wyczyścić statystyki?",
     "statistics_retention_confirm": "Czy chcesz zmienić sposób przechowania statystyk? Jeżeli obniżysz wartość interwału, niektóre dane będą utracone",
     "statistics_cleared": "Statystyki zostały pomyślnie wyczyszczone",
@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "Zastąp wartość TTL (w sekundach) otrzymaną z serwera nadrzędnego podczas buforowania odpowiedzi DNS",
     "cache_ttl_max_override_desc": "Ustaw maksymalną wartość TTL (w sekundach) dla wpisów w pamięci podręcznej DNS",
     "ttl_cache_validation": "Minimalna pamięć podręczna wartości TTL musi być mniejsza lub równa maksymalnej wartości",
-    "cache_optimistic": "Optymistyczny",
+    "cache_optimistic": "Optymistyczne buforowanie",
     "cache_optimistic_desc": "Spraw, aby AdGuard Home odpowiadał z pamięci podręcznej, nawet gdy wpisy wygasły, a także spróbuj je odświeżyć.",
     "filter_category_general": "Ogólne",
     "filter_category_security": "Bezpieczeństwo",

client/src/__locales/pt-br.json

@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "Prolongue os valores de curta duração (segundos) recebidos do servidor primário ao armazenar em cache as respostas DNS",
     "cache_ttl_max_override_desc": "Defina um valor máximo de tempo de vida (segundos) para entradas no cache DNS",
     "ttl_cache_validation": "O valor TTL mínimo do cache deve ser menor ou igual ao valor máximo",
-    "cache_optimistic": "Otimista",
+    "cache_optimistic": "Cache otimista",
     "cache_optimistic_desc": "Faz o AdGuard Home responder a partir do cache mesmo quando as entradas expirarem e também tenta atualizá-las.",
     "filter_category_general": "Geral",
     "filter_category_security": "Segurança",

client/src/__locales/pt-pt.json

@@ -98,7 +98,7 @@
     "copyright": "Copyright",
     "homepage": "Página inicial",
     "report_an_issue": "Comunicar um problema",
-    "privacy_policy": "Política de Privacidade",
+    "privacy_policy": "Política de privacidade",
     "enable_protection": "Ativar protecção",
     "enabled_protection": "Ativar protecção",
     "disable_protection": "Desativar protecção",
@@ -499,7 +499,7 @@
     "statistics_configuration": "Definição das estatísticas",
     "statistics_retention": "Retenção de estatísticas",
     "statistics_retention_desc": "Se diminuir o valor do intervalo, alguns dados serão perdidos",
-    "statistics_clear": " Limpar estatísticas",
+    "statistics_clear": "Limpar estatísticas",
     "statistics_clear_confirm": "Tem a certeza de que deseja limpar as estatísticas?",
     "statistics_retention_confirm": "Tem a certeza que quer alterar a retenção de estatísticas? Se diminuir o valor do intervalo, alguns dados serão perdidos",
     "statistics_cleared": "As estatísticas foram apagadas com sucesso",
@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "Prolongue os valores de curta duração (segundos) recebidos do servidor primário ao armazenar em cache as respostas DNS",
     "cache_ttl_max_override_desc": "Defina um valor máximo de tempo de vida (segundos) para entradas no cache DNS",
     "ttl_cache_validation": "O valor TTL mínimo do cache deve ser menor ou igual ao valor máximo",
-    "cache_optimistic": "Otimista",
+    "cache_optimistic": "Cache otimista",
     "cache_optimistic_desc": "Faz o AdGuard Home responder a partir do cache mesmo quando as entradas expirarem e também tenta atualizá-las.",
     "filter_category_general": "Geral",
     "filter_category_security": "Segurança",

client/src/__locales/ro.json

@@ -326,7 +326,7 @@
     "install_devices_windows_list_2": "Accesați categoria \"Rețea și Internet\", apoi la \"Centrul de Rețea și Partajare\".",
     "install_devices_windows_list_3": "În partea stângă a ecranului găsiți \"Schimbare setări adaptor\" și clicați pe el.",
     "install_devices_windows_list_4": "Selectați conexiunea activă, faceți clic dreapta pe ea și alegeți \"Proprietăți\".",
-    "install_devices_windows_list_5": "Găsiți Internet Protocol Versiunea 4 (TCP/IP) din listă, selectați-l și apoi clicați din nou pe Proprietăți.",
+    "install_devices_windows_list_5": "Găsiți Internet Protocol Versiunea 4 (TCP/IPv4) din listă, selectați-l și apoi clicați din nou pe Proprietăți.",
     "install_devices_windows_list_6": "Alegeți Utilizați următoarele adrese de server DNS și introduceți adresele de server AdGuard Home.",
     "install_devices_macos_list_1": "Clicați pe icoana Apple și accesați Preferințele Sistemului.",
     "install_devices_macos_list_2": "Clicați pe Network.",

client/src/__locales/ru.json

@@ -499,7 +499,7 @@
     "statistics_configuration": "Конфигурация статистики",
     "statistics_retention": "Сохранение статистики",
     "statistics_retention_desc": "Если вы уменьшите значение интервала, некоторые данные могут быть утеряны",
-    "statistics_clear": " Очистить статистику",
+    "statistics_clear": "Очистить статистику",
     "statistics_clear_confirm": "Вы уверены, что хотите очистить статистику?",
     "statistics_retention_confirm": "Вы уверены, что хотите изменить срок хранения статистики? При сокращении интервала данные могут быть утеряны",
     "statistics_cleared": "Статистика успешно очищена",
@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "Расширить короткие TTL-значения (в секундах), полученные с upstream-сервера при кешировании DNS-ответов",
     "cache_ttl_max_override_desc": "Установить максимальное TTL-значение (в секундах) для записей в DNS-кэше",
     "ttl_cache_validation": "Минимальное значение TTL-кеша должно быть меньше или равно максимальному значению",
-    "cache_optimistic": "Оптимистичный",
+    "cache_optimistic": "Оптимистическое кеширование",
     "cache_optimistic_desc": "AdGuard Home будет отвечать из кеша, даже если ответы в нём неактуальны, и попытается обновить их.",
     "filter_category_general": "Общие",
     "filter_category_security": "Безопасность",

client/src/__locales/si-lk.json

@@ -44,7 +44,7 @@
     "country": "රට",
     "city": "නගරය",
     "delete_confirm": "\"{{key}}\" මකා දැමීමට අවශ්‍ය බව ඔබට විශ්වාසද?",
-    "form_enter_hostname": "ධාරක නාමය ඇතුළත් කරන්න",
+    "form_enter_hostname": "ධාරක නාමය ඇතුල් කරන්න",
     "error_details": "දෝෂ විස්තර",
     "response_details": "ප්‍රතිචාරය‌ෙහි විස්තර",
     "request_details": "ඉල්ලීමෙහි විස්තර",
@@ -108,14 +108,14 @@
     "general_settings": "පොදු සැකසුම්",
     "dns_settings": "ව.නා.ප. සැකසුම්",
     "dns_blocklists": "ව.නා.ප. අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තු",
-    "dns_allowlists": "ව.නා.ප. අවසර දීමේ ලැයිස්තු",
+    "dns_allowlists": "ව.නා.ප. ඉඩ දීමේ ලැයිස්තු",
     "dns_blocklists_desc": "ඇඩ්ගාර්ඩ් හෝම් විසින් අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තු වලට ගැලපෙන වසම් අවහිර කරනු ඇත.",
-    "dns_allowlists_desc": "අවසර දීමේ ව.නා.ප. ලැයිස්තුවල වසම් කිසියම් අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තුවක අඩංගු වුවද එය නොසලකා හැර අවසර දෙනු ලැබේ.",
+    "dns_allowlists_desc": "ඉඩ දීමේ ව.නා.ප. ලැයිස්තුවල වසම් කිසියම් අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තුවක අඩංගු වුවද එය නොසලකා හැර ඉඩ දෙනු ලැබේ.",
     "custom_filtering_rules": "අභිරුචි පෙරීමේ නීති",
     "encryption_settings": "සංකේතාංකන සැකසුම්",
     "dhcp_settings": "ග.ධා.වි.කෙ. සැකසුම්",
     "upstream_dns": "Upstream ව.නා.ප. සේවාදායකයන්",
-    "upstream_dns_help": "පේළියකට එක් සේවාදායක ලිපිනය බැගින් ඇතුළත් කරන්න. upstream ව.නා.ප. (DNS) \n සේවාදායකයන් වින්‍යාසගත කිරීම ගැන <a>තව දැනගන්න</a>.",
+    "upstream_dns_help": "පේළියකට එක් සේවාදායක ලිපිනය බැගින් ඇතුල් කරන්න. upstream ව.නා.ප. (DNS) \n සේවාදායකයන් වින්‍යාසගත කිරීම ගැන <a>තව දැනගන්න</a>.",
     "upstream_dns_configured_in_file": "{{path}} හි වින්‍යාසගත කර ඇත",
     "apply_btn": "යොදන්න",
     "disabled_filtering_toast": "පෙරීම අබල කර ඇත",
@@ -138,25 +138,25 @@
     "elapsed": "ගත වූූූ කාලය",
     "filters_and_hosts_hint": "ඇඩ්ගාර්ඩ් හෝම් මූලික දැන්වීම් වාරණ නීති සහ ධාරක ගොනු පද ගැලපුම් තේරුම් ගනී.",
     "no_blocklist_added": "අවහිර කිරීමේ ලැයිස්තු එකතු කර නැත",
-    "no_whitelist_added": "අවසර දීමේ ලැයිස්තු එකතු කර නැත",
+    "no_whitelist_added": "ඉඩ දීමේ ලැයිස්තු එකතු කර නැත",
     "add_blocklist": "අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තුවක් එකතු කරන්න",
-    "add_allowlist": "අවසර දීමේ ලැයිස්තුවක් එකතු කරන්න",
+    "add_allowlist": "ඉඩ දීමේ ලැයිස්තුවක් එකතු කරන්න",
     "cancel_btn": "අහෝසි කරන්න",
-    "enter_name_hint": "නම ඇතුළත් කරන්න",
-    "enter_url_or_path_hint": "ලැයිස්තුවක ඒ.ස.නි.(URL) හෝ ස්ථීර මාර්ගයක් ඇතුළත් කරන්න",
+    "enter_name_hint": "නම ඇතුල් කරන්න",
+    "enter_url_or_path_hint": "ලැයිස්තුවක ඒ.ස.නි.(URL) හෝ ස්ථීර මාර්ගයක් ඇතුල් කරන්න",
     "check_updates_btn": "යාවත්කාල පරීක්ෂා කරන්න",
     "new_blocklist": "නව අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තුව",
-    "new_allowlist": "නව අවසර දීමේ ලැයිස්තුව",
+    "new_allowlist": "නව ඉඩ දීමේ ලැයිස්තුව",
     "edit_blocklist": "අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තුව සංස්කරණය කරන්න",
-    "edit_allowlist": "අවසර දීමේ ලැයිස්තුව සංස්කරණය කරන්න",
+    "edit_allowlist": "ඉඩ දීමේ ලැයිස්තුව සංස්කරණය කරන්න",
     "choose_blocklist": "අවහිර කීරීමේ ලැයිස්තුවක් තෝරන්න",
-    "choose_allowlist": "අනවහිර කීරීමේ ලැයිස්තුවක් තෝරන්න",
-    "enter_valid_blocklist": "අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තුවට වලංගු ඒ.ස.නි.(URL) ලිපිනයක් ඇතුළත් කරන්න.",
-    "enter_valid_allowlist": "අවසර දීමේ ලැයිස්තුවට වලංගු ඒ.ස.නි.(URL) ලිපිනයක් ඇතුළත් කරන්න.",
+    "choose_allowlist": "ඉඩ දීමේ ලැයිස්තු තෝරන්න",
+    "enter_valid_blocklist": "අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තුවට වලංගු ඒ.ස.නි.(URL) ලිපිනයක් ඇතුල් කරන්න.",
+    "enter_valid_allowlist": "ඉඩ දීමේ ලැයිස්තුවට වලංගු ඒ.ස.නි.(URL) ලිපිනයක් ඇතුල් කරන්න.",
     "form_error_url_format": "වලංගු නොවන ඒ.ස.නි.(URL) ආකෘතියකි",
     "form_error_url_or_path_format": "ලැයිස්තුවක වලංගු නොවන ඒ.ස.නි.(URL) හෝ ස්ථීර මාර්ගයකි",
     "custom_filter_rules": "අභිරුචි පෙරීමේ නීති",
-    "custom_filter_rules_hint": "පේළියකට එක් නීතියක් බැගින් ඇතුළත් කරන්න. ඔබට දැන්වීම් අවහිර කිරීමේ නීති හෝ ධාරක ගොනු පද ගැලපුම් භාවිතා කළ හැකිය.",
+    "custom_filter_rules_hint": "පේළියකට එක් නීතියක් බැගින් ඇතුල් කරන්න. ඔබට දැන්වීම් අවහිර කිරීමේ නීති හෝ ධාරක ගොනු පද ගැලපුම් භාවිතා කළ හැකිය.",
     "examples_title": "උදාහරණ",
     "example_meaning_filter_block": "example.org වසමට සහ එහි සියලුම උප වසම් වලට පිවිසීම අවහිර කරයි",
     "example_meaning_filter_whitelist": "example.org වසමට සහ එහි සියලුම උප වසම් වලට ප්‍රවේශය අවහිර නොකරයි",
@@ -175,8 +175,8 @@
     "dns_test_not_ok_toast": "සේවාදායක \"{{key}}\": භාවිතා කළ නොහැකි විය, කරුණාකර ඔබ එය නිවැරදිව ලියා ඇත්දැයි පරීක්ෂා කරන්න",
     "unblock": "අනවහිර",
     "block": "අවහිර",
-    "disallow_this_client": "මෙම අනුග්‍රාහකයට අවසර නොදෙන්න",
-    "allow_this_client": "මෙම අනුග්‍රාහකයට අවසර දෙන්න",
+    "disallow_this_client": "මෙම අනුග්‍රාහකයට නොඉඩ දෙන්න",
+    "allow_this_client": "මෙම අනුග්‍රාහකයට ඉඩ දෙන්න",
     "block_for_this_client_only": "මෙම අනුග්‍රාහකයට පමණක් අවහිර කරන්න",
     "unblock_for_this_client_only": "මෙම අනුග්‍රාහකයට පමණක් අනවහිර කරන්න",
     "time_table_header": "වේලාව",
@@ -227,9 +227,9 @@
     "client_id_placeholder": "අනුග්‍රාහකයේ හැඳුනුම යොදන්න",
     "download_mobileconfig": "වින්‍යාසගත ගොනුව බාගන්න",
     "plain_dns": "සරල ව.නා.ප.",
-    "form_enter_rate_limit": "අනුපාත සීමාව ඇතුළත් කරන්න",
+    "form_enter_rate_limit": "අනුපාත සීමාව ඇතුල් කරන්න",
     "rate_limit": "අනුපාත සීමාව",
-    "edns_enable": "EDNS අනුග්‍රාහක අනුජාලය සබල කරන්න",
+    "rate_limit_desc": "එක් අනුග්‍රාහකයකට ඉඩ දී ඇති තත්පරයට ඉල්ලීම් ගණන. එය 0 ලෙස සැකසීම යනුවෙන් අදහස් කරන්නේ සීමාවක් නැති බවයි.",
     "blocking_ipv4_desc": "අවහිර කළ A ඉල්ලීමක් සඳහා ආපසු එවිය යුතු අ.ජා. කෙ. (IP) ලිපිනය",
     "blocking_ipv6_desc": "අවහිර කළ AAAA ඉල්ලීමක් සඳහා ආපසු එවිය යුතු අ.ජා. කෙ. (IP) ලිපිනය",
     "blocking_mode_default": "පොදු: දැන්වීම් අවහිර කරන ආකාරයේ නීතියක් මගින් අවහිර කළ විට REFUSED සමඟ ප්‍රතිචාර දක්වයි; /etc/host-style ආකාරයේ නීතියක් මගින් අවහිර කළ විට නීතියේ දක්වා ඇති අ.ජා. කෙ. ලිපිනය සමඟ ප්‍රතිචාර දක්වයි",
@@ -250,9 +250,9 @@
     "install_welcome_desc": "ඇඩ්ගාර්ඩ් හෝම් යනු ජාලය පුරා ඇති දැන්වීම් සහ ලුහුබැඳීම අවහිර කරන ව.නා.ප. සේවාදායකි. ඔබගේ මුළු ජාලය සහ සියලුම උපාංග පාලනය කිරීමට ඉඩ සලසා දීම එහි පරමාර්ථය යි, එයට අනුග්‍රාහක පාර්ශවීය වැඩසටහනක් භාවිතා කිරීම අවශ්‍ය නොවේ.",
     "install_settings_title": "පරිපාලක වියමන අතුරු මුහුණත",
     "install_settings_listen": "සවන් දෙන අතුරු මුහුණත",
-    "install_settings_port": "කවුළුව",
+    "install_settings_port": "කෙවෙනිය",
     "install_settings_interface_link": "ඔබගේ ඇඩ්ගාර්ඩ් හෝම් පරිපාලක වියමන අතුරු මුහුණත පහත ලිපිනයන්ගෙන් ප්‍රවේශ විය හැකිය:",
-    "form_error_port": "වලංගු කවුළුවක අගයක් යොදන්න",
+    "form_error_port": "වලංගු කෙවෙනියක අගයක් යොදන්න",
     "install_settings_dns": "ව.නා.ප. සේවාදායකය",
     "install_settings_dns_desc": "පහත ලිපිනයන්හි ව.නා.ප. සේවාදායකය භාවිතා කිරීම සඳහා ඔබගේ උපාංග හෝ මාර්ගකාරකය වින්‍යාසගත කිරීමට අවශ්‍ය වනු ඇත:",
     "install_settings_all_interfaces": "සියලුම අතුරුමුහුණත්",
@@ -261,8 +261,8 @@
     "install_auth_username": "පරිශීලක නාමය",
     "install_auth_password": "මුරපදය",
     "install_auth_confirm": "මුරපදය තහවුරු කරන්න",
-    "install_auth_username_enter": "පරිශීලක නාමය ඇතුළත් කරන්න",
-    "install_auth_password_enter": "මුරපදය ඇතුළත් කරන්න",
+    "install_auth_username_enter": "පරිශීලක නාමය ඇතුල් කරන්න",
+    "install_auth_password_enter": "මුරපදය ඇතුල් කරන්න",
     "install_step": "පියවර",
     "install_devices_title": "ඔබගේ උපාංග වින්‍යාසගත කරන්න",
     "install_devices_desc": "ඇඩ්ගාර්ඩ් හෝම් භාවිතා කිරීම ආරම්භයට, ඔබගේ උපාංග එය පරිශ්‍රීලනයට වින්‍යාසගත කිරීම අවශ්‍ය වේ.",
@@ -272,7 +272,7 @@
     "install_devices_router_desc": "මෙම පිහිටුම ඔබගේ නිවසේ මාර්ගකාරකයට සම්බන්ධ සියලුම උපාංග ස්වයංක්‍රීයව ආවරණය කරන අතර ඔබට ඒ සෑම එකක්ම අතින් වින්‍යාසගත කිරීමට අවශ්‍ය නොවේ.",
     "install_devices_address": "ඇඩ්ගාර්ඩ් හෝම් ව.නා.ප. සේවාදායකය පහත ලිපිනයන්ට සවන් දෙමින් පවතී",
     "install_devices_router_list_2": "ග.ධා.වි.කෙ. (DHCP)/ ව.නා.ප. (DNS) සැකසුම් සොයා ගන්න. ඉලක්කම් කට්ටල දෙකකට හෝ තුනකට ඉඩ දෙන ක්ෂේත්‍රයක් අසල ඇති ව.නා.ප. අක්ෂර සොයන්න, සෑම එකක්ම ඉලක්කම් එකේ සිට තුන දක්වා කාණ්ඩ හතරකට බෙදා ඇත.",
-    "install_devices_router_list_3": "ඔබගේ ඇඩ්ගාර්ඩ් හෝම් සේවාදායක ලිපින එහි ඇතුළත් කරන්න.",
+    "install_devices_router_list_3": "ඔබගේ ඇඩ්ගාර්ඩ් හෝම් සේවාදායක ලිපින එහි ඇතුල් කරන්න.",
     "install_devices_router_list_4": "ඔබට සමහර වර්ගයේ මාර්ගකාරකය වල අභිරුචි ව.නා.ප. සේවාදායකයක් සැකසිය නොහැක. මෙම අවස්ථාවේදී ඇඩ්ගාර්ඩ් හෝම් <0>ග.ධා.වි.කෙ. සේවාදායකයක්</0> ලෙස පිහිටුවන්නේ නම් එය උපකාර වනු ඇත. එසේ නොමැතිනම්, ඔබගේ විශේෂිත මාර්ගකාරක මාදිළිය සඳහා වූ ව.නා.ප. සේවාදායකයන් රිසිකරණය කරන්නේ කෙසේද යන්න පිළිබඳ අත්පොත පරීක්ෂා කළ යුතුය.",
     "install_devices_windows_list_1": "ආරම්භක මෙනුව හෝ වින්ඩෝස් සෙවුම හරහා පාලක පැනලය විවෘත කරන්න.",
     "install_devices_windows_list_2": "ජාල සහ අන්තර්ජාල ප්‍රවර්ගයට ගොස් පසුව ජාල සහ බෙදාගැනීමේ මධ්‍යස්ථානය වෙත යන්න.",
@@ -283,7 +283,7 @@
     "install_devices_macos_list_1": "ඇපල් අයිකනය මත ක්ලික් කර පද්ධති මනාපයන් වෙත යන්න.",
     "install_devices_macos_list_2": "ජාලය මත ක්ලික් කරන්න.",
     "install_devices_macos_list_3": "ඔබගේ ලැයිස්තුවේ පළමු සම්බන්ධතාවය තෝරා උසස් මත ක්ලික් කරන්න.",
-    "install_devices_macos_list_4": "ව.නා.ප. (DNS) තීරුව තෝරා ඔබගේ ඇඩ්ගාර්ඩ් හෝම් සේවාදායක ලිපින ඇතුළත් කරන්න.",
+    "install_devices_macos_list_4": "ව.නා.ප. (DNS) තීරුව තෝරා ඔබගේ ඇඩ්ගාර්ඩ් හෝම් සේවාදායක ලිපින ඇතුල් කරන්න.",
     "install_devices_android_list_1": "ඇන්ඩ්‍රොයිඩ් මෙනුවෙහි මුල් තිරයෙන්, සැකසීම් මත තට්ටු කරන්න.",
     "install_devices_android_list_2": "මෙනුවේ වයි-ෆයි මත තට්ටු කරන්න. පවතින සියලුම ජාල ලැයිස්තුගත කර ඇති තිරය පෙන්වනු ඇත (ජංගම සම්බන්ධතාවය සඳහා අභිරුචි ව.නා.ප. සැකසිය නොහැක).",
     "install_devices_android_list_3": "ඔබ සම්බන්ධ වී ඇති ජාලය මත දිගු වේලාවක් ඔබන්න, ඉන්පසුව ජාලය වෙනස් කිරීම මත තට්ටු කරන්න.",
@@ -292,7 +292,7 @@
     "install_devices_ios_list_1": "මුල් තිරයේ සිට, සැකසුම් මත තට්ටු කරන්න.",
     "install_devices_ios_list_2": "වම්පස මෙනුවෙහි වයි-ෆයි තෝරන්න (ජංගම දුරකථන සඳහා ව.නා.ප. වින්‍යාසගත කිරීමට නොහැකිය).",
     "install_devices_ios_list_3": "දැනට ක්‍රියාකාරී ජාලයයහෙි නම මත තට්ටු කරන්න.",
-    "install_devices_ios_list_4": "ව.නා.ප. (DNS) ක්ෂේත්‍රය තුළ ඔබගේ ඇඩ්ගාර්ඩ් හෝම් සේවාදායක ලිපින ඇතුළත් කරන්න.",
+    "install_devices_ios_list_4": "ව.නා.ප. (DNS) ක්ෂේත්‍රය තුළ ඔබගේ ඇඩ්ගාර්ඩ් හෝම් සේවාදායක ලිපින ඇතුල් කරන්න.",
     "get_started": "ආරම්භ කර ගන්න",
     "next": "ඊළඟ",
     "open_dashboard": "උපකරණ පුවරුව විවෘත කරන්න",
@@ -301,15 +301,15 @@
     "encryption_desc": "ගුප්තකේතනය (HTTPS/TLS) සඳහා ව.නා.ප. සහ පරිපාලක වියමන අතුරු මුහුණත සහය දක්වයි",
     "encryption_config_saved": "සංකේතාංකන වින්‍යාසය සුරකින ලදි",
     "encryption_server": "සේවාදායක‌‌‌‌යේ නම",
-    "encryption_server_enter": "ඔබගේ වසම් නාමය ඇතුළත් කරන්න",
+    "encryption_server_enter": "ඔබගේ වසම් නාමය ඇතුල් කරන්න",
     "encryption_redirect": "ස්වයංක්‍රීයව HTTPS වෙත හරවා යවන්න",
     "encryption_redirect_desc": "සබල කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් ඔබව ස්වයංක්‍රීයව HTTP සිට HTTPS ලිපින වෙත හරවා යවනු ඇත.",
-    "encryption_https": "HTTPS කවුළුව",
-    "encryption_https_desc": "HTTPS කවුළුව වින්‍යාසගත කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් පරිපාලක අතුරුමුහුණත HTTPS හරහා ප්‍රවේශ විය හැකි අතර එය '/dns-query' ස්ථානයේ DNS-over-HTTPS ද ලබා දෙනු ඇත.",
-    "encryption_dot": "DNS-over-TLS කවුළුව",
-    "encryption_dot_desc": "මෙම කවුළුව වින්‍යාසගත කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් මෙම කවුළුව හරහා DNS-over-TLS සේවාදායකයක් ක්‍රියාත්මක කරනු ඇත.",
-    "encryption_doq": "DNS-over-QUIC කවුළුව",
-    "encryption_doq_desc": "මෙම කවුළුව වින්‍යාසගත කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් මෙම කවුළුව හරහා DNS-over-QUIC සේවාදායකයක් ක්‍රියාත්මක කරනු ඇත. එය පර්යේෂණාත්මක වන අතර විශ්වාසදායක නොවිය හැකිය. එසේම, මේ වන විට එයට සහාය දක්වන බොහෝ අනුග්‍රාහකයින් නොමැත.",
+    "encryption_https": "HTTPS කෙවෙනිය",
+    "encryption_https_desc": "HTTPS කෙවෙනිය වින්‍යාසගත කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් පරිපාලක අතුරුමුහුණත HTTPS හරහා ප්‍රවේශ විය හැකි අතර එය '/dns-query' ස්ථානයේ DNS-over-HTTPS ද ලබා දෙනු ඇත.",
+    "encryption_dot": "DNS-over-TLS කෙවෙනිය",
+    "encryption_dot_desc": "මෙම කෙවෙනිය වින්‍යාසගත කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් මෙම කවුළුව හරහා DNS-over-TLS සේවාදායකයක් ධාවනය කරනු ඇත.",
+    "encryption_doq": "DNS-over-QUIC කෙවෙනිය",
+    "encryption_doq_desc": "මෙම කෙවෙනිය වින්‍යාසගත කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් මෙම කෙවෙනිය හරහා DNS-over-QUIC සේවාදායකයක් ධාවනය කරනු ඇත. එය පර්යේෂණාත්මක වන අතර විශ්වාසදායක නොවිය හැකිය. එසේම, මේ වන විට එයට සහාය දක්වන බොහෝ අනුග්‍රාහකයින් නැත.",
     "encryption_certificates": "සහතික",
     "encryption_certificates_input": "ඔබගේ PEM-කේතාංකනය කළ සහතික පිටපත් කර මෙහි අලවන්න.",
     "encryption_status": "තත්ත්වය",
@@ -328,8 +328,8 @@
     "encryption_reset": "සංකේතාංකන සැකසුම් යළි පිහිටුවීමට අවශ්‍ය බව ඔබට විශ්වාස ද?",
     "topline_expiring_certificate": "ඔබගේ SSL සහතිකය කල් ඉකුත්වීමට ආසන්න වී ඇත. <0>සංකේතාංකන සැකසුම්</0> යාවත්කාල කරන්න.",
     "topline_expired_certificate": "ඔබගේ SSL සහතිකය කල් ඉකුත් වී ඇත. <0>සංකේතාංකන සැකසුම්</0> යාවත්කාල කරන්න.",
-    "form_error_port_range": "80-65535 පරාසය හි කවුළුවක අගයක් ඇතුළත් කරන්න",
-    "form_error_port_unsafe": "මෙය අනාරක්ෂිත කවුළුවකි",
+    "form_error_port_range": "80-65535 පරාසය හි කෙවෙනියක අගයක් ඇතුල් කරන්න",
+    "form_error_port_unsafe": "මෙය අනාරක්ෂිත කෙවෙනියකි",
     "form_error_equal": "සමාන නොවිය යුතුය",
     "form_error_password": "මුරපදය නොගැලපුුුුුුණි",
     "reset_settings": "සැකසුම් යළි පිහිටුවන්න",
@@ -356,12 +356,12 @@
     "client_edit": "අනුග්‍රාහකය සංස්කරණය කරන්න",
     "client_identifier": "හඳුන්වනය",
     "ip_address": "අ.ජා. කෙ. (IP) ලිපිනය",
-    "form_enter_ip": "අ.ජා. කෙ. (IP) ඇතුළත් කරන්න",
+    "form_enter_ip": "අ.ජා. කෙ. (IP) ඇතුල් කරන්න",
     "form_enter_subnet_ip": "\"{{cidr}}\" අනුජාලයෙහි අ.ජා. කෙ. ලිපිනයක් යොදන්න.",
-    "form_enter_mac": "මා.ප්‍ර.පා. (MAC) ඇතුළත් කරන්න",
-    "form_enter_id": "හඳුන්වනය ඇතුළත් කරන්න",
+    "form_enter_mac": "මා.ප්‍ර.පා. (MAC) ඇතුල් කරන්න",
+    "form_enter_id": "හඳුන්වනය ඇතුල් කරන්න",
     "form_add_id": "හඳුන්වනයක් එක් කරන්න",
-    "form_client_name": "අනුග්‍රාහකයේ නම ඇතුළත් කරන්න",
+    "form_client_name": "අනුග්‍රාහකයේ නම ඇතුල් කරන්න",
     "name": "නම",
     "client_global_settings": "ගෝලීය සැකසුම් භාවිතා කරන්න",
     "client_deleted": "\"{{key}}\" අනුග්‍රාහකය සාර්ථකව ඉවත් කරන ලදි",
@@ -373,11 +373,11 @@
     "auto_clients_desc": "ඇඩ්ගාර්ඩ් හෝම් භාවිතා කරන අනුග්‍රාහකයන්‌ගේ දත්ත, නමුත් වින්‍යාසය තුළ ගබඩා කර නොමැති",
     "access_title": "ප්‍රවේශවීමට සැකසුම්",
     "access_desc": "මෙහිදී ඔබට ඇඩ්ගාර්ඩ් හෝම් ව.නා.ප. සේවාදායකය සඳහා ප්‍රවේශ වී‌‌‌‌මේ නීති වින්‍යාසගත කළ හැකිය.",
-    "access_allowed_title": "අවසර ලත් අනුග්‍රාහකයන්",
+    "access_allowed_title": "ඉඩ ලත් අනුග්‍රාහකයින්",
     "access_allowed_desc": "CIDR හෝ අ.ජා. කෙ. ලිපින ලැයිස්තුවක් වින්‍යාසගත කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් එම අ.ජා. කෙ. ලිපින වලින් පමණක් ඉල්ලීම් පිළිගනු ඇත.",
-    "access_disallowed_title": "අවසර නොලත් අනුග්‍රාහකයන්",
+    "access_disallowed_title": "නොඉඩ ලත් අනුග්‍රාහකයින්",
     "access_disallowed_desc": "CIDR හෝ අ.ජා. කෙ. ලිපින ලැයිස්තුවක් වින්‍යාසගත කර ඇත්නම්, ඇඩ්ගාර්ඩ් හෝම් විසින් එම අ.ජා. කෙ. ලිපින වලින් ඉල්ලීම් අත්හරිනු ඇත.",
-    "access_blocked_title": "අවහිර කළ වසම්",
+    "access_blocked_title": "නොඉඩ ලත් වසම්",
     "access_settings_saved": "ප්‍රවේශ වීමේ සැකසුම් සාර්ථකව සුරකින ලදි",
     "updates_checked": "යාවත්කාලීන කිරීම් සාර්ථකව පරික්ෂා කර ඇත",
     "updates_version_equal": "ඇඩ්ගාර්ඩ් හෝම් යාවත්කාලීනයි",
@@ -385,9 +385,9 @@
     "dns_privacy": "ව.නා.ප. රහස්‍යතා",
     "setup_dns_privacy_3": "<0>මෙහි ඔබට භාවිතා කළ හැකි මෘදුකාංග ලැයිස්තුවක් ඇත.</0>",
     "setup_dns_privacy_other_title": "වෙනත් ක්‍රියාවට නැංවූ දෑ",
-    "setup_dns_privacy_other_2": "<0>ඩීඑන්එස්ප්‍රොක්සි</0> දන්නා සියලුම ආරක්ෂිත ව.නා.ප. කෙටුම්පත් සඳහා සහය දක්වයි.",
-    "setup_dns_privacy_other_3": "<1>DNS-over-HTTPS</1> සඳහා <0>dnscrypt-පෙරකලාසිය</0> සහය දක්වයි.",
-    "setup_dns_privacy_other_4": "<1>DNS-over-HTTPS</1> සඳහා <0>මොසිල්ලා ෆයර්ෆොක්ස්</0> සහය දක්වයි.",
+    "setup_dns_privacy_other_2": "<0>ඩීඑන්එස්ප්‍රොක්සි</0> දන්නා සියලුම ආරක්ෂිත ව.නා.ප. කෙටුම්පත් සඳහා සහාය දක්වයි.",
+    "setup_dns_privacy_other_3": "<1>DNS-over-HTTPS</1> සඳහා <0>dnscrypt-පෙරකලාසිය</0> සහාය දක්වයි.",
+    "setup_dns_privacy_other_4": "<1>DNS-over-HTTPS</1> සඳහා <0>මොසිල්ලා ෆයර්ෆොක්ස්</0> සහාය දක්වයි.",
     "setup_dns_privacy_other_5": "<0>මෙහි</0> සහ <1>මෙහි</1> තවත් ක්‍රියාවට නැංවූ දෑ ඔබට හමුවනු ඇත.",
     "setup_dns_privacy_ioc_mac": "අයිඕඑස් සහ මැක්ඕඑස් වින්‍යාසය",
     "setup_dns_notice": "ඔබට <1>DNS-over-HTTPS</1> හෝ <1>DNS-over-TLS</1> භාවිතා කිරීම සඳහා ඇඩ්ගාර්ඩ් හෝම් සැකසුම් තුළ <0>සංකේතාංකනය වින්‍යාසගත</0> කිරීමට අවශ්‍ය වේ.",
@@ -399,7 +399,7 @@
     "rewrite_applied": "නැවත ලිවීමේ නීතිය යොදා ඇත",
     "rewrite_hosts_applied": "ධාරක ගොනු නීතිය මගින් නැවත ලියා ඇත",
     "dns_rewrites": "ව.නා.ප. නැවත ලිවීම්",
-    "form_answer": "අ.ජා. කෙ. (IP) ලිපිනය ‌හෝ වසම ඇතුළත් කරන්න ",
+    "form_answer": "අ.ජා. කෙ. (IP) ලිපිනය ‌හෝ වසම ඇතුල් කරන්න ",
     "form_error_domain_format": "වලංගු නොවන වසම් ආකෘතියකි",
     "form_error_answer_format": "වලංගු නොවන පිළිතුරු ආකෘතියකි",
     "configure": "වින්‍යාසගත කරන්න",
@@ -443,9 +443,9 @@
     "filters_interval": "පෙරහන් යාවත්කාල කාල පරතරය",
     "disabled": "අබල කර ඇත",
     "username_label": "පරිශීලක නාමය",
-    "username_placeholder": "පරිශීලක නාමය ඇතුළත් කරන්න",
+    "username_placeholder": "පරිශීලක නාමය ඇතුල් කරන්න",
     "password_label": "මුරපදය",
-    "password_placeholder": "මුරපදය ඇතුළත් කරන්න",
+    "password_placeholder": "මුරපදය ඇතුල් කරන්න",
     "sign_in": "පුරන්න",
     "sign_out": "වරන්න",
     "forgot_password": "මුරපදය අමතක වුණා ද?",
@@ -464,23 +464,23 @@
     "example_rewrite_wildcard": "<0>example.org</0> සහ එහි සියලුම උප වසම් සඳහා ප්‍රතිචාර නැවත ලියයි.",
     "rewrite_ip_address": "අ.ජා. කෙ. ලිපිනය: මෙම අ.ජා. කෙටුම්පත A හෝ AAAA ප්‍රතිචාරයකට භාවිතා කරන්න",
     "rewrite_domain_name": "වසම් නාමය: අන්. නා. (CNAME) වාර්තාවක් එක් කරන්න",
-    "disable_ipv6": "IPv6 අබල කරන්න",
-    "disable_ipv6_desc": "මෙම අංගය සක්‍රීය කර ඇත්නම්, IPv6 ලිපින සඳහා වන සියලුම ව.නා.ප. විමසුම් (AAAA වර්ගය) අතහැර දමනු ලැබේ.",
+    "disable_ipv6": "IPv6 ලිපින විසඳීම අබල කරන්න",
+    "disable_ipv6_desc": "අ.ජා. කෙ. අනු. 6 ලිපින (AAAA වර්ගය) සඳහා වන සියලුම ව.නා.ප. විමසුම් අතහැර දමනු ලැබේ.",
     "fastest_addr": "වේගවත්ම අන්තර්ජාල කෙටුම්පත් (IP) ලිපිනය",
     "fastest_addr_desc": "සියලුම ව.නා.ප. සේවාදායකයන්ගෙන් විමසා සියලු ප්‍රතිචාර අතරින් වේගවත්ම අ.ජා. කෙ. ලිපිනය ලබා දෙයි. සියලුම ව.නා.ප. සේවාදායකයන්ගේ ප්‍රතිචාර සඳහා ඇඩ්ගාර්ඩ් හෝම් රැඳී සිටිය යුතු බැවින් මෙය ව.නා.ප. විමසුම් මන්දගාමී කරන නමුත් සමස්ත සම්බන්ධතාවය වැඩි දියුණු කරයි.",
     "autofix_warning_text": "ඔබ \"නිරාකරණය කරන්න\" බොත්තම එබුවහොත්, ඔබගේ පද්ධතිය ඇඩ්ගාර්ඩ් හෝම් ව.නා.ප. සේවාදායකය භාවිතා කිරීමට වින්‍යාසගත කරනු ඇත.",
     "autofix_warning_result": "ප්‍රතිඵලයක් ලෙස ඔබගේ පද්ධතියෙන් ලැබෙන සියලුම ව.නා.ප. ඉල්ලීම් මූලිකවම ඇඩ්ගාර්ඩ් හෝම් විසින් සකසනු ඇත.",
     "tags_title": "හැඳුනුම් සංකේත",
-    "tags_desc": "අනුග්‍රාහකයට අනුරූප වන හැඳුනුම් සංකේත ඔබට තෝරා ගත හැකිය. පෙරහන් නීති වලට හැඳුනුම් සංකේත ඇතුළත් කළ හැකි අතර ඒවා වඩාත් නිවැරදිව යෙදීමට ඔබට ඉඩ සලසයි. <0>වැඩිදුර ඉගෙන ගන්න</0>",
+    "tags_desc": "අනුග්‍රාහකයට අනුරූප වන හැඳුනුම් සංකේත ඔබට තෝරා ගත හැකිය. පෙරහන් නීති වලට හැඳුනුම් සංකේත ඇතුළත් කළ හැකි අතර ඒවා වඩාත් නිවැරදිව යෙදීමට ඔබට ඉඩ සලසයි. <0>තව දැන ගන්න</0>",
     "form_select_tags": "අනුග්‍රාහක හැඳුනුම් සංකේත",
     "check_title": "පෙරීම පරීක්ෂා කරන්න",
     "check_desc": "ධාරක නාමය පෙරහන් කර ඇත්දැයි පරීක්ෂා කරන්න",
     "check": "පරීක්ෂා කරන්න",
-    "form_enter_host": "ධාරක නාමයක් ඇතුළත් කරන්න",
+    "form_enter_host": "ධාරක නාමයක් ඇතුල් කරන්න",
     "filtered_custom_rules": "අභිරුචි පෙරීමේ නීති මගින් පෙරහන් කරන ලදි",
     "choose_from_list": "ලැයිස්තුවෙන් තෝරන්න",
     "add_custom_list": "අභිරුචි ලැයිස්තුවක් එකතු කරන්න",
-    "host_whitelisted": "ධාරකය සුදු ලැයිස්තු ගත කර ඇත",
+    "host_whitelisted": "ධාරකයට ඉඩ දී ඇත",
     "check_ip": "අ.ජා. කෙ. (IP) ලිපින: {{ip}}",
     "check_cname": "අන්. නාමය (CNAME): {{cname}}",
     "check_reason": "හේතුව: {{reason}}",
@@ -502,12 +502,12 @@
     "list_updated_plural": "ලැයිස්තු {{count}} ක් යාවත්කාලීන කරන ලදි",
     "all_queries": "සියලුම විමසුම්",
     "show_blocked_responses": "අවහිර කර ඇත",
-    "show_whitelisted_responses": "සුදු ලැයිස්තුගත කර ඇත",
+    "show_whitelisted_responses": "ඉඩ දී ඇත",
     "show_processed_responses": "සකසා ඇත",
     "blocked_safebrowsing": "ආරක්ෂිත සෙවීම මගින් අවහිර කරන ලද",
     "blocked_adult_websites": "අවහිර කළ වැඩිහිටි වියමන අඩවි",
     "blocked_threats": "අවහිර කළ තර්ජන",
-    "allowed": "අවසර ලත්",
+    "allowed": "ඉඩ දී ඇත",
     "filtered": "පෙරහන් කරන ලද",
     "rewritten": "නැවත ලියන ලද",
     "safe_search": "ආරක්ෂිත සෙවීම",
@@ -517,24 +517,25 @@
     "cache_size_desc": "ව.නා.ප. නිහිතයෙහි ප්‍රමාණය (බයිට වලින්)",
     "cache_ttl_min_override": "අවම පව. කා. අභිබවන්න",
     "cache_ttl_max_override": "උපරිම පව. කා. අභිබවන්න",
-    "enter_cache_size": "ව.නා.ප. නිහිතයෙහි ප්‍රමාණය ඇතුළත් කරන්න (බයිට)",
-    "enter_cache_ttl_min_override": "අවම පව. කා. (TTL) ඇතුළත් කරන්න",
-    "enter_cache_ttl_max_override": "උපරිම පව. කා. (TTL) ඇතුළත් කරන්න",
+    "enter_cache_size": "ව.නා.ප. නිහිතයෙහි ප්‍රමාණය ඇතුල් කරන්න (බයිට)",
+    "enter_cache_ttl_min_override": "අවම පව. කා. (TTL) ඇතුල් කරන්න",
+    "enter_cache_ttl_max_override": "උපරිම පව. කා. (TTL) ඇතුල් කරන්න",
     "cache_ttl_max_override_desc": "ව.නා.ප. නිහිතයෙහි ඇති ඇතුළත් කිරීම් සඳහා ඉතා වැඩි පවත්නා කාලයක අගයක් (තත්පර) සකසන්න",
     "ttl_cache_validation": "නිහිතයෙහි අවම පව. කා. (TTL) අගය උපරිම අගයට වඩා අඩු හෝ සමාන විය යුතුය",
+    "cache_optimistic_desc": "නිවේශිත කල් ඉකුත් වූ විට පවා ඇඩ්ගාර්ඩ් හෝම් ට නිහිතයෙන් ප්‍රතිචාර දැක්වීමට සලස්වයි එමෙන්ම ඒවා නැවත නැවුම් කිරීමට ද උත්සාහ කරයි.",
     "filter_category_general": "පොදු",
     "filter_category_security": "ආරක්ෂණ",
     "filter_category_regional": "ප්‍රාදේශ්‍රීය",
     "filter_category_other": "වෙනත්",
     "filter_category_general_desc": "බොහෝ උපාංගවල ලුහුබැඳීම් සහ දැන්වීම් අවහිර කරන ලැයිස්තු",
-    "filter_category_security_desc": "අනිෂ්ට මෘදුකාංග, තතුබෑම් හෝ වංචනික වසම් අවහිර කිරීමට විශේෂ වූ ලැයිස්තු",
+    "filter_category_security_desc": "ද්වේෂසහගත, තතුබෑම් සහ වංචනික වසම් අවහිර කිරීමට නිර්මාණය කළ ලැයිස්තු",
     "filter_category_regional_desc": "ප්‍රාදේශ්‍රීය දැන්වීම් සහ ලුහුබැඳීමේ සේවාදායකයන් කෙරෙහි අවධානය යොමු කරන ලැයිස්තු",
     "filter_category_other_desc": "වෙනත් අවහිර කිරී‌‌‌‌‌මේ ලැයිස්තු",
     "setup_config_to_enable_dhcp_server": "ග.ධා.වි.කෙ. සේවාදායකය සක්‍රීය කිරීම සඳහා වින්‍යාසය පිහිටුවන්න",
     "original_response": "මුල් ප්‍රතිචාරය",
     "click_to_view_queries": "විමසුම් බැලීමට ඔබන්න",
-    "port_53_faq_link": "53 කවුළුව බොහෝ විට \"DNSStubListener\" හෝ \"systemd-resolved\" සේවාවන් භාවිතයට ගනු ලැබේ. කරුණාකර මෙය විසඳන්නේ කෙසේද යන්න පිළිබඳ <0>මෙම උපදෙස්</0> කියවන්න.",
+    "port_53_faq_link": "53 වන කෙවෙනිය බොහෝ විට \"DNSStubListener\" හෝ \"systemd-resolved\" සේවාවන් භාවිතයට ගනු ලැබේ. කරුණාකර මෙය විසඳන්නේ කෙසේද යන්න පිළිබඳ <0>මෙම උපදෙස්</0> කියවන්න.",
     "adg_will_drop_dns_queries": "ඇඩ්ගාර්ඩ් හෝම් විසින් මෙම අනුග්‍රාහකයේ සියලුම ව.නා.ප. විමසුම් අතහැර දමනු ඇත.",
-    "client_not_in_allowed_clients": "\"අවසර ලත් අනුග්‍රාහකයින්\" ලැයිස්තුවේ නොමැති නිසා අනුග්‍රාහකයට අවසර නැත.",
+    "client_not_in_allowed_clients": "\"ඉඩ දුන් අනුග්‍රාහකයින්\" ලැයිස්තුවේ නැති නිසා අනුග්‍රාහකයට ඉඩ දී නැත.",
     "experimental": "පරීක්ෂණාත්මක"
 }

client/src/__locales/sk.json

@@ -326,10 +326,10 @@
     "install_devices_router_list_4": "Na niektorých typoch smerovačov nemôžete nastaviť vlastný DNS server. V takom prípade môže pomôcť, ak nastavíte AdGuard Home ako <0>DHCP server</0>. V opačnom prípade by ste mali vyhľadať príručku, ako prispôsobiť DNS servery konkrétnemu modelu smerovača.",
     "install_devices_windows_list_1": "Otvorte panel Nastavenia cez menu Štart alebo vyhľadávanie Windows.",
     "install_devices_windows_list_2": "Prejdite do kategórie Sieť a internet a potom do Centra sietí a zdieľania.",
-    "install_devices_windows_list_3": "Vyhľadajte položku Zmeniť možnosti adaptéra a kliknite na ňu",
+    "install_devices_windows_list_3": "Na ľavej strane obrazovky nájdite položku \"Zmeniť nastavenia adaptéra\" a kliknite na ňu.",
     "install_devices_windows_list_4": "Zvoľte aktívne pripojený adaptér a pravým klikom otvorte Vlastnosti",
-    "install_devices_windows_list_5": "Vyhľadajte položku Protokol TCP/IPv4, zvoľte ju a dvojklikom otvorte jej vlastnosti.",
-    "install_devices_windows_list_6": "Zvoľte Použiť tieto adresy serverov DNS a zadajte adresy Vašich AdGuard Home serverov.",
+    "install_devices_windows_list_5": "Nájdite v zozname položku \"Internet Protocol verzia 4 (TCP/IPv4)\" (alebo pre IPv6, \"Internet Protocol verzia 6 (TCP/IPv6)\"), vyberte ju a potom znova kliknite na Vlastnosti.",
+    "install_devices_windows_list_6": "Zvoľte \"Použiť nasledujúce adresy DNS servera\" a zadajte adresy domáceho AdGuard servera.",
     "install_devices_macos_list_1": "Kliknite na ikonu Apple a prejdite na položku Systémové predvoľby.",
     "install_devices_macos_list_2": "Kliknite na Sieť.",
     "install_devices_macos_list_3": "Zvoľte prvé pripojenie vo Vašom zozname a kliknite na Pokročilé.",
@@ -499,7 +499,7 @@
     "statistics_configuration": "Konfigurácia štatistiky",
     "statistics_retention": "Štatistika za obdobie",
     "statistics_retention_desc": "Ak znížite hodnotu intervalu, niektoré údaje sa stratia",
-    "statistics_clear": " Vynulovať štatistiku",
+    "statistics_clear": "Vynulovať štatistiku",
     "statistics_clear_confirm": "Naozaj chcete vynulovať štatistiku?",
     "statistics_retention_confirm": "Naozaj chcete zmeniť uchovávanie štatistík? Ak znížite hodnotu intervalu, niektoré údaje sa stratia",
     "statistics_cleared": "Štatistika bola úspešne vynulovaná",

client/src/__locales/sl.json

@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "Razširite kratke vrednosti časa v živo (v sekundah), ki jih prejme strežnik za predpomnjenje, ko predpomni odzive DNS",
     "cache_ttl_max_override_desc": "Nastavi največjo vrednost časa v živo (v sekundah) za vnose v predpomnilnik DNS",
     "ttl_cache_validation": "Najmanjša vrednost predpomnilnika TTL mora biti manjša ali enaka največji vrednosti",
-    "cache_optimistic": "Optimistično",
+    "cache_optimistic": "Optimistično predpomnjenje",
     "cache_optimistic_desc": "Poskrbi, da se AdGuard Home odzove iz predpomnilnika, tudi ko vnosi potečejo, in jih tudi poskusi osvežiti.",
     "filter_category_general": "Splošno",
     "filter_category_security": "Varnost",

client/src/__locales/sr-cs.json

@@ -247,6 +247,7 @@
     "source_label": "Izvor",
     "found_in_known_domain_db": "Pronađeno u poznatim bazama podataka domena.",
     "category_label": "Kategorija",
+    "rule_label": "Pravilo(-a)",
     "list_label": "Lista",
     "unknown_filter": "Nepoznat filter {{filterId}}",
     "known_tracker": "Poznato praćenje",

client/src/__locales/tr.json

@@ -98,7 +98,7 @@
     "copyright": "Telif hakkı",
     "homepage": "Ana sayfa",
     "report_an_issue": "Bir sorun bildir",
-    "privacy_policy": "Gizlilik ilkesi",
+    "privacy_policy": "Gizlilik Politikası",
     "enable_protection": "Korumayı etkinleştir",
     "enabled_protection": "Koruma etkileştirildi",
     "disable_protection": "Korumayı durdur",
@@ -123,7 +123,7 @@
     "number_of_dns_query_days": "Son {{count}} gün boyunca işlenen DNS sorgularının sayısı",
     "number_of_dns_query_days_plural": "Son {{count}} gün boyunca işlenen DNS sorgularının sayısı",
     "number_of_dns_query_24_hours": "Son 24 saat içinde işlenen DNS sorgularının sayısı",
-    "number_of_dns_query_blocked_24_hours": "Reklam engelleme filtreleri ve engelleme listeleri tarafından engellenen DNS isteklerinin sayısı",
+    "number_of_dns_query_blocked_24_hours": "Reklam engelleme filtreleri ve engel listeleri tarafından engellenen DNS isteklerinin sayısı",
     "number_of_dns_query_blocked_24_hours_by_sec": "AdGuard gezinti koruması modülü tarafından engellenen DNS isteklerinin sayısı",
     "number_of_dns_query_blocked_24_hours_adult": "Engellenen yetişkin içerikli sitelerin sayısı",
     "enforced_save_search": "Uygulanan güvenli arama",
@@ -134,23 +134,23 @@
     "filters_block_toggle_hint": "<a>Filtreler</a> sayfasından engelleme kurallarını ayarlayabilirsiniz.",
     "use_adguard_browsing_sec": "AdGuard gezinti koruması web hizmetini kullan",
     "use_adguard_browsing_sec_hint": "AdGuard Home, alan adının gezinti koruması web hizmeti tarafından engellenip engellenmediğini kontrol eder. Kontrolü gerçekleştirmek için gizlilik dostu arama API'sini kullanır: sunucuya yalnızca SHA256 karma alan adının kısa bir ön eki gönderilir.",
-    "use_adguard_parental": "AdGuard ebeveyn kontrolü web hizmetini kullan",
+    "use_adguard_parental": "AdGuard ebeveyn denetimi web hizmetini kullan",
     "use_adguard_parental_hint": "AdGuard Home, alan adının yetişkin içerik bulundurup bulundurmadığını kontrol eder. Gezinti koruması web hizmeti ile kullandığımız aynı gizlilik dostu API'yi kullanır.",
     "enforce_safe_search": "Güvenli aramayı kullan",
     "enforce_save_search_hint": "AdGuard Home, şu arama motorlarında güvenli aramayı uygular: Google, YouTube, Bing, DuckDuckGo, Yandex ve Pixabay.",
     "no_servers_specified": "Sunucu belirtilmedi",
     "general_settings": "Genel ayarlar",
     "dns_settings": "DNS ayarları",
-    "dns_blocklists": "DNS engelleme listeleri",
+    "dns_blocklists": "DNS engel listeleri",
     "dns_allowlists": "DNS izin listeleri",
-    "dns_blocklists_desc": "AdGuard Home, engelleme listeleriyle eşleşen alan adlarını engeller.",
-    "dns_allowlists_desc": "DNS izin listesindeki alan adlarına, engelleme listesinde olsa bile izin verilir.",
+    "dns_blocklists_desc": "AdGuard Home, engel listeleriyle eşleşen alan adlarını engeller.",
+    "dns_allowlists_desc": "DNS izin listesindeki alan adlarına, engel listesinde olsa bile izin verilir.",
     "custom_filtering_rules": "Özel filtreleme kuralları",
     "encryption_settings": "Şifreleme ayarları",
     "dhcp_settings": "DHCP ayarları",
     "upstream_dns": "Üst DNS sunucusu",
     "upstream_dns_help": "Her satıra bir sunucu adresi girin. Üst DNS sunucularını yapılandırma hakkında <a>daha fazla bilgi edinin</a>.",
-    "upstream_dns_configured_in_file": "{{path}} içinde yapılandırıldı",
+    "upstream_dns_configured_in_file": "{{path}} dosyasında yapılandırıldı",
     "test_upstream_btn": "Üst sunucuyu test et",
     "upstreams": "Üst kaynak",
     "apply_btn": "Uygula",
@@ -158,8 +158,8 @@
     "enabled_filtering_toast": "Filtreleme etkin",
     "disabled_safe_browsing_toast": "Güvenli gezinti devre dışı",
     "enabled_safe_browsing_toast": "Güvenli gezinti etkin",
-    "disabled_parental_toast": "Ebeveyn kontrolü devre dışı",
-    "enabled_parental_toast": "Ebeveyn kontrolü etkin",
+    "disabled_parental_toast": "Ebeveyn denetimi devre dışı",
+    "enabled_parental_toast": "Ebeveyn denetimi etkin",
     "disabled_safe_search_toast": "Güvenli arama devre dışı",
     "enabled_save_search_toast": "Güvenli arama etkin",
     "enabled_table_header": "Etkin",
@@ -173,21 +173,21 @@
     "delete_table_action": "Sil",
     "elapsed": "Geçen zaman",
     "filters_and_hosts_hint": "AdGuard Home, temel reklam engelleme kurallarını ve ana bilgisayar engelleme dosyalarının söz dizimini anlar.",
-    "no_blocklist_added": "Engelleme listesi eklenmedi",
+    "no_blocklist_added": "Engel listesi eklenmedi",
     "no_whitelist_added": "İzin listesi eklenmedi",
-    "add_blocklist": "Engelleme listesi ekle",
+    "add_blocklist": "Engel listesi ekle",
     "add_allowlist": "İzin listesi ekle",
     "cancel_btn": "İptal",
     "enter_name_hint": "İsim girin",
     "enter_url_or_path_hint": "Listenin URL adresini veya dosya konumunu girin",
     "check_updates_btn": "Güncellemeleri denetle",
-    "new_blocklist": "Yeni engelleme listesi",
+    "new_blocklist": "Yeni engel listesi",
     "new_allowlist": "Yeni izin listesi",
-    "edit_blocklist": "Engelleme listesini düzenle",
+    "edit_blocklist": "Engel listesini düzenle",
     "edit_allowlist": "İzin listesini düzenle",
-    "choose_blocklist": "Engelleme listelerini seçin",
+    "choose_blocklist": "Engel listelerini seçin",
     "choose_allowlist": "İzin listelerini seçin",
-    "enter_valid_blocklist": "Engelleme listesine geçerli bir URL girin.",
+    "enter_valid_blocklist": "Engel listesine geçerli bir URL girin.",
     "enter_valid_allowlist": "İzin listesine geçerli bir URL girin.",
     "form_error_url_format": "Geçersiz URL biçimi",
     "form_error_url_or_path_format": "Listenin URL adresi veya dosya konumu geçersiz",
@@ -575,9 +575,9 @@
     "dnssec_enable_desc": "Giden DNS sorguları için DNSSEC özelliğini etkinleştir ve sonucu kontrol et (DNSSEC özellikli çözümleyici gerekli).",
     "validated_with_dnssec": "DNSSEC ile doğrulandı",
     "all_queries": "Tüm sorgular",
-    "show_blocked_responses": "Engellendi",
-    "show_whitelisted_responses": "İzin verildi",
-    "show_processed_responses": "İşlendi",
+    "show_blocked_responses": "Engellenen",
+    "show_whitelisted_responses": "İzin verilen",
+    "show_processed_responses": "İşlenen",
     "blocked_safebrowsing": "Güvenli gezinti tarafından engellendi",
     "blocked_adult_websites": "Yetişkin içerikli site engellendi",
     "blocked_threats": "Engellenen Tehditler",
@@ -585,7 +585,7 @@
     "filtered": "Filtrelenen",
     "rewritten": "Yeniden yazılan",
     "safe_search": "Güvenli arama",
-    "blocklist": "Engelleme listesi",
+    "blocklist": "Engel listesi",
     "milliseconds_abbreviation": "ms",
     "cache_size": "Önbellek boyutu",
     "cache_size_desc": "DNS önbellek boyutu (bayt cinsinden)",
@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "DNS yanıtlarını önbelleğe alırken üst sunucudan alınan kullanım süresi değerini uzatın (saniye olarak)",
     "cache_ttl_max_override_desc": "DNS önbelleğindeki girişler için maksimum kullanım süresi değerini ayarlayın (saniye olarak)",
     "ttl_cache_validation": "Minimum önbellek TTL değeri, maksimum değerden küçük veya bu değere eşit olmalıdır",
-    "cache_optimistic": "İyimser",
+    "cache_optimistic": "İyimser önbelleğe alma",
     "cache_optimistic_desc": "Girişlerin süresi dolduğunda bile AdGuard Home'un önbellekten yanıt vermesini sağlayın ve bunları yenilemeye çalışın.",
     "filter_category_general": "Genel",
     "filter_category_security": "Güvenlik",
@@ -606,7 +606,7 @@
     "filter_category_general_desc": "Çoğu cihazda izlemeyi ve reklamları engelleyen listeler",
     "filter_category_security_desc": "Kötü amaçlı, kimlik avı ve dolandırıcılık alan adlarını engellemek için özel olarak tasarlanmış listeler",
     "filter_category_regional_desc": "Bölgesel reklamlara ve izleme sunucularına odaklanan listeler",
-    "filter_category_other_desc": "Diğer engelleme listeleri",
+    "filter_category_other_desc": "Diğer engel listeleri",
     "setup_config_to_enable_dhcp_server": "DHCP sunucusunu etkinleştirmek için kurulum yapılandırması",
     "original_response": "Gerçek yanıt",
     "click_to_view_queries": "Sorguları görmek için tıklayın",

client/src/__locales/vi.json

@@ -8,10 +8,15 @@
     "load_balancing_desc": "Chỉ truy xuất một máy chủ trong cùng thời điểm. AdGuard Home sẽ sử dụng thuật toán trọng số ngẫu nhiên để chọn một máy chủ nhanh nhất và sử dụng máy chủ đó thường xuyên hơn.",
     "bootstrap_dns": "Máy chủ DNS Bootstrap",
     "bootstrap_dns_desc": "Máy chủ DNS Bootstrap được sử dụng để phân giải địa chỉ IP của bộ phân giải DoH/DoT mà bạn chỉ định là ngược tuyến.",
+    "local_ptr_title": "Máy chủ DNS riêng tư",
     "local_ptr_desc": "Máy chủ DNS hoặc các máy chủ mà AdGuard Home sẽ sử dụng cho các truy vấn về tài nguyên được phân phối cục bộ. Ví dụ: máy chủ này sẽ được sử dụng để phân giải tên máy khách của máy khách cho các máy khách có địa chỉ IP riêng. Nếu không được cài đặt, AdGuard Home sẽ tự động sử dụng trình phân giải DNS mặc định của bạn.",
+    "local_ptr_default_resolver": "Theo mặc định, AdGuard Home sử dụng các hệ thống phân giải tên miền ngược sau: {{ip}}.",
+    "local_ptr_no_default_resolver": "AdGuard Home không thể xác định hệ thống phân giải tên miền ngược riêng phù hợp cho hệ thống này.",
     "local_ptr_placeholder": "Nhập một địa chỉ máy chủ trên mỗi dòng",
     "resolve_clients_title": "Kích hoạt cho phép phân giải ngược về địa chỉ IP của máy khách",
     "resolve_clients_desc": "Nếu được bật, AdGuard Home sẽ cố gắng phân giải ngược lại địa chỉ IP của khách hàng thành tên máy chủ của họ bằng cách gửi các truy vấn PTR tới trình phân giải tương ứng (máy chủ DNS riêng cho máy khách cục bộ, máy chủ ngược dòng cho máy khách có địa chỉ IP công cộng).",
+    "use_private_ptr_resolvers_title": "Sử dụng trình rDNS riêng tư",
+    "use_private_ptr_resolvers_desc": "Thực hiện tra cứu ngược DNS cho các địa chỉ được phân phối cục bộ bằng cách sử dụng các máy chủ nguồn. Nếu bị vô hiệu hóa, AdGuard Home sẽ phản hồi với NXDOMAIN cho tất cả các yêu cầu PTR ngoại trừ các ứng dụng khách được biết đến bởi DHCP, / etc / hosts, v. v.",
     "check_dhcp_servers": "Kiểm tra máy chủ DHCP",
     "save_config": "Lưu thiết lập",
     "enabled_dhcp": "Máy chủ DHCP đã kích hoạt",
@@ -63,6 +68,9 @@
     "dhcp_new_static_lease": "Cho thuê tĩnh mới",
     "dhcp_static_leases_not_found": "Không tìm thấy DHCP cho thuê tĩnh",
     "dhcp_add_static_lease": "Thêm thuê tĩnh",
+    "dhcp_reset_leases": "Đặt lại tất cả các hợp đồng thuê",
+    "dhcp_reset_leases_confirm": "Bạn có chắc chắn muốn đặt lại tất cả các hợp đồng thuê không?",
+    "dhcp_reset_leases_success": "DHCP cho thuê đã đặt lại thành công",
     "dhcp_reset": "Bạn có chắc chắn muốn đặt lại thiết lập DHCP?",
     "country": "Quốc gia",
     "city": "Thành phố",
@@ -306,7 +314,9 @@
     "install_devices_title": "Định cấu hình thiết bị của bạn",
     "install_devices_desc": "Để bắt đầu sử dụng AdGuard Home, bạn cần định cấu hình thiết bị của mình để sử dụng nó.",
     "install_submit_title": "Xin chúc mừng!",
+    "install_submit_desc": "Quy trình thiết lập đã kết thúc và bạn đã sẵn sàng bắt đầu sử dụng AdGuard Home.",
     "install_devices_router": "Bộ định tuyến",
+    "install_devices_router_desc": "Thiết lập này sẽ tự động bao gồm tất cả các thiết bị được kết nối với bộ định tuyến gia đình của bạn và bạn sẽ không cần phải định cấu hình từng thiết bị theo cách thủ công.",
     "install_devices_address": "Máy chủ DNS của AdGuard Home đang lắng nghe các địa chỉ sau",
     "install_devices_router_list_1": "Mở tùy chọn cho bộ định tuyến của bạn. Thông thường, bạn có thể truy cập nó từ trình duyệt của mình thông qua một URL, chẳng hạn như http://192.168.0.1/ hoặc http://192.168.1.1/. Bạn có thể được nhắc nhập mật khẩu. Nếu bạn không nhớ nó, bạn có thể đặt lại mật khẩu bằng cách nhấn nút khởi động lại trên chính bộ định tuyến, nhưng lưu ý rằng nếu khởi động lại, bạn có thể sẽ mất toàn bộ cấu hình bộ định tuyến. Một số bộ định tuyến sẽ yêu cầu đăng nhập từ một ứng dụng cụ thể đã được cài đặt trên máy tính hoặc điện thoại của bạn.",
     "install_devices_router_list_2": "Tìm cài đặt DHCP/DNS. Tìm các chữ cái DNS bên cạnh một trường cho phép hai hoặc ba bộ số, mỗi bộ được chia thành bốn nhóm từ một đến ba chữ số.",
@@ -326,6 +336,7 @@
     "install_devices_android_list_2": "Nhấp Wi-Fi trên trình đơn. Màn hình liệt kê tất cả các mạng khả dụng sẽ được hiển thị (không thể đặt DNS tùy chỉnh cho kết nối di động).",
     "install_devices_android_list_3": "Nhấn và giữ mạng mà bạn đã kết nối và chạm Sửa Đổi Mạng.",
     "install_devices_android_list_4": "Trên một số thiết bị, bạn có thể cần chọn hộp Nâng cao để xem thêm cài đặt. Để điều chỉnh cài đặt DNS Android của bạn, bạn sẽ cần chuyển cài đặt IP từ DHCP sang Tĩnh.",
+    "install_devices_android_list_5": "Thay đổi giá trị DNS 1 và DNS 2 thành địa chỉ máy chủ AdGuard Home của bạn.",
     "install_devices_ios_list_1": "Từ màn hình chính, chạm Cài đặt.",
     "install_devices_ios_list_2": "Chọn Wi-Fi trong trình đơn bên trái (không thể định cấu hình DNS cho mạng di động).",
     "install_devices_ios_list_3": "Chạm vào tên của mạng hiện đang hoạt động.",
@@ -395,6 +406,7 @@
     "client_edit": "Chỉnh Sửa Máy Khách",
     "client_identifier": "Định danh",
     "ip_address": "Địa chỉ IP",
+    "client_identifier_desc": "Các máy khách có thể được xác định bằng địa chỉ IP, CIDR, địa chỉ MAC hoặc một ID khách đặc biệt(có thể được dùng cho DoT/DoH/DoQ). Xem thêm cách xác định máy khách tại <0>đây</0>.",
     "form_enter_ip": "Nhập IP",
     "form_enter_subnet_ip": "Nhập địa chỉ IP vào mạng con \"{{cidr}}\"",
     "form_enter_mac": "Nhập MAC",
@@ -418,6 +430,7 @@
     "access_disallowed_title": "Máy chủ không được phép",
     "access_disallowed_desc": "Một danh sách các địa chỉ CIDR hoặc IP. Nếu được định cấu hình, AdGuard Home sẽ bỏ yêu cầu từ các địa chỉ IP này.",
     "access_blocked_title": "Tên miền bị chặn",
+    "access_blocked_desc": "Đừng nhầm lẫn điều này với các bộ lọc. AdGuard Home sẽ bỏ các truy vấn DNS với các tên miền này trong câu hỏi của truy vấn.",
     "access_settings_saved": "Cài đặt truy cập đã lưu thành công",
     "updates_checked": "Đã kiểm tra thành công cập nhật",
     "updates_version_equal": "AdGuard Home đã được cập nhật",
@@ -471,10 +484,12 @@
     "encryption_key_source_content": "Dán nội dung khóa riêng",
     "stats_params": "Cấu hình thống kê",
     "config_successfully_saved": "Cấu hình được lưu thành công",
+    "interval_6_hour": "6 tiếng",
     "interval_24_hour": "24 giờ",
     "interval_days": "{{count}} ngày",
     "interval_days_plural": "{{count}} ngày",
     "domain": "Tên miền",
+    "punycode": "Punycode",
     "answer": "Trả lời",
     "filter_added_successfully": "Thêm bộ lọc thành công",
     "filter_removed_successfully": "Xóa bộ lọc thành công",
@@ -482,7 +497,7 @@
     "statistics_configuration": "Cấu hình thống kê",
     "statistics_retention": "Duy trì thống kê",
     "statistics_retention_desc": "Nếu bạn giảm giá trị khoảng, một số dữ liệu sẽ bị mất",
-    "statistics_clear": " Xoá thống kê",
+    "statistics_clear": "Xoá thống kê",
     "statistics_clear_confirm": "Bạn có chắc chắn muốn xóa số liệu thống kê?",
     "statistics_retention_confirm": "Bạn có chắc chắn muốn thay đổi lưu giữ số liệu thống kê? Nếu bạn giảm giá trị khoảng, một số dữ liệu sẽ bị mất",
     "statistics_cleared": "Xoá thống kê thành công",
@@ -520,6 +535,7 @@
     "disable_ipv6": "Tắt IPv6",
     "disable_ipv6_desc": "Nếu tính năng này được bật, tất cả các truy vấn DNS cho địa chỉ IPv6 (loại AAAA) sẽ bị loại bỏ.",
     "fastest_addr": "Địa chỉ IP nhanh nhất",
+    "fastest_addr_desc": "Truy vấn tất cả các máy chủ DNS và trả về địa chỉ IP nhanh nhất trong số tất cả các phản hồi",
     "autofix_warning_text": "Nếu bạn nhấp vào \"Khắc phục\", AdGuard Home sẽ định cấu hình hệ thống của bạn để sử dụng máy chủ DNS của AdGuard Home.",
     "autofix_warning_list": "Nó sẽ thực hiện các tác vụ sau: <0> Hủy kích hoạt hệ thống DNSStubListener </0> <0> Đặt địa chỉ máy chủ DNS thành 127.0.0.1 </0> <0> Thay thế mục tiêu liên kết tượng trưng của /etc/resolv.conf bằng / run / systemd /resolve/resolv.conf </0> <0> Dừng DNSStubListener (tải lại dịch vụ do hệ thống phân giải) </0>",
     "autofix_warning_result": "Do đó, tất cả các yêu cầu DNS từ hệ thống của bạn sẽ được AdGuard Home xử lý theo mặc định.",
@@ -584,6 +600,7 @@
     "filter_category_regional": "Khu vực",
     "filter_category_other": "Khác",
     "filter_category_general_desc": "Bộ lọc chặn quảng cáo và theo dõi cho hầu hết các thiết bị",
+    "filter_category_security_desc": "Bộ lọc chuyên biệt chặn tên miền chứa mã độc và lừa đảo",
     "filter_category_regional_desc": "Bộ lọc tập trung vào từng khu vực",
     "filter_category_other_desc": "Bộ lọc chặn khác",
     "setup_config_to_enable_dhcp_server": "Thiết lập cấu hình để bật máy chủ DHCP",

client/src/__locales/zh-cn.json

@@ -98,7 +98,7 @@
     "copyright": "版权",
     "homepage": "主页",
     "report_an_issue": "问题反馈",
-    "privacy_policy": "隐私策略",
+    "privacy_policy": "隐私政策",
     "enable_protection": "启用保护",
     "enabled_protection": "保护已启用",
     "disable_protection": "禁用保护",
@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "缓存 DNS 响应时，延长从上游服务器接收到的 TTL 值 (秒)",
     "cache_ttl_max_override_desc": "设定 DNS 缓存条目的最大 TTL 值（秒）",
     "ttl_cache_validation": "最小缓存TTL值必须小于或等于最大值",
-    "cache_optimistic": "优化的",
+    "cache_optimistic": "乐观缓存",
     "cache_optimistic_desc": "即使条目已过期，也让 AdGuard Home 从缓存中响应，并尝试刷新它们。",
     "filter_category_general": "常规",
     "filter_category_security": "安全",

client/src/__locales/zh-tw.json

@@ -597,7 +597,7 @@
     "cache_ttl_min_override_desc": "當快取 DNS 回應時，延長從上游的伺服器收到的短存活時間數值（秒）",
     "cache_ttl_max_override_desc": "設定最大的存活時間數值（秒）供在 DNS 快取中的項目",
     "ttl_cache_validation": "最小的快取存活時間（TTL）數值必須小於或等於最大的數值",
-    "cache_optimistic": "樂觀快取模式",
+    "cache_optimistic": "樂觀快取",
     "cache_optimistic_desc": "即使當項目為已到期的，從快取使 AdGuard Home 回覆，並還嘗試重新整理它們。",
     "filter_category_general": "一般的",
     "filter_category_security": "安全性",

client/src/actions/index.js

@@ -638,7 +638,11 @@ export const toggleBlocking = (
 };
 
 export const toggleBlockingForClient = (type, domain, client) => {
-    const baseRule = `||${domain}^$client='${client.replace(/'/g, '/\'')}'`;
+    const escapedClientName = client.replace(/'/g, '\\\'')
+        .replace(/"/g, '\\"')
+        .replace(/,/g, '\\,')
+        .replace(/\|/g, '\\|');
+    const baseRule = `||${domain}^$client='${escapedClientName}'`;
     const baseUnblocking = `@@${baseRule}`;
 
     return toggleBlocking(type, domain, baseRule, baseUnblocking);

client/src/components/App/index.css

@@ -52,7 +52,7 @@ body {
 
 .modal-body--medium {
     max-height: 20rem;
-    overflow-y: scroll;
+    overflow-y: auto;
 }
 
 .modal-body__item:not(:first-child) {

client/src/components/Filters/CustomRules.js

@@ -1,13 +1,12 @@
 import React, { Component } from 'react';
 import PropTypes from 'prop-types';
 import { Trans, withTranslation } from 'react-i18next';
-import classnames from 'classnames';
 import Card from '../ui/Card';
 import PageTitle from '../ui/PageTitle';
 import Examples from './Examples';
 import Check from './Check';
 import { getTextareaCommentsHighlight, syncScroll } from '../../helpers/highlightTextareaComments';
-import { COMMENT_LINE_DEFAULT_TOKEN, isFirefox } from '../../helpers/constants';
+import { COMMENT_LINE_DEFAULT_TOKEN } from '../../helpers/constants';
 import '../ui/texareaCommentsHighlight.css';
 
 class CustomRules extends Component {
@@ -52,26 +51,19 @@ class CustomRules extends Component {
         return (
             <>
                 <PageTitle title={t('custom_filtering_rules')} />
-                <Card
-                    subtitle={t('custom_filter_rules_hint')}
-                >
+                <Card subtitle={t('custom_filter_rules_hint')}>
                     <form onSubmit={this.handleSubmit}>
-                        <div className={classnames('col-12 text-edit-container form-control--textarea-large', {
-                            'mb-4': !isFirefox,
-                            'mb-6': isFirefox,
-                        })}>
-                        <textarea
-                                className={classnames('form-control font-monospace text-input form-control--textarea-large', {
-                                    'text-input--largest': isFirefox,
-                                })}
+                        <div className="text-edit-container mb-4">
+                            <textarea
+                                className="form-control font-monospace text-input"
                                 value={userRules}
                                 onChange={this.handleChange}
                                 onScroll={this.onScroll}
-                        />
+                            />
                             {getTextareaCommentsHighlight(
                                 this.ref,
                                 userRules,
-                                classnames({ 'form-control--textarea-large': isFirefox }),
+                                undefined,
                                 [COMMENT_LINE_DEFAULT_TOKEN, '!'],
                             )}
                         </div>

client/src/components/Logs/Cells/IconTooltip.css

@@ -6,7 +6,7 @@
     pointer-events: auto !important;
     background-color: var(--white);
     z-index: 102;
-    overflow-y: scroll;
+    overflow-y: auto;
     max-height: 100%;
 }
 

client/src/components/Logs/Logs.css

@@ -388,7 +388,7 @@
     border-collapse: collapse;
     contain: layout;
     overflow-x: hidden;
-    overflow-y: scroll;
+    overflow-y: auto;
     will-change: scroll-position;
 }
 

client/src/components/Settings/Dns/Upstream/Form.js

@@ -9,7 +9,6 @@ import { renderRadioField, renderTextareaField, CheckboxField } from '../../../.
 import {
     DNS_REQUEST_OPTIONS,
     FORM_NAME,
-    isFirefox,
     UPSTREAM_CONFIGURATION_WIKI_LINK,
 } from '../../../../helpers/constants';
 import { testUpstreamWithFormValues } from '../../../../actions';
@@ -90,25 +89,10 @@ renderTextareaWithHighlightField.propTypes = {
     normalizeOnBlur: PropTypes.func,
     onScroll: PropTypes.func,
     placeholder: PropTypes.string.isRequired,
-    subtitle: PropTypes.string.isRequired,
     type: PropTypes.string.isRequired,
 };
 
 const INPUT_FIELDS = [
-    {
-        name: UPSTREAM_DNS_NAME,
-        type: 'text',
-        component: renderTextareaWithHighlightField,
-        className: classnames('form-control form-control--textarea font-monospace text-input', {
-            'text-input--larger': isFirefox,
-        }),
-        containerClass: classnames('text-edit-container', {
-            'mb-4': !isFirefox,
-            'mb-6': isFirefox,
-        }),
-        placeholder: 'upstream_dns',
-        normalizeOnBlur: removeEmptyLines,
-    },
     {
         name: UPSTREAM_MODE_NAME,
         type: 'radio',
@@ -176,6 +160,20 @@ const Form = ({
                     dns_providers
                 </Trans>
             </label>
+            <div className="col-12 mb-4">
+                <div className="text-edit-container">
+                    <Field
+                        id={UPSTREAM_DNS_NAME}
+                        name={UPSTREAM_DNS_NAME}
+                        component={renderTextareaWithHighlightField}
+                        type="text"
+                        className="form-control form-control--textarea font-monospace text-input"
+                        placeholder={t('upstream_dns')}
+                        disabled={processingSetConfig || processingTestUpstream}
+                        normalizeOnBlur={removeEmptyLines}
+                    />
+                </div>
+            </div>
             {INPUT_FIELDS.map(renderField)}
             <div className="col-12">
                 <Examples />

client/src/components/ui/texareaCommentsHighlight.css

@@ -1,6 +1,7 @@
 .text-edit-container {
     position: relative;
-    height: 10rem;
+    min-height: 240px;
+    overflow: hidden;
 }
 
 .text-input,
@@ -10,33 +11,20 @@
     left: 0;
     width: 100%;
     height: 100%;
-    padding: 1rem;
+    padding: 16px;
     background: transparent;
     white-space: pre-wrap;
-    line-height: 1.5rem;
+    line-height: 24px;
     word-wrap: break-word;
     font-size: var(--font-size-disable-autozoom);
     margin: 0;
-}
-
-.form--upstream .text-input,
-.form--upstream .text-output {
-    width: 98%;
-    left: 1%;
+    overscroll-behavior: none;
 }
 
 .text-input {
+    position: relative;
     opacity: 1;
-    resize: none;
-    height: 10rem;
-}
-
-.text-input--larger {
-    height: 11rem;
-}
-
-.text-input--largest {
-    height: 16rem;
+    min-height: 240px;
 }
 
 .text-output {

go.mod

@@ -3,8 +3,8 @@ module github.com/AdguardTeam/AdGuardHome
 go 1.16
 
 require (
-	github.com/AdguardTeam/dnsproxy v0.39.1
-	github.com/AdguardTeam/golibs v0.8.4
+	github.com/AdguardTeam/dnsproxy v0.39.2
+	github.com/AdguardTeam/golibs v0.9.1
 	github.com/AdguardTeam/urlfilter v0.14.6
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.2.1
@@ -25,11 +25,12 @@ require (
 	github.com/ti-mo/netfilter v0.4.0
 	go.etcd.io/bbolt v1.3.5
 	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
-	golang.org/x/net v0.0.0-20210510120150-4163338589ed
+	golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985
 	golang.org/x/sys v0.0.0-20210514084401-e8d321eab015
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 	gopkg.in/yaml.v2 v2.4.0
 	howett.net/plist v0.0.0-20201203080718-1454fab16a06
 )
 
+// TODO(e.burkov):  Get rid of the fork in v0.108.0.
 replace github.com/insomniacslk/dhcp => github.com/AdguardTeam/dhcp v0.0.0-20210519141215-51808c73c0bf

go.sum

@@ -9,13 +9,13 @@ dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
 github.com/AdguardTeam/dhcp v0.0.0-20210519141215-51808c73c0bf h1:gc042VRSIRSUzZ+Px6xQCRWNJZTaPkomisDfUZmoFNk=
 github.com/AdguardTeam/dhcp v0.0.0-20210519141215-51808c73c0bf/go.mod h1:TKl4jN3Voofo4UJIicyNhWGp/nlQqQkFxmwIFTvBkKI=
-github.com/AdguardTeam/dnsproxy v0.39.1 h1:qU5LgMsw6Q4qwVuZ4cpWVQqD+7k1kK2Z2NoNar60yto=
-github.com/AdguardTeam/dnsproxy v0.39.1/go.mod h1:aNXKNdTyKfgAG2OS712SYSaGIM9AasZsZxfiY4YiR/0=
+github.com/AdguardTeam/dnsproxy v0.39.2 h1:GqsR1S4fFfVsVCSrdrfa0RfsQ2u+MeNUMqDkxdTD3gU=
+github.com/AdguardTeam/dnsproxy v0.39.2/go.mod h1:aNXKNdTyKfgAG2OS712SYSaGIM9AasZsZxfiY4YiR/0=
 github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.8.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
-github.com/AdguardTeam/golibs v0.8.4 h1:jd6GwvQQtfSLOKn30qisDVujvas3q7Agjm3BOEqRWpQ=
-github.com/AdguardTeam/golibs v0.8.4/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
+github.com/AdguardTeam/golibs v0.9.1 h1:mHSN4LfaY1uGmHPsl97paAND/VeSnM5r9XQ7pSYx93o=
+github.com/AdguardTeam/golibs v0.9.1/go.mod h1:fCAMwPBJ8S7YMYbTWvYS+eeTLblP5E04IDtNAo7y7IY=
 github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU=
 github.com/AdguardTeam/urlfilter v0.14.6 h1:emqoKZElooHACYehRBYENeKVN1a/rspxiqTIMYLuoIo=
 github.com/AdguardTeam/urlfilter v0.14.6/go.mod h1:klx4JbOfc4EaNb5lWLqOwfg+pVcyRukmoJRvO55lL5U=
@@ -300,8 +300,8 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210510120150-4163338589ed h1:p9UgmWI9wKpfYmgaV/IZKGdXc5qEK45tDwwwDyjS26I=
-golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985 h1:4CSI6oo7cOjJKajidEljs9h+uP0rRZBPPPhcCbj5mw8=
+golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=

internal/aghnet/addr.go

@@ -1,206 +0,0 @@
-package aghnet
-
-import (
-	"fmt"
-	"net"
-	"strconv"
-	"strings"
-
-	"github.com/AdguardTeam/golibs/errors"
-	"golang.org/x/net/idna"
-)
-
-// CloneIP returns a clone of an IP address.
-func CloneIP(ip net.IP) (clone net.IP) {
-	if ip != nil && len(ip) == 0 {
-		return net.IP{}
-	}
-
-	return append(clone, ip...)
-}
-
-// CloneMAC returns a clone of a MAC address.
-func CloneMAC(mac net.HardwareAddr) (clone net.HardwareAddr) {
-	if mac != nil && len(mac) == 0 {
-		return net.HardwareAddr{}
-	}
-
-	return append(clone, mac...)
-}
-
-// IPFromAddr returns an IP address from addr.  If addr is neither
-// a *net.TCPAddr nor a *net.UDPAddr, it returns nil.
-func IPFromAddr(addr net.Addr) (ip net.IP) {
-	switch addr := addr.(type) {
-	case *net.TCPAddr:
-		return addr.IP
-	case *net.UDPAddr:
-		return addr.IP
-	}
-
-	return nil
-}
-
-// IsValidHostOuterRune returns true if r is a valid initial or final rune for
-// a hostname label.
-func IsValidHostOuterRune(r rune) (ok bool) {
-	return (r >= 'a' && r <= 'z') ||
-		(r >= 'A' && r <= 'Z') ||
-		(r >= '0' && r <= '9')
-}
-
-// JoinHostPort is a convinient wrapper for net.JoinHostPort with port of type
-// int.
-func JoinHostPort(host string, port int) (hostport string) {
-	return net.JoinHostPort(host, strconv.Itoa(port))
-}
-
-// isValidHostRune returns true if r is a valid rune for a hostname label.
-func isValidHostRune(r rune) (ok bool) {
-	return r == '-' || IsValidHostOuterRune(r)
-}
-
-// ValidateHardwareAddress returns an error if hwa is not a valid EUI-48,
-// EUI-64, or 20-octet InfiniBand link-layer address.
-func ValidateHardwareAddress(hwa net.HardwareAddr) (err error) {
-	defer func() { err = errors.Annotate(err, "validating hardware address %q: %w", hwa) }()
-
-	switch l := len(hwa); l {
-	case 0:
-		return errors.Error("address is empty")
-	case 6, 8, 20:
-		return nil
-	default:
-		return fmt.Errorf("bad len: %d", l)
-	}
-}
-
-// maxDomainLabelLen is the maximum allowed length of a domain name label
-// according to RFC 1035.
-const maxDomainLabelLen = 63
-
-// MaxDomainNameLen is the maximum allowed length of a full domain name
-// according to RFC 1035.
-//
-// See https://stackoverflow.com/a/32294443/1892060.
-const MaxDomainNameLen = 253
-
-// ValidateDomainNameLabel returns an error if label is not a valid label of
-// a domain name.
-func ValidateDomainNameLabel(label string) (err error) {
-	defer func() { err = errors.Annotate(err, "validating label %q: %w", label) }()
-
-	l := len(label)
-	if l > maxDomainLabelLen {
-		return fmt.Errorf("label is too long, max: %d", maxDomainLabelLen)
-	} else if l == 0 {
-		return errors.Error("label is empty")
-	}
-
-	if r := label[0]; !IsValidHostOuterRune(rune(r)) {
-		return fmt.Errorf("invalid char %q at index %d", r, 0)
-	} else if l == 1 {
-		return nil
-	}
-
-	for i, r := range label[1 : l-1] {
-		if !isValidHostRune(r) {
-			return fmt.Errorf("invalid char %q at index %d", r, i+1)
-		}
-	}
-
-	if r := label[l-1]; !IsValidHostOuterRune(rune(r)) {
-		return fmt.Errorf("invalid char %q at index %d", r, l-1)
-	}
-
-	return nil
-}
-
-// ValidateDomainName validates the domain name in accordance to RFC 952, RFC
-// 1035, and with RFC-1123's inclusion of digits at the start of the host.  It
-// doesn't validate against two or more hyphens to allow punycode and
-// internationalized domains.
-//
-// TODO(a.garipov): After making sure that this works correctly, port this into
-// module golibs.
-func ValidateDomainName(name string) (err error) {
-	defer func() { err = errors.Annotate(err, "validating domain name %q: %w", name) }()
-
-	name, err = idna.ToASCII(name)
-	if err != nil {
-		return err
-	}
-
-	l := len(name)
-	if l == 0 {
-		return errors.Error("domain name is empty")
-	} else if l > MaxDomainNameLen {
-		return fmt.Errorf("too long, max: %d", MaxDomainNameLen)
-	}
-
-	labels := strings.Split(name, ".")
-	for i, l := range labels {
-		err = ValidateDomainNameLabel(l)
-		if err != nil {
-			return fmt.Errorf("invalid domain name label at index %d: %w", i, err)
-		}
-	}
-
-	return nil
-}
-
-// The maximum lengths of generated hostnames for different IP versions.
-const (
-	ipv4HostnameMaxLen = len("192-168-100-100")
-	ipv6HostnameMaxLen = len("ff80-f076-0000-0000-0000-0000-0000-0010")
-)
-
-// generateIPv4Hostname generates the hostname for specific IP version.
-func generateIPv4Hostname(ipv4 net.IP) (hostname string) {
-	hnData := make([]byte, 0, ipv4HostnameMaxLen)
-	for i, part := range ipv4 {
-		if i > 0 {
-			hnData = append(hnData, '-')
-		}
-		hnData = strconv.AppendUint(hnData, uint64(part), 10)
-	}
-
-	return string(hnData)
-}
-
-// generateIPv6Hostname generates the hostname for specific IP version.
-func generateIPv6Hostname(ipv6 net.IP) (hostname string) {
-	hnData := make([]byte, 0, ipv6HostnameMaxLen)
-	for i, partsNum := 0, net.IPv6len/2; i < partsNum; i++ {
-		if i > 0 {
-			hnData = append(hnData, '-')
-		}
-		for _, val := range ipv6[i*2 : i*2+2] {
-			if val < 10 {
-				hnData = append(hnData, '0')
-			}
-			hnData = strconv.AppendUint(hnData, uint64(val), 16)
-		}
-	}
-
-	return string(hnData)
-}
-
-// GenerateHostname generates the hostname from ip.  In case of using IPv4 the
-// result should be like:
-//
-//   192-168-10-1
-//
-// In case of using IPv6, the result is like:
-//
-//   ff80-f076-0000-0000-0000-0000-0000-0010
-//
-func GenerateHostname(ip net.IP) (hostname string) {
-	if ipv4 := ip.To4(); ipv4 != nil {
-		return generateIPv4Hostname(ipv4)
-	} else if ipv6 := ip.To16(); ipv6 != nil {
-		return generateIPv6Hostname(ipv6)
-	}
-
-	return ""
-}

internal/aghnet/addr_test.go

@@ -1,228 +0,0 @@
-package aghnet
-
-import (
-	"net"
-	"strings"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestCloneIP(t *testing.T) {
-	assert.Equal(t, net.IP(nil), CloneIP(nil))
-	assert.Equal(t, net.IP{}, CloneIP(net.IP{}))
-
-	ip := net.IP{1, 2, 3, 4}
-	clone := CloneIP(ip)
-	assert.Equal(t, ip, clone)
-	assert.NotSame(t, &ip[0], &clone[0])
-}
-
-func TestCloneMAC(t *testing.T) {
-	assert.Equal(t, net.HardwareAddr(nil), CloneMAC(nil))
-	assert.Equal(t, net.HardwareAddr{}, CloneMAC(net.HardwareAddr{}))
-
-	mac := net.HardwareAddr{0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC}
-	clone := CloneMAC(mac)
-	assert.Equal(t, mac, clone)
-	assert.NotSame(t, &mac[0], &clone[0])
-}
-
-func TestIPFromAddr(t *testing.T) {
-	ip := net.IP{1, 2, 3, 4}
-	assert.Equal(t, net.IP(nil), IPFromAddr(nil))
-	assert.Equal(t, net.IP(nil), IPFromAddr(struct{ net.Addr }{}))
-	assert.Equal(t, ip, IPFromAddr(&net.TCPAddr{IP: ip}))
-	assert.Equal(t, ip, IPFromAddr(&net.UDPAddr{IP: ip}))
-}
-
-func TestValidateHardwareAddress(t *testing.T) {
-	testCases := []struct {
-		name       string
-		wantErrMsg string
-		in         net.HardwareAddr
-	}{{
-		name:       "success_eui_48",
-		wantErrMsg: "",
-		in:         net.HardwareAddr{0x00, 0x01, 0x02, 0x03, 0x04, 0x05},
-	}, {
-		name:       "success_eui_64",
-		wantErrMsg: "",
-		in:         net.HardwareAddr{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07},
-	}, {
-		name:       "success_infiniband",
-		wantErrMsg: "",
-		in: net.HardwareAddr{
-			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-			0x10, 0x11, 0x12, 0x13,
-		},
-	}, {
-		name:       "error_nil",
-		wantErrMsg: `validating hardware address "": address is empty`,
-		in:         nil,
-	}, {
-		name:       "error_empty",
-		wantErrMsg: `validating hardware address "": address is empty`,
-		in:         net.HardwareAddr{},
-	}, {
-		name:       "error_bad",
-		wantErrMsg: `validating hardware address "00:01:02:03": bad len: 4`,
-		in:         net.HardwareAddr{0x00, 0x01, 0x02, 0x03},
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			err := ValidateHardwareAddress(tc.in)
-			if tc.wantErrMsg == "" {
-				assert.NoError(t, err)
-			} else {
-				require.Error(t, err)
-
-				assert.Equal(t, tc.wantErrMsg, err.Error())
-			}
-		})
-	}
-}
-
-func TestJoinHostPort(t *testing.T) {
-	assert.Equal(t, ":0", JoinHostPort("", 0))
-	assert.Equal(t, "host:12345", JoinHostPort("host", 12345))
-	assert.Equal(t, "1.2.3.4:12345", JoinHostPort("1.2.3.4", 12345))
-	assert.Equal(t, "[1234::5678]:12345", JoinHostPort("1234::5678", 12345))
-	assert.Equal(t, "[1234::5678%lo]:12345", JoinHostPort("1234::5678%lo", 12345))
-}
-
-func repeatStr(b *strings.Builder, s string, n int) {
-	for i := 0; i < n; i++ {
-		_, _ = b.WriteString(s)
-	}
-}
-
-func TestValidateDomainName(t *testing.T) {
-	b := &strings.Builder{}
-	repeatStr(b, "a", 255)
-	longDomainName := b.String()
-
-	b.Reset()
-	repeatStr(b, "a", 64)
-	longLabel := b.String()
-
-	_, _ = b.WriteString(".com")
-	longLabelDomainName := b.String()
-
-	testCases := []struct {
-		name       string
-		in         string
-		wantErrMsg string
-	}{{
-		name:       "success",
-		in:         "example.com",
-		wantErrMsg: "",
-	}, {
-		name:       "success_idna",
-		in:         "пример.рф",
-		wantErrMsg: "",
-	}, {
-		name:       "success_one",
-		in:         "e",
-		wantErrMsg: "",
-	}, {
-		name:       "empty",
-		in:         "",
-		wantErrMsg: `validating domain name "": domain name is empty`,
-	}, {
-		name: "bad_symbol",
-		in:   "!!!",
-		wantErrMsg: `validating domain name "!!!": invalid domain name label at index 0: ` +
-			`validating label "!!!": invalid char '!' at index 0`,
-	}, {
-		name:       "bad_length",
-		in:         longDomainName,
-		wantErrMsg: `validating domain name "` + longDomainName + `": too long, max: 253`,
-	}, {
-		name: "bad_label_length",
-		in:   longLabelDomainName,
-		wantErrMsg: `validating domain name "` + longLabelDomainName + `": ` +
-			`invalid domain name label at index 0: validating label "` + longLabel +
-			`": label is too long, max: 63`,
-	}, {
-		name: "bad_label_empty",
-		in:   "example..com",
-		wantErrMsg: `validating domain name "example..com": ` +
-			`invalid domain name label at index 1: ` +
-			`validating label "": label is empty`,
-	}, {
-		name: "bad_label_first_symbol",
-		in:   "example.-aa.com",
-		wantErrMsg: `validating domain name "example.-aa.com": ` +
-			`invalid domain name label at index 1: ` +
-			`validating label "-aa": invalid char '-' at index 0`,
-	}, {
-		name: "bad_label_last_symbol",
-		in:   "example-.aa.com",
-		wantErrMsg: `validating domain name "example-.aa.com": ` +
-			`invalid domain name label at index 0: ` +
-			`validating label "example-": invalid char '-' at index 7`,
-	}, {
-		name: "bad_label_symbol",
-		in:   "example.a!!!.com",
-		wantErrMsg: `validating domain name "example.a!!!.com": ` +
-			`invalid domain name label at index 1: ` +
-			`validating label "a!!!": invalid char '!' at index 1`,
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			err := ValidateDomainName(tc.in)
-			if tc.wantErrMsg == "" {
-				assert.NoError(t, err)
-			} else {
-				require.Error(t, err)
-
-				assert.Equal(t, tc.wantErrMsg, err.Error())
-			}
-		})
-	}
-}
-
-func TestGenerateHostName(t *testing.T) {
-	testCases := []struct {
-		name string
-		want string
-		ip   net.IP
-	}{{
-		name: "good_ipv4",
-		want: "127-0-0-1",
-		ip:   net.IP{127, 0, 0, 1},
-	}, {
-		name: "bad_ipv4",
-		want: "",
-		ip:   net.IP{127, 0, 0, 1, 0},
-	}, {
-		name: "good_ipv6",
-		want: "fe00-0000-0000-0000-0000-0000-0000-0001",
-		ip:   net.ParseIP("fe00::1"),
-	}, {
-		name: "bad_ipv6",
-		want: "",
-		ip: net.IP{
-			0xff, 0xff, 0xff, 0xff,
-			0xff, 0xff, 0xff, 0xff,
-			0xff, 0xff, 0xff, 0xff,
-			0xff, 0xff, 0xff,
-		},
-	}, {
-		name: "nil",
-		want: "",
-		ip:   nil,
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			hostname := GenerateHostname(tc.ip)
-			assert.Equal(t, tc.want, hostname)
-		})
-	}
-}

internal/aghnet/dhcp.go

@@ -0,0 +1,6 @@
+package aghnet
+
+// CheckOtherDHCP tries to discover another DHCP server in the network.
+func CheckOtherDHCP(ifaceName string) (ok4, ok6 bool, err4, err6 error) {
+	return checkOtherDHCP(ifaceName)
+}

internal/aghnet/dhcp_unix.go

@@ -1,95 +1,132 @@
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
 // +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
-package dhcpd
+package aghnet
 
 import (
 	"bytes"
 	"fmt"
 	"net"
 	"os"
-	"runtime"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
-	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/insomniacslk/dhcp/dhcpv4"
-	"github.com/insomniacslk/dhcp/dhcpv4/nclient4"
 	"github.com/insomniacslk/dhcp/dhcpv6"
 	"github.com/insomniacslk/dhcp/dhcpv6/nclient6"
 	"github.com/insomniacslk/dhcp/iana"
 )
 
-// CheckIfOtherDHCPServersPresentV4 sends a DHCP request to the specified network interface,
-// and waits for a response for a period defined by defaultDiscoverTime
-func CheckIfOtherDHCPServersPresentV4(ifaceName string) (ok bool, err error) {
+// defaultDiscoverTime is the
+const defaultDiscoverTime = 3 * time.Second
+
+func checkOtherDHCP(ifaceName string) (ok4, ok6 bool, err4, err6 error) {
 	iface, err := net.InterfaceByName(ifaceName)
 	if err != nil {
-		return false, fmt.Errorf("couldn't find interface by name %s: %w", ifaceName, err)
+		err = fmt.Errorf("couldn't find interface by name %s: %w", ifaceName, err)
+		err4, err6 = err, err
+
+		return false, false, err4, err6
 	}
 
-	ifaceIPNet, err := ifaceIPAddrs(iface, ipVersion4)
-	if err != nil {
-		return false, fmt.Errorf("getting ipv4 addrs for iface %s: %w", ifaceName, err)
-	}
-	if len(ifaceIPNet) == 0 {
-		return false, fmt.Errorf("interface %s has no ipv4 addresses", ifaceName)
+	ok4, err4 = checkOtherDHCPv4(iface)
+	ok6, err6 = checkOtherDHCPv6(iface)
+
+	return ok4, ok6, err4, err6
+}
+
+// ifaceIPv4Subnet returns the first suitable IPv4 subnetwork iface has.
+func ifaceIPv4Subnet(iface *net.Interface) (subnet *net.IPNet, err error) {
+	var addrs []net.Addr
+	if addrs, err = iface.Addrs(); err != nil {
+		return nil, err
 	}
 
-	// TODO(a.garipov): Find out what this is about.  Perhaps this
-	// information is outdated or at least incomplete.
-	if runtime.GOOS == "darwin" {
-		return false, aghos.Unsupported("CheckIfOtherDHCPServersPresentV4")
+	for _, a := range addrs {
+		switch a := a.(type) {
+		case *net.IPAddr:
+			subnet = &net.IPNet{
+				IP:   a.IP,
+				Mask: a.IP.DefaultMask(),
+			}
+		case *net.IPNet:
+			subnet = a
+		default:
+			continue
+		}
+
+		if ip4 := subnet.IP.To4(); ip4 != nil {
+			subnet.IP = ip4
+
+			return subnet, nil
+		}
 	}
 
-	srcIP := ifaceIPNet[0]
-	src := aghnet.JoinHostPort(srcIP.String(), 68)
-	dst := "255.255.255.255:67"
+	return nil, fmt.Errorf("interface %s has no ipv4 addresses", iface.Name)
+}
 
-	hostname, _ := os.Hostname()
-
-	req, err := dhcpv4.NewDiscovery(iface.HardwareAddr)
-	if err != nil {
-		return false, fmt.Errorf("dhcpv4.NewDiscovery: %w", err)
-	}
-	req.Options.Update(dhcpv4.OptClientIdentifier(iface.HardwareAddr))
-	req.Options.Update(dhcpv4.OptHostName(hostname))
-
-	// resolve 0.0.0.0:68
-	udpAddr, err := net.ResolveUDPAddr("udp4", src)
-	if err != nil {
-		return false, fmt.Errorf("couldn't resolve UDP address %s: %w", src, err)
+// checkOtherDHCPv4 sends a DHCP request to the specified network interface, and
+// waits for a response for a period defined by defaultDiscoverTime.
+func checkOtherDHCPv4(iface *net.Interface) (ok bool, err error) {
+	var subnet *net.IPNet
+	if subnet, err = ifaceIPv4Subnet(iface); err != nil {
+		return false, err
 	}
 
-	if !udpAddr.IP.To4().Equal(srcIP) {
-		return false, fmt.Errorf("resolved UDP address is not %s: %w", src, err)
-	}
-
-	// resolve 255.255.255.255:67
-	dstAddr, err := net.ResolveUDPAddr("udp4", dst)
-	if err != nil {
+	// Resolve broadcast addr.
+	dst := netutil.IPPort{
+		IP:   BroadcastFromIPNet(subnet),
+		Port: 67,
+	}.String()
+	var dstAddr *net.UDPAddr
+	if dstAddr, err = net.ResolveUDPAddr("udp4", dst); err != nil {
 		return false, fmt.Errorf("couldn't resolve UDP address %s: %w", dst, err)
 	}
 
-	// bind to 0.0.0.0:68
-	log.Tracef("Listening to udp4 %+v", udpAddr)
-	c, err := nclient4.NewRawUDPConn(ifaceName, 68)
-	if err != nil {
-		return false, fmt.Errorf("couldn't listen on :68: %w", err)
-	}
-	if c != nil {
-		defer func() { err = errors.WithDeferred(err, c.Close()) }()
+	var hostname string
+	if hostname, err = os.Hostname(); err != nil {
+		return false, fmt.Errorf("couldn't get hostname: %w", err)
 	}
 
-	// send to 255.255.255.255:67
-	_, err = c.WriteTo(req.ToBytes(), dstAddr)
-	if err != nil {
-		return false, fmt.Errorf("couldn't send a packet to %s: %w", dst, err)
+	return discover4(iface, dstAddr, hostname)
+}
+
+func discover4(iface *net.Interface, dstAddr *net.UDPAddr, hostname string) (ok bool, err error) {
+	var req *dhcpv4.DHCPv4
+	if req, err = dhcpv4.NewDiscovery(iface.HardwareAddr); err != nil {
+		return false, fmt.Errorf("dhcpv4.NewDiscovery: %w", err)
+	}
+
+	req.Options.Update(dhcpv4.OptClientIdentifier(iface.HardwareAddr))
+	req.Options.Update(dhcpv4.OptHostName(hostname))
+	req.SetBroadcast()
+
+	// Bind to 0.0.0.0:68.
+	//
+	// On OpenBSD binding to the port 68 competes with dhclient's binding,
+	// so that all incoming packets are ignored and the discovering process
+	// is spoiled.
+	//
+	// It's also known that listening on the specified interface's address
+	// ignores broadcasted packets when reading.
+	var c net.PacketConn
+	if c, err = listenPacketReusable(iface.Name, "udp4", ":68"); err != nil {
+		return false, fmt.Errorf("couldn't listen on :68: %w", err)
+	}
+	defer func() { err = errors.WithDeferred(err, c.Close()) }()
+
+	// Send to broadcast.
+	if _, err = c.WriteTo(req.ToBytes(), dstAddr); err != nil {
+		return false, fmt.Errorf("couldn't send a packet to %s: %w", dstAddr, err)
 	}
 
 	for {
+		if err = c.SetDeadline(time.Now().Add(defaultDiscoverTime)); err != nil {
+			return false, fmt.Errorf("setting deadline: %w", err)
+		}
+
 		var next bool
 		ok, next, err = tryConn4(req, c, iface)
 		if next {
@@ -116,11 +153,6 @@ func tryConn4(req *dhcpv4.DHCPv4, c net.PacketConn, iface *net.Interface) (ok, n
 	log.Tracef("dhcpv4: waiting %v for an answer", defaultDiscoverTime)
 
 	b := make([]byte, 1500)
-	err = c.SetDeadline(time.Now().Add(defaultDiscoverTime))
-	if err != nil {
-		return false, false, fmt.Errorf("setting deadline: %w", err)
-	}
-
 	n, _, err := c.ReadFrom(b)
 	if err != nil {
 		if isTimeout(err) {
@@ -159,31 +191,21 @@ func tryConn4(req *dhcpv4.DHCPv4, c net.PacketConn, iface *net.Interface) (ok, n
 	return true, false, nil
 }
 
-// CheckIfOtherDHCPServersPresentV6 sends a DHCP request to the specified network interface,
-// and waits for a response for a period defined by defaultDiscoverTime
-func CheckIfOtherDHCPServersPresentV6(ifaceName string) (ok bool, err error) {
-	iface, err := net.InterfaceByName(ifaceName)
+// checkOtherDHCPv6 sends a DHCP request to the specified network interface, and
+// waits for a response for a period defined by defaultDiscoverTime.
+func checkOtherDHCPv6(iface *net.Interface) (ok bool, err error) {
+	ifaceIPNet, err := IfaceIPAddrs(iface, IPVersion6)
 	if err != nil {
-		return false, fmt.Errorf("dhcpv6: net.InterfaceByName: %s: %w", ifaceName, err)
-	}
-
-	ifaceIPNet, err := ifaceIPAddrs(iface, ipVersion6)
-	if err != nil {
-		return false, fmt.Errorf("getting ipv6 addrs for iface %s: %w", ifaceName, err)
+		return false, fmt.Errorf("getting ipv6 addrs for iface %s: %w", iface.Name, err)
 	}
 	if len(ifaceIPNet) == 0 {
-		return false, fmt.Errorf("interface %s has no ipv6 addresses", ifaceName)
+		return false, fmt.Errorf("interface %s has no ipv6 addresses", iface.Name)
 	}
 
 	srcIP := ifaceIPNet[0]
-	src := aghnet.JoinHostPort(srcIP.String(), 546)
+	src := netutil.JoinHostPort(srcIP.String(), 546)
 	dst := "[ff02::1:2]:547"
 
-	req, err := dhcpv6.NewSolicit(iface.HardwareAddr)
-	if err != nil {
-		return false, fmt.Errorf("dhcpv6: dhcpv6.NewSolicit: %w", err)
-	}
-
 	udpAddr, err := net.ResolveUDPAddr("udp6", src)
 	if err != nil {
 		return false, fmt.Errorf("dhcpv6: Couldn't resolve UDP address %s: %w", src, err)
@@ -198,18 +220,25 @@ func CheckIfOtherDHCPServersPresentV6(ifaceName string) (ok bool, err error) {
 		return false, fmt.Errorf("dhcpv6: Couldn't resolve UDP address %s: %w", dst, err)
 	}
 
+	return discover6(iface, udpAddr, dstAddr)
+}
+
+func discover6(iface *net.Interface, udpAddr, dstAddr *net.UDPAddr) (ok bool, err error) {
+	req, err := dhcpv6.NewSolicit(iface.HardwareAddr)
+	if err != nil {
+		return false, fmt.Errorf("dhcpv6: dhcpv6.NewSolicit: %w", err)
+	}
+
 	log.Debug("DHCPv6: Listening to udp6 %+v", udpAddr)
-	c, err := nclient6.NewIPv6UDPConn(ifaceName, dhcpv6.DefaultClientPort)
+	c, err := nclient6.NewIPv6UDPConn(iface.Name, dhcpv6.DefaultClientPort)
 	if err != nil {
 		return false, fmt.Errorf("dhcpv6: Couldn't listen on :546: %w", err)
 	}
-	if c != nil {
-		defer func() { err = errors.WithDeferred(err, c.Close()) }()
-	}
+	defer func() { err = errors.WithDeferred(err, c.Close()) }()
 
 	_, err = c.WriteTo(req.ToBytes(), dstAddr)
 	if err != nil {
-		return false, fmt.Errorf("dhcpv6: Couldn't send a packet to %s: %w", dst, err)
+		return false, fmt.Errorf("dhcpv6: Couldn't send a packet to %s: %w", dstAddr, err)
 	}
 
 	for {
@@ -288,3 +317,15 @@ func tryConn6(req *dhcpv6.Message, c net.PacketConn) (ok, next bool, err error)
 
 	return true, false, nil
 }
+
+// isTimeout returns true if err is an operation timeout error from net package.
+//
+// TODO(e.burkov):  Consider moving into netutil.
+func isTimeout(err error) (ok bool) {
+	var operr *net.OpError
+	if errors.As(err, &operr) {
+		return operr.Timeout()
+	}
+
+	return false
+}

internal/aghnet/dhcp_windows.go

@@ -0,0 +1,13 @@
+//go:build windows
+// +build windows
+
+package aghnet
+
+import "github.com/AdguardTeam/AdGuardHome/internal/aghos"
+
+func checkOtherDHCP(ifaceName string) (ok4, ok6 bool, err4, err6 error) {
+	return false,
+		false,
+		aghos.Unsupported("CheckIfOtherDHCPServersPresentV4"),
+		aghos.Unsupported("CheckIfOtherDHCPServersPresentV6")
+}

internal/aghnet/etchostscontainer.go

@@ -12,6 +12,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/fsnotify/fsnotify"
 	"github.com/miekg/dns"
 )
@@ -29,7 +30,7 @@ type EtcHostsContainer struct {
 	table map[string][]net.IP
 	// tableReverse is the IP-to-hosts map.  The type of the values in the
 	// map is []string.
-	tableReverse *IPMap
+	tableReverse *netutil.IPMap
 
 	hostsFn   string            // path to the main hosts-file
 	hostsDirs []string          // paths to OS-specific directories with hosts-files
@@ -150,8 +151,10 @@ func (ehc *EtcHostsContainer) ProcessReverse(addr string, qtype uint16) (hosts [
 		return nil
 	}
 
-	ip := UnreverseAddr(addr)
-	if ip == nil {
+	ip, err := netutil.IPFromReversedAddr(addr)
+	if err != nil {
+		log.Error("etchosts: reversed addr: %s", err)
+
 		return nil
 	}
 
@@ -179,7 +182,7 @@ func (ehc *EtcHostsContainer) ProcessReverse(addr string, qtype uint16) (hosts [
 
 // List returns an IP-to-hostnames table.  The type of the values in the map is
 // []string.  It is safe for concurrent use.
-func (ehc *EtcHostsContainer) List() (ipToHosts *IPMap) {
+func (ehc *EtcHostsContainer) List() (ipToHosts *netutil.IPMap) {
 	ehc.lock.RLock()
 	defer ehc.lock.RUnlock()
 
@@ -211,7 +214,7 @@ func (ehc *EtcHostsContainer) updateTable(table map[string][]net.IP, host string
 }
 
 // updateTableRev updates the reverse address table.
-func (ehc *EtcHostsContainer) updateTableRev(tableRev *IPMap, newHost string, ip net.IP) {
+func (ehc *EtcHostsContainer) updateTableRev(tableRev *netutil.IPMap, newHost string, ip net.IP) {
 	v, ok := tableRev.Get(ip)
 	if !ok {
 		tableRev.Set(ip, []string{newHost})
@@ -258,7 +261,7 @@ func parseHostsLine(fields []string) (hosts []string) {
 // line for one IP are supported.
 func (ehc *EtcHostsContainer) load(
 	table map[string][]net.IP,
-	tableRev *IPMap,
+	tableRev *netutil.IPMap,
 	fn string,
 ) {
 	f, err := os.Open(fn)
@@ -353,7 +356,7 @@ func (ehc *EtcHostsContainer) watcherLoop() {
 // updateHosts - loads system hosts
 func (ehc *EtcHostsContainer) updateHosts() {
 	table := make(map[string][]net.IP)
-	tableRev := NewIPMap(0)
+	tableRev := netutil.NewIPMap(0)
 
 	ehc.load(table, tableRev, ehc.hostsFn)
 

internal/aghnet/hostgen.go

@@ -0,0 +1,62 @@
+package aghnet
+
+import (
+	"net"
+	"strconv"
+)
+
+// The maximum lengths of generated hostnames for different IP versions.
+const (
+	ipv4HostnameMaxLen = len("192-168-100-100")
+	ipv6HostnameMaxLen = len("ff80-f076-0000-0000-0000-0000-0000-0010")
+)
+
+// generateIPv4Hostname generates the hostname for specific IP version.
+func generateIPv4Hostname(ipv4 net.IP) (hostname string) {
+	hnData := make([]byte, 0, ipv4HostnameMaxLen)
+	for i, part := range ipv4 {
+		if i > 0 {
+			hnData = append(hnData, '-')
+		}
+		hnData = strconv.AppendUint(hnData, uint64(part), 10)
+	}
+
+	return string(hnData)
+}
+
+// generateIPv6Hostname generates the hostname for specific IP version.
+func generateIPv6Hostname(ipv6 net.IP) (hostname string) {
+	hnData := make([]byte, 0, ipv6HostnameMaxLen)
+	for i, partsNum := 0, net.IPv6len/2; i < partsNum; i++ {
+		if i > 0 {
+			hnData = append(hnData, '-')
+		}
+		for _, val := range ipv6[i*2 : i*2+2] {
+			if val < 10 {
+				hnData = append(hnData, '0')
+			}
+			hnData = strconv.AppendUint(hnData, uint64(val), 16)
+		}
+	}
+
+	return string(hnData)
+}
+
+// GenerateHostname generates the hostname from ip.  In case of using IPv4 the
+// result should be like:
+//
+//   192-168-10-1
+//
+// In case of using IPv6, the result is like:
+//
+//   ff80-f076-0000-0000-0000-0000-0000-0010
+//
+func GenerateHostname(ip net.IP) (hostname string) {
+	if ipv4 := ip.To4(); ipv4 != nil {
+		return generateIPv4Hostname(ipv4)
+	} else if ipv6 := ip.To16(); ipv6 != nil {
+		return generateIPv6Hostname(ipv6)
+	}
+
+	return ""
+}

internal/aghnet/hostgen_test.go

@@ -0,0 +1,48 @@
+package aghnet
+
+import (
+	"net"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGenerateHostName(t *testing.T) {
+	testCases := []struct {
+		name string
+		want string
+		ip   net.IP
+	}{{
+		name: "good_ipv4",
+		want: "127-0-0-1",
+		ip:   net.IP{127, 0, 0, 1},
+	}, {
+		name: "bad_ipv4",
+		want: "",
+		ip:   net.IP{127, 0, 0, 1, 0},
+	}, {
+		name: "good_ipv6",
+		want: "fe00-0000-0000-0000-0000-0000-0000-0001",
+		ip:   net.ParseIP("fe00::1"),
+	}, {
+		name: "bad_ipv6",
+		want: "",
+		ip: net.IP{
+			0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0xff, 0xff,
+			0xff, 0xff, 0xff,
+		},
+	}, {
+		name: "nil",
+		want: "",
+		ip:   nil,
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			hostname := GenerateHostname(tc.ip)
+			assert.Equal(t, tc.want, hostname)
+		})
+	}
+}

internal/aghnet/interfaces.go

@@ -0,0 +1,118 @@
+package aghnet
+
+import (
+	"fmt"
+	"net"
+	"time"
+
+	"github.com/AdguardTeam/golibs/log"
+)
+
+// IPVersion is a documentational alias for int.  Use it when the integer means
+// IP version.
+type IPVersion = int
+
+// IP version constants.
+const (
+	IPVersion4 IPVersion = 4
+	IPVersion6 IPVersion = 6
+)
+
+// NetIface is the interface for network interface methods.
+type NetIface interface {
+	Addrs() ([]net.Addr, error)
+}
+
+// IfaceIPAddrs returns the interface's IP addresses.
+func IfaceIPAddrs(iface NetIface, ipv IPVersion) (ips []net.IP, err error) {
+	addrs, err := iface.Addrs()
+	if err != nil {
+		return nil, err
+	}
+
+	for _, a := range addrs {
+		var ip net.IP
+		switch a := a.(type) {
+		case *net.IPAddr:
+			ip = a.IP
+		case *net.IPNet:
+			ip = a.IP
+		default:
+			continue
+		}
+
+		// Assume that net.(*Interface).Addrs can only return valid IPv4
+		// and IPv6 addresses.  Thus, if it isn't an IPv4 address, it
+		// must be an IPv6 one.
+		switch ipv {
+		case IPVersion4:
+			if ip4 := ip.To4(); ip4 != nil {
+				ips = append(ips, ip4)
+			}
+		case IPVersion6:
+			if ip6 := ip.To4(); ip6 == nil {
+				ips = append(ips, ip)
+			}
+		default:
+			return nil, fmt.Errorf("invalid ip version %d", ipv)
+		}
+	}
+
+	return ips, nil
+}
+
+// IfaceDNSIPAddrs returns IP addresses of the interface suitable to send to
+// clients as DNS addresses.  If err is nil, addrs contains either no addresses
+// or at least two.
+//
+// It makes up to maxAttempts attempts to get the addresses if there are none,
+// each time using the provided backoff.  Sometimes an interface needs a few
+// seconds to really ititialize.
+//
+// See https://github.com/AdguardTeam/AdGuardHome/issues/2304.
+func IfaceDNSIPAddrs(
+	iface NetIface,
+	ipv IPVersion,
+	maxAttempts int,
+	backoff time.Duration,
+) (addrs []net.IP, err error) {
+	var n int
+	for n = 1; n <= maxAttempts; n++ {
+		addrs, err = IfaceIPAddrs(iface, ipv)
+		if err != nil {
+			return nil, fmt.Errorf("getting ip addrs: %w", err)
+		}
+
+		if len(addrs) > 0 {
+			break
+		}
+
+		log.Debug("dhcpv%d: attempt %d: no ip addresses", ipv, n)
+
+		time.Sleep(backoff)
+	}
+
+	switch len(addrs) {
+	case 0:
+		// Don't return errors in case the users want to try and enable
+		// the DHCP server later.
+		t := time.Duration(n) * backoff
+		log.Error("dhcpv%d: no ip for iface after %d attempts and %s", ipv, n, t)
+
+		return nil, nil
+	case 1:
+		// Some Android devices use 8.8.8.8 if there is not a secondary
+		// DNS server.  Fix that by setting the secondary DNS address to
+		// the same address.
+		//
+		// See https://github.com/AdguardTeam/AdGuardHome/issues/1708.
+		log.Debug("dhcpv%d: setting secondary dns ip to itself", ipv)
+		addrs = append(addrs, addrs[0])
+	default:
+		// Go on.
+	}
+
+	log.Debug("dhcpv%d: got addresses %s after %d attempts", ipv, addrs, n)
+
+	return addrs, nil
+}

internal/aghnet/interfaces_linux.go

@@ -0,0 +1,24 @@
+//go:build linux
+// +build linux
+
+package aghnet
+
+import (
+	"net"
+
+	"github.com/AdguardTeam/golibs/netutil"
+	"github.com/insomniacslk/dhcp/dhcpv4/nclient4"
+)
+
+// listenPacketReusable announces on the local network address additionally
+// configuring the socket to have a reusable binding.
+func listenPacketReusable(ifaceName, network, address string) (c net.PacketConn, err error) {
+	var port int
+	_, port, err = netutil.SplitHostPort(address)
+	if err != nil {
+		return nil, err
+	}
+
+	// TODO(e.burkov):  Inspect nclient4.NewRawUDPConn and implement here.
+	return nclient4.NewRawUDPConn(ifaceName, port)
+}

internal/aghnet/interfaces_test.go

@@ -1,4 +1,4 @@
-package dhcpd
+package aghnet
 
 import (
 	"net"
@@ -14,7 +14,7 @@ type fakeIface struct {
 	err   error
 }
 
-// Addrs implements the netIface interface for *fakeIface.
+// Addrs implements the NetIface interface for *fakeIface.
 func (iface *fakeIface) Addrs() (addrs []net.Addr, err error) {
 	if iface.err != nil {
 		return nil, iface.err
@@ -34,51 +34,51 @@ func TestIfaceIPAddrs(t *testing.T) {
 
 	testCases := []struct {
 		name    string
-		iface   netIface
-		ipv     ipVersion
+		iface   NetIface
+		ipv     IPVersion
 		want    []net.IP
 		wantErr error
 	}{{
 		name:    "ipv4_success",
 		iface:   &fakeIface{addrs: []net.Addr{addr4}, err: nil},
-		ipv:     ipVersion4,
+		ipv:     IPVersion4,
 		want:    []net.IP{ip4},
 		wantErr: nil,
 	}, {
 		name:    "ipv4_success_with_ipv6",
 		iface:   &fakeIface{addrs: []net.Addr{addr6, addr4}, err: nil},
-		ipv:     ipVersion4,
+		ipv:     IPVersion4,
 		want:    []net.IP{ip4},
 		wantErr: nil,
 	}, {
 		name:    "ipv4_error",
 		iface:   &fakeIface{addrs: []net.Addr{addr4}, err: errTest},
-		ipv:     ipVersion4,
+		ipv:     IPVersion4,
 		want:    nil,
 		wantErr: errTest,
 	}, {
 		name:    "ipv6_success",
 		iface:   &fakeIface{addrs: []net.Addr{addr6}, err: nil},
-		ipv:     ipVersion6,
+		ipv:     IPVersion6,
 		want:    []net.IP{ip6},
 		wantErr: nil,
 	}, {
 		name:    "ipv6_success_with_ipv4",
 		iface:   &fakeIface{addrs: []net.Addr{addr6, addr4}, err: nil},
-		ipv:     ipVersion6,
+		ipv:     IPVersion6,
 		want:    []net.IP{ip6},
 		wantErr: nil,
 	}, {
 		name:    "ipv6_error",
 		iface:   &fakeIface{addrs: []net.Addr{addr6}, err: errTest},
-		ipv:     ipVersion6,
+		ipv:     IPVersion6,
 		want:    nil,
 		wantErr: errTest,
 	}}
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			got, gotErr := ifaceIPAddrs(tc.iface, tc.ipv)
+			got, gotErr := IfaceIPAddrs(tc.iface, tc.ipv)
 			require.True(t, errors.Is(gotErr, tc.wantErr))
 			assert.Equal(t, tc.want, got)
 		})
@@ -91,7 +91,7 @@ type waitingFakeIface struct {
 	n     int
 }
 
-// Addrs implements the netIface interface for *waitingFakeIface.
+// Addrs implements the NetIface interface for *waitingFakeIface.
 func (iface *waitingFakeIface) Addrs() (addrs []net.Addr, err error) {
 	if iface.err != nil {
 		return nil, iface.err
@@ -117,63 +117,63 @@ func TestIfaceDNSIPAddrs(t *testing.T) {
 
 	testCases := []struct {
 		name    string
-		iface   netIface
-		ipv     ipVersion
+		iface   NetIface
+		ipv     IPVersion
 		want    []net.IP
 		wantErr error
 	}{{
 		name:    "ipv4_success",
 		iface:   &fakeIface{addrs: []net.Addr{addr4}, err: nil},
-		ipv:     ipVersion4,
+		ipv:     IPVersion4,
 		want:    []net.IP{ip4, ip4},
 		wantErr: nil,
 	}, {
 		name:    "ipv4_success_with_ipv6",
 		iface:   &fakeIface{addrs: []net.Addr{addr6, addr4}, err: nil},
-		ipv:     ipVersion4,
+		ipv:     IPVersion4,
 		want:    []net.IP{ip4, ip4},
 		wantErr: nil,
 	}, {
 		name:    "ipv4_error",
 		iface:   &fakeIface{addrs: []net.Addr{addr4}, err: errTest},
-		ipv:     ipVersion4,
+		ipv:     IPVersion4,
 		want:    nil,
 		wantErr: errTest,
 	}, {
 		name:    "ipv4_wait",
 		iface:   &waitingFakeIface{addrs: []net.Addr{addr4}, err: nil, n: 1},
-		ipv:     ipVersion4,
+		ipv:     IPVersion4,
 		want:    []net.IP{ip4, ip4},
 		wantErr: nil,
 	}, {
 		name:    "ipv6_success",
 		iface:   &fakeIface{addrs: []net.Addr{addr6}, err: nil},
-		ipv:     ipVersion6,
+		ipv:     IPVersion6,
 		want:    []net.IP{ip6, ip6},
 		wantErr: nil,
 	}, {
 		name:    "ipv6_success_with_ipv4",
 		iface:   &fakeIface{addrs: []net.Addr{addr6, addr4}, err: nil},
-		ipv:     ipVersion6,
+		ipv:     IPVersion6,
 		want:    []net.IP{ip6, ip6},
 		wantErr: nil,
 	}, {
 		name:    "ipv6_error",
 		iface:   &fakeIface{addrs: []net.Addr{addr6}, err: errTest},
-		ipv:     ipVersion6,
+		ipv:     IPVersion6,
 		want:    nil,
 		wantErr: errTest,
 	}, {
 		name:    "ipv6_wait",
 		iface:   &waitingFakeIface{addrs: []net.Addr{addr6}, err: nil, n: 1},
-		ipv:     ipVersion6,
+		ipv:     IPVersion6,
 		want:    []net.IP{ip6, ip6},
 		wantErr: nil,
 	}}
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			got, gotErr := ifaceDNSIPAddrs(tc.iface, tc.ipv, 2, 0)
+			got, gotErr := IfaceDNSIPAddrs(tc.iface, tc.ipv, 2, 0)
 			require.True(t, errors.Is(gotErr, tc.wantErr))
 			assert.Equal(t, tc.want, got)
 		})

internal/aghnet/interfaces_unix.go

@@ -0,0 +1,51 @@
+//go:build aix || darwin || dragonfly || freebsd || netbsd || openbsd || solaris
+// +build aix darwin dragonfly freebsd netbsd openbsd solaris
+
+package aghnet
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"os"
+	"syscall"
+
+	"github.com/AdguardTeam/golibs/errors"
+	"golang.org/x/sys/unix"
+)
+
+// reuseAddrCtrl is the function to be set to net.ListenConfig.Control.  It
+// configures the socket to have a reusable port binding.
+func reuseAddrCtrl(_, _ string, c syscall.RawConn) (err error) {
+	cerr := c.Control(func(fd uintptr) {
+		// TODO(e.burkov):  Consider using SO_REUSEPORT.
+		err = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_REUSEADDR, 1)
+		if err != nil {
+			err = os.NewSyscallError("setsockopt", err)
+		}
+	})
+
+	const (
+		errMsg    = "setting control options"
+		errMsgFmt = errMsg + ": %w"
+	)
+
+	if err != nil && cerr != nil {
+		err = errors.List(errMsg, err, cerr)
+	} else if err != nil {
+		err = fmt.Errorf(errMsgFmt, err)
+	} else if cerr != nil {
+		err = fmt.Errorf(errMsgFmt, cerr)
+	}
+
+	return err
+}
+
+// listenPacketReusable announces on the local network address additionally
+// configuring the socket to have a reusable binding.
+func listenPacketReusable(_, network, address string) (c net.PacketConn, err error) {
+	var lc net.ListenConfig
+	lc.Control = reuseAddrCtrl
+
+	return lc.ListenPacket(context.Background(), network, address)
+}

internal/aghnet/interfaces_windows.go

@@ -0,0 +1,18 @@
+//go:build windows
+// +build windows
+
+package aghnet
+
+import (
+	"net"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
+)
+
+// listenPacketReusable announces on the local network address additionally
+// configuring the socket to have a reusable binding.
+func listenPacketReusable(_, _, _ string) (c net.PacketConn, err error) {
+	// TODO(e.burkov):  Check if we are able to control sockets on Windows
+	// in the same way as on Unix.
+	return nil, aghos.Unsupported("listening packet reusable")
+}

internal/aghnet/ipmap.go

@@ -1,117 +0,0 @@
-package aghnet
-
-import (
-	"fmt"
-	"net"
-)
-
-// ipArr is a representation of an IP address as an array of bytes.
-type ipArr [16]byte
-
-// String implements the fmt.Stringer interface for ipArr.
-func (a ipArr) String() (s string) {
-	return net.IP(a[:]).String()
-}
-
-// IPMap is a map of IP addresses.
-type IPMap struct {
-	m map[ipArr]interface{}
-}
-
-// NewIPMap returns a new empty IP map using hint as a size hint for the
-// underlying map.
-func NewIPMap(hint int) (m *IPMap) {
-	return &IPMap{
-		m: make(map[ipArr]interface{}, hint),
-	}
-}
-
-// ipToArr converts a net.IP into an ipArr.
-//
-// TODO(a.garipov): Use the slice-to-array conversion in Go 1.17.
-func ipToArr(ip net.IP) (a ipArr) {
-	copy(a[:], ip.To16())
-
-	return a
-}
-
-// Del deletes ip from the map.  Calling Del on a nil *IPMap has no effect, just
-// like delete on an empty map doesn't.
-func (m *IPMap) Del(ip net.IP) {
-	if m != nil {
-		delete(m.m, ipToArr(ip))
-	}
-}
-
-// Get returns the value from the map.  Calling Get on a nil *IPMap returns nil
-// and false, just like indexing on an empty map does.
-func (m *IPMap) Get(ip net.IP) (v interface{}, ok bool) {
-	if m != nil {
-		v, ok = m.m[ipToArr(ip)]
-
-		return v, ok
-	}
-
-	return nil, false
-}
-
-// Len returns the length of the map.  A nil *IPMap has a length of zero, just
-// like an empty map.
-func (m *IPMap) Len() (n int) {
-	if m == nil {
-		return 0
-	}
-
-	return len(m.m)
-}
-
-// Range calls f for each key and value present in the map in an undefined
-// order.  If cont is false, range stops the iteration.  Calling Range on a nil
-// *IPMap has no effect, just like ranging over a nil map.
-func (m *IPMap) Range(f func(ip net.IP, v interface{}) (cont bool)) {
-	if m == nil {
-		return
-	}
-
-	for k, v := range m.m {
-		// Array slicing produces a pointer, so copy the array here.
-		//
-		// See https://github.com/AdguardTeam/AdGuardHome/issues/3346
-		// as well as https://github.com/kyoh86/looppointer/issues/9.
-		k := k
-		if !f(net.IP(k[:]), v) {
-			break
-		}
-	}
-}
-
-// Set sets the value.  Set panics if the m is a nil *IPMap, just like a nil map
-// does.
-func (m *IPMap) Set(ip net.IP, v interface{}) {
-	m.m[ipToArr(ip)] = v
-}
-
-// ShallowClone returns a shallow clone of the map.
-func (m *IPMap) ShallowClone() (sclone *IPMap) {
-	if m == nil {
-		return nil
-	}
-
-	sclone = NewIPMap(m.Len())
-	m.Range(func(ip net.IP, v interface{}) (cont bool) {
-		sclone.Set(ip, v)
-
-		return true
-	})
-
-	return sclone
-}
-
-// String implements the fmt.Stringer interface for *IPMap.
-func (m *IPMap) String() (s string) {
-	if m == nil {
-		return "<nil>"
-	}
-
-	return fmt.Sprint(m.m)
-}

internal/aghnet/ipmap_test.go

@@ -1,142 +0,0 @@
-package aghnet
-
-import (
-	"net"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestIPMap_allocs(t *testing.T) {
-	ip4 := net.IP{1, 2, 3, 4}
-	m := NewIPMap(0)
-	m.Set(ip4, 42)
-
-	t.Run("get", func(t *testing.T) {
-		var v interface{}
-		var ok bool
-		allocs := testing.AllocsPerRun(100, func() {
-			v, ok = m.Get(ip4)
-		})
-
-		require.True(t, ok)
-		require.Equal(t, 42, v)
-
-		assert.Equal(t, float64(0), allocs)
-	})
-
-	t.Run("len", func(t *testing.T) {
-		var n int
-		allocs := testing.AllocsPerRun(100, func() {
-			n = m.Len()
-		})
-
-		require.Equal(t, 1, n)
-
-		assert.Equal(t, float64(0), allocs)
-	})
-}
-
-func TestIPMap(t *testing.T) {
-	ip4 := net.IP{1, 2, 3, 4}
-	ip6 := net.IP{
-		0x12, 0x34, 0x00, 0x00,
-		0x00, 0x00, 0x00, 0x00,
-		0x00, 0x00, 0x00, 0x00,
-		0x00, 0x00, 0x56, 0x78,
-	}
-
-	val := 42
-
-	t.Run("nil", func(t *testing.T) {
-		var m *IPMap
-
-		assert.NotPanics(t, func() {
-			m.Del(ip4)
-			m.Del(ip6)
-		})
-
-		assert.NotPanics(t, func() {
-			v, ok := m.Get(ip4)
-			assert.Nil(t, v)
-			assert.False(t, ok)
-
-			v, ok = m.Get(ip6)
-			assert.Nil(t, v)
-			assert.False(t, ok)
-		})
-
-		assert.NotPanics(t, func() {
-			assert.Equal(t, 0, m.Len())
-		})
-
-		assert.NotPanics(t, func() {
-			n := 0
-			m.Range(func(_ net.IP, _ interface{}) (cont bool) {
-				n++
-
-				return true
-			})
-
-			assert.Equal(t, 0, n)
-		})
-
-		assert.Panics(t, func() {
-			m.Set(ip4, val)
-		})
-
-		assert.Panics(t, func() {
-			m.Set(ip6, val)
-		})
-
-		assert.NotPanics(t, func() {
-			sclone := m.ShallowClone()
-			assert.Nil(t, sclone)
-		})
-	})
-
-	testIPMap := func(t *testing.T, ip net.IP, s string) {
-		m := NewIPMap(0)
-		assert.Equal(t, 0, m.Len())
-
-		v, ok := m.Get(ip)
-		assert.Nil(t, v)
-		assert.False(t, ok)
-
-		m.Set(ip, val)
-		v, ok = m.Get(ip)
-		assert.Equal(t, val, v)
-		assert.True(t, ok)
-
-		n := 0
-		m.Range(func(ipKey net.IP, v interface{}) (cont bool) {
-			assert.Equal(t, ip.To16(), ipKey)
-			assert.Equal(t, val, v)
-
-			n++
-
-			return false
-		})
-		assert.Equal(t, 1, n)
-
-		sclone := m.ShallowClone()
-		assert.Equal(t, m, sclone)
-
-		assert.Equal(t, s, m.String())
-
-		m.Del(ip)
-		v, ok = m.Get(ip)
-		assert.Nil(t, v)
-		assert.False(t, ok)
-		assert.Equal(t, 0, m.Len())
-	}
-
-	t.Run("ipv4", func(t *testing.T) {
-		testIPMap(t, ip4, "map[1.2.3.4:42]")
-	})
-
-	t.Run("ipv6", func(t *testing.T) {
-		testIPMap(t, ip6, "map[1234::5678:42]")
-	})
-}

internal/aghnet/net.go

@@ -8,14 +8,13 @@ import (
 	"os"
 	"os/exec"
 	"runtime"
-	"strconv"
 	"strings"
 	"syscall"
 	"time"
 
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
-	"github.com/AdguardTeam/golibs/stringutil"
+	"github.com/AdguardTeam/golibs/netutil"
 )
 
 // ErrNoStaticIPInfo is returned by IfaceHasStaticIP when no information about
@@ -79,14 +78,14 @@ func CanBindPrivilegedPorts() (can bool, err error) {
 
 // NetInterface represents an entry of network interfaces map.
 type NetInterface struct {
-	MTU          int              `json:"mtu"`
+	// Addresses are the network interface addresses.
+	Addresses []net.IP `json:"ip_addresses,omitempty"`
+	// Subnets are the IP networks for this network interface.
+	Subnets      []*net.IPNet     `json:"-"`
 	Name         string           `json:"name"`
 	HardwareAddr net.HardwareAddr `json:"hardware_address"`
 	Flags        net.Flags        `json:"flags"`
-	// Array with the network interface addresses.
-	Addresses []net.IP `json:"ip_addresses,omitempty"`
-	// Array with IP networks for this network interface.
-	Subnets []*net.IPNet `json:"-"`
+	MTU          int              `json:"mtu"`
 }
 
 // MarshalJSON implements the json.Marshaler interface for NetInterface.
@@ -192,7 +191,7 @@ func GetSubnet(ifaceName string) *net.IPNet {
 
 // CheckPortAvailable - check if TCP port is available
 func CheckPortAvailable(host net.IP, port int) error {
-	ln, err := net.Listen("tcp", JoinHostPort(host.String(), port))
+	ln, err := net.Listen("tcp", netutil.JoinHostPort(host.String(), port))
 	if err != nil {
 		return err
 	}
@@ -206,7 +205,7 @@ func CheckPortAvailable(host net.IP, port int) error {
 
 // CheckPacketPortAvailable - check if UDP port is available
 func CheckPacketPortAvailable(host net.IP, port int) error {
-	ln, err := net.ListenPacket("udp", JoinHostPort(host.String(), port))
+	ln, err := net.ListenPacket("udp", netutil.JoinHostPort(host.String(), port))
 	if err != nil {
 		return err
 	}
@@ -265,141 +264,6 @@ func SplitHost(hostport string) (host string, err error) {
 	return host, nil
 }
 
-// TODO(e.burkov): Inspect the charToHex, ipParseARPA6, ipReverse and
-// UnreverseAddr and maybe refactor it.
-
-// charToHex converts character to a hexadecimal.
-func charToHex(n byte) int8 {
-	if n >= '0' && n <= '9' {
-		return int8(n) - '0'
-	} else if (n|0x20) >= 'a' && (n|0x20) <= 'f' {
-		return (int8(n) | 0x20) - 'a' + 10
-	}
-	return -1
-}
-
-// ipParseARPA6 parse IPv6 reverse address
-func ipParseARPA6(s string) (ip6 net.IP) {
-	if len(s) != 63 {
-		return nil
-	}
-
-	ip6 = make(net.IP, 16)
-
-	for i := 0; i != 64; i += 4 {
-		// parse "0.1."
-		n := charToHex(s[i])
-		n2 := charToHex(s[i+2])
-		if s[i+1] != '.' || (i != 60 && s[i+3] != '.') ||
-			n < 0 || n2 < 0 {
-			return nil
-		}
-
-		ip6[16-i/4-1] = byte(n2<<4) | byte(n&0x0f)
-	}
-	return ip6
-}
-
-// ipReverse inverts byte order of ip.
-func ipReverse(ip net.IP) (rev net.IP) {
-	ipLen := len(ip)
-	rev = make(net.IP, ipLen)
-	for i, b := range ip {
-		rev[ipLen-i-1] = b
-	}
-
-	return rev
-}
-
-// ARPA addresses' suffixes.
-const (
-	arpaV4Suffix = ".in-addr.arpa"
-	arpaV6Suffix = ".ip6.arpa"
-)
-
-// UnreverseAddr tries to convert reversed ARPA to a normal IP address.
-func UnreverseAddr(arpa string) (unreversed net.IP) {
-	// Unify the input data.
-	arpa = strings.TrimSuffix(arpa, ".")
-	arpa = strings.ToLower(arpa)
-
-	if strings.HasSuffix(arpa, arpaV4Suffix) {
-		ip := strings.TrimSuffix(arpa, arpaV4Suffix)
-		ip4 := net.ParseIP(ip).To4()
-		if ip4 == nil {
-			return nil
-		}
-
-		return ipReverse(ip4)
-
-	} else if strings.HasSuffix(arpa, arpaV6Suffix) {
-		ip := strings.TrimSuffix(arpa, arpaV6Suffix)
-		return ipParseARPA6(ip)
-	}
-
-	// The suffix unrecognizable.
-	return nil
-}
-
-// The length of extreme cases of arpa formatted addresses.
-//
-// The example of IPv4 with maximum length:
-//
-//   49.91.20.104.in-addr.arpa
-//
-// The example of IPv6 with maximum length:
-//
-//   1.3.b.5.4.1.8.6.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.7.4.6.0.6.2.ip6.arpa
-//
-const (
-	arpaV4MaxLen = len("000.000.000.000") + len(arpaV4Suffix)
-	arpaV6MaxLen = len("0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0") +
-		len(arpaV6Suffix)
-)
-
-// ReverseAddr returns the ARPA hostname of the ip suitable for reverse DNS
-// (PTR) record lookups.  This is the modified version of ReverseAddr from
-// github.com/miekg/dns package with no error among returned values.
-func ReverseAddr(ip net.IP) (arpa string) {
-	const dot = "."
-
-	var strLen int
-	var suffix string
-	var writeByte func(val byte)
-	b := &strings.Builder{}
-	if ip4 := ip.To4(); ip4 != nil {
-		strLen, suffix = arpaV4MaxLen, arpaV4Suffix[1:]
-		ip = ip4
-		writeByte = func(val byte) {
-			stringutil.WriteToBuilder(b, strconv.Itoa(int(val)), dot)
-		}
-
-	} else if ip6 := ip.To16(); ip6 != nil {
-		strLen, suffix = arpaV6MaxLen, arpaV6Suffix[1:]
-		ip = ip6
-		writeByte = func(val byte) {
-			stringutil.WriteToBuilder(
-				b,
-				strconv.FormatUint(uint64(val&0xF), 16),
-				dot,
-				strconv.FormatUint(uint64(val>>4), 16),
-				dot,
-			)
-		}
-
-	} else {
-		return ""
-	}
-
-	b.Grow(strLen)
-	for i := len(ip) - 1; i >= 0; i-- {
-		writeByte(ip[i])
-	}
-	stringutil.WriteToBuilder(b, suffix)
-
-	return b.String()
-}
-
 // CollectAllIfacesAddrs returns the slice of all network interfaces IP
 // addresses without port number.
 func CollectAllIfacesAddrs() (addrs []string, err error) {
@@ -430,3 +294,19 @@ func CollectAllIfacesAddrs() (addrs []string, err error) {
 
 	return addrs, nil
 }
+
+// BroadcastFromIPNet calculates the broadcast IP address for n.
+func BroadcastFromIPNet(n *net.IPNet) (dc net.IP) {
+	dc = netutil.CloneIP(n.IP)
+
+	mask := n.Mask
+	if mask == nil {
+		mask = dc.DefaultMask()
+	}
+
+	for i, b := range mask {
+		dc[i] |= ^b
+	}
+
+	return dc
+}

internal/aghnet/net_darwin.go

@@ -48,9 +48,14 @@ func getCurrentHardwarePortInfo(ifaceName string) (hardwarePortInfo, error) {
 	return getHardwarePortInfo(hardwarePort)
 }
 
-// getNetworkSetupHardwareReports parses the output of the `networksetup -listallhardwareports` command
-// it returns a map where the key is the interface name, and the value is the "hardware port"
-// returns nil if it fails to parse the output
+// getNetworkSetupHardwareReports parses the output of the `networksetup
+// -listallhardwareports` command it returns a map where the key is the
+// interface name, and the value is the "hardware port" returns nil if it fails
+// to parse the output
+//
+// TODO(e.burkov):  There should be more proper approach than parsing the
+// command output.  For example, see
+// https://developer.apple.com/documentation/systemconfiguration.
 func getNetworkSetupHardwareReports() map[string]string {
 	_, out, err := aghos.RunCommand("networksetup", "-listallhardwareports")
 	if err != nil {

internal/aghnet/net_freebsd.go

@@ -8,69 +8,47 @@ import (
 	"fmt"
 	"io"
 	"net"
-	"os"
 	"strings"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghio"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-	"github.com/AdguardTeam/golibs/errors"
 )
 
 func canBindPrivilegedPorts() (can bool, err error) {
 	return aghos.HaveAdminRights()
 }
 
-// maxCheckedFileSize is the maximum acceptable length of the /etc/rc.conf file.
-const maxCheckedFileSize = 1024 * 1024
-
 func ifaceHasStaticIP(ifaceName string) (ok bool, err error) {
 	const filename = "/etc/rc.conf"
 
-	var f *os.File
-	f, err = os.Open(filename)
-	if err != nil {
-		return false, err
-	}
-	defer func() { err = errors.WithDeferred(err, f.Close()) }()
-
-	var r io.Reader
-	r, err = aghio.LimitReader(f, maxCheckedFileSize)
-	if err != nil {
-		return false, err
-	}
-
-	return rcConfStaticConfig(r, ifaceName)
+	return aghos.FileWalker(interfaceName(ifaceName).rcConfStaticConfig).Walk(filename)
 }
 
 // rcConfStaticConfig checks if the interface is configured by /etc/rc.conf to
 // have a static IP.
-func rcConfStaticConfig(r io.Reader, ifaceName string) (has bool, err error) {
+func (n interfaceName) rcConfStaticConfig(r io.Reader) (_ []string, cont bool, err error) {
 	s := bufio.NewScanner(r)
-	for ifaceLinePref := fmt.Sprintf("ifconfig_%s", ifaceName); s.Scan(); {
+	for pref := fmt.Sprintf("ifconfig_%s=", n); s.Scan(); {
 		line := strings.TrimSpace(s.Text())
-		if !strings.HasPrefix(line, ifaceLinePref) {
+		if !strings.HasPrefix(line, pref) {
 			continue
 		}
 
-		eqIdx := len(ifaceLinePref)
-		if line[eqIdx] != '=' {
+		cfgLeft, cfgRight := len(pref)+1, len(line)-1
+		if cfgLeft >= cfgRight {
 			continue
 		}
 
-		fieldsStart, fieldsEnd := eqIdx+2, len(line)-1
-		if fieldsStart >= fieldsEnd {
-			continue
-		}
-
-		fields := strings.Fields(line[fieldsStart:fieldsEnd])
+		// TODO(e.burkov):  Expand the check to cover possible
+		// configurations from man rc.conf(5).
+		fields := strings.Fields(line[cfgLeft:cfgRight])
 		if len(fields) >= 2 &&
-			strings.ToLower(fields[0]) == "inet" &&
+			strings.EqualFold(fields[0], "inet") &&
 			net.ParseIP(fields[1]) != nil {
-			return true, s.Err()
+			return nil, false, s.Err()
 		}
 	}
 
-	return false, s.Err()
+	return nil, true, s.Err()
 }
 
 func ifaceSetStaticIP(string) (err error) {

internal/aghnet/net_freebsd_test.go

@@ -12,49 +12,48 @@ import (
 )
 
 func TestRcConfStaticConfig(t *testing.T) {
-	const ifaceName = `em0`
+	const iface interfaceName = `em0`
 	const nl = "\n"
 
 	testCases := []struct {
 		name       string
 		rcconfData string
-		wantHas    bool
+		wantCont   bool
 	}{{
 		name:       "simple",
 		rcconfData: `ifconfig_em0="inet 127.0.0.253 netmask 0xffffffff"` + nl,
-		wantHas:    true,
+		wantCont:   false,
 	}, {
 		name:       "case_insensitiveness",
 		rcconfData: `ifconfig_em0="InEt 127.0.0.253 NeTmAsK 0xffffffff"` + nl,
-		wantHas:    true,
+		wantCont:   false,
 	}, {
 		name: "comments_and_trash",
 		rcconfData: `# comment 1` + nl +
 			`` + nl +
 			`# comment 2` + nl +
 			`ifconfig_em0="inet 127.0.0.253 netmask 0xffffffff"` + nl,
-		wantHas: true,
+		wantCont: false,
 	}, {
 		name: "aliases",
 		rcconfData: `ifconfig_em0_alias="inet 127.0.0.1/24"` + nl +
 			`ifconfig_em0="inet 127.0.0.253 netmask 0xffffffff"` + nl,
-		wantHas: true,
+		wantCont: false,
 	}, {
 		name: "incorrect_config",
 		rcconfData: `ifconfig_em0="inet6 127.0.0.253 netmask 0xffffffff"` + nl +
-			`ifconfig_em0="inet 127.0.0.253 net-mask 0xffffffff"` + nl +
 			`ifconfig_em0="inet 256.256.256.256 netmask 0xffffffff"` + nl +
 			`ifconfig_em0=""` + nl,
-		wantHas: false,
+		wantCont: true,
 	}}
 
 	for _, tc := range testCases {
 		r := strings.NewReader(tc.rcconfData)
 		t.Run(tc.name, func(t *testing.T) {
-			has, err := rcConfStaticConfig(r, ifaceName)
+			_, cont, err := iface.rcConfStaticConfig(r)
 			require.NoError(t, err)
 
-			assert.Equal(t, tc.wantHas, has)
+			assert.Equal(t, tc.wantCont, cont)
 		})
 	}
 }

internal/aghnet/net_linux.go

@@ -9,131 +9,72 @@ import (
 	"io"
 	"net"
 	"os"
-	"path/filepath"
 	"strings"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghio"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/google/renameio/maybe"
 	"golang.org/x/sys/unix"
 )
 
-// recurrentChecker is used to check all the files which may include references
-// for other ones.
-type recurrentChecker struct {
-	// checker is the function to check if r's stream contains the desired
-	// attribute.  It must return all the patterns for files which should
-	// also be checked and each of them should be valid for filepath.Glob
-	// function.
-	checker func(r io.Reader, desired string) (patterns []string, has bool, err error)
-	// initPath is the path of the first member in the sequence of checked
-	// files.
-	initPath string
+// dhcpcdStaticConfig checks if interface is configured by /etc/dhcpcd.conf to
+// have a static IP.
+func (n interfaceName) dhcpcdStaticConfig(r io.Reader) (subsources []string, cont bool, err error) {
+	s := bufio.NewScanner(r)
+	ifaceFound := findIfaceLine(s, string(n))
+	if !ifaceFound {
+		return nil, true, s.Err()
+	}
+
+	for s.Scan() {
+		line := strings.TrimSpace(s.Text())
+		fields := strings.Fields(line)
+		if len(fields) >= 2 &&
+			fields[0] == "static" &&
+			strings.HasPrefix(fields[1], "ip_address=") {
+			return nil, false, s.Err()
+		}
+
+		if len(fields) > 0 && fields[0] == "interface" {
+			// Another interface found.
+			break
+		}
+	}
+
+	return nil, true, s.Err()
 }
 
-// maxCheckedFileSize is the maximum length of the file that recurrentChecker
-// may check.
-const maxCheckedFileSize = 1024 * 1024
-
-// checkFile tries to open and to check single file located on the sourcePath.
-func (rc *recurrentChecker) checkFile(sourcePath, desired string) (
-	subsources []string,
-	has bool,
-	err error,
-) {
-	var f *os.File
-	f, err = os.Open(sourcePath)
-	if err != nil {
-		return nil, false, err
-	}
-
-	defer func() { err = errors.WithDeferred(err, f.Close()) }()
-
-	var r io.Reader
-	r, err = aghio.LimitReader(f, maxCheckedFileSize)
-	if err != nil {
-		return nil, false, err
-	}
-
-	subsources, has, err = rc.checker(r, desired)
-	if err != nil {
-		return nil, false, err
-	}
-
-	if has {
-		return nil, true, nil
-	}
-
-	return subsources, has, nil
-}
-
-// handlePatterns parses the patterns and takes care of duplicates.
-func (rc *recurrentChecker) handlePatterns(sourcesSet *stringutil.Set, patterns []string) (
-	subsources []string,
-	err error,
-) {
-	subsources = make([]string, 0, len(patterns))
-	for _, p := range patterns {
-		var matches []string
-		matches, err = filepath.Glob(p)
-		if err != nil {
-			return nil, fmt.Errorf("invalid pattern %q: %w", p, err)
+// ifacesStaticConfig checks if the interface is configured by any file of
+// /etc/network/interfaces format to have a static IP.
+func (n interfaceName) ifacesStaticConfig(r io.Reader) (sub []string, cont bool, err error) {
+	s := bufio.NewScanner(r)
+	for s.Scan() {
+		line := strings.TrimSpace(s.Text())
+		if len(line) == 0 || line[0] == '#' {
+			continue
 		}
 
-		for _, m := range matches {
-			if sourcesSet.Has(m) {
-				continue
-			}
+		// TODO(e.burkov): As man page interfaces(5) says, a line may be
+		// extended across multiple lines by making the last character a
+		// backslash.  Provide extended lines support.
 
-			sourcesSet.Add(m)
-			subsources = append(subsources, m)
+		fields := strings.Fields(line)
+		fieldsNum := len(fields)
+
+		// Man page interfaces(5) declares that interface definition
+		// should consist of the key word "iface" followed by interface
+		// name, and method at fourth field.
+		if fieldsNum >= 4 &&
+			fields[0] == "iface" && fields[1] == string(n) && fields[3] == "static" {
+			return nil, false, nil
+		}
+
+		if fieldsNum >= 2 && fields[0] == "source" {
+			sub = append(sub, fields[1])
 		}
 	}
 
-	return subsources, nil
-}
-
-// check walks through all the files searching for the desired attribute.
-func (rc *recurrentChecker) check(desired string) (has bool, err error) {
-	var i int
-	sources := []string{rc.initPath}
-
-	defer func() {
-		if i >= len(sources) {
-			return
-		}
-
-		err = errors.Annotate(err, "checking %q: %w", sources[i])
-	}()
-
-	var patterns, subsources []string
-	// The slice of sources is separate from the set of sources to keep the
-	// order in which the files are walked.
-	for sourcesSet := stringutil.NewSet(rc.initPath); i < len(sources); i++ {
-		patterns, has, err = rc.checkFile(sources[i], desired)
-		if err != nil {
-			if errors.Is(err, os.ErrNotExist) {
-				continue
-			}
-
-			return false, err
-		}
-
-		if has {
-			return true, nil
-		}
-
-		subsources, err = rc.handlePatterns(sourcesSet, patterns)
-		if err != nil {
-			return false, err
-		}
-
-		sources = append(sources, subsources...)
-	}
-
-	return false, nil
+	return sub, true, s.Err()
 }
 
 func ifaceHasStaticIP(ifaceName string) (has bool, err error) {
@@ -142,14 +83,19 @@ func ifaceHasStaticIP(ifaceName string) (has bool, err error) {
 	// /etc/network/interfaces doesn't, it will return true.  Perhaps this
 	// is not the most desirable behavior.
 
-	for _, rc := range []*recurrentChecker{{
-		checker:  dhcpcdStaticConfig,
-		initPath: "/etc/dhcpcd.conf",
+	iface := interfaceName(ifaceName)
+
+	for _, pair := range []struct {
+		aghos.FileWalker
+		filename string
+	}{{
+		FileWalker: iface.dhcpcdStaticConfig,
+		filename:   "/etc/dhcpcd.conf",
 	}, {
-		checker:  ifacesStaticConfig,
-		initPath: "/etc/network/interfaces",
+		FileWalker: iface.ifacesStaticConfig,
+		filename:   "/etc/network/interfaces",
 	}} {
-		has, err = rc.check(ifaceName)
+		has, err = pair.Walk(pair.filename)
 		if err != nil {
 			return false, err
 		}
@@ -184,67 +130,6 @@ func findIfaceLine(s *bufio.Scanner, name string) (ok bool) {
 	return false
 }
 
-// dhcpcdStaticConfig checks if interface is configured by /etc/dhcpcd.conf to
-// have a static IP.
-func dhcpcdStaticConfig(r io.Reader, ifaceName string) (subsources []string, has bool, err error) {
-	s := bufio.NewScanner(r)
-	ifaceFound := findIfaceLine(s, ifaceName)
-	if !ifaceFound {
-		return nil, false, s.Err()
-	}
-
-	for s.Scan() {
-		line := strings.TrimSpace(s.Text())
-		fields := strings.Fields(line)
-		if len(fields) >= 2 &&
-			fields[0] == "static" &&
-			strings.HasPrefix(fields[1], "ip_address=") {
-			return nil, true, s.Err()
-		}
-
-		if len(fields) > 0 && fields[0] == "interface" {
-			// Another interface found.
-			break
-		}
-	}
-
-	return nil, false, s.Err()
-}
-
-// ifacesStaticConfig checks if the interface is configured by any file of
-// /etc/network/interfaces format to have a static IP.
-func ifacesStaticConfig(r io.Reader, ifaceName string) (subsources []string, has bool, err error) {
-	s := bufio.NewScanner(r)
-	for s.Scan() {
-		line := strings.TrimSpace(s.Text())
-		if len(line) == 0 || line[0] == '#' {
-			continue
-		}
-
-		// TODO(e.burkov): As man page interfaces(5) says, a line may be
-		// extended across multiple lines by making the last character a
-		// backslash.  Provide extended lines and "source-directory"
-		// stanzas support.
-
-		fields := strings.Fields(line)
-		fieldsNum := len(fields)
-
-		// Man page interfaces(5) declares that interface definition
-		// should consist of the key word "iface" followed by interface
-		// name, and method at fourth field.
-		if fieldsNum >= 4 &&
-			fields[0] == "iface" && fields[1] == ifaceName && fields[3] == "static" {
-			return nil, true, nil
-		}
-
-		if fieldsNum >= 2 && fields[0] == "source" {
-			subsources = append(subsources, fields[1])
-		}
-	}
-
-	return subsources, false, s.Err()
-}
-
 // ifaceSetStaticIP configures the system to retain its current IP on the
 // interface through dhcpdc.conf.
 func ifaceSetStaticIP(ifaceName string) (err error) {

internal/aghnet/net_linux_test.go

@@ -12,101 +12,90 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestRecurrentChecker(t *testing.T) {
-	c := &recurrentChecker{
-		checker:  ifacesStaticConfig,
-		initPath: "./testdata/include-subsources",
-	}
-
-	has, err := c.check("sample_name")
-	require.NoError(t, err)
-	assert.True(t, has)
-
-	has, err = c.check("another_name")
-	require.NoError(t, err)
-	assert.False(t, has)
-}
-
 const nl = "\n"
 
 func TestDHCPCDStaticConfig(t *testing.T) {
+	const iface interfaceName = `wlan0`
+
 	testCases := []struct {
-		name string
-		data []byte
-		want bool
+		name     string
+		data     []byte
+		wantCont bool
 	}{{
 		name: "has_not",
 		data: []byte(`#comment` + nl +
 			`# comment` + nl +
 			`interface eth0` + nl +
 			`static ip_address=192.168.0.1/24` + nl +
-			`# interface wlan0` + nl +
+			`# interface ` + iface + nl +
 			`static ip_address=192.168.1.1/24` + nl +
 			`# comment` + nl,
 		),
-		want: false,
+		wantCont: true,
 	}, {
 		name: "has",
 		data: []byte(`#comment` + nl +
 			`# comment` + nl +
 			`interface eth0` + nl +
 			`static ip_address=192.168.0.1/24` + nl +
-			`# interface wlan0` + nl +
+			`# interface ` + iface + nl +
 			`static ip_address=192.168.1.1/24` + nl +
 			`# comment` + nl +
-			`interface wlan0` + nl +
+			`interface ` + iface + nl +
 			`# comment` + nl +
 			`static ip_address=192.168.2.1/24` + nl,
 		),
-		want: true,
+		wantCont: false,
 	}}
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			r := bytes.NewReader(tc.data)
-			_, has, err := dhcpcdStaticConfig(r, "wlan0")
+			_, cont, err := iface.dhcpcdStaticConfig(r)
 			require.NoError(t, err)
 
-			assert.Equal(t, tc.want, has)
+			assert.Equal(t, tc.wantCont, cont)
 		})
 	}
 }
 
 func TestIfacesStaticConfig(t *testing.T) {
+	const iface interfaceName = `enp0s3`
+
 	testCases := []struct {
 		name         string
 		data         []byte
-		want         bool
+		wantCont     bool
 		wantPatterns []string
 	}{{
 		name: "has_not",
-		data: []byte(`allow-hotplug enp0s3` + nl +
+		data: []byte(`allow-hotplug ` + iface + nl +
 			`#iface enp0s3 inet static` + nl +
 			`#  address 192.168.0.200` + nl +
 			`#  netmask 255.255.255.0` + nl +
 			`#  gateway 192.168.0.1` + nl +
-			`iface enp0s3 inet dhcp` + nl,
+			`iface ` + iface + ` inet dhcp` + nl,
 		),
-		want:         false,
+		wantCont:     true,
 		wantPatterns: []string{},
 	}, {
 		name: "has",
-		data: []byte(`allow-hotplug enp0s3` + nl +
-			`iface enp0s3 inet static` + nl +
+		data: []byte(`allow-hotplug ` + iface + nl +
+			`iface ` + iface + ` inet static` + nl +
 			`  address 192.168.0.200` + nl +
 			`  netmask 255.255.255.0` + nl +
 			`  gateway 192.168.0.1` + nl +
-			`#iface enp0s3 inet dhcp` + nl,
+			`#iface ` + iface + ` inet dhcp` + nl,
 		),
-		want:         true,
+		wantCont:     false,
 		wantPatterns: []string{},
 	}, {
 		name: "return_patterns",
 		data: []byte(`source hello` + nl +
 			`source world` + nl +
-			`#iface enp0s3 inet static` + nl,
+			`#iface ` + iface + ` inet static` + nl,
 		),
-		want:         false,
+		wantCont:     true,
 		wantPatterns: []string{"hello", "world"},
 	}, {
 		// This one tests if the first found valid interface prevents
@@ -114,19 +103,19 @@ func TestIfacesStaticConfig(t *testing.T) {
 		name: "ignore_patterns",
 		data: []byte(`source hello` + nl +
 			`source world` + nl +
-			`iface enp0s3 inet static` + nl,
+			`iface ` + iface + ` inet static` + nl,
 		),
-		want:         true,
+		wantCont:     false,
 		wantPatterns: []string{},
 	}}
 
 	for _, tc := range testCases {
+		r := bytes.NewReader(tc.data)
 		t.Run(tc.name, func(t *testing.T) {
-			r := bytes.NewReader(tc.data)
-			patterns, has, err := ifacesStaticConfig(r, "enp0s3")
+			patterns, has, err := iface.ifacesStaticConfig(r)
 			require.NoError(t, err)
 
-			assert.Equal(t, tc.want, has)
+			assert.Equal(t, tc.wantCont, has)
 			assert.ElementsMatch(t, tc.wantPatterns, patterns)
 		})
 	}

internal/aghnet/net_openbsd.go

@@ -0,0 +1,43 @@
+//go:build openbsd
+// +build openbsd
+
+package aghnet
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"net"
+	"strings"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
+)
+
+func canBindPrivilegedPorts() (can bool, err error) {
+	return aghos.HaveAdminRights()
+}
+
+func ifaceHasStaticIP(ifaceName string) (ok bool, err error) {
+	filename := fmt.Sprintf("/etc/hostname.%s", ifaceName)
+
+	return aghos.FileWalker(hostnameIfStaticConfig).Walk(filename)
+}
+
+// hostnameIfStaticConfig checks if the interface is configured by
+// /etc/hostname.* to have a static IP.
+func hostnameIfStaticConfig(r io.Reader) (_ []string, ok bool, err error) {
+	s := bufio.NewScanner(r)
+	for s.Scan() {
+		line := strings.TrimSpace(s.Text())
+		fields := strings.Fields(line)
+		if len(fields) >= 2 && fields[0] == "inet" && net.ParseIP(fields[1]) != nil {
+			return nil, false, s.Err()
+		}
+	}
+
+	return nil, true, s.Err()
+}
+
+func ifaceSetStaticIP(string) (err error) {
+	return aghos.Unsupported("setting static ip")
+}

internal/aghnet/net_openbsd_test.go

@@ -0,0 +1,52 @@
+//go:build openbsd
+// +build openbsd
+
+package aghnet
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestHostnameIfStaticConfig(t *testing.T) {
+	const nl = "\n"
+
+	testCases := []struct {
+		name       string
+		rcconfData string
+		wantHas    bool
+	}{{
+		name:       "simple",
+		rcconfData: `inet 127.0.0.253` + nl,
+		wantHas:    true,
+	}, {
+		name:       "case_sensitiveness",
+		rcconfData: `InEt 127.0.0.253` + nl,
+		wantHas:    false,
+	}, {
+		name: "comments_and_trash",
+		rcconfData: `# comment 1` + nl +
+			`` + nl +
+			`# inet 127.0.0.253` + nl +
+			`inet` + nl,
+		wantHas: false,
+	}, {
+		name: "incorrect_config",
+		rcconfData: `inet6 127.0.0.253` + nl +
+			`inet 256.256.256.256` + nl,
+		wantHas: false,
+	}}
+
+	for _, tc := range testCases {
+		r := strings.NewReader(tc.rcconfData)
+		t.Run(tc.name, func(t *testing.T) {
+			_, has, err := hostnameIfStaticConfig(r)
+			require.NoError(t, err)
+
+			assert.Equal(t, tc.wantHas, has)
+		})
+	}
+}

internal/aghnet/net_others.go

@@ -1,5 +1,5 @@
-//go:build !(linux || darwin || freebsd)
-// +build !linux,!darwin,!freebsd
+//go:build !(linux || darwin || freebsd || openbsd)
+// +build !linux,!darwin,!freebsd,!openbsd
 
 package aghnet
 

internal/aghnet/net_test.go

@@ -17,91 +17,50 @@ func TestGetValidNetInterfacesForWeb(t *testing.T) {
 	}
 }
 
-func TestUnreverseAddr(t *testing.T) {
+func TestBroadcastFromIPNet(t *testing.T) {
+	known6 := net.IP{
+		1, 2, 3, 4,
+		5, 6, 7, 8,
+		9, 10, 11, 12,
+		13, 14, 15, 16,
+	}
+
 	testCases := []struct {
-		name string
-		have string
-		want net.IP
+		name   string
+		subnet *net.IPNet
+		want   net.IP
 	}{{
-		name: "good_ipv4",
-		have: "1.0.0.127.in-addr.arpa",
-		want: net.IP{127, 0, 0, 1},
+		name: "full",
+		subnet: &net.IPNet{
+			IP:   net.IP{192, 168, 0, 1},
+			Mask: net.IPMask{255, 255, 15, 0},
+		},
+		want: net.IP{192, 168, 240, 255},
 	}, {
-		name: "good_ipv6",
-		have: "4.3.2.1.d.c.b.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa",
-		want: net.ParseIP("::abcd:1234"),
+		name: "ipv6_no_mask",
+		subnet: &net.IPNet{
+			IP: known6,
+		},
+		want: known6,
 	}, {
-		name: "good_ipv6_case",
-		have: "4.3.2.1.d.c.B.A.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.iP6.ArPa",
-		want: net.ParseIP("::abcd:1234"),
+		name: "ipv4_no_mask",
+		subnet: &net.IPNet{
+			IP: net.IP{192, 168, 1, 2},
+		},
+		want: net.IP{192, 168, 1, 255},
 	}, {
-		name: "good_ipv4_dot",
-		have: "1.0.0.127.in-addr.arpa.",
-		want: net.IP{127, 0, 0, 1},
-	}, {
-		name: "good_ipv4_case",
-		have: "1.0.0.127.In-Addr.Arpa",
-		want: net.IP{127, 0, 0, 1},
-	}, {
-		name: "wrong_ipv4",
-		have: ".0.0.127.in-addr.arpa",
-		want: nil,
-	}, {
-		name: "wrong_ipv6",
-		have: ".3.2.1.d.c.b.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa",
-		want: nil,
-	}, {
-		name: "bad_ipv6_dot",
-		have: "4.3.2.1.d.c.b.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0..ip6.arpa",
-		want: nil,
-	}, {
-		name: "bad_ipv6_space",
-		have: "4.3.2.1.d.c.b. .0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa",
-		want: nil,
+		name: "unspecified",
+		subnet: &net.IPNet{
+			IP:   net.IP{0, 0, 0, 0},
+			Mask: net.IPMask{0, 0, 0, 0},
+		},
+		want: net.IPv4bcast,
 	}}
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			ip := UnreverseAddr(tc.have)
-			assert.True(t, tc.want.Equal(ip))
-		})
-	}
-}
-
-func TestReverseAddr(t *testing.T) {
-	testCases := []struct {
-		name string
-		want string
-		ip   net.IP
-	}{{
-		name: "valid_ipv4",
-		want: "4.3.2.1.in-addr.arpa",
-		ip:   net.IP{1, 2, 3, 4},
-	}, {
-		name: "valid_ipv6",
-		want: "1.3.b.5.4.1.8.6.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.7.4.6.0.6.2.ip6.arpa",
-		ip:   net.ParseIP("2606:4700:10::6814:5b31"),
-	}, {
-		name: "nil_ip",
-		want: "",
-		ip:   nil,
-	}, {
-		name: "unspecified_ipv6",
-		want: "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa",
-		ip:   net.IPv6unspecified,
-	}, {
-		name: "unspecified_ipv4",
-		want: "0.0.0.0.in-addr.arpa",
-		ip:   net.IPv4zero,
-	}, {
-		name: "wrong_length_ip",
-		want: "",
-		ip:   net.IP{1, 2, 3, 4, 5},
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			assert.Equal(t, tc.want, ReverseAddr(tc.ip))
+			bc := BroadcastFromIPNet(tc.subnet)
+			assert.True(t, bc.Equal(tc.want), bc)
 		})
 	}
 }

internal/aghnet/net_unix.go

@@ -0,0 +1,8 @@
+//go:build openbsd || freebsd || linux
+// +build openbsd freebsd linux
+
+package aghnet
+
+// interfaceName is a string containing network interface's name.  The name is
+// used in file walking methods.
+type interfaceName string

internal/aghnet/systemresolvers_others.go

@@ -12,6 +12,7 @@ import (
 	"time"
 
 	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/stringutil"
 )
 
@@ -104,7 +105,7 @@ const dockerEmbeddedDNS = "127.0.0.11"
 func (sr *systemResolvers) dialFunc(_ context.Context, _, address string) (_ net.Conn, err error) {
 	// Just validate the passed address is a valid IP.
 	var host string
-	host, err = SplitHost(address)
+	host, err = netutil.SplitHost(address)
 	if err != nil {
 		// TODO(e.burkov): Maybe use a structured errBadAddrPassed to
 		// allow unwrapping of the real error.

internal/aghos/filewalker.go

@@ -0,0 +1,119 @@
+package aghos
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/aghio"
+	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/stringutil"
+)
+
+// FileWalker is the signature of a function called for files in the file tree.
+// As opposed to filepath.Walk it only walk the files (not directories) matching
+// the provided pattern and those returned by function itself.  All patterns
+// should be valid for filepath.Glob.  If cont is false, the walking terminates.
+// Each opened file is also limited for reading to MaxWalkedFileSize.
+//
+// TODO(e.burkov):  Consider moving to the separate package like pathutil.
+//
+// TODO(e.burkov):  Think about passing filename or any additional data.
+type FileWalker func(r io.Reader) (patterns []string, cont bool, err error)
+
+// MaxWalkedFileSize is the maximum length of the file that FileWalker can
+// check.
+const MaxWalkedFileSize = 1024 * 1024
+
+// checkFile tries to open and process a single file located on sourcePath.
+func checkFile(c FileWalker, sourcePath string) (patterns []string, cont bool, err error) {
+	var f *os.File
+	f, err = os.Open(sourcePath)
+	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			// Ignore non-existing files since this may only happen
+			// when the file was removed after filepath.Glob matched
+			// it.
+			return nil, true, nil
+		}
+
+		return nil, false, err
+	}
+	defer func() { err = errors.WithDeferred(err, f.Close()) }()
+
+	var r io.Reader
+	// Ignore the error since LimitReader function returns error only if
+	// passed limit value is less than zero, but the constant used.
+	//
+	// TODO(e.burkov):  Make variable.
+	r, _ = aghio.LimitReader(f, MaxWalkedFileSize)
+
+	return c(r)
+}
+
+// handlePatterns parses the patterns and ignores duplicates using srcSet.
+// srcSet must be non-nil.
+func handlePatterns(srcSet *stringutil.Set, patterns ...string) (sub []string, err error) {
+	sub = make([]string, 0, len(patterns))
+	for _, p := range patterns {
+		var matches []string
+		matches, err = filepath.Glob(p)
+		if err != nil {
+			// Enrich error with the pattern because filepath.Glob
+			// doesn't do it.
+			return nil, fmt.Errorf("invalid pattern %q: %w", p, err)
+		}
+
+		for _, m := range matches {
+			if srcSet.Has(m) {
+				continue
+			}
+
+			srcSet.Add(m)
+			sub = append(sub, m)
+		}
+	}
+
+	return sub, nil
+}
+
+// Walk starts walking the files defined by initPattern.  It only returns true
+// if c signed to stop walking.
+func (c FileWalker) Walk(initPattern string) (ok bool, err error) {
+	// The slice of sources keeps the order in which the files are walked
+	// since srcSet.Values() returns strings in undefined order.
+	srcSet := stringutil.NewSet()
+	var src []string
+	src, err = handlePatterns(srcSet, initPattern)
+	if err != nil {
+		return false, err
+	}
+
+	var filename string
+	defer func() { err = errors.Annotate(err, "checking %q: %w", filename) }()
+
+	for i := 0; i < len(src); i++ {
+		var patterns []string
+		var cont bool
+		filename = src[i]
+		patterns, cont, err = checkFile(c, src[i])
+		if err != nil {
+			return false, err
+		}
+
+		if !cont {
+			return true, nil
+		}
+
+		var subsrc []string
+		subsrc, err = handlePatterns(srcSet, patterns...)
+		if err != nil {
+			return false, err
+		}
+
+		src = append(src, subsrc...)
+	}
+
+	return false, nil
+}

internal/aghos/filewalker_test.go

@@ -0,0 +1,209 @@
+package aghos
+
+import (
+	"bufio"
+	"io"
+	"io/fs"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/AdguardTeam/golibs/errors"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// testFSDir maps entries' names to entries which should either be a testFSDir
+// or byte slice.
+type testFSDir map[string]interface{}
+
+// testFSGen is used to generate a temporary filesystem consisting of
+// directories and plain text files from itself.
+type testFSGen testFSDir
+
+// gen returns the name of top directory of the generated filesystem.
+func (g testFSGen) gen(t *testing.T) (dirName string) {
+	t.Helper()
+
+	dirName = t.TempDir()
+	g.rangeThrough(t, dirName)
+
+	return dirName
+}
+
+func (g testFSGen) rangeThrough(t *testing.T, dirName string) {
+	const perm fs.FileMode = 0o777
+
+	for k, e := range g {
+		switch e := e.(type) {
+		case []byte:
+			require.NoError(t, os.WriteFile(filepath.Join(dirName, k), e, perm))
+
+		case testFSDir:
+			newDir := filepath.Join(dirName, k)
+			require.NoError(t, os.Mkdir(newDir, perm))
+
+			testFSGen(e).rangeThrough(t, newDir)
+		default:
+			t.Fatalf("unexpected entry type %T", e)
+		}
+	}
+}
+
+func TestFileWalker_Walk(t *testing.T) {
+	const attribute = `000`
+
+	makeFileWalker := func(dirName string) (fw FileWalker) {
+		return func(r io.Reader) (patterns []string, cont bool, err error) {
+			s := bufio.NewScanner(r)
+			for s.Scan() {
+				line := s.Text()
+				if line == attribute {
+					return nil, false, nil
+				}
+
+				if len(line) != 0 {
+					patterns = append(patterns, filepath.Join(dirName, line))
+				}
+			}
+
+			return patterns, true, s.Err()
+		}
+	}
+
+	const nl = "\n"
+
+	testCases := []struct {
+		name        string
+		testFS      testFSGen
+		initPattern string
+		want        bool
+	}{{
+		name: "simple",
+		testFS: testFSGen{
+			"simple_0001.txt": []byte(attribute + nl),
+		},
+		initPattern: "simple_0001.txt",
+		want:        true,
+	}, {
+		name: "chain",
+		testFS: testFSGen{
+			"chain_0001.txt": []byte(`chain_0002.txt` + nl),
+			"chain_0002.txt": []byte(`chain_0003.txt` + nl),
+			"chain_0003.txt": []byte(attribute + nl),
+		},
+		initPattern: "chain_0001.txt",
+		want:        true,
+	}, {
+		name: "several",
+		testFS: testFSGen{
+			"several_0001.txt": []byte(`several_*` + nl),
+			"several_0002.txt": []byte(`several_0001.txt` + nl),
+			"several_0003.txt": []byte(attribute + nl),
+		},
+		initPattern: "several_0001.txt",
+		want:        true,
+	}, {
+		name: "no",
+		testFS: testFSGen{
+			"no_0001.txt": []byte(nl),
+			"no_0002.txt": []byte(nl),
+			"no_0003.txt": []byte(nl),
+		},
+		initPattern: "no_*",
+		want:        false,
+	}, {
+		name: "subdirectory",
+		testFS: testFSGen{
+			"dir": testFSDir{
+				"subdir_0002.txt": []byte(attribute + nl),
+			},
+			"subdir_0001.txt": []byte(`dir/*`),
+		},
+		initPattern: "subdir_0001.txt",
+		want:        true,
+	}}
+
+	for _, tc := range testCases {
+		testDir := tc.testFS.gen(t)
+		fw := makeFileWalker(testDir)
+
+		t.Run(tc.name, func(t *testing.T) {
+			ok, err := fw.Walk(filepath.Join(testDir, tc.initPattern))
+			require.NoError(t, err)
+
+			assert.Equal(t, tc.want, ok)
+		})
+	}
+
+	t.Run("pattern_malformed", func(t *testing.T) {
+		ok, err := makeFileWalker("").Walk("[]")
+		require.Error(t, err)
+
+		assert.False(t, ok)
+		assert.ErrorIs(t, err, filepath.ErrBadPattern)
+	})
+
+	t.Run("bad_filename", func(t *testing.T) {
+		dir := testFSGen{
+			"bad_filename.txt": []byte("[]"),
+		}.gen(t)
+		fw := FileWalker(func(r io.Reader) (patterns []string, cont bool, err error) {
+			s := bufio.NewScanner(r)
+			for s.Scan() {
+				patterns = append(patterns, s.Text())
+			}
+
+			return patterns, true, s.Err()
+		})
+
+		ok, err := fw.Walk(filepath.Join(dir, "bad_filename.txt"))
+		require.Error(t, err)
+
+		assert.False(t, ok)
+		assert.ErrorIs(t, err, filepath.ErrBadPattern)
+	})
+
+	t.Run("itself_error", func(t *testing.T) {
+		const rerr errors.Error = "returned error"
+
+		dir := testFSGen{
+			"mockfile.txt": []byte(`mockdata`),
+		}.gen(t)
+
+		ok, err := FileWalker(func(r io.Reader) (patterns []string, ok bool, err error) {
+			return nil, true, rerr
+		}).Walk(filepath.Join(dir, "*"))
+		require.Error(t, err)
+		require.False(t, ok)
+
+		assert.ErrorIs(t, err, rerr)
+	})
+}
+
+func TestWalkerFunc_CheckFile(t *testing.T) {
+	t.Run("non-existing", func(t *testing.T) {
+		_, ok, err := checkFile(nil, "lol")
+		require.NoError(t, err)
+
+		assert.True(t, ok)
+	})
+
+	t.Run("invalid_argument", func(t *testing.T) {
+		const badPath = "\x00"
+
+		_, ok, err := checkFile(nil, badPath)
+		require.Error(t, err)
+
+		assert.False(t, ok)
+		// TODO(e.burkov):  Use assert.ErrorsIs within the error from
+		// less platform-dependent package instead of syscall.EINVAL.
+		//
+		// See https://github.com/golang/go/issues/46849 and
+		// https://github.com/golang/go/issues/30322.
+		pathErr := &os.PathError{}
+		require.ErrorAs(t, err, &pathErr)
+		assert.Equal(t, "open", pathErr.Op)
+		assert.Equal(t, badPath, pathErr.Path)
+	})
+}

internal/aghos/os_linux.go

@@ -4,11 +4,11 @@
 package aghos
 
 import (
-	"bytes"
+	"io"
 	"os"
-	"path/filepath"
-	"strings"
 	"syscall"
+
+	"github.com/AdguardTeam/golibs/stringutil"
 )
 
 func setRlimit(val uint64) (err error) {
@@ -30,37 +30,20 @@ func sendProcessSignal(pid int, sig syscall.Signal) error {
 }
 
 func isOpenWrt() (ok bool) {
-	const etcDir = "/etc"
+	var err error
+	ok, err = FileWalker(func(r io.Reader) (_ []string, cont bool, err error) {
+		const osNameData = "openwrt"
 
-	dirEnts, err := os.ReadDir(etcDir)
-	if err != nil {
-		return false
-	}
-
-	// fNameSubstr is a part of a name of the desired file.
-	const fNameSubstr = "release"
-	osNameData := []byte("OpenWrt")
-
-	for _, dirEnt := range dirEnts {
-		if dirEnt.IsDir() {
-			continue
-		}
-
-		fn := dirEnt.Name()
-		if !strings.Contains(fn, fNameSubstr) {
-			continue
-		}
-
-		var body []byte
-		body, err = os.ReadFile(filepath.Join(etcDir, fn))
+		// This use of ReadAll is now safe, because FileWalker's Walk()
+		// have limited r.
+		var data []byte
+		data, err = io.ReadAll(r)
 		if err != nil {
-			continue
+			return nil, false, err
 		}
 
-		if bytes.Contains(body, osNameData) {
-			return true
-		}
-	}
+		return nil, !stringutil.ContainsFold(string(data), osNameData), nil
+	}).Walk("/etc/*release*")
 
-	return false
+	return err == nil && ok
 }

internal/dhcpd/checkother_windows.go

@@ -1,14 +0,0 @@
-//go:build windows
-// +build windows
-
-package dhcpd
-
-import "github.com/AdguardTeam/AdGuardHome/internal/aghos"
-
-func CheckIfOtherDHCPServersPresentV4(ifaceName string) (bool, error) {
-	return false, aghos.Unsupported("CheckIfOtherDHCPServersPresentV4")
-}
-
-func CheckIfOtherDHCPServersPresentV6(ifaceName string) (bool, error) {
-	return false, aghos.Unsupported("CheckIfOtherDHCPServersPresentV6")
-}

internal/dhcpd/dhcpd.go

@@ -10,12 +10,11 @@ import (
 	"runtime"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 )
 
 const (
-	defaultDiscoverTime = time.Second * 3
 	// leaseExpireStatic is used to define the Expiry field for static
 	// leases.
 	//
@@ -46,8 +45,8 @@ func (l *Lease) Clone() (clone *Lease) {
 	return &Lease{
 		Expiry:   l.Expiry,
 		Hostname: l.Hostname,
-		HWAddr:   aghnet.CloneMAC(l.HWAddr),
-		IP:       aghnet.CloneIP(l.IP),
+		HWAddr:   netutil.CloneMAC(l.HWAddr),
+		IP:       netutil.CloneIP(l.IP),
 	}
 }
 

internal/dhcpd/helpers.go

@@ -6,14 +6,6 @@ import (
 	"net"
 )
 
-func isTimeout(err error) bool {
-	operr, ok := err.(*net.OpError)
-	if !ok {
-		return false
-	}
-	return operr.Timeout()
-}
-
 func tryTo4(ip net.IP) (ip4 net.IP, err error) {
 	if ip == nil {
 		return nil, fmt.Errorf("%v is not an IP address", ip)

internal/dhcpd/http.go

@@ -398,60 +398,63 @@ func (s *Server) handleDHCPFindActiveServer(w http.ResponseWriter, r *http.Reque
 		msg := fmt.Sprintf("failed to read request body: %s", err)
 		log.Error(msg)
 		http.Error(w, msg, http.StatusBadRequest)
+
 		return
 	}
 
-	interfaceName := strings.TrimSpace(string(body))
-	if interfaceName == "" {
+	ifaceName := strings.TrimSpace(string(body))
+	if ifaceName == "" {
 		msg := "empty interface name specified"
 		log.Error(msg)
 		http.Error(w, msg, http.StatusBadRequest)
+
 		return
 	}
 
 	result := dhcpSearchResult{
 		V4: dhcpSearchV4Result{
-			OtherServer: dhcpSearchOtherResult{},
+			OtherServer: dhcpSearchOtherResult{
+				Found: "no",
+			},
 			StaticIP: dhcpStaticIPStatus{
 				Static: "yes",
 			},
 		},
 		V6: dhcpSearchV6Result{
-			OtherServer: dhcpSearchOtherResult{},
+			OtherServer: dhcpSearchOtherResult{
+				Found: "no",
+			},
 		},
 	}
 
-	found4, err4 := CheckIfOtherDHCPServersPresentV4(interfaceName)
-
-	isStaticIP, err := aghnet.IfaceHasStaticIP(interfaceName)
-	if err != nil {
+	if isStaticIP, serr := aghnet.IfaceHasStaticIP(ifaceName); serr != nil {
 		result.V4.StaticIP.Static = "error"
-		result.V4.StaticIP.Error = err.Error()
+		result.V4.StaticIP.Error = serr.Error()
 	} else if !isStaticIP {
 		result.V4.StaticIP.Static = "no"
-		result.V4.StaticIP.IP = aghnet.GetSubnet(interfaceName).String()
+		// TODO(e.burkov):  The returned IP should only be of version 4.
+		result.V4.StaticIP.IP = aghnet.GetSubnet(ifaceName).String()
 	}
 
-	if found4 {
-		result.V4.OtherServer.Found = "yes"
-	} else if err4 != nil {
+	found4, found6, err4, err6 := aghnet.CheckOtherDHCP(ifaceName)
+	if err4 != nil {
 		result.V4.OtherServer.Found = "error"
 		result.V4.OtherServer.Error = err4.Error()
+	} else if found4 {
+		result.V4.OtherServer.Found = "yes"
 	}
-
-	found6, err6 := CheckIfOtherDHCPServersPresentV6(interfaceName)
-
-	if found6 {
-		result.V6.OtherServer.Found = "yes"
-	} else if err6 != nil {
+	if err6 != nil {
 		result.V6.OtherServer.Found = "error"
 		result.V6.OtherServer.Error = err6.Error()
+	} else if found6 {
+		result.V6.OtherServer.Found = "yes"
 	}
 
 	w.Header().Set("Content-Type", "application/json")
 	err = json.NewEncoder(w).Encode(result)
 	if err != nil {
 		httpError(r, w, http.StatusInternalServerError, "Failed to marshal DHCP found json: %s", err)
+
 		return
 	}
 }

internal/dhcpd/routeradv.go

@@ -7,8 +7,8 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"golang.org/x/net/icmp"
 	"golang.org/x/net/ipv6"
 )
@@ -42,7 +42,7 @@ type icmpv6RA struct {
 //
 // See https://tools.ietf.org/html/rfc4861#section-4.6.1.
 func hwAddrToLinkLayerAddr(hwa net.HardwareAddr) (lla []byte, err error) {
-	err = aghnet.ValidateHardwareAddress(hwa)
+	err = netutil.ValidateMAC(hwa)
 	if err != nil {
 		// Don't wrap the error, because it already contains enough
 		// context.
@@ -56,8 +56,8 @@ func hwAddrToLinkLayerAddr(hwa net.HardwareAddr) (lla []byte, err error) {
 		return lla, nil
 	}
 
-	// Assume that aghnet.ValidateHardwareAddress prevents lengths other
-	// than 20 by now.
+	// Assume that netutil.ValidateMAC prevents lengths other than 20 by
+	// now.
 	lla = make([]byte, 24)
 	copy(lla, hwa)
 

internal/dhcpd/v4.go

@@ -14,6 +14,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/go-ping/ping"
 	"github.com/insomniacslk/dhcp/dhcpv4"
@@ -61,7 +62,7 @@ func normalizeHostname(hostname string) (norm string, err error) {
 
 	norm = strings.ToLower(hostname)
 	parts := strings.FieldsFunc(norm, func(c rune) (ok bool) {
-		return c != '.' && !aghnet.IsValidHostOuterRune(c)
+		return c != '.' && !netutil.IsValidHostOuterRune(c)
 	})
 
 	if len(parts) == 0 {
@@ -87,7 +88,7 @@ func (s *v4Server) validHostnameForClient(cliHostname string, ip net.IP) (hostna
 		hostname = aghnet.GenerateHostname(ip)
 	}
 
-	err = aghnet.ValidateDomainName(hostname)
+	err = netutil.ValidateDomainName(hostname)
 	if err != nil {
 		log.Info("dhcpv4: %s", err)
 		hostname = ""
@@ -335,7 +336,7 @@ func (s *v4Server) AddStaticLease(l *Lease) (err error) {
 
 	l.Expiry = time.Unix(leaseExpireStatic, 0)
 
-	err = aghnet.ValidateHardwareAddress(l.HWAddr)
+	err = netutil.ValidateMAC(l.HWAddr)
 	if err != nil {
 		return err
 	}
@@ -346,7 +347,7 @@ func (s *v4Server) AddStaticLease(l *Lease) (err error) {
 			return err
 		}
 
-		err = aghnet.ValidateDomainName(hostname)
+		err = netutil.ValidateDomainName(hostname)
 		if err != nil {
 			return fmt.Errorf("validating hostname: %w", err)
 		}
@@ -402,7 +403,7 @@ func (s *v4Server) RemoveStaticLease(l *Lease) (err error) {
 		return fmt.Errorf("invalid IP")
 	}
 
-	err = aghnet.ValidateHardwareAddress(l.HWAddr)
+	err = netutil.ValidateMAC(l.HWAddr)
 	if err != nil {
 		return fmt.Errorf("validating lease: %w", err)
 	}
@@ -913,7 +914,7 @@ func (s *v4Server) packetHandler(conn net.PacketConn, peer net.Addr, req *dhcpv4
 		return
 	}
 
-	err = aghnet.ValidateHardwareAddress(req.ClientHWAddr)
+	err = netutil.ValidateMAC(req.ClientHWAddr)
 	if err != nil {
 		log.Error("dhcpv4: invalid ClientHWAddr: %s", err)
 
@@ -970,7 +971,12 @@ func (s *v4Server) Start() (err error) {
 
 	log.Debug("dhcpv4: starting...")
 
-	dnsIPAddrs, err := ifaceDNSIPAddrs(iface, ipVersion4, defaultMaxAttempts, defaultBackoff)
+	dnsIPAddrs, err := aghnet.IfaceDNSIPAddrs(
+		iface,
+		aghnet.IPVersion4,
+		defaultMaxAttempts,
+		defaultBackoff,
+	)
 	if err != nil {
 		return fmt.Errorf("interface %s: %w", ifaceName, err)
 	}
@@ -1060,12 +1066,7 @@ func v4Create(conf V4ServerConf) (srv DHCPServer, err error) {
 		IP:   routerIP,
 		Mask: subnetMask,
 	}
-
-	bcastIP := aghnet.CloneIP(routerIP)
-	for i, b := range subnetMask {
-		bcastIP[i] |= ^b
-	}
-	s.conf.broadcastIP = bcastIP
+	s.conf.broadcastIP = aghnet.BroadcastFromIPNet(s.conf.subnet)
 
 	s.conf.ipRange, err = newIPRange(conf.RangeStart, conf.RangeEnd)
 	if err != nil {

internal/dhcpd/v46.go

@@ -1,125 +1,12 @@
 package dhcpd
 
 import (
-	"fmt"
-	"net"
 	"time"
-
-	"github.com/AdguardTeam/golibs/log"
 )
 
-// ipVersion is a documentational alias for int.  Use it when the integer means
-// IP version.
-type ipVersion = int
-
-// IP version constants.
-const (
-	ipVersion4 ipVersion = 4
-	ipVersion6 ipVersion = 6
-)
-
-// netIface is the interface for network interface methods.
-type netIface interface {
-	Addrs() ([]net.Addr, error)
-}
-
-// ifaceIPAddrs returns the interface's IP addresses.
-func ifaceIPAddrs(iface netIface, ipv ipVersion) (ips []net.IP, err error) {
-	addrs, err := iface.Addrs()
-	if err != nil {
-		return nil, err
-	}
-
-	for _, a := range addrs {
-		var ip net.IP
-		switch a := a.(type) {
-		case *net.IPAddr:
-			ip = a.IP
-		case *net.IPNet:
-			ip = a.IP
-		default:
-			continue
-		}
-
-		// Assume that net.(*Interface).Addrs can only return valid IPv4
-		// and IPv6 addresses.  Thus, if it isn't an IPv4 address, it
-		// must be an IPv6 one.
-		switch ipv {
-		case ipVersion4:
-			if ip4 := ip.To4(); ip4 != nil {
-				ips = append(ips, ip4)
-			}
-		case ipVersion6:
-			if ip6 := ip.To4(); ip6 == nil {
-				ips = append(ips, ip)
-			}
-		default:
-			return nil, fmt.Errorf("invalid ip version %d", ipv)
-		}
-	}
-
-	return ips, nil
-}
-
 // Currently used defaults for ifaceDNSAddrs.
 const (
 	defaultMaxAttempts int = 10
 
 	defaultBackoff time.Duration = 500 * time.Millisecond
 )
-
-// ifaceDNSIPAddrs returns IP addresses of the interface suitable to send to
-// clients as DNS addresses.  If err is nil, addrs contains either no addresses
-// or at least two.
-//
-// It makes up to maxAttempts attempts to get the addresses if there are none,
-// each time using the provided backoff.  Sometimes an interface needs a few
-// seconds to really ititialize.
-//
-// See https://github.com/AdguardTeam/AdGuardHome/issues/2304.
-func ifaceDNSIPAddrs(
-	iface netIface,
-	ipv ipVersion,
-	maxAttempts int,
-	backoff time.Duration,
-) (addrs []net.IP, err error) {
-	var n int
-	for n = 1; n <= maxAttempts; n++ {
-		addrs, err = ifaceIPAddrs(iface, ipv)
-		if err != nil {
-			return nil, fmt.Errorf("getting ip addrs: %w", err)
-		}
-
-		if len(addrs) > 0 {
-			break
-		}
-
-		log.Debug("dhcpv%d: attempt %d: no ip addresses", ipv, n)
-
-		time.Sleep(backoff)
-	}
-
-	switch len(addrs) {
-	case 0:
-		// Don't return errors in case the users want to try and enable
-		// the DHCP server later.
-		t := time.Duration(n) * backoff
-		log.Error("dhcpv%d: no ip for iface after %d attempts and %s", ipv, n, t)
-
-		return nil, nil
-	case 1:
-		// Some Android devices use 8.8.8.8 if there is not a secondary
-		// DNS server.  Fix that by setting the secondary DNS address to
-		// the same address.
-		//
-		// See https://github.com/AdguardTeam/AdGuardHome/issues/1708.
-		log.Debug("dhcpv%d: setting secondary dns ip to itself", ipv)
-		addrs = append(addrs, addrs[0])
-	default:
-		// Go on.
-	}
-
-	log.Debug("dhcpv%d: got addresses %s after %d attempts", ipv, addrs, n)
-
-	return addrs, nil
-}

internal/dhcpd/v6.go

@@ -13,6 +13,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/insomniacslk/dhcp/dhcpv6"
 	"github.com/insomniacslk/dhcp/dhcpv6/server6"
 	"github.com/insomniacslk/dhcp/iana"
@@ -175,7 +176,7 @@ func (s *v6Server) AddStaticLease(l *Lease) (err error) {
 		return fmt.Errorf("invalid IP")
 	}
 
-	err = aghnet.ValidateHardwareAddress(l.HWAddr)
+	err = netutil.ValidateMAC(l.HWAddr)
 	if err != nil {
 		return fmt.Errorf("validating lease: %w", err)
 	}
@@ -207,7 +208,7 @@ func (s *v6Server) RemoveStaticLease(l *Lease) (err error) {
 		return fmt.Errorf("invalid IP")
 	}
 
-	err = aghnet.ValidateHardwareAddress(l.HWAddr)
+	err = netutil.ValidateMAC(l.HWAddr)
 	if err != nil {
 		return fmt.Errorf("validating lease: %w", err)
 	}
@@ -607,7 +608,12 @@ func (s *v6Server) Start() (err error) {
 
 	log.Debug("dhcpv6: starting...")
 
-	dnsIPAddrs, err := ifaceDNSIPAddrs(iface, ipVersion6, defaultMaxAttempts, defaultBackoff)
+	dnsIPAddrs, err := aghnet.IfaceDNSIPAddrs(
+		iface,
+		aghnet.IPVersion6,
+		defaultMaxAttempts,
+		defaultBackoff,
+	)
 	if err != nil {
 		return fmt.Errorf("interface %s: %w", ifaceName, err)
 	}
@@ -633,7 +639,7 @@ func (s *v6Server) Start() (err error) {
 
 	log.Debug("dhcpv6: listening...")
 
-	err = aghnet.ValidateHardwareAddress(iface.HardwareAddr)
+	err = netutil.ValidateMAC(iface.HardwareAddr)
 	if err != nil {
 		return fmt.Errorf("validating interface %s: %w", iface.Name, err)
 	}

internal/dnsforward/access.go

@@ -7,8 +7,8 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/AdguardTeam/urlfilter"
 	"github.com/AdguardTeam/urlfilter/filterlist"
@@ -17,8 +17,8 @@ import (
 // accessCtx controls IP and client blocking that takes place before all other
 // processing.  An accessCtx is safe for concurrent use.
 type accessCtx struct {
-	allowedIPs *aghnet.IPMap
-	blockedIPs *aghnet.IPMap
+	allowedIPs *netutil.IPMap
+	blockedIPs *netutil.IPMap
 
 	allowedClientIDs *stringutil.Set
 	blockedClientIDs *stringutil.Set
@@ -26,7 +26,7 @@ type accessCtx struct {
 	blockedHostsEng *urlfilter.DNSEngine
 
 	// TODO(a.garipov): Create a type for a set of IP networks.
-	// aghnet.IPNetSet?
+	// netutil.IPNetSet?
 	allowedNets []*net.IPNet
 	blockedNets []*net.IPNet
 }
@@ -38,7 +38,7 @@ type unit = struct{}
 // which may be an IP address, a CIDR, or a ClientID.
 func processAccessClients(
 	clientStrs []string,
-	ips *aghnet.IPMap,
+	ips *netutil.IPMap,
 	nets *[]*net.IPNet,
 	clientIDs *stringutil.Set,
 ) (err error) {
@@ -68,8 +68,8 @@ func processAccessClients(
 // newAccessCtx creates a new accessCtx.
 func newAccessCtx(allowed, blocked, blockedHosts []string) (a *accessCtx, err error) {
 	a = &accessCtx{
-		allowedIPs: aghnet.NewIPMap(0),
-		blockedIPs: aghnet.NewIPMap(0),
+		allowedIPs: netutil.NewIPMap(0),
+		blockedIPs: netutil.NewIPMap(0),
 
 		allowedClientIDs: stringutil.NewSet(),
 		blockedClientIDs: stringutil.NewSet(),

internal/dnsforward/clientid.go

@@ -7,15 +7,15 @@ import (
 	"path"
 	"strings"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/lucas-clemente/quic-go"
 )
 
 // ValidateClientID returns an error if clientID is not a valid client ID.
 func ValidateClientID(clientID string) (err error) {
-	err = aghnet.ValidateDomainNameLabel(clientID)
+	err = netutil.ValidateDomainNameLabel(clientID)
 	if err != nil {
 		// Replace the domain name label wrapper with our own.
 		return fmt.Errorf("invalid client id %q: %w", clientID, errors.Unwrap(err))
@@ -24,21 +24,39 @@ func ValidateClientID(clientID string) (err error) {
 	return nil
 }
 
+// hasLabelSuffix returns true if s ends with suffix preceded by a dot.  It's
+// a helper function to prevent unnecessary allocations in code like:
+//
+// if strings.HasSuffix(s, "." + suffix) { /* … */ }
+//
+// s must be longer than suffix.
+func hasLabelSuffix(s, suffix string) (ok bool) {
+	return strings.HasSuffix(s, suffix) && s[len(s)-len(suffix)-1] == '.'
+}
+
 // clientIDFromClientServerName extracts and validates a client ID.  hostSrvName
 // is the server name of the host.  cliSrvName is the server name as sent by the
 // client.  When strict is true, and client and host server name don't match,
 // clientIDFromClientServerName will return an error.
-func clientIDFromClientServerName(hostSrvName, cliSrvName string, strict bool) (clientID string, err error) {
+func clientIDFromClientServerName(
+	hostSrvName string,
+	cliSrvName string,
+	strict bool,
+) (clientID string, err error) {
 	if hostSrvName == cliSrvName {
 		return "", nil
 	}
 
-	if !strings.HasSuffix(cliSrvName, hostSrvName) {
+	if !hasLabelSuffix(cliSrvName, hostSrvName) {
 		if !strict {
 			return "", nil
 		}
 
-		return "", fmt.Errorf("client server name %q doesn't match host server name %q", cliSrvName, hostSrvName)
+		return "", fmt.Errorf(
+			"client server name %q doesn't match host server name %q",
+			cliSrvName,
+			hostSrvName,
+		)
 	}
 
 	clientID = cliSrvName[:len(cliSrvName)-len(hostSrvName)-1]

internal/dnsforward/clientid_test.go

@@ -46,6 +46,8 @@ func (c testQUICSession) ConnectionState() (cs quic.ConnectionState) {
 }
 
 func TestServer_clientIDFromDNSContext(t *testing.T) {
+	// TODO(a.garipov): Consider moving away from the text-based error
+	// checks and onto a more structured approach.
 	testCases := []struct {
 		name         string
 		proto        proxy.Proto
@@ -111,7 +113,7 @@ func TestServer_clientIDFromDNSContext(t *testing.T) {
 		cliSrvName:   "!!!.example.com",
 		wantClientID: "",
 		wantErrMsg: `client id check: invalid client id "!!!": ` +
-			`invalid char '!' at index 0`,
+			`bad domain name label rune '!'`,
 		strictSNI: true,
 	}, {
 		name:        "tls_client_id_too_long",
@@ -122,7 +124,7 @@ func TestServer_clientIDFromDNSContext(t *testing.T) {
 		wantClientID: "",
 		wantErrMsg: `client id check: invalid client id "abcdefghijklmno` +
 			`pqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789": ` +
-			`label is too long, max: 63`,
+			`domain name label is too long: got 72, max 63`,
 		strictSNI: true,
 	}, {
 		name:         "quic_client_id",
@@ -132,6 +134,15 @@ func TestServer_clientIDFromDNSContext(t *testing.T) {
 		wantClientID: "cli",
 		wantErrMsg:   "",
 		strictSNI:    true,
+	}, {
+		name:         "tls_client_id_issue3437",
+		proto:        proxy.ProtoTLS,
+		hostSrvName:  "example.com",
+		cliSrvName:   "cli.myexample.com",
+		wantClientID: "",
+		wantErrMsg: `client id check: client server name "cli.myexample.com" ` +
+			`doesn't match host server name "example.com"`,
+		strictSNI: true,
 	}}
 
 	for _, tc := range testCases {
@@ -220,7 +231,7 @@ func TestClientIDFromDNSContextHTTPS(t *testing.T) {
 		path:         "/dns-query/!!!",
 		wantClientID: "",
 		wantErrMsg: `client id check: invalid client id "!!!": ` +
-			`invalid char '!' at index 0`,
+			`bad domain name label rune '!'`,
 	}}
 
 	for _, tc := range testCases {

internal/dnsforward/config.go

@@ -11,12 +11,12 @@ import (
 	"strings"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/ameshkov/dnscrypt/v2"
 )
@@ -451,7 +451,7 @@ func matchesDomainWildcard(host, pat string) (ok bool) {
 // anyNameMatches returns true if sni, the client's SNI value, matches any of
 // the DNS names and patterns from certificate.  dnsNames must be sorted.
 func anyNameMatches(dnsNames []string, sni string) (ok bool) {
-	if aghnet.ValidateDomainName(sni) != nil {
+	if netutil.ValidateDomainName(sni) != nil {
 		return false
 	}
 

internal/dnsforward/dns.go

@@ -5,11 +5,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/miekg/dns"
 )
@@ -165,7 +165,7 @@ func (s *Server) setTableHostToIP(t hostToIPTable) {
 	s.tableHostToIP = t
 }
 
-func (s *Server) setTableIPToHost(t *aghnet.IPMap) {
+func (s *Server) setTableIPToHost(t *netutil.IPMap) {
 	s.tableIPToHostLock.Lock()
 	defer s.tableIPToHostLock.Unlock()
 
@@ -188,18 +188,18 @@ func (s *Server) onDHCPLeaseChanged(flags int) {
 	}
 
 	var hostToIP hostToIPTable
-	var ipToHost *aghnet.IPMap
+	var ipToHost *netutil.IPMap
 	if add {
 		ll := s.dhcpServer.Leases(dhcpd.LeasesAll)
 
 		hostToIP = make(hostToIPTable, len(ll))
-		ipToHost = aghnet.NewIPMap(len(ll))
+		ipToHost = netutil.NewIPMap(len(ll))
 
 		for _, l := range ll {
 			// TODO(a.garipov): Remove this after we're finished
 			// with the client hostname validations in the DHCP
 			// server code.
-			err = aghnet.ValidateDomainName(l.Hostname)
+			err = netutil.ValidateDomainName(l.Hostname)
 			if err != nil {
 				log.Debug(
 					"dns: skipping invalid hostname %q from dhcp: %s",
@@ -230,7 +230,7 @@ func (s *Server) processDetermineLocal(dctx *dnsContext) (rc resultCode) {
 	rc = resultCodeSuccess
 
 	var ip net.IP
-	if ip = aghnet.IPFromAddr(dctx.proxyCtx.Addr); ip == nil {
+	if ip, _ = netutil.IPAndPortFromAddr(dctx.proxyCtx.Addr); ip == nil {
 		return rc
 	}
 
@@ -331,12 +331,11 @@ func (s *Server) processRestrictLocal(ctx *dnsContext) (rc resultCode) {
 		return resultCodeSuccess
 	}
 
-	ip := aghnet.UnreverseAddr(q.Name)
-	if ip == nil {
-		// That's weird.
-		//
-		// TODO(e.burkov): Research the cases when it could happen.
-		return resultCodeSuccess
+	ip, err := netutil.IPFromReversedAddr(q.Name)
+	if err != nil {
+		log.Debug("dns: reversed addr: %s", err)
+
+		return resultCodeError
 	}
 
 	// Restrict an access to local addresses for external clients.  We also
@@ -502,7 +501,7 @@ func processFilteringBeforeRequest(ctx *dnsContext) (rc resultCode) {
 
 // ipStringFromAddr extracts an IP address string from net.Addr.
 func ipStringFromAddr(addr net.Addr) (ipStr string) {
-	if ip := aghnet.IPFromAddr(addr); ip != nil {
+	if ip, _ := netutil.IPAndPortFromAddr(addr); ip != nil {
 		return ip.String()
 	}
 

internal/dnsforward/dnsforward.go

@@ -20,6 +20,7 @@ import (
 	"github.com/AdguardTeam/golibs/cache"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/miekg/dns"
 )
@@ -81,7 +82,7 @@ type Server struct {
 	tableHostToIP     hostToIPTable
 	tableHostToIPLock sync.Mutex
 
-	tableIPToHost     *aghnet.IPMap
+	tableIPToHost     *netutil.IPMap
 	tableIPToHostLock sync.Mutex
 
 	// clientIDCache is a temporary storage for clientIDs that were
@@ -141,7 +142,7 @@ func NewServer(p DNSCreateParams) (s *Server, err error) {
 	if p.LocalDomain == "" {
 		localDomainSuffix = defaultLocalDomainSuffix
 	} else {
-		err = aghnet.ValidateDomainName(p.LocalDomain)
+		err = netutil.ValidateDomainName(p.LocalDomain)
 		if err != nil {
 			return nil, fmt.Errorf("local domain: %w", err)
 		}
@@ -281,7 +282,12 @@ func (s *Server) Exchange(ip net.IP) (host string, err error) {
 		return "", nil
 	}
 
-	arpa := dns.Fqdn(aghnet.ReverseAddr(ip))
+	arpa, err := netutil.IPToReversedAddr(ip)
+	if err != nil {
+		return "", fmt.Errorf("reversing ip: %w", err)
+	}
+
+	arpa = dns.Fqdn(arpa)
 	req := &dns.Msg{
 		MsgHdr: dns.MsgHdr{
 			Id:               dns.Id(),

internal/dnsforward/dnsforward_test.go

@@ -1119,6 +1119,8 @@ func TestPTRResponseFromHosts(t *testing.T) {
 }
 
 func TestNewServer(t *testing.T) {
+	// TODO(a.garipov): Consider moving away from the text-based error
+	// checks and onto a more structured approach.
 	testCases := []struct {
 		name       string
 		in         DNSCreateParams
@@ -1144,9 +1146,8 @@ func TestNewServer(t *testing.T) {
 		in: DNSCreateParams{
 			LocalDomain: "!!!",
 		},
-		wantErrMsg: `local domain: validating domain name "!!!": ` +
-			`invalid domain name label at index 0: ` +
-			`validating label "!!!": invalid char '!' at index 0`,
+		wantErrMsg: `local domain: bad domain name "!!!": ` +
+			`bad domain name label "!!!": bad domain name label rune '!'`,
 	}}
 
 	for _, tc := range testCases {

internal/dnsforward/filter.go

@@ -5,10 +5,10 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/miekg/dns"
 )
 
@@ -19,7 +19,7 @@ func (s *Server) beforeRequestHandler(
 	_ *proxy.Proxy,
 	pctx *proxy.DNSContext,
 ) (reply bool, err error) {
-	ip := aghnet.IPFromAddr(pctx.Addr)
+	ip, _ := netutil.IPAndPortFromAddr(pctx.Addr)
 	clientID, err := s.clientIDFromDNSContext(pctx)
 	if err != nil {
 		return false, fmt.Errorf("getting clientid: %w", err)
@@ -53,7 +53,8 @@ func (s *Server) beforeRequestHandler(
 func (s *Server) getClientRequestFilteringSettings(ctx *dnsContext) *filtering.Settings {
 	setts := s.dnsFilter.GetConfig()
 	if s.conf.FilterHandler != nil {
-		s.conf.FilterHandler(aghnet.IPFromAddr(ctx.proxyCtx.Addr), ctx.clientID, &setts)
+		ip, _ := netutil.IPAndPortFromAddr(ctx.proxyCtx.Addr)
+		s.conf.FilterHandler(ip, ctx.clientID, &setts)
 	}
 
 	return &setts

internal/dnsforward/http.go

@@ -9,11 +9,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/miekg/dns"
 )
@@ -443,7 +443,7 @@ func separateUpstream(upstreamStr string) (upstream string, useDefault bool, err
 			continue
 		}
 
-		err = aghnet.ValidateDomainName(host)
+		err = netutil.ValidateDomainName(host)
 		if err != nil {
 			return "", false, fmt.Errorf("domain at index %d: %w", i, err)
 		}

internal/dnsforward/recursiondetector.go

@@ -5,9 +5,9 @@ import (
 	"encoding/binary"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/cache"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/miekg/dns"
 )
 
@@ -77,7 +77,7 @@ func newRecursionDetector(ttl time.Duration, suspectsNum uint) (rd *recursionDet
 
 // msgToSignature converts msg into it's signature represented in bytes.
 func msgToSignature(msg dns.Msg) (sig []byte) {
-	sig = make([]byte, uint16sz*2+aghnet.MaxDomainNameLen)
+	sig = make([]byte, uint16sz*2+netutil.MaxDomainNameLen)
 	// The binary.BigEndian byte order is used everywhere except when the
 	// real machine's endianess is needed.
 	byteOrder := binary.BigEndian
@@ -95,7 +95,7 @@ func msgToSignature(msg dns.Msg) (sig []byte) {
 // See BenchmarkMsgToSignature.
 func msgToSignatureSlow(msg dns.Msg) (sig []byte) {
 	type msgSignature struct {
-		name  [aghnet.MaxDomainNameLen]byte
+		name  [netutil.MaxDomainNameLen]byte
 		id    uint16
 		qtype uint16
 	}

internal/dnsforward/stats.go

@@ -4,11 +4,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/AdGuardHome/internal/querylog"
 	"github.com/AdguardTeam/AdGuardHome/internal/stats"
 	"github.com/AdguardTeam/dnsproxy/proxy"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/miekg/dns"
 )
 
@@ -32,13 +32,14 @@ func processQueryLogsAndStats(ctx *dnsContext) (rc resultCode) {
 	// Synchronize access to s.queryLog and s.stats so they won't be suddenly uninitialized while in use.
 	// This can happen after proxy server has been stopped, but its workers haven't yet exited.
 	if shouldLog && s.queryLog != nil {
+		ip, _ := netutil.IPAndPortFromAddr(pctx.Addr)
 		p := querylog.AddParams{
 			Question:   msg,
 			Answer:     pctx.Res,
 			OrigAnswer: ctx.origResp,
 			Result:     ctx.result,
 			Elapsed:    elapsed,
-			ClientIP:   aghnet.IPFromAddr(pctx.Addr),
+			ClientIP:   ip,
 			ClientID:   ctx.clientID,
 		}
 
@@ -80,7 +81,7 @@ func (s *Server) updateStats(ctx *dnsContext, elapsed time.Duration, res filteri
 
 	if clientID := ctx.clientID; clientID != "" {
 		e.Client = clientID
-	} else if ip := aghnet.IPFromAddr(pctx.Addr); ip != nil {
+	} else if ip, _ := netutil.IPAndPortFromAddr(pctx.Addr); ip != nil {
 		e.Client = ip.String()
 	}
 

internal/home/auth.go

@@ -13,8 +13,8 @@ import (
 	"sync"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"go.etcd.io/bbolt"
 	"golang.org/x/crypto/bcrypt"
 )
@@ -404,8 +404,7 @@ func realIP(r *http.Request) (ip net.IP, err error) {
 
 	// When everything else fails, just return the remote address as
 	// understood by the stdlib.
-	var ipStr string
-	ipStr, err = aghnet.SplitHost(r.RemoteAddr)
+	ipStr, err := netutil.SplitHost(r.RemoteAddr)
 	if err != nil {
 		return nil, fmt.Errorf("getting ip from client addr: %w", err)
 	}
@@ -428,7 +427,7 @@ func handleLogin(w http.ResponseWriter, r *http.Request) {
 	// See https://github.com/AdguardTeam/AdGuardHome/issues/2799.
 	//
 	// TODO(e.burkov): Use realIP when the issue will be fixed.
-	if remoteAddr, err = aghnet.SplitHost(r.RemoteAddr); err != nil {
+	if remoteAddr, err = netutil.SplitHost(r.RemoteAddr); err != nil {
 		httpError(w, http.StatusBadRequest, "auth: getting remote address: %s", err)
 
 		return

internal/home/clients.go

@@ -20,6 +20,7 @@ import (
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/stringutil"
 )
 
@@ -82,7 +83,7 @@ type clientsContainer struct {
 	idIndex map[string]*Client // ID -> client
 
 	// ipToRC is the IP address to *RuntimeClient map.
-	ipToRC *aghnet.IPMap
+	ipToRC *netutil.IPMap
 
 	lock sync.Mutex
 
@@ -112,7 +113,7 @@ func (clients *clientsContainer) Init(
 	}
 	clients.list = make(map[string]*Client)
 	clients.idIndex = make(map[string]*Client)
-	clients.ipToRC = aghnet.NewIPMap(0)
+	clients.ipToRC = netutil.NewIPMap(0)
 
 	clients.allTags = stringutil.NewSet(clientTags...)
 
@@ -793,7 +794,7 @@ func (clients *clientsContainer) addFromSystemARP() {
 		host := ln[:lparen]
 		ipStr := ln[lparen+2 : rparen]
 		ip := net.ParseIP(ipStr)
-		if aghnet.ValidateDomainName(host) != nil || ip == nil {
+		if netutil.ValidateDomainName(host) != nil || ip == nil {
 			continue
 		}
 

internal/home/control.go

@@ -13,6 +13,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/AdGuardHome/internal/version"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/NYTimes/gziphandler"
 )
 
@@ -39,7 +40,7 @@ func appendDNSAddrs(dst []string, addrs ...net.IP) (res []string) {
 	for _, addr := range addrs {
 		var hostport string
 		if config.DNS.Port != 53 {
-			hostport = aghnet.JoinHostPort(addr.String(), config.DNS.Port)
+			hostport = netutil.JoinHostPort(addr.String(), config.DNS.Port)
 		} else {
 			hostport = addr.String()
 		}
@@ -294,7 +295,7 @@ func handleHTTPSRedirect(w http.ResponseWriter, r *http.Request) (ok bool) {
 		return true
 	}
 
-	host, err := aghnet.SplitHost(r.Host)
+	host, err := netutil.SplitHost(r.Host)
 	if err != nil {
 		httpError(w, http.StatusBadRequest, "bad host: %s", err)
 
@@ -304,7 +305,7 @@ func handleHTTPSRedirect(w http.ResponseWriter, r *http.Request) (ok bool) {
 	if r.TLS == nil && web.forceHTTPS {
 		hostPort := host
 		if port := web.conf.PortHTTPS; port != defaultHTTPSPort {
-			hostPort = aghnet.JoinHostPort(host, port)
+			hostPort = netutil.JoinHostPort(host, port)
 		}
 
 		httpsURL := &url.URL{

internal/home/controlinstall.go

@@ -16,6 +16,7 @@ import (
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 )
 
 // getAddrsResponse is the response for /install/get_addresses endpoint.
@@ -311,7 +312,7 @@ func (web *Web) handleInstallConfigure(w http.ResponseWriter, r *http.Request) {
 				w,
 				http.StatusBadRequest,
 				"can not listen on IP:port %s: %s",
-				aghnet.JoinHostPort(req.Web.IP.String(), req.Web.Port),
+				netutil.JoinHostPort(req.Web.IP.String(), req.Web.Port),
 				err,
 			)
 

internal/home/dns.go

@@ -7,7 +7,6 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/AdGuardHome/internal/querylog"
@@ -15,6 +14,7 @@ import (
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/ameshkov/dnscrypt/v2"
 	yaml "gopkg.in/yaml.v2"
 )
@@ -106,7 +106,7 @@ func isRunning() bool {
 }
 
 func onDNSRequest(pctx *proxy.DNSContext) {
-	ip := aghnet.IPFromAddr(pctx.Addr)
+	ip, _ := netutil.IPAndPortFromAddr(pctx.Addr)
 	if ip == nil {
 		// This would be quite weird if we get here.
 		return
@@ -254,7 +254,7 @@ func getDNSEncryption() (de dnsEncryption) {
 		if tlsConf.PortHTTPS != 0 {
 			addr := hostname
 			if tlsConf.PortHTTPS != 443 {
-				addr = aghnet.JoinHostPort(addr, tlsConf.PortHTTPS)
+				addr = netutil.JoinHostPort(addr, tlsConf.PortHTTPS)
 			}
 
 			de.https = (&url.URL{
@@ -267,14 +267,14 @@ func getDNSEncryption() (de dnsEncryption) {
 		if tlsConf.PortDNSOverTLS != 0 {
 			de.tls = (&url.URL{
 				Scheme: "tls",
-				Host:   aghnet.JoinHostPort(hostname, tlsConf.PortDNSOverTLS),
+				Host:   netutil.JoinHostPort(hostname, tlsConf.PortDNSOverTLS),
 			}).String()
 		}
 
 		if tlsConf.PortDNSOverQUIC != 0 {
 			de.quic = (&url.URL{
 				Scheme: "quic",
-				Host:   aghnet.JoinHostPort(hostname, tlsConf.PortDNSOverQUIC),
+				Host:   netutil.JoinHostPort(hostname, tlsConf.PortDNSOverQUIC),
 			}).String()
 		}
 	}

internal/home/home.go

@@ -30,6 +30,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/version"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"gopkg.in/natefinch/lumberjack.v2"
 )
 
@@ -707,12 +708,12 @@ func printWebAddrs(proto, addr string, port, betaPort int) {
 		hostBetaMsg = hostMsg + " (BETA)"
 	)
 
-	log.Printf(hostMsg, proto, aghnet.JoinHostPort(addr, port))
+	log.Printf(hostMsg, proto, netutil.JoinHostPort(addr, port))
 	if betaPort == 0 {
 		return
 	}
 
-	log.Printf(hostBetaMsg, proto, aghnet.JoinHostPort(addr, config.BetaBindPort))
+	log.Printf(hostBetaMsg, proto, netutil.JoinHostPort(addr, config.BetaBindPort))
 }
 
 // printHTTPAddresses prints the IP addresses which user can use to access the

internal/home/rdns_test.go

@@ -8,12 +8,12 @@ import (
 	"testing"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/AdguardTeam/golibs/cache"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/miekg/dns"
 	"github.com/stretchr/testify/assert"
@@ -85,7 +85,7 @@ func TestRDNS_Begin(t *testing.T) {
 			clients: &clientsContainer{
 				list:    map[string]*Client{},
 				idIndex: tc.cliIDIndex,
-				ipToRC:  aghnet.NewIPMap(0),
+				ipToRC:  netutil.NewIPMap(0),
 				allTags: stringutil.NewSet(),
 			},
 		}
@@ -205,7 +205,7 @@ func TestRDNS_WorkerLoop(t *testing.T) {
 		cc := &clientsContainer{
 			list:    map[string]*Client{},
 			idIndex: map[string]*Client{},
-			ipToRC:  aghnet.NewIPMap(0),
+			ipToRC:  netutil.NewIPMap(0),
 			allTags: stringutil.NewSet(),
 		}
 		ch := make(chan net.IP)

internal/home/tls.go

@@ -19,6 +19,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/google/go-cmp/cmp"
@@ -30,9 +31,9 @@ var tlsWebHandlersRegistered = false
 // TLSMod - TLS module object
 type TLSMod struct {
 	certLastMod time.Time // last modification time of the certificate file
-	conf        tlsConfigSettings
-	confLock    sync.Mutex
 	status      tlsConfigStatus
+	confLock    sync.Mutex
+	conf        tlsConfigSettings
 }
 
 // Create TLS module
@@ -209,8 +210,8 @@ type tlsConfigStatus struct {
 
 // field ordering is important -- yaml fields will mirror ordering from here
 type tlsConfig struct {
-	tlsConfigSettings `json:",inline"`
 	tlsConfigStatus   `json:",inline"`
+	tlsConfigSettings `json:",inline"`
 }
 
 func (t *TLSMod) handleTLSStatus(w http.ResponseWriter, _ *http.Request) {
@@ -247,6 +248,41 @@ func (t *TLSMod) handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 	marshalTLS(w, data)
 }
 
+func (t *TLSMod) setConfig(newConf tlsConfigSettings, status tlsConfigStatus) (restartHTTPS bool) {
+	t.confLock.Lock()
+	defer t.confLock.Unlock()
+
+	// Reset the DNSCrypt data before comparing, since we currently do not
+	// accept these from the frontend.
+	//
+	// TODO(a.garipov): Define a custom comparer for dnsforward.TLSConfig.
+	newConf.DNSCryptConfigFile = t.conf.DNSCryptConfigFile
+	newConf.PortDNSCrypt = t.conf.PortDNSCrypt
+	if !cmp.Equal(t.conf, newConf, cmp.AllowUnexported(dnsforward.TLSConfig{})) {
+		log.Info("tls config has changed, restarting https server")
+		restartHTTPS = true
+	} else {
+		log.Info("tls config has not changed")
+	}
+
+	// Note: don't do just `t.conf = data` because we must preserve all other members of t.conf
+	t.conf.Enabled = newConf.Enabled
+	t.conf.ServerName = newConf.ServerName
+	t.conf.ForceHTTPS = newConf.ForceHTTPS
+	t.conf.PortHTTPS = newConf.PortHTTPS
+	t.conf.PortDNSOverTLS = newConf.PortDNSOverTLS
+	t.conf.PortDNSOverQUIC = newConf.PortDNSOverQUIC
+	t.conf.CertificateChain = newConf.CertificateChain
+	t.conf.CertificatePath = newConf.CertificatePath
+	t.conf.CertificateChainData = newConf.CertificateChainData
+	t.conf.PrivateKey = newConf.PrivateKey
+	t.conf.PrivateKeyPath = newConf.PrivateKeyPath
+	t.conf.PrivateKeyData = newConf.PrivateKeyData
+	t.status = status
+
+	return restartHTTPS
+}
+
 func (t *TLSMod) handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 	data, err := unmarshalTLS(r)
 	if err != nil {
@@ -266,42 +302,28 @@ func (t *TLSMod) handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 			tlsConfigStatus:   t.status,
 		}
 		marshalTLS(w, data2)
+
 		return
 	}
-	status = validateCertificates(string(data.CertificateChainData), string(data.PrivateKeyData), data.ServerName)
-	restartHTTPS := false
 
-	t.confLock.Lock()
-	if !cmp.Equal(t.conf, data) {
-		log.Printf("tls config settings have changed, will restart HTTPS server")
-		restartHTTPS = true
-	}
-	// Note: don't do just `t.conf = data` because we must preserve all other members of t.conf
-	t.conf.Enabled = data.Enabled
-	t.conf.ServerName = data.ServerName
-	t.conf.ForceHTTPS = data.ForceHTTPS
-	t.conf.PortHTTPS = data.PortHTTPS
-	t.conf.PortDNSOverTLS = data.PortDNSOverTLS
-	t.conf.PortDNSOverQUIC = data.PortDNSOverQUIC
-	t.conf.CertificateChain = data.CertificateChain
-	t.conf.CertificatePath = data.CertificatePath
-	t.conf.CertificateChainData = data.CertificateChainData
-	t.conf.PrivateKey = data.PrivateKey
-	t.conf.PrivateKeyPath = data.PrivateKeyPath
-	t.conf.PrivateKeyData = data.PrivateKeyData
-	t.status = status
-	t.confLock.Unlock()
+	status = validateCertificates(string(data.CertificateChainData), string(data.PrivateKeyData), data.ServerName)
+
+	restartHTTPS := t.setConfig(data, status)
 	t.setCertFileTime()
 	onConfigModified()
+
 	err = reconfigureDNSServer()
 	if err != nil {
 		httpError(w, http.StatusInternalServerError, "%s", err)
+
 		return
 	}
+
 	data2 := tlsConfig{
 		tlsConfigSettings: data,
 		tlsConfigStatus:   t.status,
 	}
+
 	marshalTLS(w, data2)
 	if f, ok := w.(http.Flusher); ok {
 		f.Flush()

internal/home/upgrade.go

@@ -11,9 +11,9 @@ import (
 	"strings"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/google/renameio/maybe"
 	"golang.org/x/crypto/bcrypt"
 	yaml "gopkg.in/yaml.v2"
@@ -545,7 +545,7 @@ func addQUICPort(ups string, port int) (withPort string) {
 	}
 
 	var host string
-	host, err = aghnet.SplitHost(upsURL.Host)
+	host, err = netutil.SplitHost(upsURL.Host)
 	if err != nil || host != upsURL.Host {
 		return ups
 	}

internal/home/web.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/NYTimes/gziphandler"
 )
 
@@ -175,7 +176,7 @@ func (web *Web) Start() {
 		// we need to have new instance, because after Shutdown() the Server is not usable
 		web.httpServer = &http.Server{
 			ErrorLog:          log.StdLog("web: plain", log.DEBUG),
-			Addr:              aghnet.JoinHostPort(hostStr, web.conf.BindPort),
+			Addr:              netutil.JoinHostPort(hostStr, web.conf.BindPort),
 			Handler:           withMiddlewares(Context.mux, limitRequestBody),
 			ReadTimeout:       web.conf.ReadTimeout,
 			ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
@@ -188,7 +189,7 @@ func (web *Web) Start() {
 		if web.conf.BetaBindPort != 0 {
 			web.httpServerBeta = &http.Server{
 				ErrorLog:          log.StdLog("web: plain", log.DEBUG),
-				Addr:              aghnet.JoinHostPort(hostStr, web.conf.BetaBindPort),
+				Addr:              netutil.JoinHostPort(hostStr, web.conf.BetaBindPort),
 				Handler:           withMiddlewares(Context.mux, limitRequestBody, web.wrapIndexBeta),
 				ReadTimeout:       web.conf.ReadTimeout,
 				ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
@@ -249,7 +250,7 @@ func (web *Web) tlsServerLoop() {
 		web.httpsServer.cond.L.Unlock()
 
 		// prepare HTTPS server
-		address := aghnet.JoinHostPort(web.conf.BindHost.String(), web.conf.PortHTTPS)
+		address := netutil.JoinHostPort(web.conf.BindHost.String(), web.conf.PortHTTPS)
 		web.httpsServer.server = &http.Server{
 			ErrorLog: log.StdLog("web: https", log.DEBUG),
 			Addr:     address,

internal/querylog/searchcriterion.go

@@ -2,10 +2,9 @@ package querylog
 
 import (
 	"strings"
-	"unicode"
-	"unicode/utf8"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
+	"github.com/AdguardTeam/golibs/stringutil"
 )
 
 type criterionType int
@@ -69,37 +68,6 @@ func ctDomainOrClientCaseStrict(
 		strings.EqualFold(name, term)
 }
 
-// containsFold reports whehter s contains, ignoring letter case, substr.
-//
-// TODO(a.garipov): Move to aghstrings if needed elsewhere.
-func containsFold(s, substr string) (ok bool) {
-	sLen, substrLen := len(s), len(substr)
-	if sLen < substrLen {
-		return false
-	}
-
-	if sLen == substrLen {
-		return strings.EqualFold(s, substr)
-	}
-
-	first, _ := utf8.DecodeRuneInString(substr)
-	firstFolded := unicode.SimpleFold(first)
-
-	for i := 0; i != -1 && len(s) >= len(substr); {
-		if strings.EqualFold(s[:substrLen], substr) {
-			return true
-		}
-
-		i = strings.IndexFunc(s[1:], func(r rune) (eq bool) {
-			return r == first || r == firstFolded
-		})
-
-		s = s[1+i:]
-	}
-
-	return false
-}
-
 func ctDomainOrClientCaseNonStrict(
 	term string,
 	asciiTerm string,
@@ -108,11 +76,11 @@ func ctDomainOrClientCaseNonStrict(
 	host string,
 	ip string,
 ) (ok bool) {
-	return containsFold(clientID, term) ||
-		containsFold(host, term) ||
-		(asciiTerm != "" && containsFold(host, asciiTerm)) ||
-		containsFold(ip, term) ||
-		containsFold(name, term)
+	return stringutil.ContainsFold(clientID, term) ||
+		stringutil.ContainsFold(host, term) ||
+		(asciiTerm != "" && stringutil.ContainsFold(host, asciiTerm)) ||
+		stringutil.ContainsFold(ip, term) ||
+		stringutil.ContainsFold(name, term)
 }
 
 // quickMatch quickly checks if the line matches the given search criterion.