all: fix chlog

.github/workflows/build.yml

@@ -1,7 +1,7 @@
 'name': 'build'
 
 'env':
-  'GO_VERSION': '1.20.10'
+  'GO_VERSION': '1.20.11'
   'NODE_VERSION': '16'
 
 'on':

.github/workflows/lint.yml

@@ -1,7 +1,7 @@
 'name': 'lint'
 
 'env':
-  'GO_VERSION': '1.20.10'
+  'GO_VERSION': '1.20.11'
 
 'on':
   'push':

CHANGELOG.md

@@ -14,11 +14,11 @@ and this project adheres to
 <!--
 ## [v0.108.0] - TBA
 
-## [v0.107.40] - 2023-10-09 (APPROX.)
+## [v0.107.42] - 2023-12-06 (APPROX.)
 
-See also the [v0.107.40 GitHub milestone][ms-v0.107.40].
+See also the [v0.107.42 GitHub milestone][ms-v0.107.42].
 
-[ms-v0.107.40]: https://github.com/AdguardTeam/AdGuardHome/milestone/75?closed=1
+[ms-v0.107.42]: https://github.com/AdguardTeam/AdGuardHome/milestone/76?closed=1
 
 NOTE: Add new changes BELOW THIS COMMENT.
 -->
@@ -29,6 +29,88 @@ NOTE: Add new changes ABOVE THIS COMMENT.
 
 
 
+## [v0.107.41] - 2023-11-13
+
+See also the [v0.107.41 GitHub milestone][ms-v0.107.41].
+
+### Security
+
+- Go version has been updated to prevent the possibility of exploiting the
+  CVE-2023-45283 and CVE-2023-45284 Go vulnerabilities fixed in
+  [Go 1.20.11][go-1.20.11].
+
+### Added
+
+- Ability to specify subnet lengths for IPv4 and IPv6 addresses, used for rate
+  limiting requests, in the configuration file ([#6368]).
+- Ability to specify multiple domain specific upstreams per line, e.g.
+  `[/domain1/../domain2/]upstream1 upstream2 .. upstreamN` ([#4977]).
+
+### Changed
+
+- The height of ready-to-use filter lists has been increased ([#6358]).
+- Improved authentication failure logging ([#6357]).
+
+#### Configuration Changes
+
+- New properties `dns.ratelimit_subnet_len_ipv4` and
+  `dns.ratelimit_subnet_len_ipv6` in the configuration file ([#6368]).
+
+### Fixed
+
+- Missing timezone on schedule form submission ([#6401]).
+- Average request processing time calculation ([#6220]).
+- Redundant shortening long client names in the Top Clients table ([#6338]).
+- Scrolling column headers in the tables ([#6337]).
+- `$important,dnsrewrite` rules do not take precedence over allowlist rules
+  ([#6204]).
+- Dark mode DNS rewrite background ([#6329]).
+- Issues with QUIC and HTTP/3 upstreams on Linux ([#6335]).
+
+[#4977]: https://github.com/AdguardTeam/AdGuardHome/issues/4977
+[#6204]: https://github.com/AdguardTeam/AdGuardHome/issues/6204
+[#6220]: https://github.com/AdguardTeam/AdGuardHome/issues/6220
+[#6329]: https://github.com/AdguardTeam/AdGuardHome/issues/6329
+[#6335]: https://github.com/AdguardTeam/AdGuardHome/issues/6335
+[#6337]: https://github.com/AdguardTeam/AdGuardHome/issues/6337
+[#6338]: https://github.com/AdguardTeam/AdGuardHome/issues/6338
+[#6357]: https://github.com/AdguardTeam/AdGuardHome/issues/6357
+[#6358]: https://github.com/AdguardTeam/AdGuardHome/issues/6358
+[#6368]: https://github.com/AdguardTeam/AdGuardHome/issues/6368
+[#6401]: https://github.com/AdguardTeam/AdGuardHome/issues/6401
+
+[go-1.20.11]:   https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY/m/d-jSKR_jBwAJ
+[ms-v0.107.41]: https://github.com/AdguardTeam/AdGuardHome/milestone/76?closed=1
+
+
+
+## [v0.107.40] - 2023-10-18
+
+See also the [v0.107.40 GitHub milestone][ms-v0.107.40].
+
+### Changed
+
+- *Block* and *Unblock* buttons of the query log moved to the tooltip menu
+  ([#684]).
+
+### Fixed
+
+- Dashboard tables scroll issue ([#6180]).
+- The time shown in the statistics is one hour less than the current time
+  ([#6296]).
+- Issues with QUIC and HTTP/3 upstreams on FreeBSD ([#6301]).
+- Panic on clearing the query log ([#6304]).
+
+[#684]:  https://github.com/AdguardTeam/AdGuardHome/issues/684
+[#6180]: https://github.com/AdguardTeam/AdGuardHome/issues/6180
+[#6296]: https://github.com/AdguardTeam/AdGuardHome/issues/6296
+[#6301]: https://github.com/AdguardTeam/AdGuardHome/issues/6301
+[#6304]: https://github.com/AdguardTeam/AdGuardHome/issues/6304
+
+[ms-v0.107.40]: https://github.com/AdguardTeam/AdGuardHome/milestone/75?closed=1
+
+
+
 ## [v0.107.39] - 2023-10-11
 
 See also the [v0.107.39 GitHub milestone][ms-v0.107.39].
@@ -47,7 +129,7 @@ See also the [v0.107.39 GitHub milestone][ms-v0.107.39].
 
 ### Changed
 
-- ipset entries are updated more often ([#6233]).
+- `ipset` entries are updated more frequently ([#6233]).
 - Node.JS 16 is now required to build the frontend.
 
 ### Fixed
@@ -66,9 +148,8 @@ See also the [v0.107.39 GitHub milestone][ms-v0.107.39].
 [#6233]: https://github.com/AdguardTeam/AdGuardHome/issues/6233
 [#6280]: https://github.com/AdguardTeam/AdGuardHome/issues/6280
 
-[go-1.20.9]:  https://groups.google.com/g/golang-announce/c/XBa1oHDevAo/m/desYyx3qAgAJ
-[go-1.20.10]: https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ
-
+[go-1.20.10]:   https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ
+[go-1.20.9]:    https://groups.google.com/g/golang-announce/c/XBa1oHDevAo/m/desYyx3qAgAJ
 [ms-v0.107.39]: https://github.com/AdguardTeam/AdGuardHome/milestone/74?closed=1
 
 
@@ -2531,11 +2612,13 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].
 
 
 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.40...HEAD
-[v0.107.40]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.39...v0.107.40
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.42...HEAD
+[v0.107.42]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.41...v0.107.42
 -->
 
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.39...HEAD
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.41...HEAD
+[v0.107.41]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.40...v0.107.41
+[v0.107.40]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.39...v0.107.40
 [v0.107.39]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.38...v0.107.39
 [v0.107.38]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.37...v0.107.38
 [v0.107.37]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.36...v0.107.37

README.md

@@ -201,7 +201,7 @@ opinion, this cannot be legitimately counted as a Pi-Hole's feature.
 | Cross-platform                                                          | ✅                | ❌ (not natively, only via Docker)                        |
 | Running as a DNS-over-HTTPS or DNS-over-TLS server                      | ✅                | ❌ (requires additional software)                         |
 | Blocking phishing and malware domains                                   | ✅                | ❌ (requires non-default blocklists)                      |
-| Parental control (blocking adult domains)                               | ✅                | ❌                                                        |
+| Parental control (blocking adult domains)                               | ✅                | ❌ (requires non-default blocklists)                      |
 | Force Safe search on search engines                                     | ✅                | ❌                                                        |
 | Per-client (device) configuration                                       | ✅                | ✅                                                        |
 | Access settings (choose who can use AGH DNS)                            | ✅                | ❌                                                        |

bamboo-specs/release.yaml

@@ -7,7 +7,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
     'channel': 'edge'
-    'dockerGo': 'adguard/golang-ubuntu:7.4'
+    'dockerGo': 'adguard/golang-ubuntu:7.5'
 
 'stages':
   - 'Build frontend':
@@ -272,7 +272,7 @@
         # need to build a few of these.
         'variables':
             'channel': 'beta'
-            'dockerGo': 'adguard/golang-ubuntu:7.4'
+            'dockerGo': 'adguard/golang-ubuntu:7.5'
     # release-vX.Y.Z branches are the branches from which the actual final
     # release is built.
   - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
@@ -287,4 +287,4 @@
         # are the ones that actually get released.
         'variables':
             'channel': 'release'
-            'dockerGo': 'adguard/golang-ubuntu:7.4'
+            'dockerGo': 'adguard/golang-ubuntu:7.5'

bamboo-specs/snapcraft.yaml

@@ -10,7 +10,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
     'channel': 'edge'
-    'dockerGo': 'adguard/golang-ubuntu:7.4'
+    'dockerGo': 'adguard/golang-ubuntu:7.5'
     'snapcraftChannel': 'edge'
 
 'stages':
@@ -191,7 +191,7 @@
         # need to build a few of these.
         'variables':
             'channel': 'beta'
-            'dockerGo': 'adguard/golang-ubuntu:7.4'
+            'dockerGo': 'adguard/golang-ubuntu:7.5'
             'snapcraftChannel': 'beta'
     # release-vX.Y.Z branches are the branches from which the actual final
     # release is built.
@@ -207,5 +207,5 @@
         # are the ones that actually get released.
         'variables':
             'channel': 'release'
-            'dockerGo': 'adguard/golang-ubuntu:7.4'
+            'dockerGo': 'adguard/golang-ubuntu:7.5'
             'snapcraftChannel': 'candidate'

bamboo-specs/test.yaml

@@ -5,7 +5,7 @@
     'key': 'AHBRTSPECS'
     'name': 'AdGuard Home - Build and run tests'
 'variables':
-    'dockerGo': 'adguard/golang-ubuntu:7.4'
+    'dockerGo': 'adguard/golang-ubuntu:7.5'
 
 'stages':
   - 'Tests':

client/src/__locales/be.json

@@ -119,7 +119,8 @@
     "stats_malware_phishing": "Заблакаваныя шкодныя і фішынгавыя сайты",
     "stats_adult": "Заблакаваныя «дарослыя» сайты",
     "stats_query_domain": "Часта запытаныя дамены",
-    "for_last_24_hours": "за 24 гадзіны",
+    "for_last_hours": "за апошнюю {{count}} гадзіну",
+    "for_last_hours_plural": "за апошнія {{count}} гадзін",
     "for_last_days": "за апошні {{count}} дзень",
     "for_last_days_plural": "за апошнія {{count}} дзён",
     "stats_disabled": "Статыстыка была адключаная. Вы можаце ўключыць яго <0>на старонцы налад </0>.",
@@ -134,14 +135,14 @@
     "no_upstreams_data_found": "Няма дадзеных аб upstream серверах",
     "number_of_dns_query_days": "Колькасць DNS-запытаў за апошні {{count}} дзень",
     "number_of_dns_query_days_plural": "Колькасць DNS запытаў, апрацаваных за апошнія {{count}} дзён",
-    "number_of_dns_query_24_hours": "Колькасць DNS-запытаў за 24 гадзіны",
+    "number_of_dns_query_hours": "Колькасць DNS-запытаў, апрацаваных за апошнюю {{count}} гадзіну",
+    "number_of_dns_query_hours_plural": "Колькасць DNS-запытаў, апрацаваных за апошнія {{count}} гадзін",
     "number_of_dns_query_blocked_24_hours": "Колькасць DNS-запытаў, заблакаваных фільтрамі і блок-спісамі",
     "number_of_dns_query_blocked_24_hours_by_sec": "Колькасць DNS-запытаў, заблакаваных модулем Антыфішынгу AdGuard",
     "number_of_dns_query_blocked_24_hours_adult": "Колькасць заблакаваных «сайтаў для дарослых»",
     "enforced_save_search": "Ужыты бяспечны пошук",
     "number_of_dns_query_to_safe_search": "Колькасць запытаў DNS для пошукавых сістэм, для якіх быў ужыты Бяспечны пошук",
     "average_processing_time": "Сярэдні час апрацоўкі запыту",
-    "processing_time": "Час апрацоўкі",
     "average_processing_time_hint": "Сярэдні час для апрацоўкі запыту DNS  у мілісекундах",
     "block_domain_use_filters_and_hosts": "Блакаваць дамены з выкарыстаннем фільтраў і файлаў хастоў",
     "filters_block_toggle_hint": "Вы можаце наладзіць правілы блакавання ў «<a>Фільтрах</a>».",

client/src/__locales/cs.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Nastavení klienta",
     "example_upstream_reserved": "odchozí DNS připojení <0>pro konkrétní doménu(y)</0>;",
+    "example_multiple_upstreams_reserved": "více odchozích připojení <0>pro konkrétní domény</0>;",
     "example_upstream_comment": "komentář.",
     "upstream_parallel": "Použijte paralelní požadavky na urychlení řešení simultánním dotazováním na všechny navazující servery.",
     "parallel_requests": "Paralelní požadavky",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Blokovaný malware/podvody",
     "stats_adult": "Blokované stránky pro dospělé",
     "stats_query_domain": "Nejčastěji dotazované domény",
-    "for_last_24_hours": "za posledních 24 hodin",
+    "for_last_hours": "za poslední {{count}} hodinu",
+    "for_last_hours_plural": "za posledních {{count}} hodin",
     "for_last_days": "za posledních {{count}} dní",
     "for_last_days_plural": "za posledních {{count}} dní",
     "stats_disabled": "Statistiky byly vypnuty. Můžete je zapnout ze <0>stránky nastavení</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Nebyla nalezena žádná data odchozích připojení",
     "number_of_dns_query_days": "Počet DNS dotazů zpracovaných za posledních {{count}} den",
     "number_of_dns_query_days_plural": "Počet DNS dotazů zpracovaných za posledních {{count}} dní",
-    "number_of_dns_query_24_hours": "Počet DNS dotazů zpracovaných za posledních 24 hodin",
+    "number_of_dns_query_hours": "Počet DNS dotazů zpracovaných za poslední {{count}} hodinu",
+    "number_of_dns_query_hours_plural": "Počet DNS dotazů zpracovaných za posledních {{count}} hodin",
     "number_of_dns_query_blocked_24_hours": "Počet požadavků DNS zablokovaných filtrem reklam a seznamy blokování hostitelů",
     "number_of_dns_query_blocked_24_hours_by_sec": "Počet požadavků DNS zablokovaných AdGuard modulem Bezpečné prohlížení",
     "number_of_dns_query_blocked_24_hours_adult": "Počet zablokovaných stránek pro dospělé",
     "enforced_save_search": "Vynucené bezpečné vyhledávání",
     "number_of_dns_query_to_safe_search": "Počet požadavků DNS na vyhledávače, při kterých bylo vynucené bezpečné vyhledávání",
     "average_processing_time": "Průměrný čas zpracování",
-    "processing_time": "Doba zpracování",
+    "average_upstream_response_time": "Průměrná doba odezvy odchozích připojení",
+    "response_time": "Čas odezvy",
     "average_processing_time_hint": "Průměrný čas zpracování požadavků DNS v milisekundách",
     "block_domain_use_filters_and_hosts": "Blokovat domény pomocí filtrů a seznamů adres",
     "filters_block_toggle_hint": "Pravidla blokování můžete nastavit v nastavení <a>Filtry</a>.",

client/src/__locales/da.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Klientindstillinger",
     "example_upstream_reserved": "en upstream <0>for bestemte domæner</0>;",
+    "example_multiple_upstreams_reserved": "flere upstreams <0>til bestemte domæner</0>;",
     "example_upstream_comment": "en kommentaren.",
     "upstream_parallel": "Brug parallelforespørgsler til at accelerere fortolkningen ved at forespørge alle upstream-servere samtidigt.",
     "parallel_requests": "Parallelle forespørgsler",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Blokeret malware/phishing",
     "stats_adult": "Blokerede voksne websteder",
     "stats_query_domain": "Mest forespurgte domæner",
-    "for_last_24_hours": "de seneste 24 timer",
+    "for_last_hours": "den seneste {{count}} time",
+    "for_last_hours_plural": "de seneste {{count}} timer",
     "for_last_days": "den seneste {{count}} dag",
     "for_last_days_plural": "de seneste {{count}} dage",
     "stats_disabled": "Statistikker er deaktiveret. De kan aktiveres via <0>indstillingssiden</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Ingen upstreams-data fundet",
     "number_of_dns_query_days": "Antallet af DNS-forespørgsler behandlet den seneste {{count}} dag",
     "number_of_dns_query_days_plural": "Antallet af DNS-forespørgsler behandlet de seneste {{count}} dage",
-    "number_of_dns_query_24_hours": "Antallet af DNS-forespørgsler behandlet de seneste 24 timer",
+    "number_of_dns_query_hours": "Antallet af DNS-forespørgsler behandlet den seneste {{count}} time",
+    "number_of_dns_query_hours_plural": "Antallet af DNS-forespørgsler behandlet de seneste {{count}} timer",
     "number_of_dns_query_blocked_24_hours": "Antallet af DNS-forespørgsler blokeret af adblockfiltre og værtssortlister",
     "number_of_dns_query_blocked_24_hours_by_sec": "Antallet af DNS-forespørgsler blokeret af AdGuards browsingsikkerhedsmodul",
     "number_of_dns_query_blocked_24_hours_adult": "Antallet af blokerede voksenwebsteder",
     "enforced_save_search": "Håndhævet sikker søgning",
     "number_of_dns_query_to_safe_search": "Antallet af DNS-forespørgsler til søgemaskiner, hvor Sikker Søgning blev håndhævet",
     "average_processing_time": "Gennemsnitlig behandlingstid",
-    "processing_time": "Behandlingstid",
+    "average_upstream_response_time": "Gennemsnitlig upstream-responstid",
+    "response_time": "Responstid",
     "average_processing_time_hint": "Gennemsnitlig behandlingstid i millisekunder af DNS-forespørgsel",
     "block_domain_use_filters_and_hosts": "Blokér domæner vha. filtre og værtsfiler",
     "filters_block_toggle_hint": "Du kan opsætte blokeringsregler i <a>Filterindstillingerne</a>.",

client/src/__locales/de.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Client-Einstellungen",
     "example_upstream_reserved": "ein Upstream <0>für bestimmte Domains</0>;",
+    "example_multiple_upstreams_reserved": "mehrere Upstreams <0>für bestimmte Domains</0>;",
     "example_upstream_comment": "ein Kommentar.",
     "upstream_parallel": "Parallele Abfragen verwenden, um das Auflösen zu beschleunigen, indem alle Upstream-Server gleichzeitig abgefragt werden.",
     "parallel_requests": "Paralleles Abfragen",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Gesperrte Schädliche/Phishing-Websites",
     "stats_adult": "Gesperrte jugendgefährdende Websites",
     "stats_query_domain": "Am häufigsten angefragte Domains",
-    "for_last_24_hours": "für die letzten 24 Stunden",
+    "for_last_hours": "in die letzte {{count}} Stunde",
+    "for_last_hours_plural": "in die letzten {{count}} Stunden",
     "for_last_days": "am letzten {{count}} Tag",
     "for_last_days_plural": "in den letzten {{count}} Tage",
     "stats_disabled": "Die Statistik wurde deaktiviert. Sie können diese in den <0>Einstellungen</0> erneut aktivieren.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Keine Upstream-Daten gefunden",
     "number_of_dns_query_days": "Anzahl der in den letzten {{count}} Tagen verarbeiteten DNS-Anfragen",
     "number_of_dns_query_days_plural": "Anzahl der DNS-Abfragen, die in den letzten {{count}} Tagen verarbeitet wurden",
-    "number_of_dns_query_24_hours": "Anzahl der in den letzten 24 Stunden durchgeführten DNS-Anfragen",
+    "number_of_dns_query_hours": "Die Anzahl der DNS-Anfragen, die in der letzten {{count}} Stunde verarbeitet wurden",
+    "number_of_dns_query_hours_plural": "Die Anzahl der DNS-Anfragen, die in den letzten {{count}} Stunden verarbeitet wurden",
     "number_of_dns_query_blocked_24_hours": "Anzahl der durch Werbefilter und Host-Sperrlisten abgelehnte DNS-Anfragen",
     "number_of_dns_query_blocked_24_hours_by_sec": "Anzahl der durch das AdGuard-Modul „Internetsicherheit“ gesperrten DNS-Anfragen",
     "number_of_dns_query_blocked_24_hours_adult": "Anzahl der gesperrten Websites mit jugendgefährdenden Inhalten",
     "enforced_save_search": "Sichere Suche erzwungen",
     "number_of_dns_query_to_safe_search": "Anzahl der DNS-Anfragen bei denen Sichere Suche für Suchanfragen erzwungen wurde",
     "average_processing_time": "Durchschnittliche Bearbeitungsdauer",
-    "processing_time": "Verarbeitungszeit",
+    "average_upstream_response_time": "Durchschnittliche Upstream-Antwortzeit",
+    "response_time": "Antwortzeit",
     "average_processing_time_hint": "Durchschnittliche Zeit in Millisekunden zur Bearbeitung von DNS-Anfragen",
     "block_domain_use_filters_and_hosts": "Domains durch Filter und Host-Dateien sperren",
     "filters_block_toggle_hint": "Sie können Blockierregeln in den <a>Filter</a>einstellungen erstellen.",

client/src/__locales/en.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Client settings",
     "example_upstream_reserved": "an upstream <0>for specific domains</0>;",
+    "example_multiple_upstreams_reserved": "multiple upstreams <0>for specific domains</0>;",
     "example_upstream_comment": "a comment.",
     "upstream_parallel": "Use parallel queries to speed up resolving by querying all upstream servers simultaneously.",
     "parallel_requests": "Parallel requests",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Blocked malware/phishing",
     "stats_adult": "Blocked adult websites",
     "stats_query_domain": "Top queried domains",
-    "for_last_24_hours": "for the last 24 hours",
+    "for_last_hours": "for the last {{count}} hour",
+    "for_last_hours_plural": "for the last {{count}} hours",
     "for_last_days": "for the last {{count}} day",
     "for_last_days_plural": "for the last {{count}} days",
     "stats_disabled": "The statistics have been disabled. You can turn it on from the <0>settings page</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "No upstreams data found",
     "number_of_dns_query_days": "The number of DNS queries processed for the last {{count}} day",
     "number_of_dns_query_days_plural": "The number of DNS queries processed for the last {{count}} days",
-    "number_of_dns_query_24_hours": "The number of DNS queries processed for the last 24 hours",
+    "number_of_dns_query_hours": "The number of DNS queries processed for the last {{count}} hour",
+    "number_of_dns_query_hours_plural": "The number of DNS queries processed for the last {{count}} hours",
     "number_of_dns_query_blocked_24_hours": "The number of DNS requests blocked by adblock filters and hosts blocklists",
     "number_of_dns_query_blocked_24_hours_by_sec": "The number of DNS requests blocked by the AdGuard browsing security module",
     "number_of_dns_query_blocked_24_hours_adult": "The number of adult websites blocked",
     "enforced_save_search": "Enforced safe search",
     "number_of_dns_query_to_safe_search": "The number of DNS requests to search engines for which Safe Search was enforced",
     "average_processing_time": "Average processing time",
-    "processing_time": "Processing time",
+    "average_upstream_response_time": "Average upstream response time",
+    "response_time": "Response time",
     "average_processing_time_hint": "Average time in milliseconds on processing a DNS request",
     "block_domain_use_filters_and_hosts": "Block domains using filters and hosts files",
     "filters_block_toggle_hint": "You can setup blocking rules in the <a>Filters</a> settings.",

client/src/__locales/es.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Configuración de clientes",
     "example_upstream_reserved": "un DNS de subida <0>para un dominio específico</0>.",
+    "example_multiple_upstreams_reserved": "múltiples upstreams <0>para dominios específicos</0>;",
     "example_upstream_comment": "un comentario.",
     "upstream_parallel": "Usar consultas paralelas para acelerar la resolución al consultar simultáneamente a todos los servidores DNS de subida.",
     "parallel_requests": "Consultas paralelas",
@@ -8,9 +9,9 @@
     "load_balancing_desc": "Consulta un servidor DNS de subida a la vez. AdGuard Home utiliza su algoritmo aleatorio ponderado para elegir el servidor más rápido y sea utilizado con más frecuencia.",
     "bootstrap_dns": "Servidores DNS de arranque",
     "bootstrap_dns_desc": "Direcciones IP de servidores DNS utilizadas para resolver direcciones IP de los solucionadores DoH/DoT que especifiques como ascendentes. No se permiten comentarios.",
-    "fallback_dns_title": "Servidores DNS de fallback",
-    "fallback_dns_desc": "La lista de DNS de fallback serán usadas cuando los servidores de upstream de DNS no respondan. La sintaxis es la misma que en los principales del campo anterior.",
-    "fallback_dns_placeholder": "Ingresa un servidor de DNS alternativo por línea",
+    "fallback_dns_title": "Servidores DNS alternativos",
+    "fallback_dns_desc": "Lista de servidores DNS alternativos utilizados cuando los servidores DNS de subida no responden. La sintaxis es la misma que en el campo de los principales DNS de subida anterior.",
+    "fallback_dns_placeholder": "Ingresa un servidor DNS alternativo por línea",
     "local_ptr_title": "Servidores DNS inversos y privados",
     "local_ptr_desc": "Los servidores DNS que AdGuard Home utiliza para las consultas PTR locales. Estos servidores se utilizan para resolver las peticiones PTR de direcciones en rangos de IP privadas, por ejemplo \"192.168.12.34\", utilizando DNS inverso. Si no está establecido, AdGuard Home utilizará los resolutores DNS predeterminados de tu sistema operativo, excepto las direcciones del propio AdGuard Home.",
     "local_ptr_default_resolver": "Por defecto, AdGuard Home utiliza los siguientes resolutores DNS inversos: {{ip}}.",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Malware/phishing bloqueado",
     "stats_adult": "Sitios web para adultos bloqueado",
     "stats_query_domain": "Dominios más consultados",
-    "for_last_24_hours": "en las últimas 24 horas",
+    "for_last_hours": "de la última {{count}} hora",
+    "for_last_hours_plural": "de las últimas {{count}} horas",
     "for_last_days": "durante los últimos {{count}} días",
     "for_last_days_plural": "durante los últimos {{count}} días",
     "stats_disabled": "Las estadísticas se han deshabilitado. Puedes habilitarlas desde la <0>página de configuración</0>.",
@@ -130,18 +132,20 @@
     "top_clients": "Clientes más frecuentes",
     "no_clients_found": "No se han encontrado clientes",
     "general_statistics": "Estadísticas generales",
-    "top_upstreams": "Mejores upstreams",
-    "no_upstreams_data_found": "No se han encontrado datos de upstreams",
+    "top_upstreams": "DNS de subida más frecuentes",
+    "no_upstreams_data_found": "No se han encontrado datos de DNS de subida",
     "number_of_dns_query_days": "Número de consultas DNS procesadas durante el último {{count}} día",
     "number_of_dns_query_days_plural": "Número de consultas DNS procesadas durante los últimos {{count}} días",
-    "number_of_dns_query_24_hours": "Número de consultas DNS procesadas durante las últimas 24 horas",
+    "number_of_dns_query_hours": "Número de consultas DNS procesadas durante la última {{count}} hora",
+    "number_of_dns_query_hours_plural": "Número de consultas DNS procesadas durante las últimas {{count}} horas",
     "number_of_dns_query_blocked_24_hours": "Número de peticiones DNS bloqueadas por los filtros y listas de bloqueo de hosts",
     "number_of_dns_query_blocked_24_hours_by_sec": "Número de peticiones DNS bloqueadas por el módulo de seguridad de navegación de AdGuard",
     "number_of_dns_query_blocked_24_hours_adult": "Número de sitios web para adultos bloqueado",
     "enforced_save_search": "Búsquedas seguras forzadas",
     "number_of_dns_query_to_safe_search": "Número de peticiones DNS a los motores de búsqueda para los que se aplicó la búsqueda segura forzada",
     "average_processing_time": "Tiempo promedio de procesamiento",
-    "processing_time": "Tiempo de procesamiento",
+    "average_upstream_response_time": "Tiempo promedio de respuesta upstream",
+    "response_time": "Tiempo de respuesta",
     "average_processing_time_hint": "Tiempo promedio en milisegundos al procesar una petición DNS",
     "block_domain_use_filters_and_hosts": "Bloquear dominios usando filtros y archivos hosts",
     "filters_block_toggle_hint": "Puedes configurar las reglas de bloqueo en la configuración de <a>filtros</a>.",
@@ -166,7 +170,7 @@
     "upstream_dns_configured_in_file": "Configurado en {{path}}",
     "test_upstream_btn": "Probar DNS de subida",
     "upstreams": "DNS de subida",
-    "upstream": "Upstream",
+    "upstream": "DNS de subida",
     "apply_btn": "Aplicar",
     "disabled_filtering_toast": "Filtrado deshabilitado",
     "enabled_filtering_toast": "Filtrado habilitado",
@@ -675,21 +679,21 @@
     "disable_for_hours": "Por {{count}} hora",
     "disable_for_hours_plural": "Por {{count}} horas",
     "disable_until_tomorrow": "Hasta mañana",
-    "disable_notify_for_seconds": "Desactivar la protección por {{count}} segundo",
-    "disable_notify_for_seconds_plural": "Desactivar la protección por {{count}} segundos",
-    "disable_notify_for_minutes": "Desactivar la protección por {{count}} minuto",
-    "disable_notify_for_minutes_plural": "Desactivar la protección por {{count}} minutos",
-    "disable_notify_for_hours": "Desactivar la protección por {{count}} hora",
-    "disable_notify_for_hours_plural": "Desactivar la protección por {{count}} horas",
-    "disable_notify_until_tomorrow": "Desactivar la protección hasta mañana",
-    "enable_protection_timer": "La protección se activará en {{time}}",
+    "disable_notify_for_seconds": "Deshabilitar protección por {{count}} segundo",
+    "disable_notify_for_seconds_plural": "Deshabilitar protección por {{count}} segundos",
+    "disable_notify_for_minutes": "Deshabilitar protección por {{count}} minuto",
+    "disable_notify_for_minutes_plural": "Deshabilitar protección por {{count}} minutos",
+    "disable_notify_for_hours": "Deshabilitar protección por {{count}} hora",
+    "disable_notify_for_hours_plural": "Deshabilitar protección por {{count}} horas",
+    "disable_notify_until_tomorrow": "Deshabilitar protección hasta mañana",
+    "enable_protection_timer": "La protección se habilitará a las {{time}}",
     "custom_retention_input": "Ingresa la retención en horas",
     "custom_rotation_input": "Ingresa la rotación en horas",
     "protection_section_label": "Protección",
     "log_and_stats_section_label": "Registro de consultas y estadísticas",
     "ignore_query_log": "Ignorar este cliente en el registro de consultas",
     "ignore_statistics": "Ignorar este cliente en las estadísticas",
-    "schedule_services": "Pausar el servicio de bloqueo",
+    "schedule_services": "Pausar servicio de bloqueo",
     "schedule_services_desc": "Configura el horario programado de pausa del servicio de bloqueo",
     "schedule_services_desc_client": "Configurar el horario programado de pausa del bloqueo de servicio filtrado para este cliente",
     "schedule_desc": "Establecer periodos de inactividad para servicios bloqueados",
@@ -699,7 +703,7 @@
     "schedule_current_timezone": "Zona horaria actual: {{value}}",
     "schedule_time_all_day": "Todo el dia",
     "schedule_modal_description": "Este horario sustituirá cualquier horario existente para el mismo día de la semana. Cada día de la semana solo puede tener un periodo de inactividad.",
-    "schedule_modal_time_off": "Detener el servicio de bloqueo:",
+    "schedule_modal_time_off": "Detener servicio de bloqueo:",
     "schedule_new": "Nuevo horario",
     "schedule_edit": "Editar horario",
     "schedule_save": "Guardar horario",

client/src/__locales/fa.json

@@ -139,7 +139,6 @@
     "enforced_save_search": "جستجوی اَمن اجبار شده",
     "number_of_dns_query_to_safe_search": "تعداد درخواست های DNS برای موتور جستجو که جستجوی اَمن اجبار شده",
     "average_processing_time": "میانگین زمان پردازش",
-    "processing_time": "زمان پردازش",
     "average_processing_time_hint": "زمان میانگین بر هزارم ثانیه در پردازش درخواست DNS",
     "block_domain_use_filters_and_hosts": "مسدودسازی دامنه ها توسط فیلترها و فایل های میزبان",
     "filters_block_toggle_hint": "میتوانید دستورات مسدودسازی را در تنظیمات <a>فیلترها</a> راه اندازی کنید.",

client/src/__locales/fi.json

@@ -119,7 +119,8 @@
     "stats_malware_phishing": "Estetyt haittaohjelmat/tietojenkalastelut",
     "stats_adult": "Estetyt aikuisille tarkoitetut sivustot",
     "stats_query_domain": "Kysytyimmät verkkotunnukset",
-    "for_last_24_hours": "viimeisten 24 tunnin ajalta",
+    "for_last_hours": "viimeisen {{count}} tunnin ajalta",
+    "for_last_hours_plural": "viimeisen {{count}} tunnin ajalta",
     "for_last_days": "viimeisten {{count}} päivän ajalta",
     "for_last_days_plural": "viimeisten {{count}} päivän ajalta",
     "stats_disabled": "Tilastointi ei ole käytössä. Voit ottaa sen käyttöön <0>asetuksista</0>.",
@@ -134,14 +135,15 @@
     "no_upstreams_data_found": "Ylävirtatietoja ei löytynyt",
     "number_of_dns_query_days": "Käsiteltyjen DNS-pyyntöjen määrä viimeisten {{count}} päivän ajalta",
     "number_of_dns_query_days_plural": "Käsiteltyjen DNS-pyyntöjen määrä viimeisten {{count}} päivän ajalta",
-    "number_of_dns_query_24_hours": "Käsiteltyjen DNS-pyyntöjen määrä viimeisten 24 tunnin ajalta",
+    "number_of_dns_query_hours": "Viimeisen {{count}} tunnin aikana käsiteltyjen DNS-kyselyiden määrä",
+    "number_of_dns_query_hours_plural": "Viimeisen {{count}} tunnin aikana käsiteltyjen DNS-kyselyiden määrä",
     "number_of_dns_query_blocked_24_hours": "Mainoseston suodattimien ja hosts-estolistojen estämien DNS-pyyntöjen määrä",
     "number_of_dns_query_blocked_24_hours_by_sec": "AdGuardin Turvallinen selaus -moduulin estämien DNS-pyyntöjen määrä",
     "number_of_dns_query_blocked_24_hours_adult": "Estettyjen aikuisille tarkoitettujen sivustojen määrä",
     "enforced_save_search": "Turvallinen haku pakotettiin",
     "number_of_dns_query_to_safe_search": "DNS-pyyntöjen määrä, joille turvallinen haku pakotettiin käyttöön",
     "average_processing_time": "Keskimääräinen käsittelyaika",
-    "processing_time": "Käsittelyaika",
+    "response_time": "Vasteaika",
     "average_processing_time_hint": "Keskimääräinen DNS-pyynnön käsittelyyn kulutettu aika millisekunteina",
     "block_domain_use_filters_and_hosts": "Estä verkkotunnuksia suodattimilla ja hosts-tiedostoilla",
     "filters_block_toggle_hint": "Voit määrittää estosääntöjä <a>suodatinasetuksissa</a>.",

client/src/__locales/fr.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Paramètres du client",
     "example_upstream_reserved": "un amont <0>pour des domaines spécifiques</0> ;",
+    "example_multiple_upstreams_reserved": "plusieurs amonts <0>pour des domaines spécifiques</0> ;",
     "example_upstream_comment": " un commentaire.",
     "upstream_parallel": "Utilisez des requêtes parallèles pour accélérer la résolution en requêtant simultanément tous les serveurs en amont.",
     "parallel_requests": "Requêtes en parallèle",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Tentative de malware/hameçonnage bloquée",
     "stats_adult": "Sites à contenu adulte bloqués",
     "stats_query_domain": "Domaines les plus recherchés",
-    "for_last_24_hours": "pendant les dernières 24 heures",
+    "for_last_hours": "pendant la dernière {{count}} heure",
+    "for_last_hours_plural": "pendant les dernières {{count}} heures",
     "for_last_days": "pour les {{count}} derniers jours",
     "for_last_days_plural": "pour les {{count}} derniers jours",
     "stats_disabled": "Les statistiques ont été désactivées. Vous pouvez l'activer à partir de la <0>page des paramètres</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Aucune donnée en amont trouvée",
     "number_of_dns_query_days": "Le nombre de requêtes DNS traitées pour les {{count}} derniers jours",
     "number_of_dns_query_days_plural": "Le nombre de requêtes DNS traitées ces {{count}} derniers jours",
-    "number_of_dns_query_24_hours": "Le nombre de requêtes DNS traitées au cours des 24 dernières heures",
+    "number_of_dns_query_hours": "Le nombre de requêtes DNS traitées pendant la dernière {{count}} heure",
+    "number_of_dns_query_hours_plural": "Le nombre de requêtes DNS traitées pendant les dernières {{count}} heures",
     "number_of_dns_query_blocked_24_hours": "Le nombre de requêtes DNS bloquées par les filtres adblock et les listes de blocage des hôtes",
     "number_of_dns_query_blocked_24_hours_by_sec": "Le nombre de requêtes DNS bloquées par le module Sécurité de navigation d'AdGuard",
     "number_of_dns_query_blocked_24_hours_adult": "Le nombre de sites à contenu adulte bloqués",
     "enforced_save_search": "Recherche sécurisée forcée",
     "number_of_dns_query_to_safe_search": "Le nombre de requêtes DNS faites avec la Recherche securisée",
     "average_processing_time": "Temps moyen de traitement",
-    "processing_time": "Délai de traitement",
+    "average_upstream_response_time": "Temps de réponse moyen en amont",
+    "response_time": "Temps de réponse",
     "average_processing_time_hint": "Temps moyen (en millisecondes) de traitement d'une requête DNS",
     "block_domain_use_filters_and_hosts": "Bloquez les domaines à l'aide des filtres et fichiers hosts",
     "filters_block_toggle_hint": "Vous pouvez configurer les règles de filtrage dans les paramètres des <a>Filtres</a>.",

client/src/__locales/hr.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Postavke klijenta",
     "example_upstream_reserved": "upstream <0>za određene domene</0>;",
+    "example_multiple_upstreams_reserved": "višestruke upstream poslužitelje <0>za određene domene</0>;",
     "example_upstream_comment": "komentar.",
     "upstream_parallel": "Koristi paralelne upite kako bi ubrzali rješavanje istovremenim ispitavanjem svih upstream poslužitelja.",
     "parallel_requests": "Paralelni zahtjevi",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Blokiran zločudni program/krađe identiteta",
     "stats_adult": "Blokirane web stranice za odrasle",
     "stats_query_domain": "Top tražene domene",
-    "for_last_24_hours": "u zadnja 24 sata",
+    "for_last_hours": "za posljednji {{count}} sat",
+    "for_last_hours_plural": "za posljednjih {{count}} sati",
     "for_last_days": "zadnjih {{count}} dana",
     "for_last_days_plural": "zadnjih {{count}} dana",
     "stats_disabled": "Statistika je onemogućena. Možete ga uključiti sa <0>stranice s postavkama</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Nema podataka o upstream poslužiteljima",
     "number_of_dns_query_days": "Broj DNS upita obrađenih u posljednja {{count}} dan",
     "number_of_dns_query_days_plural": "Broj DNS upita obrađenih u posljednja {{count}} dana",
-    "number_of_dns_query_24_hours": "Broj DNS upita obrađenih u posljednja 24 sata",
+    "number_of_dns_query_hours": "Broj DNS upita obrađenih za posljednji {{count}} sat",
+    "number_of_dns_query_hours_plural": "Broj DNS upita obrađenih za posljednjih {{count}} sati",
     "number_of_dns_query_blocked_24_hours": "Broj DNS zahtjeva koji blokiraju filtri za blokiranje oglasa i popisi blokova hostova",
     "number_of_dns_query_blocked_24_hours_by_sec": "Broj DNS zahtjeva koje je blokirao modul AdGuard zaštita pregledavanja",
     "number_of_dns_query_blocked_24_hours_adult": "Broj blokiranih stranica s sadržajem za odrasle",
     "enforced_save_search": "Omogućeno sigurno pretraživanje",
     "number_of_dns_query_to_safe_search": "Broj DNS zahtjeva prema pretraživačima za koje je omogućeno Sigurno pretraživanje",
     "average_processing_time": "Prosječno vrijeme obrade",
-    "processing_time": "Vrijeme obrade",
+    "average_upstream_response_time": "Prosječno vrijeme odziva upstream poslužitelja",
+    "response_time": "Vrijeme odziva",
     "average_processing_time_hint": "Prosječno vrijeme u milisekundama za obradu DNS zahtjeva",
     "block_domain_use_filters_and_hosts": "Blokiraj domene koristeći filtre ili hosts datoteke",
     "filters_block_toggle_hint": "Pravila blokiranja možete postaviti u postavkama <a>filtara</a>.",

client/src/__locales/hu.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Kliens beállítások",
     "example_upstream_reserved": "Megadhat egy DNS kiszolgálót <0>egy adott domainhez vagy domainekhez</0>",
+    "example_multiple_upstreams_reserved": "több upstream szerver <0>adott domainekhez</0>;",
     "example_upstream_comment": "egy megjegyzés.",
     "upstream_parallel": "Használjon párhuzamos lekéréseket a domainek feloldásának felgyorsításához az összes upstream kiszolgálóra való egyidejű lekérdezéssel.",
     "parallel_requests": "Párhuzamos lekérések",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Blokkolt kártevő/adathalászat",
     "stats_adult": "Blokkolt felnőtt tartalom",
     "stats_query_domain": "Leglátogatottabb domainek",
-    "for_last_24_hours": "az utóbbi 24 órában",
+    "for_last_hours": "az utolsó {{count}} órában",
+    "for_last_hours_plural": "az utolsó {{count}} órában",
     "for_last_days": "az utóbbi {{count}} napban",
     "for_last_days_plural": "az utóbbi {{count}} napban",
     "stats_disabled": "Ezek a statisztikák ki lettek kapcsolva. Be tudja kapcsolni őket a <0>beállítások oldalon</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Nem található upstream szerver adat",
     "number_of_dns_query_days": "Lekérdezések száma az utolsó {{count}} napban",
     "number_of_dns_query_days_plural": "Feldolgozott DNS lekérdezések száma az utolsó {{count}} napban",
-    "number_of_dns_query_24_hours": "Az elmúlt 24 órában feldolgozott DNS lekérdezések száma",
+    "number_of_dns_query_hours": "Feldolgozott DNS lekérdezések száma az utolsó {{count}} órában",
+    "number_of_dns_query_hours_plural": "Feldolgozott DNS lekérdezések száma az utolsó {{count}} órában",
     "number_of_dns_query_blocked_24_hours": "A hirdetésblokkoló szűrők és a hosztfájlok által letiltott DNS kérések száma",
     "number_of_dns_query_blocked_24_hours_by_sec": "Az AdGuard böngészési biztonság modulja által letiltott DNS kérések száma",
     "number_of_dns_query_blocked_24_hours_adult": "Blokkolt felnőtt tartalmak száma",
     "enforced_save_search": "Kényszerített biztonságos keresés",
     "number_of_dns_query_to_safe_search": "A biztonságos keresésre kényszerített DNS lekérdezések száma",
     "average_processing_time": "Átlagos feldolgozási idő",
-    "processing_time": "Feldolgozási idő",
+    "average_upstream_response_time": "Átlagos upstream válaszidő",
+    "response_time": "Válaszidő",
     "average_processing_time_hint": "A DNS lekérdezések feldolgozásához szükséges átlagos idő milliszekundumban",
     "block_domain_use_filters_and_hosts": "Domainek blokkolása szűrők és hosztfájlok használatával",
     "filters_block_toggle_hint": "A <a> szűrőbeállításoknál</a> megadhatja a blokkolási szabályokat.",

client/src/__locales/id.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Pengaturan klien",
     "example_upstream_reserved": "upstream <0>untuk domain spesifik</0>;",
+    "example_multiple_upstreams_reserved": "beberapa server upstream <0>untuk domain spesifik</0>;",
     "example_upstream_comment": "komentar.",
     "upstream_parallel": "Gunakan kueri paralel untuk mempercepat resoluasi dengan menanyakan semua server upstream secara bersamaan",
     "parallel_requests": "Permintaan paralel",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Malware/phishing diblokir",
     "stats_adult": "Situs dewasa diblokir",
     "stats_query_domain": "Kueri domain teratas",
-    "for_last_24_hours": "untuk 24 jam terakhir",
+    "for_last_hours": "selama {{count}} jam terakhir",
+    "for_last_hours_plural": "selama {{count}} jam terakhir",
     "for_last_days": "untuk {{count}} hari terakhir",
     "for_last_days_plural": "selama {{count}} hari terakhir",
     "stats_disabled": "Statistik telah dinonaktifkan. Anda dapat mengaktifkannya dari <0>halaman setelan</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Tidak ada data server upstream yang ditemukan",
     "number_of_dns_query_days": "Jumlah kueri DNS diproses selama {{value}} hari terakhir",
     "number_of_dns_query_days_plural": "Jumlah kueri DNS yang diproses selama {{count}} hari terakhir",
-    "number_of_dns_query_24_hours": "Jumlah kueri DNS diproses selama 24 jam terakhir",
+    "number_of_dns_query_hours": "Jumlah kueri DNS diproses selama {{{count}} jam terakhir",
+    "number_of_dns_query_hours_plural": "Jumlah kueri DNS diproses selama {{count}} jam terakhir",
     "number_of_dns_query_blocked_24_hours": "Julah DNS diblokir oleh penyaring adblock dan daftar blokir hosts",
     "number_of_dns_query_blocked_24_hours_by_sec": "Jumlah perminataan DNS diblokir oleh modul Kemanan Penjelajahan AdGuard",
     "number_of_dns_query_blocked_24_hours_adult": "Jumlah website dewasa diblokir",
     "enforced_save_search": "Paksa pencarian aman",
     "number_of_dns_query_to_safe_search": "Jumlah perminataan DNS ke mesin pencari yang dipaksa Pencarian Aman",
     "average_processing_time": "Rata-rata waktu pemrosesan",
-    "processing_time": "Waktu pemrosesan",
+    "average_upstream_response_time": "Waktu respons server upstream rata-rata",
+    "response_time": "Waktu respons",
     "average_processing_time_hint": "Rata-rata waktu dalam milidetik untuk pemrosesan sebuah permintaan DNS",
     "block_domain_use_filters_and_hosts": "Blokir domain menggunakan filter dan file hosts",
     "filters_block_toggle_hint": "Anda dapat menyiapkan aturan pemblokiran di pengaturan <a>Penyaringan</a>.",

client/src/__locales/it.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Impostazioni client",
     "example_upstream_reserved": "un upstream <0>per specifici domini</0>;",
+    "example_multiple_upstreams_reserved": "upstream multipli <0>per domini specifici</0>;",
     "example_upstream_comment": "un commento.",
     "upstream_parallel": "Utilizza richieste parallele per accelerare la risoluzione interrogando simultaneamente tutti i server upstream.",
     "parallel_requests": "Richieste parallele",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Malware/phishing bloccati",
     "stats_adult": "Siti per adulti bloccati",
     "stats_query_domain": "Domini maggiormente richiesti",
-    "for_last_24_hours": "nelle ultime 24 ore",
+    "for_last_hours": "per l'ultima {{count}} ora",
+    "for_last_hours_plural": "per le ultime {{count}} ore",
     "for_last_days": "per gli ultimi {{count}} giorni",
     "for_last_days_plural": "per gli ultimi {{count}} giorni",
     "stats_disabled": "Le statistiche sono state disattivate. Puoi attivarle dalla <0>pagina delle impostazioni</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Nessun dato upstream trovato",
     "number_of_dns_query_days": "Numero di richieste DNS elaborate negli ultimi {{count}} giorni",
     "number_of_dns_query_days_plural": "Numero di richieste DNS elaborate negli ultimi {{count}} giorni",
-    "number_of_dns_query_24_hours": "Numero di richieste DNS elaborate nelle ultime 24 ore",
+    "number_of_dns_query_hours": "Numero di richieste DNS processate nell'ultima {{count}} ora",
+    "number_of_dns_query_hours_plural": "Numero di richieste DNS processate nelle ultime {{count}} ore",
     "number_of_dns_query_blocked_24_hours": "Numero di richieste DNS bloccate dai filtri per annunci e dagli elenchi di blocco host",
     "number_of_dns_query_blocked_24_hours_by_sec": "Numero di richieste DNS bloccate dal modulo sicurezza di navigazione di AdGuard",
     "number_of_dns_query_blocked_24_hours_adult": "Numero di siti web per adulti bloccati",
     "enforced_save_search": "Ricerca sicura forzata",
     "number_of_dns_query_to_safe_search": "Numero di richieste DNS dai motori di ricerca per i quali la Ricerca Sicura è stata forzata",
     "average_processing_time": "Tempo di elaborazione medio",
-    "processing_time": "Tempo di elaborazione",
+    "average_upstream_response_time": "Tempo medio di risposta upstream",
+    "response_time": "Tempo di risposta",
     "average_processing_time_hint": "Tempo medio in millisecondi per elaborare una richiesta DNS",
     "block_domain_use_filters_and_hosts": "Blocca domini utilizzando filtri e file hosts",
     "filters_block_toggle_hint": "Puoi impostare le regole di blocco nelle impostazioni dei <a>Filtri</a>.",

client/src/__locales/ja.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "クライアント設定",
     "example_upstream_reserved": "<0>特定のドメイン</0>に対してDNSアップストリームを指定できます。",
+    "example_multiple_upstreams_reserved": "<0>特定ドメイン</0>のための複数のアップストリームサーバー;",
     "example_upstream_comment": "コメントを追加できます。",
     "upstream_parallel": "並列リクエストを使用する（同時にすべてのアップストリームサーバーに処理要求することで解決スピードが向上）",
     "parallel_requests": "並列リクエスト",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "ブロックされたマルウェア／フィッシング",
     "stats_adult": "ブロックされたアダルトウェブサイト",
     "stats_query_domain": "最も問合せされたドメイン",
-    "for_last_24_hours": "過去24時間以内",
+    "for_last_hours": "過去{{count}}時間",
+    "for_last_hours_plural": "過去{{count}}時間",
     "for_last_days": "過去{{count}}日間以内",
     "for_last_days_plural": "過去{{count}}日間以内",
     "stats_disabled": "統計は無効化されています。<0>設定ページ</0>でオンにすることができます。",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "アップストリームのデータが見つかりません",
     "number_of_dns_query_days": "過去{{count}}日間に処理されたDNSクエリの数",
     "number_of_dns_query_days_plural": "過去{{count}}日間に処理されたDNSクエリの数",
-    "number_of_dns_query_24_hours": "過去24時間に処理されたDNSクエリの数",
+    "number_of_dns_query_hours": "過去{{count}}時間に処理されたDNSクエリの数",
+    "number_of_dns_query_hours_plural": "過去{{count}}時間に処理されたDNSクエリの数",
     "number_of_dns_query_blocked_24_hours": "広告ブロックフィルタとhostsブロックリストによってブロックされたDNSリクエストの数",
     "number_of_dns_query_blocked_24_hours_by_sec": "AdGuardブラウジングセキュリティモジュールによってブロックされたDNSリクエストの数",
     "number_of_dns_query_blocked_24_hours_adult": "ブロックされたアダルトウェブサイトの数",
     "enforced_save_search": "強制されたセーフサーチ",
     "number_of_dns_query_to_safe_search": "セーフサーチが強制適用された検索エンジンへのDNSリクエストの数",
     "average_processing_time": "平均処理時間",
-    "processing_time": "処理時間",
+    "average_upstream_response_time": "アップストリームの平均応答時間",
+    "response_time": "応答時間",
     "average_processing_time_hint": "DNSリクエストの処理にかかる平均時間（ミリ秒単位）",
     "block_domain_use_filters_and_hosts": "フィルタとhostsファイルを使用してドメインをブロックする",
     "filters_block_toggle_hint": "<a>フィルタ</a>の設定でブロックするルールを設定することができます。",

client/src/__locales/ko.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "클라이언트 설정",
     "example_upstream_reserved": "<0>특정 도메인에 대한</0> 업스트림;",
+    "example_multiple_upstreams_reserved": "<0>특정 도메인</0>에 대한 여러 업스트림",
     "example_upstream_comment": "댓글.",
     "upstream_parallel": "쿼리 처리 속도를 높이려면 모든 업스트림 서버에서 동시에 병렬 쿼리를 사용해주세요.",
     "parallel_requests": "병렬 처리 요청",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "차단된 멀웨어/피싱",
     "stats_adult": "차단된 성인 웹사이트",
     "stats_query_domain": "쿼리 도메인",
-    "for_last_24_hours": "지난 24시간 동안",
+    "for_last_hours": "마지막 {{count}} 시간",
+    "for_last_hours_plural": "마지막 {{count}} 시간의 기록",
     "for_last_days": "마지막 {{count}} 일",
     "for_last_days_plural": "마지막 {{count}} 일의 기록",
     "stats_disabled": "통계 기능이 꺼졌습니다. <0>설정 페이지</0>에서 켤 수 있습니다.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "업스트림 데이터 없음",
     "number_of_dns_query_days": "최근 {{count}}일 동안 처리된 DNS 쿼리의 수",
     "number_of_dns_query_days_plural": "최근 {{count}}일 동안 처리된 DNS 쿼리의 수",
-    "number_of_dns_query_24_hours": "최근 24시간 동안 처리된 DNS 쿼리의 수",
+    "number_of_dns_query_hours": "최근 {{count}}시간 동안 처리된 DNS 쿼리의 수",
+    "number_of_dns_query_hours_plural": "최근 {{count}}시간 동안 처리된 DNS 쿼리의 수",
     "number_of_dns_query_blocked_24_hours": "광고 차단 필터 및 호스트 차단 목록에 의해 차단된 DNS 요청 수",
     "number_of_dns_query_blocked_24_hours_by_sec": "AdGuard 브라우징 보안 모듈에 의해 차단된 DNS 요청 수",
     "number_of_dns_query_blocked_24_hours_adult": "차단된 성인 웹 사이트의 수",
     "enforced_save_search": "세이프서치 강제",
     "number_of_dns_query_to_safe_search": "세이프서치가 적용된 검색 엔진에 대해 DNS 요청 수",
     "average_processing_time": "평균처리 시간",
-    "processing_time": "처리 시간",
+    "average_upstream_response_time": "평균 업스트림 응답 시간",
+    "response_time": "응답 시간",
     "average_processing_time_hint": "DNS 요청 처리시 평균 시간(밀리초)",
     "block_domain_use_filters_and_hosts": "필터 및 호스트 파일을 사용하여 도메인 차단",
     "filters_block_toggle_hint": "차단규칙<a>필터</a>을 설정할 수 있습니다.",

client/src/__locales/nl.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Cliëntinstellingen",
     "example_upstream_reserved": "een upstream <0>voor specifieke domeinen</0>;",
+    "example_multiple_upstreams_reserved": "meerdere upstreams <0>voor specifieke domeinen</0>;",
     "example_upstream_comment": "een commentaar.",
     "upstream_parallel": "Parallelle verzoeken gebruiken om te versnellen door gelijktijdig verzoeken te sturen naar alle upstream servers.",
     "parallel_requests": "Parallelle verzoeken",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Geblokkeerde malware/phishing",
     "stats_adult": "Geblokkeerde 18+ websites",
     "stats_query_domain": "Meest bezochte domeinen",
-    "for_last_24_hours": "van de laatste 24-uur",
+    "for_last_hours": "voor het afgelopen {{count}} uur",
+    "for_last_hours_plural": "voor de afgelopen {{count}} uren",
     "for_last_days": "sinds de laatste {{count}} dagen",
     "for_last_days_plural": "sinds de laatste {{count}} dagen",
     "stats_disabled": "Statistieken zijn uitgeschakeld. Je kunt ze inschakelen op de <0>instellingen pagina</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Geen upstreams-gegevens gevonden",
     "number_of_dns_query_days": "Aantal verwerkte DNS aanvragen van de laatste {{count}} dag",
     "number_of_dns_query_days_plural": "Aantal verwerkte DNS aanvragen van de laatste {{count}} dagen",
-    "number_of_dns_query_24_hours": "Aantal verwerkte DNS aanvragen van de laatste 24 uur",
+    "number_of_dns_query_hours": "Het aantal DNS-verzoeken dat het afgelopen {{count}} uur is verwerkt",
+    "number_of_dns_query_hours_plural": "Het aantal DNS-verzoeken dat de afgelopen {{count}} uren is verwerkt",
     "number_of_dns_query_blocked_24_hours": "Aantal geblokkeerde DNS aanvragen door advertentie blokkering en hosts blokkeerlijsten",
     "number_of_dns_query_blocked_24_hours_by_sec": "Aantal geblokkeerde DNS aanvragen door AdGuard browsing beveiligingsmodule",
     "number_of_dns_query_blocked_24_hours_adult": "Aantal geblokkeerde 18+ websites",
     "enforced_save_search": "Geforceerd veilig zoeken",
     "number_of_dns_query_to_safe_search": "Aantal DNS aanvragen in zoekmachines dmv geforceerd veilig zoeken",
     "average_processing_time": "Gemiddelde procestijd",
-    "processing_time": "Verwerkingstijd",
+    "average_upstream_response_time": "Gemiddelde upstream responstijd",
+    "response_time": "Responsetijd",
     "average_processing_time_hint": "Gemiddelde verwerkingstijd in milliseconden van een DNS aanvraag",
     "block_domain_use_filters_and_hosts": "Domeinen blokkeren d.m.v. filters en host-bestanden",
     "filters_block_toggle_hint": "Je kan blokkeringsregels toevoegen in de <a>Filters</a> instellingen.",

client/src/__locales/no.json

@@ -128,7 +128,6 @@
     "enforced_save_search": "Påtvungede barnevennlige søk",
     "number_of_dns_query_to_safe_search": "Antall DNS-forespørsler til søkemotorer der \"Safe Search\" ble fremtvunget",
     "average_processing_time": "Gjennomsnittlig behandlingstid",
-    "processing_time": "Behandlingstid",
     "average_processing_time_hint": "Gjennomsnittstid for behandling av DNS-forespørsler i millisekunder",
     "block_domain_use_filters_and_hosts": "Blokker domener ved hjelp av filtre, «hosts»-filer, og rå domener",
     "filters_block_toggle_hint": "Du kan sette opp blokkeringsoppføringer i <a>Filtre</a>-innstillingene.",

client/src/__locales/pl.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Ustawienia klienta",
     "example_upstream_reserved": "upstream <0>dla określonych domen</0>;",
+    "example_multiple_upstreams_reserved": "wiele serwerów nadrzędnych <0>dla konkretnej domeny</0>;",
     "example_upstream_comment": "komentarz.",
     "upstream_parallel": "Użyj zapytań równoległych, aby przyspieszyć rozwiązywanie przez jednoczesne wysyłanie zapytań do wszystkich serwerów nadrzędnych.",
     "parallel_requests": "Równoległe żądania",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Zablokowane złośliwe oprogramowanie/phishing",
     "stats_adult": "Zablokowane witryny dla dorosłych",
     "stats_query_domain": "Najczęściej wyszukiwane domeny",
-    "for_last_24_hours": "przez ostatnie 24 godziny",
+    "for_last_hours": "w ciągu ostatniej {{count}} godziny",
+    "for_last_hours_plural": "w ciągu ostatnich {{count}} godzin",
     "for_last_days": "za ostatni dzień {{count}}",
     "for_last_days_plural": "z ostatnich {{count}} dni",
     "stats_disabled": "Statystyki zostały wyłączone. Można je włączyć na <0>stronie ustawień</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Brak danych dotyczących serwerów nadrzędnych",
     "number_of_dns_query_days": "Liczba przetworzonych zapytań DNS w ciągu ostatnich {{count}} dni",
     "number_of_dns_query_days_plural": "Liczba przetworzonych zapytań DNS w ciągu ostatnich {{count}} dni",
-    "number_of_dns_query_24_hours": "Liczba zapytań DNS przetworzonych w ciągu ostatnich 24 godzin",
+    "number_of_dns_query_hours": "Liczba przetworzonych zapytań DNS w ciągu ostatniej {{count}} godziny",
+    "number_of_dns_query_hours_plural": "Liczba przetworzonych zapytań DNS w ciągu ostatnich {{count}} godzin",
     "number_of_dns_query_blocked_24_hours": "Liczba żądań DNS zablokowanych przez filtry blokowania reklam i listy zablokowanych hostów",
     "number_of_dns_query_blocked_24_hours_by_sec": "Liczba żądań DNS zablokowanych przez moduł Bezpiecznego przeglądania AdGuard",
     "number_of_dns_query_blocked_24_hours_adult": "Liczba zablokowanych witryn dla dorosłych",
     "enforced_save_search": "Wymuszone bezpieczne wyszukiwanie",
     "number_of_dns_query_to_safe_search": "Liczba żądań DNS kierowanych do wyszukiwarek, dla których wymuszono Bezpieczne wyszukiwanie",
     "average_processing_time": "Średni czas przetwarzania",
-    "processing_time": "Czas przetwarzania",
+    "average_upstream_response_time": "Średni czas odpowiedzi serwera nadrzędnego",
+    "response_time": "Czas odpowiedzi",
     "average_processing_time_hint": "Średni czas przetwarzania żądania DNS liczony w milisekundach",
     "block_domain_use_filters_and_hosts": "Zablokuj domeny za pomocą filtrów i plików host",
     "filters_block_toggle_hint": "Możesz skonfigurować reguły blokowania w ustawieniach <a>Filtry</a>.",

client/src/__locales/pt-br.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Configurações do cliente",
     "example_upstream_reserved": "um DNS primário <0>para o domínios especificos</0>;",
+    "example_multiple_upstreams_reserved": "múltiplos upstreams <0>para domínios específicos</0>;",
     "example_upstream_comment": "um comentário.",
     "upstream_parallel": "Usar consultas paralelas para acelerar a resolução consultando simultaneamente todos os servidores DNS primário",
     "parallel_requests": "Solicitações paralelas",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Bloqueado malware/phishing",
     "stats_adult": "Bloqueado sites adultos",
     "stats_query_domain": "Principais domínios consultados",
-    "for_last_24_hours": "nas últimas 24 horas",
+    "for_last_hours": "na última {{count}} hora",
+    "for_last_hours_plural": "nas últimas {{count}} horas",
     "for_last_days": "nos últimos {{count}} dias",
     "for_last_days_plural": "nos últimos {{count}} dias",
     "stats_disabled": "As estatísticas foram desativadas. Você pode ligá-las através da <0>página de configurações</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Nenhum dado de servidor DNS primário encontrado",
     "number_of_dns_query_days": "O número de consultas DNS processadas nos últimos {{count}} dias",
     "number_of_dns_query_days_plural": "Número de consultas DNS processadas nos últimos {{count}} dias",
-    "number_of_dns_query_24_hours": "O número de consultas DNS processadas nas últimas 24 horas",
+    "number_of_dns_query_hours": "Número de consultas DNS processadas durante a última {{count}} hora",
+    "number_of_dns_query_hours_plural": "Número de consultas DNS processadas durante as últimas {{count}} horas",
     "number_of_dns_query_blocked_24_hours": "Várias solicitações DNS bloqueadas por filtros de bloqueio de anúncios e listas de bloqueio de hosts",
     "number_of_dns_query_blocked_24_hours_by_sec": "Várias solicitações de DNS bloqueadas pelo módulo de segurança da navegação do AdGuard",
     "number_of_dns_query_blocked_24_hours_adult": "O número de sites adultos bloqueados",
     "enforced_save_search": "Forçar pesquisa segura",
     "number_of_dns_query_to_safe_search": "O número de solicitações de DNS para mecanismos de pesquisa para os quais a pesquisa segura foi aplicada",
     "average_processing_time": "Tempo médio de processamento",
-    "processing_time": "Tempo de processamento",
+    "average_upstream_response_time": "Tempo médio de resposta upstream",
+    "response_time": "Tempo de resposta",
     "average_processing_time_hint": "Tempo médio em milissegundos no processamento de uma solicitação DNS",
     "block_domain_use_filters_and_hosts": "Bloquear domínios usando arquivos de filtros e hosts",
     "filters_block_toggle_hint": "Você pode configurar as regras de bloqueio nas configurações de <a>Filtros</a>.",
@@ -689,7 +693,7 @@
     "log_and_stats_section_label": "Registro de consultas e estatísticas",
     "ignore_query_log": "Ignorar este cliente no registo de consultas",
     "ignore_statistics": "Ignorar este cliente nas estatísticas",
-    "schedule_services": "Pausa o bloqueio de serviço",
+    "schedule_services": "Pausar bloqueio de serviço",
     "schedule_services_desc": "Configura o agendamento de pausa do filtro de bloqueio de serviço",
     "schedule_services_desc_client": "Configura o agendamento de pausa do filtro de bloqueio de serviço para este cliente",
     "schedule_desc": "Define períodos de inatividade para serviços bloqueados",

client/src/__locales/pt-pt.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Definições do cliente",
     "example_upstream_reserved": "Podes especificar o DNS primário <0>para domínio(s) especifico(s)</0>",
+    "example_multiple_upstreams_reserved": "múltiplos upstreams <0>para domínios específicos</0>;",
     "example_upstream_comment": "um comentário.",
     "upstream_parallel": "Usar consultas paralelas para acelerar a resolução consultando simultaneamente todos os servidores DNS",
     "parallel_requests": "Solicitações paralelas",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Malware/phishing bloqueados",
     "stats_adult": "Sítios adultos bloqueados",
     "stats_query_domain": "Principais domínios consultados",
-    "for_last_24_hours": "nas últimas 24 horas",
+    "for_last_hours": "na última {{count}} hora",
+    "for_last_hours_plural": "nas últimas {{count}} horas",
     "for_last_days": "nos últimos {{count}} dias",
     "for_last_days_plural": "nos últimos {{count}} dias",
     "stats_disabled": "As estatísticas foram desativadas. Você pode ligá-las através da <0>página de definições</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Nenhum dado de servidor DNS primário encontrado",
     "number_of_dns_query_days": "Número de consultas DNS processadas durante los últimos {{count}} días",
     "number_of_dns_query_days_plural": "Número de consultas DNS processadas durante os últimos {{count}} dias",
-    "number_of_dns_query_24_hours": "O número de consultas DNS processadas nas últimas 24 horas",
+    "number_of_dns_query_hours": "Número de consultas DNS processadas durante a última {{count}} hora",
+    "number_of_dns_query_hours_plural": "Número de consultas DNS processadas durante as últimas {{count}} horas",
     "number_of_dns_query_blocked_24_hours": "Várias solicitações DNS bloqueadas por filtros de bloqueio de anúncios e listas de bloqueio de hosts",
     "number_of_dns_query_blocked_24_hours_by_sec": "Várias solicitações de DNS bloqueadas pelo módulo de segurança da navegação do AdGuard",
     "number_of_dns_query_blocked_24_hours_adult": "O número de sítios adultos bloqueados",
     "enforced_save_search": "Forçar pesquisa segura",
     "number_of_dns_query_to_safe_search": "O número de solicitações de DNS para motores de busca para os quais a pesquisa segura foi aplicada",
     "average_processing_time": "Tempo médio de processamento",
-    "processing_time": "Tempo de processamento",
+    "average_upstream_response_time": "Tempo médio de resposta upstream",
+    "response_time": "Tempo de resposta",
     "average_processing_time_hint": "Tempo médio em milissegundos no processamento de uma solicitação DNS",
     "block_domain_use_filters_and_hosts": "Bloquear domínios usando ficheiros de filtros e hosts",
     "filters_block_toggle_hint": "Pode configurar as regras de bloqueio nas configurações de <a>Filtros</a>.",

client/src/__locales/ro.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Setări client",
     "example_upstream_reserved": "un flux în amonte <0>pentru domenii specifice</0>;",
+    "example_multiple_upstreams_reserved": "mai mulți servere în amonte <0>pentru domenii specifice</0>;",
     "example_upstream_comment": "un comentariu.",
     "upstream_parallel": "Folosiți interogări paralele pentru a accelera rezolvarea, interogând simultan toate serverele în amonte.",
     "parallel_requests": "Solicitări paralele",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Malware/phishing blocate",
     "stats_adult": "Site-uri cu conținut adult blocate",
     "stats_query_domain": "Domeniile cele mai căutate",
-    "for_last_24_hours": "în ultimele 24 ore",
+    "for_last_hours": "în ultima {{count}} oră",
+    "for_last_hours_plural": "în ultimele {{count}} ore",
     "for_last_days": "în ultima {{count}} zi",
     "for_last_days_plural": "pentru ultimele {{count}} zile",
     "stats_disabled": "Statisticile au fost dezactivate. Puteți să le porniți din <0>pagina de setări</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Nu există date despre serverele din amonte",
     "number_of_dns_query_days": "Numărul de interogări DNS procesate în ultima {{count}} zi",
     "number_of_dns_query_days_plural": "Numărul de interogări DNS procesate în ultimele {{count}} zile",
-    "number_of_dns_query_24_hours": "Numărul de interogări DNS procesate în ultimele 24 de ore",
+    "number_of_dns_query_hours": "Numărul de interogări DNS procesate în ultima {{count}} oră",
+    "number_of_dns_query_hours_plural": "Numărul de interogări DNS procesate în ultimele {{count}} ore",
     "number_of_dns_query_blocked_24_hours": "Numărul de interogări DNS blocate de filtrele adblock și lista de blocări din hosts",
     "number_of_dns_query_blocked_24_hours_by_sec": "Numărul de interogări DNS blocate de modulul de securitate de navigare AdGuard",
     "number_of_dns_query_blocked_24_hours_adult": "Numărul de site-uri pentru adulți blocate",
     "enforced_save_search": "Căutare protejată întărită",
     "number_of_dns_query_to_safe_search": "Numărul de interogări DNS pe motoarele de căutare pentru care a fost impusă Căutarea Sigură",
     "average_processing_time": "Timpul mediu de procesare",
-    "processing_time": "Timp de procesare",
+    "average_upstream_response_time": "Timpul mediu de răspuns al serverului în amonte",
+    "response_time": "Timp de răspuns",
     "average_processing_time_hint": "Timp mediu în milisecunde la procesarea unei cereri DNS",
     "block_domain_use_filters_and_hosts": "Blocați domenii folosind filtre și fișiere hosts",
     "filters_block_toggle_hint": "Puteți configura regulile de blocare în setările <a>Filtre</a>.",

client/src/__locales/ru.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Настройки клиентов",
     "example_upstream_reserved": "DNS-сервер <0>для конкретных доменов</0>;",
+    "example_multiple_upstreams_reserved": "несколько DNS-серверов <0>для конкретных доменов</0>;",
     "example_upstream_comment": "комментарий.",
     "upstream_parallel": "Использовать параллельные запросы ко всем серверам одновременно для ускорения обработки запроса.",
     "parallel_requests": "Параллельные запросы",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Заблокированные вредоносные и фишинговые сайты",
     "stats_adult": "Заблокированные «взрослые» сайты",
     "stats_query_domain": "Часто запрашиваемые домены",
-    "for_last_24_hours": "за 24 часа",
+    "for_last_hours": "за последний {{count}} час",
+    "for_last_hours_plural": "за последние {{count}} часов",
     "for_last_days": "за последний {{count}} день",
     "for_last_days_plural": "за последние {{count}} дней",
     "stats_disabled": "Статистика отключена. Вы можете включить её на <0>странице настроек</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Нет данных об upstream-серверах",
     "number_of_dns_query_days": "Количество DNS-запросов за последний {{count}} день",
     "number_of_dns_query_days_plural": "Количество DNS запросов, обработанных за последние {{count}} дней",
-    "number_of_dns_query_24_hours": "Количество DNS-запросов за последние 24 часа",
+    "number_of_dns_query_hours": "Количество DNS-запросов, обработанных за последний {{count}} час",
+    "number_of_dns_query_hours_plural": "Количество DNS-запросов, обработанных за последние {{count}} часов",
     "number_of_dns_query_blocked_24_hours": "Количество DNS-запросов, заблокированных фильтрами и блок-списками",
     "number_of_dns_query_blocked_24_hours_by_sec": "Количество DNS-запросов, заблокированных модулем Антифишинга AdGuard",
     "number_of_dns_query_blocked_24_hours_adult": "Количество заблокированных «сайтов для взрослых»",
     "enforced_save_search": "Применён безопасный поиск",
     "number_of_dns_query_to_safe_search": "Количество запросов DNS для поисковых систем, для которых был применён Безопасный поиск",
     "average_processing_time": "Среднее время обработки запроса",
-    "processing_time": "Время обработки",
+    "average_upstream_response_time": "Среднее время ответа upstream-сервера",
+    "response_time": "Время ответа",
     "average_processing_time_hint": "Среднее время для обработки запроса DNS  в миллисекундах",
     "block_domain_use_filters_and_hosts": "Блокировать домены с использованием фильтров и файлов hosts",
     "filters_block_toggle_hint": "Вы можете настроить правила блокировки в <a>«Фильтрах»</a>.",

client/src/__locales/si-lk.json

@@ -122,7 +122,6 @@
     "enforced_save_search": "ආරක්‍ෂිත සෙවීම බලාත්මක කළ",
     "number_of_dns_query_to_safe_search": "ආරක්‍ෂිත සෙවීම බලාත්මක කළ සෙවුම් යන්ත්‍ර සඳහා ව.නා.ප. ඉල්ලීම් ගණන",
     "average_processing_time": "සාමාන්‍ය සැකසුම් කාලය",
-    "processing_time": "සැකසුම් කාලය",
     "average_processing_time_hint": "ව.නා.ප. ඉල්ලීමක් සැකසීමේ සාමාන්‍ය කාලය මිලි තත්පර වලින්",
     "block_domain_use_filters_and_hosts": "පෙරහන් හා සත්කාරක ගොනු භාවිතයෙන් වසම් අවහිර කරන්න",
     "filters_block_toggle_hint": "ඔබට අවහිර කිරීමේ නීති <a>පෙරහන්</a> තුළ පිහිටුවිය හැකිය.",
@@ -647,6 +646,20 @@
     "log_and_stats_section_label": "විමසුම් සටහන හා සංඛ්‍යාලේඛන",
     "ignore_query_log": "විමසුම් සටහනට මෙම අනුග්‍රාහකය යොදන්න එපා",
     "ignore_statistics": "සංඛ්‍යාලේඛනයට මෙම අනුග්‍රාහකය යොදන්න එපා",
+    "schedule_invalid_select": "ආරම්භක වේලාව අවසන් වේලාවට කලින් විය යුතුය",
+    "schedule_select_days": "දවස් තෝරන්න",
+    "schedule_timezone": "වේලා කලාපයක් තෝරන්න",
+    "schedule_current_timezone": "වත්මන් වේලා කලාපය: {{value}}",
+    "schedule_time_all_day": "දවස පුරාම",
+    "schedule_from": "සිට",
+    "schedule_to": "දක්වා",
+    "sunday": "ඉරිදා",
+    "monday": "සඳුදා",
+    "tuesday": "අඟහරුවාදා",
+    "wednesday": "බදාදා",
+    "thursday": "බ්‍රහස්පතින්දා",
+    "friday": "සිකුරාදා",
+    "saturday": "සෙනසුරාදා",
     "sunday_short": "ඉරිදා",
     "monday_short": "සඳුදා",
     "tuesday_short": "අඟහ",

client/src/__locales/sk.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Nastavenie klienta",
     "example_upstream_reserved": "upstream <0>pre konkrétne domény</0>;",
+    "example_multiple_upstreams_reserved": "viaceré upstreamy pre <0>konkrétne domény</0>;",
     "example_upstream_comment": "komentár.",
     "upstream_parallel": "Používať paralelné dopyty na zrýchlenie súčasným dopytovaním všetkých upstream serverov súčasne.",
     "parallel_requests": "Paralelné dopyty",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Blokovaný škodlivý kód/pokus o podvod",
     "stats_adult": "Blokovaná stránka pre dospelých",
     "stats_query_domain": "Najčastejšie dopytované domény",
-    "for_last_24_hours": "za posledných 24 hodín",
+    "for_last_hours": "za poslednú {{count}} hodinu",
+    "for_last_hours_plural": "za posledné {{count}} hodiny|za posledných {{count}} hodín",
     "for_last_days": "za posledný {{count}} deň",
     "for_last_days_plural": "za posledných {{count}} dní",
     "stats_disabled": "Štatistiky boli vypnuté. Môžete ich zapnúť na <0>stránke nastavení</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Nenašli sa žiadne údaje o upstream serveroch",
     "number_of_dns_query_days": "Počet DNS dopytov spracovaných za posledný {{count}} deň",
     "number_of_dns_query_days_plural": "Počet DNS dopytov spracovaných za posledných {{count}} dní",
-    "number_of_dns_query_24_hours": "Počet DNS dopytov spracovaných za posledných 24 hodín",
+    "number_of_dns_query_hours": "Počet DNS dopytov spracovaných za poslednú {{count}} hodinu",
+    "number_of_dns_query_hours_plural": "Počet DNS dopytov spracovaných za posledné {{count}} hodiny)|Počet DNS dopytov spracovaných za posledných {{count}} hodín",
     "number_of_dns_query_blocked_24_hours": "Počet DNS dopytov zablokovaných filtrami reklamy a zoznamami blokovaných hostov",
     "number_of_dns_query_blocked_24_hours_by_sec": "Počet DNS dopytov zablokovaných AdGuard modulom Bezpečné prehliadanie",
     "number_of_dns_query_blocked_24_hours_adult": "Počet zablokovaných stránok pre dospelých",
     "enforced_save_search": "Vynútené bezpečné vyhľadávanie",
     "number_of_dns_query_to_safe_search": "Počet DNS dopytov na vyhľadávače, pri ktorých bolo vynútené bezpečné vyhľadávanie",
     "average_processing_time": "Priemerný čas spracovania",
-    "processing_time": "Doba spracovania",
+    "average_upstream_response_time": "Priemerný čas odozvy upstreamu",
+    "response_time": "Čas odozvy",
     "average_processing_time_hint": "Priemerný čas spracovania DNS dopytu v milisekundách",
     "block_domain_use_filters_and_hosts": "Blokovať domény pomocou filtrov a zoznamov adries",
     "filters_block_toggle_hint": "Pravidlá blokovania môžete nastaviť v nastaveniach <a>Filtre</a>.",

client/src/__locales/sl.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Nastavitve odjemalca",
     "example_upstream_reserved": "gorvodni <0>za določene domene</0>;",
+    "example_multiple_upstreams_reserved": "več gorvodnih <0>za določene domene</0>;",
     "example_upstream_comment": "komentar.",
     "upstream_parallel": "Uporabite vzporedne zahteve za pospešitev reševanja s hkratnim poizvedovanjem vseh gorvodnih strežnikov.",
     "parallel_requests": "Vzporedne zahteve",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Onemogočeno zlonamernih programov/lažnih predstavljanj",
     "stats_adult": "Onemogočeno spletnih strani za odrasle",
     "stats_query_domain": "Najbolj poizvedovane domene",
-    "for_last_24_hours": "v zadnjih 24 urah",
+    "for_last_hours": "za zadnjo {{count}} uro",
+    "for_last_hours_plural": "za zadnjih {{count}} ur",
     "for_last_days": "zadnjega {{count}} dne",
     "for_last_days_plural": "zadnjih {{count}} dni",
     "stats_disabled": "Statistika je onemogočena. Vklopite ga lahko na <0>strani z nastavitvami</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Ni podatkov o gorvodnih strežnikih",
     "number_of_dns_query_days": "Število obdelanih poizvedb DNS v zadnjem {{count}} dnevu",
     "number_of_dns_query_days_plural": "Število obdelanih poizvedb DNS v zadnjih {{count}} dneh",
-    "number_of_dns_query_24_hours": "Število obdelanih poizvedb DNS v zadnjih 24 urah",
+    "number_of_dns_query_hours": "Število poizvedb DNS, obdelanih v zadnji {{count}} uri",
+    "number_of_dns_query_hours_plural": "Število poizvedb DNS, obdelanih v zadnjih {{count}} urah",
     "number_of_dns_query_blocked_24_hours": "Število zahtev DNS, ki so jih onemogočili filtri za zaviranje oglasov in seznami nedovoljenih, gostiteljev",
     "number_of_dns_query_blocked_24_hours_by_sec": "Število zahtev DNS, ki jih je blokiral AdGuard zaščitni modul brskanja",
     "number_of_dns_query_blocked_24_hours_adult": "Število onemogočenih spletnih strani za odrasle",
     "enforced_save_search": "Prisilno varno iskanje",
     "number_of_dns_query_to_safe_search": "Število zahtev DNS za iskalnike, za katere je bilo uveljavljeno varno iskanje",
     "average_processing_time": "Povprečni čas obdelave",
-    "processing_time": "Čas obdelave",
+    "average_upstream_response_time": "Povprečni gorvodni odzivni čas",
+    "response_time": "Odzivni čas",
     "average_processing_time_hint": "Povprečni čas v milisekundah pri obdelavi zahteve DNS",
     "block_domain_use_filters_and_hosts": "Onemogoči domene s filtri in gostiteljskimi datotekami",
     "filters_block_toggle_hint": "Pravila zaviranja lahko nastavite v nastavitvah <a>Filtri</a>.",

client/src/__locales/sr-cs.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Postavke klijenta",
     "example_upstream_reserved": "upstream <0>za određene domene</0>;",
+    "example_multiple_upstreams_reserved": "nekoliko DNS servera <0>za određene domene</0>;",
     "example_upstream_comment": "komentar.",
     "upstream_parallel": "Koristite paralelne upite da biste ubrzali rešavanje tako što ćete istovremeno ispitati sve uzvodne servere.",
     "parallel_requests": "Paralelni zahtevi",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Blokiraj štetan softver i fišing",
     "stats_adult": "Blokiraj sajtove za odrasle",
     "stats_query_domain": "Najčešće unošeni domeni",
-    "for_last_24_hours": "u poslednja 24 časa",
+    "for_last_hours": "u poslednjih {{count}} sat",
+    "for_last_hours_plural": "u poslednjih {{count}} sati",
     "for_last_days": "u poslednjih {{count}} dana",
     "for_last_days_plural": "u poslednjih {{count}} dana",
     "stats_disabled": "Statistika je isključena. Možete ga uključiti sa stranice <0>sa postavkama</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Nema podataka o upstream serverima",
     "number_of_dns_query_days": "Broj obrađenih DNS unosa u poslednjih {{count}} dan",
     "number_of_dns_query_days_plural": "Broj obrađenih DNS unosa u poslednjih {{count}} dana",
-    "number_of_dns_query_24_hours": "Broj obrađenih DNS unosa u poslednja 24 časa",
+    "number_of_dns_query_hours": "Broj obrađenih DNS unosa u poslednji {{count}} sat",
+    "number_of_dns_query_hours_plural": "Broj obrađenih DNS unosa u poslednjih {{count}} sati",
     "number_of_dns_query_blocked_24_hours": "Broj DNS zahteva blokiranih od filtera blokatora reklama i blok liste hostova",
     "number_of_dns_query_blocked_24_hours_by_sec": "Broj DNS zahteva blokiranih od AdGuard-ovog podprograma za bezbedno pregledanje",
     "number_of_dns_query_blocked_24_hours_adult": "Broj blokiranih sajtova za odrasle",
     "enforced_save_search": "Nametni sigurno pretraživanje",
     "number_of_dns_query_to_safe_search": "Broj DNS zahteva ka pretraživačima za koje je nametnuto sigurno pretraživanje",
     "average_processing_time": "Prosečno vreme obrade",
-    "processing_time": "Vreme obrade",
+    "average_upstream_response_time": "Prosečno vreme odziva upstream-servera",
+    "response_time": "Vreme odziva",
     "average_processing_time_hint": "Prosečno vreme u milisekundama za obradu DNS zahteva",
     "block_domain_use_filters_and_hosts": "Blokiraj domene koristeći filtere i hosts datoteke",
     "filters_block_toggle_hint": "Možete postaviti pravila blokiranja u <a>Filters</a> postavkama.",

client/src/__locales/sv.json

@@ -1,7 +1,8 @@
 {
     "client_settings": "Klientinställningar",
     "example_upstream_reserved": "uppström <0>för en specifik domän</0>;",
-    "example_upstream_comment": "du kan ange en kommentar.",
+    "example_multiple_upstreams_reserved": "flera uppströmsservrar <0>för specifika domäner</0>;",
+    "example_upstream_comment": "en kommentar.",
     "upstream_parallel": "Använd parallella förfrågningar för att snabba upp dessa genom att fråga alla uppströmsservrar samtidigt.",
     "parallel_requests": "Parallella förfrågningar",
     "load_balancing": "Lastbalansering",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Blockerad skadekod/phishing",
     "stats_adult": "Blockerade vuxensajter",
     "stats_query_domain": "Mest eftersökta domäner",
-    "for_last_24_hours": "under de senaste 24 timmarna",
+    "for_last_hours": "för den senaste {{count}} timme",
+    "for_last_hours_plural": "för de senaste {{count}} timmar",
     "for_last_days": "för den senaste {{count}} dagen",
     "for_last_days_plural": "för de senaste {{count}} dagarna",
     "stats_disabled": "Statistiken har inaktiverats. Du kan aktivera det från <0>inställningssidan</0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Inga uppströmsdata hittades",
     "number_of_dns_query_days": "Antalet DNS-förfrågningar som utfördes under senaste {{count}} dagen",
     "number_of_dns_query_days_plural": "Ett antal DNS förfrågningar utfördes under de senaste {{count}} dagarna",
-    "number_of_dns_query_24_hours": "Antalet DNS-förfrågningar som utfördes under de senaste 24 timmarna",
+    "number_of_dns_query_hours": "Ett antal DNS förfrågningar utfördes för den senaste {{count}} timme",
+    "number_of_dns_query_hours_plural": "Ett antal DNS förfrågningar utfördes för den senaste {{count}} timmar",
     "number_of_dns_query_blocked_24_hours": "Antalet DNS-förfrågningar som blockerades av annonsfilter och värdens blockeringsklistor",
     "number_of_dns_query_blocked_24_hours_by_sec": "Antalet DNS-förfrågningar som blockerades av AdGuards modul för surfsäkerhet",
     "number_of_dns_query_blocked_24_hours_adult": "Antalet vuxensajter som blockerats",
     "enforced_save_search": "Aktivering av Säker surf",
     "number_of_dns_query_to_safe_search": "Antalet DNS-förfrågningar mot sökmotorer där Säker surf tvingats",
     "average_processing_time": "Genomsnittlig processtid",
-    "processing_time": "Bearbetningstid",
+    "average_upstream_response_time": "Genomsnittlig svarstid uppströmsserver",
+    "response_time": "Svarstid",
     "average_processing_time_hint": "Genomsnittlig processtid i millisekunder för DNS-förfrågning",
     "block_domain_use_filters_and_hosts": "Blockera domäner med filter- och värdfiler",
     "filters_block_toggle_hint": "Du kan ställa in egna blockerings regler i <a>Filterinställningar</a>.",

client/src/__locales/tr.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "İstemci ayarları",
     "example_upstream_reserved": "<0>belirli alan adları</0> için bir üst sunucusu;",
+    "example_multiple_upstreams_reserved": "<0>belirli alanlar için</0> birden fazla üst kaynaklar;",
     "example_upstream_comment": "bir yorum.",
     "upstream_parallel": "Tüm üst sunucuları eş zamanlı sorgulayarak çözümlemeyi hızlandırmak için paralel sorgular kullanın.",
     "parallel_requests": "Paralel istekler",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Engellenen kötü amaçlı yazılım ve kimlik avı",
     "stats_adult": "Engellenen yetişkin içerikli siteler",
     "stats_query_domain": "Başlıca sorgulanan alan adları",
-    "for_last_24_hours": "son 24 saat içindekiler",
+    "for_last_hours": "son {{count}} saat için",
+    "for_last_hours_plural": "son {{count}} saat için",
     "for_last_days": "son {{count}} gün boyunca",
     "for_last_days_plural": "son {{count}} gün boyunca",
     "stats_disabled": "İstatistikler devre dışı bırakıldı. Bunu, <0>ayarlar sayfasından</0> etkinleştirebilirsiniz.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Üst kaynak verisi bulunamadı",
     "number_of_dns_query_days": "Son {{count}} gün boyunca işlenen DNS sorgularının sayısı",
     "number_of_dns_query_days_plural": "Son {{count}} gün boyunca işlenen DNS sorgularının sayısı",
-    "number_of_dns_query_24_hours": "Son 24 saat içinde işlenen DNS sorgularının sayısı",
+    "number_of_dns_query_hours": "Son {{count}} saat için işlenen DNS sorgularının sayısı",
+    "number_of_dns_query_hours_plural": "Son {{count}} saatiçin işlenen DNS sorgularının sayısı",
     "number_of_dns_query_blocked_24_hours": "Reklam engelleme filtreleri ve hosts engel listeleri tarafından engellenen DNS isteklerinin sayısı",
     "number_of_dns_query_blocked_24_hours_by_sec": "AdGuard gezinti koruması modülü tarafından engellenen DNS isteklerinin sayısı",
     "number_of_dns_query_blocked_24_hours_adult": "Engellenen yetişkin içerikli sitelerin sayısı",
     "enforced_save_search": "Uygulanan güvenli arama",
     "number_of_dns_query_to_safe_search": "Güvenli Aramanın uygulandığı arama motorlarına gönderilen DNS isteklerinin sayısı",
     "average_processing_time": "Ortalama işlem süresi",
-    "processing_time": "İşlem süresi",
+    "average_upstream_response_time": "Ortalama üst kaynak yanıt süresi",
+    "response_time": "Yanıt süresi",
     "average_processing_time_hint": "Bir DNS isteğinin milisaniye cinsinden ortalama işlem süresi",
     "block_domain_use_filters_and_hosts": "Filtre ve hosts dosyalarını kullanarak alan adlarını engelle",
     "filters_block_toggle_hint": "<a>Filtreler</a> ayarlarında engelleme kuralları oluşturabilirsiniz.",
@@ -178,7 +182,7 @@
     "enabled_save_search_toast": "Güvenli Arama etkinleştirildi",
     "updated_save_search_toast": "Güvenli Arama ayarları güncellendi",
     "enabled_table_header": "Etkin",
-    "name_table_header": "Ad",
+    "name_table_header": "Adı",
     "list_url_table_header": "Liste URL'si",
     "rules_count_table_header": "Kural sayısı",
     "last_time_updated_table_header": "Son güncelleme zamanı",
@@ -433,7 +437,7 @@
     "settings_global": "Genel",
     "settings_custom": "Özel",
     "table_client": "İstemci",
-    "table_name": "Ad",
+    "table_name": "AdAdı",
     "save_btn": "Kaydet",
     "client_add": "İstemci Ekle",
     "client_new": "Yeni İstemci",
@@ -447,7 +451,7 @@
     "form_enter_id": "Tanımlayıcı girin",
     "form_add_id": "Tanımlayıcı ekle",
     "form_client_name": "İstemci ismi girin",
-    "name": "Ad",
+    "name": "Adı",
     "client_global_settings": "Genel ayarları kullan",
     "client_deleted": "\"{{key}}\" istemcisi başarıyla silindi",
     "client_added": "\"{{key}}\" istemcisi başarıyla eklendi",

client/src/__locales/uk.json

@@ -119,7 +119,8 @@
     "stats_malware_phishing": "Заблоковано зловмисних/шахрайських програм",
     "stats_adult": "Заблоковано вебсайтів для дорослих",
     "stats_query_domain": "Найчастіші запити доменів",
-    "for_last_24_hours": "за останні 24 години",
+    "for_last_hours": "за останню {{count}} годину",
+    "for_last_hours_plural": "за останні {{count}} годин",
     "for_last_days": "за останній {{count}} день",
     "for_last_days_plural": "за останні {{count}} днів",
     "stats_disabled": "Статистику вимкнено. Ви можете увімкнути її на <0>сторінці налаштувань</0>.",
@@ -134,14 +135,14 @@
     "no_upstreams_data_found": "Немає даних про upstream-сервери",
     "number_of_dns_query_days": "Кількість DNS-запитів, оброблених за останні {{count}} дні",
     "number_of_dns_query_days_plural": "Кількість DNS-запитів, оброблених за останні {{count}} днів",
-    "number_of_dns_query_24_hours": "Кількість DNS-запитів, оброблених за останні 24 години",
+    "number_of_dns_query_hours": "Кількість DNS-запитів, оброблених за останню {{count}} годину",
+    "number_of_dns_query_hours_plural": "Кількість DNS-запитів, оброблених за останні {{count}} годин",
     "number_of_dns_query_blocked_24_hours": "Кількість DNS-запитів, заблокованих фільтрами і списками блокування hosts",
     "number_of_dns_query_blocked_24_hours_by_sec": "Кількість DNS-запитів, заблокованих модулем «Безпека перегляду» AdGuard",
     "number_of_dns_query_blocked_24_hours_adult": "Кількість заблокованих вебсайтів для дорослих",
     "enforced_save_search": "Примусовий безпечний пошук",
     "number_of_dns_query_to_safe_search": "Кількість DNS-запитів до пошукових систем, для яких примусово застосований безпечний пошук",
     "average_processing_time": "Середній час обробки",
-    "processing_time": "Час обробки",
     "average_processing_time_hint": "Середній час обробки DNS запиту в мілісекундах",
     "block_domain_use_filters_and_hosts": "Блокування доменів за допомогою фільтрів та hosts-файлів",
     "filters_block_toggle_hint": "Ви можете налаштувати правила блокування в розділі <a>Фільтри</a>.",
@@ -681,7 +682,7 @@
     "disable_notify_for_minutes_plural": "Вимкнення захисту на {{count}} хвилин",
     "disable_notify_for_hours": "Вимкнення захисту на {{count}} годину",
     "disable_notify_for_hours_plural": "Вимкнення захисту на {{count}} годин",
-    "disable_notify_until_tomorrow": "Відключення захисту до завтра",
+    "disable_notify_until_tomorrow": "Вимкнути захист до завтра",
     "enable_protection_timer": "Захист буде ввімкнено о {{time}}",
     "custom_retention_input": "Введіть час в годинах",
     "custom_rotation_input": "Введіть час в годинах",
@@ -699,7 +700,7 @@
     "schedule_current_timezone": "Поточний часовий пояс: {{value}}",
     "schedule_time_all_day": "Увесь день",
     "schedule_modal_description": "Цей розклад замінить усі наявні розклади на той самий день тижня. Кожен день тижня може мати тільки один період бездіяльності.",
-    "schedule_modal_time_off": "Блокування сервісів відключена:",
+    "schedule_modal_time_off": "Вимкнення блокування сервісів:",
     "schedule_new": "Новий розклад",
     "schedule_edit": "Редагувати розклад",
     "schedule_save": "Зберегти розклад",

client/src/__locales/vi.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "Cài đặt thiết bị",
     "example_upstream_reserved": "ngược dòng <0>cho các miền cụ thể</0>;",
+    "example_multiple_upstreams_reserved": "nhiều máy chủ thượng nguồn <0>cho các miền cụ thể</0>;",
     "example_upstream_comment": "một lời bình luận.",
     "upstream_parallel": "Sử dụng truy vấn song song để tăng tốc độ giải quyết bằng cách truy vấn đồng thời tất cả các máy chủ ngược tuyến",
     "parallel_requests": "Yêu cầu song song",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "Mã độc/lừa đảo đã chặn",
     "stats_adult": "Website người lớn đã chặn",
     "stats_query_domain": "Tên miền truy vấn nhiều",
-    "for_last_24_hours": "trong 24 giờ qua",
+    "for_last_hours": "trong {{count}} giờ qua",
+    "for_last_hours_plural": "trong {{count}} giờ qua",
     "for_last_days": "trong {{count}} ngày qua",
     "for_last_days_plural": "trong {{count}} ngày qua",
     "stats_disabled": "Số liệu thống kê đã bị vô hiệu hóa. Bạn có thể bật nó từ <0> trang cài đặt </0>.",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "Không tìm thấy dữ liệu máy chủ ngược dòng",
     "number_of_dns_query_days": "Một số truy vấn DNS được xử lý trong {{count}} ngày qua",
     "number_of_dns_query_days_plural": "Một số truy vấn DNS được xử lý trong {{count}} ngày qua",
-    "number_of_dns_query_24_hours": "Số yêu cầu DNS đã xử lý trong 24 giờ qua",
+    "number_of_dns_query_hours": "Một số truy vấn DNS được xử lý trong {{count}} giờ qua",
+    "number_of_dns_query_hours_plural": "Một số truy vấn DNS được xử lý trong {{count}} giờ qua",
     "number_of_dns_query_blocked_24_hours": "Số yêu cầu DNS bị chặn bởi bộ lọc quảng cáo và danh sách chặn host",
     "number_of_dns_query_blocked_24_hours_by_sec": "Số yêu cầu DNS bị chặn bởi chế độ bảo vệ duyệt web AdGuard",
     "number_of_dns_query_blocked_24_hours_adult": "Số trang web người lớn đã chặn",
     "enforced_save_search": "Bắt buộc tìm kiếm an toàn",
     "number_of_dns_query_to_safe_search": "Số yêu cầu DNS tới công cụ tìm kiếm đã chuyển thành tìm kiếm an toàn",
     "average_processing_time": "Thời gian xử lý trung bình",
-    "processing_time": "Thời gian xử lý",
+    "average_upstream_response_time": "Thời gian phản hồi trung bình từ máy chủ thượng nguồn",
+    "response_time": "Thời gian đáp ứng",
     "average_processing_time_hint": "Thời gian trung bình cho một yêu cầu DNS tính bằng mili giây",
     "block_domain_use_filters_and_hosts": "Chặn tên miền sử dụng các bộ lọc và file hosts",
     "filters_block_toggle_hint": "Bạn có thể thiết lập quy tắc chặn tại cài đặt <a>Bộ lọc</a>.",

client/src/__locales/zh-cn.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "客户端设置",
     "example_upstream_reserved": "指定为<0>特定域名</0>的上游服务器；",
+    "example_multiple_upstreams_reserved": "<0>特定域名</0>的多个上游服务器；",
     "example_upstream_comment": "注释。",
     "upstream_parallel": "使用并行请求以同时查询所有上游服务器来加快解析速度。",
     "parallel_requests": "并行请求",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "被拦截的恶意/钓鱼网站",
     "stats_adult": "被拦截的成人网站",
     "stats_query_domain": "请求域名排行",
-    "for_last_24_hours": "在过去 24 小时",
+    "for_last_hours": "最近 {{count}} 小时",
+    "for_last_hours_plural": "最近 {{count}} 小时",
     "for_last_days": "最近 {{count}} 天",
     "for_last_days_plural": "最近 {{count}} 天",
     "stats_disabled": "已禁用统计数据。您可以从<0>设置页面</0>打开它。",
@@ -134,14 +136,16 @@
     "no_upstreams_data_found": "未找到上游服务器数据",
     "number_of_dns_query_days": "过去 {{count}} 天内处理的 DNS 查询总数",
     "number_of_dns_query_days_plural": "在过去的 {{count}} 天内处理了多少个 DNS 查询",
-    "number_of_dns_query_24_hours": "过去 24 小时内处理的 DNS 请求总数",
+    "number_of_dns_query_hours": "最近 {{count}} 小时内处理的 DNS 查询次数",
+    "number_of_dns_query_hours_plural": "最近 {{count}} 小时内处理的 DNS 查询次数",
     "number_of_dns_query_blocked_24_hours": "被广告过滤器和 Hosts 黑名单阻止的 DNS 请求总数",
     "number_of_dns_query_blocked_24_hours_by_sec": "被 AdGuard 安全浏览模块阻止的 DNS 请求总数",
     "number_of_dns_query_blocked_24_hours_adult": "被阻止的成人网站总数",
     "enforced_save_search": "强制安全搜索",
     "number_of_dns_query_to_safe_search": "启用强制安全搜索后对搜索引擎的 DNS 请求总数",
     "average_processing_time": "平均处理时间",
-    "processing_time": "处理时间",
+    "average_upstream_response_time": "上游服务器的平均响应时间",
+    "response_time": "响应时间",
     "average_processing_time_hint": "处理 DNS 请求的平均时间（毫秒）",
     "block_domain_use_filters_and_hosts": "使用过滤器和 Hosts 文件以拦截指定域名",
     "filters_block_toggle_hint": "你可以在 <a>过滤器</a> 设置中添加过滤规则。",

client/src/__locales/zh-tw.json

@@ -1,6 +1,7 @@
 {
     "client_settings": "用戶端設定",
     "example_upstream_reserved": "<0>供特定的網域</0>之上游；",
+    "example_multiple_upstreams_reserved": "<0>特定網域</0>的多個上游伺服器；",
     "example_upstream_comment": "註解。",
     "upstream_parallel": "透過同時地查詢所有上游的伺服器，使用並行的查詢以加速解析。",
     "parallel_requests": "並行的請求",
@@ -8,9 +9,9 @@
     "load_balancing_desc": "每次查詢一個上游伺服器。AdGuard Home 使用它的加權隨機的演算法來選擇伺服器，以便最快的伺服器被更常使用。",
     "bootstrap_dns": "自我啟動（Bootstrap）DNS 伺服器",
     "bootstrap_dns_desc": "DNS 伺服器的 IP 位址，用於解析您指定為上游伺服器的 DoH/DoT 解析器的 IP 位址。不允許註釋。",
-    "fallback_dns_title": "備援 DNS 伺服器",
-    "fallback_dns_desc": "當上游 DNS 伺服器未回應時使用的備援 DNS 伺服器清單。語法與上面的主要上游欄位相同。",
-    "fallback_dns_placeholder": "每行輸入一個備援 DNS 伺服器",
+    "fallback_dns_title": "應變 DNS 伺服器",
+    "fallback_dns_desc": "當上游 DNS 伺服器未回覆時被使用的應變 DNS 伺服器之清單。此語法與在上面主要上游欄位中的相同。",
+    "fallback_dns_placeholder": "每行輸入一個應變 DNS 伺服器",
     "local_ptr_title": "私人反向的 DNS 伺服器",
     "local_ptr_desc": "AdGuard Home 用於區域指標（PTR）查詢之 DNS 伺服器。這些伺服器被用於解析有關在私人 IP 範圍的位址之區域指標查詢，例如，\"192.168.12.34\"，使用反向的 DNS。如果未被設定，AdGuard Home 使用您的作業系統之預設 DNS 解析器的位址。",
     "local_ptr_default_resolver": "預設下，AdGuard Home 使用以下反向的 DNS 解析器：{{ip}}。",
@@ -119,7 +120,8 @@
     "stats_malware_phishing": "已封鎖的惡意軟體/網路釣魚",
     "stats_adult": "已封鎖的成人網站",
     "stats_query_domain": "熱門已查詢的網域",
-    "for_last_24_hours": "在最近的 24 小時內",
+    "for_last_hours": "在過去的 {{count}} 小時內",
+    "for_last_hours_plural": "在過去的 {{count}} 小時內",
     "for_last_days": "在最近的 {{count}} 日內",
     "for_last_days_plural": "在最近的 {{count}} 日內",
     "stats_disabled": "該統計資料已被禁用。您可從<0>設定頁面</0>中打開它。",
@@ -130,18 +132,20 @@
     "top_clients": "熱門用戶端",
     "no_clients_found": "無已發現之用戶端",
     "general_statistics": "一般的統計資料",
-    "top_upstreams": "經常請求的上游伺服器",
+    "top_upstreams": "熱門上游",
     "no_upstreams_data_found": "找不到上游伺服器資料",
     "number_of_dns_query_days": "在最近的 {{count}} 日內已處理的 DNS 查詢之數量",
     "number_of_dns_query_days_plural": "在最近的 {{count}} 日內已處理的 DNS 查詢之數量",
-    "number_of_dns_query_24_hours": "在最近的 24 小時內已處理的 DNS 查詢之數量",
+    "number_of_dns_query_hours": "過去 {{count}} 小時內處理的 DNS 查詢次數",
+    "number_of_dns_query_hours_plural": "過去 {{count}} 小時內處理的 DNS 查詢次數",
     "number_of_dns_query_blocked_24_hours": "被廣告封鎖過濾器和主機封鎖清單阻擋的 DNS 請求之數量",
     "number_of_dns_query_blocked_24_hours_by_sec": "被 AdGuard 瀏覽安全模組封鎖的 DNS 請求之數量",
     "number_of_dns_query_blocked_24_hours_adult": "已封鎖的成人網站之數量",
     "enforced_save_search": "已強制執行的安全搜尋",
     "number_of_dns_query_to_safe_search": "安全搜尋已被強制執行之屬於搜尋引擎的 DNS 請求之數量",
     "average_processing_time": "平均的處理時間",
-    "processing_time": "處理時間",
+    "average_upstream_response_time": "平均的上游回應時間",
+    "response_time": "回應時間",
     "average_processing_time_hint": "在處理一項 DNS 請求時以毫秒（ms）計的平均時間",
     "block_domain_use_filters_and_hosts": "透過過濾器和主機檔案封鎖網域",
     "filters_block_toggle_hint": "您可在<a>過濾器</a>設定中設置封鎖規則。",
@@ -286,7 +290,7 @@
     "blocking_ipv4": "封鎖 IPv4",
     "blocking_ipv6": "封鎖 IPv6",
     "blocked_response_ttl": "已封鎖的回應之存活時間（TTL）",
-    "blocked_response_ttl_desc": "指定客戶端應將過濾後的回應存入快取的秒數",
+    "blocked_response_ttl_desc": "對用戶端應快取受過濾的回應，指定多少秒數",
     "form_enter_blocked_response_ttl": "請輸入已封鎖回應的存活時間（秒）",
     "dnscrypt": "DNSCrypt",
     "dns_over_https": "DNS-over-HTTPS",

client/src/components/App/index.css

@@ -118,6 +118,11 @@ body {
     overflow-y: auto;
 }
 
+.modal-body--filters {
+    max-height: 600px;
+    overflow-y: auto;
+}
+
 .modal-body__item:not(:first-child) {
     padding-top: 1.5rem;
 }
@@ -134,15 +139,6 @@ body {
     cursor: not-allowed;
 }
 
-.button-action {
-    visibility: hidden;
-}
-
-.logs__row:hover .button-action,
-.button-action--active {
-    visibility: visible;
-}
-
 .ReactModal__Body--open {
     overflow: hidden;
 }

client/src/components/Dashboard/BlockedDomains.js

@@ -8,7 +8,7 @@ import Cell from '../ui/Cell';
 import DomainCell from './DomainCell';
 
 import { getPercent } from '../../helpers/helpers';
-import { STATUS_COLORS } from '../../helpers/constants';
+import { DASHBOARD_TABLES_DEFAULT_PAGE_SIZE, STATUS_COLORS, TABLES_MIN_ROWS } from '../../helpers/constants';
 
 const CountCell = (totalBlocked) => function cell(row) {
     const { value } = row;
@@ -62,8 +62,8 @@ const BlockedDomains = ({
                 ]}
                 showPagination={false}
                 noDataText={t('no_domains_found')}
-                minRows={6}
-                defaultPageSize={100}
+                minRows={TABLES_MIN_ROWS}
+                defaultPageSize={DASHBOARD_TABLES_DEFAULT_PAGE_SIZE}
                 className="-highlight card-table-overflow--limited stats__table"
             />
         </Card>

client/src/components/Dashboard/Clients.js

@@ -1,4 +1,4 @@
-import React from 'react';
+import React, { useState } from 'react';
 import ReactTable from 'react-table';
 import PropTypes from 'prop-types';
 import { Trans, useTranslation } from 'react-i18next';
@@ -9,10 +9,16 @@ import Card from '../ui/Card';
 import Cell from '../ui/Cell';
 
 import { getPercent, sortIp } from '../../helpers/helpers';
-import { BLOCK_ACTIONS, STATUS_COLORS } from '../../helpers/constants';
+import {
+    BLOCK_ACTIONS,
+    DASHBOARD_TABLES_DEFAULT_PAGE_SIZE,
+    STATUS_COLORS,
+    TABLES_MIN_ROWS,
+} from '../../helpers/constants';
 import { toggleClientBlock } from '../../actions/access';
 import { renderFormattedClientCell } from '../../helpers/renderFormattedClientCell';
 import { getStats } from '../../actions/stats';
+import IconTooltip from '../Logs/Cells/IconTooltip';
 
 const getClientsPercentColor = (percent) => {
     if (percent > 50) {
@@ -40,9 +46,7 @@ const renderBlockingButton = (ip, disallowed, disallowed_rule) => {
     const processingSet = useSelector((state) => state.access.processingSet);
     const allowedСlients = useSelector((state) => state.access.allowed_clients, shallowEqual);
 
-    const buttonClass = classNames('button-action button-action--main', {
-        'button-action--unblock': disallowed,
-    });
+    const [isOptionsOpened, setOptionsOpened] = useState(false);
 
     const toggleClientStatus = async (ip, disallowed, disallowed_rule) => {
         let confirmMessage;
@@ -62,23 +66,49 @@ const renderBlockingButton = (ip, disallowed, disallowed_rule) => {
         }
     };
 
-    const onClick = () => toggleClientStatus(ip, disallowed, disallowed_rule);
+    const onClick = () => {
+        toggleClientStatus(ip, disallowed, disallowed_rule);
+        setOptionsOpened(false);
+    };
 
     const text = disallowed ? BLOCK_ACTIONS.UNBLOCK : BLOCK_ACTIONS.BLOCK;
 
     const lastRuleInAllowlist = !disallowed && allowedСlients === disallowed_rule;
     const disabled = processingSet || lastRuleInAllowlist;
     return (
-        <div className="table__action pl-4">
+        <div className="table__action">
             <button
                 type="button"
-                className={buttonClass}
-                onClick={onClick}
-                disabled={disabled}
-                title={lastRuleInAllowlist ? t('last_rule_in_allowlist', { disallowed_rule }) : ''}
+                className="btn btn-icon btn-sm px-0"
+                onClick={() => setOptionsOpened(true)}
             >
-                <Trans>{text}</Trans>
+                <svg className="icon24 icon--lightgray button-action__icon">
+                    <use xlinkHref="#bullets" />
+                </svg>
             </button>
+            {isOptionsOpened && (
+                <IconTooltip
+                    className="icon24"
+                    tooltipClass="button-action--arrow-option-container"
+                    xlinkHref="bullets"
+                    triggerClass="btn btn-icon btn-sm px-0 button-action__hidden-trigger"
+                    content={(
+                        <button
+                            className={classNames('button-action--arrow-option px-4 py-1', disallowed ? 'bg--green' : 'bg--danger')}
+                            onClick={onClick}
+                            disabled={disabled}
+                            title={lastRuleInAllowlist ? t('last_rule_in_allowlist', { disallowed_rule }) : ''}
+                        >
+                            <Trans>{text}</Trans>
+                        </button>
+                    )}
+                    placement="bottom-end"
+                    trigger="click"
+                    onVisibilityChange={setOptionsOpened}
+                    defaultTooltipShown={true}
+                    delayHide={0}
+                />
+            )}
         </div>
     );
 };
@@ -134,8 +164,8 @@ const Clients = ({
                 ]}
                 showPagination={false}
                 noDataText={t('no_clients_found')}
-                minRows={6}
-                defaultPageSize={100}
+                minRows={TABLES_MIN_ROWS}
+                defaultPageSize={DASHBOARD_TABLES_DEFAULT_PAGE_SIZE}
                 className="-highlight card-table-overflow--limited clients__table"
                 getTrProps={(_state, rowInfo) => {
                     if (!rowInfo) {

client/src/components/Dashboard/Counters.js

@@ -4,9 +4,9 @@ import { Trans, useTranslation } from 'react-i18next';
 import round from 'lodash/round';
 import { shallowEqual, useSelector } from 'react-redux';
 import Card from '../ui/Card';
-import { formatNumber } from '../../helpers/helpers';
+import { formatNumber, msToDays, msToHours } from '../../helpers/helpers';
 import LogsSearchLink from '../ui/LogsSearchLink';
-import { RESPONSE_FILTER, DAY } from '../../helpers/constants';
+import { RESPONSE_FILTER, TIME_UNITS } from '../../helpers/constants';
 import Tooltip from '../ui/Tooltip';
 
 const Row = ({
@@ -52,14 +52,19 @@ const Counters = ({ refreshButton, subtitle }) => {
         numReplacedParental,
         numReplacedSafesearch,
         avgProcessingTime,
+        timeUnits,
     } = useSelector((state) => state.stats, shallowEqual);
     const { t } = useTranslation();
-    const days = interval / DAY;
+
+    const dnsQueryTooltip = timeUnits === TIME_UNITS.HOURS
+        ? t('number_of_dns_query_hours', { count: msToHours(interval) })
+        : t('number_of_dns_query_days', { count: msToDays(interval) });
+
     const rows = [
         {
             label: 'dns_query',
             count: numDnsQueries,
-            tooltipTitle: days === 1 ? 'number_of_dns_query_24_hours' : t('number_of_dns_query_days', { count: days }),
+            tooltipTitle: dnsQueryTooltip,
             response_status: RESPONSE_FILTER.ALL.QUERY,
         },
         {

client/src/components/Dashboard/Dashboard.css

@@ -28,11 +28,14 @@
     border-bottom: 6px solid #585965;
 }
 
-@media (max-width: 1279.98px) {
-    .table__action {
-        position: absolute;
-        right: 0;
-    }
+.table__action {
+    position: relative;
+    margin-left: auto;
+}
+
+.table__action .btn-icon {
+    outline: 0;
+    box-shadow: none;
 }
 
 .page-title--dashboard {

client/src/components/Dashboard/QueriedDomains.js

@@ -7,7 +7,7 @@ import Card from '../ui/Card';
 import Cell from '../ui/Cell';
 import DomainCell from './DomainCell';
 
-import { STATUS_COLORS } from '../../helpers/constants';
+import { DASHBOARD_TABLES_DEFAULT_PAGE_SIZE, STATUS_COLORS, TABLES_MIN_ROWS } from '../../helpers/constants';
 import { getPercent } from '../../helpers/helpers';
 
 const getQueriedPercentColor = (percent) => {
@@ -58,8 +58,8 @@ const QueriedDomains = ({
             ]}
             showPagination={false}
             noDataText={t('no_domains_found')}
-            minRows={6}
-            defaultPageSize={100}
+            minRows={TABLES_MIN_ROWS}
+            defaultPageSize={DASHBOARD_TABLES_DEFAULT_PAGE_SIZE}
             className="-highlight card-table-overflow--limited stats__table"
         />
     </Card>

client/src/components/Dashboard/UpstreamAvgTime.js

@@ -6,6 +6,7 @@ import { withTranslation, Trans } from 'react-i18next';
 
 import Card from '../ui/Card';
 import DomainCell from './DomainCell';
+import { DASHBOARD_TABLES_DEFAULT_PAGE_SIZE, TABLES_MIN_ROWS } from '../../helpers/constants';
 
 const TimeCell = ({ value }) => {
     if (!value) {
@@ -37,7 +38,7 @@ const UpstreamAvgTime = ({
     subtitle,
 }) => (
     <Card
-        title={t('average_processing_time')}
+        title={t('average_upstream_response_time')}
         subtitle={subtitle}
         bodyType="card-table"
         refresh={refreshButton}
@@ -54,7 +55,7 @@ const UpstreamAvgTime = ({
                     Cell: DomainCell,
                 },
                 {
-                    Header: <Trans>processing_time</Trans>,
+                    Header: <Trans>response_time</Trans>,
                     accessor: 'count',
                     maxWidth: 190,
                     Cell: TimeCell,
@@ -62,8 +63,8 @@ const UpstreamAvgTime = ({
             ]}
             showPagination={false}
             noDataText={t('no_upstreams_data_found')}
-            minRows={6}
-            defaultPageSize={100}
+            minRows={TABLES_MIN_ROWS}
+            defaultPageSize={DASHBOARD_TABLES_DEFAULT_PAGE_SIZE}
             className="-highlight card-table-overflow--limited stats__table"
         />
     </Card>

client/src/components/Dashboard/UpstreamResponses.js

@@ -8,7 +8,7 @@ import Cell from '../ui/Cell';
 import DomainCell from './DomainCell';
 
 import { getPercent } from '../../helpers/helpers';
-import { STATUS_COLORS } from '../../helpers/constants';
+import { DASHBOARD_TABLES_DEFAULT_PAGE_SIZE, STATUS_COLORS, TABLES_MIN_ROWS } from '../../helpers/constants';
 
 const CountCell = (totalBlocked) => (
     function cell(row) {
@@ -64,8 +64,8 @@ const UpstreamResponses = ({
             ]}
             showPagination={false}
             noDataText={t('no_upstreams_data_found')}
-            minRows={6}
-            defaultPageSize={100}
+            minRows={TABLES_MIN_ROWS}
+            defaultPageSize={DASHBOARD_TABLES_DEFAULT_PAGE_SIZE}
             className="-highlight card-table-overflow--limited stats__table"
         />
     </Card>

client/src/components/Dashboard/index.js

@@ -9,7 +9,12 @@ import Counters from './Counters';
 import Clients from './Clients';
 import QueriedDomains from './QueriedDomains';
 import BlockedDomains from './BlockedDomains';
-import { DISABLE_PROTECTION_TIMINGS, ONE_SECOND_IN_MS, SETTINGS_URLS } from '../../helpers/constants';
+import {
+    DISABLE_PROTECTION_TIMINGS,
+    ONE_SECOND_IN_MS,
+    SETTINGS_URLS,
+    TIME_UNITS,
+} from '../../helpers/constants';
 import {
     msToSeconds,
     msToMinutes,
@@ -46,15 +51,12 @@ const Dashboard = ({
         getAllStats();
     }, []);
     const getSubtitle = () => {
-        const ONE_DAY = 1;
-        const intervalInDays = msToDays(stats.interval);
-
-        if (intervalInDays < ONE_DAY) {
+        if (!stats.enabled) {
             return t('stats_disabled_short');
         }
 
-        return intervalInDays === ONE_DAY
-            ? t('for_last_24_hours')
+        return stats.timeUnits === TIME_UNITS.HOURS
+            ? t('for_last_hours', { count: msToHours(stats.interval) })
             : t('for_last_days', { count: msToDays(stats.interval) });
     };
 

client/src/components/Filters/Form.js

@@ -28,7 +28,7 @@ const renderIcons = (iconsData) => iconsData.map(({
 }) => <a key={iconName} href={href} target="_blank" rel="noopener noreferrer"
          className={classNames('d-flex align-items-center', className)}
 >
-    <svg className="nav-icon nav-icon--gray">
+    <svg className="icon icon--15 mr-1 icon--gray">
         <use xlinkHref={`#${iconName}`} />
     </svg>
 </a>);
@@ -110,7 +110,7 @@ const Form = (props) => {
     const openAddFiltersModal = () => openModal(MODAL_TYPE.ADD_FILTERS);
 
     return <form onSubmit={handleSubmit}>
-        <div className="modal-body modal-body--medium">
+        <div className="modal-body modal-body--filters">
             {modalType === MODAL_TYPE.SELECT_MODAL_TYPE
             && <div className="d-flex justify-content-around">
                 <button onClick={openFilteringListModal}

client/src/components/Filters/Rewrites/Table.js

@@ -3,7 +3,7 @@ import PropTypes from 'prop-types';
 import ReactTable from 'react-table';
 import { withTranslation } from 'react-i18next';
 import { sortIp } from '../../../helpers/helpers';
-import { MODAL_TYPE } from '../../../helpers/constants';
+import { MODAL_TYPE, TABLES_MIN_ROWS } from '../../../helpers/constants';
 import { LocalStorageHelper, LOCAL_STORAGE_KEYS } from '../../../helpers/localStorageHelper';
 
 class Table extends Component {
@@ -88,7 +88,7 @@ class Table extends Component {
                 showPagination
                 defaultPageSize={LocalStorageHelper.getItem(LOCAL_STORAGE_KEYS.REWRITES_PAGE_SIZE) || 10}
                 onPageSizeChange={(size) => LocalStorageHelper.setItem(LOCAL_STORAGE_KEYS.REWRITES_PAGE_SIZE, size)}
-                minRows={5}
+                minRows={TABLES_MIN_ROWS}
                 ofText="/"
                 previousText={t('previous_btn')}
                 nextText={t('next_btn')}

client/src/components/Filters/Services/ScheduleForm/Modal.js

@@ -81,6 +81,10 @@ export const Modal = ({
             };
         });
 
+        if (timezone !== intialTimezone) {
+            newSchedule.time_zone = timezone;
+        }
+
         onSubmit(newSchedule);
     };
 

client/src/components/Logs/Cells/ClientCell.js

@@ -26,9 +26,7 @@ const ClientCell = ({
     const { t } = useTranslation();
     const dispatch = useDispatch();
     const autoClients = useSelector((state) => state.dashboard.autoClients, shallowEqual);
-    const processingRules = useSelector((state) => state.filtering.processingRules);
     const isDetailed = useSelector((state) => state.queryLogs.isDetailed);
-    const processingSet = useSelector((state) => state.access.processingSet);
     const allowedСlients = useSelector((state) => state.access.allowed_clients, shallowEqual);
     const [isOptionsOpened, setOptionsOpened] = useState(false);
 
@@ -84,11 +82,23 @@ const ClientCell = ({
         const blockingForClientKey = isFiltered ? 'unblock_for_this_client_only' : 'block_for_this_client_only';
         const clientNameBlockingFor = getBlockingClientName(clients, client);
 
+        const onClick = async () => {
+            await dispatch(toggleBlocking(buttonType, domain));
+            await dispatch(getStats());
+            setOptionsOpened(false);
+        };
+
         const BUTTON_OPTIONS = [
+            {
+                name: buttonType,
+                onClick,
+                className: isFiltered ? 'bg--green' : 'bg--danger',
+            },
             {
                 name: blockingForClientKey,
                 onClick: () => {
                     dispatch(toggleBlockingForClient(buttonType, domain, clientNameBlockingFor));
+                    setOptionsOpened(false);
                 },
             },
             {
@@ -101,27 +111,25 @@ const ClientCell = ({
                             client_info?.disallowed_rule || '',
                         ));
                         await dispatch(updateLogs());
+                        setOptionsOpened(false);
                     }
                 },
-                disabled: processingSet || lastRuleInAllowlist,
+                disabled: lastRuleInAllowlist,
             },
         ];
 
-        const onClick = async () => {
-            await dispatch(toggleBlocking(buttonType, domain));
-            await dispatch(getStats());
-        };
-
         const getOptions = (options) => {
             if (options.length === 0) {
                 return null;
             }
             return (
                 <>
-                    {options.map(({ name, onClick, disabled }) => (
+                    {options.map(({
+                        name, onClick, disabled, className,
+                    }) => (
                         <button
                             key={name}
-                            className="button-action--arrow-option px-4 py-1"
+                            className={classNames('button-action--arrow-option px-4 py-1', className)}
                             onClick={onClick}
                             disabled={disabled}
                         >
@@ -134,17 +142,6 @@ const ClientCell = ({
 
         const content = getOptions(BUTTON_OPTIONS);
 
-        const buttonClass = classNames('button-action button-action--main', {
-            'button-action--unblock': isFiltered,
-            'button-action--with-options': content,
-            'button-action--active': isOptionsOpened,
-        });
-
-        const buttonArrowClass = classNames('button-action button-action--arrow', {
-            'button-action--unblock': isFiltered,
-            'button-action--active': isOptionsOpened,
-        });
-
         const containerClass = classNames('button-action__container', {
             'button-action__container--detailed': isDetailed,
         });
@@ -153,25 +150,26 @@ const ClientCell = ({
             <div className={containerClass}>
                 <button
                     type="button"
-                    className={buttonClass}
-                    onClick={onClick}
-                    disabled={processingRules}
+                    className="btn btn-icon btn-sm px-0"
+                    onClick={() => setOptionsOpened(true)}
                 >
-                    {t(buttonType)}
+                    <svg className="icon24 icon--lightgray button-action__icon">
+                        <use xlinkHref="#bullets" />
+                    </svg>
                 </button>
-                {content && (
-                    <button className={buttonArrowClass} disabled={processingRules}>
-                        <IconTooltip
-                            className="icon24"
-                            tooltipClass="button-action--arrow-option-container"
-                            xlinkHref="chevron-down"
-                            triggerClass="button-action--icon"
-                            content={content}
-                            placement="bottom-end"
-                            trigger="click"
-                            onVisibilityChange={setOptionsOpened}
-                        />
-                    </button>
+                {isOptionsOpened && (
+                    <IconTooltip
+                        className="icon24"
+                        tooltipClass="button-action--arrow-option-container"
+                        xlinkHref="bullets"
+                        triggerClass="btn btn-icon btn-sm px-0 button-action__hidden-trigger"
+                        content={content}
+                        placement="bottom-end"
+                        trigger="click"
+                        onVisibilityChange={setOptionsOpened}
+                        defaultTooltipShown={true}
+                        delayHide={0}
+                    />
                 )}
             </div>
         );
@@ -198,7 +196,7 @@ const ClientCell = ({
                 </div>
                 {isDetailed && clientName && !whoisAvailable && (
                     <Link
-                        className="detailed-info d-none d-sm-block logs__text logs__text--link"
+                        className="detailed-info d-none d-sm-block logs__text logs__text--link logs__text--client"
                         to={`logs?search="${encodeURIComponent(clientName)}"`}
                         title={clientName}
                     >

client/src/components/Logs/Cells/IconTooltip.css

@@ -1,4 +1,5 @@
 .tooltip-custom__container {
+    min-width: 150px;
     padding: 1rem 1.5rem 1.25rem 1.5rem;
     font-size: 16px !important;
     box-shadow: 2px 4px 8px rgba(0, 0, 0, 0.2);

client/src/components/Logs/Cells/IconTooltip.js

@@ -21,6 +21,8 @@ const IconTooltip = ({
     content,
     trigger,
     onVisibilityChange,
+    defaultTooltipShown,
+    delayHide,
     renderContent = content ? React.Children.map(
         processContent(content),
         (item, idx) => <div key={idx} className={contentItemClass}>
@@ -44,6 +46,8 @@ const IconTooltip = ({
         trigger={trigger}
         onVisibilityChange={onVisibilityChange}
         delayShow={trigger === 'click' ? 0 : SHOW_TOOLTIP_DELAY}
+        delayHide={delayHide}
+        defaultTooltipShown={defaultTooltipShown}
     >
         {xlinkHref && <svg className={className}>
             <use xlinkHref={`#${xlinkHref}`} />
@@ -65,6 +69,8 @@ IconTooltip.propTypes = {
     content: PropTypes.node,
     renderContent: PropTypes.arrayOf(PropTypes.element),
     onVisibilityChange: PropTypes.func,
+    defaultTooltipShown: PropTypes.bool,
+    delayHide: PropTypes.number,
 };
 
 export default IconTooltip;

client/src/components/Logs/Logs.css

@@ -80,6 +80,10 @@
     color: var(--gray-f3);
 }
 
+.logs__table .logs__text--client {
+    padding-right: 32px;
+}
+
 .icon--selected {
     background-color: var(--gray-f3);
     border: solid 1px var(--gray-d8);
@@ -261,9 +265,8 @@
 .button-action__container {
     display: flex;
     position: absolute;
-    right: 0;
+    right: 2px;
     bottom: 0.5rem;
-    height: 1.6rem;
 }
 
 @media screen and (max-width: 1024px) {
@@ -307,45 +310,10 @@
     border-bottom-right-radius: 0;
 }
 
-.button-action--arrow {
-    border-top-left-radius: 0;
-    border-bottom-left-radius: 0;
-    border-left: 1px solid var(--white);
-    width: 1.5625rem;
-    padding: 0;
-    display: flex;
-    align-items: center;
-    justify-content: center;
-}
-
 .button-action:hover {
     cursor: pointer;
 }
 
-.button-action--arrow .button-action--icon {
-    width: 100%;
-    height: 100%;
-    display: flex;
-    justify-content: center;
-}
-
-.button-action:active {
-    background: var(--btn-block-active);
-}
-
-.button-action--unblock:active {
-    background: var(--btn-unblock-active);
-}
-
-.button-action:disabled {
-    background: var(--btn-block-disabled);
-    cursor: default;
-}
-
-.button-action--unblock:disabled {
-    background: var(--btn-unblock-disabled);
-}
-
 .button-action--arrow-option {
     background: transparent;
     border: 0;
@@ -551,3 +519,20 @@
     padding: 1rem 1.5rem;
     background-color: var(--card-bgcolor);
 }
+
+.button-action__hidden-trigger {
+    position: absolute;
+    top: 0;
+    right: 0;
+    width: 1px;
+    height: 33px;
+    margin: -1px;
+    padding: 0;
+    overflow: hidden;
+    border: 0;
+    clip: rect(0 0 0 0);
+}
+
+[data-theme="dark"] .button-action__icon {
+    color: var(--gray-f3);
+}

client/src/components/Settings/Clients/AutoClients.js

@@ -10,6 +10,7 @@ import whoisCell from './whoisCell';
 import LogsSearchLink from '../../ui/LogsSearchLink';
 import { sortIp } from '../../../helpers/helpers';
 import { LocalStorageHelper, LOCAL_STORAGE_KEYS } from '../../../helpers/localStorageHelper';
+import { TABLES_MIN_ROWS } from '../../../helpers/constants';
 
 const COLUMN_MIN_WIDTH = 200;
 
@@ -90,7 +91,7 @@ class AutoClients extends Component {
                     onPageSizeChange={(size) => (
                         LocalStorageHelper.setItem(LOCAL_STORAGE_KEYS.AUTO_CLIENTS_PAGE_SIZE, size)
                     )}
-                    minRows={5}
+                    minRows={TABLES_MIN_ROWS}
                     ofText="/"
                     previousText={t('previous_btn')}
                     nextText={t('next_btn')}

client/src/components/Settings/Clients/ClientsTable/ClientsTable.js

@@ -14,7 +14,7 @@ import {
     sortIp,
     getService,
 } from '../../../../helpers/helpers';
-import { MODAL_TYPE, LOCAL_TIMEZONE_VALUE } from '../../../../helpers/constants';
+import { MODAL_TYPE, LOCAL_TIMEZONE_VALUE, TABLES_MIN_ROWS } from '../../../../helpers/constants';
 import Card from '../../../ui/Card';
 import CellWrap from '../../../ui/CellWrap';
 import LogsSearchLink from '../../../ui/LogsSearchLink';
@@ -347,7 +347,7 @@ const ClientsTable = ({
                     onPageSizeChange={(size) => (
                         LocalStorageHelper.setItem(LOCAL_STORAGE_KEYS.CLIENTS_PAGE_SIZE, size)
                     )}
-                    minRows={5}
+                    minRows={TABLES_MIN_ROWS}
                     ofText="/"
                     previousText={t('previous_btn')}
                     nextText={t('next_btn')}

client/src/components/Settings/Dns/Upstream/Examples.js

@@ -137,6 +137,22 @@ const Examples = (props) => (
                     example_upstream_reserved
                 </Trans>
             </li>
+            <li>
+                <code>[/example.local/]94.140.14.140 2a10:50c0::1:ff</code>: <Trans
+                    components={[
+                        <a
+                            href="https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#upstreams-for-domains"
+                            target="_blank"
+                            rel="noopener noreferrer"
+                            key="0"
+                        >
+                            Link
+                        </a>,
+                    ]}
+                >
+                    example_multiple_upstreams_reserved
+                </Trans>
+            </li>
             <li>
                 <code>{COMMENT_LINE_DEFAULT_TOKEN} comment</code>: <Trans>
                     example_upstream_comment

client/src/components/ui/Card.css

@@ -2,6 +2,7 @@
     align-items: center;
     justify-content: space-between;
     padding: 0.6rem 1.5rem;
+    flex-shrink: 0;
 }
 
 .card-subtitle {
@@ -19,8 +20,16 @@
     max-height: 17.5rem;
 }
 
+.dashboard .card-table {
+    overflow: hidden;
+}
+
 .dashboard .card-table-overflow--limited {
-    max-height: 18rem;
+    max-height: 292px;
+}
+
+.dashboard .ReactTable .rt-tr-group {
+    min-height: 52px;
 }
 
 .card-actions {
@@ -125,7 +134,7 @@
 
 @media (min-width: 992px) {
     .dashboard .card:not(.card--full) {
-        height: 22rem;
+        height: 360px;
     }
 }
 
@@ -140,3 +149,7 @@
 .card .logs__row--blue {
     background-color: #ecf7ff;
 }
+
+[data-theme="dark"] .card .logs__row--blue {
+    background-color: var(--logs__row--blue-bgcolor);
+}

client/src/components/ui/Icons.css

@@ -24,6 +24,13 @@
     height: var(--size);
 }
 
+.icon--15 {
+    --size: 0.95rem;
+
+    width: var(--size);
+    height: var(--size);
+}
+
 .icon--gray {
     color: var(--gray-a5);
 }

client/src/components/ui/Icons.js

@@ -239,6 +239,12 @@ const Icons = () => (
             <circle cx="12" cy="12" r="9" />
             <path d="M16.1215 12.1213H11.8789V7.87866" />
         </symbol>
+
+        <symbol id="bullets" width="24" height="24" viewBox="0 0 24 24">
+            <path fillRule="evenodd" clipRule="evenodd" d="M12 7C11.1716 7 10.5 6.32843 10.5 5.5C10.5 4.67157 11.1716 4 12 4C12.8284 4 13.5 4.67157 13.5 5.5C13.5 6.32843 12.8284 7 12 7Z" fill="currentColor" />
+            <path fillRule="evenodd" clipRule="evenodd" d="M12 13.5C11.1716 13.5 10.5 12.8284 10.5 12C10.5 11.1716 11.1716 10.5 12 10.5C12.8284 10.5 13.5 11.1716 13.5 12C13.5 12.8284 12.8284 13.5 12 13.5Z" fill="currentColor" />
+            <path fillRule="evenodd" clipRule="evenodd" d="M12 20C11.1716 20 10.5 19.3284 10.5 18.5C10.5 17.6716 11.1716 17 12 17C12.8284 17 13.5 17.6716 13.5 18.5C13.5 19.3284 12.8284 20 12 20Z" fill="currentColor" />
+        </symbol>
     </svg>
 );
 

client/src/components/ui/Line.js

@@ -1,7 +1,6 @@
 import React from 'react';
 import { ResponsiveLine } from '@nivo/line';
 import addDays from 'date-fns/add_days';
-import addHours from 'date-fns/add_hours';
 import subDays from 'date-fns/sub_days';
 import subHours from 'date-fns/sub_hours';
 import dateFormat from 'date-fns/format';
@@ -9,12 +8,14 @@ import round from 'lodash/round';
 import { useSelector } from 'react-redux';
 import PropTypes from 'prop-types';
 import './Line.css';
-import { msToDays } from '../../helpers/helpers';
+import { msToDays, msToHours } from '../../helpers/helpers';
+import { TIME_UNITS } from '../../helpers/constants';
 
 const Line = ({
     data, color = 'black',
 }) => {
-    const interval = msToDays(useSelector((state) => state.stats.interval));
+    const interval = useSelector((state) => state.stats.interval);
+    const timeUnits = useSelector((state) => state.stats.timeUnits);
 
     return <ResponsiveLine
         enableArea
@@ -44,12 +45,12 @@ const Line = ({
         enableGridY={false}
         enablePoints={false}
         xFormat={(x) => {
-            if (interval >= 0 && interval <= 7) {
-                const hoursAgo = subHours(Date.now(), 24 * interval);
-                return dateFormat(addHours(hoursAgo, x), 'D MMM HH:00');
+            if (timeUnits === TIME_UNITS.HOURS) {
+                const hoursAgo = msToHours(interval) - x - 1;
+                return dateFormat(subHours(Date.now(), hoursAgo), 'D MMM HH:00');
             }
 
-            const daysAgo = subDays(Date.now(), interval - 1);
+            const daysAgo = subDays(Date.now(), msToDays(interval) - 1);
             return dateFormat(addDays(daysAgo, x), 'D MMM YYYY');
         }}
         yFormat={(y) => round(y, 2)}

client/src/components/ui/ReactTable.css

@@ -9,10 +9,6 @@
     overflow: visible;
 }
 
-.ReactTable .rt-tbody {
-    overflow: visible;
-}
-
 .ReactTable .rt-noData {
     color: var(--rt-nodata-color);
     background-color: var(--rt-nodata-bgcolor);

client/src/components/ui/Tooltip.js

@@ -21,6 +21,7 @@ const Tooltip = ({
     delayShow = SHOW_TOOLTIP_DELAY,
     delayHide = HIDE_TOOLTIP_DELAY,
     onVisibilityChange,
+    defaultTooltipShown,
 }) => {
     const { t } = useTranslation();
     const touchEventsAvailable = 'ontouchstart' in window;
@@ -75,6 +76,7 @@ const Tooltip = ({
             delayShow={delayShowValue}
             tooltip={renderTooltip}
             onVisibilityChange={onVisibilityChange}
+            defaultTooltipShown={defaultTooltipShown}
         >
             {renderTrigger}
         </TooltipTrigger>
@@ -97,6 +99,7 @@ Tooltip.propTypes = {
     className: propTypes.string,
     triggerClass: propTypes.string,
     onVisibilityChange: propTypes.func,
+    defaultTooltipShown: propTypes.bool,
 };
 
 export default Tooltip;

client/src/helpers/constants.js

@@ -554,3 +554,12 @@ export const DISABLE_PROTECTION_TIMINGS = {
 };
 
 export const LOCAL_TIMEZONE_VALUE = 'Local';
+
+export const TABLES_MIN_ROWS = 5;
+
+export const DASHBOARD_TABLES_DEFAULT_PAGE_SIZE = 100;
+
+export const TIME_UNITS = {
+    HOURS: 'hours',
+    DAYS: 'days',
+};

client/src/helpers/filters/filters.js

@@ -202,12 +202,30 @@ export default {
             "homepage": "https://github.com/hagezi/dns-blocklists",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_34.txt"
         },
+        "hagezi_pro": {
+            "name": "HaGeZi's Pro Blocklist",
+            "categoryId": "general",
+            "homepage": "https://github.com/hagezi/dns-blocklists",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_48.txt"
+        },
+        "hagezi_pro++": {
+            "name": "HaGeZi's Pro++ Blocklist",
+            "categoryId": "general",
+            "homepage": "https://github.com/hagezi/dns-blocklists",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_51.txt"
+        },
         "hagezi_threat_intelligence_feeds": {
             "name": "HaGeZi's Threat Intelligence Feeds",
             "categoryId": "security",
             "homepage": "https://github.com/hagezi/dns-blocklists",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_44.txt"
         },
+        "hagezi_ultimate": {
+            "name": "HaGeZi's Ultimate Blocklist",
+            "categoryId": "general",
+            "homepage": "https://github.com/hagezi/dns-blocklists",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_49.txt"
+        },
         "no_google": {
             "name": "No Google",
             "categoryId": "other",

client/src/helpers/renderFormattedClientCell.js

@@ -43,7 +43,7 @@ export const renderFormattedClientCell = (value, info, isDetailed = false, isLog
         const whoisAvailable = whois_info && Object.keys(whois_info).length > 0;
 
         if (name) {
-            const nameValue = <div className="logs__text logs__text--link logs__text--nowrap" title={`${name} (${value})`}>
+            const nameValue = <div className="logs__text logs__text--link logs__text--nowrap logs__text--client" title={`${name} (${value})`}>
                 {name}&nbsp;<small>{`(${value})`}</small>
             </div>;
 

client/src/helpers/trackers/trackers.json

@@ -1,5 +1,5 @@
 {
-    "timeUpdated": "2023-10-08T00:09:45.691Z",
+    "timeUpdated": "2023-11-10T12:55:56.663Z",
     "categories": {
         "0": "audio_video_player",
         "1": "comments",
@@ -243,7 +243,7 @@
             "name": "Australian Broadcasting Corporation",
             "categoryId": 8,
             "url": "https://www.abc.net.au/",
-            "companyId": "abc",
+            "companyId": "australian_government",
             "source": "AdGuard"
         },
         "ablida": {
@@ -681,8 +681,9 @@
         "adcolony": {
             "name": "AdColony",
             "categoryId": 4,
-            "url": "thttp://www.admarvel.com/",
-            "companyId": "adcolony"
+            "url": "https://www.adcolony.com/history-of-adcolony/",
+            "companyId": "digital_turbine",
+            "source": "AdGuard"
         },
         "adconion": {
             "name": "Adconion",
@@ -1294,6 +1295,13 @@
             "url": "http://www.demdex.com/",
             "companyId": "adobe"
         },
+        "adobe_developer": {
+            "name": "Adobe Developer",
+            "categoryId": 8,
+            "url": "https://developer.adobe.com/",
+            "companyId": "adobe",
+            "source": "AdGuard"
+        },
         "adobe_dynamic_media": {
             "name": "Adobe Dynamic Media",
             "categoryId": 4,
@@ -1309,8 +1317,9 @@
         "adobe_experience_cloud": {
             "name": "Adobe Experience Cloud",
             "categoryId": 6,
-            "url": "https://www.adobe.com/experience-cloud.html",
-            "companyId": "adobe"
+            "url": "https://business.adobe.com/",
+            "companyId": "adobe",
+            "source": "AdGuard"
         },
         "adobe_login": {
             "name": "Adobe Login",
@@ -3593,6 +3602,13 @@
             "url": null,
             "companyId": null
         },
+        "bom": {
+            "name": "Bureau of Meteorology",
+            "categoryId": 9,
+            "url": "http://bom.gov.au/",
+            "companyId": "australian_government",
+            "source": "AdGuard"
+        },
         "bombora": {
             "name": "Bombora",
             "categoryId": 6,
@@ -4346,6 +4362,13 @@
             "url": "http://chartbeat.com/",
             "companyId": "chartbeat"
         },
+        "chartboost": {
+            "name": "Chartboost",
+            "categoryId": 4,
+            "url": "http://chartboost.com/",
+            "companyId": "take-two",
+            "source": "AdGuard"
+        },
         "chaser": {
             "name": "Chaser",
             "categoryId": 2,
@@ -5943,6 +5966,20 @@
             "url": "https://discordapp.com/",
             "companyId": null
         },
+        "disneyplus": {
+            "name": "Disney+",
+            "categoryId": 0,
+            "url": "https://www.disneyplus.com/",
+            "companyId": "disney",
+            "source": "AdGuard"
+        },
+        "disneystreaming": {
+            "name": "Disney Streaming",
+            "categoryId": 0,
+            "url": "https://press.disneyplus.com",
+            "companyId": "disney",
+            "source": "AdGuard"
+        },
         "display_block": {
             "name": "display block",
             "categoryId": 4,
@@ -6160,6 +6197,13 @@
             "url": "http://www.drawbrid.ge/",
             "companyId": "drawbridge"
         },
+        "dreame_tech": {
+            "name": "Dreame Technology",
+            "categoryId": 8,
+            "url": "https://www.dreame.tech/",
+            "companyId": "xiaomi",
+            "source": "AdGuard"
+        },
         "dreamlab.pl": {
             "name": "DreamLab.pl",
             "categoryId": 4,
@@ -7302,7 +7346,7 @@
             "name": "Flurry",
             "categoryId": 101,
             "url": "http://www.flurry.com/",
-            "companyId": "verizon",
+            "companyId": "apollo_global_management",
             "source": "AdGuard"
         },
         "flxone": {
@@ -10372,7 +10416,7 @@
             "name": "Let's Encrypt",
             "categoryId": 5,
             "url": "https://letsencrypt.org/",
-            "companyId": "lets_encrypt",
+            "companyId": "isrg",
             "source": "AdGuard"
         },
         "letv": {
@@ -12358,6 +12402,13 @@
             "url": "http://www.nimblecommerce.com/",
             "companyId": "nimblecommerce"
         },
+        "nine_direct_digital": {
+            "name": "Nine Digital Direct",
+            "categoryId": 4,
+            "url": "https://ninedigitaldirect.com.au/",
+            "companyId": "nine_entertainment",
+            "source": "AdGuard"
+        },
         "ninja_access_analysis": {
             "name": "Ninja Access Analysis",
             "categoryId": 6,
@@ -19444,6 +19495,13 @@
             "companyId": "xhamster",
             "source": "AdGuard"
         },
+        "xiaomi": {
+            "name": "Xiaomi",
+            "categoryId": 8,
+            "url": "https://www.mi.com/",
+            "companyId": "xiaomi",
+            "source": "AdGuard"
+        },
         "xing": {
             "name": "Xing",
             "categoryId": 6,
@@ -19511,8 +19569,9 @@
         "yahoo": {
             "name": "Yahoo!",
             "categoryId": 6,
-            "url": "https://yahoo.com",
-            "companyId": "verizon"
+            "url": "https://yahoo.com/",
+            "companyId": "apollo_global_management",
+            "source": "AdGuard"
         },
         "yahoo_ad_exchange": {
             "name": "Yahoo! Ad Exchange",
@@ -19526,6 +19585,13 @@
             "url": "https://developer.yahoo.com/analytics/",
             "companyId": "verizon"
         },
+        "yahoo_advertising": {
+            "name": "Yahoo! Advertising",
+            "categoryId": 4,
+            "url": "https://www.advertising.yahooinc.com/",
+            "companyId": "apollo_global_management",
+            "source": "AdGuard"
+        },
         "yahoo_analytics": {
             "name": "Yahoo! Analytics",
             "categoryId": 6,
@@ -19556,6 +19622,13 @@
             "url": "http://searchmarketing.yahoo.com",
             "companyId": "verizon"
         },
+        "yahoo_search": {
+            "name": "Yahoo! Search",
+            "categoryId": 4,
+            "url": "https://search.yahooinc.com/",
+            "companyId": "apollo_global_management",
+            "source": "AdGuard"
+        },
         "yahoo_small_business": {
             "name": "Yahoo! Small Business",
             "categoryId": 4,
@@ -20047,8 +20120,8 @@
         "2leep.com": "2leep",
         "33across.com": "33across",
         "3dstats.com": "3dstats",
-        "3gppnetwork.org": "3gpp",
         "3gpp.org": "3gpp",
+        "3gppnetwork.org": "3gpp",
         "4cdn.org": "4chan",
         "4finance.com": "4finance_com",
         "4wnet.com": "4w_marketplace",
@@ -20069,7 +20142,6 @@
         "aaxads.com": "aaxads.com",
         "abtasty.com": "ab_tasty",
         "d1447tq2m68ekg.cloudfront.net": "ab_tasty",
-        "abc.net.au": "abc",
         "ab.co": "abc",
         "abc-cdn.net.au": "abc",
         "abc-host.net": "abc",
@@ -20077,6 +20149,7 @@
         "abc-prod.net.au": "abc",
         "abc-stage.net.au": "abc",
         "abc-test.net.au": "abc",
+        "abc.net.au": "abc",
         "abcaustralia.net.au": "abc",
         "abcradio.net.au": "abc",
         "ablida.de": "ablida",
@@ -20193,6 +20266,7 @@
         "ad-cloud.jp": "adcloud",
         "admarvel.s3.amazonaws.com": "adcolony",
         "ads.admarvel.com": "adcolony",
+        "adcolony.com": "adcolony",
         "adrdgt.com": "adconion",
         "amgdgt.com": "adconion",
         "adcrowd.com": "adcrowd",
@@ -20238,17 +20312,17 @@
         "adgorithms.com": "adgorithms",
         "adgoto.com": "adgoto",
         "adguard.com": "adguard",
-        "adtidy.org": "adguard",
-        "agrd.io": "adguard",
         "adguard.app": "adguard",
         "adguard.info": "adguard",
         "adguard.io": "adguard",
         "adguard.org": "adguard",
+        "adtidy.org": "adguard",
+        "agrd.io": "adguard",
         "adguard-dns.com": "adguard_dns",
         "adguard-dns.io": "adguard_dns",
-        "adguardvpn.com": "adguard_vpn",
         "adguard-vpn.com": "adguard_vpn",
         "adguard-vpn.online": "adguard_vpn",
+        "adguardvpn.com": "adguard_vpn",
         "adhands.ru": "adhands",
         "adhese.be": "adhese",
         "adhese.com": "adhese",
@@ -20264,9 +20338,9 @@
         "cdn.adjs.net": "adjs",
         "adjug.com": "adjug",
         "adjust.com": "adjust",
-        "adjust.net.in": "adjust",
         "adj.st": "adjust",
         "adjust.io": "adjust",
+        "adjust.net.in": "adjust",
         "adjust.world": "adjust",
         "apptrace.com": "adjust",
         "adk2.com": "adk2",
@@ -20347,6 +20421,7 @@
         "demdex.net": "adobe_audience_manager",
         "everestjs.net": "adobe_audience_manager",
         "everesttech.net": "adobe_audience_manager",
+        "adobe.io": "adobe_developer",
         "scene7.com": "adobe_dynamic_media",
         "adobedtm.com": "adobe_dynamic_tag_management",
         "2o7.net": "adobe_experience_cloud",
@@ -20616,18 +20691,21 @@
         "amazon.fr": "amazon",
         "amazon.it": "amazon",
         "d3io1k5o0zdpqr.cloudfront.net": "amazon",
-        "amazoncrl.com": "amazon",
-        "aamazoncognito.com": "amazon",
-        "amazonbrowserapp.es": "amazon",
-        "amazonbrowserapp.co.uk": "amazon",
-        "amazon.sa": "amazon",
-        "amazon.nl": "amazon",
-        "amazon.in": "amazon",
-        "amazon.com.mx": "amazon",
-        "amazon.com.au": "amazon",
-        "amazon-corp.com": "amazon",
         "a2z.com": "amazon",
+        "aamazoncognito.com": "amazon",
+        "amazon-corp.com": "amazon",
+        "amazon-dss.com": "amazon",
+        "amazon.com.au": "amazon",
+        "amazon.com.mx": "amazon",
+        "amazon.dev": "amazon",
+        "amazon.in": "amazon",
+        "amazon.nl": "amazon",
+        "amazon.sa": "amazon",
+        "amazonbrowserapp.co.uk": "amazon",
+        "amazonbrowserapp.es": "amazon",
+        "amazoncrl.com": "amazon",
         "firetvcaptiveportal.com": "amazon",
+        "ntp-fireos.com": "amazon",
         "amazon-adsystem.com": "amazon_adsystem",
         "serving-sys.com": "amazon_adsystem",
         "sizmek.com": "amazon_adsystem",
@@ -20643,12 +20721,16 @@
         "amazontrust.com": "amazon_cdn",
         "associates-amazon.com": "amazon_cdn",
         "cloudfront.net": "amazon_cloudfront",
+        "ota-cloudfront.net": "amazon_cloudfront",
         "axx-eu.amazon-adsystem.com": "amazon_mobile_ads",
         "amazonpay.com": "amazon_payments",
         "payments-amazon.com": "amazon_payments",
         "amazonpay.in": "amazon_payments",
         "aiv-cdn.net": "amazon_video",
+        "aiv-delivery.net": "amazon_video",
         "amazonvideo.com": "amazon_video",
+        "pv-cdn.net": "amazon_video",
+        "primevideo.com": "amazon_video",
         "amazonaws.com": "amazon_web_services",
         "amazonwebservices.com": "amazon_web_services",
         "awsstatic.com": "amazon_web_services",
@@ -20692,31 +20774,32 @@
         "eum-appdynamics.com": "appdynamics",
         "jscdn.appier.net": "appier",
         "apple.com": "apple",
-        "me.com": "apple",
-        "apple.news": "apple",
-        "apple-dns.net": "apple",
         "aaplimg.com": "apple",
-        "icloud.com": "apple",
-        "itunes.com": "apple",
-        "icloud-content.com": "apple",
-        "mzstatic.com": "apple",
-        "cdn-apple.com": "apple",
-        "apple-mapkit.com": "apple",
-        "icons.axm-usercontent-apple.com": "apple",
         "apple-cloudkit.com": "apple",
-        "apzones.com": "apple",
+        "apple-dns.net": "apple",
         "apple-livephotoskit.com": "apple",
+        "apple-mapkit.com": "apple",
+        "apple.news": "apple",
+        "apzones.com": "apple",
+        "cdn-apple.com": "apple",
+        "icloud-content.com": "apple",
+        "icloud.com": "apple",
+        "icons.axm-usercontent-apple.com": "apple",
+        "itunes.com": "apple",
+        "me.com": "apple",
+        "mzstatic.com": "apple",
         "safebrowsing.apple": "apple",
         "safebrowsing.g.applimg.com": "apple",
         "iadsdk.apple.com": "apple_ads",
         "applifier.com": "applifier",
         "assets.applovin.com": "applovin",
-        "applvn.com": "applovin",
         "applovin.com": "applovin",
+        "applvn.com": "applovin",
         "appmetrx.com": "appmetrx",
         "adnxs.com": "appnexus",
         "adnxs.net": "appnexus",
         "appsflyer.com": "appsflyer",
+        "appsflyersdk.com": "appsflyer",
         "adne.tv": "apptv",
         "readserver.net": "apptv",
         "www.apture.com": "apture",
@@ -20794,6 +20877,8 @@
         "ad.globe7.com": "axill",
         "azadify.com": "azadify",
         "azure.com": "azure",
+        "azure.net": "azure",
+        "azurefd.net": "azure",
         "trafficmanager.net": "azure",
         "blob.core.windows.net": "azure_blob_storage",
         "azureedge.net": "azureedge.net",
@@ -20926,6 +21011,7 @@
         "secure.apps.shappify.com": "bold",
         "boldchat.com": "boldchat",
         "boltdns.net": "boltdns.net",
+        "bom.gov.au": "bom",
         "ml314.com": "bombora",
         "bongacams.com": "bongacams.com",
         "bonial.com": "bonial",
@@ -21083,6 +21169,7 @@
         "chaordicsystems.com": "chaordic",
         "chartbeat.com": "chartbeat",
         "chartbeat.net": "chartbeat",
+        "chartboost.com": "chartboost",
         "chaser.ru": "chaser",
         "cloud.chatbeacon.io": "chat_beacon",
         "chatango.com": "chatango",
@@ -21170,8 +21257,8 @@
         "cloud-media.fr": "cloud-media.fr",
         "cloudflare.com": "cloudflare",
         "cloudflare.net": "cloudflare",
-        "cloudflare-dns.com": "cloudflare",
         "cloudflare-dm-cmpimg.com": "cloudflare",
+        "cloudflare-dns.com": "cloudflare",
         "cloudflare-ipfs.com": "cloudflare",
         "cloudflare-quic.com": "cloudflare",
         "cloudflare-terms-of-service-abuse.com": "cloudflare",
@@ -21184,8 +21271,10 @@
         "cloudflareresolve.com": "cloudflare",
         "cloudflaressl.com": "cloudflare",
         "cloudflarestatus.com": "cloudflare",
+        "cloudflarestream.com": "cloudflare",
         "pacloudflare.com": "cloudflare",
         "sn-cloudflare.com": "cloudflare",
+        "videodelivery.net": "cloudflare",
         "cloudimg.io": "cloudimage.io",
         "cloudinary.com": "cloudinary",
         "clovenetwork.com": "clove_network",
@@ -21454,6 +21543,10 @@
         "directadvert.ru": "directadvert",
         "directrev.com": "directrev",
         "discordapp.com": "discord",
+        "disneyplus.com": "disneyplus",
+        "bamgrid.com": "disneystreaming",
+        "dssedge.com": "disneystreaming",
+        "dssott.com": "disneystreaming",
         "d81mfvml8p5ml.cloudfront.net": "display_block",
         "disqus.com": "disqus",
         "disquscdn.com": "disqus",
@@ -21497,6 +21590,8 @@
         "doubleverify.com": "doubleverify",
         "wrating.com": "dratio",
         "adsymptotic.com": "drawbridge",
+        "dreame.tech": "dreame_tech",
+        "dreametech.com": "dreame_tech",
         "dreamlab.pl": "dreamlab.pl",
         "drift.com": "drift",
         "js.driftt.com": "drift",
@@ -21717,18 +21812,18 @@
         "findologic.com": "findologic.com",
         "app-measurement.com": "firebase",
         "fcm.googleapis.com": "firebase",
-        "firebaseappcheck.googleapis.com": "firebase",
-        "firebaseapp.com": "firebase",
         "firebase.com": "firebase",
-        "firebasedynamiclinks.googleapis.com": "firebase",
+        "firebase.google.com": "firebase",
+        "firebase.googleapis.com": "firebase",
+        "firebaseapp.com": "firebase",
+        "firebaseappcheck.googleapis.com": "firebase",
         "firebasedynamiclinks-ipv4.googleapis.com": "firebase",
         "firebasedynamiclinks-ipv6.googleapis.com": "firebase",
-        "firebase.googleapis.com": "firebase",
-        "firebase.google.com": "firebase",
+        "firebasedynamiclinks.googleapis.com": "firebase",
         "firebaseinappmessaging.googleapis.com": "firebase",
         "firebaseinstallations.googleapis.com": "firebase",
-        "firebaselogging.googleapis.com": "firebase",
         "firebaselogging-pa.googleapis.com": "firebase",
+        "firebaselogging.googleapis.com": "firebase",
         "firebaseperusertopics-pa.googleapis.com": "firebase",
         "firebaseremoteconfig.googleapis.com": "firebase",
         "firebaseio.com": "firebaseio.com",
@@ -21806,9 +21901,9 @@
         "freegeoip.net": "freegeoip_net",
         "freenet.de": "freenet_de",
         "freent.de": "freenet_de",
-        "freeviewaustralia.tv": "freeview",
-        "freeview.com.au": "freeview",
         "freeview.com": "freeview",
+        "freeview.com.au": "freeview",
+        "freeviewaustralia.tv": "freeview",
         "fwmrm.net": "freewheel",
         "heimdall.fresh8.co": "fresh8",
         "d36mpcpuzc4ztk.cloudfront.net": "freshdesk",
@@ -21884,7 +21979,9 @@
         "githubassets.com": "github",
         "githubusercontent.com": "github",
         "ghcr.io": "github",
+        "github.blog": "github",
         "github.dev": "github",
+        "octocaptcha.com": "github",
         "githubapp.com": "github_apps",
         "github.io": "github_pages",
         "aff3.gittigidiyor.com": "gittigidiyor_affiliate_program",
@@ -21958,7 +22055,6 @@
         "google.ae": "google",
         "google.al": "google",
         "google.am": "google",
-        "googleapis.cn": "google",
         "google.as": "google",
         "google.az": "google",
         "google.ba": "google",
@@ -21981,11 +22077,20 @@
         "google.co.bw": "google",
         "google.co.ck": "google",
         "google.co.cr": "google",
-        "googlecode.com": "google",
         "google.co.il": "google",
         "google.co.ke": "google",
         "google.co.kr": "google",
         "google.co.ls": "google",
+        "google.co.mz": "google",
+        "google.co.nz": "google",
+        "google.co.tz": "google",
+        "google.co.ug": "google",
+        "google.co.uz": "google",
+        "google.co.ve": "google",
+        "google.co.vi": "google",
+        "google.co.za": "google",
+        "google.co.zm": "google",
+        "google.co.zw": "google",
         "google.com.af": "google",
         "google.com.ag": "google",
         "google.com.ai": "google",
@@ -22033,20 +22138,9 @@
         "google.com.uy": "google",
         "google.com.vc": "google",
         "google.com.vn": "google",
-        "google.co.mz": "google",
-        "google.co.nz": "google",
-        "google.co.tz": "google",
-        "google.co.ug": "google",
-        "google.co.uz": "google",
-        "google.co.ve": "google",
-        "google.co.vi": "google",
-        "google.co.za": "google",
-        "google.co.zm": "google",
-        "google.co.zw": "google",
         "google.cv": "google",
         "google.dj": "google",
         "google.dm": "google",
-        "googledownloads.cn": "google",
         "google.ee": "google",
         "google.fm": "google",
         "google.ga": "google",
@@ -22088,7 +22182,6 @@
         "google.net": "google",
         "google.nr": "google",
         "google.nu": "google",
-        "googleoptimize.com": "google",
         "google.org": "google",
         "google.pn": "google",
         "google.ps": "google",
@@ -22112,8 +22205,12 @@
         "google.us": "google",
         "google.vg": "google",
         "google.vu": "google",
-        "googleweblight.in": "google",
         "google.ws": "google",
+        "googleapis.cn": "google",
+        "googlecode.com": "google",
+        "googledownloads.cn": "google",
+        "googleoptimize.com": "google",
+        "googleweblight.in": "google",
         "googlezip.net": "google",
         "gstatic.cn": "google",
         "news.google.com": "google",
@@ -22140,10 +22237,10 @@
         "alt7-mtalk.google.com": "google_chat",
         "alt8-mtalk.google.com": "google_chat",
         "chat.google.com": "google_chat",
-        "mobile-gtalk4.l.google.com": "google_chat",
         "mobile-gtalk.l.google.com": "google_chat",
-        "mtalk4.google.com": "google_chat",
+        "mobile-gtalk4.l.google.com": "google_chat",
         "mtalk.google.com": "google_chat",
+        "mtalk4.google.com": "google_chat",
         "talk.google.com": "google_chat",
         "talk.l.google.com": "google_chat",
         "talkx.l.google.com": "google_chat",
@@ -22163,10 +22260,10 @@
         "mail-ads.google.com": "google_email",
         "fonts.googleapis.com": "google_fonts",
         "cloudfunctions.net": "google_hosted",
-        "ghs46.googlehosted.com": "google_hosted",
-        "ghs4.googlehosted.com": "google_hosted",
-        "ghs6.googlehosted.com": "google_hosted",
         "ghs.googlehosted.com": "google_hosted",
+        "ghs4.googlehosted.com": "google_hosted",
+        "ghs46.googlehosted.com": "google_hosted",
+        "ghs6.googlehosted.com": "google_hosted",
         "googlehosted.l.googleusercontent.com": "google_hosted",
         "run.app": "google_hosted",
         "supl.google.com": "google_location",
@@ -22180,9 +22277,9 @@
         "maps.google.ca": "google_maps",
         "maps.google.ch": "google_maps",
         "maps.google.co.jp": "google_maps",
+        "maps.google.co.uk": "google_maps",
         "maps.google.com": "google_maps",
         "maps.google.com.mx": "google_maps",
-        "maps.google.co.uk": "google_maps",
         "maps.google.es": "google_maps",
         "maps.google.se": "google_maps",
         "maps.gstatic.com": "google_maps",
@@ -22190,6 +22287,8 @@
         "adservice.google.ca": "google_marketing",
         "adservice.google.co.in": "google_marketing",
         "adservice.google.co.kr": "google_marketing",
+        "adservice.google.co.uk": "google_marketing",
+        "adservice.google.co.za": "google_marketing",
         "adservice.google.com": "google_marketing",
         "adservice.google.com.ar": "google_marketing",
         "adservice.google.com.au": "google_marketing",
@@ -22203,8 +22302,6 @@
         "adservice.google.com.tr": "google_marketing",
         "adservice.google.com.tw": "google_marketing",
         "adservice.google.com.vn": "google_marketing",
-        "adservice.google.co.uk": "google_marketing",
-        "adservice.google.co.za": "google_marketing",
         "adservice.google.de": "google_marketing",
         "adservice.google.dk": "google_marketing",
         "adservice.google.es": "google_marketing",
@@ -22219,17 +22316,17 @@
         "googlesyndication-cn.com": "google_marketing",
         "duo.google.com": "google_meet",
         "hangouts.clients6.google.com": "google_meet",
-        "hangouts.googleapis.com": "google_meet",
         "hangouts.google.com": "google_meet",
+        "hangouts.googleapis.com": "google_meet",
         "meet.google.com": "google_meet",
         "meetings.googleapis.com": "google_meet",
-        "stun1.l.google.com": "google_meet",
         "stun.l.google.com": "google_meet",
+        "stun1.l.google.com": "google_meet",
         "ggpht.com": "google_photos",
         "play-fe.googleapis.com": "google_play",
-        "play.googleapis.com": "google_play",
-        "play.google.com": "google_play",
         "play-lh.googleusercontent.com": "google_play",
+        "play.google.com": "google_play",
+        "play.googleapis.com": "google_play",
         "1e100cdn.net": "google_servers",
         "gvt1.com": "google_servers",
         "gvt2.com": "google_servers",
@@ -22531,9 +22628,9 @@
         "iprom.net": "iprom",
         "ipromote.com": "ipromote",
         "clickmanage.com": "iprospect",
-        "qy.net": "iqiyi",
-        "iqiyi.com": "iqiyi",
         "iq.com": "iqiyi",
+        "iqiyi.com": "iqiyi",
+        "qy.net": "iqiyi",
         "addelive.com": "ironsource",
         "afdads.com": "ironsource",
         "delivery47.com": "ironsource",
@@ -22772,11 +22869,11 @@
         "footprint.net": "level3_communications",
         "alphonso.tv": "lgads",
         "lgads.tv": "lgads",
+        "lg.com": "lgtv",
+        "lge.com": "lgtv",
         "lgsmartad.com": "lgtv",
         "lgtvcommon.com": "lgtv",
         "lgtvsdp.com": "lgtv",
-        "lge.com": "lgtv",
-        "lg.com": "lgtv",
         "licensebuttons.net": "licensebuttons.net",
         "lfstmedia.com": "lifestreet_media",
         "content-recommendation.net": "ligatus",
@@ -22971,8 +23068,8 @@
         "s1.mediaad.org": "mediaad",
         "mlnadvertising.com": "mediaglu",
         "fhserve.com": "mediahub",
-        "medialab.la": "medialab",
         "media-lab.ai": "medialab",
+        "medialab.la": "medialab",
         "adnet.ru": "medialand",
         "medialand.ru": "medialand",
         "medialead.de": "medialead",
@@ -23043,7 +23140,13 @@
         "s-microsoft.com": "microsoft",
         "trouter.io": "microsoft",
         "windows.net": "microsoft",
+        "bingapis.com": "microsoft",
+        "msauth.net": "microsoft",
+        "msftauth.net": "microsoft",
+        "msftstatic.com": "microsoft",
         "msidentity.com": "microsoft",
+        "nelreports.net": "microsoft",
+        "windowscentral.com": "microsoft",
         "analytics.live.com": "microsoft_analytics",
         "a.clarity.ms": "microsoft_clarity",
         "b.clarity.ms": "microsoft_clarity",
@@ -23128,6 +23231,7 @@
         "mrpdata.com": "mrpdata",
         "mrpdata.net": "mrpdata",
         "mrskincash.com": "mrskincash",
+        "a-msedge.net": "msedge",
         "e-msedge.net": "msedge",
         "l-msedge.net": "msedge",
         "s-msedge.net": "msedge",
@@ -23249,6 +23353,7 @@
         "ads.ngageinc.com": "ngage_inc.",
         "nice264.com": "nice264.com",
         "nimblecommerce.com": "nimblecommerce",
+        "nineanalytics.io": "nine_direct_digital",
         "cho-chin.com": "ninja_access_analysis",
         "donburako.com": "ninja_access_analysis",
         "hishaku.com": "ninja_access_analysis",
@@ -23352,12 +23457,12 @@
         "opinary.com": "opinary",
         "opinionbar.com": "opinionbar",
         "emagazines.com": "oplytic",
-        "oppomobile.com": "oppo",
-        "heytapmobi.com": "oppo",
-        "heytapmobile.com": "oppo",
-        "heytapdl.com": "oppo",
         "allawnos.com": "oppo",
         "allawntech.com": "oppo",
+        "heytapdl.com": "oppo",
+        "heytapmobi.com": "oppo",
+        "heytapmobile.com": "oppo",
+        "oppomobile.com": "oppo",
         "opta.net": "opta.net",
         "optaim.com": "optaim",
         "cookielaw.org": "optanaon",
@@ -23484,8 +23589,9 @@
         "loveadvert.ru": "play_by_mamba",
         "playbuzz.com": "playbuzz.com",
         "pof.com": "plenty_of_fish",
-        "plex.tv": "plex",
+        "plex.bz": "plex",
         "plex.direct": "plex",
+        "plex.tv": "plex",
         "analytics.plex.tv": "plex_metrics",
         "metrics.plex.tv": "plex_metrics",
         "plista.com": "plista",
@@ -23896,6 +24002,7 @@
         "samsungsds.com": "samsungsds",
         "internetat.tv": "samsungtv",
         "samsungcloud.tv": "samsungtv",
+        "tizenservice.com": "samsungtv",
         "ilsemedia.nl": "sanoma.fi",
         "sanoma.fi": "sanoma.fi",
         "d13im3ek7neeqp.cloudfront.net": "sap_crm",
@@ -24000,12 +24107,12 @@
         "cdn.shopify.com": "shopify",
         "myshopify.com": "shopify",
         "shop.app": "shopify",
-        "shopifyapps.com": "shopify",
-        "shopifycdn.net": "shopify",
+        "shopify.co.za": "shopify",
         "shopify.com.au": "shopify",
         "shopify.com.mx": "shopify",
-        "shopify.co.za": "shopify",
         "shopify.dev": "shopify",
+        "shopifyapps.com": "shopify",
+        "shopifycdn.net": "shopify",
         "shopifynetwork.com": "shopify",
         "shopifypreview.com": "shopify",
         "shopifysvc.com": "shopify_stats",
@@ -24042,8 +24149,8 @@
         "pages04.net": "silverpop",
         "pages05.net": "silverpop",
         "similardeals.net": "similardeals.net",
-        "similarweb.io": "similarweb",
         "similarweb.com": "similarweb",
+        "similarweb.io": "similarweb",
         "d8rk54i4mohrb.cloudfront.net": "simplereach",
         "simplereach.com": "simplereach",
         "simpli.fi": "simpli.fi",
@@ -24082,10 +24189,10 @@
         "skypeassets.com": "skype",
         "skysa.com": "skysa",
         "skyscnr.com": "skyscnr.com",
-        "slack.com": "slack",
-        "slackb.com": "slack",
         "slack-edge.com": "slack",
         "slack-imgs.com": "slack",
+        "slack.com": "slack",
+        "slackb.com": "slack",
         "slashdot.org": "slashdot_widget",
         "sleeknotestaticcontent.sleeknote.com": "sleeknote",
         "resultspage.com": "sli_systems",
@@ -24356,8 +24463,8 @@
         "teaser.cc": "teaser.cc",
         "emailretargeting.com": "tedemis",
         "tracking.dsmmadvantage.com": "teletech",
-        "telstra.com.au": "telstra",
         "telstra.com": "telstra",
+        "telstra.com.au": "telstra",
         "tenderapp.com": "tender",
         "tensitionschoo.club": "tensitionschoo.club",
         "watch.teroti.com": "teroti",
@@ -24728,9 +24835,9 @@
         "tools.vpscash.nl": "vpscash",
         "vsassets.io": "vs",
         "exp-tas.com": "vscode",
-        "vscode-unpkg.net": "vscode",
         "v0cdn.net": "vscode",
         "vscode-cdn.net": "vscode",
+        "vscode-unpkg.net": "vscode",
         "vtracy.de": "vtracy.de",
         "liftoff.io": "vungle",
         "vungle.com": "vungle",
@@ -24803,8 +24910,8 @@
         "wetter.com": "wetter_com",
         "wettercomassets.com": "wetter_com",
         "whatsbroadcast.com": "whatbroadcast",
-        "whatsapp.net": "whatsapp",
         "whatsapp.com": "whatsapp",
+        "whatsapp.net": "whatsapp",
         "whisper.onelink.me": "whisper",
         "whisper.sh": "whisper",
         "amung.us": "whos.amung.us",
@@ -24876,6 +24983,13 @@
         "xhamsterlive.com": "xhamster",
         "xhamsterpremium.com": "xhamster",
         "xhcdn.com": "xhamster",
+        "huami.com": "xiaomi",
+        "mi-img.com": "xiaomi",
+        "mi.com": "xiaomi",
+        "miui.com": "xiaomi",
+        "xiaomi.com": "xiaomi",
+        "xiaomi.net": "xiaomi",
+        "xiaomiyoupin.com": "xiaomi",
         "xing-share.com": "xing",
         "xing.com": "xing",
         "xmediaclicks.com": "xmediaclicks",
@@ -24893,10 +25007,15 @@
         "yahoo.com": "yahoo",
         "yahooapis.com": "yahoo",
         "yimg.com": "yahoo",
-        "ads.yahoo.com": "yahoo_ad_exchange",
+        "oath.cloud": "yahoo",
+        "yahoo.net": "yahoo",
+        "yahooinc.com": "yahoo",
+        "yahoodns.net": "yahoo",
         "yads.yahoo.com": "yahoo_ad_exchange",
         "yieldmanager.com": "yahoo_ad_exchange",
         "pr-bh.ybp.yahoo.com": "yahoo_ad_manager",
+        "ads.yahoo.com": "yahoo_advertising",
+        "adtech.yahooinc.com": "yahoo_advertising",
         "analytics.yahoo.com": "yahoo_analytics",
         "np.lexity.com": "yahoo_commerce_central",
         "storage-yahoo.jp": "yahoo_japan_retargeting",
@@ -24906,6 +25025,7 @@
         "yjtag.jp": "yahoo_japan_retargeting",
         "ov.yahoo.co.jp": "yahoo_overture",
         "overture.com": "yahoo_overture",
+        "search.yahooinc.com": "yahoo_search",
         "luminate.com": "yahoo_small_business",
         "pixazza.com": "yahoo_small_business",
         "awaps.yandex.ru": "yandex",

client/src/reducers/stats.js

@@ -1,6 +1,11 @@
 import { handleActions } from 'redux-actions';
 import { normalizeTopClients } from '../helpers/helpers';
-import { DAY, HOUR, STATS_INTERVALS_DAYS } from '../helpers/constants';
+import {
+    DAY,
+    HOUR,
+    STATS_INTERVALS_DAYS,
+    TIME_UNITS,
+} from '../helpers/constants';
 
 import * as actions from '../actions/stats';
 
@@ -18,6 +23,7 @@ const defaultStats = {
     numReplacedSafebrowsing: 0,
     numReplacedSafesearch: 0,
     avgProcessingTime: 0,
+    timeUnits: TIME_UNITS.HOURS,
 };
 
 const stats = handleActions(
@@ -60,6 +66,7 @@ const stats = handleActions(
                 avg_processing_time: avgProcessingTime,
                 top_upstreams_responses: topUpstreamsResponses,
                 top_upstrems_avg_time: topUpstreamsAvgTime,
+                time_units: timeUnits,
             } = payload;
 
             const newState = {
@@ -81,6 +88,7 @@ const stats = handleActions(
                 avgProcessingTime,
                 topUpstreamsResponses,
                 topUpstreamsAvgTime,
+                timeUnits,
             };
 
             return newState;

go.mod

@@ -3,9 +3,9 @@ module github.com/AdguardTeam/AdGuardHome
 go 1.20
 
 require (
-	github.com/AdguardTeam/dnsproxy v0.56.1
-	github.com/AdguardTeam/golibs v0.17.1
-	github.com/AdguardTeam/urlfilter v0.17.0
+	github.com/AdguardTeam/dnsproxy v0.57.3
+	github.com/AdguardTeam/golibs v0.17.2
+	github.com/AdguardTeam/urlfilter v0.17.3
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.2.7
 	github.com/bluele/gcache v0.0.2
@@ -13,11 +13,11 @@ require (
 	github.com/dimfeld/httptreemux/v5 v5.5.0
 	github.com/fsnotify/fsnotify v1.6.0
 	github.com/go-ping/ping v1.1.0
-	github.com/google/go-cmp v0.5.9
+	github.com/google/go-cmp v0.6.0
 	github.com/google/gopacket v1.1.19
 	github.com/google/renameio/v2 v2.0.0
 	github.com/google/uuid v1.3.1
-	github.com/insomniacslk/dhcp v0.0.0-20230908212754-65c27093e38a
+	github.com/insomniacslk/dhcp v0.0.0-20231016090811-6a2c8fbdcc1c
 	github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86
 	github.com/kardianos/service v1.2.2
 	github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118
@@ -27,14 +27,14 @@ require (
 	// own code for that.  Perhaps, use gopacket.
 	github.com/mdlayher/raw v0.1.0
 	github.com/miekg/dns v1.1.56
-	github.com/quic-go/quic-go v0.39.0
+	github.com/quic-go/quic-go v0.39.2
 	github.com/stretchr/testify v1.8.4
-	github.com/ti-mo/netfilter v0.5.0
+	github.com/ti-mo/netfilter v0.5.1
 	go.etcd.io/bbolt v1.3.7
-	golang.org/x/crypto v0.13.0
-	golang.org/x/exp v0.0.0-20230905200255-921286631fa9
-	golang.org/x/net v0.15.0
-	golang.org/x/sys v0.12.0
+	golang.org/x/crypto v0.14.0
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
+	golang.org/x/net v0.17.0
+	golang.org/x/sys v0.13.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	gopkg.in/yaml.v3 v3.0.1
 	howett.net/plist v1.0.0
@@ -47,9 +47,9 @@ require (
 	github.com/beefsack/go-rate v0.0.0-20220214233405-116f4ca011a0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
-	github.com/google/pprof v0.0.0-20230912144702-c363fe2c2ed8 // indirect
+	github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98 // indirect
 	github.com/mdlayher/socket v0.5.0 // indirect
-	github.com/onsi/ginkgo/v2 v2.12.1 // indirect
+	github.com/onsi/ginkgo/v2 v2.13.0 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
 	github.com/pierrec/lz4/v4 v4.1.18 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
@@ -58,8 +58,8 @@ require (
 	github.com/quic-go/qtls-go1-20 v0.3.4 // indirect
 	github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63 // indirect
 	go.uber.org/mock v0.3.0 // indirect
-	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
+	golang.org/x/mod v0.13.0 // indirect
+	golang.org/x/sync v0.4.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
-	golang.org/x/tools v0.13.0 // indirect
+	golang.org/x/tools v0.14.0 // indirect
 )

go.sum

@@ -1,9 +1,9 @@
-github.com/AdguardTeam/dnsproxy v0.56.1 h1:QltfyWO7k4mxWERCEYDzkQnKzvZX/zkneWjbuJ0TU6o=
-github.com/AdguardTeam/dnsproxy v0.56.1/go.mod h1:fqmehcE3cHFNqKbWQpIjGk7GqBy7ur1v5At499lFjRc=
-github.com/AdguardTeam/golibs v0.17.1 h1:j3Ehhld5GI/amcHYG+CF0sJ4OOzAQ06BY3N/iBYJZ1M=
-github.com/AdguardTeam/golibs v0.17.1/go.mod h1:DKhCIXHcUYtBhU8ibTLKh1paUL96n5zhQBlx763sj+U=
-github.com/AdguardTeam/urlfilter v0.17.0 h1:tUzhtR9wMx704GIP3cibsDQJrixlMHfwoQbYJfPdFow=
-github.com/AdguardTeam/urlfilter v0.17.0/go.mod h1:bbuZjPUzm/Ip+nz5qPPbwIP+9rZyQbQad8Lt/0fCulU=
+github.com/AdguardTeam/dnsproxy v0.57.3 h1:0v7D+LQrOL2k2fvkG3Ft3Cn3ayUsvAdlOlJR+gLxSGA=
+github.com/AdguardTeam/dnsproxy v0.57.3/go.mod h1:ZvkbM71HwpilgkCnTubDiR4Ba6x5Qvnhy2iasMWaTDM=
+github.com/AdguardTeam/golibs v0.17.2 h1:vg6wHMjUKscnyPGRvxS5kAt7Uw4YxcJiITZliZ476W8=
+github.com/AdguardTeam/golibs v0.17.2/go.mod h1:DKhCIXHcUYtBhU8ibTLKh1paUL96n5zhQBlx763sj+U=
+github.com/AdguardTeam/urlfilter v0.17.3 h1:fg/ObbnO0Cv6aw0tW6N/ETDMhhNvmcUUOZ7HlmKC3rw=
+github.com/AdguardTeam/urlfilter v0.17.3/go.mod h1:Jru7jFfeH2CoDf150uDs+rRYcZBzHHBz05r9REyDKyE=
 github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
@@ -37,20 +37,20 @@ github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
 github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
-github.com/google/pprof v0.0.0-20230912144702-c363fe2c2ed8 h1:gpptm606MZYGaMHMsB4Srmb6EbW/IVHnt04rcMXnkBQ=
-github.com/google/pprof v0.0.0-20230912144702-c363fe2c2ed8/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
+github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98 h1:pUa4ghanp6q4IJHwE9RwLgmVFfReJN+KbQ8ExNEUUoQ=
+github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
 github.com/google/renameio/v2 v2.0.0 h1:UifI23ZTGY8Tt29JbYFiuyIU3eX+RNFtUwefq9qAhxg=
 github.com/google/renameio/v2 v2.0.0/go.mod h1:BtmJXm5YlszgC+TD4HOEEUFgkJP3nLxehU6hfe7jRt4=
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
 github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714 h1:/jC7qQFrv8CrSJVmaolDVOxTfS9kc36uB6H40kdbQq8=
-github.com/insomniacslk/dhcp v0.0.0-20230908212754-65c27093e38a h1:S33o3djA1nPRd+d/bf7jbbXytXuK/EoXow7+aa76grQ=
-github.com/insomniacslk/dhcp v0.0.0-20230908212754-65c27093e38a/go.mod h1:zmdm3sTSDP3vOOX3CEWRkkRHtKr1DxBx+J1OQFoDQQs=
+github.com/insomniacslk/dhcp v0.0.0-20231016090811-6a2c8fbdcc1c h1:PgxFEySCI41sH0mB7/2XswdXbUykQsRUGod8Rn+NubM=
+github.com/insomniacslk/dhcp v0.0.0-20231016090811-6a2c8fbdcc1c/go.mod h1:3A9PQ1cunSDF/1rbTq99Ts4pVnycWg+vlPkfeD2NLFI=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/josharian/native v1.0.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
 github.com/josharian/native v1.0.1-0.20221213033349-c1e37c09b531/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
@@ -76,8 +76,8 @@ github.com/mdlayher/socket v0.5.0/go.mod h1:WkcBFfvyG8QENs5+hfQPl1X6Jpd2yeLIYgrG
 github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE=
 github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
-github.com/onsi/ginkgo/v2 v2.12.1 h1:uHNEO1RP2SpuZApSkel9nEh1/Mu+hmQe7Q+Pepg5OYA=
-github.com/onsi/ginkgo/v2 v2.12.1/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
+github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
+github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
 github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
@@ -94,8 +94,8 @@ github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
 github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
 github.com/quic-go/qtls-go1-20 v0.3.4 h1:MfFAPULvst4yoMgY9QmtpYmfij/em7O8UUi+bNVm7Cg=
 github.com/quic-go/qtls-go1-20 v0.3.4/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k=
-github.com/quic-go/quic-go v0.39.0 h1:AgP40iThFMY0bj8jGxROhw3S0FMGa8ryqsmi9tBH3So=
-github.com/quic-go/quic-go v0.39.0/go.mod h1:T09QsDQWjLiQ74ZmacDfqZmhY/NLnw5BC40MANNNZ1Q=
+github.com/quic-go/quic-go v0.39.2 h1:hmwAf8zAHlvan0Y5PXxeeBFZEW17IW99sXLry8I2kjk=
+github.com/quic-go/quic-go v0.39.2/go.mod h1:T09QsDQWjLiQ74ZmacDfqZmhY/NLnw5BC40MANNNZ1Q=
 github.com/shirou/gopsutil/v3 v3.23.7 h1:C+fHO8hfIppoJ1WdsVm1RoI0RwXoNdfTK7yWXV0wVj4=
 github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -105,8 +105,8 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/ti-mo/netfilter v0.2.0/go.mod h1:8GbBGsY/8fxtyIdfwy29JiluNcPK4K7wIT+x42ipqUU=
-github.com/ti-mo/netfilter v0.5.0 h1:MZmsUw5bFRecOb0AeyjOPxTHg4UxYzyEs0Ek/6Lxoy8=
-github.com/ti-mo/netfilter v0.5.0/go.mod h1:nt+8B9hx/QpqHr7Hazq+2qMCCA8u2OTkyc/7+U9ARz8=
+github.com/ti-mo/netfilter v0.5.1 h1:cqamEd1c1zmpfpqvInLOro0Znq/RAfw2QL5wL2rAR/8=
+github.com/ti-mo/netfilter v0.5.1/go.mod h1:h9UPQ3ZrTZGBitay+LETMxZvNgWGK/efTUcqES2YiLw=
 github.com/tklauser/go-sysconf v0.3.11 h1:89WgdJhk5SNwJfu+GKyYveZ4IaJ7xAkecBo+KdJV0CM=
 github.com/tklauser/numcpus v0.6.0 h1:kebhY2Qt+3U6RNK7UqpYNA+tJ23IBEGKkB7JQBfDYms=
 github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63 h1:YcojQL98T/OO+rybuzn2+5KrD5dBwXIvYBvQ2cD3Avg=
@@ -118,26 +118,26 @@ go.uber.org/mock v0.3.0 h1:3mUxI1No2/60yUYax92Pt8eNOEecx2D3lcXZh2NEZJo=
 go.uber.org/mock v0.3.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
-golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
-golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
-golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
-golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
+golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
-golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
+golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190322080309-f49334f85ddc/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -150,8 +150,8 @@ golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
-golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -159,8 +159,8 @@ golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
-golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
+golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=

internal/confmigrate/migrator_test.go

@@ -7,11 +7,16 @@ import (
 	"testing"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/confmigrate"
+	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/crypto/bcrypt"
 	yaml "gopkg.in/yaml.v3"
 )
 
+func TestMain(m *testing.M) {
+	testutil.DiscardLogOutput(m)
+}
+
 // testdata is a virtual filesystem containing test data.
 var testdata = os.DirFS("testdata")
 

internal/dnsforward/access.go

@@ -182,6 +182,7 @@ func (s *Server) accessListJSON() (j accessListJSON) {
 	}
 }
 
+// handleAccessList handles requests to the GET /control/access/list endpoint.
 func (s *Server) handleAccessList(w http.ResponseWriter, r *http.Request) {
 	aghhttp.WriteJSONResponseOK(w, r, s.accessListJSON())
 }
@@ -224,6 +225,7 @@ func validateStrUniq(clients []string) (uc aghalg.UniqChecker[string], err error
 	return uc, uc.Validate()
 }
 
+// handleAccessSet handles requests to the POST /control/access/set endpoint.
 func (s *Server) handleAccessSet(w http.ResponseWriter, r *http.Request) {
 	list := &accessListJSON{}
 	err := json.NewDecoder(r.Body).Decode(&list)

internal/dnsforward/clientid.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/quic-go/quic-go"
 )
@@ -151,6 +152,8 @@ func (s *Server) clientIDFromDNSContext(pctx *proxy.DNSContext) (clientID string
 // DNS-over-HTTPS requests, it will return the hostname part of the Host header
 // if there is one.
 func clientServerName(pctx *proxy.DNSContext, proto proxy.Proto) (srvName string, err error) {
+	from := "tls conn"
+
 	switch proto {
 	case proxy.ProtoHTTPS:
 		r := pctx.HTTPRequest
@@ -164,6 +167,7 @@ func clientServerName(pctx *proxy.DNSContext, proto proxy.Proto) (srvName string
 			}
 
 			srvName = host
+			from = "host header"
 		}
 	case proxy.ProtoQUIC:
 		qConn := pctx.QUICConnection
@@ -183,5 +187,7 @@ func clientServerName(pctx *proxy.DNSContext, proto proxy.Proto) (srvName string
 		srvName = tc.ConnectionState().ServerName
 	}
 
+	log.Debug("dnsforward: got client server name %q from %s", srvName, from)
+
 	return srvName, nil
 }

internal/dnsforward/config.go

@@ -46,6 +46,14 @@ type Config struct {
 	// (0 to disable).
 	Ratelimit uint32 `yaml:"ratelimit"`
 
+	// RatelimitSubnetLenIPv4 is a subnet length for IPv4 addresses used for
+	// rate limiting requests.
+	RatelimitSubnetLenIPv4 int `yaml:"ratelimit_subnet_len_ipv4"`
+
+	// RatelimitSubnetLenIPv6 is a subnet length for IPv6 addresses used for
+	// rate limiting requests.
+	RatelimitSubnetLenIPv6 int `yaml:"ratelimit_subnet_len_ipv6"`
+
 	// RatelimitWhitelist is the list of whitelisted client IP addresses.
 	RatelimitWhitelist []string `yaml:"ratelimit_whitelist"`
 
@@ -275,24 +283,26 @@ type ServerConfig struct {
 func (s *Server) createProxyConfig() (conf proxy.Config, err error) {
 	srvConf := s.conf
 	conf = proxy.Config{
-		UDPListenAddr:          srvConf.UDPListenAddrs,
-		TCPListenAddr:          srvConf.TCPListenAddrs,
-		HTTP3:                  srvConf.ServeHTTP3,
-		Ratelimit:              int(srvConf.Ratelimit),
-		RatelimitWhitelist:     srvConf.RatelimitWhitelist,
-		RefuseAny:              srvConf.RefuseAny,
-		TrustedProxies:         srvConf.TrustedProxies,
-		CacheMinTTL:            srvConf.CacheMinTTL,
-		CacheMaxTTL:            srvConf.CacheMaxTTL,
-		CacheOptimistic:        srvConf.CacheOptimistic,
-		UpstreamConfig:         srvConf.UpstreamConfig,
-		BeforeRequestHandler:   s.beforeRequestHandler,
-		RequestHandler:         s.handleDNSRequest,
-		HTTPSServerName:        aghhttp.UserAgent(),
-		EnableEDNSClientSubnet: srvConf.EDNSClientSubnet.Enabled,
-		MaxGoroutines:          int(srvConf.MaxGoroutines),
-		UseDNS64:               srvConf.UseDNS64,
-		DNS64Prefs:             srvConf.DNS64Prefixes,
+		UDPListenAddr:           srvConf.UDPListenAddrs,
+		TCPListenAddr:           srvConf.TCPListenAddrs,
+		HTTP3:                   srvConf.ServeHTTP3,
+		Ratelimit:               int(srvConf.Ratelimit),
+		RatelimitSubnetMaskIPv4: net.CIDRMask(srvConf.RatelimitSubnetLenIPv4, netutil.IPv4BitLen),
+		RatelimitSubnetMaskIPv6: net.CIDRMask(srvConf.RatelimitSubnetLenIPv6, netutil.IPv6BitLen),
+		RatelimitWhitelist:      srvConf.RatelimitWhitelist,
+		RefuseAny:               srvConf.RefuseAny,
+		TrustedProxies:          srvConf.TrustedProxies,
+		CacheMinTTL:             srvConf.CacheMinTTL,
+		CacheMaxTTL:             srvConf.CacheMaxTTL,
+		CacheOptimistic:         srvConf.CacheOptimistic,
+		UpstreamConfig:          srvConf.UpstreamConfig,
+		BeforeRequestHandler:    s.beforeRequestHandler,
+		RequestHandler:          s.handleDNSRequest,
+		HTTPSServerName:         aghhttp.UserAgent(),
+		EnableEDNSClientSubnet:  srvConf.EDNSClientSubnet.Enabled,
+		MaxGoroutines:           int(srvConf.MaxGoroutines),
+		UseDNS64:                srvConf.UseDNS64,
+		DNS64Prefs:              srvConf.DNS64Prefixes,
 	}
 
 	if srvConf.EDNSClientSubnet.UseCustom {

internal/dnsforward/dnsforward.go

@@ -354,9 +354,8 @@ func (s *Server) Exchange(ip netip.Addr) (host string, ttl time.Duration, err er
 	}
 
 	dctx := &proxy.DNSContext{
-		Proto:     "udp",
-		Req:       req,
-		StartTime: time.Now(),
+		Proto: "udp",
+		Req:   req,
 	}
 
 	var resolver *proxy.Proxy

internal/dnsforward/http.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"net/netip"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
@@ -444,19 +445,10 @@ func newUpstreamConfig(upstreams []string) (conf *proxy.UpstreamConfig, err erro
 		return nil, nil
 	}
 
-	for _, u := range upstreams {
-		var ups string
-		var domains []string
-		ups, domains, err = separateUpstream(u)
-		if err != nil {
-			// Don't wrap the error since it's informative enough as is.
-			return nil, err
-		}
-
-		_, err = validateUpstream(ups, domains)
-		if err != nil {
-			return nil, fmt.Errorf("validating upstream %q: %w", u, err)
-		}
+	err = validateUpstreamConfig(upstreams)
+	if err != nil {
+		// Don't wrap the error since it's informative enough as is.
+		return nil, err
 	}
 
 	conf, err = proxy.ParseUpstreamsConfig(
@@ -467,6 +459,7 @@ func newUpstreamConfig(upstreams []string) (conf *proxy.UpstreamConfig, err erro
 		},
 	)
 	if err != nil {
+		// Don't wrap the error since it's informative enough as is.
 		return nil, err
 	} else if len(conf.Upstreams) == 0 {
 		return nil, errors.Error("no default upstreams specified")
@@ -475,6 +468,31 @@ func newUpstreamConfig(upstreams []string) (conf *proxy.UpstreamConfig, err erro
 	return conf, nil
 }
 
+// validateUpstreamConfig validates each upstream from the upstream
+// configuration and returns an error if any upstream is invalid.
+//
+// TODO(e.burkov):  Move into aghnet or even into dnsproxy.
+func validateUpstreamConfig(conf []string) (err error) {
+	for _, u := range conf {
+		var ups []string
+		var domains []string
+		ups, domains, err = separateUpstream(u)
+		if err != nil {
+			// Don't wrap the error since it's informative enough as is.
+			return err
+		}
+
+		for _, addr := range ups {
+			_, err = validateUpstream(addr, domains)
+			if err != nil {
+				return fmt.Errorf("validating upstream %q: %w", addr, err)
+			}
+		}
+	}
+
+	return nil
+}
+
 // ValidateUpstreams validates each upstream and returns an error if any
 // upstream is invalid or if there are no default upstreams specified.
 //
@@ -567,12 +585,12 @@ func validateUpstream(u string, domains []string) (useDefault bool, err error) {
 	return false, err
 }
 
-// separateUpstream returns the upstream and the specified domains.  domains is
-// nil when the upstream is not domains-specific.  Otherwise it may also be
+// separateUpstream returns the upstreams and the specified domains.  domains
+// is nil when the upstream is not domains-specific.  Otherwise it may also be
 // empty.
-func separateUpstream(upstreamStr string) (ups string, domains []string, err error) {
+func separateUpstream(upstreamStr string) (upstreams, domains []string, err error) {
 	if !strings.HasPrefix(upstreamStr, "[/") {
-		return upstreamStr, nil, nil
+		return []string{upstreamStr}, nil, nil
 	}
 
 	defer func() { err = errors.Annotate(err, "bad upstream for domain %q: %w", upstreamStr) }()
@@ -582,9 +600,9 @@ func separateUpstream(upstreamStr string) (ups string, domains []string, err err
 	case 2:
 		// Go on.
 	case 1:
-		return "", nil, errors.Error("missing separator")
+		return nil, nil, errors.Error("missing separator")
 	default:
-		return "", []string{}, errors.Error("duplicated separator")
+		return nil, nil, errors.Error("duplicated separator")
 	}
 
 	for i, host := range strings.Split(parts[0], "/") {
@@ -594,13 +612,13 @@ func separateUpstream(upstreamStr string) (ups string, domains []string, err err
 
 		err = netutil.ValidateDomainName(strings.TrimPrefix(host, "*."))
 		if err != nil {
-			return "", domains, fmt.Errorf("domain at index %d: %w", i, err)
+			return nil, nil, fmt.Errorf("domain at index %d: %w", i, err)
 		}
 
 		domains = append(domains, host)
 	}
 
-	return parts[1], domains, nil
+	return strings.Fields(parts[1]), domains, nil
 }
 
 // healthCheckFunc is a signature of function to check if upstream exchanges
@@ -683,30 +701,73 @@ func (err domainSpecificTestError) Error() (msg string) {
 	return fmt.Sprintf("WARNING: %s", err.error)
 }
 
-// parseUpstreamLine parses line and creates the [upstream.Upstream] using opts
-// and information from [s.dnsFilter.EtcHosts].  It returns an error if the line
-// is not a valid upstream line, see [upstream.AddressToUpstream].  It's a
-// caller's responsibility to close u.
-func (s *Server) parseUpstreamLine(
+// checkDNS parses line, creates DNS upstreams using opts, and checks if the
+// upstreams are exchanging correctly.  It saves the result into a sync.Map
+// where key is an upstream address and value is "OK", if the upstream
+// exchanges correctly, or text of the error.  It is intended to be used as a
+// goroutine.
+//
+// TODO(s.chzhen):  Separate to a different structure/file.
+func (s *Server) checkDNS(
 	line string,
 	opts *upstream.Options,
-) (u upstream.Upstream, specific bool, err error) {
-	// Separate upstream from domains list.
-	upstreamAddr, domains, err := separateUpstream(line)
+	check healthCheckFunc,
+	wg *sync.WaitGroup,
+	m *sync.Map,
+) {
+	defer wg.Done()
+	defer log.OnPanic("dnsforward: checking upstreams")
+
+	upstreams, domains, err := separateUpstream(line)
 	if err != nil {
-		return nil, false, fmt.Errorf("wrong upstream format: %w", err)
+		err = fmt.Errorf("wrong upstream format: %w", err)
+		m.Store(line, err.Error())
+
+		return
 	}
 
-	specific = len(domains) > 0
+	specific := len(domains) > 0
 
-	useDefault, err := validateUpstream(upstreamAddr, domains)
-	if err != nil {
-		return nil, specific, fmt.Errorf("wrong upstream format: %w", err)
-	} else if useDefault {
-		return nil, specific, nil
+	for _, upstreamAddr := range upstreams {
+		var useDefault bool
+		useDefault, err = validateUpstream(upstreamAddr, domains)
+		if err != nil {
+			err = fmt.Errorf("wrong upstream format: %w", err)
+			m.Store(upstreamAddr, err.Error())
+
+			continue
+		}
+
+		if useDefault {
+			continue
+		}
+
+		log.Debug("dnsforward: checking if upstream %q works", upstreamAddr)
+
+		err = s.checkUpstreamAddr(upstreamAddr, specific, opts, check)
+		if err != nil {
+			m.Store(upstreamAddr, err.Error())
+		} else {
+			m.Store(upstreamAddr, "OK")
+		}
 	}
+}
 
-	log.Debug("dnsforward: checking if upstream %q works", upstreamAddr)
+// checkUpstreamAddr creates the DNS upstream using opts and information from
+// [s.dnsFilter.EtcHosts].  Checks if the DNS upstream exchanges correctly.  It
+// returns an error if addr is not valid DNS upstream address or the upstream
+// is not exchanging correctly.
+func (s *Server) checkUpstreamAddr(
+	addr string,
+	specific bool,
+	opts *upstream.Options,
+	check healthCheckFunc,
+) (err error) {
+	defer func() {
+		if err != nil && specific {
+			err = domainSpecificTestError{error: err}
+		}
+	}()
 
 	opts = &upstream.Options{
 		Bootstrap:  opts.Bootstrap,
@@ -716,42 +777,25 @@ func (s *Server) parseUpstreamLine(
 
 	// dnsFilter can be nil during application update.
 	if s.dnsFilter != nil {
-		recs := s.dnsFilter.EtcHostsRecords(extractUpstreamHost(upstreamAddr))
+		recs := s.dnsFilter.EtcHostsRecords(extractUpstreamHost(addr))
 		for _, rec := range recs {
 			opts.ServerIPAddrs = append(opts.ServerIPAddrs, rec.Addr.AsSlice())
 		}
 		sortNetIPAddrs(opts.ServerIPAddrs, opts.PreferIPv6)
 	}
-	u, err = upstream.AddressToUpstream(upstreamAddr, opts)
+
+	u, err := upstream.AddressToUpstream(addr, opts)
 	if err != nil {
-		return nil, specific, fmt.Errorf("creating upstream for %q: %w", upstreamAddr, err)
+		return fmt.Errorf("creating upstream for %q: %w", addr, err)
 	}
 
-	return u, specific, nil
-}
-
-func (s *Server) checkDNS(line string, opts *upstream.Options, check healthCheckFunc) (err error) {
-	if IsCommentOrEmpty(line) {
-		return nil
-	}
-
-	var u upstream.Upstream
-	var specific bool
-	defer func() {
-		if err != nil && specific {
-			err = domainSpecificTestError{error: err}
-		}
-	}()
-
-	u, specific, err = s.parseUpstreamLine(line, opts)
-	if err != nil || u == nil {
-		return err
-	}
 	defer func() { err = errors.WithDeferred(err, u.Close()) }()
 
 	return check(u)
 }
 
+// handleTestUpstreamDNS handles requests to the POST /control/test_upstream_dns
+// endpoint.
 func (s *Server) handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 	req := &upstreamJSON{}
 	err := json.NewDecoder(r.Body).Decode(req)
@@ -761,6 +805,10 @@ func (s *Server) handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	req.Upstreams = stringutil.FilterOut(req.Upstreams, IsCommentOrEmpty)
+	req.FallbackDNS = stringutil.FilterOut(req.FallbackDNS, IsCommentOrEmpty)
+	req.PrivateUpstreams = stringutil.FilterOut(req.PrivateUpstreams, IsCommentOrEmpty)
+
 	opts := &upstream.Options{
 		Bootstrap:  req.BootstrapDNS,
 		Timeout:    s.conf.UpstreamTimeout,
@@ -770,54 +818,34 @@ func (s *Server) handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
 		opts.Bootstrap = defaultBootstrap
 	}
 
-	type upsCheckResult = struct {
-		err  error
-		host string
-	}
+	wg := &sync.WaitGroup{}
+	m := &sync.Map{}
 
-	req.Upstreams = stringutil.FilterOut(req.Upstreams, IsCommentOrEmpty)
-	req.FallbackDNS = stringutil.FilterOut(req.FallbackDNS, IsCommentOrEmpty)
-	req.PrivateUpstreams = stringutil.FilterOut(req.PrivateUpstreams, IsCommentOrEmpty)
-
-	upsNum := len(req.Upstreams) + len(req.FallbackDNS) + len(req.PrivateUpstreams)
-	result := make(map[string]string, upsNum)
-	resCh := make(chan upsCheckResult, upsNum)
+	wg.Add(len(req.Upstreams) + len(req.FallbackDNS) + len(req.PrivateUpstreams))
 
 	for _, ups := range req.Upstreams {
-		go func(ups string) {
-			resCh <- upsCheckResult{
-				host: ups,
-				err:  s.checkDNS(ups, opts, checkDNSUpstreamExc),
-			}
-		}(ups)
+		go s.checkDNS(ups, opts, checkDNSUpstreamExc, wg, m)
 	}
 	for _, ups := range req.FallbackDNS {
-		go func(ups string) {
-			resCh <- upsCheckResult{
-				host: ups,
-				err:  s.checkDNS(ups, opts, checkDNSUpstreamExc),
-			}
-		}(ups)
+		go s.checkDNS(ups, opts, checkDNSUpstreamExc, wg, m)
 	}
 	for _, ups := range req.PrivateUpstreams {
-		go func(ups string) {
-			resCh <- upsCheckResult{
-				host: ups,
-				err:  s.checkDNS(ups, opts, checkPrivateUpstreamExc),
-			}
-		}(ups)
+		go s.checkDNS(ups, opts, checkPrivateUpstreamExc, wg, m)
 	}
 
-	for i := 0; i < upsNum; i++ {
+	wg.Wait()
+
+	result := map[string]string{}
+	m.Range(func(k, v any) bool {
 		// TODO(e.burkov):  The upstreams used for both common and private
 		// resolving should be reported separately.
-		pair := <-resCh
-		if pair.err != nil {
-			result[pair.host] = pair.err.Error()
-		} else {
-			result[pair.host] = "OK"
-		}
-	}
+		ups := k.(string)
+		status := v.(string)
+
+		result[ups] = status
+
+		return true
+	})
 
 	aghhttp.WriteJSONResponseOK(w, r, result)
 }

internal/dnsforward/http_test.go

@@ -49,13 +49,18 @@ func loadTestData(t *testing.T, casesFileName string, cases any) {
 	require.NoError(t, err)
 }
 
-const jsonExt = ".json"
+const (
+	jsonExt = ".json"
+
+	// testBlockedRespTTL is the TTL for blocked responses to use in tests.
+	testBlockedRespTTL = 10
+)
 
 func TestDNSForwardHTTP_handleGetConfig(t *testing.T) {
 	filterConf := &filtering.Config{
 		ProtectionEnabled:     true,
 		BlockingMode:          filtering.BlockingModeDefault,
-		BlockedResponseTTL:    10,
+		BlockedResponseTTL:    testBlockedRespTTL,
 		SafeBrowsingEnabled:   true,
 		SafeBrowsingCacheSize: 1000,
 		SafeSearchConf:        filtering.SafeSearchConfig{Enabled: true},
@@ -133,7 +138,7 @@ func TestDNSForwardHTTP_handleSetConfig(t *testing.T) {
 	filterConf := &filtering.Config{
 		ProtectionEnabled:     true,
 		BlockingMode:          filtering.BlockingModeDefault,
-		BlockedResponseTTL:    10,
+		BlockedResponseTTL:    testBlockedRespTTL,
 		SafeBrowsingEnabled:   true,
 		SafeBrowsingCacheSize: 1000,
 		SafeSearchConf:        filtering.SafeSearchConfig{Enabled: true},
@@ -229,6 +234,9 @@ func TestDNSForwardHTTP_handleSetConfig(t *testing.T) {
 	}, {
 		name:    "blocked_response_ttl",
 		wantSet: "",
+	}, {
+		name:    "multiple_domain_specific_upstreams",
+		wantSet: "",
 	}}
 
 	var data map[string]struct {
@@ -250,6 +258,7 @@ func TestDNSForwardHTTP_handleSetConfig(t *testing.T) {
 				s.dnsFilter.SetBlockingMode(filtering.BlockingModeDefault, netip.Addr{}, netip.Addr{})
 				s.conf = defaultConf
 				s.conf.Config.EDNSClientSubnet = &EDNSClientSubnet{}
+				s.dnsFilter.SetBlockedResponseTTL(testBlockedRespTTL)
 			})
 
 			rBody := io.NopCloser(bytes.NewReader(caseData.Req))
@@ -470,6 +479,8 @@ func TestServer_HandleTestUpstreamDNS(t *testing.T) {
 		Host:   newLocalUpstreamListener(t, 0, badHandler).String(),
 	}).String()
 
+	goodAndBadUps := strings.Join([]string{goodUps, badUps}, " ")
+
 	const (
 		upsTimeout = 100 * time.Millisecond
 
@@ -547,7 +558,7 @@ func TestServer_HandleTestUpstreamDNS(t *testing.T) {
 			"upstream_dns": []string{"[/domain.example/]" + badUps},
 		},
 		wantResp: map[string]any{
-			"[/domain.example/]" + badUps: `WARNING: couldn't communicate ` +
+			badUps: `WARNING: couldn't communicate ` +
 				`with upstream: exchanging with ` + badUps + ` over tcp: ` +
 				`dns: id mismatch`,
 		},
@@ -585,6 +596,40 @@ func TestServer_HandleTestUpstreamDNS(t *testing.T) {
 			goodUps: "OK",
 		},
 		name: "fallback_comment_mix",
+	}, {
+		body: map[string]any{
+			"upstream_dns": []string{"[/domain.example/]" + goodUps + " " + badUps},
+		},
+		wantResp: map[string]any{
+			goodUps: "OK",
+			badUps: `WARNING: couldn't communicate ` +
+				`with upstream: exchanging with ` + badUps + ` over tcp: ` +
+				`dns: id mismatch`,
+		},
+		name: "multiple_domain_specific_upstreams",
+	}, {
+		body: map[string]any{
+			"upstream_dns": []string{"[/domain.example/]/]1.2.3.4"},
+		},
+		wantResp: map[string]any{
+			"[/domain.example/]/]1.2.3.4": `wrong upstream format: ` +
+				`bad upstream for domain "[/domain.example/]/]1.2.3.4": ` +
+				`duplicated separator`,
+		},
+		name: "bad_specification",
+	}, {
+		body: map[string]any{
+			"upstream_dns":     []string{"[/domain.example/]" + goodAndBadUps},
+			"fallback_dns":     []string{"[/domain.example/]" + goodAndBadUps},
+			"private_upstream": []string{"[/domain.example/]" + goodAndBadUps},
+		},
+		wantResp: map[string]any{
+			goodUps: "OK",
+			badUps: `WARNING: couldn't communicate ` +
+				`with upstream: exchanging with ` + badUps + ` over tcp: ` +
+				`dns: id mismatch`,
+		},
+		name: "all_different",
 	}}
 
 	for _, tc := range testCases {

internal/dnsforward/msg.go

@@ -2,7 +2,6 @@ package dnsforward
 
 import (
 	"net/netip"
-	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/dnsproxy/proxy"
@@ -270,10 +269,9 @@ func (s *Server) genBlockedHost(request *dns.Msg, newAddr string, d *proxy.DNSCo
 	replReq.RecursionDesired = true
 
 	newContext := &proxy.DNSContext{
-		Proto:     d.Proto,
-		Addr:      d.Addr,
-		StartTime: time.Now(),
-		Req:       &replReq,
+		Proto: d.Proto,
+		Addr:  d.Addr,
+		Req:   &replReq,
 	}
 
 	prx := s.proxy()

internal/dnsforward/stats.go

@@ -20,11 +20,10 @@ func (s *Server) processQueryLogsAndStats(dctx *dnsContext) (rc resultCode) {
 	log.Debug("dnsforward: started processing querylog and stats")
 	defer log.Debug("dnsforward: finished processing querylog and stats")
 
-	elapsed := time.Since(dctx.startTime)
 	pctx := dctx.proxyCtx
-
 	q := pctx.Req.Question[0]
 	host := aghnet.NormalizeDomain(q.Name)
+	processingTime := time.Since(dctx.startTime)
 
 	ip, _ := netutil.IPAndPortFromAddr(pctx.Addr)
 	ip = slices.Clone(ip)
@@ -43,7 +42,7 @@ func (s *Server) processQueryLogsAndStats(dctx *dnsContext) (rc resultCode) {
 	defer s.serverLock.RUnlock()
 
 	if s.shouldLog(host, qt, cl, ids) {
-		s.logQuery(dctx, pctx, elapsed, ip)
+		s.logQuery(dctx, ip, processingTime)
 	} else {
 		log.Debug(
 			"dnsforward: request %s %s %q from %s ignored; not adding to querylog",
@@ -55,7 +54,7 @@ func (s *Server) processQueryLogsAndStats(dctx *dnsContext) (rc resultCode) {
 	}
 
 	if s.shouldCountStat(host, qt, cl, ids) {
-		s.updateStats(dctx, elapsed, *dctx.result, ipStr)
+		s.updateStats(dctx, ipStr, processingTime)
 	} else {
 		log.Debug(
 			"dnsforward: request %s %s %q from %s ignored; not counting in stats",
@@ -90,12 +89,9 @@ func (s *Server) shouldCountStat(host string, qt, cl uint16, ids []string) (ok b
 }
 
 // logQuery pushes the request details into the query log.
-func (s *Server) logQuery(
-	dctx *dnsContext,
-	pctx *proxy.DNSContext,
-	elapsed time.Duration,
-	ip net.IP,
-) {
+func (s *Server) logQuery(dctx *dnsContext, ip net.IP, processingTime time.Duration) {
+	pctx := dctx.proxyCtx
+
 	p := &querylog.AddParams{
 		Question:          pctx.Req,
 		ReqECS:            pctx.ReqECS,
@@ -104,7 +100,7 @@ func (s *Server) logQuery(
 		Result:            dctx.result,
 		ClientID:          dctx.clientID,
 		ClientIP:          ip,
-		Elapsed:           elapsed,
+		Elapsed:           processingTime,
 		AuthenticatedData: dctx.responseAD,
 	}
 
@@ -132,30 +128,27 @@ func (s *Server) logQuery(
 }
 
 // updatesStats writes the request into statistics.
-func (s *Server) updateStats(
-	ctx *dnsContext,
-	elapsed time.Duration,
-	res filtering.Result,
-	clientIP string,
-) {
-	pctx := ctx.proxyCtx
+func (s *Server) updateStats(dctx *dnsContext, clientIP string, processingTime time.Duration) {
+	pctx := dctx.proxyCtx
+
 	e := &stats.Entry{
-		Domain: aghnet.NormalizeDomain(pctx.Req.Question[0].Name),
-		Result: stats.RNotFiltered,
-		Time:   elapsed,
+		Domain:         aghnet.NormalizeDomain(pctx.Req.Question[0].Name),
+		Result:         stats.RNotFiltered,
+		ProcessingTime: processingTime,
+		UpstreamTime:   pctx.QueryDuration,
 	}
 
 	if pctx.Upstream != nil {
 		e.Upstream = pctx.Upstream.Address()
 	}
 
-	if clientID := ctx.clientID; clientID != "" {
+	if clientID := dctx.clientID; clientID != "" {
 		e.Client = clientID
 	} else {
 		e.Client = clientIP
 	}
 
-	switch res.Reason {
+	switch dctx.result.Reason {
 	case filtering.FilteredSafeBrowsing:
 		e.Result = stats.RSafeBrowsing
 	case filtering.FilteredParental:

internal/dnsforward/testdata/TestDNSForwardHTTP_handleSetConfig.json

@@ -839,5 +839,47 @@
       "edns_cs_use_custom": false,
       "edns_cs_custom_ip": ""
     }
+  },
+  "multiple_domain_specific_upstreams": {
+    "req": {
+      "upstream_dns": [
+        "8.8.8.8:77",
+        "[/example.com/]8.8.4.4:77 9.9.9.10 https://1.1.1.1"
+      ]
+    },
+    "want": {
+      "upstream_dns": [
+        "8.8.8.8:77",
+        "[/example.com/]8.8.4.4:77 9.9.9.10 https://1.1.1.1"
+      ],
+      "upstream_dns_file": "",
+      "bootstrap_dns": [
+        "9.9.9.10",
+        "149.112.112.10",
+        "2620:fe::10",
+        "2620:fe::fe:10"
+      ],
+      "fallback_dns": [],
+      "protection_enabled": true,
+      "protection_disabled_until": null,
+      "ratelimit": 0,
+      "blocking_mode": "default",
+      "blocking_ipv4": "",
+      "blocking_ipv6": "",
+      "blocked_response_ttl": 10,
+      "edns_cs_enabled": false,
+      "dnssec_enabled": false,
+      "disable_ipv6": false,
+      "upstream_mode": "",
+      "cache_size": 0,
+      "cache_ttl_min": 0,
+      "cache_ttl_max": 0,
+      "cache_optimistic": false,
+      "resolve_clients": false,
+      "use_private_ptr_resolvers": false,
+      "local_ptr_upstreams": [],
+      "edns_cs_use_custom": false,
+      "edns_cs_custom_ip": ""
+    }
   }
 }

internal/filtering/filter.go

@@ -263,30 +263,6 @@ func assignUniqueFilterID() int64 {
 	return value
 }
 
-// Sets up a timer that will be checking for filters updates periodically
-func (d *DNSFilter) periodicallyRefreshFilters() {
-	const maxInterval = 1 * 60 * 60
-	ivl := 5 // use a dynamically increasing time interval
-	for {
-		isNetErr, ok := false, false
-		if d.conf.FiltersUpdateIntervalHours != 0 {
-			_, isNetErr, ok = d.tryRefreshFilters(true, true, false)
-			if ok && !isNetErr {
-				ivl = maxInterval
-			}
-		}
-
-		if isNetErr {
-			ivl *= 2
-			if ivl > maxInterval {
-				ivl = maxInterval
-			}
-		}
-
-		time.Sleep(time.Duration(ivl) * time.Second)
-	}
-}
-
 // tryRefreshFilters is like [refreshFilters], but backs down if the update is
 // already going on.
 //

internal/filtering/filtering.go

@@ -257,6 +257,9 @@ type DNSFilter struct {
 	// conf contains filtering parameters.
 	conf *Config
 
+	// done is the channel to signal to stop running filters updates loop.
+	done chan struct{}
+
 	// Channel for passing data to filters-initializer goroutine
 	filtersInitializerChan chan filtersInitializerParams
 	filtersInitializerLock sync.Mutex
@@ -424,24 +427,15 @@ func (d *DNSFilter) setFilters(blockFilters, allowFilters []Filter, async bool)
 	return d.initFiltering(allowFilters, blockFilters)
 }
 
-// Starts initializing new filters by signal from channel
-func (d *DNSFilter) filtersInitializer() {
-	for {
-		params := <-d.filtersInitializerChan
-		err := d.initFiltering(params.allowFilters, params.blockFilters)
-		if err != nil {
-			log.Error("filtering: initializing: %s", err)
-
-			continue
-		}
-	}
-}
-
 // Close - close the object
 func (d *DNSFilter) Close() {
 	d.engineLock.Lock()
 	defer d.engineLock.Unlock()
 
+	if d.done != nil {
+		d.done <- struct{}{}
+	}
+
 	d.reset()
 }
 
@@ -1131,19 +1125,64 @@ func New(c *Config, blockFilters []Filter) (d *DNSFilter, err error) {
 	return d, nil
 }
 
-// Start - start the module:
-// . start async filtering initializer goroutine
-// . register web handlers
+// Start registers web handlers and starts filters updates loop.
 func (d *DNSFilter) Start() {
 	d.filtersInitializerChan = make(chan filtersInitializerParams, 1)
-	go d.filtersInitializer()
+	d.done = make(chan struct{}, 1)
 
 	d.RegisterFilteringHandlers()
 
-	// Here we should start updating filters,
-	//  but currently we can't wake up the periodic task to do so.
-	// So for now we just start this periodic task from here.
-	go d.periodicallyRefreshFilters()
+	go d.updatesLoop()
+}
+
+// updatesLoop initializes new filters and checks for filters updates in a loop.
+func (d *DNSFilter) updatesLoop() {
+	defer log.OnPanic("filtering: updates loop")
+
+	ivl := time.Second * 5
+	t := time.NewTimer(ivl)
+
+	for {
+		select {
+		case params := <-d.filtersInitializerChan:
+			err := d.initFiltering(params.allowFilters, params.blockFilters)
+			if err != nil {
+				log.Error("filtering: initializing: %s", err)
+
+				continue
+			}
+		case <-t.C:
+			ivl = d.periodicallyRefreshFilters(ivl)
+			t.Reset(ivl)
+		case <-d.done:
+			t.Stop()
+
+			return
+		}
+	}
+}
+
+// periodicallyRefreshFilters checks for filters updates and returns time
+// interval for the next update.
+func (d *DNSFilter) periodicallyRefreshFilters(ivl time.Duration) (nextIvl time.Duration) {
+	const maxInterval = time.Hour
+
+	if d.conf.FiltersUpdateIntervalHours == 0 {
+		return ivl
+	}
+
+	isNetErr, ok := false, false
+	_, isNetErr, ok = d.tryRefreshFilters(true, true, false)
+
+	if ok && !isNetErr {
+		ivl = maxInterval
+	} else if isNetErr {
+		ivl *= 2
+		// TODO(s.chzhen):  Use built-in function max in Go 1.21.
+		ivl = mathutil.Max(ivl, maxInterval)
+	}
+
+	return ivl
 }
 
 // Safe browsing and parental control methods.

internal/filtering/servicelist.go

@@ -256,6 +256,13 @@ var blockedServices = []blockedService{{
 		"||z.cn^",
 		"||zappos^",
 	},
+}, {
+	ID:      "amino",
+	Name:    "Amino",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 50 50\"><path d=\"M9 4C6.24 4 4 6.24 4 9v32c0 2.76 2.24 5 5 5h32c2.76 0 5-2.24 5-5V9c0-2.76-2.24-5-5-5H9zm8.17 3.78a1.001 1.001 0 0 1 1.01 1c0 .37-.21.73-.57.9-.14.07-.29.1-.43.1a.987.987 0 0 1-.9-.56 1 1 0 0 1 .89-1.44zm15.66 0c.14 0 .29.03.43.1.36.17.56.53.56.9a.987.987 0 0 1-1 1c-.14 0-.29-.03-.43-.1a.998.998 0 0 1-.57-.9c0-.14.03-.29.1-.43a1 1 0 0 1 .91-.57zM13.77 9.93c.29 0 .58.13.78.38.15.18.22.4.22.62 0 .3-.13.59-.38.78a.963.963 0 0 1-.62.22c-.29 0-.58-.13-.78-.37a1.001 1.001 0 0 1 .78-1.63zm22.46 0c.22 0 .44.07.63.22a1.01 1.01 0 0 1 .15 1.41c-.2.24-.49.37-.78.37a.963.963 0 0 1-.62-.22.972.972 0 0 1-.38-.78c0-.22.07-.44.22-.62.2-.25.49-.38.78-.38zM25 10c8.27 0 15 6.73 15 15s-6.73 15-15 15-15-6.73-15-15 6.73-15 15-15zm-14.08 2.78a1.01 1.01 0 0 1 1.01 1 1.005 1.005 0 0 1-1.629.781 1 1 0 0 1 .619-1.782zm28.16 0c.29 0 .58.13.78.38.14.18.22.4.22.62 0 .29-.13.58-.38.78a1.005 1.005 0 0 1-1.629-.781 1.01 1.01 0 0 1 1.01-1zm-14.434 3.222a2.185 2.185 0 0 0-2.175 1.398l-5.09 13.59a.75.75 0 0 0 .7 1.01h1.458a.973.973 0 0 0 .75-.35c1.75-2 4.35-3.58 6.64-4.7l1.821 4.43a1.003 1.003 0 0 0 .92.62h1.25a.75.75 0 0 0 .7-1.01l-1.97-5.24c1.3-.52 2.19-.79 2.22-.79.8-.21 1.29-1.02 1.08-1.83a1.502 1.502 0 0 0-1.81-1.09c-.12.03-1.13.3-2.57.82l-2.01-5.35c-.25-.69-.79-1.25-1.5-1.44a2.223 2.223 0 0 0-.414-.068zm-15.867.187a1 1 0 0 1 1 1.01c0 .14-.03.292-.1.432a1.004 1.004 0 0 1-1.34.459.991.991 0 0 1-.458-1.33c.17-.36.528-.57.898-.57zm32.442 0c.37 0 .728.21.898.57a.985.985 0 0 1-.459 1.33 1.004 1.004 0 0 1-1.34-.459.971.971 0 0 1-.1-.43 1 1 0 0 1 1-1.01zM24.5 22.04c.24 0 .48.13.59.39l.66 1.622a27.9 27.9 0 0 0-1.61.83c-.543.304-1.09.633-1.63.988l1.4-3.44c.11-.26.35-.39.59-.39zM8.78 31.811c.37 0 .73.208.9.558a1 1 0 1 1-1.9.432c0-.36.2-.72.56-.89.14-.07.29-.1.44-.1zm32.44 0a.991.991 0 0 1 .898 1.43.995.995 0 0 1-1.329.47 1 1 0 0 1-.568-.91c0-.14.03-.292.1-.432.17-.35.53-.558.9-.558zm-30.3 3.41a1.005 1.005 0 0 1 1.01 1 1.01 1.01 0 0 1-1.01 1 1 1 0 0 1-.78-.381c-.14-.18-.22-.4-.22-.62 0-.29.13-.58.38-.78.18-.15.4-.22.62-.22zm28.16 0a1 1 0 1 1-.63 1.78.996.996 0 0 1-.38-.78 1.005 1.005 0 0 1 1.01-1zm-25.31 2.85c.22 0 .44.068.62.218.25.19.38.481.38.781 0 .22-.07.44-.22.62a1.002 1.002 0 0 1-1.41.16 1.01 1.01 0 0 1-.15-1.41c.2-.24.49-.37.78-.37zm22.46 0c.29 0 .58.128.78.368a1.001 1.001 0 0 1-.78 1.631c-.29 0-.58-.13-.78-.38a.958.958 0 0 1-.22-.62c0-.3.13-.59.38-.78a.963.963 0 0 1 .62-.22zm-19.05 2.15c.14 0 .29.03.43.1.36.17.57.53.57.9 0 .14-.03.29-.1.43a1.001 1.001 0 0 1-1.34.468.986.986 0 0 1-.56-.898.987.987 0 0 1 1-1zm15.64 0c.37 0 .73.198.9.558a1 1 0 1 1-1.9.442c0-.37.21-.73.57-.9.14-.07.29-.1.43-.1z\"/></svg>"),
+	Rules: []string{
+		"||aminoapps.com^",
+	},
 }, {
 	ID:      "apple_streaming",
 	Name:    "Apple Streaming",
@@ -337,6 +344,16 @@ var blockedServices = []blockedService{{
 		"||betwaysatta.com^",
 		"||vietnambetway88.com^",
 	},
+}, {
+	ID:      "bigo_live",
+	Name:    "Bigo Live",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"3 3.5 41 41\" fill=\"currentColor\"><g fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M29.18 26.13c5.84-2.13 10.03-4.81 5.7-10.34.3-11.15-18.48-13.27-23.18-.61-.54 2.44-.36 7.7 1.48 11.92.68 1.6.15 8.1-2.23 5.16-1.12-1.52-2.16-1.58-2.6-1.42-2.14 3.95 3.39 7.32 4.6 7.34 3.02 3.5 5.59 3.07 7.77 3.23\"/><path d=\"M32.03 24.95c5 7.69 2.45 12.6-3.85 14.2M18.16 25.72c.97.92 2.4.74 3.38.06.19-1.83 1.67-1.76 1.92.11 1.2-.02 2.44-.16 2.67.7.14.9-.63 1.44-1.8 1.28.06 1.84-.86 1.78-2.93 1.6-.68.3-1.3.42-1.93.55m3.33-8.6c5.01 1.97 9.5 1.55 12.19-2.67\"/><ellipse cx=\"25.08\" cy=\"18.77\" rx=\"1.12\" ry=\"1.28\"/><ellipse cx=\"32.83\" cy=\"16.88\" rx=\".93\" ry=\"1.22\"/><path d=\"M20.52 40c6.87 13.72 14.2-18.17.53-6.2m13.52-4.57c11.28-7.01 2.68 13.07-1.86 8.09M25.83 6.57c-4.11-3.58-6.75-2.2-8.56 1.68-7.73-1.63-7.5 4.7-5.57 6.93-3.37 2.43-4.1 4.87.12 7.3-1.62.75-3.3 3.43 1.36 5.35-1.18.95-2.77 1.83-.12 3.4m24.07-15.36h2.63m-1.31-1.5v2.92\"/></g></svg>"),
+	Rules: []string{
+		"||bigo.sg^",
+		"||bigo.tv^",
+		"||bigolive.tv^",
+		"||bigovideo.tv^",
+	},
 }, {
 	ID:      "bilibili",
 	Name:    "Bilibili",
@@ -411,6 +428,15 @@ var blockedServices = []blockedService{{
 		"||bnet.163.com^",
 		"||bnet.cn^",
 	},
+}, {
+	ID:      "canais_globo",
+	Name:    "Canais Globo",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 980 980\"><path d=\"M455.5 1.1a484.3 484.3 0 0 0-258 95.4 501.4 501.4 0 0 0-101.1 101A483.8 483.8 0 0 0 4 426.5 491.7 491.7 0 0 0 54.7 716a481.2 481.2 0 0 0 89.7 121.5C252.7 945.3 400 995.1 554 975.9c92.4-11.4 178-49.3 253.5-112 15-12.4 47.5-45.5 60.6-61.7A483.7 483.7 0 0 0 976 553.5a488.4 488.4 0 0 0-135.7-406.6A494.8 494.8 0 0 0 640.8 23.2 506.9 506.9 0 0 0 455.5 1.1zm-76.4 245.4c6.4 2.3 359.1 210.1 364.3 214.7 2.8 2.4 5.8 6.5 7.8 10.6 3.2 6.4 3.3 7.2 3.3 18.2s-.1 11.8-3.3 18.2c-2 4.1-5 8.2-7.8 10.6-6.7 5.9-358.7 212.7-365.3 214.6a42 42 0 0 1-29.1-2.6 46 46 0 0 1-18.6-19l-2.9-6.3v-431l2.9-6.2c2.7-6 9.5-13.6 15.7-17.6a44.3 44.3 0 0 1 33-4.2z\"/></svg>"),
+	Rules: []string{
+		"||canaisglobo.globo.com^",
+		"||globosat.globo.com^",
+		"||gsatmulti.globo.com^",
+	},
 }, {
 	ID:      "claro",
 	Name:    "Claro",
@@ -508,6 +534,13 @@ var blockedServices = []blockedService{{
 		"||deezer.com^",
 		"||dzcdn.net^",
 	},
+}, {
+	ID:      "directvgo",
+	Name:    "DirecTV Go",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"-2 0 20 20\"><path d=\"M17 9.97A10.12 10.12 0 0 1 6.82 20H.46a.44.44 0 0 1-.34-.16.42.42 0 0 1-.11-.36A5.03 5.03 0 0 1 5 15.32h1.82a5.16 5.16 0 0 0 5.17-5.35v-.36a5.2 5.2 0 0 0-5.25-4.93H5a5.1 5.1 0 0 1-3.57-1.46A4.98 4.98 0 0 1 0 .54.45.45 0 0 1 .1.16.45.45 0 0 1 .47 0h6.26C12.36 0 16.95 4.44 17 9.97z\"/><path d=\"M12 9.97a9.95 9.95 0 0 1-2.9 7.09A9.85 9.85 0 0 1 2.04 20H.45a.43.43 0 0 1-.34-.16.43.43 0 0 1-.1-.36 4.94 4.94 0 0 1 4.86-4.16h1.77a5.36 5.36 0 0 0 5.27-4.89 4.32 4.32 0 0 0 0-.49v-.3a5.36 5.36 0 0 0-5.34-4.96h-1.7A4.92 4.92 0 0 1 1.4 3.22 5.02 5.02 0 0 1 .01.54.46.46 0 0 1 .45 0h1.5c5.51-.02 10 4.44 10.05 9.97z\"/><path d=\"M4 10a3 3 0 1 0 6 0 3 3 0 0 0-6 0z\"/></svg>"),
+	Rules: []string{
+		"||directvgo.com^",
+	},
 }, {
 	ID:      "discord",
 	Name:    "Discord",
@@ -1648,6 +1681,22 @@ var blockedServices = []blockedService{{
 		"||linkedin.qtlcdn.com^",
 		"||lnkd.in^",
 	},
+}, {
+	ID:      "lionsgateplus",
+	Name:    "Lionsgate+",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"-21 2 120 120\"><path d=\"M35 3.7v84.8h43.9v31.8H0V3.7Z\"/></svg>"),
+	Rules: []string{
+		"||lionsgateplus.com^",
+		"||starz.com^",
+	},
+}, {
+	ID:      "looke",
+	Name:    "Looke",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 -28 100 100\"><path d=\"m16.1.1-2-.1C7 0 0 5.2 0 11.2 0 15.4 2.4 17 6.2 17 5 16 4 14.8 4 11.4 4 7 6.7 4 11 2.8v33.5h1c6.1 0 10.5 7.5 15.5 7.5 3.3 0 5.3-2.3 5.3-5 0-.4 0-.8-.2-1.2a9 9 0 0 1-3.6 1c-5.4 0-8.8-3.4-12.9-4.3V.3z\"/><path d=\"M31.6 11.2c-7.1 0-9.3 7.7-9.3 13.2 0 8.2 4.7 11.1 9 11.1 5 0 8-4.7 8-12.5v-2c3-.4 6-1.8 7.3-3.9L46 16a9.2 9.2 0 0 1-6.5 2.8H39c-.6-4.2-2.5-7.5-7.5-7.5zm.5 20.7c-2.1 0-4.6-1.5-4.6-7.7 0-4.6 1.4-10.4 5.4-10.4 1.4 0 2.6.8 3.4 3-1.2 0-2 .5-2 2 0 1.6.9 2.3 2.7 2.4v1.1c0 6-1.6 9.6-4.9 9.6z\"/><path d=\"M51.6 11.2c-7.1 0-9.3 7.7-9.3 13.2 0 8.2 4.7 11.1 9 11.1 5 0 8-4.7 8-12.5v-2c3-.4 6-1.8 7.3-3.9L66 16a9.2 9.2 0 0 1-6.5 2.8H59c-.6-4.2-2.5-7.5-7.5-7.5zm.5 20.7c-2.1 0-4.6-1.5-4.6-7.7 0-4.6 1.4-10.4 5.4-10.4 1.4 0 2.6.8 3.4 3-1.2 0-2 .5-2 2 0 1.6.9 2.3 2.7 2.4v1.1c0 6-1.6 9.6-4.9 9.6z\"/><path d=\"M63 2.6v32.6h4.7v-10c1-2.8 2.2-3.7 3.9-3.7 1.6 0 3 .8 3 4.2V30c0 3 1.5 5.4 5.3 5.4 2 0 5.2-.6 6.6-8.8h-1.7c-.8 3.6-2 5.2-3.6 5.2-1.7 0-1.9-1.6-1.9-2.5l.2-4.1c0-3.1-.8-7.4-6.5-7.4h-.5l8-6.5h-4.6l-8.2 7.8V1.9Z\"/><path d=\"M99.6 17.4c0-5-3.2-6.2-6.4-6.2-6.8 0-9 8-9 13.3 0 8 4.8 11 9 11 3.6 0 6.8-1.9 6.8-4.7l-.1-1.2c-1.2 1.7-3.1 2.3-5.2 2.3-2.7 0-5-1.1-5.5-6.2 6.5-.7 10.4-3.9 10.4-8.3zm-10.4 6.5c0-4.7 1.6-10.4 5-10.4 1.5 0 2.3 1 2.3 3.4 0 3.6-2.8 6.2-7.3 7z\"/></svg>"),
+	Rules: []string{
+		"||looke.com.br^",
+		"||ottvs.com.br^",
+	},
 }, {
 	ID:      "mail_ru",
 	Name:    "Mail.ru",
@@ -1975,6 +2024,23 @@ var blockedServices = []blockedService{{
 		"||sonyentertainmentnetwork.com",
 		"||station.sony.com",
 	},
+}, {
+	ID:      "plenty_of_fish",
+	Name:    "Plenty of Fish",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"-8 -3 30 30\"><path d=\"M13.96 4.88C11.3.68 7.04 1.25.22 1.25v.09c.52.2.95.59 1.21 1.08.26.47.38 1.04.38 1.72v16.44c.01.61-.11 1.21-.38 1.76-.25.5-.68.9-1.2 1.1v.09h7.13v-.09c-.5-.22-.92-.6-1.17-1.1a3.78 3.78 0 0 1-.4-1.76V16c.54.13 1.08.2 1.62.19a7.66 7.66 0 0 0 6.84-4.3c.47-.97.7-2.1.7-3.41a6.6 6.6 0 0 0-1-3.6ZM9.45 13.6a3.33 3.33 0 0 1-2.96 1.65c-.24 0-.49-.02-.73-.05V7.56l.01-4.63a3 3 0 0 0-.1-.88c1.62 0 2.43.5 3.16 1.19.74.68 1.86 2.68 1.86 5.52a9.4 9.4 0 0 1-1.24 4.85Z\"/></svg>"),
+	Rules: []string{
+		"||pof.com^",
+	},
+}, {
+	ID:      "plex",
+	Name:    "Plex",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 48 48\"><path d=\"M11.5 6A5.5 5.5 0 0 0 6 11.5v25a5.5 5.5 0 0 0 5.5 5.5h25a5.5 5.5 0 0 0 5.5-5.5v-25A5.5 5.5 0 0 0 36.5 6h-25zm6.67 7.08h6.47L31.75 24l-7.1 10.92h-6.48L25.2 24l-7.03-10.92z\"/></svg>"),
+	Rules: []string{
+		"||plex.bz^",
+		"||plex.direct^",
+		"||plex.tv^",
+		"||plexapp.com^",
+	},
 }, {
 	ID:      "pluto_tv",
 	Name:    "Pluto TV",
@@ -1982,6 +2048,13 @@ var blockedServices = []blockedService{{
 	Rules: []string{
 		"||pluto.tv^",
 	},
+}, {
+	ID:      "privacy",
+	Name:    "Privacy",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"-2 0 42 42\"><path fill-rule=\"evenodd\" d=\"m28.516 30.648-.857-1.386-1.935-3.136a9.853 9.853 0 0 0 2.523-3.66 9.76 9.76 0 0 0 .31-6.26 9.853 9.853 0 0 0-3.562-5.185 9.955 9.955 0 0 0-5.985-2 9.94 9.94 0 0 0-5.986 2 9.848 9.848 0 0 0-3.564 5.185 9.76 9.76 0 0 0 .31 6.26 9.853 9.853 0 0 0 2.523 3.66L5.031 37.892a.654.654 0 0 1-.312.267.665.665 0 0 1-.42.013.65.65 0 0 1-.343-.225.65.65 0 0 1-.123-.397V18.875h-.007c0-3.331 1.107-6.468 3.022-9.016a15.152 15.152 0 0 1 7.842-5.436 15.292 15.292 0 0 1 9.572.306c3 1.096 5.65 3.126 7.481 5.92a14.998 14.998 0 0 1 2.427 9.197 15.002 15.002 0 0 1-3.587 8.808 15.267 15.267 0 0 1-2.065 1.992m-9.505 3.26c1.129 0 2.284-.079 3.388-.328.979-.222 1.936-.54 2.856-.951l-.854-1.383-2.838-4.6a1.888 1.888 0 0 1 .636-2.608 6.058 6.058 0 0 0 2.487-2.953 6.02 6.02 0 0 0-1.995-7.03 6.115 6.115 0 0 0-3.68-1.225 6.12 6.12 0 0 0-3.682 1.225 6.03 6.03 0 0 0-2.185 3.178 6.008 6.008 0 0 0 .19 3.852 6.056 6.056 0 0 0 2.487 2.953 1.889 1.889 0 0 1 .637 2.607l-1.845 2.99-1.562 2.532-.278.45a14.152 14.152 0 0 0 6.24 1.292h-.002ZM8.772 39.098l-.476.772a4.468 4.468 0 0 1-2.184 1.829 4.48 4.48 0 0 1-2.846.13 4.468 4.468 0 0 1-2.364-1.592A4.404 4.404 0 0 1 0 37.552V18.875h.007c0-4.183 1.382-8.113 3.771-11.29A18.992 18.992 0 0 1 13.611.78a19.102 19.102 0 0 1 11.967.38 18.97 18.97 0 0 1 9.368 7.422 18.758 18.758 0 0 1 3.04 11.501 18.767 18.767 0 0 1-4.5 11.024 19.006 19.006 0 0 1-10.247 6.17 19.07 19.07 0 0 1-3.613.463c-.089-.003-.534.007-.613.007a19.111 19.111 0 0 1-8.257-1.867l-1.984 3.215v.001Z\" clip-rule=\"evenodd\"/></svg>"),
+	Rules: []string{
+		"||privacy.com.br^",
+	},
 }, {
 	ID:      "qq",
 	Name:    "QQ",
@@ -2086,6 +2159,14 @@ var blockedServices = []blockedService{{
 		"||shopeemobile.com^",
 		"||shp.ee^",
 	},
+}, {
+	ID:      "signal",
+	Name:    "Signal",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 32 32\"><path d=\"M26.6 16c-.2 4-1.9 7.2-5.5 9.2a10.6 10.6 0 0 1-10.5-.2h-.5l-3.8.9c-.2.1-.3 0-.2-.2l.9-3.8-.1-.5a10.6 10.6 0 1 1 19.5-7.2l.2 1.8z\"/><path d=\"M4.6 28.6c-.8 0-1.4-.7-1.2-1.4l.6-2.5.2-.1.9.2c.2 0 .1.1.1.2l-.5 2c-.1.3-.1.3.3.2l2-.5c.2 0 .2 0 .3.2l.2.8-.1.2-2.8.7c.1 0 .1 0 0 0zm5.1-1.2-1 .2c-.2.1-.3 0-.3-.2l-.2-.8.1-.2 1.5-.3h.2c.9.5 1.9.9 2.9 1.2.1 0 .2.1.1.2l-.2.7c0 .2-.1.2-.3.2-.9-.2-1.8-.6-2.6-1 0 .1 0 0-.2 0zm-3.8-5.3-.3 1.3c-.1.5 0 .4-.5.3l-.6-.1c-.1 0-.2-.1-.1-.2l.2-.9v-.4c-.4-.8-.8-1.7-1-2.6-.1-.3-.1-.3.2-.3l.7-.2.2.1c.3 1 .7 2 1.2 2.9-.1 0 0 0 0 .1zM26.4 8.3l-.1.1-.7.5c-.1.1-.2.1-.2 0-.7-.9-1.4-1.6-2.3-2.3-.1-.1-.1-.1 0-.2l.5-.7c.1-.1.1-.1.2 0 1 .7 1.8 1.5 2.6 2.6 0-.1 0-.1 0 0zm-7.2-4.9h.1c1.1.3 2.2.7 3.2 1.3.2.1.2.2.1.3l-.4.7-.2.1a10 10 0 0 0-3-1.2c-.1 0-.2-.1-.1-.2l.2-.9.1-.1zM6.5 9s-.1-.1 0 0l-.8-.6v-.3l1-1.3 1.4-1.2h.3l.5.7v.3C8 7.3 7.3 8 6.6 8.9l-.1.1zm21.1 9.9.9.2.1.2-.8 2.2-.5 1-.3.1-.7-.4-.1-.2c.5-.9 1-1.9 1.2-3 0-.1.1-.2.2-.1zM4.4 13.1l-.9-.2-.1-.2c.2-.9.6-1.8 1-2.6l.3-.6c.2-.2.2-.2.3-.1l.8.5c.1.1.1.1 0 .2-.5.9-1 1.9-1.2 3 0 0 0 .1-.2 0zM3 16l.1-1.7c0-.2.1-.2.3-.2l.8.1.2.2c-.1 1.1-.1 2.1 0 3.2l-.1.2-.9.1c-.2 0-.2-.1-.2-.2C3 17.2 3 16.6 3 16zm25.6-3.2-.1.1-.9.2c-.2 0-.2-.1-.2-.2-.2-.9-.6-1.7-1-2.5l-.2-.4c-.1-.1 0-.1 0-.2l.8-.5h.2a15 15 0 0 1 1.4 3.5zm-2.2 10.9-.1.1c-.7.9-1.6 1.8-2.5 2.5-.1.1-.2.1-.2 0l-.5-.7v-.3c.8-.6 1.6-1.4 2.2-2.2h.3l.7.5.1.1zM16 3l1.7.1c.2 0 .2.1.2.3l-.1.7-.2.2a16 16 0 0 0-3.1 0c-.2 0-.2 0-.2-.2l-.1-.8c0-.1 0-.2.2-.2L16 3zm0 26-1.8-.1c-.2 0-.2-.1-.2-.3l.1-.8.2-.2c1.1.1 2.1.1 3.2 0 .1 0 .2 0 .2.2l.1.8c0 .2-.1.2-.2.2-.4.2-1 .2-1.6.2zM12.8 3.4l.1.1.2.9c0 .2-.1.2-.2.2-.9.2-1.8.6-2.6 1-.3.2-.5.2-.7-.1l-.2-.4c-.1-.2-.1-.2.1-.3.8-.5 1.7-.9 2.6-1.2l.7-.2zM29 16l-.1 1.7c0 .2-.1.2-.3.2l-.7-.1c-.3 0-.3 0-.2-.3v-3.1c0-.1 0-.2.2-.2l.8-.1c.2 0 .2 0 .2.2L29 16zm-9.8 12.6-.1-.1-.2-.9.2-.2c.9-.2 1.7-.6 2.5-1l.4-.2c.1-.1.1 0 .2 0l.5.8v.2c-1.1.6-2.2 1.1-3.5 1.4z\"/></svg>"),
+	Rules: []string{
+		"||signal.org^",
+		"||whispersystems.org^",
+	},
 }, {
 	ID:      "skype",
 	Name:    "Skype",
@@ -2210,6 +2291,14 @@ var blockedServices = []blockedService{{
 		"||tx.me^",
 		"||usercontent.dev^",
 	},
+}, {
+	ID:      "temu",
+	Name:    "Temu",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 256 256\"><path d=\"M199.1 0C230.525 0 256 25.475 256 56.9v142.2c0 31.425-25.475 56.9-56.9 56.9H56.9C25.475 256 0 230.525 0 199.1V56.9C0 25.475 25.475 0 56.9 0zm-64 132.98h-3.4c-3.025 0-5.5 2.45-5.475 5.475v37.625c0 3.025 2.45 5.5 5.475 5.5s5.5-2.45 5.5-5.5v-24.7l9.25 13.05c1.925 2.7 5.925 2.7 7.875 0l9.25-13.05v24.7a5.5 5.5 0 0 0 5.5 5.5c3.025 0 5.5-2.45 5.475-5.5v-37.625c0-3.025-2.45-5.5-5.475-5.475h-3.4c-1.3 0-2.55.625-3.3 1.7l-11.975 18-12-18a3.997 3.997 0 0 0-3.3-1.7zm85.05 0c-3.025 0-5.5 2.45-5.5 5.475v22.975c0 7.225-4.075 10.925-10.775 10.9-6.7 0-10.775-3.825-10.75-11.225v-22.65c0-3.025-2.45-5.5-5.5-5.475-3.025 0-5.5 2.45-5.475 5.475v22.9c0 13.4 8.2 20.225 21.6 20.225s21.9-6.75 21.875-20.55v-22.575c0-3.025-2.45-5.5-5.475-5.475zm-154.22 0H33.855c-3.025 0-5.5 2.45-5.5 5.475s2.45 5.5 5.5 5.5h10.55v32.075c0 3.025 2.45 5.5 5.475 5.5s5.5-2.45 5.5-5.5v-32.075h10.55a5.5 5.5 0 0 0 5.5-5.5c0-3.025-2.45-5.5-5.5-5.475zm47.475 0H83.68c-3.025 0-5.5 2.45-5.5 5.475v37.575a5.5 5.5 0 0 0 5.5 5.5h29.725c3.025 0 5.5-2.45 5.475-5.5 0-3.025-2.45-5.5-5.475-5.5h-24.25v-7.8h21.1c3.025 0 5.5-2.45 5.5-5.475s-2.45-5.5-5.5-5.5h-21.1v-7.8h24.25c3.025 0 5.5-2.45 5.475-5.5 0-3.025-2.45-5.5-5.475-5.475zM59.78 75.63l-1.025.025c-4.275.275-7.2 2.125-8.85 4.625-1.925-2.875-5.525-4.9-10.95-4.6l-.125.175c-.625 1-2.975 5.475.825 10.35.775.825 2.675 3.15 1.9 6.125L30.53 110.155c-.9 1.45-.5 3.325.875 4.3 2.85 2 8.575 4.75 18.5 4.75 9.9 0 15.625-2.75 18.475-4.75l.375-.325a3.179 3.179 0 0 0 .5-3.975l-11-17.825.075.325-.125-.5c-.6-2.675.9-4.8 1.725-5.75l.2-.2c3.825-4.875 1.45-9.325.825-10.35l-.1-.175zm35.7 8.35c-3.775-7.5-8.675-8.775-11.125-6.825-1.875 1.5-6.2 7.425-6.5 7.825-4.775 6.775-4.5 8.425 1.625 12.275 3.45 2.175 6.225-.625 7.425-1.45-.575 3.575-2.325 9.2-4.95 13.15-1.425-1.075-2.475-1.9-3.125-2.5-.825-.75-2.075-.7-2.875.075a1.865 1.865 0 0 0-.55 1.425c.025.525.25 1.025.625 1.375 6.375 5.825 14.75 9.125 23.675 9.15 8.95 0 17.375-3.3 23.75-9.15.825-.75.85-2 .1-2.8a2.07 2.07 0 0 0-2.875-.075c-.5.45-1 .875-1.525 1.3l-2.8-6.25c-.45-1.075-.95-2.425-1.5-4.05.275-.675.85-1.325 1.675-2.175.6-.6 1.1-1.2 1.475-1.775 1.85-2.925.8-4.65.225-5.8-1.325-2.7-3.4-1.825-4.9-.225-1.85 1.95-3.65 2.8-6.55 3.45-2.425.55-4.3.275-5.85-.7-2.15-1.325-5.45-6.25-5.45-6.25zm69.325-7.625c-8 7.6-.325 24.125-14.875 31.15-1.6.775-2.925-1.775-5.075-1.775-6.075.05-17.675 5.4-18.125 8.1-.375 2.225 4.575 4 19.175 4.025 12.7 0 16.8-19.325 21.25-19.35 4.45 0 2.375 17.525 1.9 19.35h4.65c-.4-1.825-.7-7.325-.675-15.1 0-7.775 1.4-9.5 2.525-15.375.975-5.1-6.575-9.525-10.75-11.025zm45.6.625H197.38c-8.425 0-15.425 6.525-16 14.925l-.95 13.475c-.45 6.4 4.625 11.825 11.025 11.85h24.85c6.425 0 11.475-5.425 11.05-11.85l-.95-13.475c-.6-8.4-7.575-14.925-16-14.925zm-110.65 31c3.925 0 6.925 1.925 8.025 5.5-2.675.7-5.35 1.05-8.075 1.025-4.1 0-5.55-.375-8.175-1.075 1.05-3.15 4.525-5.45 8.225-5.45zm98.225-19.825v.375c0 3.25 2.65 5.925 5.9 5.925s5.925-2.65 5.925-5.925v-.375c0-1.45 5.25-1.45 5.25 0v.375c0 6.15-5 11.15-11.175 11.15-6.15 0-11.15-5-11.15-11.15v-.375c0-1.45 5.225-1.45 5.25 0z\"/></svg>"),
+	Rules: []string{
+		"||kwcdn.com^",
+		"||temu.com^",
+	},
 }, {
 	ID:      "tidal",
 	Name:    "Tidal",
@@ -2241,11 +2330,15 @@ var blockedServices = []blockedService{{
 		"||huoshanzhibo.com^",
 		"||muscdn.com^",
 		"||musical.ly^",
+		"||p16-tiktok-*.ibyteimg.com^",
 		"||pstatp.com^",
 		"||snssdk.com^",
 		"||tiktok.com^",
+		"||tiktokcdn-us.com^",
 		"||tiktokcdn.com^",
 		"||tiktokv.com^",
+		"||ttlivecdn.com.c.bytefcdn-oversea.com^",
+		"||ttlivecdn.com^",
 	},
 }, {
 	ID:      "tinder",
@@ -2256,6 +2349,13 @@ var blockedServices = []blockedService{{
 		"||tinder.com^",
 		"||tindersparks.com^",
 	},
+}, {
+	ID:      "tumblr",
+	Name:    "Tumblr",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 50 50\"><path d=\"M40 0H10A10 10 0 0 0 0 10v30a10 10 0 0 0 10 10h30a10 10 0 0 0 10-10V10A10 10 0 0 0 40 0Zm-6 40.24c0 .12-.05.24-.14.32-.12.1-2.85 2.44-9.12 2.44-7.51 0-7.74-8.38-7.74-9.34V23.01L13.43 23a.42.42 0 0 1-.43-.42V18.8c0-.18.1-.34.27-.4.07-.03 6.79-2.64 6.79-8.98 0-.24.2-.43.43-.43h4.09c.24 0 .43.2.43.43L25 17h6.56c.24 0 .43.2.43.45v5.1c0 .24-.19.45-.43.45H25v10.5c0 .25.23 3.27 3.43 3.27a10.3 10.3 0 0 0 4.91-1.39c.14-.08.3-.09.44 0 .13.07.22.21.22.37Z\"/></svg>"),
+	Rules: []string{
+		"||tumblr.com^",
+	},
 }, {
 	ID:      "twitch",
 	Name:    "Twitch",
@@ -2434,6 +2534,15 @@ var blockedServices = []blockedService{{
 		"||whatsapp.tv^",
 		"||whatsappbrand.com^",
 	},
+}, {
+	ID:      "wizz",
+	Name:    "Wizz",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 -297 867 867\"><path d=\"M94.66 31.7c0-11.49-7.72-21.78-17.23-23.05Q47.26 4.74 17.18.16C7.7-1.34 0 7.77 0 20.57v207.77c0 25.69 15.38 43.88 34.38 40.93q44.73-6.52 89.6-11.57c17.66-2.09 32.49-18.81 34.34-38.88q4.86-52.95 9.73-105.04c.54-5.82 8.04-5.63 8.59.16q4.86 51.9 9.73 103.01c1.85 19.55 16.69 33.01 34.4 31.58q44.97-3.47 90.02-5.46a36.76 36.76 0 0 0 34.66-36.57V47.86a18.27 18.27 0 0 0-17.33-18.23q-30.32-1.15-60.63-2.97c-9.56-.59-17.31 7.13-17.31 17.32v112.25c0 5.52-7.5 6.48-8.57 1.06q-10.13-51.32-20.26-104c-3.38-17.49-17.5-31.07-33.85-32.59q-15.16-1.35-30.32-2.87c-16.34-1.7-30.42 10.04-33.79 28.63q-10.1 55.6-20.2 113.34c-1.06 6.1-8.52 5.4-8.52-.87Zm297.01-.38c-12.77-.2-23.11 7.4-23.12 17.07V223.6c0 9.69 10.35 17.28 23.12 17.08q41.4-.63 82.8 0c12.77.2 23.11-7.4 23.11-17.08V48.4c0-9.69-10.34-17.28-23.11-17.08q-41.4.62-82.8 0ZM520.7 47.87a18.28 18.28 0 0 1 17.33-18.23q64.98-2.47 129.85-8c9.55-.84 17.3 7.09 17.3 17.78v65.23c0 18.33-11.46 34.12-27.47 37.67q-27.56 6.23-55.16 12.04c-5.08 1.07-4.31 8.95.9 9.04q32.23.5 64.44 1.2c9.55.17 17.29 9 17.29 19.7v48.28c0 10.7-7.74 18.62-17.3 17.78q-64.84-5.53-129.84-8a18.27 18.27 0 0 1-17.33-18.23V164.9a35.26 35.26 0 0 1 27.86-34.62q29.6-6.15 59.18-12.68c5.12-1.14 4.38-9.15-.85-9.06q-34.42.55-68.86.87a17.3 17.3 0 0 1-17.33-17.48Zm181.75-9.81c0-10.8 7.74-20.32 17.28-21.34Q784.49 9.97 848.97.16c9.5-1.49 17.18 7.62 17.18 20.41v77.96c0 21.94-11.38 40.83-27.3 44.95q-27.4 7.28-54.87 13.76c-5.06 1.2-4.29 10.3.9 10.47q32.08 1.03 64.1 2.25c9.49.31 17.18 10.96 17.18 23.75v57.72c0 12.8-7.7 21.9-17.19 20.41q-64.46-9.8-129.24-16.56c-9.54-1.03-17.27-10.55-17.27-21.34v-65.82c0-18.61 11.63-34.66 27.77-38.57q29.49-7.02 58.92-14.88c5.1-1.37 4.36-10.67-.85-10.49q-34.25 1.11-68.57 2c-9.54.22-17.27-8.36-17.27-19.15Z\"/></svg>"),
+	Rules: []string{
+		"||getwizz.io^",
+		"||wizz.chat^",
+		"||wizzapp.com^",
+	},
 }, {
 	ID:      "xboxlive",
 	Name:    "Xbox Live",
@@ -2448,6 +2557,14 @@ var blockedServices = []blockedService{{
 		"||xboxlive.com^",
 		"||xboxservices.com^",
 	},
+}, {
+	ID:      "xiaohongshu",
+	Name:    "Xiaohongshu",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 50 50\"><path d=\"M35 22v2h1v-2h-1zm0 0v2h1v-2h-1zm9-18H6c-1.09 0-2 .91-2 2v38c0 1.09.91 2 2 2h38c1.09 0 2-.91 2-2V6c0-1.09-.91-2-2-2zM12 24c0 1.38-.19 5.89-2.61 6.24l-.28-1.98c.39-.19.89-2.14.89-4.26v-2h2v2zm3 6h-2V19h2v11zm2.29-.29c-1.2-1.2-1.29-4.73-1.29-5.78V22h2v1.93c0 1.91.34 3.99.71 4.36l-1.42 1.42zM22 31h-3l1-2h3l-1 2zm9 0h-7l1-2h2v-7h-2l-2.1 4.38h1.72l-1 2H21a1 1 0 0 1-.82-1.57L22 24h-2a1 1 0 0 1-.86-1.51l3-5 1.72 1.02L21.77 22H25v-2h6v2h-2v7h2v2zm9-2.5a2.5 2.5 0 0 1-2.5 2.5c-1.21 0-1.22-.86-1.45-2H38v-3h-3v5h-2v-5h-2v-2h2v-2h-1v-2h1v-1h2v1h1a2 2 0 0 1 2 2v2a2 2 0 0 1 2 2v2.5zm0-6.5h-1v-1c0-.55.45-1 1-1s1 .45 1 1-.45 1-1 1zm-5 2h1v-2h-1v2zm0-2v2h1v-2h-1z\"/></svg>"),
+	Rules: []string{
+		"||xhscdn.com^",
+		"||xiaohongshu.com^",
+	},
 }, {
 	ID:      "youtube",
 	Name:    "YouTube",

internal/home/auth.go

@@ -4,32 +4,17 @@ import (
 	"crypto/rand"
 	"encoding/binary"
 	"encoding/hex"
-	"encoding/json"
 	"fmt"
-	"net"
 	"net/http"
-	"path"
-	"strconv"
-	"strings"
 	"sync"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
 	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/httphdr"
 	"github.com/AdguardTeam/golibs/log"
-	"github.com/AdguardTeam/golibs/netutil"
-	"github.com/AdguardTeam/golibs/timeutil"
 	"go.etcd.io/bbolt"
 	"golang.org/x/crypto/bcrypt"
 )
 
-// cookieTTL is the time-to-live of the session cookie.
-const cookieTTL = 365 * timeutil.Day
-
-// sessionCookieName is the name of the session cookie.
-const sessionCookieName = "agh_session"
-
 // sessionTokenSize is the length of session token in bytes.
 const sessionTokenSize = 16
 
@@ -69,7 +54,7 @@ func (s *session) deserialize(data []byte) bool {
 // Auth - global object
 type Auth struct {
 	db          *bbolt.DB
-	raleLimiter *authRateLimiter
+	rateLimiter *authRateLimiter
 	sessions    map[string]*session
 	users       []webUser
 	lock        sync.Mutex
@@ -77,6 +62,8 @@ type Auth struct {
 }
 
 // webUser represents a user of the Web UI.
+//
+// TODO(s.chzhen):  Improve naming.
 type webUser struct {
 	Name         string `yaml:"name"`
 	PasswordHash string `yaml:"password"`
@@ -88,7 +75,7 @@ func InitAuth(dbFilename string, users []webUser, sessionTTL uint32, rateLimiter
 
 	a := &Auth{
 		sessionTTL:  sessionTTL,
-		raleLimiter: rateLimiter,
+		rateLimiter: rateLimiter,
 		sessions:    make(map[string]*session),
 		users:       users,
 	}
@@ -216,8 +203,8 @@ func (a *Auth) storeSession(data []byte, s *session) bool {
 	return true
 }
 
-// remove session from file
-func (a *Auth) removeSession(sess []byte) {
+// removeSessionFromFile removes a stored session from the DB file on disk.
+func (a *Auth) removeSessionFromFile(sess []byte) {
 	tx, err := a.db.Begin(true)
 	if err != nil {
 		log.Error("auth: bbolt.Begin: %s", err)
@@ -279,7 +266,7 @@ func (a *Auth) checkSession(sess string) (res checkSessionResult) {
 	if s.expire <= now {
 		delete(a.sessions, sess)
 		key, _ := hex.DecodeString(sess)
-		a.removeSession(key)
+		a.removeSessionFromFile(key)
 
 		return checkSessionExpired
 	}
@@ -301,351 +288,17 @@ func (a *Auth) checkSession(sess string) (res checkSessionResult) {
 	return checkSessionOK
 }
 
-// RemoveSession - remove session
-func (a *Auth) RemoveSession(sess string) {
+// removeSession removes the session from the active sessions and the disk.
+func (a *Auth) removeSession(sess string) {
 	key, _ := hex.DecodeString(sess)
 	a.lock.Lock()
 	delete(a.sessions, sess)
 	a.lock.Unlock()
-	a.removeSession(key)
+	a.removeSessionFromFile(key)
 }
 
-type loginJSON struct {
-	Name     string `json:"name"`
-	Password string `json:"password"`
-}
-
-// newSessionToken returns cryptographically secure randomly generated slice of
-// bytes of sessionTokenSize length.
-//
-// TODO(e.burkov): Think about using byte array instead of byte slice.
-func newSessionToken() (data []byte, err error) {
-	randData := make([]byte, sessionTokenSize)
-
-	_, err = rand.Read(randData)
-	if err != nil {
-		return nil, err
-	}
-
-	return randData, nil
-}
-
-// newCookie creates a new authentication cookie.
-func (a *Auth) newCookie(req loginJSON, addr string) (c *http.Cookie, err error) {
-	rateLimiter := a.raleLimiter
-	u, ok := a.findUser(req.Name, req.Password)
-	if !ok {
-		if rateLimiter != nil {
-			rateLimiter.inc(addr)
-		}
-
-		return nil, errors.Error("invalid username or password")
-	}
-
-	if rateLimiter != nil {
-		rateLimiter.remove(addr)
-	}
-
-	sess, err := newSessionToken()
-	if err != nil {
-		return nil, fmt.Errorf("generating token: %w", err)
-	}
-
-	now := time.Now().UTC()
-
-	a.addSession(sess, &session{
-		userName: u.Name,
-		expire:   uint32(now.Unix()) + a.sessionTTL,
-	})
-
-	return &http.Cookie{
-		Name:    sessionCookieName,
-		Value:   hex.EncodeToString(sess),
-		Path:    "/",
-		Expires: now.Add(cookieTTL),
-
-		HttpOnly: true,
-		SameSite: http.SameSiteLaxMode,
-	}, nil
-}
-
-// realIP extracts the real IP address of the client from an HTTP request using
-// the known HTTP headers.
-//
-// TODO(a.garipov): Currently, this is basically a copy of a similar function in
-// module dnsproxy.  This should really become a part of module golibs and be
-// replaced both here and there.  Or be replaced in both places by
-// a well-maintained third-party module.
-//
-// TODO(a.garipov): Support header Forwarded from RFC 7329.
-func realIP(r *http.Request) (ip net.IP, err error) {
-	proxyHeaders := []string{
-		httphdr.CFConnectingIP,
-		httphdr.TrueClientIP,
-		httphdr.XRealIP,
-	}
-
-	for _, h := range proxyHeaders {
-		v := r.Header.Get(h)
-		ip = net.ParseIP(v)
-		if ip != nil {
-			return ip, nil
-		}
-	}
-
-	// If none of the above yielded any results, get the leftmost IP address
-	// from the X-Forwarded-For header.
-	s := r.Header.Get(httphdr.XForwardedFor)
-	ipStrs := strings.SplitN(s, ", ", 2)
-	ip = net.ParseIP(ipStrs[0])
-	if ip != nil {
-		return ip, nil
-	}
-
-	// When everything else fails, just return the remote address as understood
-	// by the stdlib.
-	ipStr, err := netutil.SplitHost(r.RemoteAddr)
-	if err != nil {
-		return nil, fmt.Errorf("getting ip from client addr: %w", err)
-	}
-
-	return net.ParseIP(ipStr), nil
-}
-
-// writeErrorWithIP is like [aghhttp.Error], but includes the remote IP address
-// when it writes to the log.
-func writeErrorWithIP(
-	r *http.Request,
-	w http.ResponseWriter,
-	code int,
-	remoteIP string,
-	format string,
-	args ...any,
-) {
-	text := fmt.Sprintf(format, args...)
-	log.Error("%s %s %s: from ip %s: %s", r.Method, r.Host, r.URL, remoteIP, text)
-	http.Error(w, text, code)
-}
-
-func handleLogin(w http.ResponseWriter, r *http.Request) {
-	req := loginJSON{}
-	err := json.NewDecoder(r.Body).Decode(&req)
-	if err != nil {
-		aghhttp.Error(r, w, http.StatusBadRequest, "json decode: %s", err)
-
-		return
-	}
-
-	var remoteIP string
-	// realIP cannot be used here without taking TrustedProxies into account due
-	// to security issues.
-	//
-	// See https://github.com/AdguardTeam/AdGuardHome/issues/2799.
-	//
-	// TODO(e.burkov): Use realIP when the issue will be fixed.
-	if remoteIP, err = netutil.SplitHost(r.RemoteAddr); err != nil {
-		writeErrorWithIP(
-			r,
-			w,
-			http.StatusBadRequest,
-			r.RemoteAddr,
-			"auth: getting remote address: %s",
-			err,
-		)
-
-		return
-	}
-
-	if rateLimiter := Context.auth.raleLimiter; rateLimiter != nil {
-		if left := rateLimiter.check(remoteIP); left > 0 {
-			w.Header().Set(httphdr.RetryAfter, strconv.Itoa(int(left.Seconds())))
-			writeErrorWithIP(
-				r,
-				w,
-				http.StatusTooManyRequests,
-				remoteIP,
-				"auth: blocked for %s",
-				left,
-			)
-
-			return
-		}
-	}
-
-	cookie, err := Context.auth.newCookie(req, remoteIP)
-	if err != nil {
-		writeErrorWithIP(r, w, http.StatusForbidden, remoteIP, "%s", err)
-
-		return
-	}
-
-	// Use realIP here, since this IP address is only used for logging.
-	ip, err := realIP(r)
-	if err != nil {
-		log.Error("auth: getting real ip from request with remote ip %s: %s", remoteIP, err)
-	}
-
-	log.Info("auth: user %q successfully logged in from ip %v", req.Name, ip)
-
-	http.SetCookie(w, cookie)
-
-	h := w.Header()
-	h.Set(httphdr.CacheControl, "no-store, no-cache, must-revalidate, proxy-revalidate")
-	h.Set(httphdr.Pragma, "no-cache")
-	h.Set(httphdr.Expires, "0")
-
-	aghhttp.OK(w)
-}
-
-func handleLogout(w http.ResponseWriter, r *http.Request) {
-	respHdr := w.Header()
-	c, err := r.Cookie(sessionCookieName)
-	if err != nil {
-		// The only error that is returned from r.Cookie is [http.ErrNoCookie].
-		// The user is already logged out.
-		respHdr.Set(httphdr.Location, "/login.html")
-		w.WriteHeader(http.StatusFound)
-
-		return
-	}
-
-	Context.auth.RemoveSession(c.Value)
-
-	c = &http.Cookie{
-		Name:    sessionCookieName,
-		Value:   "",
-		Path:    "/",
-		Expires: time.Unix(0, 0),
-
-		HttpOnly: true,
-		SameSite: http.SameSiteLaxMode,
-	}
-
-	respHdr.Set(httphdr.Location, "/login.html")
-	respHdr.Set(httphdr.SetCookie, c.String())
-	w.WriteHeader(http.StatusFound)
-}
-
-// RegisterAuthHandlers - register handlers
-func RegisterAuthHandlers() {
-	Context.mux.Handle("/control/login", postInstallHandler(ensureHandler(http.MethodPost, handleLogin)))
-	httpRegister(http.MethodGet, "/control/logout", handleLogout)
-}
-
-// optionalAuthThird return true if user should authenticate first.
-func optionalAuthThird(w http.ResponseWriter, r *http.Request) (mustAuth bool) {
-	if glProcessCookie(r) {
-		log.Debug("auth: authentication is handled by GL-Inet submodule")
-
-		return false
-	}
-
-	// redirect to login page if not authenticated
-	isAuthenticated := false
-	cookie, err := r.Cookie(sessionCookieName)
-	if err != nil {
-		// The only error that is returned from r.Cookie is [http.ErrNoCookie].
-		// Check Basic authentication.
-		user, pass, hasBasic := r.BasicAuth()
-		if hasBasic {
-			_, isAuthenticated = Context.auth.findUser(user, pass)
-			if !isAuthenticated {
-				log.Info("auth: invalid Basic Authorization value")
-			}
-		}
-	} else {
-		res := Context.auth.checkSession(cookie.Value)
-		isAuthenticated = res == checkSessionOK
-		if !isAuthenticated {
-			log.Debug("auth: invalid cookie value: %s", cookie)
-		}
-	}
-
-	if isAuthenticated {
-		return false
-	}
-
-	if p := r.URL.Path; p == "/" || p == "/index.html" {
-		if glProcessRedirect(w, r) {
-			log.Debug("auth: redirected to login page by GL-Inet submodule")
-		} else {
-			log.Debug("auth: redirected to login page")
-			http.Redirect(w, r, "login.html", http.StatusFound)
-		}
-	} else {
-		log.Debug("auth: responded with forbidden to %s %s", r.Method, p)
-		w.WriteHeader(http.StatusForbidden)
-		_, _ = w.Write([]byte("Forbidden"))
-	}
-
-	return true
-}
-
-// TODO(a.garipov): Use [http.Handler] consistently everywhere throughout the
-// project.
-func optionalAuth(
-	h func(http.ResponseWriter, *http.Request),
-) (wrapped func(http.ResponseWriter, *http.Request)) {
-	return func(w http.ResponseWriter, r *http.Request) {
-		p := r.URL.Path
-		authRequired := Context.auth != nil && Context.auth.AuthRequired()
-		if p == "/login.html" {
-			cookie, err := r.Cookie(sessionCookieName)
-			if authRequired && err == nil {
-				// Redirect to the dashboard if already authenticated.
-				res := Context.auth.checkSession(cookie.Value)
-				if res == checkSessionOK {
-					http.Redirect(w, r, "", http.StatusFound)
-
-					return
-				}
-
-				log.Debug("auth: invalid cookie value: %s", cookie)
-			}
-		} else if isPublicResource(p) {
-			// Process as usual, no additional auth requirements.
-		} else if authRequired {
-			if optionalAuthThird(w, r) {
-				return
-			}
-		}
-
-		h(w, r)
-	}
-}
-
-// isPublicResource returns true if p is a path to a public resource.
-func isPublicResource(p string) (ok bool) {
-	isAsset, err := path.Match("/assets/*", p)
-	if err != nil {
-		// The only error that is returned from path.Match is
-		// [path.ErrBadPattern].  This is a programmer error.
-		panic(fmt.Errorf("bad asset pattern: %w", err))
-	}
-
-	isLogin, err := path.Match("/login.*", p)
-	if err != nil {
-		// Same as above.
-		panic(fmt.Errorf("bad login pattern: %w", err))
-	}
-
-	return isAsset || isLogin
-}
-
-type authHandler struct {
-	handler http.Handler
-}
-
-func (a *authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	optionalAuth(a.handler.ServeHTTP)(w, r)
-}
-
-func optionalAuthHandler(handler http.Handler) http.Handler {
-	return &authHandler{handler}
-}
-
-// Add adds a new user with the given password.
-func (a *Auth) Add(u *webUser, password string) (err error) {
+// addUser adds a new user with the given password.
+func (a *Auth) addUser(u *webUser, password string) (err error) {
 	if len(password) == 0 {
 		return errors.Error("empty password")
 	}
@@ -715,22 +368,40 @@ func (a *Auth) getCurrentUser(r *http.Request) (u webUser) {
 	return webUser{}
 }
 
-// GetUsers - get users
-func (a *Auth) GetUsers() []webUser {
+// usersList returns a copy of a users list.
+func (a *Auth) usersList() (users []webUser) {
 	a.lock.Lock()
-	users := a.users
-	a.lock.Unlock()
+	defer a.lock.Unlock()
+
+	users = make([]webUser, len(a.users))
+	copy(users, a.users)
+
 	return users
 }
 
-// AuthRequired - if authentication is required
-func (a *Auth) AuthRequired() bool {
+// authRequired returns true if a authentication is required.
+func (a *Auth) authRequired() bool {
 	if GLMode {
 		return true
 	}
 
 	a.lock.Lock()
-	r := (len(a.users) != 0)
-	a.lock.Unlock()
-	return r
+	defer a.lock.Unlock()
+
+	return len(a.users) != 0
+}
+
+// newSessionToken returns cryptographically secure randomly generated slice of
+// bytes of sessionTokenSize length.
+//
+// TODO(e.burkov): Think about using byte array instead of byte slice.
+func newSessionToken() (data []byte, err error) {
+	randData := make([]byte, sessionTokenSize)
+
+	_, err = rand.Read(randData)
+	if err != nil {
+		return nil, err
+	}
+
+	return randData, nil
 }

internal/home/auth_internal_test.go

@@ -0,0 +1,89 @@
+package home
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/hex"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewSessionToken(t *testing.T) {
+	// Successful case.
+	token, err := newSessionToken()
+	require.NoError(t, err)
+	assert.Len(t, token, sessionTokenSize)
+
+	// Break the rand.Reader.
+	prevReader := rand.Reader
+	t.Cleanup(func() { rand.Reader = prevReader })
+	rand.Reader = &bytes.Buffer{}
+
+	// Unsuccessful case.
+	token, err = newSessionToken()
+	require.Error(t, err)
+	assert.Empty(t, token)
+}
+
+func TestAuth(t *testing.T) {
+	dir := t.TempDir()
+	fn := filepath.Join(dir, "sessions.db")
+
+	users := []webUser{{
+		Name:         "name",
+		PasswordHash: "$2y$05$..vyzAECIhJPfaQiOK17IukcQnqEgKJHy0iETyYqxn3YXJl8yZuo2",
+	}}
+	a := InitAuth(fn, nil, 60, nil)
+	s := session{}
+
+	user := webUser{Name: "name"}
+	err := a.addUser(&user, "password")
+	require.NoError(t, err)
+
+	assert.Equal(t, checkSessionNotFound, a.checkSession("notfound"))
+	a.removeSession("notfound")
+
+	sess, err := newSessionToken()
+	require.NoError(t, err)
+	sessStr := hex.EncodeToString(sess)
+
+	now := time.Now().UTC().Unix()
+	// check expiration
+	s.expire = uint32(now)
+	a.addSession(sess, &s)
+	assert.Equal(t, checkSessionExpired, a.checkSession(sessStr))
+
+	// add session with TTL = 2 sec
+	s = session{}
+	s.expire = uint32(time.Now().UTC().Unix() + 2)
+	a.addSession(sess, &s)
+	assert.Equal(t, checkSessionOK, a.checkSession(sessStr))
+
+	a.Close()
+
+	// load saved session
+	a = InitAuth(fn, users, 60, nil)
+
+	// the session is still alive
+	assert.Equal(t, checkSessionOK, a.checkSession(sessStr))
+	// reset our expiration time because checkSession() has just updated it
+	s.expire = uint32(time.Now().UTC().Unix() + 2)
+	a.storeSession(sess, &s)
+	a.Close()
+
+	u, ok := a.findUser("name", "password")
+	assert.True(t, ok)
+	assert.NotEmpty(t, u.Name)
+
+	time.Sleep(3 * time.Second)
+
+	// load and remove expired sessions
+	a = InitAuth(fn, users, 60, nil)
+	assert.Equal(t, checkSessionNotFound, a.checkSession(sessStr))
+
+	a.Close()
+}

internal/home/authhttp.go

@@ -0,0 +1,352 @@
+package home
+
+import (
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"net"
+	"net/http"
+	"path"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
+	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/httphdr"
+	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
+	"github.com/AdguardTeam/golibs/timeutil"
+)
+
+// cookieTTL is the time-to-live of the session cookie.
+const cookieTTL = 365 * timeutil.Day
+
+// sessionCookieName is the name of the session cookie.
+const sessionCookieName = "agh_session"
+
+// loginJSON is the JSON structure for authentication.
+type loginJSON struct {
+	Name     string `json:"name"`
+	Password string `json:"password"`
+}
+
+// newCookie creates a new authentication cookie.
+func (a *Auth) newCookie(req loginJSON, addr string) (c *http.Cookie, err error) {
+	rateLimiter := a.rateLimiter
+	u, ok := a.findUser(req.Name, req.Password)
+	if !ok {
+		if rateLimiter != nil {
+			rateLimiter.inc(addr)
+		}
+
+		return nil, errors.Error("invalid username or password")
+	}
+
+	if rateLimiter != nil {
+		rateLimiter.remove(addr)
+	}
+
+	sess, err := newSessionToken()
+	if err != nil {
+		return nil, fmt.Errorf("generating token: %w", err)
+	}
+
+	now := time.Now().UTC()
+
+	a.addSession(sess, &session{
+		userName: u.Name,
+		expire:   uint32(now.Unix()) + a.sessionTTL,
+	})
+
+	return &http.Cookie{
+		Name:     sessionCookieName,
+		Value:    hex.EncodeToString(sess),
+		Path:     "/",
+		Expires:  now.Add(cookieTTL),
+		HttpOnly: true,
+		SameSite: http.SameSiteLaxMode,
+	}, nil
+}
+
+// realIP extracts the real IP address of the client from an HTTP request using
+// the known HTTP headers.
+//
+// TODO(a.garipov): Currently, this is basically a copy of a similar function in
+// module dnsproxy.  This should really become a part of module golibs and be
+// replaced both here and there.  Or be replaced in both places by
+// a well-maintained third-party module.
+//
+// TODO(a.garipov): Support header Forwarded from RFC 7329.
+func realIP(r *http.Request) (ip net.IP, err error) {
+	proxyHeaders := []string{
+		httphdr.CFConnectingIP,
+		httphdr.TrueClientIP,
+		httphdr.XRealIP,
+	}
+
+	for _, h := range proxyHeaders {
+		v := r.Header.Get(h)
+		ip = net.ParseIP(v)
+		if ip != nil {
+			return ip, nil
+		}
+	}
+
+	// If none of the above yielded any results, get the leftmost IP address
+	// from the X-Forwarded-For header.
+	s := r.Header.Get(httphdr.XForwardedFor)
+	ipStrs := strings.SplitN(s, ", ", 2)
+	ip = net.ParseIP(ipStrs[0])
+	if ip != nil {
+		return ip, nil
+	}
+
+	// When everything else fails, just return the remote address as understood
+	// by the stdlib.
+	ipStr, err := netutil.SplitHost(r.RemoteAddr)
+	if err != nil {
+		return nil, fmt.Errorf("getting ip from client addr: %w", err)
+	}
+
+	return net.ParseIP(ipStr), nil
+}
+
+// writeErrorWithIP is like [aghhttp.Error], but includes the remote IP address
+// when it writes to the log.
+func writeErrorWithIP(
+	r *http.Request,
+	w http.ResponseWriter,
+	code int,
+	remoteIP string,
+	format string,
+	args ...any,
+) {
+	text := fmt.Sprintf(format, args...)
+	log.Error("%s %s %s: from ip %s: %s", r.Method, r.Host, r.URL, remoteIP, text)
+	http.Error(w, text, code)
+}
+
+// handleLogin is the handler for the POST /control/login HTTP API.
+func handleLogin(w http.ResponseWriter, r *http.Request) {
+	req := loginJSON{}
+	err := json.NewDecoder(r.Body).Decode(&req)
+	if err != nil {
+		aghhttp.Error(r, w, http.StatusBadRequest, "json decode: %s", err)
+
+		return
+	}
+
+	var remoteIP string
+	// realIP cannot be used here without taking TrustedProxies into account due
+	// to security issues.
+	//
+	// See https://github.com/AdguardTeam/AdGuardHome/issues/2799.
+	//
+	// TODO(e.burkov): Use realIP when the issue will be fixed.
+	if remoteIP, err = netutil.SplitHost(r.RemoteAddr); err != nil {
+		writeErrorWithIP(
+			r,
+			w,
+			http.StatusBadRequest,
+			r.RemoteAddr,
+			"auth: getting remote address: %s",
+			err,
+		)
+
+		return
+	}
+
+	if rateLimiter := Context.auth.rateLimiter; rateLimiter != nil {
+		if left := rateLimiter.check(remoteIP); left > 0 {
+			w.Header().Set(httphdr.RetryAfter, strconv.Itoa(int(left.Seconds())))
+			writeErrorWithIP(
+				r,
+				w,
+				http.StatusTooManyRequests,
+				remoteIP,
+				"auth: blocked for %s",
+				left,
+			)
+
+			return
+		}
+	}
+
+	cookie, err := Context.auth.newCookie(req, remoteIP)
+	if err != nil {
+		writeErrorWithIP(r, w, http.StatusForbidden, remoteIP, "%s", err)
+
+		return
+	}
+
+	// Use realIP here, since this IP address is only used for logging.
+	ip, err := realIP(r)
+	if err != nil {
+		log.Error("auth: getting real ip from request with remote ip %s: %s", remoteIP, err)
+	}
+
+	log.Info("auth: user %q successfully logged in from ip %v", req.Name, ip)
+
+	http.SetCookie(w, cookie)
+
+	h := w.Header()
+	h.Set(httphdr.CacheControl, "no-store, no-cache, must-revalidate, proxy-revalidate")
+	h.Set(httphdr.Pragma, "no-cache")
+	h.Set(httphdr.Expires, "0")
+
+	aghhttp.OK(w)
+}
+
+// handleLogout is the handler for the GET /control/logout HTTP API.
+func handleLogout(w http.ResponseWriter, r *http.Request) {
+	respHdr := w.Header()
+	c, err := r.Cookie(sessionCookieName)
+	if err != nil {
+		// The only error that is returned from r.Cookie is [http.ErrNoCookie].
+		// The user is already logged out.
+		respHdr.Set(httphdr.Location, "/login.html")
+		w.WriteHeader(http.StatusFound)
+
+		return
+	}
+
+	Context.auth.removeSession(c.Value)
+
+	c = &http.Cookie{
+		Name:    sessionCookieName,
+		Value:   "",
+		Path:    "/",
+		Expires: time.Unix(0, 0),
+
+		HttpOnly: true,
+		SameSite: http.SameSiteLaxMode,
+	}
+
+	respHdr.Set(httphdr.Location, "/login.html")
+	respHdr.Set(httphdr.SetCookie, c.String())
+	w.WriteHeader(http.StatusFound)
+}
+
+// RegisterAuthHandlers - register handlers
+func RegisterAuthHandlers() {
+	Context.mux.Handle("/control/login", postInstallHandler(ensureHandler(http.MethodPost, handleLogin)))
+	httpRegister(http.MethodGet, "/control/logout", handleLogout)
+}
+
+// optionalAuthThird returns true if a user should authenticate first.
+func optionalAuthThird(w http.ResponseWriter, r *http.Request) (mustAuth bool) {
+	pref := fmt.Sprintf("auth: raddr %s", r.RemoteAddr)
+
+	if glProcessCookie(r) {
+		log.Debug("%s: authentication is handled by gl-inet submodule", pref)
+
+		return false
+	}
+
+	// redirect to login page if not authenticated
+	isAuthenticated := false
+	cookie, err := r.Cookie(sessionCookieName)
+	if err != nil {
+		// The only error that is returned from r.Cookie is [http.ErrNoCookie].
+		// Check Basic authentication.
+		user, pass, hasBasic := r.BasicAuth()
+		if hasBasic {
+			_, isAuthenticated = Context.auth.findUser(user, pass)
+			if !isAuthenticated {
+				log.Info("%s: invalid basic authorization value", pref)
+			}
+		}
+	} else {
+		res := Context.auth.checkSession(cookie.Value)
+		isAuthenticated = res == checkSessionOK
+		if !isAuthenticated {
+			log.Debug("%s: invalid cookie value: %q", pref, cookie)
+		}
+	}
+
+	if isAuthenticated {
+		return false
+	}
+
+	if p := r.URL.Path; p == "/" || p == "/index.html" {
+		if glProcessRedirect(w, r) {
+			log.Debug("%s: redirected to login page by gl-inet submodule", pref)
+		} else {
+			log.Debug("%s: redirected to login page", pref)
+			http.Redirect(w, r, "login.html", http.StatusFound)
+		}
+	} else {
+		log.Debug("%s: responded with forbidden to %s %s", pref, r.Method, p)
+		w.WriteHeader(http.StatusForbidden)
+		_, _ = w.Write([]byte("Forbidden"))
+	}
+
+	return true
+}
+
+// TODO(a.garipov): Use [http.Handler] consistently everywhere throughout the
+// project.
+func optionalAuth(
+	h func(http.ResponseWriter, *http.Request),
+) (wrapped func(http.ResponseWriter, *http.Request)) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		p := r.URL.Path
+		authRequired := Context.auth != nil && Context.auth.authRequired()
+		if p == "/login.html" {
+			cookie, err := r.Cookie(sessionCookieName)
+			if authRequired && err == nil {
+				// Redirect to the dashboard if already authenticated.
+				res := Context.auth.checkSession(cookie.Value)
+				if res == checkSessionOK {
+					http.Redirect(w, r, "", http.StatusFound)
+
+					return
+				}
+
+				log.Debug("auth: raddr %s: invalid cookie value: %q", r.RemoteAddr, cookie)
+			}
+		} else if isPublicResource(p) {
+			// Process as usual, no additional auth requirements.
+		} else if authRequired {
+			if optionalAuthThird(w, r) {
+				return
+			}
+		}
+
+		h(w, r)
+	}
+}
+
+// isPublicResource returns true if p is a path to a public resource.
+func isPublicResource(p string) (ok bool) {
+	isAsset, err := path.Match("/assets/*", p)
+	if err != nil {
+		// The only error that is returned from path.Match is
+		// [path.ErrBadPattern].  This is a programmer error.
+		panic(fmt.Errorf("bad asset pattern: %w", err))
+	}
+
+	isLogin, err := path.Match("/login.*", p)
+	if err != nil {
+		// Same as above.
+		panic(fmt.Errorf("bad login pattern: %w", err))
+	}
+
+	return isAsset || isLogin
+}
+
+// authHandler is a helper structure that implements [http.Handler].
+type authHandler struct {
+	handler http.Handler
+}
+
+// ServeHTTP implements the [http.Handler] interface for *authHandler.
+func (a *authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	optionalAuth(a.handler.ServeHTTP)(w, r)
+}
+
+// optionalAuthHandler returns a authentication handler.
+func optionalAuthHandler(handler http.Handler) http.Handler {
+	return &authHandler{handler}
+}

internal/home/authhttp_internal_test.go

@@ -1,16 +1,12 @@
 package home
 
 import (
-	"bytes"
-	"crypto/rand"
-	"encoding/hex"
 	"net"
 	"net/http"
 	"net/textproto"
 	"net/url"
 	"path/filepath"
 	"testing"
-	"time"
 
 	"github.com/AdguardTeam/golibs/httphdr"
 	"github.com/AdguardTeam/golibs/testutil"
@@ -18,82 +14,6 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestNewSessionToken(t *testing.T) {
-	// Successful case.
-	token, err := newSessionToken()
-	require.NoError(t, err)
-	assert.Len(t, token, sessionTokenSize)
-
-	// Break the rand.Reader.
-	prevReader := rand.Reader
-	t.Cleanup(func() { rand.Reader = prevReader })
-	rand.Reader = &bytes.Buffer{}
-
-	// Unsuccessful case.
-	token, err = newSessionToken()
-	require.Error(t, err)
-	assert.Empty(t, token)
-}
-
-func TestAuth(t *testing.T) {
-	dir := t.TempDir()
-	fn := filepath.Join(dir, "sessions.db")
-
-	users := []webUser{{
-		Name:         "name",
-		PasswordHash: "$2y$05$..vyzAECIhJPfaQiOK17IukcQnqEgKJHy0iETyYqxn3YXJl8yZuo2",
-	}}
-	a := InitAuth(fn, nil, 60, nil)
-	s := session{}
-
-	user := webUser{Name: "name"}
-	err := a.Add(&user, "password")
-	require.NoError(t, err)
-
-	assert.Equal(t, checkSessionNotFound, a.checkSession("notfound"))
-	a.RemoveSession("notfound")
-
-	sess, err := newSessionToken()
-	require.NoError(t, err)
-	sessStr := hex.EncodeToString(sess)
-
-	now := time.Now().UTC().Unix()
-	// check expiration
-	s.expire = uint32(now)
-	a.addSession(sess, &s)
-	assert.Equal(t, checkSessionExpired, a.checkSession(sessStr))
-
-	// add session with TTL = 2 sec
-	s = session{}
-	s.expire = uint32(time.Now().UTC().Unix() + 2)
-	a.addSession(sess, &s)
-	assert.Equal(t, checkSessionOK, a.checkSession(sessStr))
-
-	a.Close()
-
-	// load saved session
-	a = InitAuth(fn, users, 60, nil)
-
-	// the session is still alive
-	assert.Equal(t, checkSessionOK, a.checkSession(sessStr))
-	// reset our expiration time because checkSession() has just updated it
-	s.expire = uint32(time.Now().UTC().Unix() + 2)
-	a.storeSession(sess, &s)
-	a.Close()
-
-	u, ok := a.findUser("name", "password")
-	assert.True(t, ok)
-	assert.NotEmpty(t, u.Name)
-
-	time.Sleep(3 * time.Second)
-
-	// load and remove expired sessions
-	a = InitAuth(fn, users, 60, nil)
-	assert.Equal(t, checkSessionNotFound, a.checkSession(sessStr))
-
-	a.Close()
-}
-
 // implements http.ResponseWriter
 type testResponseWriter struct {
 	hdr        http.Header

internal/home/config.go

@@ -306,10 +306,12 @@ var config = &configuration{
 		BindHosts: []netip.Addr{netip.IPv4Unspecified()},
 		Port:      defaultPortDNS,
 		Config: dnsforward.Config{
-			Ratelimit:  20,
-			RefuseAny:  true,
-			AllServers: false,
-			HandleDDR:  true,
+			Ratelimit:              20,
+			RatelimitSubnetLenIPv4: 24,
+			RatelimitSubnetLenIPv6: 56,
+			RefuseAny:              true,
+			AllServers:             false,
+			HandleDDR:              true,
 			FastestTimeout: timeutil.Duration{
 				Duration: fastip.DefaultPingWaitTimeout,
 			},
@@ -587,7 +589,7 @@ func (c *configuration) write() (err error) {
 	defer c.Unlock()
 
 	if Context.auth != nil {
-		config.Users = Context.auth.GetUsers()
+		config.Users = Context.auth.usersList()
 	}
 
 	if Context.tls != nil {

internal/home/controlinstall.go

@@ -420,7 +420,7 @@ func (web *webAPI) handleInstallConfigure(w http.ResponseWriter, r *http.Request
 	u := &webUser{
 		Name: req.Username,
 	}
-	err = Context.auth.Add(u, req.Password)
+	err = Context.auth.addUser(u, req.Password)
 	if err != nil {
 		Context.firstRun = true
 		copyInstallSettings(config, curConfig)

internal/ipset/ipset_linux.go

@@ -3,6 +3,7 @@
 package ipset
 
 import (
+	"bytes"
 	"fmt"
 	"net"
 	"strings"
@@ -38,19 +39,69 @@ func newManager(ipsetConf []string) (set Manager, err error) {
 
 // defaultDial is the default netfilter dialing function.
 func defaultDial(pf netfilter.ProtoFamily, conf *netlink.Config) (conn ipsetConn, err error) {
-	conn, err = ipset.Dial(pf, conf)
+	c, err := ipset.Dial(pf, conf)
 	if err != nil {
 		return nil, err
 	}
 
-	return conn, nil
+	return &queryConn{c}, nil
+}
+
+// queryConn is the [ipsetConn] implementation with listAll method, which
+// returns the list of properties of all available ipsets.
+type queryConn struct {
+	*ipset.Conn
+}
+
+// type check
+var _ ipsetConn = (*queryConn)(nil)
+
+// listAll returns the list of properties of all available ipsets.
+//
+// TODO(s.chzhen):  Use https://github.com/vishvananda/netlink.
+func (qc *queryConn) listAll() (sets []props, err error) {
+	msg, err := netfilter.MarshalNetlink(
+		netfilter.Header{
+			// The family doesn't seem to matter.  See TODO on parseIpsetConfig.
+			Family:      qc.Conn.Family,
+			SubsystemID: netfilter.NFSubsysIPSet,
+			MessageType: netfilter.MessageType(ipset.CmdList),
+			Flags:       netlink.Request | netlink.Dump,
+		},
+		[]netfilter.Attribute{{
+			Type: uint16(ipset.AttrProtocol),
+			Data: []byte{ipset.Protocol},
+		}},
+	)
+	if err != nil {
+		return nil, fmt.Errorf("marshaling netlink msg: %w", err)
+	}
+
+	// We assume it's OK to call a method of an unexported type
+	// [ipset.connector], since there is no negative effects.
+	ms, err := qc.Conn.Conn.Query(msg)
+	if err != nil {
+		return nil, fmt.Errorf("querying netlink msg: %w", err)
+	}
+
+	for i, s := range ms {
+		p := props{}
+		err = p.unmarshalMessage(s)
+		if err != nil {
+			return nil, fmt.Errorf("unmarshaling netlink msg at index %d: %w", i, err)
+		}
+
+		sets = append(sets, p)
+	}
+
+	return sets, nil
 }
 
 // ipsetConn is the ipset conn interface.
 type ipsetConn interface {
 	Add(name string, entries ...*ipset.Entry) (err error)
 	Close() (err error)
-	Header(name string) (p *ipset.HeaderPolicy, err error)
+	listAll() (sets []props, err error)
 }
 
 // dialer creates an ipsetConn.
@@ -58,8 +109,75 @@ type dialer func(pf netfilter.ProtoFamily, conf *netlink.Config) (conn ipsetConn
 
 // props contains one Linux Netfilter ipset properties.
 type props struct {
-	name   string
+	// name of the ipset.
+	name string
+
+	// family of the IP addresses in the ipset.
 	family netfilter.ProtoFamily
+
+	// isPersistent indicates that ipset has no timeout parameter and all
+	// entries are added permanently.
+	isPersistent bool
+}
+
+// unmarshalMessage unmarshals netlink message and sets the properties of the
+// ipset.
+func (p *props) unmarshalMessage(msg netlink.Message) (err error) {
+	_, attrs, err := netfilter.UnmarshalNetlink(msg)
+	if err != nil {
+		// Don't wrap the error since it's informative enough as is.
+		return err
+	}
+
+	// By default ipset has no timeout parameter.
+	p.isPersistent = true
+
+	for _, a := range attrs {
+		p.parseAttribute(a)
+	}
+
+	return nil
+}
+
+// parseAttribute parses netfilter attribute and sets the name and family of
+// the ipset.
+func (p *props) parseAttribute(a netfilter.Attribute) {
+	switch ipset.AttributeType(a.Type) {
+	case ipset.AttrData:
+		p.parseAttrData(a)
+	case ipset.AttrSetName:
+		// Trim the null character.
+		p.name = string(bytes.Trim(a.Data, "\x00"))
+	case ipset.AttrFamily:
+		p.family = netfilter.ProtoFamily(a.Data[0])
+	default:
+		// Go on.
+	}
+}
+
+// parseAttrData parses attribute data and sets the timeout of the ipset.
+func (p *props) parseAttrData(a netfilter.Attribute) {
+	for _, a := range a.Children {
+		switch ipset.AttributeType(a.Type) {
+		case ipset.AttrTimeout:
+			timeout := a.Uint32()
+			p.isPersistent = timeout == 0
+		default:
+			// Go on.
+		}
+	}
+}
+
+// unit is a convenient alias for struct{}.
+type unit = struct{}
+
+// ipsInIpset is the type of a set of IP-address-to-ipset mappings.
+type ipsInIpset map[ipInIpsetEntry]unit
+
+// ipInIpsetEntry is the type for entries in an ipsInIpset set.
+type ipInIpsetEntry struct {
+	ipsetName string
+	ipArr     [net.IPv6len]byte
 }
 
 // manager is the Linux Netfilter ipset manager.
@@ -72,6 +190,13 @@ type manager struct {
 	// mu protects all properties below.
 	mu *sync.Mutex
 
+	// TODO(a.garipov): Currently, the ipset list is static, and we don't
+	// read the IPs already in sets, so we can assume that all incoming IPs
+	// are either added to all corresponding ipsets or not.  When that stops
+	// being the case, for example if we add dynamic reconfiguration of
+	// ipsets, this map will need to become a per-ipset-name one.
+	addedIPs ipsInIpset
+
 	ipv4Conn ipsetConn
 	ipv6Conn ipsetConn
 }
@@ -96,8 +221,8 @@ func (m *manager) dialNetfilter(conf *netlink.Config) (err error) {
 	return nil
 }
 
-// parseIpsetConfig parses one ipset configuration string.
-func parseIpsetConfig(confStr string) (hosts, ipsetNames []string, err error) {
+// parseIpsetConfigLine parses one ipset configuration line.
+func parseIpsetConfigLine(confStr string) (hosts, ipsetNames []string, err error) {
 	confStr = strings.TrimSpace(confStr)
 	hostsAndNames := strings.Split(confStr, "/")
 	if len(hostsAndNames) != 2 {
@@ -125,50 +250,53 @@ func parseIpsetConfig(confStr string) (hosts, ipsetNames []string, err error) {
 	return hosts, ipsetNames, nil
 }
 
-// ipsetProps returns the properties of an ipset with the given name.
-func (m *manager) ipsetProps(name string) (set props, err error) {
-	// The family doesn't seem to matter when we use a header query, so
-	// query only the IPv4 one.
+// parseIpsetConfig parses the ipset configuration and stores ipsets.  It
+// returns an error if the configuration can't be used.
+func (m *manager) parseIpsetConfig(ipsetConf []string) (err error) {
+	// The family doesn't seem to matter when we use a header query, so query
+	// only the IPv4 one.
 	//
 	// TODO(a.garipov): Find out if this is a bug or a feature.
-	var res *ipset.HeaderPolicy
-	res, err = m.ipv4Conn.Header(name)
+	all, err := m.ipv4Conn.listAll()
 	if err != nil {
-		return set, err
+		// Don't wrap the error since it's informative enough as is.
+		return err
 	}
 
-	if res == nil || res.Family == nil {
-		return set, errors.Error("empty response or no family data")
+	for _, p := range all {
+		m.nameToIpset[p.name] = p
 	}
 
-	family := netfilter.ProtoFamily(res.Family.Value)
-	if family != netfilter.ProtoIPv4 && family != netfilter.ProtoIPv6 {
-		return set, fmt.Errorf("unexpected ipset family %d", family)
+	for i, confStr := range ipsetConf {
+		var hosts, ipsetNames []string
+		hosts, ipsetNames, err = parseIpsetConfigLine(confStr)
+		if err != nil {
+			return fmt.Errorf("config line at idx %d: %w", i, err)
+		}
+
+		var ipsets []props
+		ipsets, err = m.ipsets(ipsetNames)
+		if err != nil {
+			return fmt.Errorf("getting ipsets from config line at idx %d: %w", i, err)
+		}
+
+		for _, host := range hosts {
+			m.domainToIpsets[host] = append(m.domainToIpsets[host], ipsets...)
+		}
 	}
 
-	return props{
-		name:   name,
-		family: family,
-	}, nil
+	return nil
 }
 
 // ipsets returns currently known ipsets.
 func (m *manager) ipsets(names []string) (sets []props, err error) {
-	for _, name := range names {
-		set, ok := m.nameToIpset[name]
-		if ok {
-			sets = append(sets, set)
-
-			continue
+	for _, n := range names {
+		p, ok := m.nameToIpset[n]
+		if !ok {
+			return nil, fmt.Errorf("unknown ipset %q", n)
 		}
 
-		set, err = m.ipsetProps(name)
-		if err != nil {
-			return nil, fmt.Errorf("querying ipset %q: %w", name, err)
-		}
-
-		m.nameToIpset[name] = set
-		sets = append(sets, set)
+		sets = append(sets, p)
 	}
 
 	return sets, nil
@@ -186,6 +314,8 @@ func newManagerWithDialer(ipsetConf []string, dial dialer) (mgr Manager, err err
 		domainToIpsets: make(map[string][]props),
 
 		dial: dial,
+
+		addedIPs: make(ipsInIpset),
 	}
 
 	err = m.dialNetfilter(&netlink.Config{})
@@ -201,26 +331,9 @@ func newManagerWithDialer(ipsetConf []string, dial dialer) (mgr Manager, err err
 		return nil, fmt.Errorf("dialing netfilter: %w", err)
 	}
 
-	for i, confStr := range ipsetConf {
-		var hosts, ipsetNames []string
-		hosts, ipsetNames, err = parseIpsetConfig(confStr)
-		if err != nil {
-			return nil, fmt.Errorf("config line at idx %d: %w", i, err)
-		}
-
-		var ipsets []props
-		ipsets, err = m.ipsets(ipsetNames)
-		if err != nil {
-			return nil, fmt.Errorf(
-				"getting ipsets from config line at idx %d: %w",
-				i,
-				err,
-			)
-		}
-
-		for _, host := range hosts {
-			m.domainToIpsets[host] = append(m.domainToIpsets[host], ipsets...)
-		}
+	err = m.parseIpsetConfig(ipsetConf)
+	if err != nil {
+		return nil, fmt.Errorf("getting ipsets: %w", err)
 	}
 
 	return m, nil
@@ -259,8 +372,19 @@ func (m *manager) addIPs(host string, set props, ips []net.IP) (n int, err error
 	}
 
 	var entries []*ipset.Entry
+	var newAddedEntries []ipInIpsetEntry
 	for _, ip := range ips {
+		e := ipInIpsetEntry{
+			ipsetName: set.name,
+		}
+		copy(e.ipArr[:], ip.To16())
+
+		if _, added := m.addedIPs[e]; added {
+			continue
+		}
+
 		entries = append(entries, ipset.NewEntry(ipset.EntryIP(ip)))
+		newAddedEntries = append(newAddedEntries, e)
 	}
 
 	n = len(entries)
@@ -283,6 +407,15 @@ func (m *manager) addIPs(host string, set props, ips []net.IP) (n int, err error
 		return 0, fmt.Errorf("adding %q%s to ipset %q: %w", host, ips, set.name, err)
 	}
 
+	// Only add these to the cache once we're sure that all of them were
+	// actually sent to the ipset.
+	for _, e := range newAddedEntries {
+		s := m.nameToIpset[e.ipsetName]
+		if s.isPersistent {
+			m.addedIPs[e] = unit{}
+		}
+	}
+
 	return n, nil
 }
 

internal/ipset/ipset_linux_internal_test.go

@@ -21,8 +21,12 @@ type fakeConn struct {
 	ipv4Entries *[]*ipset.Entry
 	ipv6Header  *ipset.HeaderPolicy
 	ipv6Entries *[]*ipset.Entry
+	sets        []props
 }
 
+// type check
+var _ ipsetConn = (*fakeConn)(nil)
+
 // Add implements the [ipsetConn] interface for *fakeConn.
 func (c *fakeConn) Add(name string, entries ...*ipset.Entry) (err error) {
 	if strings.Contains(name, "ipv4") {
@@ -43,15 +47,9 @@ func (c *fakeConn) Close() (err error) {
 	return nil
 }
 
-// Header implements the [ipsetConn] interface for *fakeConn.
-func (c *fakeConn) Header(name string) (p *ipset.HeaderPolicy, err error) {
-	if strings.Contains(name, "ipv4") {
-		return c.ipv4Header, nil
-	} else if strings.Contains(name, "ipv6") {
-		return c.ipv6Header, nil
-	}
-
-	return nil, errors.Error("test: ipset not found")
+// listAll implements the [ipsetConn] interface for *fakeConn.
+func (c *fakeConn) listAll() (sets []props, err error) {
+	return c.sets, nil
 }
 
 func TestManager_Add(t *testing.T) {
@@ -76,6 +74,13 @@ func TestManager_Add(t *testing.T) {
 				Family: ipset.NewUInt8Box(uint8(netfilter.ProtoIPv6)),
 			},
 			ipv6Entries: &ipv6Entries,
+			sets: []props{{
+				name:   "ipv4set",
+				family: netfilter.ProtoIPv4,
+			}, {
+				name:   "ipv6set",
+				family: netfilter.ProtoIPv6,
+			}},
 		}, nil
 	}
 

internal/querylog/qlog.go

@@ -139,7 +139,7 @@ func (l *queryLog) clear() {
 		l.bufferLock.Lock()
 		defer l.bufferLock.Unlock()
 
-		l.buffer = nil
+		l.buffer.Clear()
 		l.flushPending = false
 	}()
 

internal/stats/stats_internal_test.go

@@ -33,10 +33,10 @@ func TestStats_races(t *testing.T) {
 
 	writeFunc := func(start, fin *sync.WaitGroup, waitCh <-chan unit, i int) {
 		e := &Entry{
-			Domain: fmt.Sprintf("example-%d.org", i),
-			Client: fmt.Sprintf("client_%d", i),
-			Result: Result(i)%(resultLast-1) + 1,
-			Time:   time.Since(startTime),
+			Domain:         fmt.Sprintf("example-%d.org", i),
+			Client:         fmt.Sprintf("client_%d", i),
+			Result:         Result(i)%(resultLast-1) + 1,
+			ProcessingTime: time.Since(startTime),
 		}
 
 		start.Done()

internal/stats/stats_test.go

@@ -76,17 +76,19 @@ func TestStats(t *testing.T) {
 		const respUpstream = "upstream"
 
 		entries := []*stats.Entry{{
-			Domain:   reqDomain,
-			Client:   cliIPStr,
-			Result:   stats.RFiltered,
-			Time:     time.Microsecond * 123456,
-			Upstream: respUpstream,
+			Domain:         reqDomain,
+			Client:         cliIPStr,
+			Result:         stats.RFiltered,
+			ProcessingTime: time.Microsecond * 123456,
+			Upstream:       respUpstream,
+			UpstreamTime:   time.Microsecond * 222222,
 		}, {
-			Domain:   reqDomain,
-			Client:   cliIPStr,
-			Result:   stats.RNotFiltered,
-			Time:     time.Microsecond * 123456,
-			Upstream: respUpstream,
+			Domain:         reqDomain,
+			Client:         cliIPStr,
+			Result:         stats.RNotFiltered,
+			ProcessingTime: time.Microsecond * 123456,
+			Upstream:       respUpstream,
+			UpstreamTime:   time.Microsecond * 222222,
 		}}
 
 		wantData := &stats.StatsResp{
@@ -95,7 +97,7 @@ func TestStats(t *testing.T) {
 			TopClients:            []map[string]uint64{0: {cliIPStr: 2}},
 			TopBlocked:            []map[string]uint64{0: {reqDomain: 1}},
 			TopUpstreamsResponses: []map[string]uint64{0: {respUpstream: 2}},
-			TopUpstreamsAvgTime:   []map[string]float64{0: {respUpstream: 0.123456}},
+			TopUpstreamsAvgTime:   []map[string]float64{0: {respUpstream: 0.222222}},
 			DNSQueries: []uint64{
 				0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 				0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2,
@@ -196,10 +198,10 @@ func TestLargeNumbers(t *testing.T) {
 		for i := 0; i < cliNumPerHour; i++ {
 			ip := net.IP{127, 0, byte((i & 0xff00) >> 8), byte(i & 0xff)}
 			e := &stats.Entry{
-				Domain: fmt.Sprintf("domain%d.hour%d", i, h),
-				Client: ip.String(),
-				Result: stats.RNotFiltered,
-				Time:   123456,
+				Domain:         fmt.Sprintf("domain%d.hour%d", i, h),
+				Client:         ip.String(),
+				Result:         stats.RNotFiltered,
+				ProcessingTime: 123456,
 			}
 			s.Update(e)
 		}

internal/stats/unit.go

@@ -68,8 +68,12 @@ type Entry struct {
 	// Result is the result of processing the request.
 	Result Result
 
-	// Time is the duration of the request processing.
-	Time time.Duration
+	// ProcessingTime is the duration of the request processing from the start
+	// of the request including timeouts.
+	ProcessingTime time.Duration
+
+	// UpstreamTime is the duration of the successful request to the upstream.
+	UpstreamTime time.Duration
 }
 
 // validate returns an error if entry is not valid.
@@ -103,8 +107,8 @@ type unit struct {
 	// upstreamsResponses stores the number of responses from each upstream.
 	upstreamsResponses map[string]uint64
 
-	// upstreamsTimeSum stores the sum of processing time in microseconds of
-	// responses from each upstream.
+	// upstreamsTimeSum stores the sum of durations of successful queries in
+	// microseconds to each upstream.
 	upstreamsTimeSum map[string]uint64
 
 	// nResult stores the number of requests grouped by it's result.
@@ -323,13 +327,14 @@ func (u *unit) add(e *Entry) {
 	}
 
 	u.clients[e.Client]++
-	t := uint64(e.Time.Microseconds())
-	u.timeSum += t
+	pt := uint64(e.ProcessingTime.Microseconds())
+	u.timeSum += pt
 	u.nTotal++
 
 	if e.Upstream != "" {
 		u.upstreamsResponses[e.Upstream]++
-		u.upstreamsTimeSum[e.Upstream] += t
+		ut := uint64(e.UpstreamTime.Microseconds())
+		u.upstreamsTimeSum[e.Upstream] += ut
 	}
 }
 

internal/tools/go.mod

@@ -5,32 +5,30 @@ go 1.20
 require (
 	github.com/fzipp/gocyclo v0.6.0
 	github.com/golangci/misspell v0.4.1
-	github.com/gordonklaus/ineffassign v0.0.0-20230610083614-0e73809eb601
+	github.com/gordonklaus/ineffassign v0.1.0
 	github.com/kisielk/errcheck v1.6.3
 	github.com/kyoh86/looppointer v0.2.1
-	github.com/securego/gosec/v2 v2.17.0
-	// TODO(a.garipov): Return to latest once the release is tagged
-	// correctly.  See uudashr/gocognit#31.
-	github.com/uudashr/gocognit v1.0.8-0.20230906062305-bc9ca12659bf
-	golang.org/x/tools v0.13.0
+	github.com/securego/gosec/v2 v2.18.2
+	github.com/uudashr/gocognit v1.1.2
+	golang.org/x/tools v0.15.0
 	golang.org/x/vuln v1.0.1
-	honnef.co/go/tools v0.4.5
+	honnef.co/go/tools v0.4.6
 	mvdan.cc/gofumpt v0.5.0
-	mvdan.cc/unparam v0.0.0-20230815095028-f7c6fb1088f0
+	mvdan.cc/unparam v0.0.0-20230917202934-3ee2d22f45fb
 )
 
 require (
 	github.com/BurntSushi/toml v1.3.2 // indirect
 	github.com/ccojocar/zxcvbn-go v1.0.1 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/uuid v1.3.1 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/uuid v1.4.0 // indirect
 	github.com/gookit/color v1.5.4 // indirect
 	github.com/kyoh86/nolint v0.0.1 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/exp/typeparams v0.0.0-20230905200255-921286631fa9 // indirect
-	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.12.0 // indirect
+	golang.org/x/exp/typeparams v0.0.0-20231110203233-9a3e6036ecaa // indirect
+	golang.org/x/mod v0.14.0 // indirect
+	golang.org/x/sync v0.5.0 // indirect
+	golang.org/x/sys v0.14.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

internal/tools/go.sum

@@ -11,16 +11,16 @@ github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEe
 github.com/golangci/misspell v0.4.1 h1:+y73iSicVy2PqyX7kmUefHusENlrP9YwuHZHPLGQj/g=
 github.com/golangci/misspell v0.4.1/go.mod h1:9mAN1quEo3DlpbaIKKyEvRxK1pwqR9s/Sea1bJCtlNI=
 github.com/google/go-cmdtest v0.4.1-0.20220921163831-55ab3332a786 h1:rcv+Ippz6RAtvaGgKxc+8FQIpxHgsF+HBzPyYL2cyVU=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
 github.com/google/renameio v0.1.0 h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA=
-github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
-github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
+github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0=
 github.com/gookit/color v1.5.4/go.mod h1:pZJOeOS8DM43rXbp4AZo1n9zCU2qjpcRko0b6/QJi9w=
-github.com/gordonklaus/ineffassign v0.0.0-20230610083614-0e73809eb601 h1:mrEEilTAUmaAORhssPPkxj84TsHrPMLBGW2Z4SoTxm8=
-github.com/gordonklaus/ineffassign v0.0.0-20230610083614-0e73809eb601/go.mod h1:Qcp2HIAYhR7mNUVSIxZww3Guk4it82ghYcEXIAk+QT0=
+github.com/gordonklaus/ineffassign v0.1.0 h1:y2Gd/9I7MdY1oEIt+n+rowjBNDcLQq3RsH5hwJd0f9s=
+github.com/gordonklaus/ineffassign v0.1.0/go.mod h1:Qcp2HIAYhR7mNUVSIxZww3Guk4it82ghYcEXIAk+QT0=
 github.com/kisielk/errcheck v1.6.3 h1:dEKh+GLHcWm2oN34nMvDzn1sqI0i0WxPvrgiJA5JuM8=
 github.com/kisielk/errcheck v1.6.3/go.mod h1:nXw/i/MfnvRHqXa7XXmQMUB0oNFGuBrNI8d8NLy0LPw=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
@@ -29,15 +29,15 @@ github.com/kyoh86/looppointer v0.2.1 h1:Jx9fnkBj/JrIryBLMTYNTj9rvc2SrPS98Dg0w7fx
 github.com/kyoh86/looppointer v0.2.1/go.mod h1:q358WcM8cMWU+5vzqukvaZtnJi1kw/MpRHQm3xvTrjw=
 github.com/kyoh86/nolint v0.0.1 h1:GjNxDEkVn2wAxKHtP7iNTrRxytRZ1wXxLV5j4XzGfRU=
 github.com/kyoh86/nolint v0.0.1/go.mod h1:1ZiZZ7qqrZ9dZegU96phwVcdQOMKIqRzFJL3ewq9gtI=
-github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
-github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
+github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
+github.com/onsi/gomega v1.28.1 h1:MijcGUbfYuznzK/5R4CPNoUP/9Xvuo20sXfEm6XxoTA=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/securego/gosec/v2 v2.17.0 h1:ZpAStTDKY39insEG9OH6kV3IkhQZPTq9a9eGOLOjcdI=
-github.com/securego/gosec/v2 v2.17.0/go.mod h1:lt+mgC91VSmriVoJLentrMkRCYs+HLTBnUFUBuhV2hc=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/securego/gosec/v2 v2.18.2 h1:DkDt3wCiOtAHf1XkiXZBhQ6m6mK/b9T/wD257R3/c+I=
+github.com/securego/gosec/v2 v2.18.2/go.mod h1:xUuqSF6i0So56Y2wwohWAmB07EdBkUN6crbLlHwbyJs=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/uudashr/gocognit v1.0.8-0.20230906062305-bc9ca12659bf h1:LA5CHw6L5BvI0RjqvBYa9+3hXAL2rhuAJPtS5rS2a2k=
-github.com/uudashr/gocognit v1.0.8-0.20230906062305-bc9ca12659bf/go.mod h1:nAIUuVBnYU7pcninia3BHOvQkpQCeO76Uscky5BOwcY=
+github.com/uudashr/gocognit v1.1.2 h1:l6BAEKJqQH2UpKAPKdMfZf5kE4W/2xk8pfU1OVLvniI=
+github.com/uudashr/gocognit v1.1.2/go.mod h1:aAVdLURqcanke8h3vg35BC++eseDm66Z7KmchI5et4k=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -49,26 +49,26 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
-golang.org/x/exp/typeparams v0.0.0-20230905200255-921286631fa9 h1:j3D9DvWRpUfIyFfDPws7LoIZ2MAI1OJHdQXtTnYtN+k=
-golang.org/x/exp/typeparams v0.0.0-20230905200255-921286631fa9/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
+golang.org/x/exp/typeparams v0.0.0-20231110203233-9a3e6036ecaa h1:wJBD77KpXKOckDJT0rqU5EwZDmxcmTh6aXVpU6s6GBg=
+golang.org/x/exp/typeparams v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
-golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
+golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
+golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
+golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -79,22 +79,22 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220702020025-31831981b65f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
-golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20201007032633-0806396f153e/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4=
-golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
-golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8=
+golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk=
 golang.org/x/vuln v1.0.1 h1:KUas02EjQK5LTuIx1OylBQdKKZ9jeugs+HiqO5HormU=
 golang.org/x/vuln v1.0.1/go.mod h1:bb2hMwln/tqxg32BNY4CcxHWtHXuYa3SbIBmtsyjxtM=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -104,9 +104,9 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.4.5 h1:YGD4H+SuIOOqsyoLOpZDWcieM28W47/zRO7f+9V3nvo=
-honnef.co/go/tools v0.4.5/go.mod h1:GUV+uIBCLpdf0/v6UhHHG/yzI/z6qPskBeQCjcNB96k=
+honnef.co/go/tools v0.4.6 h1:oFEHCKeID7to/3autwsWfnuv69j3NsfcXbvJKuIcep8=
+honnef.co/go/tools v0.4.6/go.mod h1:+rnGS1THNh8zMwnd2oVOTL9QF6vmfyG6ZXBULae2uc0=
 mvdan.cc/gofumpt v0.5.0 h1:0EQ+Z56k8tXjj/6TQD25BFNKQXpCvT0rnansIc7Ug5E=
 mvdan.cc/gofumpt v0.5.0/go.mod h1:HBeVDtMKRZpXyxFciAirzdKklDlGu8aAy1wEbH5Y9js=
-mvdan.cc/unparam v0.0.0-20230815095028-f7c6fb1088f0 h1:NAENkqZ+Xofhqs4R4Af+i3HpZj1M23SFn/lHfRh1D4E=
-mvdan.cc/unparam v0.0.0-20230815095028-f7c6fb1088f0/go.mod h1:flQN1deud3vIpPdF88533Lpp/MvzGLgPIPjB1kgBf4I=
+mvdan.cc/unparam v0.0.0-20230917202934-3ee2d22f45fb h1:xiF91GJnDSbyPdiZB5d52N2VpZfGhjM4Ji75cjzuooQ=
+mvdan.cc/unparam v0.0.0-20230917202934-3ee2d22f45fb/go.mod h1:ZzZjEpJDOmx8TdVU6umamY3Xy0UAQUI2DHbf05USVbI=

scripts/make/go-lint.sh

@@ -35,7 +35,7 @@ set -f -u
 go_version="$( "${GO:-go}" version )"
 readonly go_version
 
-go_min_version='go1.20.10'
+go_min_version='go1.20.11'
 go_version_msg="
 warning: your go version (${go_version}) is different from the recommended minimal one (${go_min_version}).
 if you have the version installed, please set the GO environment variable.