all: fix chlog

Updates #4557.

* commit 'e3624ec5880361b8afccd0ddac9dc31fd7ce4a07':
  all: fix abbreviation
  Update README.md

CHANGELOG.md

@@ -12,56 +12,18 @@ and this project adheres to
 ## [Unreleased]
 
 <!--
-## [v0.108.0] - TBA
+## [v0.108.0] - TBA (APPROX.)
 -->
 
 
 
 <!--
-## [v0.107.20] - 2022-12-07 (APPROX.)
-
-See also the [v0.107.20 GitHub milestone][ms-v0.107.20].
-
-[ms-v0.107.20]: https://github.com/AdguardTeam/AdGuardHome/milestone/56?closed=1
--->
-
-
-
-## [v0.107.19] - 2022-11-23
-
-See also the [v0.107.19 GitHub milestone][ms-v0.107.19].
-
-### Added
-
-- The ability to block popular Mastodon instances
-  ([AdguardTeam/HostlistsRegistry#100]).
-- The new `--update` command-line option, which allows updating AdGuard Home
-  silently ([#4223]).
-
-### Changed
-
-- Minor UI changes.
-
-[#4223]: https://github.com/AdguardTeam/AdGuardHome/issues/4223
-
-[ms-v0.107.19]: https://github.com/AdguardTeam/AdGuardHome/milestone/55?closed=1
-
-[AdguardTeam/HostlistsRegistry#100]: https://github.com/AdguardTeam/HostlistsRegistry/pull/100
-
-
-
-## [v0.107.18] - 2022-11-08
+## [v0.107.18] - 2022-11-16 (APPROX.)
 
 See also the [v0.107.18 GitHub milestone][ms-v0.107.18].
 
-### Fixed
-
-- Crash on some systems when domains from system hosts files are processed
-  ([#5089]).
-
-[#5089]: https://github.com/AdguardTeam/AdGuardHome/issues/5089
-
-[ms-v0.107.18]: https://github.com/AdguardTeam/AdGuardHome/milestone/54?closed=1
+[ms-v0.107.18]: https://github.com/AdguardTeam/AdGuardHome/milestone/52?closed=1
+-->
 
 
 
@@ -868,7 +830,7 @@ See also the [v0.107.0 GitHub milestone][ms-v0.107.0].
 - Query log search now supports internationalized domains ([#3012]).
 - Internationalized domains are now shown decoded in the query log with the
   original encoded version shown in request details ([#3013]).
-- When `/etc/hosts`-type rules have several IPs for one host, all IPs are now
+- When /etc/hosts-type rules have several IPs for one host, all IPs are now
   returned instead of only the first one ([#1381]).
 - Property `rlimit_nofile` is now in the `os` object of the configuration
   file, together with the new `group` and `user` properties ([#2763]).
@@ -1126,7 +1088,7 @@ See also the [v0.106.0 GitHub milestone][ms-v0.106.0].
 - Hostname uniqueness validation in the DHCP server ([#2952]).
 - Hostname generating for DHCP clients which don't provide their own ([#2723]).
 - New flag `--no-etc-hosts` to disable client domain name lookups in the
-  operating system's `/etc/hosts` files ([#1947]).
+  operating system's /etc/hosts files ([#1947]).
 - The ability to set up custom upstreams to resolve PTR queries for local
   addresses and to disable the automatic resolving of clients' addresses
   ([#2704]).
@@ -1443,13 +1405,11 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].
 
 
 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.20...HEAD
-[v0.107.20]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.19...v0.107.20
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.18...HEAD
+[v0.107.18]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.17...v0.107.18
 -->
 
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.19...HEAD
-[v0.107.19]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.18...v0.107.19
-[v0.107.18]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.17...v0.107.18
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.17...HEAD
 [v0.107.17]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.16...v0.107.17
 [v0.107.16]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.15...v0.107.16
 [v0.107.15]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.14...v0.107.15

Makefile

@@ -34,8 +34,6 @@ YARN_INSTALL_FLAGS = $(YARN_FLAGS) --network-timeout 120000 --silent\
 	--ignore-engines --ignore-optional --ignore-platform\
 	--ignore-scripts
 
-NEXTAPI = 0
-
 # Macros for the build-release target.  If FRONTEND_PREBUILT is 0, the
 # default, the macro $(BUILD_RELEASE_DEPS_$(FRONTEND_PREBUILT)) expands
 # into BUILD_RELEASE_DEPS_0, and so both frontend and backend
@@ -63,7 +61,6 @@ ENV = env\
 	PATH="$${PWD}/bin:$$( "$(GO.MACRO)" env GOPATH )/bin:$${PATH}"\
 	RACE='$(RACE)'\
 	SIGN='$(SIGN)'\
-	NEXTAPI='$(NEXTAPI)'\
 	VERBOSE='$(VERBOSE)'\
 	VERSION='$(VERSION)'\
 

client/src/__locales/ar.json

@@ -392,7 +392,6 @@
     "encryption_issuer": "المصدر",
     "encryption_hostnames": "اسم المستضيف",
     "encryption_reset": "هل أنت متأكد أنك تريد إعادة تعيين إعدادات التشفير؟",
-    "encryption_warning": "تحذير",
     "topline_expiring_certificate": "شهادة SSL الخاصة بك على وشك الانتهاء. قم بتحديث <0>إعدادات التشفير</0>.",
     "topline_expired_certificate": "انتهت صلاحية شهادة SSL الخاصة بك. قم بتحديث <0>إعدادات التشفير</0>.",
     "form_error_port_range": "أدخل رقم المنفذ في النطاق 80-65535",

client/src/__locales/be.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Выдавец",
     "encryption_hostnames": "Імёны хастоў",
     "encryption_reset": "Вы ўпэўнены, што хочаце скінуць налады шыфравання?",
-    "encryption_warning": "Увага",
     "topline_expiring_certificate": "Ваш SSL-сертыфікат хутка мінае. Абновіце <0>Налады шыфравання</0>.",
     "topline_expired_certificate": "Ваш SSL-сертыфікат мінуў. Абновіце <0>Налады шыфравання</0>.",
     "form_error_port_range": "Увядзіце нумар порта з інтэрвалу 80-65535",

client/src/__locales/bg.json

@@ -244,7 +244,6 @@
     "encryption_issuer": "Изпълнител",
     "encryption_hostnames": "Имена на хоста",
     "encryption_reset": "Сигурни ли сте че искате да изтриете настройките за криптиране?",
-    "encryption_warning": "Внимание",
     "topline_expiring_certificate": "Вашият SSL сертификат изтича. Обнови <0>Настройки за криптиране</0>.",
     "topline_expired_certificate": "Вашият SSL сертификат е изтекъл. Обнови <0>Настройки за криптиране</0>.",
     "form_error_port_range": "Въведете порт в диапазона 80-65535",

client/src/__locales/cs.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Vydavatel",
     "encryption_hostnames": "Názvy hostitelů",
     "encryption_reset": "Opravdu chcete obnovit nastavení šifrování?",
-    "encryption_warning": "Varování",
     "topline_expiring_certificate": "Váš SSL certifikát brzy vyprší. Aktualizujte <0>Nastavení šifrování</0>.",
     "topline_expired_certificate": "Váš SSL certifikát vypršel. Aktualizujte <0>Nastavení šifrování</0>.",
     "form_error_port_range": "Zadejte číslo portu v rozmezí 80-65535",

client/src/__locales/da.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Udsteder",
     "encryption_hostnames": "Værtsnavne",
     "encryption_reset": "Sikker på, at du vil nulstille krypteringsindstillingerne?",
-    "encryption_warning": "Advarsel",
     "topline_expiring_certificate": "Dit SSL-certifikat er ved at udløbe. Opdatér <0>Krypteringsindstillinger</0>.",
     "topline_expired_certificate": "Dit SSL-certifikat er udløbet. Opdatér <0>Krypteringsindstillinger</0>.",
     "form_error_port_range": "Angiv portnummer i intervallet 80-65535",

client/src/__locales/de.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Ausgestellt von",
     "encryption_hostnames": "Hostnamen",
     "encryption_reset": "Möchten Sie die Verschlüsselungseinstellungen wirklich zurücksetzen?",
-    "encryption_warning": "Warnhinweis",
     "topline_expiring_certificate": "Ihr SSL-Zertifikat läuft demnächst ab. Aktualisieren Sie Ihre <0>Verschlüsselungseinstellungen</0>.",
     "topline_expired_certificate": "Ihr SSL-Zertifikat ist abgelaufen. Aktualisieren Sie Ihre <0>Verschlüsselungseinstellungen</0>.",
     "form_error_port_range": "Geben Sie die Portnummer zwischen 80 und 65535 ein",

client/src/__locales/en.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Issuer",
     "encryption_hostnames": "Hostnames",
     "encryption_reset": "Are you sure you want to reset encryption settings?",
-    "encryption_warning": "Warning",
     "topline_expiring_certificate": "Your SSL certificate is about to expire. Update <0>Encryption settings</0>.",
     "topline_expired_certificate": "Your SSL certificate is expired. Update <0>Encryption settings</0>.",
     "form_error_port_range": "Enter port number in the range of 80-65535",

client/src/__locales/es.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Emisor",
     "encryption_hostnames": "Nombres de hosts",
     "encryption_reset": "¿Estás seguro de que deseas restablecer la configuración de cifrado?",
-    "encryption_warning": "Advertencia",
     "topline_expiring_certificate": "Tu certificado SSL está a punto de expirar. Actualiza la <0>configuración de cifrado</0>.",
     "topline_expired_certificate": "Tu certificado SSL ha expirado. Actualiza la <0>configuración de cifrado</0>.",
     "form_error_port_range": "Ingresa el número del puerto en el rango de 80 a 65535",

client/src/__locales/fa.json

@@ -361,7 +361,6 @@
     "encryption_issuer": "صادر کننده",
     "encryption_hostnames": "نام میزبان",
     "encryption_reset": "آیا میخواهید تنظیمات رمزگُذاری به پیش فرض بازگردد؟",
-    "encryption_warning": "هشدار",
     "topline_expiring_certificate": "گواهینامه اِس اِس اِل شما در صدد انقضاء است.  <0>تنظیمات رمزگُذاری</0> را بروز رسانی کنید.",
     "topline_expired_certificate": "گواهینامه اِس اِس اِل شما منقضی شده است. <0>تنظیمات رمزگُذاری</0> را بروز رسانی کنید.",
     "form_error_port_range": "مقدار پورت را در محدوده 80-65535 وارد کنید",

client/src/__locales/fi.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Toimittaja",
     "encryption_hostnames": "Isäntänimet",
     "encryption_reset": "Haluatko varmasti palauttaa salausasetukset?",
-    "encryption_warning": "Varoitus",
     "topline_expiring_certificate": "SSL-varmenteesi on erääntymässä. Päivitä <0>Salausasetukset</0>.",
     "topline_expired_certificate": "SSL-varmenteesi on erääntynyt. Päivitä <0>Salausasetukset</0>.",
     "form_error_port_range": "Syötä portti väliltä 80-65535",
@@ -543,8 +542,8 @@
     "descr": "Kuvaus",
     "whois": "WHOIS",
     "filtering_rules_learn_more": "<0>Lue lisää</0> omien hosts-listojesi luonnista.",
-    "blocked_by_response": "Estetty vastauksen CNAME:n tai IP:n perusteella",
-    "blocked_by_cname_or_ip": "Estetty CNAME:n tai IP:n perusteella",
+    "blocked_by_response": "Vastauksen sisältämän CNAME:n tai IP:n estämä",
+    "blocked_by_cname_or_ip": "CNAME:n tai IP:n estämä",
     "try_again": "Yritä uudelleen",
     "domain_desc": "Syötä korvattava verkkotunnus tai jokerimerkki.",
     "example_rewrite_domain": "korvaa vain tämän verkkotunnuksen vastaukset",

client/src/__locales/fr.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Émetteur",
     "encryption_hostnames": "Noms d'hôte",
     "encryption_reset": "Voulez-vous vraiment réinitialiser les paramètres de chiffrement ?",
-    "encryption_warning": "Attention",
     "topline_expiring_certificate": "Votre certificat SSL est sur le point d'expirer. Mettez à jour vos <0>Paramètres de chiffrement</0>.",
     "topline_expired_certificate": "Votre certificat SSL a expiré. Mettez à jour vos <0>Paramètres de chiffrement</0>.",
     "form_error_port_range": "Saisissez une valeur de port entre 80 et 65535",

client/src/__locales/hr.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Izdavač",
     "encryption_hostnames": "Nazivi računala",
     "encryption_reset": "Jeste li sigurni da želite poništiti postavke šifriranja?",
-    "encryption_warning": "Upozorenje",
     "topline_expiring_certificate": "Vaš SSL certifikat uskoro ističe. Ažurirajte <0>Postavke šifriranja</0>.",
     "topline_expired_certificate": "Vaš SSL certifikat je istekao. Ažurirajte <0>Postavke šifriranja</0>.",
     "form_error_port_range": "Unesite broj porta od 80 do 65536",

client/src/__locales/hu.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Kibocsátó",
     "encryption_hostnames": "Hosztnevek",
     "encryption_reset": "Biztosan visszaállítja a titkosítási beállításokat?",
-    "encryption_warning": "Figyelmeztetés",
     "topline_expiring_certificate": "Az SSL-tanúsítványa hamarosan lejár. Frissítse a <0>Titkosítási beállításokat</0>.",
     "topline_expired_certificate": "Az SSL-tanúsítványa lejárt. Frissítse a <0>Titkosítási beállításokat</0>.",
     "form_error_port_range": "Adjon meg egy portszámot a 80-65535 tartományon belül",

client/src/__locales/id.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Penerbit",
     "encryption_hostnames": "Nama host",
     "encryption_reset": "Anda yakin ingin mengatur ulang pengaturan enkripsi?",
-    "encryption_warning": "Perhatian",
     "topline_expiring_certificate": "Sertifikat SSL Anda hampir kedaluwarsa. Perbarui <0>Pengaturan enkripsi</0>.",
     "topline_expired_certificate": "Sertifikat SSL Anda kedaluwarsa. Perbarui <0>Pengaturan enkripsi</0>.",
     "form_error_port_range": "Masukkan nomor port di kisaran 80-65535",

client/src/__locales/it.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Emittente",
     "encryption_hostnames": "Nomi host",
     "encryption_reset": "Sei sicuro di voler ripristinare le impostazioni di crittografia?",
-    "encryption_warning": "Attenzione",
     "topline_expiring_certificate": "Il tuo certificato SSL sta per scadere. Aggiorna le<0> Impostazioni di crittografia </ 0>.",
     "topline_expired_certificate": "Il tuo certificato SSL è scaduto. Aggiorna le <0> Impostazioni di crittografia </ 0>.",
     "form_error_port_range": "Immettere il valore della porta nell'intervallo 80-65535",

client/src/__locales/ja.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "発行者",
     "encryption_hostnames": "ホスト名",
     "encryption_reset": "暗号化設定をリセットして良いですか？",
-    "encryption_warning": "警告",
     "topline_expiring_certificate": "SSL証明書は期限切れになります。<0>暗号化設定</0>を更新します。",
     "topline_expired_certificate": "SSL証明書は期限切れです。<0>暗号化設定</0>を更新します。",
     "form_error_port_range": "80〜65535 の範囲内でポート番号を入力してください",

client/src/__locales/ko.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "발행자",
     "encryption_hostnames": "호스트 이름",
     "encryption_reset": "암호화 설정을 재설정하시겠습니까?",
-    "encryption_warning": "경고",
     "topline_expiring_certificate": "SSL 인증서가 곧 만료됩니다. 업데이트<0> 암호화 설정</0>.",
     "topline_expired_certificate": "SSL 인증서가 만료되었습니다. 업데이트<0> 암호화 설정</0>.",
     "form_error_port_range": "80-65535 범위의 포트 번호를 입력하세요",

client/src/__locales/nl.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Uitgever",
     "encryption_hostnames": "Hostnamen",
     "encryption_reset": "Ben je zeker dat je de encryptie instellingen wil resetten?",
-    "encryption_warning": "Waarschuwing",
     "topline_expiring_certificate": "Jouw SSL-certificaat vervalt binnenkort. Werk de <0>encryptie-instellingen</0> bij.",
     "topline_expired_certificate": "Jouw SSL-certificaat is vervallen. Werk de <0>encryptie-instellingen</0> bij.",
     "form_error_port_range": "Poortnummer invoeren tussen 80 en 65535",

client/src/__locales/no.json

@@ -373,7 +373,6 @@
     "encryption_issuer": "Utsteder",
     "encryption_hostnames": "Vertsnavn",
     "encryption_reset": "Er du sikker på at du vil tilbakestille krypteringsinnstillingene?",
-    "encryption_warning": "Advarsel",
     "topline_expiring_certificate": "Ditt SSL-sertifikat er i ferd med å utløpe. Oppdater <0>Krypteringsinnstillinger</0>.",
     "topline_expired_certificate": "SSL-sertifikatet har utløpt. Oppdater <0>Krypteringsinnstillinger</0>.",
     "form_error_port_range": "Skriv inn et portnummer i området 80-65535",

client/src/__locales/pl.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Zgłaszający",
     "encryption_hostnames": "Nazwy hostów",
     "encryption_reset": "Czy na pewno chcesz zresetować ustawienia szyfrowania?",
-    "encryption_warning": "Uwaga!",
     "topline_expiring_certificate": "Twój certyfikat SSL wkrótce wygaśnie. Zaktualizuj <0>Ustawienia szyfrowania</0>.",
     "topline_expired_certificate": "Twój certyfikat SSL wygasł. Zaktualizuj <0>Ustawienia szyfrowania</0>.",
     "form_error_port_range": "Wpisz numer portu z zakresu 80-65535",

client/src/__locales/pt-br.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Emissor",
     "encryption_hostnames": "Nomes dos servidores",
     "encryption_reset": "Você tem certeza de que deseja redefinir a configuração de criptografia?",
-    "encryption_warning": "Aviso",
     "topline_expiring_certificate": "Seu certificado SSL está prestes a expirar. Atualize suas <0>configurações de criptografia</]0>",
     "topline_expired_certificate": "Seu certificado SSL está expirado. Atualize suas <0>configurações de criptografia</0>",
     "form_error_port_range": "Digite um número de porta entre 80 e 65535",

client/src/__locales/pt-pt.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Emissor",
     "encryption_hostnames": "Nomes dos servidores",
     "encryption_reset": "Tem a certeza de que deseja repor a definição de criptografia?",
-    "encryption_warning": "Aviso",
     "topline_expiring_certificate": "O seu certificado SSL está prestes a expirar. Atualize as suas <0>definições de criptografia</0>.",
     "topline_expired_certificate": "O seu certificado SSL está expirado. Atualize as suas <0>definições de criptografia</0>.",
     "form_error_port_range": "Digite um numero de porta entre 80 e 65535",

client/src/__locales/ro.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Emitent",
     "encryption_hostnames": "Nume de host",
     "encryption_reset": "Sunteți sigur că doriți să resetați setările de criptare?",
-    "encryption_warning": "Avertisment",
     "topline_expiring_certificate": "Certificatul dvs. SSL este pe cale să expire. Actualizați <0>Setările de criptare</0>.",
     "topline_expired_certificate": "Certificatul dvs. SSL a expirat. Actualizați <0>Setările de criptare</0>.",
     "form_error_port_range": "Introduceți valoarea portului între 80-65535",

client/src/__locales/ru.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Издатель",
     "encryption_hostnames": "Имена хостов",
     "encryption_reset": "Вы уверены, что хотите сбросить настройки шифрования?",
-    "encryption_warning": "Предупреждение",
     "topline_expiring_certificate": "Ваш SSL-сертификат скоро истекает. Обновите <0>Настройки шифрования</0>.",
     "topline_expired_certificate": "Ваш SSL-сертификат истёк. Обновите <0>Настройки шифрования</0>.",
     "form_error_port_range": "Введите номер порта из интервала 80-65535",

client/src/__locales/sk.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Vydavateľ",
     "encryption_hostnames": "Názvy hostiteľov",
     "encryption_reset": "Naozaj chcete obnoviť nastavenia šifrovania?",
-    "encryption_warning": "Varovanie",
     "topline_expiring_certificate": "Váš SSL certifikát čoskoro vyprší. Aktualizujte <0>Nastavenia šifrovania</0>.",
     "topline_expired_certificate": "Váš SSL certifikát vypršal. Aktualizujte <0>Nastavenia šifrovania</0>.",
     "form_error_port_range": "Zadajte číslo portu v rozsahu 80-65535",

client/src/__locales/sl.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Izdajatelj",
     "encryption_hostnames": "Imena gostiteljev",
     "encryption_reset": "Ali ste prepričani, da želite ponastaviti nastavitve šifriranja?",
-    "encryption_warning": "Opozorilo",
     "topline_expiring_certificate": "Vaš e digitalno potrdilo SSL bo kmalu poteklol. Posodobite <0>Nastavitve šifriranja</0>.",
     "topline_expired_certificate": "Vaše digitalno potrdilo SSL je poteklo. Posodobi <0>Nastavitve šifriranja</0>.",
     "form_error_port_range": "Vnesite številko vrat v razponu med 80-65535",

client/src/__locales/sr-cs.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Izdavač",
     "encryption_hostnames": "Imena hostova",
     "encryption_reset": "Jeste li sigurni da želite dda resetujete postavke šifrovanja?",
-    "encryption_warning": "Upozorenje",
     "topline_expiring_certificate": "Vaš SSL sertifikat uskoro ističe. Ažurirajte <0>postavke šifrovanja</0>.",
     "topline_expired_certificate": "Vaš SSL sertifikat je istekao. Ažurirajte <0>postavke šifrovanja</0>.",
     "form_error_port_range": "Unesite vrednost porta u opsegu od 80-65535",

client/src/__locales/sv.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Utgivare",
     "encryption_hostnames": "Värdnamn",
     "encryption_reset": "Är du säker på att du vill återställa krypteringsinställningarna?",
-    "encryption_warning": "Varning",
     "topline_expiring_certificate": "Ditt SSL-certifikat håller på att gå ut. <0>Krypteringsinställningar</0>.",
     "topline_expired_certificate": "Ditt SSL-certifikat har gått ut. Uppdatera <0>Krypteringsinställningar</0>-",
     "form_error_port_range": "Ange ett portnummer inom värdena 80-65535",

client/src/__locales/th.json

@@ -262,7 +262,6 @@
     "encryption_issuer": "ผู้ออกใบรับรอง:",
     "encryption_hostnames": "ชื่อโฮส",
     "encryption_reset": "คุณแน่ใจนะว่าจะล้างค่าการเข้ารหัส?",
-    "encryption_warning": "คำเตือน",
     "topline_expiring_certificate": "ใบรับรอง SSL ของคุณกำลังจะหมดอายุ กรุณาอัปเดท <0>การตั้งค่าเข้ารหัส</0>.",
     "topline_expired_certificate": "ใบรับรอง SSL ของคุณหมดอายุแล้ว กรุณาอัปเดท <0>การตั้งค่าเข้ารหัส</0>.",
     "form_error_port_unsafe": "เป็นพอร์ทที่ไม่ปลอดภัย",

client/src/__locales/tr.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Sağlayan",
     "encryption_hostnames": "Ana makine adları",
     "encryption_reset": "Şifreleme ayarlarını sıfırlamak istediğinizden emin misiniz?",
-    "encryption_warning": "Uyarı",
     "topline_expiring_certificate": "SSL sertifikanızın süresi sona üzere. <0>Şifreleme ayarlarını</0> güncelleyin.",
     "topline_expired_certificate": "SSL sertifikanızın süresi sona erdi. <0>Şifreleme ayarlarını</0> güncelleyin.",
     "form_error_port_range": "80-65535 aralığında geçerli bir bağlantı noktası değeri girin",

client/src/__locales/uk.json

@@ -371,7 +371,7 @@
     "encryption_redirect": "Автоматично перенаправляти на HTTPS",
     "encryption_redirect_desc": "Якщо встановлено, AdGuard Home автоматично перенаправить вас з HTTP на адреси HTTPS.",
     "encryption_https": "Порт HTTPS",
-    "encryption_https_desc": "Якщо HTTPS-порт налаштовано, інтерфейс адміністратора AdGuard Home буде доступний через HTTPS, а також сервер DNS-over-HTTPS буде доступний за адресою '/dns-query'.",
+    "encryption_https_desc": "Якщо HTTPS-порт налаштовано, інтерфейс адміністратора AdGuard Home буде доступний через HTTPS, а також DNS-over-HTTPS-сервер буде доступний за адресою /dns-query.",
     "encryption_dot": "Порт DNS-over-TLS",
     "encryption_dot_desc": "Якщо цей порт налаштовано, AdGuard Home запустить на цьому порту сервер DNS-over-TLS.",
     "encryption_doq": "Порт DNS-over-QUIC",
@@ -393,7 +393,6 @@
     "encryption_issuer": "Видавець",
     "encryption_hostnames": "Назви вузлів",
     "encryption_reset": "Ви впевнені, що хочете скинути налаштування шифрування?",
-    "encryption_warning": "Увага",
     "topline_expiring_certificate": "Ваш сертифікат SSL скоро закінчиться. Оновіть <0>Налаштування шифрування</0>.",
     "topline_expired_certificate": "Термін дії вашого сертифіката SSL закінчився. Оновіть <0>Налаштування шифрування</0>.",
     "form_error_port_range": "Введіть значення порту в діапазоні 80−65535",

client/src/__locales/vi.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "Phát hành",
     "encryption_hostnames": "Tên máy chủ",
     "encryption_reset": "Bạn có chắc chắn muốn đặt lại cài đặt mã hóa?",
-    "encryption_warning": "Cảnh báo",
     "topline_expiring_certificate": "Chứng chỉ SSL của bạn sắp hết hạn. Cập nhật <0>Cài đặt mã hóa</0>.",
     "topline_expired_certificate": "Chứng chỉ SSL của bạn đã hết hạn. Cập nhật <0>Cài đặt mã hóa</0>.",
     "form_error_port_range": "Nhập giá trị cổng trong phạm vi 80-65535",

client/src/__locales/zh-cn.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "颁发者",
     "encryption_hostnames": "主机名",
     "encryption_reset": "您确定想要重置加密设置？",
-    "encryption_warning": "警告",
     "topline_expiring_certificate": "您的 SSL 证书即将过期。请更新 <0>加密设置</0> 。",
     "topline_expired_certificate": "您的 SSL 证书已过期。请更新 <0>加密设置</0> 。",
     "form_error_port_range": "输入 80 - 65535 范围内的端口值",

client/src/__locales/zh-hk.json

@@ -381,7 +381,6 @@
     "encryption_issuer": "簽發者",
     "encryption_hostnames": "主機名稱",
     "encryption_reset": "您確定要重設加密設定嗎？",
-    "encryption_warning": "警告",
     "topline_expiring_certificate": "您的 SSL 憑證即將到期。請前往<0>加密設定</0>更新。",
     "topline_expired_certificate": "您的 SSL 憑證已到期。請前往<0>加密設定</0>更新。",
     "form_error_port_range": "輸入範圍 80-65535 中的值",

client/src/__locales/zh-tw.json

@@ -393,7 +393,6 @@
     "encryption_issuer": "簽發者",
     "encryption_hostnames": "主機名稱",
     "encryption_reset": "您確定您想要重置加密設定嗎？",
-    "encryption_warning": "警告",
     "topline_expiring_certificate": "您的安全通訊端層（SSL）憑證即將到期。更新<0>加密設定</0>。",
     "topline_expired_certificate": "您的安全通訊端層（SSL）憑證為已到期的。更新<0>加密設定</0>。",
     "form_error_port_range": "輸入在 80-65535 之範圍內的連接埠號碼",

client/src/components/Settings/Encryption/Form.js

@@ -56,26 +56,6 @@ const clearFields = (change, setTlsConfig, t) => {
     }
 };
 
-const validationMessage = (warningValidation, isWarning) => {
-    if (!warningValidation) {
-        return null;
-    }
-
-    if (isWarning) {
-        return (
-            <div className="col-12">
-                <p><Trans>encryption_warning</Trans>: {warningValidation}</p>
-            </div>
-        );
-    }
-
-    return (
-        <div className="col-12">
-            <p className="text-danger">{warningValidation}</p>
-        </div>
-    );
-};
-
 let Form = (props) => {
     const {
         t,
@@ -115,8 +95,6 @@ let Form = (props) => {
         || !valid_cert
         || !valid_pair;
 
-    const isWarning = valid_key && valid_cert && valid_pair;
-
     return (
         <form onSubmit={handleSubmit}>
             <div className="row">
@@ -404,7 +382,11 @@ let Form = (props) => {
                         )}
                     </div>
                 </div>
-                {validationMessage(warning_validation, isWarning)}
+                {warning_validation && (
+                    <div className="col-12">
+                        <p className="text-danger">{warning_validation}</p>
+                    </div>
+                )}
             </div>
 
             <div className="btn-list mt-2">

go.mod

@@ -4,7 +4,7 @@ go 1.18
 
 require (
 	github.com/AdguardTeam/dnsproxy v0.46.2
-	github.com/AdguardTeam/golibs v0.11.3
+	github.com/AdguardTeam/golibs v0.11.2
 	github.com/AdguardTeam/urlfilter v0.16.0
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.2.5
@@ -29,9 +29,9 @@ require (
 	github.com/ti-mo/netfilter v0.4.0
 	go.etcd.io/bbolt v1.3.6
 	golang.org/x/crypto v0.1.0
-	golang.org/x/exp v0.0.0-20221106115401-f9659909a136
+	golang.org/x/exp v0.0.0-20221026153819-32f3d567a233
 	golang.org/x/net v0.1.0
-	golang.org/x/sys v0.2.0
+	golang.org/x/sys v0.1.0
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 	gopkg.in/yaml.v3 v3.0.1
 	howett.net/plist v1.0.0
@@ -55,8 +55,8 @@ require (
 	github.com/mdlayher/socket v0.2.3 // indirect
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/onsi/ginkgo v1.16.5 // indirect
-	github.com/onsi/ginkgo/v2 v2.5.0 // indirect
-	github.com/onsi/gomega v1.24.0 // indirect
+	github.com/onsi/ginkgo/v2 v2.4.0 // indirect
+	github.com/onsi/gomega v1.22.1 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect

go.sum

@@ -2,8 +2,8 @@ github.com/AdguardTeam/dnsproxy v0.46.2 h1:ZUKM713Ts5meYQqk6cJkUBMCFSWqFPXTgjXkN
 github.com/AdguardTeam/dnsproxy v0.46.2/go.mod h1:PAmRzFqls0E92XTglyY2ESAqMAzZJhHKErG1ZpRnpjA=
 github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
-github.com/AdguardTeam/golibs v0.11.3 h1:Oif+REq2WLycQ2Xm3ZPmJdfftptss0HbGWbxdFaC310=
-github.com/AdguardTeam/golibs v0.11.3/go.mod h1:87bN2x4VsTritptE3XZg9l8T6gznWsIxHBcQ1DeRIXA=
+github.com/AdguardTeam/golibs v0.11.2 h1:JbQB1Dg2JWStXgHh1QqBbOLWnP4t9oDjppoBH6TVXSE=
+github.com/AdguardTeam/golibs v0.11.2/go.mod h1:87bN2x4VsTritptE3XZg9l8T6gznWsIxHBcQ1DeRIXA=
 github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU=
 github.com/AdguardTeam/urlfilter v0.16.0 h1:IO29m+ZyQuuOnPLTzHuXj35V1DZOp1Dcryl576P2syg=
 github.com/AdguardTeam/urlfilter v0.16.0/go.mod h1:46YZDOV1+qtdRDuhZKVPSSp7JWWes0KayqHrKAFBdEI=
@@ -131,12 +131,12 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/ginkgo/v2 v2.5.0 h1:TRtrvv2vdQqzkwrQ1ke6vtXf7IK34RBUJafIy1wMwls=
-github.com/onsi/ginkgo/v2 v2.5.0/go.mod h1:Luc4sArBICYCS8THh8v3i3i5CuSZO+RaQRaJoeNwomw=
+github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs=
+github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.24.0 h1:+0glovB9Jd6z3VR+ScSwQqXVTIfJcGA9UBM8yzQxhqg=
-github.com/onsi/gomega v1.24.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg=
+github.com/onsi/gomega v1.22.1 h1:pY8O4lBfsHKZHM/6nrxkhVPUznOlIu3quZcKP/M20KI=
+github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -177,8 +177,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
-golang.org/x/exp v0.0.0-20221106115401-f9659909a136 h1:Fq7F/w7MAa1KJ5bt2aJ62ihqp9HDcRuyILskkpIAurw=
-golang.org/x/exp v0.0.0-20221106115401-f9659909a136/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/exp v0.0.0-20221026153819-32f3d567a233 h1:9bNbSKT4RPLEzne0Xh1v3NaNecsa1DKjkOuTbY6V9rI=
+golang.org/x/exp v0.0.0-20221026153819-32f3d567a233/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -254,8 +254,8 @@ golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
-golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

internal/aghnet/hostscontainer.go

@@ -139,8 +139,6 @@ type HostsRecord struct {
 func (rec *HostsRecord) equal(other *HostsRecord) (ok bool) {
 	if rec == nil {
 		return other == nil
-	} else if other == nil {
-		return false
 	}
 
 	return rec.Canonical == other.Canonical && rec.Aliases.Equal(other.Aliases)
@@ -480,11 +478,7 @@ func (hc *HostsContainer) refresh() (err error) {
 		return fmt.Errorf("refreshing : %w", err)
 	}
 
-	// hc.last is nil on the first refresh, so let that one through.
-	//
-	// TODO(a.garipov): Once https://github.com/golang/go/issues/56621 is
-	// resolved, remove the first condition.
-	if hc.last != nil && maps.EqualFunc(hp.table, hc.last, (*HostsRecord).equal) {
+	if maps.EqualFunc(hp.table, hc.last, (*HostsRecord).equal) {
 		log.Debug("%s: no changes detected", hostsContainerPref)
 
 		return nil

internal/aghnet/net.go

@@ -31,6 +31,12 @@ var (
 // the IP being static is available.
 const ErrNoStaticIPInfo errors.Error = "no information about static ip"
 
+// IPv4Localhost returns 127.0.0.1, which returns true for [netip.Addr.Is4].
+func IPv4Localhost() (ip netip.Addr) { return netip.AddrFrom4([4]byte{127, 0, 0, 1}) }
+
+// IPv6Localhost returns ::1, which returns true for [netip.Addr.Is6].
+func IPv6Localhost() (ip netip.Addr) { return netip.AddrFrom16([16]byte{15: 1}) }
+
 // IfaceHasStaticIP checks if interface is configured to have static IP address.
 // If it can't give a definitive answer, it returns false and an error for which
 // errors.Is(err, ErrNoStaticIPInfo) is true.

internal/aghnet/net_test.go

@@ -188,7 +188,7 @@ func TestBroadcastFromIPNet(t *testing.T) {
 }
 
 func TestCheckPort(t *testing.T) {
-	laddr := netip.AddrPortFrom(netutil.IPv4Localhost(), 0)
+	laddr := netip.AddrPortFrom(IPv4Localhost(), 0)
 
 	t.Run("tcp_bound", func(t *testing.T) {
 		l, err := net.Listen("tcp", laddr.String())

internal/aghtest/interface.go

@@ -1,12 +1,10 @@
 package aghtest
 
 import (
-	"context"
 	"io/fs"
 	"net"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/miekg/dns"
 )
@@ -118,36 +116,6 @@ func (w *FSWatcher) Close() (err error) {
 	return w.OnClose()
 }
 
-// Package agh
-
-// type check
-var _ agh.ServiceWithConfig[struct{}] = (*ServiceWithConfig[struct{}])(nil)
-
-// ServiceWithConfig is a mock [agh.ServiceWithConfig] implementation for tests.
-type ServiceWithConfig[ConfigType any] struct {
-	OnStart    func() (err error)
-	OnShutdown func(ctx context.Context) (err error)
-	OnConfig   func() (c ConfigType)
-}
-
-// Start implements the [agh.ServiceWithConfig] interface for
-// *ServiceWithConfig.
-func (s *ServiceWithConfig[_]) Start() (err error) {
-	return s.OnStart()
-}
-
-// Shutdown implements the [agh.ServiceWithConfig] interface for
-// *ServiceWithConfig.
-func (s *ServiceWithConfig[_]) Shutdown(ctx context.Context) (err error) {
-	return s.OnShutdown(ctx)
-}
-
-// Config implements the [agh.ServiceWithConfig] interface for
-// *ServiceWithConfig.
-func (s *ServiceWithConfig[ConfigType]) Config() (c ConfigType) {
-	return s.OnConfig()
-}
-
 // Module dnsproxy
 
 // Package upstream

internal/dnsforward/clientid.go

@@ -23,6 +23,16 @@ func ValidateClientID(id string) (err error) {
 	return nil
 }
 
+// hasLabelSuffix returns true if s ends with suffix preceded by a dot.  It's
+// a helper function to prevent unnecessary allocations in code like:
+//
+// if strings.HasSuffix(s, "." + suffix) { /* … */ }
+//
+// s must be longer than suffix.
+func hasLabelSuffix(s, suffix string) (ok bool) {
+	return strings.HasSuffix(s, suffix) && s[len(s)-len(suffix)-1] == '.'
+}
+
 // clientIDFromClientServerName extracts and validates a ClientID.  hostSrvName
 // is the server name of the host.  cliSrvName is the server name as sent by the
 // client.  When strict is true, and client and host server name don't match,
@@ -36,7 +46,7 @@ func clientIDFromClientServerName(
 		return "", nil
 	}
 
-	if !netutil.IsImmediateSubdomain(cliSrvName, hostSrvName) {
+	if !hasLabelSuffix(cliSrvName, hostSrvName) {
 		if !strict {
 			return "", nil
 		}

internal/dnsforward/dnsforward.go

@@ -246,7 +246,6 @@ type RDNSExchanger interface {
 	// Exchange tries to resolve the ip in a suitable way, e.g. either as
 	// local or as external.
 	Exchange(ip net.IP) (host string, err error)
-
 	// ResolvesPrivatePTR returns true if the RDNSExchanger is able to
 	// resolve PTR requests for locally-served addresses.
 	ResolvesPrivatePTR() (ok bool)
@@ -262,9 +261,6 @@ const (
 	rDNSNotPTRErr errors.Error = "the response is not a ptr"
 )
 
-// type check
-var _ RDNSExchanger = (*Server)(nil)
-
 // Exchange implements the RDNSExchanger interface for *Server.
 func (s *Server) Exchange(ip net.IP) (host string, err error) {
 	s.serverLock.RLock()
@@ -679,13 +675,21 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 // IsBlockedClient returns true if the client is blocked by the current access
 // settings.
-func (s *Server) IsBlockedClient(ip netip.Addr, clientID string) (blocked bool, rule string) {
+func (s *Server) IsBlockedClient(ip net.IP, clientID string) (blocked bool, rule string) {
 	s.serverLock.RLock()
 	defer s.serverLock.RUnlock()
 
 	blockedByIP := false
-	if ip != (netip.Addr{}) {
-		blockedByIP, rule = s.access.isBlockedIP(ip)
+	if ip != nil {
+		// TODO(a.garipov):  Remove once we switch to netip.Addr more fully.
+		ipAddr, err := netutil.IPToAddrNoMapped(ip)
+		if err != nil {
+			log.Error("dnsforward: bad client ip %v: %s", ip, err)
+
+			return false, ""
+		}
+
+		blockedByIP, rule = s.access.isBlockedIP(ipAddr)
 	}
 
 	allowlistMode := s.access.allowlistMode()

internal/dnsforward/filter.go

@@ -19,13 +19,13 @@ func (s *Server) beforeRequestHandler(
 	_ *proxy.Proxy,
 	pctx *proxy.DNSContext,
 ) (reply bool, err error) {
+	ip, _ := netutil.IPAndPortFromAddr(pctx.Addr)
 	clientID, err := s.clientIDFromDNSContext(pctx)
 	if err != nil {
 		return false, fmt.Errorf("getting clientid: %w", err)
 	}
 
-	addrPort := netutil.NetAddrToAddrPort(pctx.Addr)
-	blocked, _ := s.IsBlockedClient(addrPort.Addr(), clientID)
+	blocked, _ := s.IsBlockedClient(ip, clientID)
 	if blocked {
 		return s.preBlockedResponse(pctx)
 	}

internal/filtering/filter_test.go

@@ -11,7 +11,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/AdguardTeam/golibs/netutil"
+	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -40,7 +40,7 @@ func serveFiltersLocally(t *testing.T, fltContent []byte) (ipp netip.AddrPort) {
 	addr := l.Addr()
 	require.IsType(t, new(net.TCPAddr), addr)
 
-	return netip.AddrPortFrom(netutil.IPv4Localhost(), uint16(addr.(*net.TCPAddr).Port))
+	return netip.AddrPortFrom(aghnet.IPv4Localhost(), uint16(addr.(*net.TCPAddr).Port))
 }
 
 func TestFilters(t *testing.T) {

internal/filtering/servicelist.go

@@ -34,7 +34,6 @@ var blockedServices = []blockedService{{
 		"||amazon.com.au^",
 		"||amazon.com.br^",
 		"||amazon.com.mx^",
-		"||amazon.com.tr^",
 		"||amazon.com^",
 		"||amazon.de^",
 		"||amazon.es^",
@@ -74,29 +73,19 @@ var blockedServices = []blockedService{{
 	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 50 50\"><path d=\"M38 10.813l-.906 3.78-1.907-3.405v1.718c2.899 2.301 4.926 5.79 5.126 9.688.699-.2 1.3-.188 2-.188 1.374 0 2.667.297 3.812.875l-1.031-.593 3.812-.875-3.812-.907L48.5 19h-3.813l2.813-2.688-3.688 1.094 2-3.312-3.312 2 1.094-3.688-2.688 2.781.094-3.874-2 3.28zM27 11c-5 0-9.414 2.992-11.313 7.594-.699-.399-1.687-.688-2.687-.688-3.2 0-5.906 2.606-5.906 5.907v.5c-3.899.3-7.094 3.68-7.094 7.78 0 .802.113 1.52.313 2.22.101.398.5.687 1 .687h47c.398 0 .675-.195.874-.594.5-1.101.813-2.207.813-3.406 0-4.2-3.488-7.594-7.688-7.594-.8 0-1.511.082-2.312.282l4.906 6.625-5.5-4.5L22 29.593l15.094-4.905L28.5 21.5l10.688 1.813v-.125C39.188 16.488 33.699 11 27 11zm19.781 12.656c.434.274.844.586 1.219.938h.5z\" /></svg>"),
 	Rules: []string{
 		"||1.1.1.1^",
-		"||argotunnel.com^",
 		"||cloudflare-dns.com^",
-		"||cloudflare-ipfs.com^",
-		"||cloudflare-quic.com^",
 		"||cloudflare.cn^",
 		"||cloudflare.com^",
 		"||cloudflare.net^",
-		"||cloudflareaccess.com^",
-		"||cloudflareapps.com^",
 		"||cloudflarebolt.com^",
 		"||cloudflareclient.com^",
 		"||cloudflareinsights.com^",
 		"||cloudflareresolve.com^",
 		"||cloudflarestatus.com^",
 		"||cloudflarestream.com^",
-		"||cloudflarewarp.com^",
 		"||dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion^",
 		"||one.one^",
-		"||pages.dev^",
-		"||trycloudflare.com^",
-		"||videodelivery.net^",
 		"||warp.plus^",
-		"||workers.dev^",
 	},
 }, {
 	ID:      "dailymotion",
@@ -122,7 +111,6 @@ var blockedServices = []blockedService{{
 	Rules: []string{
 		"||discord.com^",
 		"||discord.gg^",
-		"||discord.gift",
 		"||discord.media^",
 		"||discordapp.com^",
 		"||discordapp.net^",
@@ -134,20 +122,8 @@ var blockedServices = []blockedService{{
 	Rules: []string{
 		"||disney-plus.net^",
 		"||disney.playback.edge.bamgrid.com^",
-		"||disneynow.com^",
 		"||disneyplus.com^",
-		"||hotstar.com^",
 		"||media.dssott.com^",
-		"||star.playback.edge.bamgrid.com^",
-		"||starplus.com^",
-	},
-}, {
-	ID:      "douban",
-	Name:    "Douban",
-	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 50 50\"><path d=\"M36.54 18.51H13.315v8.012H36.54zM8.58 14.32h32.643v16.39H8.581zM5.146 5.754h39.516v4.193H5.145zm11.051 25.652c1.73 2.416 3.28 5.336 4.647 8.748h8.263c1.637-2.632 3.076-5.552 4.31-8.748l4.75 1.631c-1.241 2.694-2.581 5.07-4.003 7.117h11.615v4.147H4.028v-4.147h12.168c-1.117-2.203-2.568-4.574-4.371-7.117z\" /></svg>"),
-	Rules: []string{
-		"||douban.com^",
-		"||doubanio.com^",
 	},
 }, {
 	ID:      "ebay",
@@ -200,13 +176,11 @@ var blockedServices = []blockedService{{
 		"||facebook.net^",
 		"||facebookcorewwwi.onion^",
 		"||fb.com^",
-		"||fb.gg^",
 		"||fb.me^",
 		"||fb.watch^",
 		"||fbcdn.com^",
 		"||fbcdn.net^",
 		"||fbsbx.com^",
-		"||fbwat.ch^",
 		"||messenger.com^",
 	},
 }, {
@@ -246,111 +220,6 @@ var blockedServices = []blockedService{{
 	Rules: []string{
 		"||mail.ru^",
 	},
-}, {
-	ID:      "mastodon",
-	Name:    "Mastodon",
-	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 512 512\"><path d=\"M433 179.11c0-97.2-63.71-125.7-63.71-125.7-62.52-28.7-228.56-28.4-290.48 0 0 0-63.72 28.5-63.72 125.7 0 115.7-6.6 259.4 105.63 289.1 40.51 10.7 75.32 13 103.33 11.4 50.81-2.8 79.32-18.1 79.32-18.1l-1.7-36.9s-36.31 11.4-77.12 10.1c-40.41-1.4-83-4.4-89.63-54a102.54 102.54 0 0 1-.9-13.9c85.63 20.9 158.65 9.1 178.75 6.7 56.12-6.7 105-41.3 111.23-72.9 9.8-49.8 9-121.5 9-121.5zm-75.12 125.2h-46.63v-114.2c0-49.7-64-51.6-64 6.9v62.5h-46.33V197c0-58.5-64-56.6-64-6.9v114.2H90.19c0-122.1-5.2-147.9 18.41-175 25.9-28.9 79.82-30.8 103.83 6.1l11.6 19.5 11.6-19.5c24.11-37.1 78.12-34.8 103.83-6.1 23.71 27.3 18.4 53 18.4 175z\"/></svg>"),
-	Rules: []string{
-		"||awscommunity.social^",
-		"||colorid.es^",
-		"||dizl.de^",
-		"||dju.social^",
-		"||dresden.network^",
-		"||fedibird.com^",
-		"||fosstodon.org^",
-		"||freiburg.social^",
-		"||glasgow.social^",
-		"||h4.io^",
-		"||hachyderm.io^",
-		"||hessen.social^",
-		"||hispagatos.space^",
-		"||home.social^",
-		"||hostux.social^",
-		"||ieji.de^",
-		"||indieweb.social^",
-		"||ioc.exchange^",
-		"||kfem.cat^",
-		"||kolektiva.social^",
-		"||kurry.social^",
-		"||libretooth.gr^",
-		"||livellosegreto.it^",
-		"||lor.sh^",
-		"||m.cmx.im^",
-		"||mast.dragon-fly.club^",
-		"||masto.ai^",
-		"||masto.es^",
-		"||masto.nobigtech.es^",
-		"||masto.pt^",
-		"||mastodon-belgium.be^",
-		"||mastodon.au^",
-		"||mastodon.bida.im^",
-		"||mastodon.eus^",
-		"||mastodon.ie^",
-		"||mastodon.iriseden.eu^",
-		"||mastodon.nl^",
-		"||mastodon.nu^",
-		"||mastodon.nz^",
-		"||mastodon.online^",
-		"||mastodon.scot^",
-		"||mastodon.sdf.org^",
-		"||mastodon.se^",
-		"||mastodon.social^",
-		"||mastodon.uno^",
-		"||mastodon.world^",
-		"||mastodon.zaclys.com^",
-		"||mastodonapp.uk^",
-		"||mastodont.cat^",
-		"||mastodontech.de^",
-		"||mastodontti.fi^",
-		"||mastouille.fr^",
-		"||mathstodon.xyz^",
-		"||mindly.social^",
-		"||mstdn.ca^",
-		"||mstdn.jp^",
-		"||mstdn.party^",
-		"||mstdn.social^",
-		"||muenchen.social^",
-		"||muenster.im^",
-		"||newsie.social^",
-		"||noc.social^",
-		"||norden.social^",
-		"||nrw.social^",
-		"||o3o.ca^",
-		"||ohai.social^",
-		"||oslo.town^",
-		"||pettingzoo.co^",
-		"||pewtix.com^",
-		"||phpc.social^",
-		"||piaille.fr^",
-		"||pol.social^",
-		"||qdon.space^",
-		"||ravenation.club^",
-		"||rollenspiel.social^",
-		"||ruby.social^",
-		"||ruhr.social^",
-		"||sfba.social^",
-		"||snabelen.no^",
-		"||social.anoxinon.de^",
-		"||social.cologne^",
-		"||social.dev-wiki.de^",
-		"||social.politicaconciencia.org^",
-		"||social.vivaldi.net^",
-		"||sociale.network^",
-		"||sueden.social^",
-		"||techhub.social^",
-		"||theblower.au^",
-		"||tkz.one^",
-		"||toot.aquilenet.fr^",
-		"||toot.funami.tech^",
-		"||toot.wales^",
-		"||troet.cafe^",
-		"||uiuxdev.social^",
-		"||union.place^",
-		"||universeodon.com^",
-		"||urbanists.social^",
-		"||vocalodon.net^",
-		"||wxw.moe^",
-	},
 }, {
 	ID:      "minecraft",
 	Name:    "Minecraft",
@@ -400,9 +269,8 @@ var blockedServices = []blockedService{{
 	Name:    "QQ",
 	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 32 32\"><g fill=\"none\" fillRule=\"evenodd\"><path d=\"M0 0h32v32H0z\" /><g fill=\"currentColor\" fillRule=\"nonzero\"><path d=\"M11.25 32C8.342 32 6 30.74 6 29.242c0-1.497 2.342-2.757 5.25-2.757s5.25 1.26 5.25 2.757S14.158 32 11.25 32zM27 29.242c0-1.497-2.342-2.757-5.25-2.757s-5.25 1.26-5.25 2.757S18.842 32 21.75 32 27 30.74 27 29.242zM14.885 7.182c0 .63-.323 1.182-.808 1.182-.485 0-.808-.552-.808-1.182 0-.63.323-1.182.808-1.182.485 0 .808.552.808 1.182zM18.923 6c-.485 0-.808.552-.808 1.182 0 .63.323-.394.808-.394.485 0 .808 1.024.808.394S19.408 6 18.923 6z\" /><path d=\"M6.653 12.638s4.685 2.465 9.926 2.465c5.242 0 9.927-2.465 9.927-2.465.112-.09.217-.161.316-.212-.002-1.088-.078-2.026-.078-2.808C26.744 4.292 22.138 0 16.5 0S6.176 4.292 6.176 9.618v2.78c.146.042.3.113.477.24zm12.626-8.664c1.112 0 1.986 1.272 1.986 2.782s-.874 2.782-1.986 2.782c-1.111 0-1.985-1.271-1.985-2.782 0-1.51.874-2.782 1.985-2.782zm-5.558 0c1.111 0 1.985 1.272 1.985 2.782s-.874 2.782-1.985 2.782c-1.112 0-1.986-1.271-1.986-2.782 0-1.51.874-2.782 1.986-2.782zm2.779 6.624c2.912 0 5.294.464 5.294.994s-2.382 1.656-5.294 1.656c-2.912 0-5.294-1.126-5.294-1.656s2.382-.994 5.294-.994zm11.374 5.182c-.058.038-.108.076-.177.117-.159.08-5.241 3.18-11.038 3.18-1.43 0-2.7-.239-3.97-.477-.239 1.67-.239 3.259-.239 3.974 0 1.272-1.032 1.193-2.303 1.272-1.27 0-2.223.16-2.303-1.033 0-.16-.08-2.782.397-5.564-1.588-.716-2.62-1.272-2.7-1.352a3.293 3.293 0 01-.335-.216C4.012 17.55 3 19.598 3 21.223c0 3.815 1.112 3.418 1.112 3.418.476 0 1.27-.795 1.985-1.67C7.765 27.662 11.735 31 16.5 31c4.765 0 8.735-3.338 10.403-8.028.715.874 1.509 1.669 1.985 1.669 0 0 1.112.397 1.112-3.418 0-1.588-.968-3.631-2.126-5.443z\" /></g></g></svg>"),
 	Rules: []string{
-		"||qq-video.cdn-go.cn^",
-		"||qq.com^$denyallow=wx.qq.com|weixin.qq.com",
-		"||url.cn^",
+		"^(?!weixin|wx)([^.]+\\.)?qq\\.com$",
+		"||qqzaixian.com^",
 	},
 }, {
 	ID:      "reddit",
@@ -429,11 +297,8 @@ var blockedServices = []blockedService{{
 	Name:    "Skype",
 	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 26 26\"><path d=\"M23.363 14.387c.153-.739.23-1.5.23-2.266C23.594 5.883 18.45.805 12.122.805c-.594 0-1.191.047-1.781.136A6.891 6.891 0 0 0 6.852 0C3.074 0 0 3.035 0 6.762c0 1.144.293 2.27.852 3.265-.133.688-.2 1.391-.2 2.094 0 6.238 5.149 11.316 11.47 11.316.648 0 1.3-.054 1.94-.164.95.477 2.012.727 3.086.727C20.926 24 24 20.969 24 17.238c0-1.004-.215-1.96-.637-2.851zM17.758 17.3c-.508.707-1.258 1.27-2.23 1.668-.966.394-2.122.593-3.434.593-1.578 0-2.903-.273-3.934-.812a5.074 5.074 0 0 1-1.808-1.582c-.47-.664-.707-1.324-.707-1.961 0-.395.156-.738.457-1.023.304-.278.687-.418 1.148-.418.379 0 .703.109.969.332.254.21.469.523.644.93.192.437.407.808.633 1.1.211.282.524.52.918.704.399.188.938.281 1.598.281.91 0 1.652-.191 2.215-.57.546-.367.812-.813.812-1.352 0-.43-.14-.765-.422-1.027-.3-.277-.699-.492-1.176-.637-.5-.152-1.18-.32-2.015-.496-1.14-.238-2.11-.523-2.88-.847-.788-.332-1.425-.79-1.89-1.364-.472-.582-.71-1.312-.71-2.172 0-.816.253-1.554.75-2.191.488-.633 1.206-1.125 2.132-1.46.91-.333 1.996-.5 3.223-.5.98 0 1.844.108 2.566.331.723.223 1.336.524 1.813.89.484.376.843.774 1.07 1.188.227.418.344.832.344 1.235 0 .386-.153.738-.453 1.046-.297.31-.68.465-1.125.465-.41 0-.727-.097-.95-.289-.207-.18-.418-.46-.656-.863-.273-.516-.605-.918-.984-1.203-.371-.277-.989-.418-1.836-.418-.79 0-1.43.156-1.902.465-.461.293-.684.633-.684 1.039 0 .246.07.449.219.629.156.187.379.351.656.488.289.145.586.258.883.34.308.082.82.207 1.523.367.887.191 1.707.398 2.43.625.73.234 1.363.516 1.879.848.527.34.941.773 1.238 1.293.297.52.445 1.16.445 1.91a4.07 4.07 0 0 1-.77 2.418zm0 0\" /></svg>"),
 	Rules: []string{
-		"||edge-skype-com.s-0001.s-msedge.net^",
-		"||skype-edf.akadns.net^",
 		"||skype.com^",
 		"||skypeassets.com^",
-		"||skypedata.akadns.net^",
 	},
 }, {
 	ID:      "snapchat",
@@ -494,14 +359,10 @@ var blockedServices = []blockedService{{
 		"||bdurl.com^",
 		"||bytecdn.cn^",
 		"||bytedance.map.fastly.net^",
-		"||bytedapm.com^",
 		"||byteimg.com^",
-		"||byteoversea.com^",
 		"||douyin.com^",
 		"||douyincdn.com^",
-		"||douyinpic.com^",
-		"||douyinstatic.com^",
-		"||douyinvod.com^",
+		"||ixigua.com^",
 		"||ixigua.com^",
 		"||ixiguavideo.com^",
 		"||muscdn.com^",
@@ -514,7 +375,6 @@ var blockedServices = []blockedService{{
 		"||toutiao.com^",
 		"||toutiaocloud.com^",
 		"||toutiaocloud.net^",
-		"||toutiaovod.com^",
 	},
 }, {
 	ID:      "tinder",
@@ -577,9 +437,7 @@ var blockedServices = []blockedService{{
 	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 50 50\"><path d=\"M 19 6 C 9.625 6 2 12.503906 2 20.5 C 2 24.769531 4.058594 28.609375 7.816406 31.390625 L 5.179688 39.304688 L 13.425781 34.199219 C 15.714844 34.917969 18.507813 35.171875 21.203125 34.875 C 23.390625 39.109375 28.332031 42 34 42 C 35.722656 42 37.316406 41.675781 38.796875 41.234375 L 45.644531 45.066406 L 43.734375 38.515625 C 46.3125 36.375 48 33.394531 48 30 C 48 23.789063 42.597656 18.835938 35.75 18.105469 C 34.40625 11.152344 27.367188 6 19 6 Z M 13 14 C 14.101563 14 15 14.898438 15 16 C 15 17.101563 14.101563 18 13 18 C 11.898438 18 11 17.101563 11 16 C 11 14.898438 11.898438 14 13 14 Z M 25 14 C 26.101563 14 27 14.898438 27 16 C 27 17.101563 26.101563 18 25 18 C 23.898438 18 23 17.101563 23 16 C 23 14.898438 23.898438 14 25 14 Z M 34 20 C 40.746094 20 46 24.535156 46 30 C 46 32.957031 44.492188 35.550781 42.003906 37.394531 L 41.445313 37.8125 L 42.355469 40.933594 L 39.105469 39.109375 L 38.683594 39.25 C 37.285156 39.71875 35.6875 40 34 40 C 27.253906 40 22 35.464844 22 30 C 22 24.535156 27.253906 20 34 20 Z M 29.5 26 C 28.699219 26 28 26.699219 28 27.5 C 28 28.300781 28.699219 29 29.5 29 C 30.300781 29 31 28.300781 31 27.5 C 31 26.699219 30.300781 26 29.5 26 Z M 38.5 26 C 37.699219 26 37 26.699219 37 27.5 C 37 28.300781 37.699219 29 38.5 29 C 39.300781 29 40 28.300781 40 27.5 C 40 26.699219 39.300781 26 38.5 26 Z\" /></svg>"),
 	Rules: []string{
 		"||wechat.com^",
-		"||weixin.qq.com.cn^",
 		"||weixin.qq.com^",
-		"||weixinbridge.com^",
 		"||wx.qq.com^",
 	},
 }, {
@@ -587,9 +445,7 @@ var blockedServices = []blockedService{{
 	Name:    "Weibo",
 	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 50 50\"><path d=\"M 35 6 C 34.222656 6 33.472656 6.078125 32.75 6.207031 C 32.207031 6.300781 31.84375 6.820313 31.9375 7.363281 C 32.03125 7.910156 32.550781 8.273438 33.09375 8.179688 C 33.726563 8.066406 34.359375 8 35 8 C 41.085938 8 46 12.914063 46 19 C 46 20.316406 45.757813 21.574219 45.328125 22.753906 C 45.195313 23.09375 45.253906 23.476563 45.484375 23.757813 C 45.71875 24.039063 46.082031 24.171875 46.441406 24.105469 C 46.800781 24.039063 47.09375 23.78125 47.207031 23.4375 C 47.710938 22.054688 48 20.566406 48 19 C 48 11.832031 42.167969 6 35 6 Z M 35 12 C 34.574219 12 34.171875 12.042969 33.789063 12.109375 C 33.246094 12.207031 32.878906 12.722656 32.976563 13.269531 C 33.070313 13.8125 33.589844 14.175781 34.132813 14.082031 C 34.425781 14.03125 34.714844 14 35 14 C 37.773438 14 40 16.226563 40 19 C 40 19.597656 39.890625 20.167969 39.691406 20.707031 C 39.503906 21.226563 39.773438 21.800781 40.292969 21.988281 C 40.8125 22.175781 41.386719 21.910156 41.574219 21.390625 C 41.84375 20.648438 42 19.84375 42 19 C 42 15.144531 38.855469 12 35 12 Z M 21.175781 12.40625 C 17.964844 12.34375 13.121094 14.878906 8.804688 19.113281 C 4.511719 23.40625 2 27.90625 2 31.78125 C 2 39.3125 11.628906 43.8125 21.152344 43.8125 C 33.5 43.8125 41.765625 36.699219 41.765625 31.046875 C 41.765625 27.59375 38.835938 25.707031 36.21875 24.871094 C 35.59375 24.660156 35.175781 24.558594 35.488281 23.71875 C 35.695313 23.21875 36 22.265625 36 21 C 36 19.5625 35 18.316406 33 18.09375 C 32.007813 17.984375 28 18 25.339844 19.113281 C 25.339844 19.113281 23.871094 19.746094 24.289063 18.59375 C 25.023438 16.292969 24.917969 14.40625 23.765625 13.359375 C 23.140625 12.730469 22.25 12.425781 21.175781 12.40625 Z M 20.3125 23.933594 C 28.117188 23.933594 34.441406 27.914063 34.441406 32.828125 C 34.441406 37.738281 28.117188 41.71875 20.3125 41.71875 C 12.511719 41.71875 6.1875 37.738281 6.1875 32.828125 C 6.1875 27.914063 12.511719 23.933594 20.3125 23.933594 Z M 19.265625 26.023438 C 16.246094 26.046875 13.3125 27.699219 12.039063 30.246094 C 10.46875 33.484375 11.933594 37.042969 15.699219 38.191406 C 19.464844 39.445313 23.960938 37.5625 25.53125 34.113281 C 27.097656 30.769531 25.113281 27.214844 21.347656 26.277344 C 20.660156 26.097656 19.960938 26.019531 19.265625 26.023438 Z M 20.824219 30.25 C 21.402344 30.25 21.871094 30.714844 21.871094 31.292969 C 21.871094 31.871094 21.402344 32.339844 20.824219 32.339844 C 20.246094 32.339844 19.777344 31.871094 19.777344 31.292969 C 19.777344 30.714844 20.246094 30.25 20.824219 30.25 Z M 16.417969 31.292969 C 16.746094 31.296875 17.074219 31.347656 17.382813 31.453125 C 18.722656 31.878906 19.132813 33.148438 18.308594 34.207031 C 17.589844 35.265625 15.945313 35.792969 14.707031 35.265625 C 13.476563 34.738281 13.167969 33.464844 13.886719 32.515625 C 14.425781 31.71875 15.429688 31.28125 16.417969 31.292969 Z\" /></svg>"),
 	Rules: []string{
-		"||weibo.cn^",
 		"||weibo.com^",
-		"||weibocdn.com^",
 	},
 }, {
 	ID:      "whatsapp",
@@ -605,21 +461,11 @@ var blockedServices = []blockedService{{
 	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 24 24\"><path d=\"M19.695 4.04S15.348 3.2 12 3.2s-7.695.84-7.695.84L1.602 7.2v9.6l2.703 3.16s4.347.84 7.695.84 7.695-.84 7.695-.84l2.703-3.16V12 7.2zM9.602 15.68V8.32L16 12zm0 0\" /><path d=\"M19.2 4a3.198 3.198 0 1 0 0 6.398c1.769 0 3.198-1.43 3.198-3.199C22.398 5.434 20.968 4 19.2 4zm0 9.602a3.198 3.198 0 1 0 0 6.398c1.769 0 3.198-1.434 3.198-3.2 0-1.769-1.43-3.198-3.199-3.198zM1.601 7.199c0 1.77 1.43 3.2 3.199 3.2 1.765 0 2.398-1.43 2.398-3.2C7.2 5.434 6.566 4 4.801 4 3.03 4 1.6 5.434 1.6 7.2zM4.8 13.602c-1.77 0-3.2 1.43-3.2 3.199A3.198 3.198 0 1 0 8 16.8c0-1.77-1.434-3.2-3.2-3.2zm0 0\" /></svg>"),
 	Rules: []string{
 		"||googlevideo.com^",
-		"||wide-youtube.l.google.com^",
 		"||youtu.be^",
 		"||youtube",
 		"||youtube-nocookie.com^",
 		"||youtube.com^",
 		"||youtubei.googleapis.com^",
-		"||youtubekids.com^",
 		"||ytimg.com^",
 	},
-}, {
-	ID:      "zhihu",
-	Name:    "Zhihu",
-	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 30 30\"><path d=\"M14.46 14.191H9.982c0-.471.033-.954.039-1.458v-5.5h5.106V5.935a1.352 1.352 0 00-.404-.957 1.378 1.378 0 00-.968-.396H5.783c.028-.088.056-.177.084-.255.274-.82 1.153-3.326 1.153-3.326a4.262 4.262 0 00-2.413.698c-.57.4-.912.682-1.371 1.946-.532 1.453-.997 2.856-1.31 3.693C1.444 8.674.28 11.025.28 11.025a5.85 5.85 0 002.52-.61c1.119-.593 1.679-1.502 2.054-2.883l.09-.3h2.334v5.5c0 .5-.045.982-.073 1.46h-4.12c-.71 0-1.39.278-1.893.775a2.638 2.638 0 00-.783 1.874h6.527a17.717 17.717 0 01-.778 3.649 16.796 16.796 0 01-3.012 5.273A33.104 33.104 0 010 28.74s3.13 1.175 5.425-.954c1.388-1.292 2.631-3.814 3.23-5.727a28.09 28.09 0 001.12-5.229h5.967v-1.37a1.254 1.254 0 00-.373-.899 1.279 1.279 0 00-.909-.37zm-3.19 5.484l-2.312 1.491 5.038 7.458a6.905 6.905 0 00.672-2.218 3.15 3.15 0 00-.28-2.168l-3.118-4.563zM29.05 4.582H16.733V25.94h3.018l.403 2.572 4.081-2.572h4.815V4.582zm-5.207 18.69l-2.396 1.509-.235-1.508h-1.724V7.233h6.78v16.04h-2.425z\" /></svg>"),
-	Rules: []string{
-		"||zhihu.com^",
-		"||zhimg.com^",
-	},
 }}

internal/home/clients.go

@@ -129,7 +129,7 @@ type RuntimeClientWHOISInfo struct {
 
 type clientsContainer struct {
 	// TODO(a.garipov): Perhaps use a number of separate indices for
-	// different types (string, netip.Addr, and so on).
+	// different types (string, net.IP, and so on).
 	list    map[string]*Client // name -> client
 	idIndex map[string]*Client // ID -> client
 
@@ -333,7 +333,7 @@ func (clients *clientsContainer) onDHCPLeaseChanged(flags int) {
 }
 
 // exists checks if client with this IP address already exists.
-func (clients *clientsContainer) exists(ip netip.Addr, source clientSource) (ok bool) {
+func (clients *clientsContainer) exists(ip net.IP, source clientSource) (ok bool) {
 	clients.lock.Lock()
 	defer clients.lock.Unlock()
 
@@ -342,7 +342,7 @@ func (clients *clientsContainer) exists(ip netip.Addr, source clientSource) (ok
 		return true
 	}
 
-	rc, ok := clients.ipToRC[ip]
+	rc, ok := clients.findRuntimeClientLocked(ip)
 	if !ok {
 		return false
 	}
@@ -371,8 +371,7 @@ func (clients *clientsContainer) findMultiple(ids []string) (c *querylog.Client,
 	var artClient *querylog.Client
 	var art bool
 	for _, id := range ids {
-		ip, _ := netip.ParseAddr(id)
-		c, art = clients.clientOrArtificial(ip, id)
+		c, art = clients.clientOrArtificial(net.ParseIP(id), id)
 		if art {
 			artClient = c
 
@@ -390,7 +389,7 @@ func (clients *clientsContainer) findMultiple(ids []string) (c *querylog.Client,
 // records about this client besides maybe whether or not it is blocked.  c is
 // never nil.
 func (clients *clientsContainer) clientOrArtificial(
-	ip netip.Addr,
+	ip net.IP,
 	id string,
 ) (c *querylog.Client, art bool) {
 	defer func() {
@@ -407,6 +406,13 @@ func (clients *clientsContainer) clientOrArtificial(
 		}, false
 	}
 
+	if ip == nil {
+		// Technically should never happen, but still.
+		return &querylog.Client{
+			Name: "",
+		}, true
+	}
+
 	var rc *RuntimeClient
 	rc, ok = clients.findRuntimeClient(ip)
 	if ok {
@@ -486,20 +492,19 @@ func (clients *clientsContainer) findLocked(id string) (c *Client, ok bool) {
 		return c, true
 	}
 
-	ip, err := netip.ParseAddr(id)
-	if err != nil {
+	ip := net.ParseIP(id)
+	if ip == nil {
 		return nil, false
 	}
 
 	for _, c = range clients.list {
 		for _, id := range c.IDs {
-			var n netip.Prefix
-			n, err = netip.ParsePrefix(id)
+			_, ipnet, err := net.ParseCIDR(id)
 			if err != nil {
 				continue
 			}
 
-			if n.Contains(ip) {
+			if ipnet.Contains(ip) {
 				return c, true
 			}
 		}
@@ -509,20 +514,19 @@ func (clients *clientsContainer) findLocked(id string) (c *Client, ok bool) {
 		return nil, false
 	}
 
-	macFound := clients.dhcpServer.FindMACbyIP(ip.AsSlice())
+	macFound := clients.dhcpServer.FindMACbyIP(ip)
 	if macFound == nil {
 		return nil, false
 	}
 
 	for _, c = range clients.list {
 		for _, id := range c.IDs {
-			var mac net.HardwareAddr
-			mac, err = net.ParseMAC(id)
+			hwAddr, err := net.ParseMAC(id)
 			if err != nil {
 				continue
 			}
 
-			if bytes.Equal(mac, macFound) {
+			if bytes.Equal(hwAddr, macFound) {
 				return c, true
 			}
 		}
@@ -531,18 +535,32 @@ func (clients *clientsContainer) findLocked(id string) (c *Client, ok bool) {
 	return nil, false
 }
 
+// findRuntimeClientLocked finds a runtime client by their IP address.  For
+// internal use only.
+func (clients *clientsContainer) findRuntimeClientLocked(ip net.IP) (rc *RuntimeClient, ok bool) {
+	// TODO(a.garipov):  Remove once we switch to netip.Addr more fully.
+	ipAddr, err := netutil.IPToAddrNoMapped(ip)
+	if err != nil {
+		log.Error("clients: bad client ip %v: %s", ip, err)
+
+		return nil, false
+	}
+
+	rc, ok = clients.ipToRC[ipAddr]
+
+	return rc, ok
+}
+
 // findRuntimeClient finds a runtime client by their IP.
-func (clients *clientsContainer) findRuntimeClient(ip netip.Addr) (rc *RuntimeClient, ok bool) {
-	if ip == (netip.Addr{}) {
+func (clients *clientsContainer) findRuntimeClient(ip net.IP) (rc *RuntimeClient, ok bool) {
+	if ip == nil {
 		return nil, false
 	}
 
 	clients.lock.Lock()
 	defer clients.lock.Unlock()
 
-	rc, ok = clients.ipToRC[ip]
-
-	return rc, ok
+	return clients.findRuntimeClientLocked(ip)
 }
 
 // check validates the client.
@@ -560,16 +578,14 @@ func (clients *clientsContainer) check(c *Client) (err error) {
 
 	for i, id := range c.IDs {
 		// Normalize structured data.
-		var (
-			ip  netip.Addr
-			n   netip.Prefix
-			mac net.HardwareAddr
-		)
-
-		if ip, err = netip.ParseAddr(id); err == nil {
+		var ip net.IP
+		var ipnet *net.IPNet
+		var mac net.HardwareAddr
+		if ip = net.ParseIP(id); ip != nil {
 			c.IDs[i] = ip.String()
-		} else if n, err = netip.ParsePrefix(id); err == nil {
-			c.IDs[i] = n.String()
+		} else if ip, ipnet, err = net.ParseCIDR(id); err == nil {
+			ipnet.IP = ip
+			c.IDs[i] = ipnet.String()
 		} else if mac, err = net.ParseMAC(id); err == nil {
 			c.IDs[i] = mac.String()
 		} else if err = dnsforward.ValidateClientID(id); err == nil {
@@ -734,7 +750,7 @@ func (clients *clientsContainer) Update(name string, c *Client) (err error) {
 }
 
 // setWHOISInfo sets the WHOIS information for a client.
-func (clients *clientsContainer) setWHOISInfo(ip netip.Addr, wi *RuntimeClientWHOISInfo) {
+func (clients *clientsContainer) setWHOISInfo(ip net.IP, wi *RuntimeClientWHOISInfo) {
 	clients.lock.Lock()
 	defer clients.lock.Unlock()
 
@@ -744,7 +760,7 @@ func (clients *clientsContainer) setWHOISInfo(ip netip.Addr, wi *RuntimeClientWH
 		return
 	}
 
-	rc, ok := clients.ipToRC[ip]
+	rc, ok := clients.findRuntimeClientLocked(ip)
 	if ok {
 		rc.WHOISInfo = wi
 		log.Debug("clients: set whois info for runtime client %s: %+v", rc.Host, wi)
@@ -760,22 +776,32 @@ func (clients *clientsContainer) setWHOISInfo(ip netip.Addr, wi *RuntimeClientWH
 
 	rc.WHOISInfo = wi
 
-	clients.ipToRC[ip] = rc
+	// TODO(a.garipov):  Remove once we switch to netip.Addr more fully.
+	ipAddr, err := netutil.IPToAddrNoMapped(ip)
+	if err != nil {
+		log.Error("clients: bad client ip %v: %s", ip, err)
+
+		return
+	}
+
+	clients.ipToRC[ipAddr] = rc
 
 	log.Debug("clients: set whois info for runtime client with ip %s: %+v", ip, wi)
 }
 
 // AddHost adds a new IP-hostname pairing.  The priorities of the sources are
 // taken into account.  ok is true if the pairing was added.
-func (clients *clientsContainer) AddHost(
-	ip netip.Addr,
-	host string,
-	src clientSource,
-) (ok bool) {
+func (clients *clientsContainer) AddHost(ip net.IP, host string, src clientSource) (ok bool, err error) {
 	clients.lock.Lock()
 	defer clients.lock.Unlock()
 
-	return clients.addHostLocked(ip, host, src)
+	// TODO(a.garipov):  Remove once we switch to netip.Addr more fully.
+	ipAddr, err := netutil.IPToAddrNoMapped(ip)
+	if err != nil {
+		return false, fmt.Errorf("adding host: %w", err)
+	}
+
+	return clients.addHostLocked(ipAddr, host, src), nil
 }
 
 // addHostLocked adds a new IP-hostname pairing.  clients.lock is expected to be

internal/home/clients_test.go

@@ -22,18 +22,8 @@ func TestClients(t *testing.T) {
 	clients.Init(nil, nil, nil, nil)
 
 	t.Run("add_success", func(t *testing.T) {
-		var (
-			cliNone = "1.2.3.4"
-			cli1    = "1.1.1.1"
-			cli2    = "2.2.2.2"
-
-			cliNoneIP = netip.MustParseAddr(cliNone)
-			cli1IP    = netip.MustParseAddr(cli1)
-			cli2IP    = netip.MustParseAddr(cli2)
-		)
-
 		c := &Client{
-			IDs:  []string{cli1, "1:2:3::4", "aa:aa:aa:aa:aa:aa"},
+			IDs:  []string{"1.1.1.1", "1:2:3::4", "aa:aa:aa:aa:aa:aa"},
 			Name: "client1",
 		}
 
@@ -43,7 +33,7 @@ func TestClients(t *testing.T) {
 		assert.True(t, ok)
 
 		c = &Client{
-			IDs:  []string{cli2},
+			IDs:  []string{"2.2.2.2"},
 			Name: "client2",
 		}
 
@@ -52,7 +42,7 @@ func TestClients(t *testing.T) {
 
 		assert.True(t, ok)
 
-		c, ok = clients.Find(cli1)
+		c, ok = clients.Find("1.1.1.1")
 		require.True(t, ok)
 
 		assert.Equal(t, "client1", c.Name)
@@ -62,14 +52,14 @@ func TestClients(t *testing.T) {
 
 		assert.Equal(t, "client1", c.Name)
 
-		c, ok = clients.Find(cli2)
+		c, ok = clients.Find("2.2.2.2")
 		require.True(t, ok)
 
 		assert.Equal(t, "client2", c.Name)
 
-		assert.False(t, clients.exists(cliNoneIP, ClientSourceHostsFile))
-		assert.True(t, clients.exists(cli1IP, ClientSourceHostsFile))
-		assert.True(t, clients.exists(cli2IP, ClientSourceHostsFile))
+		assert.False(t, clients.exists(net.IP{1, 2, 3, 4}, ClientSourceHostsFile))
+		assert.True(t, clients.exists(net.IP{1, 1, 1, 1}, ClientSourceHostsFile))
+		assert.True(t, clients.exists(net.IP{2, 2, 2, 2}, ClientSourceHostsFile))
 	})
 
 	t.Run("add_fail_name", func(t *testing.T) {
@@ -113,31 +103,23 @@ func TestClients(t *testing.T) {
 	})
 
 	t.Run("update_success", func(t *testing.T) {
-		var (
-			cliOld = "1.1.1.1"
-			cliNew = "1.1.1.2"
-
-			cliOldIP = netip.MustParseAddr(cliOld)
-			cliNewIP = netip.MustParseAddr(cliNew)
-		)
-
 		err := clients.Update("client1", &Client{
-			IDs:  []string{cliNew},
+			IDs:  []string{"1.1.1.2"},
 			Name: "client1",
 		})
 		require.NoError(t, err)
 
-		assert.False(t, clients.exists(cliOldIP, ClientSourceHostsFile))
-		assert.True(t, clients.exists(cliNewIP, ClientSourceHostsFile))
+		assert.False(t, clients.exists(net.IP{1, 1, 1, 1}, ClientSourceHostsFile))
+		assert.True(t, clients.exists(net.IP{1, 1, 1, 2}, ClientSourceHostsFile))
 
 		err = clients.Update("client1", &Client{
-			IDs:            []string{cliNew},
+			IDs:            []string{"1.1.1.2"},
 			Name:           "client1-renamed",
 			UseOwnSettings: true,
 		})
 		require.NoError(t, err)
 
-		c, ok := clients.Find(cliNew)
+		c, ok := clients.Find("1.1.1.2")
 		require.True(t, ok)
 
 		assert.Equal(t, "client1-renamed", c.Name)
@@ -150,14 +132,14 @@ func TestClients(t *testing.T) {
 
 		require.Len(t, c.IDs, 1)
 
-		assert.Equal(t, cliNew, c.IDs[0])
+		assert.Equal(t, "1.1.1.2", c.IDs[0])
 	})
 
 	t.Run("del_success", func(t *testing.T) {
 		ok := clients.Del("client1-renamed")
 		require.True(t, ok)
 
-		assert.False(t, clients.exists(netip.MustParseAddr("1.1.1.2"), ClientSourceHostsFile))
+		assert.False(t, clients.exists(net.IP{1, 1, 1, 2}, ClientSourceHostsFile))
 	})
 
 	t.Run("del_fail", func(t *testing.T) {
@@ -166,33 +148,45 @@ func TestClients(t *testing.T) {
 	})
 
 	t.Run("addhost_success", func(t *testing.T) {
-		ip := netip.MustParseAddr("1.1.1.1")
-		ok := clients.AddHost(ip, "host", ClientSourceARP)
+		ip := net.IP{1, 1, 1, 1}
+
+		ok, err := clients.AddHost(ip, "host", ClientSourceARP)
+		require.NoError(t, err)
+
 		assert.True(t, ok)
 
-		ok = clients.AddHost(ip, "host2", ClientSourceARP)
+		ok, err = clients.AddHost(ip, "host2", ClientSourceARP)
+		require.NoError(t, err)
+
 		assert.True(t, ok)
 
-		ok = clients.AddHost(ip, "host3", ClientSourceHostsFile)
+		ok, err = clients.AddHost(ip, "host3", ClientSourceHostsFile)
+		require.NoError(t, err)
+
 		assert.True(t, ok)
 
 		assert.True(t, clients.exists(ip, ClientSourceHostsFile))
 	})
 
 	t.Run("dhcp_replaces_arp", func(t *testing.T) {
-		ip := netip.MustParseAddr("1.2.3.4")
-		ok := clients.AddHost(ip, "from_arp", ClientSourceARP)
+		ip := net.IP{1, 2, 3, 4}
+
+		ok, err := clients.AddHost(ip, "from_arp", ClientSourceARP)
+		require.NoError(t, err)
+
 		assert.True(t, ok)
 		assert.True(t, clients.exists(ip, ClientSourceARP))
 
-		ok = clients.AddHost(ip, "from_dhcp", ClientSourceDHCP)
+		ok, err = clients.AddHost(ip, "from_dhcp", ClientSourceDHCP)
+		require.NoError(t, err)
+
 		assert.True(t, ok)
 		assert.True(t, clients.exists(ip, ClientSourceDHCP))
 	})
 
 	t.Run("addhost_fail", func(t *testing.T) {
-		ip := netip.MustParseAddr("1.1.1.1")
-		ok := clients.AddHost(ip, "host1", ClientSourceRDNS)
+		ok, err := clients.AddHost(net.IP{1, 1, 1, 1}, "host1", ClientSourceRDNS)
+		require.NoError(t, err)
 		assert.False(t, ok)
 	})
 }
@@ -209,7 +203,7 @@ func TestClientsWHOIS(t *testing.T) {
 
 	t.Run("new_client", func(t *testing.T) {
 		ip := netip.MustParseAddr("1.1.1.255")
-		clients.setWHOISInfo(ip, whois)
+		clients.setWHOISInfo(ip.AsSlice(), whois)
 		rc := clients.ipToRC[ip]
 		require.NotNil(t, rc)
 
@@ -218,10 +212,12 @@ func TestClientsWHOIS(t *testing.T) {
 
 	t.Run("existing_auto-client", func(t *testing.T) {
 		ip := netip.MustParseAddr("1.1.1.1")
-		ok := clients.AddHost(ip, "host", ClientSourceRDNS)
+		ok, err := clients.AddHost(ip.AsSlice(), "host", ClientSourceRDNS)
+		require.NoError(t, err)
+
 		assert.True(t, ok)
 
-		clients.setWHOISInfo(ip, whois)
+		clients.setWHOISInfo(ip.AsSlice(), whois)
 		rc := clients.ipToRC[ip]
 		require.NotNil(t, rc)
 
@@ -238,7 +234,7 @@ func TestClientsWHOIS(t *testing.T) {
 		require.NoError(t, err)
 		assert.True(t, ok)
 
-		clients.setWHOISInfo(ip, whois)
+		clients.setWHOISInfo(ip.AsSlice(), whois)
 		rc := clients.ipToRC[ip]
 		require.Nil(t, rc)
 
@@ -253,7 +249,7 @@ func TestClientsAddExisting(t *testing.T) {
 	clients.Init(nil, nil, nil, nil)
 
 	t.Run("simple", func(t *testing.T) {
-		ip := netip.MustParseAddr("1.1.1.1")
+		ip := net.IP{1, 1, 1, 1}
 
 		// Add a client.
 		ok, err := clients.Add(&Client{
@@ -264,7 +260,8 @@ func TestClientsAddExisting(t *testing.T) {
 		assert.True(t, ok)
 
 		// Now add an auto-client with the same IP.
-		ok = clients.AddHost(ip, "test", ClientSourceRDNS)
+		ok, err = clients.AddHost(ip, "test", ClientSourceRDNS)
+		require.NoError(t, err)
 		assert.True(t, ok)
 	})
 

internal/home/clientshttp.go

@@ -3,8 +3,8 @@ package home
 import (
 	"encoding/json"
 	"fmt"
+	"net"
 	"net/http"
-	"net/netip"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
 )
@@ -47,8 +47,8 @@ type runtimeClientJSON struct {
 	WHOISInfo *RuntimeClientWHOISInfo `json:"whois_info"`
 
 	Name   string       `json:"name"`
-	IP     netip.Addr   `json:"ip"`
 	Source clientSource `json:"source"`
+	IP     net.IP       `json:"ip"`
 }
 
 type clientListJSON struct {
@@ -75,7 +75,7 @@ func (clients *clientsContainer) handleGetClients(w http.ResponseWriter, r *http
 
 			Name:   rc.Host,
 			Source: rc.Source,
-			IP:     ip,
+			IP:     ip.AsSlice(),
 		}
 
 		data.RuntimeClients = append(data.RuntimeClients, cj)
@@ -218,7 +218,7 @@ func (clients *clientsContainer) handleFindClient(w http.ResponseWriter, r *http
 			break
 		}
 
-		ip, _ := netip.ParseAddr(idStr)
+		ip := net.ParseIP(idStr)
 		c, ok := clients.Find(idStr)
 		var cj *clientJSON
 		if !ok {
@@ -240,7 +240,7 @@ func (clients *clientsContainer) handleFindClient(w http.ResponseWriter, r *http
 // findRuntime looks up the IP in runtime and temporary storages, like
 // /etc/hosts tables, DHCP leases, or blocklists.  cj is guaranteed to be
 // non-nil.
-func (clients *clientsContainer) findRuntime(ip netip.Addr, idStr string) (cj *clientJSON) {
+func (clients *clientsContainer) findRuntime(ip net.IP, idStr string) (cj *clientJSON) {
 	rc, ok := clients.findRuntimeClient(ip)
 	if !ok {
 		// It is still possible that the IP used to be in the runtime clients

internal/home/control.go

@@ -71,7 +71,9 @@ func appendDNSAddrsWithIfaces(dst []string, src []netip.Addr) (res []string, err
 // on, including the addresses on all interfaces in cases of unspecified IPs.
 func collectDNSAddresses() (addrs []string, err error) {
 	if hosts := config.DNS.BindHosts; len(hosts) == 0 {
-		addrs = appendDNSAddrs(addrs, netutil.IPv4Localhost())
+		addr := aghnet.IPv4Localhost()
+
+		addrs = appendDNSAddrs(addrs, addr)
 	} else {
 		addrs, err = appendDNSAddrsWithIfaces(addrs, hosts)
 		if err != nil {

internal/home/dns.go

@@ -8,7 +8,6 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
@@ -151,8 +150,8 @@ func isRunning() bool {
 }
 
 func onDNSRequest(pctx *proxy.DNSContext) {
-	ip := netutil.NetAddrToAddrPort(pctx.Addr).Addr()
-	if ip == (netip.Addr{}) {
+	ip, _ := netutil.IPAndPortFromAddr(pctx.Addr)
+	if ip == nil {
 		// This would be quite weird if we get here.
 		return
 	}
@@ -161,8 +160,7 @@ func onDNSRequest(pctx *proxy.DNSContext) {
 	if srcs.RDNS && !ip.IsLoopback() {
 		Context.rdns.Begin(ip)
 	}
-
-	if srcs.WHOIS && !netutil.IsSpecialPurposeAddr(ip) {
+	if srcs.WHOIS && !netutil.IsSpecialPurpose(ip) {
 		Context.whois.Begin(ip)
 	}
 }
@@ -195,7 +193,11 @@ func ipsToUDPAddrs(ips []netip.Addr, port int) (udpAddrs []*net.UDPAddr) {
 
 func generateServerConfig() (newConf dnsforward.ServerConfig, err error) {
 	dnsConf := config.DNS
-	hosts := aghalg.CoalesceSlice(dnsConf.BindHosts, []netip.Addr{netutil.IPv4Localhost()})
+	hosts := dnsConf.BindHosts
+	if len(hosts) == 0 {
+		hosts = []netip.Addr{aghnet.IPv4Localhost()}
+	}
+
 	newConf = dnsforward.ServerConfig{
 		UDPListenAddrs:  ipsToUDPAddrs(hosts, dnsConf.Port),
 		TCPListenAddrs:  ipsToTCPAddrs(hosts, dnsConf.Port),
@@ -398,12 +400,15 @@ func startDNSServer() error {
 
 	const topClientsNumber = 100 // the number of clients to get
 	for _, ip := range Context.stats.TopClientsIP(topClientsNumber) {
+		if ip == nil {
+			continue
+		}
+
 		srcs := config.Clients.Sources
 		if srcs.RDNS && !ip.IsLoopback() {
 			Context.rdns.Begin(ip)
 		}
-
-		if srcs.WHOIS && !netutil.IsSpecialPurposeAddr(ip) {
+		if srcs.WHOIS && !netutil.IsSpecialPurpose(ip) {
 			Context.whois.Begin(ip)
 		}
 	}

internal/home/home.go

@@ -76,7 +76,9 @@ type homeContext struct {
 
 	configFilename   string // Config filename (can be overridden via the command line arguments)
 	workDir          string // Location of our directory, used to protect against CWD being somewhere else
+	firstRun         bool   // if set to true, don't run any services except HTTP web interface, and serve only first-run html
 	pidFileName      string // PID file name.  Empty if no PID file was created.
+	disableUpdate    bool   // If set, don't check for updates
 	controlLock      sync.Mutex
 	tlsRoots         *x509.CertPool // list of root CAs for TLSv1.2
 	transport        *http.Transport
@@ -86,13 +88,6 @@ type homeContext struct {
 	// tlsCipherIDs are the ID of the cipher suites that AdGuard Home must use.
 	tlsCipherIDs []uint16
 
-	// disableUpdate, if true, tells AdGuard Home to not check for updates.
-	disableUpdate bool
-
-	// firstRun, if true, tells AdGuard Home to only start the web interface
-	// service, and only serve the first-run APIs.
-	firstRun bool
-
 	// runningAsService flag is set to true when options are passed from the service runner
 	runningAsService bool
 }
@@ -467,15 +462,6 @@ func run(opts options, clientBuildFS fs.FS) {
 			mux.HandleFunc("/debug/pprof/profile", pprof.Profile)
 			mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
 			mux.HandleFunc("/debug/pprof/trace", pprof.Trace)
-
-			// See profileSupportsDelta in src/net/http/pprof/pprof.go.
-			mux.Handle("/debug/pprof/allocs", pprof.Handler("allocs"))
-			mux.Handle("/debug/pprof/block", pprof.Handler("block"))
-			mux.Handle("/debug/pprof/goroutine", pprof.Handler("goroutine"))
-			mux.Handle("/debug/pprof/heap", pprof.Handler("heap"))
-			mux.Handle("/debug/pprof/mutex", pprof.Handler("mutex"))
-			mux.Handle("/debug/pprof/threadcreate", pprof.Handler("threadcreate"))
-
 			go func() {
 				log.Info("pprof: listening on localhost:6060")
 				lerr := http.ListenAndServe("localhost:6060", mux)
@@ -542,11 +528,6 @@ func run(opts options, clientBuildFS fs.FS) {
 		}
 	}
 
-	// TODO(a.garipov): This could be made much earlier and could be done on
-	// the first run as well, but to achieve this we need to bypass requests
-	// over dnsforward resolver.
-	cmdlineUpdate(opts)
-
 	Context.web.Start()
 
 	// wait indefinitely for other go-routines to complete their job
@@ -581,7 +562,7 @@ func checkPermissions() {
 	}
 
 	// We should check if AdGuard Home is able to bind to port 53
-	err := aghnet.CheckPort("tcp", netip.AddrPortFrom(netutil.IPv4Localhost(), defaultPortDNS))
+	err := aghnet.CheckPort("tcp", netip.AddrPortFrom(aghnet.IPv4Localhost(), defaultPortDNS))
 	if err != nil {
 		if errors.Is(err, os.ErrPermission) {
 			log.Fatal(`Permission check failed.
@@ -932,37 +913,3 @@ type jsonError struct {
 	// Message is the error message, an opaque string.
 	Message string `json:"message"`
 }
-
-// cmdlineUpdate updates current application and exits.
-func cmdlineUpdate(opts options) {
-	if !opts.performUpdate {
-		return
-	}
-
-	log.Info("starting update")
-
-	if Context.firstRun {
-		log.Info("update not allowed on first run")
-
-		os.Exit(0)
-	}
-
-	_, err := Context.updater.VersionInfo(true)
-	if err != nil {
-		vcu := Context.updater.VersionCheckURL()
-		log.Error("getting version info from %s: %s", vcu, err)
-
-		os.Exit(0)
-	}
-
-	if Context.updater.NewVersion() == "" {
-		log.Info("no updates available")
-
-		os.Exit(0)
-	}
-
-	err = Context.updater.Update()
-	fatalOnError(err)
-
-	os.Exit(0)
-}

internal/home/options.go

@@ -47,9 +47,6 @@ type options struct {
 	// disableUpdate, if set, makes AdGuard Home not check for updates.
 	disableUpdate bool
 
-	// performUpdate, if set, updates AdGuard Home without GUI and exits.
-	performUpdate bool
-
 	// verbose shows if verbose logging is enabled.
 	verbose bool
 
@@ -224,14 +221,6 @@ var cmdLineOpts = []cmdLineOpt{{
 	description:     "Don't check for updates.",
 	longName:        "no-check-update",
 	shortName:       "",
-}, {
-	updateWithValue: nil,
-	updateNoValue:   func(o options) (options, error) { o.performUpdate = true; return o, nil },
-	effect:          nil,
-	serialize:       func(o options) (val string, ok bool) { return "", o.performUpdate },
-	description:     "Update application and exit.",
-	longName:        "update",
-	shortName:       "",
 }, {
 	updateWithValue: nil,
 	updateNoValue:   nil,

internal/home/options_test.go

@@ -103,11 +103,6 @@ func TestParseDisableUpdate(t *testing.T) {
 	assert.True(t, testParseOK(t, "--no-check-update").disableUpdate, "--no-check-update is disable update")
 }
 
-func TestParsePerformUpdate(t *testing.T) {
-	assert.False(t, testParseOK(t).performUpdate, "empty is not perform update")
-	assert.True(t, testParseOK(t, "--update").performUpdate, "--update is perform update")
-}
-
 // TODO(e.burkov):  Remove after v0.108.0.
 func TestParseDisableMemoryOptimization(t *testing.T) {
 	o, eff, err := parseCmdOpts("", []string{"--no-mem-optimization"})
@@ -174,10 +169,6 @@ func TestOptsToArgs(t *testing.T) {
 		name: "disable_update",
 		args: []string{"--no-check-update"},
 		opts: options{disableUpdate: true},
-	}, {
-		name: "perform_update",
-		args: []string{"--update"},
-		opts: options{performUpdate: true},
 	}, {
 		name: "control_action",
 		args: []string{"-s", "run"},

internal/home/rdns.go

@@ -2,7 +2,7 @@ package home
 
 import (
 	"encoding/binary"
-	"net/netip"
+	"net"
 	"sync/atomic"
 	"time"
 
@@ -21,7 +21,7 @@ type RDNS struct {
 	usePrivate uint32
 
 	// ipCh used to pass client's IP to rDNS workerLoop.
-	ipCh chan netip.Addr
+	ipCh chan net.IP
 
 	// ipCache caches the IP addresses to be resolved by rDNS.  The resolved
 	// address stays here while it's inside clients.  After leaving clients the
@@ -50,7 +50,7 @@ func NewRDNS(
 			EnableLRU: true,
 			MaxCount:  defaultRDNSCacheSize,
 		}),
-		ipCh: make(chan netip.Addr, defaultRDNSIPChSize),
+		ipCh: make(chan net.IP, defaultRDNSIPChSize),
 	}
 	if usePrivate {
 		rDNS.usePrivate = 1
@@ -80,10 +80,9 @@ func (r *RDNS) ensurePrivateCache() {
 
 // isCached returns true if ip is already cached and not expired yet.  It also
 // caches it otherwise.
-func (r *RDNS) isCached(ip netip.Addr) (ok bool) {
-	ipBytes := ip.AsSlice()
+func (r *RDNS) isCached(ip net.IP) (ok bool) {
 	now := uint64(time.Now().Unix())
-	if expire := r.ipCache.Get(ipBytes); len(expire) != 0 {
+	if expire := r.ipCache.Get(ip); len(expire) != 0 {
 		if binary.BigEndian.Uint64(expire) > now {
 			return true
 		}
@@ -92,14 +91,14 @@ func (r *RDNS) isCached(ip netip.Addr) (ok bool) {
 	// The cache entry either expired or doesn't exist.
 	ttl := make([]byte, 8)
 	binary.BigEndian.PutUint64(ttl, now+defaultRDNSCacheTTL)
-	r.ipCache.Set(ipBytes, ttl)
+	r.ipCache.Set(ip, ttl)
 
 	return false
 }
 
 // Begin adds the ip to the resolving queue if it is not cached or already
 // resolved.
-func (r *RDNS) Begin(ip netip.Addr) {
+func (r *RDNS) Begin(ip net.IP) {
 	r.ensurePrivateCache()
 
 	if r.isCached(ip) || r.clients.exists(ip, ClientSourceRDNS) {
@@ -108,9 +107,9 @@ func (r *RDNS) Begin(ip netip.Addr) {
 
 	select {
 	case r.ipCh <- ip:
-		log.Debug("rdns: %q added to queue", ip)
+		log.Tracef("rdns: %q added to queue", ip)
 	default:
-		log.Debug("rdns: queue is full")
+		log.Tracef("rdns: queue is full")
 	}
 }
 
@@ -120,7 +119,7 @@ func (r *RDNS) workerLoop() {
 	defer log.OnPanic("rdns")
 
 	for ip := range r.ipCh {
-		host, err := r.exchanger.Exchange(ip.AsSlice())
+		host, err := r.exchanger.Exchange(ip)
 		if err != nil {
 			log.Debug("rdns: resolving %q: %s", ip, err)
 
@@ -129,6 +128,8 @@ func (r *RDNS) workerLoop() {
 			continue
 		}
 
-		_ = r.clients.AddHost(ip, host, ClientSourceRDNS)
+		// Don't handle any errors since AddHost doesn't return non-nil errors
+		// for now.
+		_, _ = r.clients.AddHost(ip, host, ClientSourceRDNS)
 	}
 }

internal/home/rdns_test.go

@@ -27,14 +27,14 @@ func TestRDNS_Begin(t *testing.T) {
 	w := &bytes.Buffer{}
 	aghtest.ReplaceLogWriter(t, w)
 
-	ip1234, ip1235 := netip.MustParseAddr("1.2.3.4"), netip.MustParseAddr("1.2.3.5")
+	ip1234, ip1235 := net.IP{1, 2, 3, 4}, net.IP{1, 2, 3, 5}
 
 	testCases := []struct {
 		cliIDIndex    map[string]*Client
-		customChan    chan netip.Addr
+		customChan    chan net.IP
 		name          string
 		wantLog       string
-		ip            netip.Addr
+		req           net.IP
 		wantCacheHit  int
 		wantCacheMiss int
 	}{{
@@ -42,7 +42,7 @@ func TestRDNS_Begin(t *testing.T) {
 		customChan:    nil,
 		name:          "cached",
 		wantLog:       "",
-		ip:            ip1234,
+		req:           ip1234,
 		wantCacheHit:  1,
 		wantCacheMiss: 0,
 	}, {
@@ -50,7 +50,7 @@ func TestRDNS_Begin(t *testing.T) {
 		customChan:    nil,
 		name:          "not_cached",
 		wantLog:       "rdns: queue is full",
-		ip:            ip1235,
+		req:           ip1235,
 		wantCacheHit:  0,
 		wantCacheMiss: 1,
 	}, {
@@ -58,15 +58,15 @@ func TestRDNS_Begin(t *testing.T) {
 		customChan:    nil,
 		name:          "already_in_clients",
 		wantLog:       "",
-		ip:            ip1235,
+		req:           ip1235,
 		wantCacheHit:  0,
 		wantCacheMiss: 1,
 	}, {
 		cliIDIndex:    map[string]*Client{},
-		customChan:    make(chan netip.Addr, 1),
+		customChan:    make(chan net.IP, 1),
 		name:          "add_to_queue",
 		wantLog:       `rdns: "1.2.3.5" added to queue`,
-		ip:            ip1235,
+		req:           ip1235,
 		wantCacheHit:  0,
 		wantCacheMiss: 1,
 	}}
@@ -102,7 +102,7 @@ func TestRDNS_Begin(t *testing.T) {
 		}
 
 		t.Run(tc.name, func(t *testing.T) {
-			rdns.Begin(tc.ip)
+			rdns.Begin(tc.req)
 			assert.Equal(t, tc.wantCacheHit, ipCache.Stats().Hit)
 			assert.Equal(t, tc.wantCacheMiss, ipCache.Stats().Miss)
 			assert.Contains(t, w.String(), tc.wantLog)
@@ -179,8 +179,8 @@ func TestRDNS_WorkerLoop(t *testing.T) {
 	w := &bytes.Buffer{}
 	aghtest.ReplaceLogWriter(t, w)
 
-	localIP := netip.MustParseAddr("192.168.1.1")
-	revIPv4, err := netutil.IPToReversedAddr(localIP.AsSlice())
+	localIP := net.IP{192, 168, 1, 1}
+	revIPv4, err := netutil.IPToReversedAddr(localIP)
 	require.NoError(t, err)
 
 	revIPv6, err := netutil.IPToReversedAddr(net.ParseIP("2a00:1450:400c:c06::93"))
@@ -201,24 +201,24 @@ func TestRDNS_WorkerLoop(t *testing.T) {
 
 	testCases := []struct {
 		ups     upstream.Upstream
-		cliIP   netip.Addr
 		wantLog string
 		name    string
+		cliIP   net.IP
 	}{{
 		ups:     locUpstream,
-		cliIP:   localIP,
 		wantLog: "",
 		name:    "all_good",
+		cliIP:   localIP,
 	}, {
 		ups:     errUpstream,
-		cliIP:   netip.MustParseAddr("192.168.1.2"),
 		wantLog: `rdns: resolving "192.168.1.2": test upstream error`,
 		name:    "resolve_error",
+		cliIP:   net.IP{192, 168, 1, 2},
 	}, {
 		ups:     locUpstream,
-		cliIP:   netip.MustParseAddr("2a00:1450:400c:c06::93"),
 		wantLog: "",
 		name:    "ipv6_good",
+		cliIP:   net.ParseIP("2a00:1450:400c:c06::93"),
 	}}
 
 	for _, tc := range testCases {
@@ -230,7 +230,7 @@ func TestRDNS_WorkerLoop(t *testing.T) {
 			ipToRC:  map[netip.Addr]*RuntimeClient{},
 			allTags: stringutil.NewSet(),
 		}
-		ch := make(chan netip.Addr)
+		ch := make(chan net.IP)
 		rdns := &RDNS{
 			exchanger: &rDNSExchanger{
 				ex: tc.ups,

internal/home/tls.go

@@ -513,11 +513,6 @@ func validateCertChain(certs []*x509.Certificate, srvName string) (err error) {
 	return nil
 }
 
-// errNoIPInCert is the error that is returned from [parseCertChain] if the leaf
-// certificate doesn't contain IPs.
-const errNoIPInCert errors.Error = `certificates has no IP addresses; ` +
-	`DNS-over-TLS won't be advertised via DDR`
-
 // parseCertChain parses the certificate chain from raw data, and returns it.
 // If ok is true, the returned error, if any, is not critical.
 func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err error) {
@@ -540,7 +535,8 @@ func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err
 	log.Info("tls: number of certs: %d", len(parsedCerts))
 
 	if !aghtls.CertificateHasIP(parsedCerts[0]) {
-		err = errNoIPInCert
+		err = errors.Error(`certificate has no IP addresses` +
+			`, this may cause issues with DNS-over-TLS clients`)
 	}
 
 	return parsedCerts, true, err

internal/home/whois.go

@@ -6,7 +6,6 @@ import (
 	"fmt"
 	"io"
 	"net"
-	"net/netip"
 	"strings"
 	"time"
 
@@ -27,7 +26,7 @@ const (
 // WHOIS - module context
 type WHOIS struct {
 	clients *clientsContainer
-	ipChan  chan netip.Addr
+	ipChan  chan net.IP
 
 	// dialContext specifies the dial function for creating unencrypted TCP
 	// connections.
@@ -52,7 +51,7 @@ func initWHOIS(clients *clientsContainer) *WHOIS {
 			MaxCount:  10000,
 		}),
 		dialContext: customDialContext,
-		ipChan:      make(chan netip.Addr, 255),
+		ipChan:      make(chan net.IP, 255),
 	}
 
 	go w.workerLoop()
@@ -193,7 +192,7 @@ func (w *WHOIS) queryAll(ctx context.Context, target string) (string, error) {
 }
 
 // Request WHOIS information
-func (w *WHOIS) process(ctx context.Context, ip netip.Addr) (wi *RuntimeClientWHOISInfo) {
+func (w *WHOIS) process(ctx context.Context, ip net.IP) (wi *RuntimeClientWHOISInfo) {
 	resp, err := w.queryAll(ctx, ip.String())
 	if err != nil {
 		log.Debug("whois: error: %s  IP:%s", err, ip)
@@ -221,25 +220,24 @@ func (w *WHOIS) process(ctx context.Context, ip netip.Addr) (wi *RuntimeClientWH
 }
 
 // Begin - begin requesting WHOIS info
-func (w *WHOIS) Begin(ip netip.Addr) {
-	ipBytes := ip.AsSlice()
+func (w *WHOIS) Begin(ip net.IP) {
 	now := uint64(time.Now().Unix())
-	expire := w.ipAddrs.Get(ipBytes)
+	expire := w.ipAddrs.Get([]byte(ip))
 	if len(expire) != 0 {
 		exp := binary.BigEndian.Uint64(expire)
 		if exp > now {
 			return
 		}
+		// TTL expired
 	}
-
 	expire = make([]byte, 8)
 	binary.BigEndian.PutUint64(expire, now+whoisTTL)
-	_ = w.ipAddrs.Set(ipBytes, expire)
+	_ = w.ipAddrs.Set([]byte(ip), expire)
 
 	log.Debug("whois: adding %s", ip)
-
 	select {
 	case w.ipChan <- ip:
+		//
 	default:
 		log.Debug("whois: queue is full")
 	}

internal/next/agh/agh.go

@@ -1,63 +0,0 @@
-// Package agh contains common entities and interfaces of AdGuard Home.
-package agh
-
-import "context"
-
-// Service is the interface for API servers.
-//
-// TODO(a.garipov): Consider adding a context to Start.
-//
-// TODO(a.garipov): Consider adding a Wait method or making an extension
-// interface for that.
-type Service interface {
-	// Start starts the service.  It does not block.
-	Start() (err error)
-
-	// Shutdown gracefully stops the service.  ctx is used to determine
-	// a timeout before trying to stop the service less gracefully.
-	Shutdown(ctx context.Context) (err error)
-}
-
-// type check
-var _ Service = EmptyService{}
-
-// EmptyService is a [Service] that does nothing.
-//
-// TODO(a.garipov): Remove if unnecessary.
-type EmptyService struct{}
-
-// Start implements the [Service] interface for EmptyService.
-func (EmptyService) Start() (err error) { return nil }
-
-// Shutdown implements the [Service] interface for EmptyService.
-func (EmptyService) Shutdown(_ context.Context) (err error) { return nil }
-
-// ServiceWithConfig is an extension of the [Service] interface for services
-// that can return their configuration.
-//
-// TODO(a.garipov): Consider removing this generic interface if we figure out
-// how to make it testable in a better way.
-type ServiceWithConfig[ConfigType any] interface {
-	Service
-
-	Config() (c ConfigType)
-}
-
-// type check
-var _ ServiceWithConfig[struct{}] = (*EmptyServiceWithConfig[struct{}])(nil)
-
-// EmptyServiceWithConfig is a ServiceWithConfig that does nothing.  Its Config
-// method returns Conf.
-//
-// TODO(a.garipov): Remove if unnecessary.
-type EmptyServiceWithConfig[ConfigType any] struct {
-	EmptyService
-
-	Conf ConfigType
-}
-
-// Config implements the [ServiceWithConfig] interface for
-// *EmptyServiceWithConfig.
-func (s *EmptyServiceWithConfig[ConfigType]) Config() (conf ConfigType) {
-	return s.Conf
-}

internal/next/cmd/cmd.go

@@ -1,77 +0,0 @@
-// Package cmd is the AdGuard Home entry point.  It contains the on-disk
-// configuration file utilities, signal processing logic, and so on.
-//
-// TODO(a.garipov): Move to the upper-level internal/.
-package cmd
-
-import (
-	"context"
-	"io/fs"
-	"math/rand"
-	"os"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/configmgr"
-	"github.com/AdguardTeam/AdGuardHome/internal/version"
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// Main is the entry point of application.
-func Main(clientBuildFS fs.FS) {
-	// Initial Configuration
-
-	start := time.Now()
-	rand.Seed(start.UnixNano())
-
-	// TODO(a.garipov): Set up logging.
-
-	log.Info("starting adguard home, version %s, pid %d", version.Version(), os.Getpid())
-
-	// Web Service
-
-	// TODO(a.garipov): Use in the Web service.
-	_ = clientBuildFS
-
-	// TODO(a.garipov): Set up configuration file name.
-	const confFile = "AdGuardHome.1.yaml"
-
-	confMgr, err := configmgr.New(confFile, start)
-	fatalOnError(err)
-
-	web := confMgr.Web()
-	err = web.Start()
-	fatalOnError(err)
-
-	dns := confMgr.DNS()
-	err = dns.Start()
-	fatalOnError(err)
-
-	sigHdlr := newSignalHandler(
-		confFile,
-		start,
-		web,
-		dns,
-	)
-
-	go sigHdlr.handle()
-
-	select {}
-}
-
-// defaultTimeout is the timeout used for some operations where another timeout
-// hasn't been defined yet.
-const defaultTimeout = 15 * time.Second
-
-// ctxWithDefaultTimeout is a helper function that returns a context with
-// timeout set to defaultTimeout.
-func ctxWithDefaultTimeout() (ctx context.Context, cancel context.CancelFunc) {
-	return context.WithTimeout(context.Background(), defaultTimeout)
-}
-
-// fatalOnError is a helper that exits the program with an error code if err is
-// not nil.  It must only be used within Main.
-func fatalOnError(err error) {
-	if err != nil {
-		log.Fatal(err)
-	}
-}

internal/next/cmd/signal.go

@@ -1,118 +0,0 @@
-package cmd
-
-import (
-	"os"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/configmgr"
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// signalHandler processes incoming signals and shuts services down.
-type signalHandler struct {
-	// signal is the channel to which OS signals are sent.
-	signal chan os.Signal
-
-	// confFile is the path to the configuration file.
-	confFile string
-
-	// start is the time at which AdGuard Home has been started.
-	start time.Time
-
-	// services are the services that are shut down before application exiting.
-	services []agh.Service
-}
-
-// handle processes OS signals.
-func (h *signalHandler) handle() {
-	defer log.OnPanic("signalHandler.handle")
-
-	for sig := range h.signal {
-		log.Info("sighdlr: received signal %q", sig)
-
-		if aghos.IsReconfigureSignal(sig) {
-			h.reconfigure()
-		} else if aghos.IsShutdownSignal(sig) {
-			status := h.shutdown()
-			log.Info("sighdlr: exiting with status %d", status)
-
-			os.Exit(status)
-		}
-	}
-}
-
-// reconfigure rereads the configuration file and updates and restarts services.
-func (h *signalHandler) reconfigure() {
-	log.Info("sighdlr: reconfiguring adguard home")
-
-	status := h.shutdown()
-	if status != statusSuccess {
-		log.Info("sighdlr: reconfiruging: exiting with status %d", status)
-
-		os.Exit(status)
-	}
-
-	// TODO(a.garipov): This is a very rough way to do it.  Some services can be
-	// reconfigured without the full shutdown, and the error handling is
-	// currently not the best.
-
-	confMgr, err := configmgr.New(h.confFile, h.start)
-	fatalOnError(err)
-
-	web := confMgr.Web()
-	err = web.Start()
-	fatalOnError(err)
-
-	dns := confMgr.DNS()
-	err = dns.Start()
-	fatalOnError(err)
-
-	h.services = []agh.Service{
-		dns,
-		web,
-	}
-
-	log.Info("sighdlr: successfully reconfigured adguard home")
-}
-
-// Exit status constants.
-const (
-	statusSuccess = 0
-	statusError   = 1
-)
-
-// shutdown gracefully shuts down all services.
-func (h *signalHandler) shutdown() (status int) {
-	ctx, cancel := ctxWithDefaultTimeout()
-	defer cancel()
-
-	status = statusSuccess
-
-	log.Info("sighdlr: shutting down services")
-	for i, service := range h.services {
-		err := service.Shutdown(ctx)
-		if err != nil {
-			log.Error("sighdlr: shutting down service at index %d: %s", i, err)
-			status = statusError
-		}
-	}
-
-	return status
-}
-
-// newSignalHandler returns a new signalHandler that shuts down svcs.
-func newSignalHandler(confFile string, start time.Time, svcs ...agh.Service) (h *signalHandler) {
-	h = &signalHandler{
-		signal:   make(chan os.Signal, 1),
-		confFile: confFile,
-		start:    start,
-		services: svcs,
-	}
-
-	aghos.NotifyShutdownSignal(h.signal)
-	aghos.NotifyReconfigureSignal(h.signal)
-
-	return h
-}

internal/next/configmgr/config.go

@@ -1,40 +0,0 @@
-package configmgr
-
-import (
-	"net/netip"
-
-	"github.com/AdguardTeam/golibs/timeutil"
-)
-
-// Configuration Structures
-
-// config is the top-level on-disk configuration structure.
-type config struct {
-	DNS  *dnsConfig  `yaml:"dns"`
-	HTTP *httpConfig `yaml:"http"`
-	// TODO(a.garipov): Use.
-	SchemaVersion int `yaml:"schema_version"`
-	// TODO(a.garipov): Use.
-	DebugPprof bool `yaml:"debug_pprof"`
-	Verbose    bool `yaml:"verbose"`
-}
-
-// dnsConfig is the on-disk DNS configuration.
-//
-// TODO(a.garipov): Validate.
-type dnsConfig struct {
-	Addresses       []netip.AddrPort  `yaml:"addresses"`
-	BootstrapDNS    []string          `yaml:"bootstrap_dns"`
-	UpstreamDNS     []string          `yaml:"upstream_dns"`
-	UpstreamTimeout timeutil.Duration `yaml:"upstream_timeout"`
-}
-
-// httpConfig is the on-disk web API configuration.
-//
-// TODO(a.garipov): Validate.
-type httpConfig struct {
-	Addresses       []netip.AddrPort  `yaml:"addresses"`
-	SecureAddresses []netip.AddrPort  `yaml:"secure_addresses"`
-	Timeout         timeutil.Duration `yaml:"timeout"`
-	ForceHTTPS      bool              `yaml:"force_https"`
-}

internal/next/configmgr/configmgr.go

@@ -1,205 +0,0 @@
-// Package configmgr defines the AdGuard Home on-disk configuration entities and
-// configuration manager.
-package configmgr
-
-import (
-	"context"
-	"fmt"
-	"os"
-	"sync"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/log"
-	"gopkg.in/yaml.v3"
-)
-
-// Configuration Manager
-
-// Manager handles full and partial changes in the configuration, persisting
-// them to disk if necessary.
-type Manager struct {
-	// updMu makes sure that at most one reconfiguration is performed at a time.
-	// updMu protects all fields below.
-	updMu *sync.RWMutex
-
-	// dns is the DNS service.
-	dns *dnssvc.Service
-
-	// Web is the Web API service.
-	web *websvc.Service
-
-	// current is the current configuration.
-	current *config
-
-	// fileName is the name of the configuration file.
-	fileName string
-}
-
-// New creates a new *Manager that persists changes to the file pointed to by
-// fileName.  It reads the configuration file and populates the service fields.
-// start is the startup time of AdGuard Home.
-func New(fileName string, start time.Time) (m *Manager, err error) {
-	defer func() { err = errors.Annotate(err, "reading config") }()
-
-	conf := &config{}
-	f, err := os.Open(fileName)
-	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
-		return nil, err
-	}
-	defer func() { err = errors.WithDeferred(err, f.Close()) }()
-
-	err = yaml.NewDecoder(f).Decode(conf)
-	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
-		return nil, err
-	}
-
-	// TODO(a.garipov): Move into a separate function and add other logging
-	// settings.
-	if conf.Verbose {
-		log.SetLevel(log.DEBUG)
-	}
-
-	// TODO(a.garipov): Validate the configuration structure.  Return an error
-	// if it's incorrect.
-
-	m = &Manager{
-		updMu:    &sync.RWMutex{},
-		current:  conf,
-		fileName: fileName,
-	}
-
-	// TODO(a.garipov): Get the context with the timeout from the arguments?
-	const assemblyTimeout = 5 * time.Second
-	ctx, cancel := context.WithTimeout(context.Background(), assemblyTimeout)
-	defer cancel()
-
-	err = m.assemble(ctx, conf, start)
-	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
-		return nil, err
-	}
-
-	return m, nil
-}
-
-// assemble creates all services and puts them into the corresponding fields.
-// The fields of conf must not be modified after calling assemble.
-func (m *Manager) assemble(ctx context.Context, conf *config, start time.Time) (err error) {
-	dnsConf := &dnssvc.Config{
-		Addresses:        conf.DNS.Addresses,
-		BootstrapServers: conf.DNS.BootstrapDNS,
-		UpstreamServers:  conf.DNS.UpstreamDNS,
-		UpstreamTimeout:  conf.DNS.UpstreamTimeout.Duration,
-	}
-	err = m.updateDNS(ctx, dnsConf)
-	if err != nil {
-		return fmt.Errorf("assembling dnssvc: %w", err)
-	}
-
-	webSvcConf := &websvc.Config{
-		ConfigManager: m,
-		// TODO(a.garipov): Fill from config file.
-		TLS:             nil,
-		Start:           start,
-		Addresses:       conf.HTTP.Addresses,
-		SecureAddresses: conf.HTTP.SecureAddresses,
-		Timeout:         conf.HTTP.Timeout.Duration,
-		ForceHTTPS:      conf.HTTP.ForceHTTPS,
-	}
-
-	err = m.updateWeb(ctx, webSvcConf)
-	if err != nil {
-		return fmt.Errorf("assembling websvc: %w", err)
-	}
-
-	return nil
-}
-
-// DNS returns the current DNS service.  It is safe for concurrent use.
-func (m *Manager) DNS() (dns agh.ServiceWithConfig[*dnssvc.Config]) {
-	m.updMu.RLock()
-	defer m.updMu.RUnlock()
-
-	return m.dns
-}
-
-// UpdateDNS implements the [websvc.ConfigManager] interface for *Manager.  The
-// fields of c must not be modified after calling UpdateDNS.
-func (m *Manager) UpdateDNS(ctx context.Context, c *dnssvc.Config) (err error) {
-	m.updMu.Lock()
-	defer m.updMu.Unlock()
-
-	// TODO(a.garipov): Update and write the configuration file.  Return an
-	// error if something went wrong.
-
-	err = m.updateDNS(ctx, c)
-	if err != nil {
-		return fmt.Errorf("reassembling dnssvc: %w", err)
-	}
-
-	return nil
-}
-
-// updateDNS recreates the DNS service.  m.updMu is expected to be locked.
-func (m *Manager) updateDNS(ctx context.Context, c *dnssvc.Config) (err error) {
-	if prev := m.dns; prev != nil {
-		err = prev.Shutdown(ctx)
-		if err != nil {
-			return fmt.Errorf("shutting down dns svc: %w", err)
-		}
-	}
-
-	svc, err := dnssvc.New(c)
-	if err != nil {
-		return fmt.Errorf("creating dns svc: %w", err)
-	}
-
-	m.dns = svc
-
-	return nil
-}
-
-// Web returns the current web service.  It is safe for concurrent use.
-func (m *Manager) Web() (web agh.ServiceWithConfig[*websvc.Config]) {
-	m.updMu.RLock()
-	defer m.updMu.RUnlock()
-
-	return m.web
-}
-
-// UpdateWeb implements the [websvc.ConfigManager] interface for *Manager.  The
-// fields of c must not be modified after calling UpdateWeb.
-func (m *Manager) UpdateWeb(ctx context.Context, c *websvc.Config) (err error) {
-	m.updMu.Lock()
-	defer m.updMu.Unlock()
-
-	// TODO(a.garipov): Update and write the configuration file.  Return an
-	// error if something went wrong.
-
-	err = m.updateWeb(ctx, c)
-	if err != nil {
-		return fmt.Errorf("reassembling websvc: %w", err)
-	}
-
-	return nil
-}
-
-// updateWeb recreates the web service.  m.upd is expected to be locked.
-func (m *Manager) updateWeb(ctx context.Context, c *websvc.Config) (err error) {
-	if prev := m.web; prev != nil {
-		err = prev.Shutdown(ctx)
-		if err != nil {
-			return fmt.Errorf("shutting down web svc: %w", err)
-		}
-	}
-
-	m.web = websvc.New(c)
-
-	return nil
-}

internal/next/dnssvc/dnssvc.go

@@ -1,227 +0,0 @@
-// Package dnssvc contains the AdGuard Home DNS service.
-//
-// TODO(a.garipov): Define, if all methods of a *Service should work with a nil
-// receiver.
-package dnssvc
-
-import (
-	"context"
-	"fmt"
-	"net"
-	"net/netip"
-	"sync/atomic"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	// TODO(a.garipov): Add a “dnsproxy proxy” package to shield us from changes
-	// and replacement of module dnsproxy.
-	"github.com/AdguardTeam/dnsproxy/proxy"
-	"github.com/AdguardTeam/dnsproxy/upstream"
-)
-
-// Config is the AdGuard Home DNS service configuration structure.
-//
-// TODO(a.garipov): Add timeout for incoming requests.
-type Config struct {
-	// Addresses are the addresses on which to serve plain DNS queries.
-	Addresses []netip.AddrPort
-
-	// Upstreams are the DNS upstreams to use.  If not set, upstreams are
-	// created using data from BootstrapServers, UpstreamServers, and
-	// UpstreamTimeout.
-	//
-	// TODO(a.garipov): Think of a better scheme.  Those other three parameters
-	// are here only to make Config work properly.
-	Upstreams []upstream.Upstream
-
-	// BootstrapServers are the addresses for bootstrapping the upstream DNS
-	// server addresses.
-	BootstrapServers []string
-
-	// UpstreamServers are the upstream DNS server addresses to use.
-	UpstreamServers []string
-
-	// UpstreamTimeout is the timeout for upstream requests.
-	UpstreamTimeout time.Duration
-}
-
-// Service is the AdGuard Home DNS service.  A nil *Service is a valid
-// [agh.Service] that does nothing.
-type Service struct {
-	// running is an atomic boolean value.  Keep it the first value in the
-	// struct to ensure atomic alignment.  0 means that the service is not
-	// running, 1 means that it is running.
-	//
-	// TODO(a.garipov): Use [atomic.Bool] in Go 1.19 or get rid of it
-	// completely.
-	running uint64
-
-	proxy      *proxy.Proxy
-	bootstraps []string
-	upstreams  []string
-	upsTimeout time.Duration
-}
-
-// New returns a new properly initialized *Service.  If c is nil, svc is a nil
-// *Service that does nothing.  The fields of c must not be modified after
-// calling New.
-func New(c *Config) (svc *Service, err error) {
-	if c == nil {
-		return nil, nil
-	}
-
-	svc = &Service{
-		bootstraps: c.BootstrapServers,
-		upstreams:  c.UpstreamServers,
-		upsTimeout: c.UpstreamTimeout,
-	}
-
-	var upstreams []upstream.Upstream
-	if len(c.Upstreams) > 0 {
-		upstreams = c.Upstreams
-	} else {
-		upstreams, err = addressesToUpstreams(
-			c.UpstreamServers,
-			c.BootstrapServers,
-			c.UpstreamTimeout,
-		)
-		if err != nil {
-			return nil, fmt.Errorf("converting upstreams: %w", err)
-		}
-	}
-
-	svc.proxy = &proxy.Proxy{
-		Config: proxy.Config{
-			UDPListenAddr: udpAddrs(c.Addresses),
-			TCPListenAddr: tcpAddrs(c.Addresses),
-			UpstreamConfig: &proxy.UpstreamConfig{
-				Upstreams: upstreams,
-			},
-		},
-	}
-
-	err = svc.proxy.Init()
-	if err != nil {
-		return nil, fmt.Errorf("proxy: %w", err)
-	}
-
-	return svc, nil
-}
-
-// addressesToUpstreams is a wrapper around [upstream.AddressToUpstream].  It
-// accepts a slice of addresses and other upstream parameters, and returns a
-// slice of upstreams.
-func addressesToUpstreams(
-	upsStrs []string,
-	bootstraps []string,
-	timeout time.Duration,
-) (upstreams []upstream.Upstream, err error) {
-	upstreams = make([]upstream.Upstream, len(upsStrs))
-	for i, upsStr := range upsStrs {
-		upstreams[i], err = upstream.AddressToUpstream(upsStr, &upstream.Options{
-			Bootstrap: bootstraps,
-			Timeout:   timeout,
-		})
-		if err != nil {
-			return nil, fmt.Errorf("upstream at index %d: %w", i, err)
-		}
-	}
-
-	return upstreams, nil
-}
-
-// tcpAddrs converts []netip.AddrPort into []*net.TCPAddr.
-func tcpAddrs(addrPorts []netip.AddrPort) (tcpAddrs []*net.TCPAddr) {
-	if addrPorts == nil {
-		return nil
-	}
-
-	tcpAddrs = make([]*net.TCPAddr, len(addrPorts))
-	for i, a := range addrPorts {
-		tcpAddrs[i] = net.TCPAddrFromAddrPort(a)
-	}
-
-	return tcpAddrs
-}
-
-// udpAddrs converts []netip.AddrPort into []*net.UDPAddr.
-func udpAddrs(addrPorts []netip.AddrPort) (udpAddrs []*net.UDPAddr) {
-	if addrPorts == nil {
-		return nil
-	}
-
-	udpAddrs = make([]*net.UDPAddr, len(addrPorts))
-	for i, a := range addrPorts {
-		udpAddrs[i] = net.UDPAddrFromAddrPort(a)
-	}
-
-	return udpAddrs
-}
-
-// type check
-var _ agh.Service = (*Service)(nil)
-
-// Start implements the [agh.Service] interface for *Service.  svc may be nil.
-// After Start exits, all DNS servers have tried to start, but there is no
-// guarantee that they did.  Errors from the servers are written to the log.
-func (svc *Service) Start() (err error) {
-	if svc == nil {
-		return nil
-	}
-
-	defer func() {
-		// TODO(a.garipov): [proxy.Proxy.Start] doesn't actually have any way to
-		// tell when all servers are actually up, so at best this is merely an
-		// assumption.
-		if err != nil {
-			atomic.StoreUint64(&svc.running, 0)
-		} else {
-			atomic.StoreUint64(&svc.running, 1)
-		}
-	}()
-
-	return svc.proxy.Start()
-}
-
-// Shutdown implements the [agh.Service] interface for *Service.  svc may be
-// nil.
-func (svc *Service) Shutdown(ctx context.Context) (err error) {
-	if svc == nil {
-		return nil
-	}
-
-	return svc.proxy.Stop()
-}
-
-// Config returns the current configuration of the web service.  Config must not
-// be called simultaneously with Start.  If svc was initialized with ":0"
-// addresses, addrs will not return the actual bound ports until Start is
-// finished.
-func (svc *Service) Config() (c *Config) {
-	// TODO(a.garipov): Do we need to get the TCP addresses separately?
-
-	var addrs []netip.AddrPort
-	if atomic.LoadUint64(&svc.running) == 1 {
-		udpAddrs := svc.proxy.Addrs(proxy.ProtoUDP)
-		addrs = make([]netip.AddrPort, len(udpAddrs))
-		for i, a := range udpAddrs {
-			addrs[i] = a.(*net.UDPAddr).AddrPort()
-		}
-	} else {
-		conf := svc.proxy.Config
-		udpAddrs := conf.UDPListenAddr
-		addrs = make([]netip.AddrPort, len(udpAddrs))
-		for i, a := range udpAddrs {
-			addrs[i] = a.AddrPort()
-		}
-	}
-
-	c = &Config{
-		Addresses:        addrs,
-		BootstrapServers: svc.bootstraps,
-		UpstreamServers:  svc.upstreams,
-		UpstreamTimeout:  svc.upsTimeout,
-	}
-
-	return c
-}

internal/next/dnssvc/dnssvc_test.go

@@ -1,96 +0,0 @@
-package dnssvc_test
-
-import (
-	"context"
-	"net/netip"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/dnsproxy/upstream"
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/testutil"
-	"github.com/miekg/dns"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestMain(m *testing.M) {
-	testutil.DiscardLogOutput(m)
-}
-
-// testTimeout is the common timeout for tests.
-const testTimeout = 100 * time.Millisecond
-
-func TestService(t *testing.T) {
-	const (
-		bootstrapAddr = "bootstrap.example"
-		upstreamAddr  = "upstream.example"
-
-		closeErr errors.Error = "closing failed"
-	)
-
-	ups := &aghtest.UpstreamMock{
-		OnAddress: func() (addr string) {
-			return upstreamAddr
-		},
-		OnExchange: func(req *dns.Msg) (resp *dns.Msg, err error) {
-			resp = (&dns.Msg{}).SetReply(req)
-
-			return resp, nil
-		},
-		OnClose: func() (err error) {
-			return closeErr
-		},
-	}
-
-	c := &dnssvc.Config{
-		Addresses:        []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:0")},
-		Upstreams:        []upstream.Upstream{ups},
-		BootstrapServers: []string{bootstrapAddr},
-		UpstreamServers:  []string{upstreamAddr},
-		UpstreamTimeout:  testTimeout,
-	}
-
-	svc, err := dnssvc.New(c)
-	require.NoError(t, err)
-
-	err = svc.Start()
-	require.NoError(t, err)
-
-	gotConf := svc.Config()
-	require.NotNil(t, gotConf)
-	require.Len(t, gotConf.Addresses, 1)
-
-	addr := gotConf.Addresses[0]
-
-	t.Run("dns", func(t *testing.T) {
-		req := &dns.Msg{
-			MsgHdr: dns.MsgHdr{
-				Id:               dns.Id(),
-				RecursionDesired: true,
-			},
-			Question: []dns.Question{{
-				Name:   "example.com.",
-				Qtype:  dns.TypeA,
-				Qclass: dns.ClassINET,
-			}},
-		}
-
-		ctx, cancel := context.WithTimeout(context.Background(), testTimeout)
-		defer cancel()
-
-		cli := &dns.Client{}
-		resp, _, excErr := cli.ExchangeContext(ctx, req, addr.String())
-		require.NoError(t, excErr)
-
-		assert.NotNil(t, resp)
-	})
-
-	ctx, cancel := context.WithTimeout(context.Background(), testTimeout)
-	defer cancel()
-
-	err = svc.Shutdown(ctx)
-	require.ErrorIs(t, err, closeErr)
-}

internal/next/websvc/dns.go

@@ -1,84 +0,0 @@
-package websvc
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/netip"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-)
-
-// DNS Settings Handlers
-
-// ReqPatchSettingsDNS describes the request to the PATCH /api/v1/settings/dns
-// HTTP API.
-type ReqPatchSettingsDNS struct {
-	// TODO(a.garipov): Add more as we go.
-
-	Addresses        []netip.AddrPort `json:"addresses"`
-	BootstrapServers []string         `json:"bootstrap_servers"`
-	UpstreamServers  []string         `json:"upstream_servers"`
-	UpstreamTimeout  JSONDuration     `json:"upstream_timeout"`
-}
-
-// HTTPAPIDNSSettings are the DNS settings as used by the HTTP API.  See the
-// DnsSettings object in the OpenAPI specification.
-type HTTPAPIDNSSettings struct {
-	// TODO(a.garipov): Add more as we go.
-
-	Addresses        []netip.AddrPort `json:"addresses"`
-	BootstrapServers []string         `json:"bootstrap_servers"`
-	UpstreamServers  []string         `json:"upstream_servers"`
-	UpstreamTimeout  JSONDuration     `json:"upstream_timeout"`
-}
-
-// handlePatchSettingsDNS is the handler for the PATCH /api/v1/settings/dns HTTP
-// API.
-func (svc *Service) handlePatchSettingsDNS(w http.ResponseWriter, r *http.Request) {
-	req := &ReqPatchSettingsDNS{
-		Addresses:        []netip.AddrPort{},
-		BootstrapServers: []string{},
-		UpstreamServers:  []string{},
-	}
-
-	// TODO(a.garipov): Validate nulls and proper JSON patch.
-
-	err := json.NewDecoder(r.Body).Decode(&req)
-	if err != nil {
-		writeJSONErrorResponse(w, r, fmt.Errorf("decoding: %w", err))
-
-		return
-	}
-
-	newConf := &dnssvc.Config{
-		Addresses:        req.Addresses,
-		BootstrapServers: req.BootstrapServers,
-		UpstreamServers:  req.UpstreamServers,
-		UpstreamTimeout:  time.Duration(req.UpstreamTimeout),
-	}
-
-	ctx := r.Context()
-	err = svc.confMgr.UpdateDNS(ctx, newConf)
-	if err != nil {
-		writeJSONErrorResponse(w, r, fmt.Errorf("updating: %w", err))
-
-		return
-	}
-
-	newSvc := svc.confMgr.DNS()
-	err = newSvc.Start()
-	if err != nil {
-		writeJSONErrorResponse(w, r, fmt.Errorf("starting new service: %w", err))
-
-		return
-	}
-
-	writeJSONOKResponse(w, r, &HTTPAPIDNSSettings{
-		Addresses:        newConf.Addresses,
-		BootstrapServers: newConf.BootstrapServers,
-		UpstreamServers:  newConf.UpstreamServers,
-		UpstreamTimeout:  JSONDuration(newConf.UpstreamTimeout),
-	})
-}

internal/next/websvc/dns_test.go

@@ -1,69 +0,0 @@
-package websvc_test
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"net/netip"
-	"net/url"
-	"sync/atomic"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestService_HandlePatchSettingsDNS(t *testing.T) {
-	wantDNS := &websvc.HTTPAPIDNSSettings{
-		Addresses:        []netip.AddrPort{netip.MustParseAddrPort("127.0.1.1:53")},
-		BootstrapServers: []string{"1.0.0.1"},
-		UpstreamServers:  []string{"1.1.1.1"},
-		UpstreamTimeout:  websvc.JSONDuration(2 * time.Second),
-	}
-
-	// TODO(a.garipov): Use [atomic.Bool] in Go 1.19.
-	var numStarted uint64
-	confMgr := newConfigManager()
-	confMgr.onDNS = func() (s agh.ServiceWithConfig[*dnssvc.Config]) {
-		return &aghtest.ServiceWithConfig[*dnssvc.Config]{
-			OnStart: func() (err error) {
-				atomic.AddUint64(&numStarted, 1)
-
-				return nil
-			},
-			OnShutdown: func(_ context.Context) (err error) { panic("not implemented") },
-			OnConfig:   func() (c *dnssvc.Config) { panic("not implemented") },
-		}
-	}
-	confMgr.onUpdateDNS = func(ctx context.Context, c *dnssvc.Config) (err error) {
-		return nil
-	}
-
-	_, addr := newTestServer(t, confMgr)
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addr.String(),
-		Path:   websvc.PathV1SettingsDNS,
-	}
-
-	req := jobj{
-		"addresses":         wantDNS.Addresses,
-		"bootstrap_servers": wantDNS.BootstrapServers,
-		"upstream_servers":  wantDNS.UpstreamServers,
-		"upstream_timeout":  wantDNS.UpstreamTimeout,
-	}
-
-	respBody := httpPatch(t, u, req, http.StatusOK)
-	resp := &websvc.HTTPAPIDNSSettings{}
-	err := json.Unmarshal(respBody, resp)
-	require.NoError(t, err)
-
-	assert.Equal(t, uint64(1), numStarted)
-	assert.Equal(t, wantDNS, resp)
-	assert.Equal(t, wantDNS, resp)
-}

internal/next/websvc/http.go

@@ -1,110 +0,0 @@
-package websvc
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/netip"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// HTTP Settings Handlers
-
-// ReqPatchSettingsHTTP describes the request to the PATCH /api/v1/settings/http
-// HTTP API.
-type ReqPatchSettingsHTTP struct {
-	// TODO(a.garipov): Add more as we go.
-	//
-	// TODO(a.garipov): Add wait time.
-
-	Addresses       []netip.AddrPort `json:"addresses"`
-	SecureAddresses []netip.AddrPort `json:"secure_addresses"`
-	Timeout         JSONDuration     `json:"timeout"`
-}
-
-// HTTPAPIHTTPSettings are the HTTP settings as used by the HTTP API.  See the
-// HttpSettings object in the OpenAPI specification.
-type HTTPAPIHTTPSettings struct {
-	// TODO(a.garipov): Add more as we go.
-
-	Addresses       []netip.AddrPort `json:"addresses"`
-	SecureAddresses []netip.AddrPort `json:"secure_addresses"`
-	Timeout         JSONDuration     `json:"timeout"`
-	ForceHTTPS      bool             `json:"force_https"`
-}
-
-// handlePatchSettingsHTTP is the handler for the PATCH /api/v1/settings/http
-// HTTP API.
-func (svc *Service) handlePatchSettingsHTTP(w http.ResponseWriter, r *http.Request) {
-	req := &ReqPatchSettingsHTTP{}
-
-	// TODO(a.garipov): Validate nulls and proper JSON patch.
-
-	err := json.NewDecoder(r.Body).Decode(&req)
-	if err != nil {
-		writeJSONErrorResponse(w, r, fmt.Errorf("decoding: %w", err))
-
-		return
-	}
-
-	newConf := &Config{
-		ConfigManager:   svc.confMgr,
-		TLS:             svc.tls,
-		Addresses:       req.Addresses,
-		SecureAddresses: req.SecureAddresses,
-		Timeout:         time.Duration(req.Timeout),
-		ForceHTTPS:      svc.forceHTTPS,
-	}
-
-	writeJSONOKResponse(w, r, &HTTPAPIHTTPSettings{
-		Addresses:       newConf.Addresses,
-		SecureAddresses: newConf.SecureAddresses,
-		Timeout:         JSONDuration(newConf.Timeout),
-		ForceHTTPS:      newConf.ForceHTTPS,
-	})
-
-	cancelUpd := func() {}
-	updCtx := context.Background()
-
-	ctx := r.Context()
-	if deadline, ok := ctx.Deadline(); ok {
-		updCtx, cancelUpd = context.WithDeadline(updCtx, deadline)
-	}
-
-	// Launch the new HTTP service in a separate goroutine to let this handler
-	// finish and thus, this server to shutdown.
-	go func() {
-		defer cancelUpd()
-
-		updErr := svc.confMgr.UpdateWeb(updCtx, newConf)
-		if updErr != nil {
-			writeJSONErrorResponse(w, r, fmt.Errorf("updating: %w", updErr))
-
-			return
-		}
-
-		// TODO(a.garipov): Consider better ways to do this.
-		const maxUpdDur = 10 * time.Second
-		updStart := time.Now()
-		var newSvc agh.ServiceWithConfig[*Config]
-		for newSvc = svc.confMgr.Web(); newSvc == svc; {
-			if time.Since(updStart) >= maxUpdDur {
-				log.Error("websvc: failed to update svc after %s", maxUpdDur)
-
-				return
-			}
-
-			log.Debug("websvc: waiting for new websvc to be configured")
-			time.Sleep(1 * time.Second)
-		}
-
-		updErr = newSvc.Start()
-		if updErr != nil {
-			log.Error("websvc: new svc failed to start with error: %s", updErr)
-		}
-	}()
-}

internal/next/websvc/http_test.go

@@ -1,63 +0,0 @@
-package websvc_test
-
-import (
-	"context"
-	"crypto/tls"
-	"encoding/json"
-	"net/http"
-	"net/netip"
-	"net/url"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestService_HandlePatchSettingsHTTP(t *testing.T) {
-	wantWeb := &websvc.HTTPAPIHTTPSettings{
-		Addresses:       []netip.AddrPort{netip.MustParseAddrPort("127.0.1.1:80")},
-		SecureAddresses: []netip.AddrPort{netip.MustParseAddrPort("127.0.1.1:443")},
-		Timeout:         websvc.JSONDuration(10 * time.Second),
-		ForceHTTPS:      false,
-	}
-
-	confMgr := newConfigManager()
-	confMgr.onWeb = func() (s agh.ServiceWithConfig[*websvc.Config]) {
-		return websvc.New(&websvc.Config{
-			TLS: &tls.Config{
-				Certificates: []tls.Certificate{{}},
-			},
-			Addresses:       []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:80")},
-			SecureAddresses: []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:443")},
-			Timeout:         5 * time.Second,
-			ForceHTTPS:      true,
-		})
-	}
-	confMgr.onUpdateWeb = func(ctx context.Context, c *websvc.Config) (err error) {
-		return nil
-	}
-
-	_, addr := newTestServer(t, confMgr)
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addr.String(),
-		Path:   websvc.PathV1SettingsHTTP,
-	}
-
-	req := jobj{
-		"addresses":        wantWeb.Addresses,
-		"secure_addresses": wantWeb.SecureAddresses,
-		"timeout":          wantWeb.Timeout,
-		"force_https":      wantWeb.ForceHTTPS,
-	}
-
-	respBody := httpPatch(t, u, req, http.StatusOK)
-	resp := &websvc.HTTPAPIHTTPSettings{}
-	err := json.Unmarshal(respBody, resp)
-	require.NoError(t, err)
-
-	assert.Equal(t, wantWeb, resp)
-}

internal/next/websvc/json.go

@@ -1,143 +0,0 @@
-package websvc
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"strconv"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// JSON Utilities
-
-// nsecPerMsec is the number of nanoseconds in a millisecond.
-const nsecPerMsec = float64(time.Millisecond / time.Nanosecond)
-
-// JSONDuration is a time.Duration that can be decoded from JSON and encoded
-// into JSON according to our API conventions.
-type JSONDuration time.Duration
-
-// type check
-var _ json.Marshaler = JSONDuration(0)
-
-// MarshalJSON implements the json.Marshaler interface for JSONDuration.  err is
-// always nil.
-func (d JSONDuration) MarshalJSON() (b []byte, err error) {
-	msec := float64(time.Duration(d)) / nsecPerMsec
-	b = strconv.AppendFloat(nil, msec, 'f', -1, 64)
-
-	return b, nil
-}
-
-// type check
-var _ json.Unmarshaler = (*JSONDuration)(nil)
-
-// UnmarshalJSON implements the json.Marshaler interface for *JSONDuration.
-func (d *JSONDuration) UnmarshalJSON(b []byte) (err error) {
-	if d == nil {
-		return fmt.Errorf("json duration is nil")
-	}
-
-	msec, err := strconv.ParseFloat(string(b), 64)
-	if err != nil {
-		return fmt.Errorf("parsing json time: %w", err)
-	}
-
-	*d = JSONDuration(int64(msec * nsecPerMsec))
-
-	return nil
-}
-
-// JSONTime is a time.Time that can be decoded from JSON and encoded into JSON
-// according to our API conventions.
-type JSONTime time.Time
-
-// type check
-var _ json.Marshaler = JSONTime{}
-
-// MarshalJSON implements the json.Marshaler interface for JSONTime.  err is
-// always nil.
-func (t JSONTime) MarshalJSON() (b []byte, err error) {
-	msec := float64(time.Time(t).UnixNano()) / nsecPerMsec
-	b = strconv.AppendFloat(nil, msec, 'f', -1, 64)
-
-	return b, nil
-}
-
-// type check
-var _ json.Unmarshaler = (*JSONTime)(nil)
-
-// UnmarshalJSON implements the json.Marshaler interface for *JSONTime.
-func (t *JSONTime) UnmarshalJSON(b []byte) (err error) {
-	if t == nil {
-		return fmt.Errorf("json time is nil")
-	}
-
-	msec, err := strconv.ParseFloat(string(b), 64)
-	if err != nil {
-		return fmt.Errorf("parsing json time: %w", err)
-	}
-
-	*t = JSONTime(time.Unix(0, int64(msec*nsecPerMsec)).UTC())
-
-	return nil
-}
-
-// writeJSONOKResponse writes headers with the code 200 OK, encodes v into w,
-// and logs any errors it encounters.  r is used to get additional information
-// from the request.
-func writeJSONOKResponse(w http.ResponseWriter, r *http.Request, v any) {
-	writeJSONResponse(w, r, v, http.StatusOK)
-}
-
-// writeJSONResponse writes headers with code, encodes v into w, and logs any
-// errors it encounters.  r is used to get additional information from the
-// request.
-func writeJSONResponse(w http.ResponseWriter, r *http.Request, v any, code int) {
-	// TODO(a.garipov): Put some of these to a middleware.
-	h := w.Header()
-	h.Set(aghhttp.HdrNameContentType, aghhttp.HdrValApplicationJSON)
-	h.Set(aghhttp.HdrNameServer, aghhttp.UserAgent())
-
-	w.WriteHeader(code)
-
-	err := json.NewEncoder(w).Encode(v)
-	if err != nil {
-		log.Error("websvc: writing resp to %s %s: %s", r.Method, r.URL.Path, err)
-	}
-}
-
-// ErrorCode is the error code as used by the HTTP API.  See the ErrorCode
-// definition in the OpenAPI specification.
-type ErrorCode string
-
-// ErrorCode constants.
-//
-// TODO(a.garipov): Expand and document codes.
-const (
-	// ErrorCodeTMP000 is the temporary error code used for all errors.
-	ErrorCodeTMP000 = ""
-)
-
-// HTTPAPIErrorResp is the error response as used by the HTTP API.  See the
-// BadRequestResp, InternalServerErrorResp, and similar objects in the OpenAPI
-// specification.
-type HTTPAPIErrorResp struct {
-	Code ErrorCode `json:"code"`
-	Msg  string    `json:"msg"`
-}
-
-// writeJSONErrorResponse encodes err as a JSON error into w, and logs any
-// errors it encounters.  r is used to get additional information from the
-// request.
-func writeJSONErrorResponse(w http.ResponseWriter, r *http.Request, err error) {
-	log.Error("websvc: %s %s: %s", r.Method, r.URL.Path, err)
-
-	writeJSONResponse(w, r, &HTTPAPIErrorResp{
-		Code: ErrorCodeTMP000,
-		Msg:  err.Error(),
-	}, http.StatusUnprocessableEntity)
-}

internal/next/websvc/json_test.go

@@ -1,114 +0,0 @@
-package websvc_test
-
-import (
-	"encoding/json"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/AdguardTeam/golibs/testutil"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-// testJSONTime is the JSON time for tests.
-var testJSONTime = websvc.JSONTime(time.Unix(1_234_567_890, 123_456_000).UTC())
-
-// testJSONTimeStr is the string with the JSON encoding of testJSONTime.
-const testJSONTimeStr = "1234567890123.456"
-
-func TestJSONTime_MarshalJSON(t *testing.T) {
-	testCases := []struct {
-		name       string
-		wantErrMsg string
-		in         websvc.JSONTime
-		want       []byte
-	}{{
-		name:       "unix_zero",
-		wantErrMsg: "",
-		in:         websvc.JSONTime(time.Unix(0, 0)),
-		want:       []byte("0"),
-	}, {
-		name:       "empty",
-		wantErrMsg: "",
-		in:         websvc.JSONTime{},
-		want:       []byte("-6795364578871.345"),
-	}, {
-		name:       "time",
-		wantErrMsg: "",
-		in:         testJSONTime,
-		want:       []byte(testJSONTimeStr),
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			got, err := tc.in.MarshalJSON()
-			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
-
-			assert.Equal(t, tc.want, got)
-		})
-	}
-
-	t.Run("json", func(t *testing.T) {
-		in := &struct {
-			A websvc.JSONTime
-		}{
-			A: testJSONTime,
-		}
-
-		got, err := json.Marshal(in)
-		require.NoError(t, err)
-
-		assert.Equal(t, []byte(`{"A":`+testJSONTimeStr+`}`), got)
-	})
-}
-
-func TestJSONTime_UnmarshalJSON(t *testing.T) {
-	testCases := []struct {
-		name       string
-		wantErrMsg string
-		want       websvc.JSONTime
-		data       []byte
-	}{{
-		name:       "time",
-		wantErrMsg: "",
-		want:       testJSONTime,
-		data:       []byte(testJSONTimeStr),
-	}, {
-		name: "bad",
-		wantErrMsg: `parsing json time: strconv.ParseFloat: parsing "{}": ` +
-			`invalid syntax`,
-		want: websvc.JSONTime{},
-		data: []byte(`{}`),
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			var got websvc.JSONTime
-			err := got.UnmarshalJSON(tc.data)
-			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
-
-			assert.Equal(t, tc.want, got)
-		})
-	}
-
-	t.Run("nil", func(t *testing.T) {
-		err := (*websvc.JSONTime)(nil).UnmarshalJSON([]byte("0"))
-		require.Error(t, err)
-
-		msg := err.Error()
-		assert.Equal(t, "json time is nil", msg)
-	})
-
-	t.Run("json", func(t *testing.T) {
-		want := testJSONTime
-		var got struct {
-			A websvc.JSONTime
-		}
-
-		err := json.Unmarshal([]byte(`{"A":`+testJSONTimeStr+`}`), &got)
-		require.NoError(t, err)
-
-		assert.Equal(t, want, got.A)
-	})
-}

internal/next/websvc/middleware.go

@@ -1,16 +0,0 @@
-package websvc
-
-import "net/http"
-
-// Middlewares
-
-// jsonMw sets the content type of the response to application/json.
-func jsonMw(h http.Handler) (wrapped http.HandlerFunc) {
-	f := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Content-Type", "application/json")
-
-		h.ServeHTTP(w, r)
-	}
-
-	return http.HandlerFunc(f)
-}

internal/next/websvc/path.go

@@ -1,11 +0,0 @@
-package websvc
-
-// Path constants
-const (
-	PathHealthCheck = "/health-check"
-
-	PathV1SettingsAll  = "/api/v1/settings/all"
-	PathV1SettingsDNS  = "/api/v1/settings/dns"
-	PathV1SettingsHTTP = "/api/v1/settings/http"
-	PathV1SystemInfo   = "/api/v1/system/info"
-)

internal/next/websvc/settings.go

@@ -1,42 +0,0 @@
-package websvc
-
-import (
-	"net/http"
-)
-
-// All Settings Handlers
-
-// RespGetV1SettingsAll describes the response of the GET /api/v1/settings/all
-// HTTP API.
-type RespGetV1SettingsAll struct {
-	// TODO(a.garipov): Add more as we go.
-
-	DNS  *HTTPAPIDNSSettings  `json:"dns"`
-	HTTP *HTTPAPIHTTPSettings `json:"http"`
-}
-
-// handleGetSettingsAll is the handler for the GET /api/v1/settings/all HTTP
-// API.
-func (svc *Service) handleGetSettingsAll(w http.ResponseWriter, r *http.Request) {
-	dnsSvc := svc.confMgr.DNS()
-	dnsConf := dnsSvc.Config()
-
-	webSvc := svc.confMgr.Web()
-	httpConf := webSvc.Config()
-
-	// TODO(a.garipov): Add all currently supported parameters.
-	writeJSONOKResponse(w, r, &RespGetV1SettingsAll{
-		DNS: &HTTPAPIDNSSettings{
-			Addresses:        dnsConf.Addresses,
-			BootstrapServers: dnsConf.BootstrapServers,
-			UpstreamServers:  dnsConf.UpstreamServers,
-			UpstreamTimeout:  JSONDuration(dnsConf.UpstreamTimeout),
-		},
-		HTTP: &HTTPAPIHTTPSettings{
-			Addresses:       httpConf.Addresses,
-			SecureAddresses: httpConf.SecureAddresses,
-			Timeout:         JSONDuration(httpConf.Timeout),
-			ForceHTTPS:      httpConf.ForceHTTPS,
-		},
-	})
-}

internal/next/websvc/settings_test.go

@@ -1,75 +0,0 @@
-package websvc_test
-
-import (
-	"crypto/tls"
-	"encoding/json"
-	"net/http"
-	"net/netip"
-	"net/url"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestService_HandleGetSettingsAll(t *testing.T) {
-	// TODO(a.garipov): Add all currently supported parameters.
-
-	wantDNS := &websvc.HTTPAPIDNSSettings{
-		Addresses:        []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:53")},
-		BootstrapServers: []string{"94.140.14.140", "94.140.14.141"},
-		UpstreamServers:  []string{"94.140.14.14", "1.1.1.1"},
-		UpstreamTimeout:  websvc.JSONDuration(1 * time.Second),
-	}
-
-	wantWeb := &websvc.HTTPAPIHTTPSettings{
-		Addresses:       []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:80")},
-		SecureAddresses: []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:443")},
-		Timeout:         websvc.JSONDuration(5 * time.Second),
-		ForceHTTPS:      true,
-	}
-
-	confMgr := newConfigManager()
-	confMgr.onDNS = func() (s agh.ServiceWithConfig[*dnssvc.Config]) {
-		c, err := dnssvc.New(&dnssvc.Config{
-			Addresses:        wantDNS.Addresses,
-			UpstreamServers:  wantDNS.UpstreamServers,
-			BootstrapServers: wantDNS.BootstrapServers,
-			UpstreamTimeout:  time.Duration(wantDNS.UpstreamTimeout),
-		})
-		require.NoError(t, err)
-
-		return c
-	}
-
-	confMgr.onWeb = func() (s agh.ServiceWithConfig[*websvc.Config]) {
-		return websvc.New(&websvc.Config{
-			TLS: &tls.Config{
-				Certificates: []tls.Certificate{{}},
-			},
-			Addresses:       wantWeb.Addresses,
-			SecureAddresses: wantWeb.SecureAddresses,
-			Timeout:         time.Duration(wantWeb.Timeout),
-			ForceHTTPS:      true,
-		})
-	}
-
-	_, addr := newTestServer(t, confMgr)
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addr.String(),
-		Path:   websvc.PathV1SettingsAll,
-	}
-
-	body := httpGet(t, u, http.StatusOK)
-	resp := &websvc.RespGetV1SettingsAll{}
-	err := json.Unmarshal(body, resp)
-	require.NoError(t, err)
-
-	assert.Equal(t, wantDNS, resp.DNS)
-	assert.Equal(t, wantWeb, resp.HTTP)
-}

internal/next/websvc/system.go

@@ -1,35 +0,0 @@
-package websvc
-
-import (
-	"net/http"
-	"runtime"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/version"
-)
-
-// System Handlers
-
-// RespGetV1SystemInfo describes the response of the GET /api/v1/system/info
-// HTTP API.
-type RespGetV1SystemInfo struct {
-	Arch       string   `json:"arch"`
-	Channel    string   `json:"channel"`
-	OS         string   `json:"os"`
-	NewVersion string   `json:"new_version,omitempty"`
-	Start      JSONTime `json:"start"`
-	Version    string   `json:"version"`
-}
-
-// handleGetV1SystemInfo is the handler for the GET /api/v1/system/info HTTP
-// API.
-func (svc *Service) handleGetV1SystemInfo(w http.ResponseWriter, r *http.Request) {
-	writeJSONOKResponse(w, r, &RespGetV1SystemInfo{
-		Arch:    runtime.GOARCH,
-		Channel: version.Channel(),
-		OS:      runtime.GOOS,
-		// TODO(a.garipov): Fill this when we have an updater.
-		NewVersion: "",
-		Start:      JSONTime(svc.start),
-		Version:    version.Version(),
-	})
-}

internal/next/websvc/system_test.go

@@ -1,37 +0,0 @@
-package websvc_test
-
-import (
-	"encoding/json"
-	"net/http"
-	"net/url"
-	"runtime"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestService_handleGetV1SystemInfo(t *testing.T) {
-	confMgr := newConfigManager()
-	_, addr := newTestServer(t, confMgr)
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addr.String(),
-		Path:   websvc.PathV1SystemInfo,
-	}
-
-	body := httpGet(t, u, http.StatusOK)
-	resp := &websvc.RespGetV1SystemInfo{}
-	err := json.Unmarshal(body, resp)
-	require.NoError(t, err)
-
-	// TODO(a.garipov): Consider making version.Channel and version.Version
-	// testable and test these better.
-	assert.NotEmpty(t, resp.Channel)
-
-	assert.Equal(t, resp.Arch, runtime.GOARCH)
-	assert.Equal(t, resp.OS, runtime.GOOS)
-	assert.Equal(t, testStart, time.Time(resp.Start))
-}

internal/next/websvc/waitlistener.go

@@ -1,31 +0,0 @@
-package websvc
-
-import (
-	"net"
-	"sync"
-)
-
-// Wait Listener
-
-// waitListener is a wrapper around a listener that also calls wg.Done() on the
-// first call to Accept.  It is useful in situations where it is important to
-// catch the precise moment of the first call to Accept, for example when
-// starting an HTTP server.
-//
-// TODO(a.garipov): Move to aghnet?
-type waitListener struct {
-	net.Listener
-
-	firstAcceptWG   *sync.WaitGroup
-	firstAcceptOnce sync.Once
-}
-
-// type check
-var _ net.Listener = (*waitListener)(nil)
-
-// Accept implements the [net.Listener] interface for *waitListener.
-func (l *waitListener) Accept() (conn net.Conn, err error) {
-	l.firstAcceptOnce.Do(l.firstAcceptWG.Done)
-
-	return l.Listener.Accept()
-}

internal/next/websvc/waitlistener_internal_test.go

@@ -1,46 +0,0 @@
-package websvc
-
-import (
-	"net"
-	"sync"
-	"sync/atomic"
-	"testing"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghchan"
-	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestWaitListener_Accept(t *testing.T) {
-	// TODO(a.garipov): use atomic.Bool in Go 1.19.
-	var numAcceptCalls uint32
-	var l net.Listener = &aghtest.Listener{
-		OnAccept: func() (conn net.Conn, err error) {
-			atomic.AddUint32(&numAcceptCalls, 1)
-
-			return nil, nil
-		},
-		OnAddr:  func() (addr net.Addr) { panic("not implemented") },
-		OnClose: func() (err error) { panic("not implemented") },
-	}
-
-	wg := &sync.WaitGroup{}
-	wg.Add(1)
-
-	done := make(chan struct{})
-	go aghchan.MustReceive(done, testTimeout)
-
-	go func() {
-		var wrapper net.Listener = &waitListener{
-			Listener:      l,
-			firstAcceptWG: wg,
-		}
-
-		_, _ = wrapper.Accept()
-	}()
-
-	wg.Wait()
-	close(done)
-
-	assert.Equal(t, uint32(1), atomic.LoadUint32(&numAcceptCalls))
-}

internal/next/websvc/websvc.go

@@ -1,305 +0,0 @@
-// Package websvc contains the AdGuard Home HTTP API service.
-//
-// NOTE: Packages other than cmd must not import this package, as it imports
-// most other packages.
-//
-// TODO(a.garipov): Add tests.
-package websvc
-
-import (
-	"context"
-	"crypto/tls"
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"net/netip"
-	"sync"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/log"
-	httptreemux "github.com/dimfeld/httptreemux/v5"
-)
-
-// ConfigManager is the configuration manager interface.
-type ConfigManager interface {
-	DNS() (svc agh.ServiceWithConfig[*dnssvc.Config])
-	Web() (svc agh.ServiceWithConfig[*Config])
-
-	UpdateDNS(ctx context.Context, c *dnssvc.Config) (err error)
-	UpdateWeb(ctx context.Context, c *Config) (err error)
-}
-
-// Config is the AdGuard Home web service configuration structure.
-type Config struct {
-	// ConfigManager is used to show information about services as well as
-	// dynamically reconfigure them.
-	ConfigManager ConfigManager
-
-	// TLS is the optional TLS configuration.  If TLS is not nil,
-	// SecureAddresses must not be empty.
-	TLS *tls.Config
-
-	// Start is the time of start of AdGuard Home.
-	Start time.Time
-
-	// Addresses are the addresses on which to serve the plain HTTP API.
-	Addresses []netip.AddrPort
-
-	// SecureAddresses are the addresses on which to serve the HTTPS API.  If
-	// SecureAddresses is not empty, TLS must not be nil.
-	SecureAddresses []netip.AddrPort
-
-	// Timeout is the timeout for all server operations.
-	Timeout time.Duration
-
-	// ForceHTTPS tells if all requests to Addresses should be redirected to a
-	// secure address instead.
-	//
-	// TODO(a.garipov): Use; define rules, which address to redirect to.
-	ForceHTTPS bool
-}
-
-// Service is the AdGuard Home web service.  A nil *Service is a valid
-// [agh.Service] that does nothing.
-type Service struct {
-	confMgr    ConfigManager
-	tls        *tls.Config
-	start      time.Time
-	servers    []*http.Server
-	timeout    time.Duration
-	forceHTTPS bool
-}
-
-// New returns a new properly initialized *Service.  If c is nil, svc is a nil
-// *Service that does nothing.  The fields of c must not be modified after
-// calling New.
-func New(c *Config) (svc *Service) {
-	if c == nil {
-		return nil
-	}
-
-	svc = &Service{
-		confMgr:    c.ConfigManager,
-		tls:        c.TLS,
-		start:      c.Start,
-		timeout:    c.Timeout,
-		forceHTTPS: c.ForceHTTPS,
-	}
-
-	mux := newMux(svc)
-
-	for _, a := range c.Addresses {
-		addr := a.String()
-		errLog := log.StdLog("websvc: plain http: "+addr, log.ERROR)
-		svc.servers = append(svc.servers, &http.Server{
-			Addr:              addr,
-			Handler:           mux,
-			ErrorLog:          errLog,
-			ReadTimeout:       c.Timeout,
-			WriteTimeout:      c.Timeout,
-			IdleTimeout:       c.Timeout,
-			ReadHeaderTimeout: c.Timeout,
-		})
-	}
-
-	for _, a := range c.SecureAddresses {
-		addr := a.String()
-		errLog := log.StdLog("websvc: https: "+addr, log.ERROR)
-		svc.servers = append(svc.servers, &http.Server{
-			Addr:              addr,
-			Handler:           mux,
-			TLSConfig:         c.TLS,
-			ErrorLog:          errLog,
-			ReadTimeout:       c.Timeout,
-			WriteTimeout:      c.Timeout,
-			IdleTimeout:       c.Timeout,
-			ReadHeaderTimeout: c.Timeout,
-		})
-	}
-
-	return svc
-}
-
-// newMux returns a new HTTP request multiplexor for the AdGuard Home web
-// service.
-func newMux(svc *Service) (mux *httptreemux.ContextMux) {
-	mux = httptreemux.NewContextMux()
-
-	routes := []struct {
-		handler http.HandlerFunc
-		method  string
-		path    string
-		isJSON  bool
-	}{{
-		handler: svc.handleGetHealthCheck,
-		method:  http.MethodGet,
-		path:    PathHealthCheck,
-		isJSON:  false,
-	}, {
-		handler: svc.handleGetSettingsAll,
-		method:  http.MethodGet,
-		path:    PathV1SettingsAll,
-		isJSON:  true,
-	}, {
-		handler: svc.handlePatchSettingsDNS,
-		method:  http.MethodPatch,
-		path:    PathV1SettingsDNS,
-		isJSON:  true,
-	}, {
-		handler: svc.handlePatchSettingsHTTP,
-		method:  http.MethodPatch,
-		path:    PathV1SettingsHTTP,
-		isJSON:  true,
-	}, {
-		handler: svc.handleGetV1SystemInfo,
-		method:  http.MethodGet,
-		path:    PathV1SystemInfo,
-		isJSON:  true,
-	}}
-
-	for _, r := range routes {
-		if r.isJSON {
-			mux.Handle(r.method, r.path, jsonMw(r.handler))
-		} else {
-			mux.Handle(r.method, r.path, r.handler)
-		}
-	}
-
-	return mux
-}
-
-// addrs returns all addresses on which this server serves the HTTP API.  addrs
-// must not be called simultaneously with Start.  If svc was initialized with
-// ":0" addresses, addrs will not return the actual bound ports until Start is
-// finished.
-func (svc *Service) addrs() (addrs, secureAddrs []netip.AddrPort) {
-	for _, srv := range svc.servers {
-		addrPort, err := netip.ParseAddrPort(srv.Addr)
-		if err != nil {
-			// Technically shouldn't happen, since all servers must have a valid
-			// address.
-			panic(fmt.Errorf("websvc: server %q: bad address: %w", srv.Addr, err))
-		}
-
-		// srv.Serve will set TLSConfig to an almost empty value, so, instead of
-		// relying only on the nilness of TLSConfig, check the length of the
-		// certificates field as well.
-		if srv.TLSConfig == nil || len(srv.TLSConfig.Certificates) == 0 {
-			addrs = append(addrs, addrPort)
-		} else {
-			secureAddrs = append(secureAddrs, addrPort)
-		}
-
-	}
-
-	return addrs, secureAddrs
-}
-
-// handleGetHealthCheck is the handler for the GET /health-check HTTP API.
-func (svc *Service) handleGetHealthCheck(w http.ResponseWriter, _ *http.Request) {
-	_, _ = io.WriteString(w, "OK")
-}
-
-// type check
-var _ agh.Service = (*Service)(nil)
-
-// Start implements the [agh.Service] interface for *Service.  svc may be nil.
-// After Start exits, all HTTP servers have tried to start, possibly failing and
-// writing error messages to the log.
-func (svc *Service) Start() (err error) {
-	if svc == nil {
-		return nil
-	}
-
-	wg := &sync.WaitGroup{}
-	wg.Add(len(svc.servers))
-	for _, srv := range svc.servers {
-		go serve(srv, wg)
-	}
-
-	wg.Wait()
-
-	return nil
-}
-
-// serve starts and runs srv and writes all errors into its log.
-func serve(srv *http.Server, wg *sync.WaitGroup) {
-	addr := srv.Addr
-	defer log.OnPanic(addr)
-
-	var proto string
-	var l net.Listener
-	var err error
-	if srv.TLSConfig == nil {
-		proto = "http"
-		l, err = net.Listen("tcp", addr)
-	} else {
-		proto = "https"
-		l, err = tls.Listen("tcp", addr, srv.TLSConfig)
-	}
-	if err != nil {
-		srv.ErrorLog.Printf("starting srv %s: binding: %s", addr, err)
-	}
-
-	// Update the server's address in case the address had the port zero, which
-	// would mean that a random available port was automatically chosen.
-	srv.Addr = l.Addr().String()
-
-	log.Info("websvc: starting srv %s://%s", proto, srv.Addr)
-
-	l = &waitListener{
-		Listener:      l,
-		firstAcceptWG: wg,
-	}
-
-	err = srv.Serve(l)
-	if err != nil && !errors.Is(err, http.ErrServerClosed) {
-		srv.ErrorLog.Printf("starting srv %s: %s", addr, err)
-	}
-}
-
-// Shutdown implements the [agh.Service] interface for *Service.  svc may be
-// nil.
-func (svc *Service) Shutdown(ctx context.Context) (err error) {
-	if svc == nil {
-		return nil
-	}
-
-	var errs []error
-	for _, srv := range svc.servers {
-		serr := srv.Shutdown(ctx)
-		if serr != nil {
-			errs = append(errs, fmt.Errorf("shutting down srv %s: %w", srv.Addr, serr))
-		}
-	}
-
-	if len(errs) > 0 {
-		return errors.List("shutting down", errs...)
-	}
-
-	return nil
-}
-
-// Config returns the current configuration of the web service.  Config must not
-// be called simultaneously with Start.  If svc was initialized with ":0"
-// addresses, addrs will not return the actual bound ports until Start is
-// finished.
-func (svc *Service) Config() (c *Config) {
-	c = &Config{
-		ConfigManager: svc.confMgr,
-		TLS:           svc.tls,
-		// Leave Addresses and SecureAddresses empty and get the actual
-		// addresses that include the :0 ones later.
-		Start:      svc.start,
-		Timeout:    svc.timeout,
-		ForceHTTPS: svc.forceHTTPS,
-	}
-
-	c.Addresses, c.SecureAddresses = svc.addrs()
-
-	return c
-}

internal/next/websvc/websvc_internal_test.go

@@ -1,6 +0,0 @@
-package websvc
-
-import "time"
-
-// testTimeout is the common timeout for tests.
-const testTimeout = 1 * time.Second

internal/next/websvc/websvc_test.go

@@ -1,187 +0,0 @@
-package websvc_test
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"io"
-	"net/http"
-	"net/netip"
-	"net/url"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/AdguardTeam/golibs/testutil"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestMain(m *testing.M) {
-	testutil.DiscardLogOutput(m)
-}
-
-// testTimeout is the common timeout for tests.
-const testTimeout = 1 * time.Second
-
-// testStart is the server start value for tests.
-var testStart = time.Date(2022, 1, 1, 0, 0, 0, 0, time.UTC)
-
-// type check
-var _ websvc.ConfigManager = (*configManager)(nil)
-
-// configManager is a [websvc.ConfigManager] for tests.
-type configManager struct {
-	onDNS func() (svc agh.ServiceWithConfig[*dnssvc.Config])
-	onWeb func() (svc agh.ServiceWithConfig[*websvc.Config])
-
-	onUpdateDNS func(ctx context.Context, c *dnssvc.Config) (err error)
-	onUpdateWeb func(ctx context.Context, c *websvc.Config) (err error)
-}
-
-// DNS implements the [websvc.ConfigManager] interface for *configManager.
-func (m *configManager) DNS() (svc agh.ServiceWithConfig[*dnssvc.Config]) {
-	return m.onDNS()
-}
-
-// Web implements the [websvc.ConfigManager] interface for *configManager.
-func (m *configManager) Web() (svc agh.ServiceWithConfig[*websvc.Config]) {
-	return m.onWeb()
-}
-
-// UpdateDNS implements the [websvc.ConfigManager] interface for *configManager.
-func (m *configManager) UpdateDNS(ctx context.Context, c *dnssvc.Config) (err error) {
-	return m.onUpdateDNS(ctx, c)
-}
-
-// UpdateWeb implements the [websvc.ConfigManager] interface for *configManager.
-func (m *configManager) UpdateWeb(ctx context.Context, c *websvc.Config) (err error) {
-	return m.onUpdateWeb(ctx, c)
-}
-
-// newConfigManager returns a *configManager all methods of which panic.
-func newConfigManager() (m *configManager) {
-	return &configManager{
-		onDNS: func() (svc agh.ServiceWithConfig[*dnssvc.Config]) { panic("not implemented") },
-		onWeb: func() (svc agh.ServiceWithConfig[*websvc.Config]) { panic("not implemented") },
-		onUpdateDNS: func(_ context.Context, _ *dnssvc.Config) (err error) {
-			panic("not implemented")
-		},
-		onUpdateWeb: func(_ context.Context, _ *websvc.Config) (err error) {
-			panic("not implemented")
-		},
-	}
-}
-
-// newTestServer creates and starts a new web service instance as well as its
-// sole address.  It also registers a cleanup procedure, which shuts the
-// instance down.
-//
-// TODO(a.garipov): Use svc or remove it.
-func newTestServer(
-	t testing.TB,
-	confMgr websvc.ConfigManager,
-) (svc *websvc.Service, addr netip.AddrPort) {
-	t.Helper()
-
-	c := &websvc.Config{
-		ConfigManager:   confMgr,
-		TLS:             nil,
-		Addresses:       []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:0")},
-		SecureAddresses: nil,
-		Timeout:         testTimeout,
-		Start:           testStart,
-		ForceHTTPS:      false,
-	}
-
-	svc = websvc.New(c)
-
-	err := svc.Start()
-	require.NoError(t, err)
-	t.Cleanup(func() {
-		ctx, cancel := context.WithTimeout(context.Background(), testTimeout)
-		t.Cleanup(cancel)
-
-		err = svc.Shutdown(ctx)
-		require.NoError(t, err)
-	})
-
-	c = svc.Config()
-	require.NotNil(t, c)
-	require.Len(t, c.Addresses, 1)
-
-	return svc, c.Addresses[0]
-}
-
-// jobj is a utility alias for JSON objects.
-type jobj map[string]any
-
-// httpGet is a helper that performs an HTTP GET request and returns the body of
-// the response as well as checks that the status code is correct.
-//
-// TODO(a.garipov): Add helpers for other methods.
-func httpGet(t testing.TB, u *url.URL, wantCode int) (body []byte) {
-	t.Helper()
-
-	req, err := http.NewRequest(http.MethodGet, u.String(), nil)
-	require.NoErrorf(t, err, "creating req")
-
-	httpCli := &http.Client{
-		Timeout: testTimeout,
-	}
-	resp, err := httpCli.Do(req)
-	require.NoErrorf(t, err, "performing req")
-	require.Equal(t, wantCode, resp.StatusCode)
-
-	testutil.CleanupAndRequireSuccess(t, resp.Body.Close)
-
-	body, err = io.ReadAll(resp.Body)
-	require.NoErrorf(t, err, "reading body")
-
-	return body
-}
-
-// httpPatch is a helper that performs an HTTP PATCH request with JSON-encoded
-// reqBody as the request body and returns the body of the response as well as
-// checks that the status code is correct.
-//
-// TODO(a.garipov): Add helpers for other methods.
-func httpPatch(t testing.TB, u *url.URL, reqBody any, wantCode int) (body []byte) {
-	t.Helper()
-
-	b, err := json.Marshal(reqBody)
-	require.NoErrorf(t, err, "marshaling reqBody")
-
-	req, err := http.NewRequest(http.MethodPatch, u.String(), bytes.NewReader(b))
-	require.NoErrorf(t, err, "creating req")
-
-	httpCli := &http.Client{
-		Timeout: testTimeout,
-	}
-	resp, err := httpCli.Do(req)
-	require.NoErrorf(t, err, "performing req")
-	require.Equal(t, wantCode, resp.StatusCode)
-
-	testutil.CleanupAndRequireSuccess(t, resp.Body.Close)
-
-	body, err = io.ReadAll(resp.Body)
-	require.NoErrorf(t, err, "reading body")
-
-	return body
-}
-
-func TestService_Start_getHealthCheck(t *testing.T) {
-	confMgr := newConfigManager()
-	_, addr := newTestServer(t, confMgr)
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addr.String(),
-		Path:   websvc.PathHealthCheck,
-	}
-
-	body := httpGet(t, u, http.StatusOK)
-
-	assert.Equal(t, []byte("OK"), body)
-}

internal/stats/stats.go

@@ -6,7 +6,6 @@ import (
 	"fmt"
 	"io"
 	"net"
-	"net/netip"
 	"os"
 	"sync"
 	"sync/atomic"
@@ -65,7 +64,7 @@ type Interface interface {
 
 	// GetTopClientIP returns at most limit IP addresses corresponding to the
 	// clients with the most number of requests.
-	TopClientsIP(limit uint) []netip.Addr
+	TopClientsIP(limit uint) []net.IP
 
 	// WriteDiskConfig puts the Interface's configuration to the dc.
 	WriteDiskConfig(dc *DiskConfig)
@@ -108,6 +107,8 @@ type StatsCtx struct {
 	filename string
 }
 
+var _ Interface = &StatsCtx{}
+
 // New creates s from conf and properly initializes it.  Don't use s before
 // calling it's Start method.
 func New(conf Config) (s *StatsCtx, err error) {
@@ -177,9 +178,6 @@ func withRecovered(orig *error) {
 	*orig = errors.WithDeferred(*orig, err)
 }
 
-// type check
-var _ Interface = (*StatsCtx)(nil)
-
 // Start implements the Interface interface for *StatsCtx.
 func (s *StatsCtx) Start() {
 	s.initWeb()
@@ -252,8 +250,8 @@ func (s *StatsCtx) WriteDiskConfig(dc *DiskConfig) {
 	dc.Interval = atomic.LoadUint32(&s.limitHours) / 24
 }
 
-// TopClientsIP implements the [Interface] interface for *StatsCtx.
-func (s *StatsCtx) TopClientsIP(maxCount uint) (ips []netip.Addr) {
+// TopClientsIP implements the Interface interface for *StatsCtx.
+func (s *StatsCtx) TopClientsIP(maxCount uint) (ips []net.IP) {
 	limit := atomic.LoadUint32(&s.limitHours)
 	if limit == 0 {
 		return nil
@@ -273,10 +271,10 @@ func (s *StatsCtx) TopClientsIP(maxCount uint) (ips []netip.Addr) {
 	}
 
 	a := convertMapToSlice(m, int(maxCount))
-	ips = []netip.Addr{}
+	ips = []net.IP{}
 	for _, it := range a {
-		ip, err := netip.ParseAddr(it.Name)
-		if err == nil {
+		ip := net.ParseIP(it.Name)
+		if ip != nil {
 			ips = append(ips, ip)
 		}
 	}

internal/stats/stats_test.go

@@ -11,7 +11,6 @@ import (
 	"testing"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/stats"
-	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -46,7 +45,7 @@ func assertSuccessAndUnmarshal(t *testing.T, to any, handler http.Handler, req *
 }
 
 func TestStats(t *testing.T) {
-	cliIP := netutil.IPv4Localhost()
+	cliIP := net.IP{127, 0, 0, 1}
 	cliIPStr := cliIP.String()
 
 	handlers := map[string]http.Handler{}
@@ -124,7 +123,7 @@ func TestStats(t *testing.T) {
 		topClients := s.TopClientsIP(2)
 		require.NotEmpty(t, topClients)
 
-		assert.Equal(t, cliIP, topClients[0])
+		assert.True(t, cliIP.Equal(topClients[0]))
 	})
 
 	t.Run("reset", func(t *testing.T) {

internal/tools/go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/kyoh86/looppointer v0.1.9
 	github.com/securego/gosec/v2 v2.14.0
 	golang.org/x/tools v0.2.0
-	golang.org/x/vuln v0.0.0-20221103225512-4f561ca73b59
+	golang.org/x/vuln v0.0.0-20221025230227-995372c58a16
 	honnef.co/go/tools v0.3.3
 	mvdan.cc/gofumpt v0.4.0
 	mvdan.cc/unparam v0.0.0-20220926085101-66de63301820
@@ -24,10 +24,10 @@ require (
 	github.com/kyoh86/nolint v0.0.1 // indirect
 	github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
-	golang.org/x/exp v0.0.0-20221106115401-f9659909a136 // indirect
-	golang.org/x/exp/typeparams v0.0.0-20221106115401-f9659909a136 // indirect
+	golang.org/x/exp v0.0.0-20221031165847-c99f073a8326 // indirect
+	golang.org/x/exp/typeparams v0.0.0-20221031165847-c99f073a8326 // indirect
 	golang.org/x/mod v0.6.0 // indirect
 	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/sys v0.2.0 // indirect
+	golang.org/x/sys v0.1.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )

internal/tools/go.sum

@@ -53,10 +53,10 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/exp v0.0.0-20221106115401-f9659909a136 h1:Fq7F/w7MAa1KJ5bt2aJ62ihqp9HDcRuyILskkpIAurw=
-golang.org/x/exp v0.0.0-20221106115401-f9659909a136/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
-golang.org/x/exp/typeparams v0.0.0-20221106115401-f9659909a136 h1:962j4VxUJV3GKI6NxKDI9NjATh+tAixlH+9k9MvHSlU=
-golang.org/x/exp/typeparams v0.0.0-20221106115401-f9659909a136/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
+golang.org/x/exp v0.0.0-20221031165847-c99f073a8326 h1:QfTh0HpN6hlw6D3vu8DAwC8pBIwikq0AI1evdm+FksE=
+golang.org/x/exp v0.0.0-20221031165847-c99f073a8326/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/exp/typeparams v0.0.0-20221031165847-c99f073a8326 h1:fl8k2zg28yA23264d82M4dp+YlJ3ngDcpuB1bewkQi4=
+golang.org/x/exp/typeparams v0.0.0-20221031165847-c99f073a8326/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
@@ -83,8 +83,8 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
-golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -98,8 +98,8 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE=
 golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
-golang.org/x/vuln v0.0.0-20221103225512-4f561ca73b59 h1:eOOJSuIRc2QwKAgX5qOIhUZJAd2LLKSBfk839dv+Clo=
-golang.org/x/vuln v0.0.0-20221103225512-4f561ca73b59/go.mod h1:F12iebNzxRMpJsm4W7ape+r/KdnXiSy3VC94WsyCG68=
+golang.org/x/vuln v0.0.0-20221025230227-995372c58a16 h1:/H6ddBUaKrFDOBFz0Y3l1/Ppbx19f/rK11jABxiqKFw=
+golang.org/x/vuln v0.0.0-20221025230227-995372c58a16/go.mod h1:F12iebNzxRMpJsm4W7ape+r/KdnXiSy3VC94WsyCG68=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

main.go

@@ -1,6 +1,3 @@
-//go:build !next
-// +build !next
-
 package main
 
 import (

main_next.go

@@ -1,21 +0,0 @@
-//go:build next
-// +build next
-
-package main
-
-import (
-	"embed"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/cmd"
-)
-
-// Embed the prebuilt client here since we strive to keep .go files inside the
-// internal directory and the embed package is unable to embed files located
-// outside of the same or underlying directory.
-
-//go:embed build2
-var clientBuildFS embed.FS
-
-func main() {
-	cmd.Main(clientBuildFS)
-}

scripts/README.md

@@ -188,10 +188,6 @@ After the download you'll find the output locales in the `client/src/__locales/`
 directory.
 
 Optional environment:
-
- *  `SLEEP_TIME`: set the sleep time between downloads for `locales:download`,
-    in milliseconds.  The default is 250 ms.
-
  *  `UPLOAD_LANGUAGE`: set an alternative language for `locales:upload` to
     upload.
 

scripts/make/go-build.sh

@@ -123,14 +123,4 @@ CGO_ENABLED="$cgo_enabled"
 GO111MODULE='on'
 export CGO_ENABLED GO111MODULE
 
-# Build the new binary if requested.
-if [ "${NEXTAPI:-0}" -eq '0' ]
-then
-	tags_flags='--tags='
-else
-	tags_flags='--tags=next'
-fi
-readonly tags_flags
-
-"$go" build --ldflags "$ldflags" "$race_flags" "$tags_flags" --trimpath "$o_flags" "$v_flags"\
-	"$x_flags"
+"$go" build --ldflags "$ldflags" "$race_flags" --trimpath "$o_flags" "$v_flags" "$x_flags"

scripts/make/go-lint.sh

@@ -136,7 +136,6 @@ underscores() {
 			-e '_freebsd.go'\
 			-e '_linux.go'\
 			-e '_little.go'\
-			-e '_next.go'\
 			-e '_openbsd.go'\
 			-e '_others.go'\
 			-e '_test.go'\
@@ -228,7 +227,7 @@ gocyclo --over 13 ./internal/dhcpd ./internal/filtering/ ./internal/home/
 # Apply stricter standards to new or somewhat refactored code.
 gocyclo --over 10 ./internal/aghio/ ./internal/aghnet/ ./internal/aghos/\
 	./internal/aghtest/ ./internal/dnsforward/ ./internal/stats/\
-	./internal/tools/ ./internal/updater/ ./internal/next/ ./internal/version/\
+	./internal/tools/ ./internal/updater/ ./internal/version/\
 	./scripts/vetted-filters/ ./main.go
 
 ineffassign ./...

scripts/translations/download.js

@@ -110,8 +110,7 @@ const download = async () => {
 
         // Don't request the Crowdin API too aggressively to prevent spurious
         // 400 errors.
-        const sleepTime = process.env.SLEEP_TIME || 250;
-        await sleep(sleepTime);
+        await sleep(400);
     }
 
     Promise