all: sync with master; upd chlog

Updates #4557.

* commit 'e3624ec5880361b8afccd0ddac9dc31fd7ce4a07':
  all: fix abbreviation
  Update README.md

.github/workflows/build.yml

@@ -1,7 +1,7 @@
 'name': 'build'
 
 'env':
-  'GO_VERSION': '1.19.6'
+  'GO_VERSION': '1.18.9'
   'NODE_VERSION': '14'
 
 'on':

.github/workflows/lint.yml

@@ -1,7 +1,7 @@
 'name': 'lint'
 
 'env':
-  'GO_VERSION': '1.19.6'
+  'GO_VERSION': '1.18.9'
 
 'on':
   'push':

CHANGELOG.md

@@ -14,138 +14,21 @@ and this project adheres to
 <!--
 ## [v0.108.0] - TBA
 
-## [v0.107.26] - 2023-03-09 (APPROX.)
+## [v0.107.24] - 2023-02-22 (APPROX.)
 
-See also the [v0.107.26 GitHub milestone][ms-v0.107.26].
+See also the [v0.107.24 GitHub milestone][ms-v0.107.24].
 
-[ms-v0.107.26]: https://github.com/AdguardTeam/AdGuardHome/milestone/62?closed=1
+[ms-v0.107.24]: https://github.com/AdguardTeam/AdGuardHome/milestone/60?closed=1
 
 NOTE: Add new changes BELOW THIS COMMENT.
 -->
 
-### Fixed
-
-- Requirements to domain names in domain-specific upstream configurations have
-  been relaxed to meet those from [RFC 3696][rfc3696] ([#4884]).
-- Failing service installation via script on FreeBSD ([#5431]).
-
-[#4884]: https://github.com/AdguardTeam/AdGuardHome/issues/4884
-[#5431]: https://github.com/AdguardTeam/AdGuardHome/issues/5431
-
-[rfc3696]: https://datatracker.ietf.org/doc/html/rfc3696
-
 <!--
 NOTE: Add new changes ABOVE THIS COMMENT.
 -->
 
 
 
-## [v0.107.25] - 2023-02-21
-
-See also the [v0.107.25 GitHub milestone][ms-v0.107.25].
-
-### Fixed
-
-- Panic when using unencrypted DNS-over-HTTPS ([#5518]).
-
-[#5518]: https://github.com/AdguardTeam/AdGuardHome/issues/5518
-
-[ms-v0.107.25]: https://github.com/AdguardTeam/AdGuardHome/milestone/61?closed=1
-
-
-
-## [v0.107.24] - 2023-02-15
-
-See also the [v0.107.24 GitHub milestone][ms-v0.107.24].
-
-### Security
-
-- Go version has been updated, both because Go 1.18 has reached end of life an
-  to prevent the possibility of exploiting the Go vulnerabilities fixed in [Go
-  1.19.6][go-1.19.6].
-
-### Added
-
-- The ability to disable statistics by using the new `statistics.enabled`
-  field.  Previously it was necessary to set the `statistics_interval` to 0,
-  losing the previous value ([#1717], [#4299]).
-- The ability to exclude domain names from the query log or statistics by using
-  the new `querylog.ignored` or `statistics.ignored` fields ([#1717], [#4299]).
-  The UI changes are coming in the upcoming releases.
-
-### Changed
-
-#### Configuration Changes
-
-In this release, the schema version has changed from 14 to 16.
-
-- Property `statistics_interval`, which in schema versions 15 and earlier used
-  to be a part of the `dns` object, is now a part of the `statistics` object:
-
-  ```yaml
-  # BEFORE:
-  'dns':
-    # …
-    'statistics_interval': 1
-
-  # AFTER:
-  'statistics':
-    # …
-    'interval': 1
-  ```
-
-  To rollback this change, move the property back into the `dns` object and
-  change the `schema_version` back to `15`.
-- The fields `dns.querylog_enabled`, `dns.querylog_file_enabled`,
-  `dns.querylog_interval`, and `dns.querylog_size_memory` have been moved to the
-  new `querylog` object.
-
-  ```yaml
-  # BEFORE:
-  'dns':
-    'querylog_enabled': true
-    'querylog_file_enabled': true
-    'querylog_interval': '2160h'
-    'querylog_size_memory': 1000
-
-  # AFTER:
-  'querylog':
-    'enabled': true
-    'file_enabled': true
-    'interval': '2160h'
-    'size_memory': 1000
-  ```
-
-  To rollback this change, rename and move properties back into the `dns`
-  object, remove `querylog` object and `querylog.ignored` property, and change
-  the `schema_version` back to `14`.
-
-### Deprecated
-
-- Go 1.19 support.  Future versions will require at least Go 1.20 to build.
-
-### Fixed
-
-- Setting the AD (Authenticated Data) flag on responses that have the DO (DNSSEC
-  OK) flag set but not the AD flag ([#5479]).
-- Client names resolved via reverse DNS not being updated ([#4939]).
-- The icon for League Of Legends on the Blocked services page ([#5433]).
-
-### Removed
-
-- Go 1.18 support, as it has reached end of life.
-
-[#1717]: https://github.com/AdguardTeam/AdGuardHome/issues/1717
-[#4299]: https://github.com/AdguardTeam/AdGuardHome/issues/4299
-[#4939]: https://github.com/AdguardTeam/AdGuardHome/issues/4939
-[#5433]: https://github.com/AdguardTeam/AdGuardHome/issues/5433
-[#5479]: https://github.com/AdguardTeam/AdGuardHome/issues/5479
-
-[go-1.19.6]:    https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
-[ms-v0.107.24]: https://github.com/AdguardTeam/AdGuardHome/milestone/60?closed=1
-
-
-
 ## [v0.107.23] - 2023-02-01
 
 See also the [v0.107.23 GitHub milestone][ms-v0.107.23].
@@ -1148,6 +1031,7 @@ In this release, the schema version has changed from 10 to 12.
 
   To rollback this change, convert the property back into days and change the
   `schema_version` back to `11`.
+
 - Property `rlimit_nofile`, which in schema versions 10 and earlier used to be
   on the top level, is now moved to the new `os` object:
 
@@ -1694,13 +1578,11 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].
 
 
 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.26...HEAD
-[v0.107.26]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.25...v0.107.26
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.24...HEAD
+[v0.107.24]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.23...v0.107.24
 -->
 
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.25...HEAD
-[v0.107.25]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.24...v0.107.25
-[v0.107.24]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.23...v0.107.24
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.23...HEAD
 [v0.107.23]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.22...v0.107.23
 [v0.107.22]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.21...v0.107.22
 [v0.107.21]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.20...v0.107.21

Makefile

@@ -4,26 +4,17 @@
 # See https://pubs.opengroup.org/onlinepubs/9699919799/utilities/make.html.
 .POSIX:
 
-# This comment is used to simplify checking local copies of the
-# Makefile.  Bump this number every time a significant change is made to
-# this Makefile.
-#
-# AdGuard-Project-Version: 2
-
-# Don't name these macros "GO" etc., because GNU Make apparently makes
-# them exported environment variables with the literal value of
-# "${GO:-go}" and so on, which is not what we need.  Use a dot in the
-# name to make sure that users don't have an environment variable with
-# the same name.
-#
-# See https://unix.stackexchange.com/q/646255/105635.
-GO.MACRO = $${GO:-go}
-VERBOSE.MACRO = $${VERBOSE:-0}
-
 CHANNEL = development
 CLIENT_DIR = client
 COMMIT = $$( git rev-parse --short HEAD )
 DIST_DIR = dist
+# Don't name this macro "GO", because GNU Make apparenly makes it an
+# exported environment variable with the literal value of "${GO:-go}",
+# which is not what we need.  Use a dot in the name to make sure that
+# users don't have an environment variable with the same name.
+#
+# See https://unix.stackexchange.com/q/646255/105635.
+GO.MACRO = $${GO:-go}
 GOPROXY = https://goproxy.cn|https://proxy.golang.org|direct
 GOSUMDB = sum.golang.google.cn
 GPG_KEY = devteam@adguard.com
@@ -34,11 +25,10 @@ NPM_INSTALL_FLAGS = $(NPM_FLAGS) --quiet --no-progress --ignore-engines\
 	--ignore-optional --ignore-platform --ignore-scripts
 RACE = 0
 SIGN = 1
+VERBOSE = 0
 VERSION = v0.0.0
 YARN = yarn
 
-NEXTAPI = 0
-
 # Macros for the build-release target.  If FRONTEND_PREBUILT is 0, the
 # default, the macro $(BUILD_RELEASE_DEPS_$(FRONTEND_PREBUILT)) expands
 # into BUILD_RELEASE_DEPS_0, and so both frontend and backend
@@ -66,14 +56,13 @@ ENV = env\
 	PATH="$${PWD}/bin:$$( "$(GO.MACRO)" env GOPATH )/bin:$${PATH}"\
 	RACE='$(RACE)'\
 	SIGN='$(SIGN)'\
-	NEXTAPI='$(NEXTAPI)'\
-	VERBOSE="$(VERBOSE.MACRO)"\
+	VERBOSE='$(VERBOSE)'\
 	VERSION='$(VERSION)'\
 
 # Keep the line above blank.
 
-# Keep this target first, so that a naked make invocation triggers a
-# full build.
+# Keep this target first, so that a naked make invocation triggers
+# a full build.
 build: deps quick-build
 
 quick-build: js-build go-build
@@ -127,4 +116,4 @@ go-os-check:
 openapi-lint: ; cd ./openapi/ && $(YARN) test
 openapi-show: ; cd ./openapi/ && $(YARN) start
 
-txt-lint: ; $(ENV) "$(SHELL)" ./scripts/make/txt-lint.sh
+txt-lint:  ; $(ENV) "$(SHELL)" ./scripts/make/txt-lint.sh

README.md

@@ -81,24 +81,12 @@ code.
 
    ###  <a href="#automated-install-linux-and-mac" id="automated-install-linux-and-mac" name="automated-install-linux-and-mac">Automated install (Unix)</a>
 
-To install with `curl` run the following command:
+Run the following command in your terminal:
 
 ```sh
 curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v
 ```
 
-To install with `wget` run the following command:
-
-```sh
-wget --no-verbose -O - https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v
-```
-
-To install with `fetch` run the following command:
-
-```sh
-fetch -o - https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v
-```
-
 The script also accepts some options:
 
  *  `-c <channel>` to use specified channel;
@@ -261,7 +249,7 @@ Run `make init` to prepare the development environment.
 
 You will need this to build AdGuard Home:
 
- *  [Go](https://golang.org/dl/) v1.19 or later;
+ *  [Go](https://golang.org/dl/) v1.18 or later;
  *  [Node.js](https://nodejs.org/en/download/) v10.16.2 or later;
  *  [npm](https://www.npmjs.com/) v6.14 or later;
  *  [yarn](https://yarnpkg.com/) v1.22.5 or later.

bamboo-specs/release.yaml

@@ -7,7 +7,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
   'channel': 'edge'
-  'dockerGo': 'adguard/golang-ubuntu:6.1'
+  'dockerGo': 'adguard/golang-ubuntu:5.4'
 
 'stages':
 - 'Build frontend':
@@ -136,12 +136,8 @@
 
         set -e -f -u -x
 
-        COMMIT="${bamboo.repository.revision.number}"
-        export COMMIT
-        readonly COMMIT
-
         # Explicitly checkout the revision that we need.
-        git checkout "$COMMIT"
+        git checkout "${bamboo.repository.revision.number}"
 
         # Install Qemu, create builder.
         docker version -f '{{ .Server.Experimental }}'
@@ -161,13 +157,12 @@
         docker info
 
         # Prepare and push the build.
-        env\
+        make\
                 CHANNEL="${bamboo.channel}"\
-                DIST_DIR='dist'\
                 DOCKER_IMAGE_NAME='adguard/adguardhome'\
                 DOCKER_OUTPUT="type=image,name=adguard/adguardhome,push=true"\
                 VERBOSE='1'\
-                sh ./scripts/make/build-docker.sh
+                build-docker
       'environment':
         DOCKER_CLI_EXPERIMENTAL=enabled
   'final-tasks':
@@ -228,7 +223,6 @@
 
         channel="${bamboo.channel}"
         readonly channel
-
         case "$channel"
         in
         ('release')
@@ -275,10 +269,8 @@
 
         set -e -f -u -x
 
-        channel="${bamboo.channel}"
-        readonly channel
-
-        if [ "$channel" != 'release' ] && [ "${channel}" != 'beta' ]
+        export CHANNEL="${bamboo.channel}"
+        if [ "$CHANNEL" != 'release' ] && [ "${CHANNEL}" != 'beta' ]
         then
               echo "don't publish to GitHub Releases for this channel"
 
@@ -331,7 +323,7 @@
     # need to build a few of these.
     'variables':
       'channel': 'beta'
-      'dockerGo': 'adguard/golang-ubuntu:6.1'
+      'dockerGo': 'adguard/golang-ubuntu:5.4'
 # release-vX.Y.Z branches are the branches from which the actual final release
 # is built.
 - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
@@ -346,4 +338,4 @@
     # are the ones that actually get released.
     'variables':
       'channel': 'release'
-      'dockerGo': 'adguard/golang-ubuntu:6.1'
+      'dockerGo': 'adguard/golang-ubuntu:5.4'

bamboo-specs/test.yaml

@@ -5,7 +5,7 @@
   'key': 'AHBRTSPECS'
   'name': 'AdGuard Home - Build and run tests'
 'variables':
-  'dockerGo': 'adguard/golang-ubuntu:6.1'
+  'dockerGo': 'adguard/golang-ubuntu:5.4'
 
 'stages':
 - 'Tests':

client/src/__locales/be.json

@@ -261,7 +261,7 @@
     "query_log_configuration": "Налада часопіса",
     "query_log_disabled": "Часопіс запытаў выключаны, яго можна ўключыць у <0>наладах</0>",
     "query_log_strict_search": "Ужывайце падвойныя двукоссі для строгага пошуку",
-    "query_log_retention_confirm": "Вы ўпэўнены, што хочаце змяніць тэрмін захоўвання запытаў? Пры памяншэнні інтэрвалу, некаторыя даныя могуць быць страчаны",
+    "query_log_retention_confirm": "Вы ўпэўнены, што хочаце змяніць тэрмін захоўвання запытаў? Пры скарачэнні інтэрвалу дадзеныя могуць быць згублены",
     "anonymize_client_ip": "Ананімізацыя IP-адрасы кліента",
     "anonymize_client_ip_desc": "Не захоўвайце поўныя IP-адрасы гэтых удзельнікаў у часопісах або статыстыцы",
     "dns_config": "Налады DNS-сервера",
@@ -356,7 +356,7 @@
     "install_devices_android_list_5": "Зараз можна змяніць палі «DNS 1» і «DNS 2». Увядзіце ў іх адрасы AdGuard Home.",
     "install_devices_ios_list_1": "Увайдзіце ў меню налад прылады.",
     "install_devices_ios_list_2": "Абярыце пункт «Wi-Fi» (для мабільных сетак ручная наладка DNS немагчыма).",
-    "install_devices_ios_list_3": "Націсніце на назву актыўнай у дадзены момант сеткі.",
+    "install_devices_ios_list_3": "Націсніце на назву сетцы, да якой прылада падлучана ў дадзены момант.",
     "install_devices_ios_list_4": "У поле «DNS» увядзіце ўвядзіце адрасы AdGuard Home.",
     "get_started": "Паехалі",
     "next": "Далей",
@@ -517,10 +517,10 @@
     "filter_updated": "Спіс паспяхова абноўлены",
     "statistics_configuration": "Канфігурацыя статыстыкі",
     "statistics_retention": "Захаванне статыстыкі",
-    "statistics_retention_desc": "Калі вы паменшыце значэнне інтэрвалу, некаторыя даныя могуць быць страчаны",
+    "statistics_retention_desc": "Калі вы зменшыце значэнне інтэрвалу, некаторыя дадзеныя могуць быць згублены",
     "statistics_clear": "Ачысціць статыстыку",
     "statistics_clear_confirm": "Вы ўпэўнены, што хочаце ачысціць статыстыку?",
-    "statistics_retention_confirm": "Вы ўпэўнены, што хочаце змяніць тэрмін захоўвання статыстыкі? Пры памяншэнні інтэрвалу, некаторыя даныя могуць быць страчаны",
+    "statistics_retention_confirm": "Вы ўпэўнены, што хочаце змяніць тэрмін захоўвання статыстыкі? Пры скарачэнні інтэрвалу дадзеныя могуць быць згублены",
     "statistics_cleared": "Статыстыка паспяхова вычышчана",
     "statistics_enable": "Уключыць статыстыку",
     "interval_hours": "{{count}} гадзіна",
@@ -598,7 +598,7 @@
     "show_blocked_responses": "Заблакавана",
     "show_whitelisted_responses": "Белы спіс",
     "show_processed_responses": "Апрацавана",
-    "blocked_safebrowsing": "Заблакіравана згодна з базай даных Safe Browsing",
+    "blocked_safebrowsing": "Заблакавана згодна базе дадзеных Safe Browsing",
     "blocked_adult_websites": "Заблакавана Бацькоўскім кантролем",
     "blocked_threats": "Заблакавана пагроз",
     "allowed": "Дазволены",
@@ -639,7 +639,7 @@
     "safe_browsing": "Бяспечны інтэрнэт",
     "served_from_cache": "{{value}} <i>(атрымана з кэша)</i>",
     "form_error_password_length": "Пароль павінен быць не менш за {{value}} сімвалаў",
-    "anonymizer_notification": "<0>Заўвага:</0> Ананімізацыя IP уключана. Вы можаце адключыць яе ў <1>Агульных наладах</1>.",
+    "anonymizer_notification": "<0>Заўвага:</0> Ананімізацыя IP уключана. Вы можаце адключыць яго ў <1>Агульных наладах</1> .",
     "confirm_dns_cache_clear": "Вы ўпэўнены, што хочаце ачысціць кэш DNS?",
     "cache_cleared": "Кэш DNS паспяхова ачышчаны",
     "clear_cache": "Ачысціць кэш"

client/src/__locales/es.json

@@ -454,7 +454,7 @@
     "updates_checked": "La nueva versión de AdGuard Home está disponible",
     "updates_version_equal": "AdGuard Home está actualizado",
     "check_updates_now": "Buscar actualizaciones ahora",
-    "version_request_error": "Error buscar la actualización. Comprueba tu conexión a Internet.",
+    "version_request_error": "La búsqueda de actualizaciones falló. Por favor revisa tu conexión a Internet.",
     "dns_privacy": "DNS cifrado",
     "setup_dns_privacy_1": "<0>DNS mediante TLS:</0> Utiliza la cadena <1>{{address}}</1>.",
     "setup_dns_privacy_2": "<0>DNS mediante HTTPS:</0> Utiliza la cadena <1>{{address}}</1>.",
@@ -640,7 +640,7 @@
     "served_from_cache": "{{value}} <i>(servido desde la caché)</i>",
     "form_error_password_length": "La contraseña debe tener al menos {{value}} caracteres",
     "anonymizer_notification": "<0>Nota:</0> La anonimización de IP está habilitada. Puedes deshabilitarla en <1>Configuración general</1>.",
-    "confirm_dns_cache_clear": "¿Estás seguro de que deseas borrar la caché DNS?",
-    "cache_cleared": "Caché DNS borrado correctamente",
+    "confirm_dns_cache_clear": "¿Estás seguro de que deseas borrar la caché de DNS?",
+    "cache_cleared": "Caché DNS borrado con éxito",
     "clear_cache": "Borrar caché"
 }

client/src/__locales/fi.json

@@ -24,7 +24,7 @@
     "unavailable_dhcp": "DHCP ei ole käytettävissä",
     "unavailable_dhcp_desc": "AdGuard Home ei voi suorittaa DHCP-palvelinta käyttöjärjestelmässäsi",
     "dhcp_title": "DHCP-palvelin (kokeellinen!)",
-    "dhcp_description": "Jollei reitittimesi tarjoa DHCP-asetuksia, voit käyttää AdGuard Homen omaa sisäänrakennettua DHCP-palvelinta.",
+    "dhcp_description": "Jos reitittimessäsi ei ole DHCP-asetuksia, voit käyttää AdGuard Homen omaa sisäänrakennettua DHCP-palvelinta.",
     "dhcp_enable": "Ota DHCP-palvelin käyttöön",
     "dhcp_disable": "Poista DHCP-palvelin käytöstä",
     "dhcp_not_found": "On turvallista ottaa sisäänrakennettu DHCP-palvelin käyttöön, koska AdGuard Home ei havainnut verkossa muita aktiivisia DHCP-palvelimia. Suosittelemme, että varmistat tämän vielä itse, koska automaattinen tunnistus ei ole 100% varma.",

client/src/__locales/tr.json

@@ -449,7 +449,7 @@
     "access_disallowed_title": "İzin verilmeyen istemciler",
     "access_disallowed_desc": "CIDR'lerin, IP adreslerinin veya <a>İstemci Kimliklerin</a> listesi. Bu listede girişler varsa, AdGuard Home bu istemcilerden gelen istekleri keser. İzin verilen istemcilerde girişler varsa, bu alan yok sayılır.",
     "access_blocked_title": "İzin verilmeyen alan adları",
-    "access_blocked_desc": "Bu işlem filtrelerle ilgili değildir. AdGuard Home, bu alan adlarından gelen DNS sorgularını yanıtsız bırakır ve bu sorgular sorgu günlüğünde görünmez. Tam alan adlarını, joker karakterleri veya URL filtre kurallarını belirtebilirsiniz, örn. \"example.org\", \"*.example.org\" veya \"||example.org^\".",
+    "access_blocked_desc": "Bu işlem filtrelerle ilgili değildir. AdGuard Home, bu alan adlarından gelen DNS sorgularını yanıtsız bırakır ve bu sorgular sorgu günlüğünde görünmez. Tam alan adlarını, joker karakterleri veya URL filtre kurallarını belirtebilirsiniz, ör. \"example.org\", \"*.example.org\" veya \"||example.org^\".",
     "access_settings_saved": "Erişim ayarları başarıyla kaydedildi!",
     "updates_checked": "AdGuard Home'un yeni bir sürümü mevcut",
     "updates_version_equal": "AdGuard Home yazılımı güncel durumda",

client/src/__locales/zh-cn.json

@@ -16,7 +16,7 @@
     "resolve_clients_title": "启用客户端的 IP 地址的反向解析",
     "resolve_clients_desc": "通过发送 PTR 查询到对应的解析器 (本地客户端的私人 DNS 服务器，公共 IP 客户端的上游服务器) 将 IP 地址反向解析成其客户端主机名。",
     "use_private_ptr_resolvers_title": "使用私人反向 DNS 解析器",
-    "use_private_ptr_resolvers_desc": "使用这些上游服务器对本地服务的地址执行反向 DNS 查找。 如果禁用，则 AdGuard Home 会以 NXDOMAIN 响应所有此类 PTR 请求，从 DHCP、/etc/hosts 等获知的客户端除外。",
+    "use_private_ptr_resolvers_desc": "使用这些上游服务器对本地服务的地址执行反向 DNS 查找。 如果禁用，则 AdGuard Home会以 NXDOMAIN 响应所有此类PTR请求，从 DHCP、/ etc / hosts 等获知的客户端除外。",
     "check_dhcp_servers": "检查 DHCP 服务器",
     "save_config": "保存配置",
     "enabled_dhcp": "DHCP 服务器已启用",
@@ -128,7 +128,7 @@
     "number_of_dns_query_days": "过去 {{count}} 天内处理的 DNS 查询总数",
     "number_of_dns_query_days_plural": "在过去的 {{count}} 天内处理了多少个 DNS 查询",
     "number_of_dns_query_24_hours": "过去 24 小时内处理的 DNS 请求总数",
-    "number_of_dns_query_blocked_24_hours": "被广告过滤器和 Hosts 黑名单阻止的 DNS 请求总数",
+    "number_of_dns_query_blocked_24_hours": "被广告过滤器和 Hosts 拦截清单阻止的 DNS 请求总数",
     "number_of_dns_query_blocked_24_hours_by_sec": "被 AdGuard 安全浏览模块阻止的 DNS 请求总数",
     "number_of_dns_query_blocked_24_hours_adult": "被阻止的成人网站总数",
     "enforced_save_search": "强制安全搜索",
@@ -146,10 +146,10 @@
     "no_servers_specified": "未找到指定的服务器",
     "general_settings": "常规设置",
     "dns_settings": "DNS 设置",
-    "dns_blocklists": "DNS 黑名单",
-    "dns_allowlists": "DNS 白名单",
+    "dns_blocklists": "DNS 拦截列表",
+    "dns_allowlists": "DNS 允许列表",
     "dns_blocklists_desc": "AdGuard Home将阻止匹配DNS拦截清单的域名",
-    "dns_allowlists_desc": "来自 DNS 白名单的域名将被允许，即使它们位于任意黑名单中也是如此。",
+    "dns_allowlists_desc": "来自DNS允许列表的域将被允许，即使它们位于任意阻止列表中也是如此",
     "custom_filtering_rules": "自定义过滤规则",
     "encryption_settings": "加密设置",
     "dhcp_settings": "DHCP 设置",
@@ -172,28 +172,28 @@
     "list_url_table_header": "清单网址",
     "rules_count_table_header": "规则数",
     "last_time_updated_table_header": "上次更新时间",
-    "actions_table_header": "操作",
+    "actions_table_header": "活跃状态",
     "request_table_header": "请求",
     "edit_table_action": "编辑",
     "delete_table_action": "删除",
     "elapsed": "耗时",
     "filters_and_hosts_hint": "AdGuard Home 可以解析基础的 adblock 规则和 Hosts 语法。",
-    "no_blocklist_added": "未添加黑名单",
-    "no_whitelist_added": "未添加白名单",
-    "add_blocklist": "添加黑名单",
-    "add_allowlist": "添加白名单",
+    "no_blocklist_added": "未添加阻止列表",
+    "no_whitelist_added": "未添加允许列表",
+    "add_blocklist": "添加阻止列表",
+    "add_allowlist": "添加允许列表",
     "cancel_btn": "取消",
     "enter_name_hint": "输入名称",
     "enter_url_or_path_hint": "请输入URL或列表的绝对路径",
     "check_updates_btn": "检查更新",
     "new_blocklist": "新封锁清单",
-    "new_allowlist": "新增白名单",
-    "edit_blocklist": "编辑黑名单",
-    "edit_allowlist": "编辑白名单",
-    "choose_blocklist": "选择黑名单",
-    "choose_allowlist": "选择白名单",
-    "enter_valid_blocklist": "输入有效的黑名单 URL",
-    "enter_valid_allowlist": "输入有效的白名单 URL",
+    "new_allowlist": "新的允许清单",
+    "edit_blocklist": "编辑阻止列表",
+    "edit_allowlist": "编辑允许列表",
+    "choose_blocklist": "选择拦截列表",
+    "choose_allowlist": "选择允许列表",
+    "enter_valid_blocklist": "输入有效的阻止列表URL",
+    "enter_valid_allowlist": "输入有效的允许列表URL",
     "form_error_url_format": "无效的 URL 格式",
     "form_error_url_or_path_format": "无效的 URL 或列表的绝对路径",
     "custom_filter_rules": "自定义过滤器规则",
@@ -269,9 +269,9 @@
     "dns_cache_config_desc": "您可以在此处配置 DNS 缓存",
     "blocking_mode": "拦截模式",
     "default": "默认",
-    "nxdomain": "NXDOMAIN",
+    "nxdomain": "无效域名",
     "refused": "REFUSED",
-    "null_ip": "空 IP",
+    "null_ip": "无效 IP",
     "custom_ip": "自定义 IP",
     "blocking_ipv4": "拦截 IPv4",
     "blocking_ipv6": "拦截 IPv6",
@@ -296,7 +296,7 @@
     "blocking_mode_default": "默认：被 Adblock 规则拦截时反应为零 IP 地址（A记录：0.0.0.0；AAAA记录：::）；被/etc/hosts 规则拦截时反应为规则中指定 IP 地址",
     "blocking_mode_refused": "REFUSED：以 REFUSED 码响应请求",
     "blocking_mode_nxdomain": "NXDOMAIN：以NXDOMAIN码响应",
-    "blocking_mode_null_ip": "空 IP：以零 IP 地址响应（A 记录 0.0.0.0；AAAA 记录 ::）",
+    "blocking_mode_null_ip": "空IP：以零IP地址响应(A记录 0.0.0.0；AAAA记录 ::)",
     "blocking_mode_custom_ip": "自定IP：以手动设置的IP地址响应",
     "theme_auto": "自动",
     "theme_light": "浅色主题",
@@ -605,7 +605,7 @@
     "filtered": "已过滤",
     "rewritten": "重写项",
     "safe_search": "安全搜索",
-    "blocklist": "黑名单",
+    "blocklist": "拦截列表",
     "milliseconds_abbreviation": "毫秒",
     "cache_size": "缓存大小",
     "cache_size_desc": "DNS 缓存大小（单位：字节）。要关闭缓存，请留空。",
@@ -626,7 +626,7 @@
     "filter_category_general_desc": "在大多数设备上阻止跟踪和广告的列表",
     "filter_category_security_desc": "专用于拦截恶意软件、钓鱼或欺诈域名的列表",
     "filter_category_regional_desc": "专注于区域广告和跟踪服务器的列表",
-    "filter_category_other_desc": "其他黑名单",
+    "filter_category_other_desc": "其他阻止列表",
     "setup_config_to_enable_dhcp_server": "设置配置以启用 DHCP 服务器",
     "original_response": "原始响应",
     "click_to_view_queries": "点击查看查询",

client/src/helpers/constants.js

@@ -53,7 +53,7 @@ export const STATUS_COLORS = {
 export const REPOSITORY = {
     URL: 'https://github.com/AdguardTeam/AdGuardHome',
     TRACKERS_DB:
-        'https://github.com/AdguardTeam/AdGuardHome/tree/master/client/src/helpers/trackers/trackers.json',
+        'https://github.com/AdguardTeam/AdGuardHome/tree/master/client/src/helpers/trackers/adguard.json',
     ISSUES: 'https://github.com/AdguardTeam/AdGuardHome/issues/new/choose',
 };
 

client/src/helpers/filters/filters.js

@@ -101,7 +101,7 @@ export default {
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_13.txt"
         },
         "POL_polish_filters_for_pi_hole": {
-            "name": "POL: Polish filters for Pi-hole",
+            "name": "POL: Polish filters for Pi hole",
             "categoryId": "regional",
             "homepage": "https://www.certyficate.it/",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_14.txt"
@@ -160,6 +160,12 @@ export default {
             "homepage": "https://github.com/DandelionSprout/adfilt",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_6.txt"
         },
+        "energized_spark": {
+            "name": "Energized Spark",
+            "categoryId": "general",
+            "homepage": "https://energized.pro/",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_28.txt"
+        },
         "hagezi_personal": {
             "name": "HaGeZi Personal Black \u0026 White",
             "categoryId": "general",

client/src/helpers/trackers/adguard.json

@@ -0,0 +1,175 @@
+{
+    "timeUpdated": "2021-12-15",
+    "categories": {
+        "0": "audio_video_player",
+        "1": "comments",
+        "2": "customer_interaction",
+        "3": "pornvertising",
+        "4": "advertising",
+        "5": "essential",
+        "6": "site_analytics",
+        "7": "social_media",
+        "8": "misc",
+        "9": "cdn",
+        "10": "hosting",
+        "11": "unknown",
+        "12": "extensions",
+        "13": "email",
+        "14": "consent",
+        "15": "telemetry",
+        "101": "mobile_analytics"
+    },
+    "trackers": {
+        "akamai_technologies": {
+            "name": "Akamai Technologies",
+            "categoryId": 9,
+            "url": "https://www.akamai.com/",
+            "companyId": "akamai"
+        },
+        "apple": {
+            "name": "Apple",
+            "categoryId": 8,
+            "url": "https://www.apple.com/",
+            "companyId": "apple"
+        },
+        "apple_ads": {
+            "name": "Apple Search Ads",
+            "categoryId": 4,
+            "url": "https://searchads.apple.com/",
+            "companyId": "apple"
+        },
+        "facebook_audience": {
+            "name": "Facebook Audience Network",
+            "categoryId": 4,
+            "url": "https://www.facebook.com/business/products/audience-network",
+            "companyId": "facebook"
+        },
+        "crashlytics": {
+            "name": "Crashlytics",
+            "categoryId": 101,
+            "url": "https://crashlytics.com/",
+            "companyId": null
+        },
+        "flurry": {
+            "name": "Flurry",
+            "categoryId": 101,
+            "url": "http://www.flurry.com/",
+            "companyId": "verizon"
+        },
+        "hockeyapp": {
+            "name": "HockeyApp",
+            "categoryId": 101,
+            "url": "https://hockeyapp.net/",
+            "companyId": null
+        },
+        "firebase": {
+            "name": "Firebase",
+            "categoryId": 101,
+            "url": "https://firebase.google.com/",
+            "companyId": "google"
+        },
+        "appsflyer": {
+            "name": "AppsFlyer",
+            "categoryId": 101,
+            "url": "https://www.appsflyer.com/",
+            "companyId": "appsflyer"
+        },
+        "yandex_appmetrica": {
+            "name": "Yandex AppMetrica",
+            "categoryId": 101,
+            "url": "https://appmetrica.yandex.com/",
+            "companyId": "yandex"
+        },
+        "adjust": {
+            "name": "Adjust",
+            "categoryId": 101,
+            "url": "https://www.adjust.com/",
+            "companyId": "adjust"
+        },
+        "branch": {
+            "name": "Branch.io",
+            "categoryId": 101,
+            "url": "https://branch.io/",
+            "companyId": "branch_metrics_inc"
+        },
+        "markmonitor": {
+            "name": "MarkMonitor",
+            "categoryId": 4,
+            "url": "https://www.markmonitor.com/",
+            "companyId": "markmonitor"
+        },
+        "appcenter": {
+            "name": "Microsoft App Center",
+            "categoryId": 5,
+            "url": "https://appcenter.ms/",
+            "companyId": null
+        },
+        "unity_ads": {
+            "name": "Unity Ads",
+            "categoryId": 4,
+            "url": "https://unity.com/solutions/mobile-business/monetize-your-game",
+            "companyId": null
+        },
+        "azure": {
+            "name": "Microsoft Azure",
+            "categoryId": 10,
+            "url": "https://azure.microsoft.com/",
+            "companyId": "microsoft"
+        },
+        "button": {
+            "name": "Button",
+            "categoryId": 4,
+            "url": "https://www.usebutton.com/",
+            "companyId": null
+        },
+        "netflix": {
+            "name": "Netflix",
+            "categoryId": 8,
+            "url": "https://www.netflix.com/",
+            "companyId": null
+        },
+        "mail.ru_banner": {
+            "name": "Mail.Ru Banner Network",
+            "categoryId": 4,
+            "url": "http://mail.ru/",
+            "companyId": "vk"
+        },
+        "mail.ru_counter": {
+            "name": "Mail.Ru Counter",
+            "categoryId": 2,
+            "url": "http://mail.ru/",
+            "companyId": "vk"
+        },
+        "mail.ru_group": {
+            "name": "Mail.Ru Group",
+            "categoryId": 7,
+            "url": "http://mail.ru/",
+            "companyId": "vk"
+        }
+    },
+    "trackerDomains": {
+        "akadns.net": "akamai_technologies",
+        "akamaiedge.net": "akamai_technologies",
+        "apple.com": "apple",
+        "apple.news": "apple",
+        "apple-dns.net": "apple",
+        "aaplimg.com": "apple",
+        "icloud.com": "apple",
+        "mzstatic.com": "apple",
+        "iadsdk.apple.com": "apple_ads",
+        "graph.facebook.com": "facebook_audience",
+        "crashlytics.com": "crashlytics",
+        "flurry.com": "flurry",
+        "hockeyapp.net": "hockeyapp",
+        "app-measurement.com": "firebase",
+        "appsflyer.com": "appsflyer",
+        "appmetrica.yandex.com": "yandex_appmetrica",
+        "adjust.com": "adjust",
+        "mobileapptracking.com": "branch",
+        "edgecastcdn.net": "markmonitor",
+        "appcenter.ms": "appcenter",
+        "unityads.unity3d.com": "unity_ads",
+        "azure.com": "azure",
+        "bttn.io": "button"
+    }
+}

client/src/helpers/trackers/trackers.js

@@ -1,5 +1,6 @@
+import whotracksmeDb from './whotracksme.json';
 import whotracksmeWebsites from './whotracksme_web.json';
-import trackersDb from './trackers.json';
+import adguardDb from './adguard.json';
 import { REPOSITORY } from '../constants';
 
 /**
@@ -38,7 +39,6 @@ const getWhotracksmeUrl = (trackerId) => {
 
 /**
  * Gets the source metadata for the specified tracker
- *
  * @param {TrackerData} trackerData tracker data
  * @returns {source} source metadata or null if no matching tracker found
  */
@@ -64,26 +64,14 @@ export const getSourceData = (trackerData) => {
 };
 
 /**
- * Converts the JSON string source into numeric source for AdGuard Home
- *
- * @param {TrackerData} trackerData tracker data
- * @returns {number} source number
- */
-const convertSource = (sourceStr) => {
-    if (!sourceStr || sourceStr !== 'AdGuard') {
-        return sources.WHOTRACKSME;
-    }
-
-    return sources.ADGUARD;
-};
-
-/**
- * Gets tracker data from the trackers database
+ * Gets tracker data in the specified database
  *
  * @param {String} domainName domain name to check
+ * @param {*} trackersDb trackers database
+ * @param {number} source source ID
  * @returns {TrackerData} tracker data or null if no matching tracker found
  */
-export const getTrackerData = (domainName) => {
+const getTrackerDataFromDb = (domainName, trackersDb, source) => {
     if (!domainName) {
         return null;
     }
@@ -100,7 +88,7 @@ export const getTrackerData = (domainName) => {
         if (trackerId) {
             const trackerData = trackersDb.trackers[trackerId];
             const categoryName = trackersDb.categories[trackerData.categoryId];
-            const source = convertSource(trackerData.source);
+            trackerData.source = source;
             const sourceData = getSourceData(trackerData);
 
             return {
@@ -117,3 +105,22 @@ export const getTrackerData = (domainName) => {
     // No tracker found for the specified domain
     return null;
 };
+
+/**
+ * Gets tracker data from the trackers database
+ *
+ * @param {String} domainName domain name to check
+ * @returns {TrackerData} tracker data or null if no matching tracker found
+ */
+export const getTrackerData = (domainName) => {
+    if (!domainName) {
+        return null;
+    }
+
+    let data = getTrackerDataFromDb(domainName, adguardDb, sources.ADGUARD);
+    if (!data) {
+        data = getTrackerDataFromDb(domainName, whotracksmeDb, sources.WHOTRACKSME);
+    }
+
+    return data;
+};

client/src/helpers/trackers/whotracksme.json

@@ -1,5 +1,5 @@
 {
-    "timeUpdated": "2023-02-21T12:46:33.324Z",
+    "timeUpdated": "2022-10-15T00:14:03.765Z",
     "categories": {
         "0": "audio_video_player",
         "1": "comments",
@@ -16,8 +16,7 @@
         "12": "extensions",
         "13": "email",
         "14": "consent",
-        "15": "telemetry",
-        "101": "mobile_analytics"
+        "15": "telemetry"
     },
     "trackers": {
         "163": {
@@ -873,11 +872,10 @@
             "companyId": "adgoto"
         },
         "adguard": {
-            "name": "AdGuard",
-            "categoryId": 8,
+            "name": "Adguard",
+            "categoryId": 12,
             "url": "https://adguard.com/",
-            "companyId": "adguard",
-            "source": "AdGuard"
+            "companyId": null
         },
         "adhands": {
             "name": "AdHands",
@@ -953,10 +951,9 @@
         },
         "adjust": {
             "name": "Adjust",
-            "categoryId": 101,
+            "categoryId": 6,
             "url": "https://www.adjust.com/",
-            "companyId": "adjust",
-            "source": "AdGuard"
+            "companyId": "adjust"
         },
         "adk2": {
             "name": "adk2",
@@ -2144,8 +2141,7 @@
             "name": "Akamai Technologies",
             "categoryId": 9,
             "url": "https://www.akamai.com/",
-            "companyId": "akamai",
-            "source": "AdGuard"
+            "companyId": "akamai"
         },
         "akamoihd.net": {
             "name": "akamoihd.net",
@@ -2545,10 +2541,9 @@
         },
         "appsflyer": {
             "name": "AppsFlyer",
-            "categoryId": 101,
+            "categoryId": 6,
             "url": "https://www.appsflyer.com/",
-            "companyId": "appsflyer",
-            "source": "AdGuard"
+            "companyId": "appsflyer"
         },
         "apptv": {
             "name": "appTV",
@@ -6772,64 +6767,55 @@
             "name": "Facebook",
             "categoryId": 4,
             "url": "https://www.facebook.com",
-            "companyId": "meta",
-            "source": "AdGuard"
+            "companyId": "facebook"
         },
         "facebook_beacon": {
             "name": "Facebook Beacon",
             "categoryId": 7,
             "url": "http://www.facebook.com/beacon/faq.php",
-            "companyId": "meta",
-            "source": "AdGuard"
+            "companyId": "facebook"
         },
         "facebook_cdn": {
             "name": "Facebook CDN",
             "categoryId": 9,
             "url": "https://www.facebook.com",
-            "companyId": "meta",
-            "source": "AdGuard"
+            "companyId": "facebook"
         },
         "facebook_connect": {
             "name": "Facebook Connect",
             "categoryId": 6,
             "url": "https://developers.facebook.com/connect.php",
-            "companyId": "meta",
-            "source": "AdGuard"
+            "companyId": "facebook"
         },
         "facebook_conversion_tracking": {
             "name": "Facebook Conversion Tracking",
             "categoryId": 4,
             "url": "http://www.facebook.com/",
-            "companyId": "meta",
-            "source": "AdGuard"
+            "companyId": "facebook"
         },
         "facebook_custom_audience": {
             "name": "Facebook Custom Audience",
             "categoryId": 4,
             "url": "https://www.facebook.com",
-            "companyId": "meta",
-            "source": "AdGuard"
+            "companyId": "facebook"
         },
         "facebook_graph": {
             "name": "Facebook Social Graph",
             "categoryId": 7,
             "url": "https://developers.facebook.com/docs/reference/api/",
-            "companyId": "meta",
-            "source": "AdGuard"
+            "companyId": "facebook"
         },
         "facebook_impressions": {
             "name": "Facebook Impressions",
             "categoryId": 4,
             "url": "https://www.facebook.com/",
-            "companyId": "meta",
-            "source": "AdGuard"
+            "companyId": "facebook"
         },
         "facebook_social_plugins": {
             "name": "Facebook Social Plugins",
             "categoryId": 7,
             "url": "https://developers.facebook.com/plugins",
-            "companyId": "meta",
-            "source": "AdGuard"
+            "companyId": "facebook"
         },
         "facetz.dca": {
             "name": "Facetz.DCA",
@@ -7109,10 +7095,9 @@
         },
         "flurry": {
             "name": "Flurry",
-            "categoryId": 101,
+            "categoryId": 6,
             "url": "http://www.flurry.com/",
-            "companyId": "verizon",
-            "source": "AdGuard"
+            "companyId": "verizon"
         },
         "flxone": {
             "name": "FLXONE",
@@ -8918,8 +8903,7 @@
             "name": "Instagram",
             "categoryId": 8,
             "url": "https://www.facebook.com/",
-            "companyId": "meta",
-            "source": "AdGuard"
+            "companyId": "facebook"
         },
         "instant_check_mate": {
             "name": "Instant Check Mate",
@@ -10509,22 +10493,19 @@
             "name": "Mail.Ru Banner Network",
             "categoryId": 4,
             "url": "http://mail.ru/",
-            "companyId": "vk",
-            "source": "AdGuard"
+            "companyId": "megafon"
         },
         "mail.ru_counter": {
             "name": "Mail.Ru Counter",
             "categoryId": 2,
-            "url": "http://mail.ru/",
-            "companyId": "vk",
-            "source": "AdGuard"
+            "url": "https://corp.megafon.com/",
+            "companyId": "megafon"
         },
         "mail.ru_group": {
             "name": "Mail.Ru Group",
             "categoryId": 7,
             "url": "http://mail.ru/",
-            "companyId": "vk",
-            "source": "AdGuard"
+            "companyId": "megafon"
         },
         "mailchimp_tracking": {
             "name": "MailChimp Tracking",
@@ -10650,8 +10631,7 @@
             "name": "MarkMonitor",
             "categoryId": 4,
             "url": "https://www.markmonitor.com/",
-            "companyId": "markmonitor",
-            "source": "AdGuard"
+            "companyId": "markmonitor"
         },
         "marktest": {
             "name": "Marktest",
@@ -11711,10 +11691,9 @@
         },
         "netflix": {
             "name": "Netflix",
-            "categoryId": 0,
-            "url": "https://www.netflix.com/",
-            "companyId": "netflix",
-            "source": "AdGuard"
+            "categoryId": 8,
+            "url": null,
+            "companyId": null
         },
         "netletix": {
             "name": "Netletix",
@@ -17990,22 +17969,19 @@
             "name": "Vk.com",
             "categoryId": 7,
             "url": "https://vk.com/",
-            "companyId": "vk",
-            "source": "AdGuard"
+            "companyId": "megafon"
         },
         "vkontakte": {
             "name": "VKontakte",
             "categoryId": 7,
             "url": "https://vk.com/",
-            "companyId": "vk",
-            "source": "AdGuard"
+            "companyId": "megafon"
         },
         "vkontakte_widgets": {
             "name": "VKontakte Widgets",
             "categoryId": 7,
-            "url": "https://dev.vk.com/",
-            "companyId": "vk",
-            "source": "AdGuard"
+            "url": "http://vk.com/developers.php",
+            "companyId": "megafon"
         },
         "vntsm.com": {
             "name": "Venatus Media",
@@ -19224,237 +19200,6 @@
             "categoryId": 4,
             "url": "http://www.zypmedia.com/",
             "companyId": "zypmedia"
-        },
-        "slack": {
-            "name": "Slack",
-            "categoryId": 8,
-            "url": "https://www.slack.com/",
-            "companyId": "salesforce",
-            "source": "AdGuard"
-        },
-        "apple": {
-            "name": "Apple",
-            "categoryId": 8,
-            "url": "https://www.apple.com/",
-            "companyId": "apple",
-            "source": "AdGuard"
-        },
-        "apple_ads": {
-            "name": "Apple Search Ads",
-            "categoryId": 4,
-            "url": "https://searchads.apple.com/",
-            "companyId": "apple",
-            "source": "AdGuard"
-        },
-        "facebook_audience": {
-            "name": "Facebook Audience Network",
-            "categoryId": 4,
-            "url": "https://www.facebook.com/business/products/audience-network",
-            "companyId": "meta",
-            "source": "AdGuard"
-        },
-        "crashlytics": {
-            "name": "Crashlytics",
-            "categoryId": 101,
-            "url": "https://crashlytics.com/",
-            "companyId": null,
-            "source": "AdGuard"
-        },
-        "showrss": {
-            "name": "showRSS",
-            "categoryId": 8,
-            "url": "https://showrss.info/",
-            "companyId": "showrss",
-            "source": "AdGuard"
-        },
-        "hockeyapp": {
-            "name": "HockeyApp",
-            "categoryId": 101,
-            "url": "https://hockeyapp.net/",
-            "companyId": null,
-            "source": "AdGuard"
-        },
-        "gmail": {
-            "name": "Gmail",
-            "categoryId": 13,
-            "url": "https://mail.google.com/",
-            "companyId": "google",
-            "source": "AdGuard"
-        },
-        "google_trust_services": {
-            "name": "Google Trust Services",
-            "categoryId": 5,
-            "url": "https://pki.goog/",
-            "companyId": "google",
-            "source": "AdGuard"
-        },
-        "firebase": {
-            "name": "Firebase",
-            "categoryId": 101,
-            "url": "https://firebase.google.com/",
-            "companyId": "google",
-            "source": "AdGuard"
-        },
-        "yandex_appmetrica": {
-            "name": "Yandex AppMetrica",
-            "categoryId": 101,
-            "url": "https://appmetrica.yandex.com/",
-            "companyId": "yandex",
-            "source": "AdGuard"
-        },
-        "branch": {
-            "name": "Branch.io",
-            "categoryId": 101,
-            "url": "https://branch.io/",
-            "companyId": "branch_metrics_inc",
-            "source": "AdGuard"
-        },
-        "telstra": {
-            "name": "Telstra",
-            "categoryId": 8,
-            "url": "https://www.telstra.com.au/",
-            "companyId": "telstra",
-            "source": "AdGuard"
-        },
-        "medialab": {
-            "name": "MediaLab.AI Inc.",
-            "categoryId": 8,
-            "url": "https://medialab.la/",
-            "companyId": "medialab",
-            "source": "AdGuard"
-        },
-        "qualcomm": {
-            "name": "Qualcomm",
-            "categoryId": 8,
-            "url": "https://www.qualcomm.com/",
-            "companyId": "qualcomm",
-            "source": "AdGuard"
-        },
-        "solaredge": {
-            "name": "SolarEdge Technologies, Inc.",
-            "categoryId": 8,
-            "url": "https://www.solaredge.com/",
-            "companyId": "solaredge",
-            "source": "AdGuard"
-        },
-        "sectigo": {
-            "name": "Sectigo Limited",
-            "categoryId": 5,
-            "url": "https://www.solaredge.com/",
-            "companyId": "sectigo",
-            "source": "AdGuard"
-        },
-        "element": {
-            "name": "Element",
-            "categoryId": 7,
-            "url": "https://element.io/",
-            "companyId": "element",
-            "source": "AdGuard"
-        },
-        "oztam": {
-            "name": "OzTAM",
-            "categoryId": 8,
-            "url": "https://oztam.com.au/",
-            "companyId": "oztam",
-            "source": "AdGuard"
-        },
-        "oppo": {
-            "name": "OPPO",
-            "categoryId": 101,
-            "url": "https://www.oppo.com/",
-            "companyId": "oppo",
-            "source": "AdGuard"
-        },
-        "outlook": {
-            "name": "Microsoft Outlook",
-            "categoryId": 13,
-            "url": "https://outlook.live.com/",
-            "companyId": "microsoft",
-            "source": "AdGuard"
-        },
-        "appcenter": {
-            "name": "Microsoft App Center",
-            "categoryId": 5,
-            "url": "https://appcenter.ms/",
-            "companyId": null,
-            "source": "AdGuard"
-        },
-        "unity_ads": {
-            "name": "Unity Ads",
-            "categoryId": 4,
-            "url": "https://unity.com/solutions/mobile-business/monetize-your-game",
-            "companyId": null,
-            "source": "AdGuard"
-        },
-        "azure": {
-            "name": "Microsoft Azure",
-            "categoryId": 10,
-            "url": "https://azure.microsoft.com/",
-            "companyId": "microsoft",
-            "source": "AdGuard"
-        },
-        "button": {
-            "name": "Button",
-            "categoryId": 4,
-            "url": "https://www.usebutton.com/",
-            "companyId": null,
-            "source": "AdGuard"
-        },
-        "lets_encrypt": {
-            "name": "Let's Encrypt",
-            "categoryId": 5,
-            "url": "https://letsencrypt.org/",
-            "companyId": "lets_encrypt",
-            "source": "AdGuard"
-        },
-        "kik": {
-            "name": "Kik",
-            "categoryId": 7,
-            "url": "https://kik.com/",
-            "companyId": "kik",
-            "source": "AdGuard"
-        },
-        "plex": {
-            "name": "Plex",
-            "categoryId": 0,
-            "url": "https://www.plex.tv/",
-            "companyId": "plex",
-            "source": "AdGuard"
-        },
-        "matrix": {
-            "name": "Matrix",
-            "categoryId": 5,
-            "url": "https://matrix.org/",
-            "companyId": "matrix",
-            "source": "AdGuard"
-        },
-        "ntppool": {
-            "name": "Network Time Protocol",
-            "categoryId": 5,
-            "url": "https://ntp.org/",
-            "companyId": "ntppool",
-            "source": "AdGuard"
-        },
-        "whatsapp": {
-            "name": "WhatsApp",
-            "categoryId": 8,
-            "url": "https://www.whatsapp.com/",
-            "companyId": "meta",
-            "source": "AdGuard"
-        },
-        "vscode": {
-            "name": "Visual Studio Code",
-            "categoryId": 8,
-            "url": "https://code.visualstudio.com/",
-            "companyId": "microsoft",
-            "source": "AdGuard"
-        },
-        "msedge": {
-            "name": "Microsoft Edge",
-            "categoryId": 8,
-            "url": "https://www.microsoft.com/en-us/edge",
-            "companyId": "microsoft",
-            "source": "AdGuard"
         }
     },
     "trackerDomains": {
@@ -20995,7 +20740,7 @@
         "facebook.net": "facebook",
         "fbcdn.net": "facebook_cdn",
         "fbsbx.com": "facebook_cdn",
-        "graph.facebook.com": "facebook_audience",
+        "graph.facebook.com": "facebook_graph",
         "facetz.net": "facetz.dca",
         "adsfac.eu": "facilitate_digital",
         "adsfac.net": "facilitate_digital",
@@ -21528,7 +21273,7 @@
         "isocket.com": "isocket",
         "ispot.tv": "ispot.tv",
         "itineraire.info": "itineraire.info",
-        "apple.com": "apple",
+        "apple.com": "itunes_link_maker",
         "autolinkmaker.itunes.apple.com": "itunes_link_maker",
         "ity.im": "ity.im",
         "iubenda.com": "iubenda.com",
@@ -21982,7 +21727,7 @@
         "azurewebsites.net": "microsoft",
         "cloudapp.net": "microsoft",
         "gfx.ms": "microsoft",
-        "live.com": "outlook",
+        "live.com": "microsoft",
         "microsoft.com": "microsoft",
         "microsoftonline-p.com": "microsoft",
         "microsoftonline.com": "microsoft",
@@ -23784,107 +23529,6 @@
         "zukxd6fkxqn.com": "zukxd6fkxqn.com",
         "zwaar.net": "zwaar",
         "zwaar.org": "zwaar",
-        "extend.tv": "zypmedia",
-        "whatsapp.net": "whatsapp",
-        "whatsapp.com": "whatsapp",
-        "telstra.com.au": "telstra",
-        "telstra.com": "telstra",
-        "slack.com": "slack",
-        "slackb.com": "slack",
-        "slack-edge.com": "slack",
-        "slack-imgs.com": "slack",
-        "addlive.io": "snap",
-        "feelinsonice.com": "snap",
-        "sc-cdn.net": "snap",
-        "sc-corp.net": "snap",
-        "sc-gw.com": "snap",
-        "sc-jpl.com": "snap",
-        "sc-prod.net": "snap",
-        "snap-dev.net": "snap",
-        "snapads.com": "snap",
-        "snapkit.com": "snap",
-        "adguard.app": "adguard",
-        "adguard.io": "adguard",
-        "adguard.org": "adguard",
-        "adguard-dns.com": "adguard",
-        "adguard-dns.io": "adguard",
-        "adguard-vpn.com": "adguard",
-        "adguardvpn.com": "adguard",
-        "adguard-vpn.online": "adguard",
-        "oppomobile.com": "oppo",
-        "heytapmobi.com": "oppo",
-        "heytapmobile.com": "oppo",
-        "heytapdl.com": "oppo",
-        "allawnos.com": "oppo",
-        "allawntech.com": "oppo",
-        "nflximg.com": "netflix",
-        "element.io": "element",
-        "riot.im": "element",
-        "gvt1.com": "google_servers",
-        "gvt2.com": "google_servers",
-        "gvt3.com": "google_servers",
-        "akadns.net": "akamai_technologies",
-        "akamaiedge.net": "akamai_technologies",
-        "akaquill.net": "akamai_technologies",
-        "me.com": "apple",
-        "apple.news": "apple",
-        "apple-dns.net": "apple",
-        "aaplimg.com": "apple",
-        "icloud.com": "apple",
-        "itunes.com": "apple",
-        "icloud-content.com": "apple",
-        "kik.com": "kik",
-        "apikik.com": "kik",
-        "kik-live.com": "kik",
-        "mzstatic.com": "apple",
-        "cdn-apple.com": "apple",
-        "apple-mapkit.com": "apple",
-        "icons.axm-usercontent-apple.com": "apple",
-        "apple-cloudkit.com": "apple",
-        "apzones.com": "apple",
-        "apple-livephotoskit.com": "apple",
-        "safebrowsing.apple": "apple",
-        "safebrowsing.g.applimg.com": "apple",
-        "matrix.org": "matrix",
-        "medialab.la": "medialab",
-        "media-lab.ai": "medialab",
-        "phicdn.net": "digicert_trust_seal",
-        "e-msedge.net": "msedge",
-        "l-msedge.net": "msedge",
-        "exp-tas.com": "vscode",
-        "vscode-unpkg.net": "vscode",
-        "v0cdn.net": "vscode",
-        "vscode-cdn.net": "vscode",
-        "iadsdk.apple.com": "apple_ads",
-        "showrss.info": "showrss",
-        "sectigo.com": "sectigo",
-        "solaredge.com": "solaredge",
-        "crashlytics.com": "crashlytics",
-        "cloudflare-dns.com": "cloudflare",
-        "flurry.com": "flurry",
-        "hockeyapp.net": "hockeyapp",
-        "app-measurement.com": "firebase",
-        "appmetrica.yandex.com": "yandex_appmetrica",
-        "letsencrypt.org": "lets_encrypt",
-        "lencr.org": "lets_encrypt",
-        "oztam.com.au": "oztam",
-        "mobileapptracking.com": "branch",
-        "ntp.org": "ntppool",
-        "ntppool.org": "ntppool",
-        "plex.tv": "plex",
-        "plex.direct": "plex",
-        "edgecastcdn.net": "markmonitor",
-        "appcenter.ms": "appcenter",
-        "unityads.unity3d.com": "unity_ads",
-        "usertrust.com": "trustlogo",
-        "azure.com": "azure",
-        "trafficmanager.net": "azure",
-        "hotmail.com": "outlook",
-        "outlook.com": "outlook",
-        "bttn.io": "button",
-        "pki.goog": "google_trust_services",
-        "xtracloud.net": "qualcomm",
-        "qualcomm.com": "qualcomm",
-        "gmail.com": "gmail"
+        "extend.tv": "zypmedia"
     }
 }

go.mod

@@ -1,11 +1,11 @@
 module github.com/AdguardTeam/AdGuardHome
 
-go 1.19
+go 1.18
 
 require (
-	// TODO(a.garipov): Use v0.48.0 when it's released.
-	github.com/AdguardTeam/dnsproxy v0.48.0
-	github.com/AdguardTeam/golibs v0.12.0
+	// TODO(a.garipov): Return to a tagged version once DNS64 is in.
+	github.com/AdguardTeam/dnsproxy v0.46.6-0.20230125113741-98cb8a899e49
+	github.com/AdguardTeam/golibs v0.11.4
 	github.com/AdguardTeam/urlfilter v0.16.1
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.2.5
@@ -19,26 +19,27 @@ require (
 	github.com/google/uuid v1.3.0
 	github.com/insomniacslk/dhcp v0.0.0-20221215072855-de60144f33f8
 	github.com/kardianos/service v1.2.2
+	github.com/lucas-clemente/quic-go v0.31.1
 	github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118
 	github.com/mdlayher/netlink v1.7.1
 	// TODO(a.garipov): This package is deprecated; find a new one or use
 	// our own code for that.  Perhaps, use gopacket.
 	github.com/mdlayher/raw v0.1.0
 	github.com/miekg/dns v1.1.50
-	github.com/quic-go/quic-go v0.32.0
 	github.com/stretchr/testify v1.8.1
 	github.com/ti-mo/netfilter v0.5.0
 	go.etcd.io/bbolt v1.3.7
-	golang.org/x/crypto v0.6.0
-	golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb
-	golang.org/x/net v0.7.0
-	golang.org/x/sys v0.5.0
-	gopkg.in/natefinch/lumberjack.v2 v2.2.1
+	golang.org/x/crypto v0.5.0
+	golang.org/x/exp v0.0.0-20230131160201-f062dba9d201
+	golang.org/x/net v0.5.0
+	golang.org/x/sys v0.4.0
+	gopkg.in/natefinch/lumberjack.v2 v2.0.0
 	gopkg.in/yaml.v3 v3.0.1
 	howett.net/plist v1.0.0
 )
 
 require (
+	github.com/BurntSushi/toml v1.1.0 // indirect
 	github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect
 	github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 // indirect
 	github.com/ameshkov/dnsstamps v1.0.3 // indirect
@@ -47,22 +48,20 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
 	github.com/golang/mock v1.6.0 // indirect
-	github.com/google/pprof v0.0.0-20230207041349-798e818bf904 // indirect
+	github.com/google/pprof v0.0.0-20230131232505-5a9e8f65f08f // indirect
 	github.com/josharian/native v1.1.0 // indirect
+	github.com/marten-seemann/qpack v0.3.0 // indirect
+	github.com/marten-seemann/qtls-go1-18 v0.1.4 // indirect
+	github.com/marten-seemann/qtls-go1-19 v0.1.2 // indirect
 	github.com/mdlayher/packet v1.1.1 // indirect
 	github.com/mdlayher/socket v0.4.0 // indirect
-	github.com/onsi/ginkgo/v2 v2.8.3 // indirect
+	github.com/onsi/ginkgo/v2 v2.8.0 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
-	github.com/pierrec/lz4/v4 v4.1.17 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/quic-go/qpack v0.4.0 // indirect
-	github.com/quic-go/qtls-go1-18 v0.2.0 // indirect
-	github.com/quic-go/qtls-go1-19 v0.2.1 // indirect
-	github.com/quic-go/qtls-go1-20 v0.1.1 // indirect
-	github.com/u-root/uio v0.0.0-20230220225925-ffce2a382923 // indirect
-	golang.org/x/mod v0.8.0 // indirect
+	github.com/u-root/uio v0.0.0-20221213070652-c3537552635f // indirect
+	golang.org/x/mod v0.7.0 // indirect
 	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
-	golang.org/x/tools v0.6.0 // indirect
+	golang.org/x/text v0.6.0 // indirect
+	golang.org/x/tools v0.5.0 // indirect
 )

go.sum

@@ -1,12 +1,14 @@
-github.com/AdguardTeam/dnsproxy v0.48.0 h1:sGViYy2pV0cEp2zCsxPjFd9rlgD0+yELpIeLkBxHAoI=
-github.com/AdguardTeam/dnsproxy v0.48.0/go.mod h1:9OHoeaVod+moWwrLjHF95RQnFWGi/6B1tfKsxWc/yGE=
+github.com/AdguardTeam/dnsproxy v0.46.6-0.20230125113741-98cb8a899e49 h1:TDZsKB8BrKA2na6p5l20BvEu3MmgOWhIfTANz5laFuE=
+github.com/AdguardTeam/dnsproxy v0.46.6-0.20230125113741-98cb8a899e49/go.mod h1:ZEkTmTJ2XInT3aVy0mHtEnSWSclpHHj/9hfNXDuAk5k=
 github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
 github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
-github.com/AdguardTeam/golibs v0.12.0 h1:z4Q3Mz0pHJ2Zag4B0RBaIXEUue1TPOKkbRiYkwC4r7I=
-github.com/AdguardTeam/golibs v0.12.0/go.mod h1:87bN2x4VsTritptE3XZg9l8T6gznWsIxHBcQ1DeRIXA=
+github.com/AdguardTeam/golibs v0.11.4 h1:IltyvxwCTN+xxJF5sh6VadF8Zfbf8elgCm9dgijSVzM=
+github.com/AdguardTeam/golibs v0.11.4/go.mod h1:87bN2x4VsTritptE3XZg9l8T6gznWsIxHBcQ1DeRIXA=
 github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU=
 github.com/AdguardTeam/urlfilter v0.16.1 h1:ZPi0rjqo8cQf2FVdzo6cqumNoHZx2KPXj2yZa1A5BBw=
 github.com/AdguardTeam/urlfilter v0.16.1/go.mod h1:46YZDOV1+qtdRDuhZKVPSSp7JWWes0KayqHrKAFBdEI=
+github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I=
+github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/StackExchange/wmi v1.2.1 h1:VIkavFPXSjcnS+O8yTq7NI32k0R5Aj+v39y29VYDOSA=
@@ -55,8 +57,8 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
 github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
-github.com/google/pprof v0.0.0-20230207041349-798e818bf904 h1:4/hN5RUoecvl+RmJRE2YxKWtnnQls6rQjjW5oV7qg2U=
-github.com/google/pprof v0.0.0-20230207041349-798e818bf904/go.mod h1:uglQLonpP8qtYCYyzA+8c/9qtqgA3qsXGYqCPKARAFg=
+github.com/google/pprof v0.0.0-20230131232505-5a9e8f65f08f h1:gl1DCiSk+mrXXBGPm6CEeS2MkJuMVzAOrXg34oVj1QI=
+github.com/google/pprof v0.0.0-20230131232505-5a9e8f65f08f/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo=
 github.com/google/renameio v1.0.1 h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU=
 github.com/google/renameio v1.0.1/go.mod h1:t/HQoYBZSsWSNK35C6CO/TpPLDVWvxOHboWUAweKUpk=
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -83,6 +85,14 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/lucas-clemente/quic-go v0.31.1 h1:O8Od7hfioqq0PMYHDyBkxU2aA7iZ2W9pjbrWuja2YR4=
+github.com/lucas-clemente/quic-go v0.31.1/go.mod h1:0wFbizLgYzqHqtlyxyCaJKlE7bYgE6JQ+54TLd/Dq2g=
+github.com/marten-seemann/qpack v0.3.0 h1:UiWstOgT8+znlkDPOg2+3rIuYXJ2CnGDkGUXN6ki6hE=
+github.com/marten-seemann/qpack v0.3.0/go.mod h1:cGfKPBiP4a9EQdxCwEwI/GEeWAsjSekBvx/X8mh58+g=
+github.com/marten-seemann/qtls-go1-18 v0.1.4 h1:ogomB+lWV3Vmwiu6RTwDVTMGx+9j7SEi98e8QB35Its=
+github.com/marten-seemann/qtls-go1-18 v0.1.4/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4=
+github.com/marten-seemann/qtls-go1-19 v0.1.2 h1:ZevAEqKXH0bZmoOBPiqX2h5rhQ7cbZi+X+rlq2JUbCE=
+github.com/marten-seemann/qtls-go1-19 v0.1.2/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI=
 github.com/mdlayher/ethernet v0.0.0-20190606142754-0394541c37b7/go.mod h1:U6ZQobyTjI/tJyq2HG+i/dfSoFUt8/aZCM+GKtmFk/Y=
 github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118 h1:2oDp6OOhLxQ9JBoUuysVz9UZ9uI6oLUbvAZu0x8o+vE=
 github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118/go.mod h1:ZFUnHIVchZ9lJoWoEGUg8Q3M4U8aNNWA3CVSUTkW4og=
@@ -108,29 +118,16 @@ github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA=
 github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/onsi/ginkgo/v2 v2.8.3 h1:RpbK1G8nWPNaCVFBWsOGnEQQGgASi6b8fxcWBvDYjxQ=
-github.com/onsi/ginkgo/v2 v2.8.3/go.mod h1:6OaUA8BCi0aZfmzYT/q9AacwTzDpNbxILUT+TlBq6MY=
-github.com/onsi/gomega v1.27.0 h1:QLidEla4bXUuZVFa4KX6JHCsuGgbi85LC/pCHrt/O08=
+github.com/onsi/ginkgo/v2 v2.8.0 h1:pAM+oBNPrpXRs+E/8spkeGx9QgekbRVyr74EUvRVOUI=
+github.com/onsi/ginkgo/v2 v2.8.0/go.mod h1:6JsQiECmxCa3V5st74AL/AmsV482EDdVrGaVW6z3oYU=
+github.com/onsi/gomega v1.25.0 h1:Vw7br2PCDYijJHSfBOWhov+8cAnUf8MfMaIOV323l6Y=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
-github.com/pierrec/lz4/v4 v4.1.14/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
-github.com/pierrec/lz4/v4 v4.1.17 h1:kV4Ip+/hUBC+8T6+2EgburRtkE9ef4nbY3f4dFhGjMc=
-github.com/pierrec/lz4/v4 v4.1.17/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
-github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
-github.com/quic-go/qtls-go1-18 v0.2.0 h1:5ViXqBZ90wpUcZS0ge79rf029yx0dYB0McyPJwqqj7U=
-github.com/quic-go/qtls-go1-18 v0.2.0/go.mod h1:moGulGHK7o6O8lSPSZNoOwcLvJKJ85vVNc7oJFD65bc=
-github.com/quic-go/qtls-go1-19 v0.2.1 h1:aJcKNMkH5ASEJB9FXNeZCyTEIHU1J7MmHyz1Q1TSG1A=
-github.com/quic-go/qtls-go1-19 v0.2.1/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI=
-github.com/quic-go/qtls-go1-20 v0.1.1 h1:KbChDlg82d3IHqaj2bn6GfKRj84Per2VGf5XV3wSwQk=
-github.com/quic-go/qtls-go1-20 v0.1.1/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM=
-github.com/quic-go/quic-go v0.32.0 h1:lY02md31s1JgPiiyfqJijpu/UX/Iun304FI3yUqX7tA=
-github.com/quic-go/quic-go v0.32.0/go.mod h1:/fCsKANhQIeD5l76c2JFU+07gVE3KaA0FP+0zMWwfwo=
 github.com/shirou/gopsutil/v3 v3.21.8 h1:nKct+uP0TV8DjjNiHanKf8SAuub+GNsbrOtM9Nl9biA=
 github.com/shirou/gopsutil/v3 v3.21.8/go.mod h1:YWp/H8Qs5fVmf17v7JNZzA0mPJ+mS2e9JdiUF9LlKzQ=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
@@ -154,24 +151,23 @@ github.com/tklauser/go-sysconf v0.3.9 h1:JeUVdAOWhhxVcU6Eqr/ATFHgXk/mmiItdKeJPev
 github.com/tklauser/go-sysconf v0.3.9/go.mod h1:11DU/5sG7UexIrp/O6g35hrWzu0JxlwQ3LSFUzyeuhs=
 github.com/tklauser/numcpus v0.3.0 h1:ILuRUQBtssgnxw0XXIjKUC56fgnOrFoQQ/4+DeU2biQ=
 github.com/tklauser/numcpus v0.3.0/go.mod h1:yFGUr7TUHQRAhyqBcEg0Ge34zDBAsIvJJcyE6boqnA8=
+github.com/u-root/uio v0.0.0-20221213070652-c3537552635f h1:dpx1PHxYqAnXzbryJrWP1NQLzEjwcVgFLhkknuFQ7ww=
 github.com/u-root/uio v0.0.0-20221213070652-c3537552635f/go.mod h1:IogEAUBXDEwX7oR/BMmCctShYs80ql4hF0ySdzGxf7E=
-github.com/u-root/uio v0.0.0-20230220225925-ffce2a382923 h1:tHNk7XK9GkmKUR6Gh8gVBKXc2MVSZ4G/NnWLtzw4gNA=
-github.com/u-root/uio v0.0.0-20230220225925-ffce2a382923/go.mod h1:eLL9Nub3yfAho7qB0MzZizFhTU2QkLeoVsWdHtDW264=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
 go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
-golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb h1:PaBZQdo+iSDyHT053FjUCgZQ/9uqVwPOcl7KSWhKn6w=
-golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE=
+golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
+golang.org/x/exp v0.0.0-20230131160201-f062dba9d201 h1:BEABXpNXLEz0WxtA+6CQIz2xkg80e+1zrhWyMcq8VzE=
+golang.org/x/exp v0.0.0-20230131160201-f062dba9d201/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA=
+golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190419010253-1f3472d942ba/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -188,8 +184,8 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210929193557-e81a3d93ecf6/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw=
+golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
@@ -222,24 +218,24 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18=
+golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k=
+golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4=
+golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -248,11 +244,12 @@ google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscL
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
-gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
+gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=
+gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

internal/aghnet/arpdb_bsd.go

@@ -67,7 +67,7 @@ func parseArpA(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 		}
 
 		host := fields[0]
-		err = netutil.ValidateHostname(host)
+		err = netutil.ValidateDomainName(host)
 		if err != nil {
 			log.Debug("arpdb: parsing arp output: host: %s", err)
 		} else {

internal/aghnet/arpdb_linux.go

@@ -198,7 +198,7 @@ func parseArpA(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 		}
 
 		host := fields[0]
-		if verr := netutil.ValidateHostname(host); verr != nil {
+		if verr := netutil.ValidateDomainName(host); verr != nil {
 			log.Debug("arpdb: parsing arp output: host: %s", verr)
 		} else {
 			n.Name = host

internal/aghnet/hostscontainer.go

@@ -343,7 +343,7 @@ func (hp *hostsParser) parseLine(line string) (ip netip.Addr, hosts []string) {
 		// See https://github.com/AdguardTeam/AdGuardHome/issues/3946.
 		//
 		// TODO(e.burkov):  Investigate if hosts may contain DNS-SD domains.
-		err = netutil.ValidateHostname(f)
+		err = netutil.ValidateDomainName(f)
 		if err != nil {
 			log.Error("%s: host %q is invalid, ignoring", hostsContainerPref, f)
 

internal/aghtest/interface.go

@@ -1,12 +1,10 @@
 package aghtest
 
 import (
-	"context"
 	"io/fs"
 	"net"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/miekg/dns"
 )
@@ -118,36 +116,6 @@ func (w *FSWatcher) Close() (err error) {
 	return w.OnClose()
 }
 
-// Package agh
-
-// type check
-var _ agh.ServiceWithConfig[struct{}] = (*ServiceWithConfig[struct{}])(nil)
-
-// ServiceWithConfig is a mock [agh.ServiceWithConfig] implementation for tests.
-type ServiceWithConfig[ConfigType any] struct {
-	OnStart    func() (err error)
-	OnShutdown func(ctx context.Context) (err error)
-	OnConfig   func() (c ConfigType)
-}
-
-// Start implements the [agh.ServiceWithConfig] interface for
-// *ServiceWithConfig.
-func (s *ServiceWithConfig[_]) Start() (err error) {
-	return s.OnStart()
-}
-
-// Shutdown implements the [agh.ServiceWithConfig] interface for
-// *ServiceWithConfig.
-func (s *ServiceWithConfig[_]) Shutdown(ctx context.Context) (err error) {
-	return s.OnShutdown(ctx)
-}
-
-// Config implements the [agh.ServiceWithConfig] interface for
-// *ServiceWithConfig.
-func (s *ServiceWithConfig[ConfigType]) Config() (c ConfigType) {
-	return s.OnConfig()
-}
-
 // Module dnsproxy
 
 // Package upstream

internal/dhcpd/v4_unix.go

@@ -108,7 +108,7 @@ func (s *v4Server) validHostnameForClient(cliHostname string, ip net.IP) (hostna
 		hostname = aghnet.GenerateHostname(ip)
 	}
 
-	err = netutil.ValidateHostname(hostname)
+	err = netutil.ValidateDomainName(hostname)
 	if err != nil {
 		log.Info("dhcpv4: %s", err)
 		hostname = ""
@@ -372,7 +372,7 @@ func (s *v4Server) AddStaticLease(l *Lease) (err error) {
 			return err
 		}
 
-		err = netutil.ValidateHostname(hostname)
+		err = netutil.ValidateDomainName(hostname)
 		if err != nil {
 			return fmt.Errorf("validating hostname: %w", err)
 		}

internal/dhcpd/v4_unix_test.go

@@ -251,8 +251,8 @@ func TestV4Server_AddRemove_static(t *testing.T) {
 		},
 		name: "bad_hostname",
 		wantErrMsg: `dhcpv4: adding static lease: validating hostname: ` +
-			`bad hostname "bad-lbl-.local": ` +
-			`bad hostname label "bad-lbl-": bad hostname label rune '-'`,
+			`bad domain name "bad-lbl-.local": ` +
+			`bad domain name label "bad-lbl-": bad domain name label rune '-'`,
 	}}
 
 	for _, tc := range testCases {

internal/dnsforward/clientid.go

@@ -9,12 +9,12 @@ import (
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/netutil"
-	"github.com/quic-go/quic-go"
+	"github.com/lucas-clemente/quic-go"
 )
 
 // ValidateClientID returns an error if id is not a valid ClientID.
 func ValidateClientID(id string) (err error) {
-	err = netutil.ValidateHostnameLabel(id)
+	err = netutil.ValidateDomainNameLabel(id)
 	if err != nil {
 		// Replace the domain name label wrapper with our own.
 		return fmt.Errorf("invalid clientid %q: %w", id, errors.Unwrap(err))
@@ -147,16 +147,19 @@ func (s *Server) clientIDFromDNSContext(pctx *proxy.DNSContext) (clientID string
 	return clientID, nil
 }
 
-// clientServerName returns the TLS server name based on the protocol.  For
-// DNS-over-HTTPS requests, it will return the hostname part of the Host header
-// if there is one.
+// clientServerName returns the TLS server name based on the protocol.
 func clientServerName(pctx *proxy.DNSContext, proto proxy.Proto) (srvName string, err error) {
 	switch proto {
 	case proxy.ProtoHTTPS:
+		// github.com/lucas-clemente/quic-go seems to not populate the TLS
+		// field.  So, if the request comes over HTTP/3, use the Host header
+		// value as the server name.
+		//
+		// See https://github.com/lucas-clemente/quic-go/issues/2879.
+		//
+		// TODO(a.garipov): Remove this crutch once they fix it.
 		r := pctx.HTTPRequest
-		if connState := r.TLS; connState != nil {
-			srvName = connState.ServerName
-		} else if r.Host != "" {
+		if r.ProtoAtLeast(3, 0) {
 			var host string
 			host, err = netutil.SplitHost(r.Host)
 			if err != nil {
@@ -164,6 +167,8 @@ func clientServerName(pctx *proxy.DNSContext, proto proxy.Proto) (srvName string
 			}
 
 			srvName = host
+		} else if connState := r.TLS; connState != nil {
+			srvName = r.TLS.ServerName
 		}
 	case proxy.ProtoQUIC:
 		qConn := pctx.QUICConnection

internal/dnsforward/clientid_test.go

@@ -9,7 +9,7 @@ import (
 
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/golibs/testutil"
-	"github.com/quic-go/quic-go"
+	"github.com/lucas-clemente/quic-go"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -50,169 +50,160 @@ func TestServer_clientIDFromDNSContext(t *testing.T) {
 	testCases := []struct {
 		name         string
 		proto        proxy.Proto
-		confSrvName  string
+		hostSrvName  string
 		cliSrvName   string
 		wantClientID string
 		wantErrMsg   string
-		inclHTTPTLS  bool
 		strictSNI    bool
+		useHTTP3     bool
 	}{{
 		name:         "udp",
 		proto:        proxy.ProtoUDP,
-		confSrvName:  "",
+		hostSrvName:  "",
 		cliSrvName:   "",
 		wantClientID: "",
 		wantErrMsg:   "",
-		inclHTTPTLS:  false,
 		strictSNI:    false,
+		useHTTP3:     false,
 	}, {
 		name:         "tls_no_clientid",
 		proto:        proxy.ProtoTLS,
-		confSrvName:  "example.com",
+		hostSrvName:  "example.com",
 		cliSrvName:   "example.com",
 		wantClientID: "",
 		wantErrMsg:   "",
-		inclHTTPTLS:  false,
 		strictSNI:    true,
+		useHTTP3:     false,
 	}, {
 		name:         "tls_no_client_server_name",
 		proto:        proxy.ProtoTLS,
-		confSrvName:  "example.com",
+		hostSrvName:  "example.com",
 		cliSrvName:   "",
 		wantClientID: "",
 		wantErrMsg: `clientid check: client server name "" ` +
 			`doesn't match host server name "example.com"`,
-		inclHTTPTLS: false,
-		strictSNI:   true,
+		strictSNI: true,
+		useHTTP3:  false,
 	}, {
 		name:         "tls_no_client_server_name_no_strict",
 		proto:        proxy.ProtoTLS,
-		confSrvName:  "example.com",
+		hostSrvName:  "example.com",
 		cliSrvName:   "",
 		wantClientID: "",
 		wantErrMsg:   "",
-		inclHTTPTLS:  false,
 		strictSNI:    false,
+		useHTTP3:     false,
 	}, {
 		name:         "tls_clientid",
 		proto:        proxy.ProtoTLS,
-		confSrvName:  "example.com",
+		hostSrvName:  "example.com",
 		cliSrvName:   "cli.example.com",
 		wantClientID: "cli",
 		wantErrMsg:   "",
-		inclHTTPTLS:  false,
 		strictSNI:    true,
+		useHTTP3:     false,
 	}, {
 		name:         "tls_clientid_hostname_error",
 		proto:        proxy.ProtoTLS,
-		confSrvName:  "example.com",
+		hostSrvName:  "example.com",
 		cliSrvName:   "cli.example.net",
 		wantClientID: "",
 		wantErrMsg: `clientid check: client server name "cli.example.net" ` +
 			`doesn't match host server name "example.com"`,
-		inclHTTPTLS: false,
-		strictSNI:   true,
+		strictSNI: true,
+		useHTTP3:  false,
 	}, {
 		name:         "tls_invalid_clientid",
 		proto:        proxy.ProtoTLS,
-		confSrvName:  "example.com",
+		hostSrvName:  "example.com",
 		cliSrvName:   "!!!.example.com",
 		wantClientID: "",
 		wantErrMsg: `clientid check: invalid clientid "!!!": ` +
-			`bad hostname label rune '!'`,
-		inclHTTPTLS: false,
-		strictSNI:   true,
+			`bad domain name label rune '!'`,
+		strictSNI: true,
+		useHTTP3:  false,
 	}, {
 		name:        "tls_clientid_too_long",
 		proto:       proxy.ProtoTLS,
-		confSrvName: "example.com",
+		hostSrvName: "example.com",
 		cliSrvName: `abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmno` +
 			`pqrstuvwxyz0123456789.example.com`,
 		wantClientID: "",
 		wantErrMsg: `clientid check: invalid clientid "abcdefghijklmno` +
 			`pqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789": ` +
-			`hostname label is too long: got 72, max 63`,
-		inclHTTPTLS: false,
-		strictSNI:   true,
+			`domain name label is too long: got 72, max 63`,
+		strictSNI: true,
+		useHTTP3:  false,
 	}, {
 		name:         "quic_clientid",
 		proto:        proxy.ProtoQUIC,
-		confSrvName:  "example.com",
+		hostSrvName:  "example.com",
 		cliSrvName:   "cli.example.com",
 		wantClientID: "cli",
 		wantErrMsg:   "",
-		inclHTTPTLS:  false,
 		strictSNI:    true,
+		useHTTP3:     false,
 	}, {
 		name:         "tls_clientid_issue3437",
 		proto:        proxy.ProtoTLS,
-		confSrvName:  "example.com",
+		hostSrvName:  "example.com",
 		cliSrvName:   "cli.myexample.com",
 		wantClientID: "",
 		wantErrMsg: `clientid check: client server name "cli.myexample.com" ` +
 			`doesn't match host server name "example.com"`,
-		inclHTTPTLS: false,
-		strictSNI:   true,
+		strictSNI: true,
+		useHTTP3:  false,
 	}, {
 		name:         "tls_case",
 		proto:        proxy.ProtoTLS,
-		confSrvName:  "example.com",
+		hostSrvName:  "example.com",
 		cliSrvName:   "InSeNsItIvE.example.com",
 		wantClientID: "insensitive",
 		wantErrMsg:   ``,
-		inclHTTPTLS:  false,
 		strictSNI:    true,
+		useHTTP3:     false,
 	}, {
 		name:         "quic_case",
 		proto:        proxy.ProtoQUIC,
-		confSrvName:  "example.com",
+		hostSrvName:  "example.com",
 		cliSrvName:   "InSeNsItIvE.example.com",
 		wantClientID: "insensitive",
 		wantErrMsg:   ``,
-		inclHTTPTLS:  false,
 		strictSNI:    true,
+		useHTTP3:     false,
 	}, {
 		name:         "https_no_clientid",
 		proto:        proxy.ProtoHTTPS,
-		confSrvName:  "example.com",
+		hostSrvName:  "example.com",
 		cliSrvName:   "example.com",
 		wantClientID: "",
 		wantErrMsg:   "",
-		inclHTTPTLS:  true,
 		strictSNI:    true,
+		useHTTP3:     false,
 	}, {
 		name:         "https_clientid",
 		proto:        proxy.ProtoHTTPS,
-		confSrvName:  "example.com",
+		hostSrvName:  "example.com",
 		cliSrvName:   "cli.example.com",
 		wantClientID: "cli",
 		wantErrMsg:   "",
-		inclHTTPTLS:  true,
 		strictSNI:    true,
+		useHTTP3:     false,
 	}, {
-		name:         "https_issue5518",
+		name:         "https_clientid_quic",
 		proto:        proxy.ProtoHTTPS,
-		confSrvName:  "example.com",
+		hostSrvName:  "example.com",
 		cliSrvName:   "cli.example.com",
 		wantClientID: "cli",
 		wantErrMsg:   "",
-		inclHTTPTLS:  false,
-		strictSNI:    true,
-	}, {
-		name:         "https_no_host",
-		proto:        proxy.ProtoHTTPS,
-		confSrvName:  "example.com",
-		cliSrvName:   "example.com",
-		wantClientID: "",
-		wantErrMsg:   "",
-		inclHTTPTLS:  false,
 		strictSNI:    true,
+		useHTTP3:     true,
 	}}
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			tlsConf := TLSConfig{
-				ServerName:     tc.confSrvName,
+				ServerName:     tc.hostSrvName,
 				StrictSNICheck: tc.strictSNI,
 			}
 
@@ -228,7 +219,7 @@ func TestServer_clientIDFromDNSContext(t *testing.T) {
 
 			switch tc.proto {
 			case proxy.ProtoHTTPS:
-				httpReq = newHTTPReq(tc.cliSrvName, tc.inclHTTPTLS)
+				httpReq = newHTTPReq(tc.cliSrvName, tc.useHTTP3)
 			case proxy.ProtoQUIC:
 				qconn = testQUICConnection{
 					serverName: tc.cliSrvName,
@@ -255,25 +246,30 @@ func TestServer_clientIDFromDNSContext(t *testing.T) {
 }
 
 // newHTTPReq is a helper to create HTTP requests for tests.
-func newHTTPReq(cliSrvName string, inclTLS bool) (r *http.Request) {
+func newHTTPReq(cliSrvName string, useHTTP3 bool) (r *http.Request) {
 	u := &url.URL{
 		Path: "/dns-query",
 	}
 
-	r = &http.Request{
+	if useHTTP3 {
+		return &http.Request{
+			ProtoMajor: 3,
+			ProtoMinor: 0,
+			URL:        u,
+			Host:       cliSrvName,
+			TLS:        &tls.ConnectionState{},
+		}
+	}
+
+	return &http.Request{
 		ProtoMajor: 1,
 		ProtoMinor: 1,
 		URL:        u,
 		Host:       cliSrvName,
-	}
-
-	if inclTLS {
-		r.TLS = &tls.ConnectionState{
+		TLS: &tls.ConnectionState{
 			ServerName: cliSrvName,
-		}
+		},
 	}
-
-	return r
 }
 
 func TestClientIDFromDNSContextHTTPS(t *testing.T) {
@@ -330,7 +326,7 @@ func TestClientIDFromDNSContextHTTPS(t *testing.T) {
 		path:         "/dns-query/!!!",
 		cliSrvName:   "example.com",
 		wantClientID: "",
-		wantErrMsg:   `clientid check: invalid clientid "!!!": bad hostname label rune '!'`,
+		wantErrMsg:   `clientid check: invalid clientid "!!!": bad domain name label rune '!'`,
 	}, {
 		name:         "both_ids",
 		path:         "/dns-query/right",

internal/dnsforward/config.go

@@ -5,8 +5,8 @@ import (
 	"crypto/x509"
 	"fmt"
 	"net"
-	"net/netip"
 	"os"
+	"sort"
 	"strings"
 	"time"
 
@@ -22,7 +22,6 @@ import (
 	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/AdguardTeam/golibs/timeutil"
 	"github.com/ameshkov/dnscrypt/v2"
-	"golang.org/x/exp/slices"
 )
 
 // BlockingMode is an enum of all allowed blocking modes.
@@ -226,7 +225,7 @@ type ServerConfig struct {
 	LocalPTRResolvers []string
 
 	// DNS64Prefixes is a slice of NAT64 prefixes to be used for DNS64.
-	DNS64Prefixes []netip.Prefix
+	DNS64Prefixes []string
 
 	// ResolveClients signals if the RDNS should resolve clients' addresses.
 	ResolveClients bool
@@ -272,8 +271,6 @@ func (s *Server) createProxyConfig() (conf proxy.Config, err error) {
 		RequestHandler:         s.handleDNSRequest,
 		EnableEDNSClientSubnet: srvConf.EnableEDNSClientSubnet,
 		MaxGoroutines:          int(srvConf.MaxGoroutines),
-		UseDNS64:               srvConf.UseDNS64,
-		DNS64Prefs:             srvConf.DNS64Prefixes,
 	}
 
 	if srvConf.CacheSize != 0 {
@@ -510,7 +507,7 @@ func (s *Server) prepareTLS(proxyConfig *proxy.Config) (err error) {
 		if len(cert.DNSNames) != 0 {
 			s.conf.dnsNames = cert.DNSNames
 			log.Debug("dnsforward: using certificate's SAN as DNS names: %v", cert.DNSNames)
-			slices.Sort(s.conf.dnsNames)
+			sort.Strings(s.conf.dnsNames)
 		} else {
 			s.conf.dnsNames = append(s.conf.dnsNames, cert.Subject.CommonName)
 			log.Debug("dnsforward: using certificate's CN as DNS name: %s", cert.Subject.CommonName)
@@ -526,6 +523,16 @@ func (s *Server) prepareTLS(proxyConfig *proxy.Config) (err error) {
 	return nil
 }
 
+// isInSorted returns true if s is in the sorted slice strs.
+func isInSorted(strs []string, s string) (ok bool) {
+	i := sort.SearchStrings(strs, s)
+	if i == len(strs) || strs[i] != s {
+		return false
+	}
+
+	return true
+}
+
 // isWildcard returns true if host is a wildcard hostname.
 func isWildcard(host string) (ok bool) {
 	return len(host) >= 2 && host[0] == '*' && host[1] == '.'
@@ -540,12 +547,11 @@ func matchesDomainWildcard(host, pat string) (ok bool) {
 // anyNameMatches returns true if sni, the client's SNI value, matches any of
 // the DNS names and patterns from certificate.  dnsNames must be sorted.
 func anyNameMatches(dnsNames []string, sni string) (ok bool) {
-	// Check sni is either a valid hostname or a valid IP address.
-	if netutil.ValidateHostname(sni) != nil && net.ParseIP(sni) == nil {
+	if netutil.ValidateDomainName(sni) != nil {
 		return false
 	}
 
-	if _, ok = slices.BinarySearch(dnsNames, sni); ok {
+	if isInSorted(dnsNames, sni) {
 		return true
 	}
 

internal/dnsforward/config_test.go

@@ -1,15 +1,15 @@
 package dnsforward
 
 import (
+	"sort"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-	"golang.org/x/exp/slices"
 )
 
 func TestAnyNameMatches(t *testing.T) {
 	dnsNames := []string{"host1", "*.host2", "1.2.3.4"}
-	slices.Sort(dnsNames)
+	sort.Strings(dnsNames)
 
 	testCases := []struct {
 		name    string
@@ -31,10 +31,6 @@ func TestAnyNameMatches(t *testing.T) {
 		name:    "match",
 		dnsName: "1.2.3.4",
 		want:    true,
-	}, {
-		name:    "mismatch_bad_ip",
-		dnsName: "1.2.3.256",
-		want:    false,
 	}, {
 		name:    "mismatch",
 		dnsName: "host2",

internal/dnsforward/dns.go

@@ -10,8 +10,6 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/dnsproxy/proxy"
-	"github.com/AdguardTeam/dnsproxy/upstream"
-	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/stringutil"
@@ -19,9 +17,6 @@ import (
 )
 
 // To transfer information between modules
-//
-// TODO(s.chzhen):  Add lowercased, non-FQDN version of the hostname from the
-// question of the request.
 type dnsContext struct {
 	proxyCtx *proxy.DNSContext
 
@@ -230,7 +225,7 @@ func (s *Server) onDHCPLeaseChanged(flags int) {
 	for _, l := range ll {
 		// TODO(a.garipov): Remove this after we're finished with the client
 		// hostname validations in the DHCP server code.
-		err := netutil.ValidateHostname(l.Hostname)
+		err := netutil.ValidateDomainName(l.Hostname)
 		if err != nil {
 			log.Debug("dnsforward: skipping invalid hostname %q from dhcp: %s", l.Hostname, err)
 
@@ -424,7 +419,7 @@ func (s *Server) processDHCPHosts(dctx *dnsContext) (rc resultCode) {
 		}
 		resp.Answer = append(resp.Answer, a)
 	case dns.TypeAAAA:
-		if s.dns64Pref != (netip.Prefix{}) {
+		if len(s.dns64Prefs) > 0 {
 			// Respond with DNS64-mapped address for IPv4 host if DNS64 is
 			// enabled.
 			aaaa := &dns.AAAA{
@@ -468,11 +463,20 @@ func (s *Server) processRestrictLocal(dctx *dnsContext) (rc resultCode) {
 			return resultCodeError
 		}
 
-		log.Debug("dnsforward: request is not for arpa domain")
+		log.Debug("dnsforward: request is for a service domain")
 
 		return resultCodeSuccess
 	}
 
+	if s.shouldStripDNS64(ip) {
+		// Strip the prefix from the address to get the original IPv4.
+		ip = ip[nat64PrefixLen:]
+
+		// Treat a DNS64-prefixed address as a locally served one since those
+		// queries should never be sent to the global DNS.
+		dctx.unreversedReqIP = ip
+	}
+
 	// Restrict an access to local addresses for external clients.  We also
 	// assume that all the DHCP leases we give are locally served or at least
 	// shouldn't be accessible externally.
@@ -651,7 +655,13 @@ func (s *Server) processUpstream(dctx *dnsContext) (rc resultCode) {
 
 	s.setCustomUpstream(pctx, dctx.clientID)
 
-	reqWantsDNSSEC := s.setReqAD(req)
+	origReqAD := false
+	if s.conf.EnableDNSSEC {
+		origReqAD = req.AuthenticatedData
+		if !req.AuthenticatedData {
+			req.AuthenticatedData = true
+		}
+	}
 
 	// Process the request further since it wasn't filtered.
 	prx := s.proxy()
@@ -661,73 +671,23 @@ func (s *Server) processUpstream(dctx *dnsContext) (rc resultCode) {
 		return resultCodeError
 	}
 
-	if err := prx.Resolve(pctx); err != nil {
-		if errors.Is(err, upstream.ErrNoUpstreams) {
-			// Do not even put into querylog.  Currently this happens either
-			// when the private resolvers enabled and the request is DNS64 PTR,
-			// or when the client isn't considered local by prx.
-			//
-			// TODO(e.burkov):  Make proxy detect local client the same way as
-			// AGH does.
-			pctx.Res = s.genNXDomain(req)
-
-			return resultCodeFinish
-		}
-
-		dctx.err = err
+	if dctx.err = prx.Resolve(pctx); dctx.err != nil {
+		return resultCodeError
+	}
 
+	if s.performDNS64(prx, dctx) == resultCodeError {
 		return resultCodeError
 	}
 
 	dctx.responseFromUpstream = true
 	dctx.responseAD = pctx.Res.AuthenticatedData
 
-	s.setRespAD(pctx, reqWantsDNSSEC)
-
-	return resultCodeSuccess
-}
-
-// setReqAD changes the request based on the server settings.  wantsDNSSEC is
-// false if the response should be cleared of the AD bit.
-//
-// TODO(a.garipov, e.burkov): This should probably be done in module dnsproxy.
-func (s *Server) setReqAD(req *dns.Msg) (wantsDNSSEC bool) {
-	if !s.conf.EnableDNSSEC {
-		return false
-	}
-
-	origReqAD := req.AuthenticatedData
-	req.AuthenticatedData = true
-
-	// Per [RFC 6840] says, validating resolvers should only set the AD bit when
-	// the response has the AD bit set and the request contained either a set DO
-	// bit or a set AD bit.  So, if neither of these is true, clear the AD bits
-	// in [Server.setRespAD].
-	//
-	// [RFC 6840]: https://datatracker.ietf.org/doc/html/rfc6840#section-5.8
-	return origReqAD || hasDO(req)
-}
-
-// hasDO returns true if msg has EDNS(0) options and the DNSSEC OK flag is set
-// in there.
-//
-// TODO(a.garipov): Move to golibs/dnsmsg when it's there.
-func hasDO(msg *dns.Msg) (do bool) {
-	o := msg.IsEdns0()
-	if o == nil {
-		return false
-	}
-
-	return o.Do()
-}
-
-// setRespAD changes the request and response based on the server settings and
-// the original request data.
-func (s *Server) setRespAD(pctx *proxy.DNSContext, reqWantsDNSSEC bool) {
-	if s.conf.EnableDNSSEC && !reqWantsDNSSEC {
+	if s.conf.EnableDNSSEC && !origReqAD {
 		pctx.Req.AuthenticatedData = false
 		pctx.Res.AuthenticatedData = false
 	}
+
+	return resultCodeSuccess
 }
 
 // isDHCPClientHostQ returns true if q is from a request for a DHCP client

internal/dnsforward/dns64.go

@@ -1,10 +1,34 @@
 package dnsforward
 
 import (
+	"fmt"
 	"net"
 	"net/netip"
 
 	"github.com/AdguardTeam/dnsproxy/proxy"
+	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/mathutil"
+	"github.com/AdguardTeam/golibs/netutil"
+	"github.com/miekg/dns"
+)
+
+const (
+	// maxNAT64PrefixBitLen is the maximum length of a NAT64 prefix in bits.
+	// See https://datatracker.ietf.org/doc/html/rfc6147#section-5.2.
+	maxNAT64PrefixBitLen = 96
+
+	// nat64PrefixLen is the length of a NAT64 prefix in bytes.
+	nat64PrefixLen = net.IPv6len - net.IPv4len
+
+	// maxDNS64SynTTL is the maximum TTL for synthesized DNS64 responses with no
+	// SOA records in seconds.
+	//
+	// If the SOA RR was not delivered with the negative response to the AAAA
+	// query, then the DNS64 SHOULD use the TTL of the original A RR or 600
+	// seconds, whichever is shorter.
+	//
+	// See https://datatracker.ietf.org/doc/html/rfc6147#section-5.1.7.
+	maxDNS64SynTTL uint32 = 600
 )
 
 // setupDNS64 initializes DNS64 settings, the NAT64 prefixes in particular.  If
@@ -14,22 +38,227 @@ import (
 // is specified explicitly.  Each prefix also validated to be a valid IPv6
 // CIDR with a maximum length of 96 bits.  The first specified prefix is then
 // used to synthesize AAAA records.
-func (s *Server) setupDNS64() {
+func (s *Server) setupDNS64() (err error) {
 	if !s.conf.UseDNS64 {
-		return
+		return nil
 	}
 
-	if len(s.conf.DNS64Prefixes) == 0 {
-		// dns64WellKnownPref is the default prefix to use in an algorithmic
-		// mapping for DNS64.
-		//
-		// See https://datatracker.ietf.org/doc/html/rfc6052#section-2.1.
-		dns64WellKnownPref := netip.MustParsePrefix("64:ff9b::/96")
+	l := len(s.conf.DNS64Prefixes)
+	if l == 0 {
+		s.dns64Prefs = []netip.Prefix{dns64WellKnownPref}
 
-		s.dns64Pref = dns64WellKnownPref
-	} else {
-		s.dns64Pref = s.conf.DNS64Prefixes[0]
+		return nil
 	}
+
+	prefs := make([]netip.Prefix, 0, l)
+	for i, pref := range s.conf.DNS64Prefixes {
+		var p netip.Prefix
+		p, err = netip.ParsePrefix(pref)
+		if err != nil {
+			return fmt.Errorf("prefix at index %d: %w", i, err)
+		}
+
+		addr := p.Addr()
+		if !addr.Is6() {
+			return fmt.Errorf("prefix at index %d: %q is not an IPv6 prefix", i, pref)
+		}
+
+		if p.Bits() > maxNAT64PrefixBitLen {
+			return fmt.Errorf("prefix at index %d: %q is too long for DNS64", i, pref)
+		}
+
+		prefs = append(prefs, p.Masked())
+	}
+
+	s.dns64Prefs = prefs
+
+	return nil
+}
+
+// checkDNS64 checks if DNS64 should be performed.  It returns a DNS64 request
+// to resolve or nil if DNS64 is not desired.  It also filters resp to not
+// contain any NAT64 excluded addresses in the answer section, if needed.  Both
+// req and resp must not be nil.
+//
+// See https://datatracker.ietf.org/doc/html/rfc6147.
+func (s *Server) checkDNS64(req, resp *dns.Msg) (dns64Req *dns.Msg) {
+	if len(s.dns64Prefs) == 0 {
+		return nil
+	}
+
+	q := req.Question[0]
+	if q.Qtype != dns.TypeAAAA || q.Qclass != dns.ClassINET {
+		// DNS64 operation for classes other than IN is undefined, and a DNS64
+		// MUST behave as though no DNS64 function is configured.
+		return nil
+	}
+
+	rcode := resp.Rcode
+	if rcode == dns.RcodeNameError {
+		// A result with RCODE=3 (Name Error) is handled according to normal DNS
+		// operation (which is normally to return the error to the client).
+		return nil
+	}
+
+	if rcode == dns.RcodeSuccess {
+		// If resolver receives an answer with at least one AAAA record
+		// containing an address outside any of the excluded range(s), then it
+		// by default SHOULD build an answer section for a response including
+		// only the AAAA record(s) that do not contain any of the addresses
+		// inside the excluded ranges.
+		var hasAnswers bool
+		if resp.Answer, hasAnswers = s.filterNAT64Answers(resp.Answer); hasAnswers {
+			return nil
+		}
+
+		// Any other RCODE is treated as though the RCODE were 0 and the answer
+		// section were empty.
+	}
+
+	return &dns.Msg{
+		MsgHdr: dns.MsgHdr{
+			Id:                dns.Id(),
+			RecursionDesired:  req.RecursionDesired,
+			AuthenticatedData: req.AuthenticatedData,
+			CheckingDisabled:  req.CheckingDisabled,
+		},
+		Question: []dns.Question{{
+			Name:   req.Question[0].Name,
+			Qtype:  dns.TypeA,
+			Qclass: dns.ClassINET,
+		}},
+	}
+}
+
+// filterNAT64Answers filters out AAAA records that are within one of NAT64
+// exclusion prefixes.  hasAnswers is true if the filtered slice contains at
+// least a single AAAA answer not within the prefixes or a CNAME.
+func (s *Server) filterNAT64Answers(rrs []dns.RR) (filtered []dns.RR, hasAnswers bool) {
+	filtered = make([]dns.RR, 0, len(rrs))
+	for _, ans := range rrs {
+		switch ans := ans.(type) {
+		case *dns.AAAA:
+			addr, err := netutil.IPToAddrNoMapped(ans.AAAA)
+			if err != nil {
+				log.Error("dnsforward: bad AAAA record: %s", err)
+
+				continue
+			}
+
+			if s.withinDNS64(addr) {
+				// Filter the record.
+				continue
+			}
+
+			filtered, hasAnswers = append(filtered, ans), true
+		case *dns.CNAME, *dns.DNAME:
+			// If the response contains a CNAME or a DNAME, then the CNAME or
+			// DNAME chain is followed until the first terminating A or AAAA
+			// record is reached.
+			//
+			// Just treat CNAME and DNAME responses as passable answers since
+			// AdGuard Home doesn't follow any of these chains except the
+			// dnsrewrite-defined ones.
+			filtered, hasAnswers = append(filtered, ans), true
+		default:
+			filtered = append(filtered, ans)
+		}
+	}
+
+	return filtered, hasAnswers
+}
+
+// synthDNS64 synthesizes a DNS64 response using the original response as a
+// basis and modifying it with data from resp.  It returns true if the response
+// was actually modified.
+func (s *Server) synthDNS64(origReq, origResp, resp *dns.Msg) (ok bool) {
+	if len(resp.Answer) == 0 {
+		// If there is an empty answer, then the DNS64 responds to the original
+		// querying client with the answer the DNS64 received to the original
+		// (initiator's) query.
+		return false
+	}
+
+	// The Time to Live (TTL) field is set to the minimum of the TTL of the
+	// original A RR and the SOA RR for the queried domain.  If the original
+	// response contains no SOA records, the minimum of the TTL of the original
+	// A RR and [maxDNS64SynTTL] should be used.  See [maxDNS64SynTTL].
+	soaTTL := maxDNS64SynTTL
+	for _, rr := range origResp.Ns {
+		if hdr := rr.Header(); hdr.Rrtype == dns.TypeSOA && hdr.Name == origReq.Question[0].Name {
+			soaTTL = hdr.Ttl
+
+			break
+		}
+	}
+
+	newAns := make([]dns.RR, 0, len(resp.Answer))
+	for _, ans := range resp.Answer {
+		rr := s.synthRR(ans, soaTTL)
+		if rr == nil {
+			// The error should have already been logged.
+			return false
+		}
+
+		newAns = append(newAns, rr)
+	}
+
+	origResp.Answer = newAns
+	origResp.Ns = resp.Ns
+	origResp.Extra = resp.Extra
+
+	return true
+}
+
+// dns64WellKnownPref is the default prefix to use in an algorithmic mapping for
+// DNS64.  See https://datatracker.ietf.org/doc/html/rfc6052#section-2.1.
+var dns64WellKnownPref = netip.MustParsePrefix("64:ff9b::/96")
+
+// withinDNS64 checks if ip is within one of the configured DNS64 prefixes.
+//
+// TODO(e.burkov):  We actually using bytes of only the first prefix from the
+// set to construct the answer, so consider using some implementation of a
+// prefix set for the rest.
+func (s *Server) withinDNS64(ip netip.Addr) (ok bool) {
+	for _, n := range s.dns64Prefs {
+		if n.Contains(ip) {
+			return true
+		}
+	}
+
+	return false
+}
+
+// shouldStripDNS64 returns true if DNS64 is enabled and ip has either one of
+// custom DNS64 prefixes or the Well-Known one.  This is intended to be used
+// with PTR requests.
+//
+// The requirement is to match any Pref64::/n used at the site, and not merely
+// the locally configured Pref64::/n.  This is because end clients could ask for
+// a PTR record matching an address received through a different (site-provided)
+// DNS64.
+//
+// See https://datatracker.ietf.org/doc/html/rfc6147#section-5.3.1.
+func (s *Server) shouldStripDNS64(ip net.IP) (ok bool) {
+	if len(s.dns64Prefs) == 0 {
+		return false
+	}
+
+	addr, err := netutil.IPToAddr(ip, netutil.AddrFamilyIPv6)
+	if err != nil {
+		return false
+	}
+
+	switch {
+	case s.withinDNS64(addr):
+		log.Debug("dnsforward: %s is within DNS64 custom prefix set", ip)
+	case dns64WellKnownPref.Contains(addr):
+		log.Debug("dnsforward: %s is within DNS64 well-known prefix", ip)
+	default:
+		return false
+	}
+
+	return true
 }
 
 // mapDNS64 maps ip to IPv6 address using configured DNS64 prefix.  ip must be a
@@ -38,12 +267,79 @@ func (s *Server) setupDNS64() {
 func (s *Server) mapDNS64(ip netip.Addr) (mapped net.IP) {
 	// Don't mask the address here since it should have already been masked on
 	// initialization stage.
-	pref := s.dns64Pref.Masked().Addr().As16()
+	pref := s.dns64Prefs[0].Addr().As16()
 	ipData := ip.As4()
 
 	mapped = make(net.IP, net.IPv6len)
-	copy(mapped[:proxy.NAT64PrefixLength], pref[:])
-	copy(mapped[proxy.NAT64PrefixLength:], ipData[:])
+	copy(mapped[:nat64PrefixLen], pref[:])
+	copy(mapped[nat64PrefixLen:], ipData[:])
 
 	return mapped
 }
+
+// performDNS64 processes the current state of dctx assuming that it has already
+// been tried to resolve, checks if it contains any acceptable response, and if
+// it doesn't, performs DNS64 request and the following synthesis.  It returns
+// the [resultCodeError] if there was an error set to dctx.
+func (s *Server) performDNS64(prx *proxy.Proxy, dctx *dnsContext) (rc resultCode) {
+	pctx := dctx.proxyCtx
+	req := pctx.Req
+
+	dns64Req := s.checkDNS64(req, pctx.Res)
+	if dns64Req == nil {
+		return resultCodeSuccess
+	}
+
+	log.Debug("dnsforward: received an empty AAAA response, checking DNS64")
+
+	origReq := pctx.Req
+	origResp := pctx.Res
+	origUps := pctx.Upstream
+
+	pctx.Req = dns64Req
+	defer func() { pctx.Req = origReq }()
+
+	if dctx.err = prx.Resolve(pctx); dctx.err != nil {
+		return resultCodeError
+	}
+
+	dns64Resp := pctx.Res
+	pctx.Res = origResp
+	if dns64Resp != nil && s.synthDNS64(origReq, pctx.Res, dns64Resp) {
+		log.Debug("dnsforward: synthesized AAAA response for %q", origReq.Question[0].Name)
+	} else {
+		pctx.Upstream = origUps
+	}
+
+	return resultCodeSuccess
+}
+
+// synthRR synthesizes a DNS64 resource record in compliance with RFC 6147.  If
+// rr is not an A record, it's returned as is.  A records are modified to become
+// a DNS64-synthesized AAAA records, and the TTL is set according to the
+// original TTL of a record and soaTTL.  It returns nil on invalid A records.
+func (s *Server) synthRR(rr dns.RR, soaTTL uint32) (result dns.RR) {
+	aResp, ok := rr.(*dns.A)
+	if !ok {
+		return rr
+	}
+
+	addr, err := netutil.IPToAddr(aResp.A, netutil.AddrFamilyIPv4)
+	if err != nil {
+		log.Error("dnsforward: bad A record: %s", err)
+
+		return nil
+	}
+
+	aaaa := &dns.AAAA{
+		Hdr: dns.RR_Header{
+			Name:   aResp.Hdr.Name,
+			Rrtype: dns.TypeAAAA,
+			Class:  aResp.Hdr.Class,
+			Ttl:    mathutil.Min(aResp.Hdr.Ttl, soaTTL),
+		},
+		AAAA: s.mapDNS64(addr),
+	}
+
+	return aaaa
+}

internal/dnsforward/dns64_test.go

@@ -15,16 +15,6 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-// maxDNS64SynTTL is the maximum TTL for synthesized DNS64 responses with no SOA
-// records in seconds.
-//
-// If the SOA RR was not delivered with the negative response to the AAAA query,
-// then the DNS64 SHOULD use the TTL of the original A RR or 600 seconds,
-// whichever is shorter.
-//
-// See https://datatracker.ietf.org/doc/html/rfc6147#section-5.1.7.
-const maxDNS64SynTTL uint32 = 600
-
 // newRR is a helper that creates a new dns.RR with the given name, qtype, ttl
 // and value.  It fails the test if the qtype is not supported or the type of
 // value doesn't match the qtype.
@@ -273,22 +263,18 @@ func TestServer_HandleDNSRequest_dns64(t *testing.T) {
 		return resp, nil
 	})
 
+	s := createTestServer(t, &filtering.Config{}, ServerConfig{
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
+		UseDNS64:       true,
+	}, localUps)
+
 	client := &dns.Client{
 		Net:     "tcp",
 		Timeout: 1 * time.Second,
 	}
 
 	for _, tc := range testCases {
-		// TODO(e.burkov):  It seems [proxy.Proxy] isn't intended to be reused
-		// right after stop, due to a data race in [proxy.Proxy.Init] method
-		// when setting an OOB size.  As a temporary workaround, recreate the
-		// whole server for each test case.
-		s := createTestServer(t, &filtering.Config{}, ServerConfig{
-			UDPListenAddrs: []*net.UDPAddr{{}},
-			TCPListenAddrs: []*net.TCPAddr{{}},
-			UseDNS64:       true,
-		}, localUps)
-
 		t.Run(tc.name, func(t *testing.T) {
 			s.conf.UpstreamConfig.Upstreams = []upstream.Upstream{newUps(tc.upsAns)}
 			startDeferStop(t, s)

internal/dnsforward/dnsforward.go

@@ -80,17 +80,10 @@ type Server struct {
 	privateNets    netutil.SubnetSet
 	localResolvers *proxy.Proxy
 	sysResolvers   aghnet.SystemResolvers
+	recDetector    *recursionDetector
 
-	// recDetector is a cache for recursive requests.  It is used to detect
-	// and prevent recursive requests only for private upstreams.
-	//
-	// See https://github.com/adguardTeam/adGuardHome/issues/3185#issuecomment-851048135.
-	recDetector *recursionDetector
-
-	// dns64Pref is the NAT64 prefix used for DNS64 response mapping.  The major
-	// part of DNS64 happens inside the [proxy] package, but there still are
-	// some places where response mapping is needed (e.g. DHCP).
-	dns64Pref netip.Prefix
+	// dns64Prefix is the set of NAT64 prefixes used for DNS64 handling.
+	dns64Prefs []netip.Prefix
 
 	// anonymizer masks the client's IP addresses if needed.
 	anonymizer *aghnet.IPMut
@@ -253,8 +246,8 @@ func (s *Server) Resolve(host string) ([]net.IPAddr, error) {
 
 // RDNSExchanger is a resolver for clients' addresses.
 type RDNSExchanger interface {
-	// Exchange tries to resolve the ip in a suitable way, i.e. either as local
-	// or as external.
+	// Exchange tries to resolve the ip in a suitable way, e.g. either as
+	// local or as external.
 	Exchange(ip net.IP) (host string, err error)
 
 	// ResolvesPrivatePTR returns true if the RDNSExchanger is able to
@@ -263,13 +256,13 @@ type RDNSExchanger interface {
 }
 
 const (
-	// ErrRDNSNoData is returned by [RDNSExchanger.Exchange] when the answer
-	// section of response is either NODATA or has no PTR records.
-	ErrRDNSNoData errors.Error = "no ptr data in response"
+	// rDNSEmptyAnswerErr is returned by Exchange method when the answer
+	// section of respond is empty.
+	rDNSEmptyAnswerErr errors.Error = "the answer section is empty"
 
-	// ErrRDNSFailed is returned by [RDNSExchanger.Exchange] if the received
-	// response is not a NOERROR or NXDOMAIN.
-	ErrRDNSFailed errors.Error = "failed to resolve ptr"
+	// rDNSNotPTRErr is returned by Exchange method when the response is not
+	// of PTR type.
+	rDNSNotPTRErr errors.Error = "the response is not a ptr"
 )
 
 // type check
@@ -324,24 +317,17 @@ func (s *Server) Exchange(ip net.IP) (host string, err error) {
 		return "", err
 	}
 
-	// Distinguish between NODATA response and a failed request.
 	resp := ctx.Res
-	if resp.Rcode != dns.RcodeSuccess && resp.Rcode != dns.RcodeNameError {
-		return "", fmt.Errorf(
-			"received %s response: %w",
-			dns.RcodeToString[resp.Rcode],
-			ErrRDNSFailed,
-		)
+	if len(resp.Answer) == 0 {
+		return "", fmt.Errorf("lookup for %q: %w", arpa, rDNSEmptyAnswerErr)
 	}
 
-	for _, ans := range resp.Answer {
-		ptr, ok := ans.(*dns.PTR)
-		if ok {
-			return strings.TrimSuffix(ptr.Ptr, "."), nil
-		}
+	ptr, ok := resp.Answer[0].(*dns.PTR)
+	if !ok {
+		return "", fmt.Errorf("type checking: %w", rDNSNotPTRErr)
 	}
 
-	return "", ErrRDNSNoData
+	return strings.TrimSuffix(ptr.Ptr, "."), nil
 }
 
 // ResolvesPrivatePTR implements the RDNSExchanger interface for *Server.
@@ -491,8 +477,6 @@ func (s *Server) Prepare(conf *ServerConfig) (err error) {
 		return fmt.Errorf("preparing proxy: %w", err)
 	}
 
-	s.setupDNS64()
-
 	err = s.prepareInternalProxy()
 	if err != nil {
 		return fmt.Errorf("preparing internal proxy: %w", err)
@@ -509,18 +493,18 @@ func (s *Server) Prepare(conf *ServerConfig) (err error) {
 
 	s.registerHandlers()
 
-	// TODO(e.burkov):  Remove once the local resolvers logic moved to dnsproxy.
+	err = s.setupDNS64()
+	if err != nil {
+		return fmt.Errorf("preparing DNS64: %w", err)
+	}
+
+	s.dnsProxy = &proxy.Proxy{Config: proxyConfig}
+
 	err = s.setupResolvers(s.conf.LocalPTRResolvers)
 	if err != nil {
 		return fmt.Errorf("setting up resolvers: %w", err)
 	}
 
-	if s.conf.UsePrivateRDNS {
-		proxyConfig.PrivateRDNSUpstreamConfig = s.localResolvers.UpstreamConfig
-	}
-
-	s.dnsProxy = &proxy.Proxy{Config: proxyConfig}
-
 	s.recDetector.clear()
 
 	return nil

internal/dnsforward/dnsforward_test.go

@@ -89,14 +89,9 @@ func createTestServer(
 	s.serverLock.Lock()
 	defer s.serverLock.Unlock()
 
-	// TODO(e.burkov):  Try to move it higher.
 	if localUps != nil {
-		ups := []upstream.Upstream{localUps}
-		s.localResolvers.UpstreamConfig.Upstreams = ups
+		s.localResolvers.UpstreamConfig.Upstreams = []upstream.Upstream{localUps}
 		s.conf.UsePrivateRDNS = true
-		s.dnsProxy.PrivateRDNSUpstreamConfig = &proxy.UpstreamConfig{
-			Upstreams: ups,
-		}
 	}
 
 	return s
@@ -1171,8 +1166,7 @@ func TestNewServer(t *testing.T) {
 			LocalDomain: "!!!",
 		},
 		wantErrMsg: `local domain: bad domain name "!!!": ` +
-			`bad top-level domain name label "!!!": ` +
-			`bad top-level domain name label rune '!'`,
+			`bad domain name label "!!!": bad domain name label rune '!'`,
 	}}
 
 	for _, tc := range testCases {
@@ -1222,9 +1216,6 @@ func TestServer_Exchange(t *testing.T) {
 
 	errUpstream := aghtest.NewErrorUpstream()
 	nonPtrUpstream := aghtest.NewBlockUpstream("some-host", true)
-	refusingUpstream := aghtest.NewUpstreamMock(func(req *dns.Msg) (resp *dns.Msg, err error) {
-		return new(dns.Msg).SetRcode(req, dns.RcodeRefused), nil
-	})
 
 	srv := &Server{
 		recDetector: newRecursionDetector(0, 1),
@@ -1269,21 +1260,15 @@ func TestServer_Exchange(t *testing.T) {
 	}, {
 		name:        "empty_answer_error",
 		want:        "",
-		wantErr:     ErrRDNSNoData,
+		wantErr:     rDNSEmptyAnswerErr,
 		locUpstream: locUpstream,
 		req:         net.IP{192, 168, 1, 2},
 	}, {
-		name:        "invalid_answer",
+		name:        "not_ptr_error",
 		want:        "",
-		wantErr:     ErrRDNSNoData,
+		wantErr:     rDNSNotPTRErr,
 		locUpstream: nonPtrUpstream,
 		req:         localIP,
-	}, {
-		name:        "refused",
-		want:        "",
-		wantErr:     ErrRDNSFailed,
-		locUpstream: refusingUpstream,
-		req:         localIP,
 	}}
 
 	for _, tc := range testCases {

internal/dnsforward/http_test.go

@@ -337,8 +337,7 @@ func TestValidateUpstreams(t *testing.T) {
 	}, {
 		name: "bad_domain",
 		wantErr: `bad upstream for domain "[/!/]8.8.8.8": domain at index 0: ` +
-			`bad domain name "!": bad top-level domain name label "!": ` +
-			`bad top-level domain name label rune '!'`,
+			`bad domain name "!": bad domain name label "!": bad domain name label rune '!'`,
 		set: []string{"[/!/]8.8.8.8"},
 	}}
 

internal/dnsforward/stats.go

@@ -22,11 +22,9 @@ func (s *Server) processQueryLogsAndStats(dctx *dnsContext) (rc resultCode) {
 
 	shouldLog := true
 	msg := pctx.Req
-	q := msg.Question[0]
-	host := strings.ToLower(strings.TrimSuffix(q.Name, "."))
 
 	// don't log ANY request if refuseAny is enabled
-	if q.Qtype == dns.TypeANY && s.conf.RefuseAny {
+	if len(msg.Question) >= 1 && msg.Question[0].Qtype == dns.TypeANY && s.conf.RefuseAny {
 		shouldLog = false
 	}
 
@@ -43,20 +41,11 @@ func (s *Server) processQueryLogsAndStats(dctx *dnsContext) (rc resultCode) {
 	// Synchronize access to s.queryLog and s.stats so they won't be suddenly
 	// uninitialized while in use.  This can happen after proxy server has been
 	// stopped, but its workers haven't yet exited.
-	if shouldLog &&
-		s.queryLog != nil &&
-		s.queryLog.ShouldLog(host, q.Qtype, q.Qclass) {
+	if shouldLog && s.queryLog != nil {
 		s.logQuery(dctx, pctx, elapsed, ip)
-	} else {
-		log.Debug(
-			"dnsforward: request %s %s from %s ignored; not logging",
-			dns.Type(q.Qtype),
-			host,
-			ip,
-		)
 	}
 
-	if s.stats != nil && s.stats.ShouldCount(host, q.Qtype, q.Qclass) {
+	if s.stats != nil {
 		s.updateStats(dctx, elapsed, *dctx.result, ip)
 	}
 

internal/dnsforward/stats_test.go

@@ -16,44 +16,34 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-// testQueryLog is a simple [querylog.QueryLog] implementation for tests.
+// testQueryLog is a simple querylog.QueryLog implementation for tests.
 type testQueryLog struct {
 	// QueryLog is embedded here simply to make testQueryLog
-	// a [querylog.QueryLog] without actually implementing all methods.
+	// a querylog.QueryLog without actually implementing all methods.
 	querylog.QueryLog
 
 	lastParams *querylog.AddParams
 }
 
-// Add implements the [querylog.QueryLog] interface for *testQueryLog.
+// Add implements the querylog.QueryLog interface for *testQueryLog.
 func (l *testQueryLog) Add(p *querylog.AddParams) {
 	l.lastParams = p
 }
 
-// ShouldLog implements the [querylog.QueryLog] interface for *testQueryLog.
-func (l *testQueryLog) ShouldLog(string, uint16, uint16) bool {
-	return true
-}
-
-// testStats is a simple [stats.Interface] implementation for tests.
+// testStats is a simple stats.Stats implementation for tests.
 type testStats struct {
-	// Stats is embedded here simply to make testStats a [stats.Interface]
-	// without actually implementing all methods.
+	// Stats is embedded here simply to make testStats a stats.Stats without
+	// actually implementing all methods.
 	stats.Interface
 
 	lastEntry stats.Entry
 }
 
-// Update implements the [stats.Interface] interface for *testStats.
+// Update implements the stats.Stats interface for *testStats.
 func (l *testStats) Update(e stats.Entry) {
 	l.lastEntry = e
 }
 
-// ShouldCount implements the [stats.Interface] interface for *testStats.
-func (l *testStats) ShouldCount(string, uint16, uint16) bool {
-	return true
-}
-
 func TestProcessQueryLogsAndStats(t *testing.T) {
 	testCases := []struct {
 		name           string

internal/filtering/blocked_test.go

@@ -0,0 +1,38 @@
+//go:build ignore
+// +build ignore
+
+package filtering
+
+import (
+	"fmt"
+	"sort"
+	"testing"
+)
+
+// This is a simple tool that takes a list of services and prints them to the output.
+// It is supposed to be used to update:
+// client/src/helpers/constants.js
+// client/src/components/ui/Icons.js
+//
+// Usage:
+// 1. go run ./internal/filtering/blocked_test.go
+// 2. Use the output to replace `SERVICES` array in "client/src/helpers/constants.js".
+// 3. You'll need to enter services names manually.
+// 4. Don't forget to add missing icons to "client/src/components/ui/Icons.js".
+//
+// TODO(ameshkov): Rework generator: have a JSON file with all the metadata we need
+// then use this JSON file to generate JS and Go code
+func TestGenServicesArray(t *testing.T) {
+	services := make([]svc, len(serviceRulesArray))
+	copy(services, serviceRulesArray)
+
+	sort.Slice(services, func(i, j int) bool {
+		return services[i].name < services[j].name
+	})
+
+	fmt.Println("export const SERVICES = [")
+	for _, s := range services {
+		fmt.Printf("    {\n        id: '%s',\n        name: '%s',\n    },\n", s.name, s.name)
+	}
+	fmt.Println("];")
+}

internal/filtering/rewrites.go

@@ -1,8 +1,11 @@
+// DNS Rewrites
+
 package filtering
 
 import (
 	"fmt"
 	"net"
+	"sort"
 	"strings"
 
 	"github.com/AdguardTeam/golibs/errors"
@@ -11,8 +14,6 @@ import (
 	"golang.org/x/exp/slices"
 )
 
-// Legacy DNS rewrites
-
 // LegacyRewrite is a single legacy DNS rewrite record.
 //
 // Instances of *LegacyRewrite must never be nil.
@@ -122,24 +123,38 @@ func matchDomainWildcard(host, wildcard string) (ok bool) {
 	return isWildcard(wildcard) && strings.HasSuffix(host, wildcard[1:])
 }
 
-// legacyRewriteSortsBefore sorts rewirtes according to the following priority:
+// rewritesSorted is a slice of legacy rewrites for sorting.
 //
-//  1. A and AAAA > CNAME;
-//  2. wildcard > exact;
-//  3. lower level wildcard > higher level wildcard;
-func legacyRewriteSortsBefore(a, b *LegacyRewrite) (sortsBefore bool) {
-	if a.Type == dns.TypeCNAME && b.Type != dns.TypeCNAME {
+// The sorting priority:
+//
+//  1. A and AAAA > CNAME
+//  2. wildcard > exact
+//  3. lower level wildcard > higher level wildcard
+//
+// TODO(a.garipov):  Replace with slices.Sort.
+type rewritesSorted []*LegacyRewrite
+
+// Len implements the sort.Interface interface for rewritesSorted.
+func (a rewritesSorted) Len() (l int) { return len(a) }
+
+// Swap implements the sort.Interface interface for rewritesSorted.
+func (a rewritesSorted) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
+
+// Less implements the sort.Interface interface for rewritesSorted.
+func (a rewritesSorted) Less(i, j int) (less bool) {
+	ith, jth := a[i], a[j]
+	if ith.Type == dns.TypeCNAME && jth.Type != dns.TypeCNAME {
 		return true
-	} else if a.Type != dns.TypeCNAME && b.Type == dns.TypeCNAME {
+	} else if ith.Type != dns.TypeCNAME && jth.Type == dns.TypeCNAME {
 		return false
 	}
 
-	if aIsWld, bIsWld := isWildcard(a.Domain), isWildcard(b.Domain); aIsWld != bIsWld {
-		return bIsWld
+	if iw, jw := isWildcard(ith.Domain), isWildcard(jth.Domain); iw != jw {
+		return jw
 	}
 
-	// Both are either wildcards or both aren't.
-	return len(a.Domain) > len(b.Domain)
+	// Both are either wildcards or not.
+	return len(ith.Domain) > len(jth.Domain)
 }
 
 // prepareRewrites normalizes and validates all legacy DNS rewrites.
@@ -181,7 +196,7 @@ func findRewrites(
 		return nil, matched
 	}
 
-	slices.SortFunc(rewrites, legacyRewriteSortsBefore)
+	sort.Sort(rewritesSorted(rewrites))
 
 	for i, r := range rewrites {
 		if isWildcard(r.Domain) {

internal/filtering/safebrowsing.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"net"
 	"net/http"
+	"sort"
 	"strings"
 	"sync"
 	"time"
@@ -18,7 +19,6 @@ import (
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/miekg/dns"
-	"golang.org/x/exp/slices"
 	"golang.org/x/net/publicsuffix"
 )
 
@@ -241,8 +241,8 @@ func (c *sbCtx) processTXT(resp *dns.Msg) (bool, [][]byte) {
 }
 
 func (c *sbCtx) storeCache(hashes [][]byte) {
-	slices.SortFunc(hashes, func(a, b []byte) (sortsBefore bool) {
-		return bytes.Compare(a, b) == -1
+	sort.Slice(hashes, func(a, b int) bool {
+		return bytes.Compare(hashes[a], hashes[b]) == -1
 	})
 
 	var curData []byte

internal/filtering/servicelist.go

@@ -1171,16 +1171,6 @@ var blockedServices = []blockedService{{
 		"||zuckerberg.com^",
 		"||zuckerberg.net^",
 	},
-}, {
-	ID:      "gog",
-	Name:    "GOG",
-	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 34 34\"><path d=\"M31 31H3a3 3 0 0 1-3-3V3A3 3 0 0 1 3 0H31a3 3 0 0 1 3 3V28A3 3 0 0 1 31 31ZM4 24.5A1.5 1.5 0 0 0 5.5 26H11V24H6.5a.5.5 0 0 1-.5-.5v-3a.5.5 0 0 1 .5-.5H11V18H5.5A1.5 1.5 0 0 0 4 19.5Zm8-18A1.5 1.5 0 0 0 10.5 5h-5A1.5 1.5 0 0 0 4 6.5v5A1.5 1.5 0 0 0 5.5 13H9V11H6.5a.5.5 0 0 1-.5-.5v-3A.5.5 0 0 1 6.5 7h3a.5.5 0 0 1 .5.5v6a.5.5 0 0 1-.5.5H4v2h6.5A1.5 1.5 0 0 0 12 14.5Zm0 13v5A1.5 1.5 0 0 0 13.5 26h5A1.5 1.5 0 0 0 20 24.5v-5A1.5 1.5 0 0 0 18.5 18h-5A1.5 1.5 0 0 0 12 19.5Zm9-13A1.5 1.5 0 0 0 19.5 5h-5A1.5 1.5 0 0 0 13 6.5v5A1.5 1.5 0 0 0 14.5 13h5A1.5 1.5 0 0 0 21 11.5Zm9 0A1.5 1.5 0 0 0 28.5 5h-5A1.5 1.5 0 0 0 22 6.5v5A1.5 1.5 0 0 0 23.5 13H27V11H24.5a.5.5 0 0 1-.5-.5v-3a.5.5 0 0 1 .5-.5h3a.5.5 0 0 1 .5.5v6a.5.5 0 0 1-.5.5H22v2h6.5A1.5 1.5 0 0 0 30 14.5ZM30 18H22.5A1.5 1.5 0 0 0 21 19.5V26h2V20.5a.5.5 0 0 1 .5-.5h1v6h2V20H28v6h2ZM18.5 11h-3a.5.5 0 0 1-.5-.5v-3a.5.5 0 0 1 .5-.5h3a.5.5 0 0 1 .5.5v3A.5.5 0 0 1 18.5 11Zm-4 9h3a.5.5 0 0 1 .5.5v3a.5.5 0 0 1-.5.5h-3a.5.5 0 0 1-.5-.5v-3A.5.5 0 0 1 14.5 20Z\" /></svg>"),
-	Rules: []string{
-		"||gog-cdn-lumen.secure2.footprint.net^",
-		"||gog-statics.com^",
-		"||gog.com^",
-		"||gogalaxy.com^",
-	},
 }, {
 	ID:      "hulu",
 	Name:    "Hulu",
@@ -1293,7 +1283,7 @@ var blockedServices = []blockedService{{
 }, {
 	ID:      "leagueoflegends",
 	Name:    "League of Legends",
-	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 30 30\"><path d=\"M 7 4 L 9 7.25 L 9 22.75 L 6.875 26 L 21.957031 26 L 25 22 L 14 22 L 14 4 L 7 4 z M 16 4.0507812 L 16 6.0585938 C 20.493 6.5575937 24 10.375 24 15 C 24 16.849 23.438516 18.569 22.478516 20 L 24.785156 20 C 25.556156 18.498 26 16.801 26 15 C 26 9.272 21.598 4.5577812 16 4.0507812 z M 6.8730469 7.6113281 C 5.0940469 9.5663281 4 12.155 4 15 C 4 17.837 5.0884219 20.418094 6.8574219 22.371094 L 7 22.154297 L 7 19.105469 C 6.365 17.872469 6 16.479 6 15 C 6 13.521 6.365 12.127531 7 10.894531 L 7 7.8164062 L 6.8730469 7.6113281 z\"/></svg>"),
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 30 30\" width=\"60px\" height=\"60px\"><path d=\"M 7 4 L 9 7.25 L 9 22.75 L 6.875 26 L 21.957031 26 L 25 22 L 14 22 L 14 4 L 7 4 z M 16 4.0507812 L 16 6.0585938 C 20.493 6.5575937 24 10.375 24 15 C 24 16.849 23.438516 18.569 22.478516 20 L 24.785156 20 C 25.556156 18.498 26 16.801 26 15 C 26 9.272 21.598 4.5577812 16 4.0507812 z M 6.8730469 7.6113281 C 5.0940469 9.5663281 4 12.155 4 15 C 4 17.837 5.0884219 20.418094 6.8574219 22.371094 L 7 22.154297 L 7 19.105469 C 6.365 17.872469 6 16.479 6 15 C 6 13.521 6.365 12.127531 7 10.894531 L 7 7.8164062 L 6.8730469 7.6113281 z\"/></svg>"),
 	Rules: []string{
 		"||leagueoflegends.co.kr^",
 		"||leagueoflegends.com^",
@@ -1301,24 +1291,6 @@ var blockedServices = []blockedService{{
 		"||lolstatic.com^",
 		"||lolusercontent.com^",
 	},
-}, {
-	ID:      "line",
-	Name:    "LINE",
-	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 50 50\"><path d=\"M 9 4 C 6.24 4 4 6.24 4 9 L 4 41 C 4 43.76 6.24 46 9 46 L 41 46 C 43.76 46 46 43.76 46 41 L 46 9 C 46 6.24 43.76 4 41 4 L 9 4 z M 25 11 C 33.27 11 40 16.359219 40 22.949219 C 40 25.579219 38.959297 27.960781 36.779297 30.300781 C 35.209297 32.080781 32.660547 34.040156 30.310547 35.660156 C 27.960547 37.260156 25.8 38.519609 25 38.849609 C 24.68 38.979609 24.44 39.039062 24.25 39.039062 C 23.59 39.039062 23.649219 38.340781 23.699219 38.050781 C 23.739219 37.830781 23.919922 36.789063 23.919922 36.789062 C 23.969922 36.419063 24.019141 35.830937 23.869141 35.460938 C 23.699141 35.050938 23.029062 34.840234 22.539062 34.740234 C 15.339063 33.800234 10 28.849219 10 22.949219 C 10 16.359219 16.73 11 25 11 z M 23.992188 18.998047 C 23.488379 19.007393 23 19.391875 23 20 L 23 26 C 23 26.552 23.448 27 24 27 C 24.552 27 25 26.552 25 26 L 25 23.121094 L 27.185547 26.580078 C 27.751547 27.372078 29 26.973 29 26 L 29 20 C 29 19.448 28.552 19 28 19 C 27.448 19 27 19.448 27 20 L 27 23 L 24.814453 19.419922 C 24.602203 19.122922 24.294473 18.992439 23.992188 18.998047 z M 15 19 C 14.448 19 14 19.448 14 20 L 14 26 C 14 26.552 14.448 27 15 27 L 18 27 C 18.552 27 19 26.552 19 26 C 19 25.448 18.552 25 18 25 L 16 25 L 16 20 C 16 19.448 15.552 19 15 19 z M 21 19 C 20.448 19 20 19.448 20 20 L 20 26 C 20 26.552 20.448 27 21 27 C 21.552 27 22 26.552 22 26 L 22 20 C 22 19.448 21.552 19 21 19 z M 31 19 C 30.448 19 30 19.448 30 20 L 30 26 C 30 26.552 30.448 27 31 27 L 34 27 C 34.552 27 35 26.552 35 26 C 35 25.448 34.552 25 34 25 L 32 25 L 32 24 L 34 24 C 34.553 24 35 23.552 35 23 C 35 22.448 34.553 22 34 22 L 32 22 L 32 21 L 34 21 C 34.552 21 35 20.552 35 20 C 35 19.448 34.552 19 34 19 L 31 19 z\"/></svg>"),
-	Rules: []string{
-		"||gcld-line.com^",
-		"||lin.ee^",
-		"||line-apps-beta.com^",
-		"||line-apps-rc.com^",
-		"||line-apps.com^",
-		"||line-cdn.net^",
-		"||line-scdn.net^",
-		"||line.me^",
-		"||line.naver.jp^",
-		"||linecorp.com^",
-		"||linemyshop.com^",
-		"||lineshoppingseller.com^",
-	},
 }, {
 	ID:      "mail_ru",
 	Name:    "Mail.ru",
@@ -1335,7 +1307,9 @@ var blockedServices = []blockedService{{
 	Rules: []string{
 		"||aus.social^",
 		"||awscommunity.social^",
+		"||cupoftea.social^",
 		"||cyberplace.social^",
+		"||defcon.social^",
 		"||det.social^",
 		"||fosstodon.org^",
 		"||glasgow.social^",
@@ -1361,6 +1335,7 @@ var blockedServices = []blockedService{{
 		"||mastodon.au^",
 		"||mastodon.bida.im^",
 		"||mastodon.com.tr^",
+		"||mastodon.eus^",
 		"||mastodon.green^",
 		"||mastodon.ie^",
 		"||mastodon.iriseden.eu^",
@@ -1368,15 +1343,13 @@ var blockedServices = []blockedService{{
 		"||mastodon.nu^",
 		"||mastodon.nz^",
 		"||mastodon.online^",
-		"||mastodon.online^",
 		"||mastodon.scot^",
 		"||mastodon.sdf.org^",
 		"||mastodon.social^",
-		"||mastodon.social^",
 		"||mastodon.top^",
 		"||mastodon.uno^",
 		"||mastodon.world^",
-		"||mastodon.xyz^",
+		"||mastodon.zaclys.com^",
 		"||mastodonapp.uk^",
 		"||mastodonners.nl^",
 		"||mastodont.cat^",
@@ -1388,9 +1361,9 @@ var blockedServices = []blockedService{{
 		"||mindly.social^",
 		"||mstdn.ca^",
 		"||mstdn.jp^",
-		"||mstdn.party^",
 		"||mstdn.social^",
 		"||muenchen.social^",
+		"||muenster.im^",
 		"||newsie.social^",
 		"||noc.social^",
 		"||norden.social^",
@@ -1409,7 +1382,6 @@ var blockedServices = []blockedService{{
 		"||social.anoxinon.de^",
 		"||social.cologne^",
 		"||social.dev-wiki.de^",
-		"||social.linux.pizza^",
 		"||social.politicaconciencia.org^",
 		"||social.vivaldi.net^",
 		"||sself.co^",

internal/home/clients.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"net"
 	"net/netip"
+	"sort"
 	"strings"
 	"sync"
 	"time"
@@ -66,18 +67,15 @@ func (c *Client) closeUpstreams() (err error) {
 
 type clientSource uint
 
-// Clients information sources.  The order determines the priority.
+// Client sources.  The order determines the priority.
 const (
-	ClientSourceNone clientSource = iota
-	ClientSourceWHOIS
+	ClientSourceWHOIS clientSource = iota
 	ClientSourceARP
 	ClientSourceRDNS
 	ClientSourceDHCP
 	ClientSourceHostsFile
-	ClientSourcePersistent
 )
 
-// type check
 var _ fmt.Stringer = clientSource(0)
 
 // String returns a human-readable name of cs.
@@ -98,7 +96,6 @@ func (cs clientSource) String() (s string) {
 	}
 }
 
-// type check
 var _ encoding.TextMarshaler = clientSource(0)
 
 // MarshalText implements encoding.TextMarshaler for the clientSource.
@@ -270,7 +267,7 @@ func (clients *clientsContainer) addFromConfig(objects []*clientObject) {
 			}
 		}
 
-		slices.Sort(cli.Tags)
+		sort.Strings(cli.Tags)
 
 		_, err := clients.Add(cli)
 		if err != nil {
@@ -310,9 +307,7 @@ func (clients *clientsContainer) forConfig() (objs []*clientObject) {
 	// above loop can generate different orderings when writing to the config
 	// file: this produces lots of diffs in config files, so sort objects by
 	// name before writing.
-	slices.SortStableFunc(objs, func(a, b *clientObject) (sortsBefore bool) {
-		return a.Name < b.Name
-	})
+	sort.Slice(objs, func(i, j int) bool { return objs[i].Name < objs[j].Name })
 
 	return objs
 }
@@ -337,24 +332,23 @@ func (clients *clientsContainer) onDHCPLeaseChanged(flags int) {
 	}
 }
 
-// clientSource checks if client with this IP address already exists and returns
-// the source which updated it last.  It returns [ClientSourceNone] if the
-// client doesn't exist.
-func (clients *clientsContainer) clientSource(ip netip.Addr) (src clientSource) {
+// exists checks if client with this IP address already exists.
+func (clients *clientsContainer) exists(ip netip.Addr, source clientSource) (ok bool) {
 	clients.lock.Lock()
 	defer clients.lock.Unlock()
 
-	_, ok := clients.findLocked(ip.String())
+	_, ok = clients.findLocked(ip.String())
 	if ok {
-		return ClientSourcePersistent
+		return true
 	}
 
 	rc, ok := clients.ipToRC[ip]
 	if !ok {
-		return ClientSourceNone
+		return false
 	}
 
-	return rc.Source
+	// Return false if the new source has higher priority.
+	return source <= rc.Source
 }
 
 func toQueryLogWHOIS(wi *RuntimeClientWHOISInfo) (cw *querylog.ClientWHOIS) {
@@ -591,7 +585,7 @@ func (clients *clientsContainer) check(c *Client) (err error) {
 		}
 	}
 
-	slices.Sort(c.Tags)
+	sort.Strings(c.Tags)
 
 	err = dnsforward.ValidateUpstreams(c.Upstreams)
 	if err != nil {

internal/home/clients_test.go

@@ -67,9 +67,9 @@ func TestClients(t *testing.T) {
 
 		assert.Equal(t, "client2", c.Name)
 
-		assert.Equal(t, clients.clientSource(cliNoneIP), ClientSourceNone)
-		assert.Equal(t, clients.clientSource(cli1IP), ClientSourcePersistent)
-		assert.Equal(t, clients.clientSource(cli2IP), ClientSourcePersistent)
+		assert.False(t, clients.exists(cliNoneIP, ClientSourceHostsFile))
+		assert.True(t, clients.exists(cli1IP, ClientSourceHostsFile))
+		assert.True(t, clients.exists(cli2IP, ClientSourceHostsFile))
 	})
 
 	t.Run("add_fail_name", func(t *testing.T) {
@@ -127,8 +127,8 @@ func TestClients(t *testing.T) {
 		})
 		require.NoError(t, err)
 
-		assert.Equal(t, clients.clientSource(cliOldIP), ClientSourceNone)
-		assert.Equal(t, clients.clientSource(cliNewIP), ClientSourcePersistent)
+		assert.False(t, clients.exists(cliOldIP, ClientSourceHostsFile))
+		assert.True(t, clients.exists(cliNewIP, ClientSourceHostsFile))
 
 		err = clients.Update("client1", &Client{
 			IDs:            []string{cliNew},
@@ -157,7 +157,7 @@ func TestClients(t *testing.T) {
 		ok := clients.Del("client1-renamed")
 		require.True(t, ok)
 
-		assert.Equal(t, clients.clientSource(netip.MustParseAddr("1.1.1.2")), ClientSourceNone)
+		assert.False(t, clients.exists(netip.MustParseAddr("1.1.1.2"), ClientSourceHostsFile))
 	})
 
 	t.Run("del_fail", func(t *testing.T) {
@@ -176,18 +176,18 @@ func TestClients(t *testing.T) {
 		ok = clients.AddHost(ip, "host3", ClientSourceHostsFile)
 		assert.True(t, ok)
 
-		assert.Equal(t, clients.clientSource(ip), ClientSourceHostsFile)
+		assert.True(t, clients.exists(ip, ClientSourceHostsFile))
 	})
 
 	t.Run("dhcp_replaces_arp", func(t *testing.T) {
 		ip := netip.MustParseAddr("1.2.3.4")
 		ok := clients.AddHost(ip, "from_arp", ClientSourceARP)
 		assert.True(t, ok)
-		assert.Equal(t, clients.clientSource(ip), ClientSourceARP)
+		assert.True(t, clients.exists(ip, ClientSourceARP))
 
 		ok = clients.AddHost(ip, "from_dhcp", ClientSourceDHCP)
 		assert.True(t, ok)
-		assert.Equal(t, clients.clientSource(ip), ClientSourceDHCP)
+		assert.True(t, clients.exists(ip, ClientSourceDHCP))
 	})
 
 	t.Run("addhost_fail", func(t *testing.T) {

internal/home/config.go

@@ -20,7 +20,6 @@ import (
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/timeutil"
 	"github.com/google/renameio/maybe"
-	"golang.org/x/exp/slices"
 	yaml "gopkg.in/yaml.v3"
 )
 
@@ -113,10 +112,8 @@ type configuration struct {
 	// An active session is automatically refreshed once a day.
 	WebSessionTTLHours uint32 `yaml:"web_session_ttl"`
 
-	DNS      dnsConfig         `yaml:"dns"`
-	TLS      tlsConfigSettings `yaml:"tls"`
-	QueryLog queryLogConfig    `yaml:"querylog"`
-	Stats    statsConfig       `yaml:"statistics"`
+	DNS dnsConfig         `yaml:"dns"`
+	TLS tlsConfigSettings `yaml:"tls"`
 
 	// Filters reflects the filters from [filtering.Config].  It's cloned to the
 	// config used in the filtering module at the startup.  Afterwards it's
@@ -150,6 +147,20 @@ type dnsConfig struct {
 	BindHosts []netip.Addr `yaml:"bind_hosts"`
 	Port      int          `yaml:"port"`
 
+	// StatsInterval is the time interval for flushing statistics to the disk in
+	// days.
+	StatsInterval uint32 `yaml:"statistics_interval"`
+
+	// QueryLogEnabled defines if the query log is enabled.
+	QueryLogEnabled bool `yaml:"querylog_enabled"`
+	// QueryLogFileEnabled defines, if the query log is written to the file.
+	QueryLogFileEnabled bool `yaml:"querylog_file_enabled"`
+	// QueryLogInterval is the interval for query log's files rotation.
+	QueryLogInterval timeutil.Duration `yaml:"querylog_interval"`
+	// QueryLogMemSize is the number of entries kept in memory before they are
+	// flushed to disk.
+	QueryLogMemSize uint32 `yaml:"querylog_size_memory"`
+
 	// AnonymizeClientIP defines if clients' IP addresses should be anonymized
 	// in query log and statistics.
 	AnonymizeClientIP bool `yaml:"anonymize_client_ip"`
@@ -177,7 +188,7 @@ type dnsConfig struct {
 	UseDNS64 bool `yaml:"use_dns64"`
 
 	// DNS64Prefixes is the list of NAT64 prefixes to be used for DNS64.
-	DNS64Prefixes []netip.Prefix `yaml:"dns64_prefixes"`
+	DNS64Prefixes []string `yaml:"dns64_prefixes"`
 
 	// ServeHTTP3 defines if HTTP/3 is be allowed for incoming requests.
 	//
@@ -217,37 +228,6 @@ type tlsConfigSettings struct {
 	dnsforward.TLSConfig `yaml:",inline" json:",inline"`
 }
 
-type queryLogConfig struct {
-	// Enabled defines if the query log is enabled.
-	Enabled bool `yaml:"enabled"`
-
-	// FileEnabled defines, if the query log is written to the file.
-	FileEnabled bool `yaml:"file_enabled"`
-
-	// Interval is the interval for query log's files rotation.
-	Interval timeutil.Duration `yaml:"interval"`
-
-	// MemSize is the number of entries kept in memory before they are
-	// flushed to disk.
-	MemSize uint32 `yaml:"size_memory"`
-
-	// Ignored is the list of host names, which should not be written to
-	// log.
-	Ignored []string `yaml:"ignored"`
-}
-
-type statsConfig struct {
-	// Enabled defines if the statistics are enabled.
-	Enabled bool `yaml:"enabled"`
-
-	// Interval is the time interval for flushing statistics to the disk in
-	// days.
-	Interval uint32 `yaml:"interval"`
-
-	// Ignored is the list of host names, which should not be counted.
-	Ignored []string `yaml:"ignored"`
-}
-
 // config is the global configuration structure.
 //
 // TODO(a.garipov, e.burkov): This global is awful and must be removed.
@@ -258,8 +238,13 @@ var config = &configuration{
 	AuthBlockMin:       15,
 	WebSessionTTLHours: 30 * 24,
 	DNS: dnsConfig{
-		BindHosts: []netip.Addr{netip.IPv4Unspecified()},
-		Port:      defaultPortDNS,
+		BindHosts:           []netip.Addr{netip.IPv4Unspecified()},
+		Port:                defaultPortDNS,
+		StatsInterval:       1,
+		QueryLogEnabled:     true,
+		QueryLogFileEnabled: true,
+		QueryLogInterval:    timeutil.Duration{Duration: 90 * timeutil.Day},
+		QueryLogMemSize:     1000,
 		FilteringConfig: dnsforward.FilteringConfig{
 			ProtectionEnabled:  true, // whether or not use any of filtering features
 			BlockingMode:       dnsforward.BlockingModeDefault,
@@ -297,18 +282,6 @@ var config = &configuration{
 		PortDNSOverTLS:  defaultPortTLS, // needs to be passed through to dnsproxy
 		PortDNSOverQUIC: defaultPortQUIC,
 	},
-	QueryLog: queryLogConfig{
-		Enabled:     true,
-		FileEnabled: true,
-		Interval:    timeutil.Duration{Duration: 90 * timeutil.Day},
-		MemSize:     1000,
-		Ignored:     []string{},
-	},
-	Stats: statsConfig{
-		Enabled:  true,
-		Interval: 1,
-		Ignored:  []string{},
-	},
 	// NOTE: Keep these parameters in sync with the one put into
 	// client/src/helpers/filters/filters.js by scripts/vetted-filters.
 	//
@@ -485,24 +458,19 @@ func (c *configuration) write() (err error) {
 	}
 
 	if Context.stats != nil {
-		statsConf := stats.Config{}
-		Context.stats.WriteDiskConfig(&statsConf)
-		config.Stats.Interval = statsConf.LimitDays
-		config.Stats.Enabled = statsConf.Enabled
-		config.Stats.Ignored = statsConf.Ignored.Values()
-		slices.Sort(config.Stats.Ignored)
+		sdc := stats.DiskConfig{}
+		Context.stats.WriteDiskConfig(&sdc)
+		config.DNS.StatsInterval = sdc.Interval
 	}
 
 	if Context.queryLog != nil {
 		dc := querylog.Config{}
 		Context.queryLog.WriteDiskConfig(&dc)
+		config.DNS.QueryLogEnabled = dc.Enabled
+		config.DNS.QueryLogFileEnabled = dc.FileEnabled
+		config.DNS.QueryLogInterval = timeutil.Duration{Duration: dc.RotationIvl}
+		config.DNS.QueryLogMemSize = dc.MemSize
 		config.DNS.AnonymizeClientIP = dc.AnonymizeClientIP
-		config.QueryLog.Enabled = dc.Enabled
-		config.QueryLog.FileEnabled = dc.FileEnabled
-		config.QueryLog.Interval = timeutil.Duration{Duration: dc.RotationIvl}
-		config.QueryLog.MemSize = dc.MemSize
-		config.QueryLog.Ignored = dc.Ignored.Values()
-		slices.Sort(config.Stats.Ignored)
 	}
 
 	if Context.filters != nil {

internal/home/controlinstall.go

@@ -20,7 +20,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/version"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
-	"github.com/quic-go/quic-go/http3"
+	"github.com/lucas-clemente/quic-go/http3"
 )
 
 // getAddrsResponse is the response for /install/get_addresses endpoint.

internal/home/dns.go

@@ -7,7 +7,6 @@ import (
 	"net/url"
 	"os"
 	"path/filepath"
-	"strings"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
@@ -21,7 +20,6 @@ import (
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
-	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/ameshkov/dnscrypt/v2"
 	yaml "gopkg.in/yaml.v3"
 )
@@ -53,18 +51,10 @@ func initDNS() (err error) {
 
 	statsConf := stats.Config{
 		Filename:       filepath.Join(baseDir, "stats.db"),
-		LimitDays:      config.Stats.Interval,
+		LimitDays:      config.DNS.StatsInterval,
 		ConfigModified: onConfigModified,
 		HTTPRegister:   httpRegister,
-		Enabled:        config.Stats.Enabled,
 	}
-
-	set, err := nonDupEmptyHostNames(config.Stats.Ignored)
-	if err != nil {
-		return fmt.Errorf("statistics: ignored list: %w", err)
-	}
-
-	statsConf.Ignored = set
 	Context.stats, err = stats.New(statsConf)
 	if err != nil {
 		return fmt.Errorf("init stats: %w", err)
@@ -76,19 +66,12 @@ func initDNS() (err error) {
 		HTTPRegister:      httpRegister,
 		FindClient:        Context.clients.findMultiple,
 		BaseDir:           baseDir,
+		RotationIvl:       config.DNS.QueryLogInterval.Duration,
+		MemSize:           config.DNS.QueryLogMemSize,
+		Enabled:           config.DNS.QueryLogEnabled,
+		FileEnabled:       config.DNS.QueryLogFileEnabled,
 		AnonymizeClientIP: config.DNS.AnonymizeClientIP,
-		RotationIvl:       config.QueryLog.Interval.Duration,
-		MemSize:           config.QueryLog.MemSize,
-		Enabled:           config.QueryLog.Enabled,
-		FileEnabled:       config.QueryLog.FileEnabled,
 	}
-
-	set, err = nonDupEmptyHostNames(config.QueryLog.Ignored)
-	if err != nil {
-		return fmt.Errorf("querylog: ignored list: %w", err)
-	}
-
-	conf.Ignored = set
 	Context.queryLog = querylog.New(conf)
 
 	Context.filters, err = filtering.New(config.DNS.DnsfilterConf, nil)
@@ -532,27 +515,3 @@ func closeDNSServer() {
 
 	log.Debug("all dns modules are closed")
 }
-
-// nonDupEmptyHostNames returns nil and error, if list has duplicate or empty
-// host name.  Otherwise returns a set, which contains lowercase host names
-// without dot at the end, and nil error.
-func nonDupEmptyHostNames(list []string) (set *stringutil.Set, err error) {
-	set = stringutil.NewSet()
-
-	for _, v := range list {
-		host := strings.ToLower(strings.TrimSuffix(v, "."))
-		// TODO(a.garipov): Think about ignoring empty (".") names in
-		// the future.
-		if host == "" {
-			return nil, errors.Error("host name is empty")
-		}
-
-		if set.Has(host) {
-			return nil, fmt.Errorf("duplicate host name %q", host)
-		}
-
-		set.Add(host)
-	}
-
-	return set, nil
-}

internal/home/rdns.go

@@ -8,7 +8,6 @@ import (
 
 	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/golibs/cache"
-	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 )
 
@@ -17,6 +16,10 @@ type RDNS struct {
 	exchanger dnsforward.RDNSExchanger
 	clients   *clientsContainer
 
+	// usePrivate is used to store the state of current private RDNS resolving
+	// settings and to react to it's changes.
+	usePrivate uint32
+
 	// ipCh used to pass client's IP to rDNS workerLoop.
 	ipCh chan netip.Addr
 
@@ -25,21 +28,13 @@ type RDNS struct {
 	// address will be resolved once again.  If the address couldn't be
 	// resolved, cache prevents further attempts to resolve it for some time.
 	ipCache cache.Cache
-
-	// usePrivate stores the state of current private reverse-DNS resolving
-	// settings.
-	usePrivate atomic.Bool
 }
 
-// Default AdGuard Home reverse DNS values.
+// Default rDNS values.
 const (
-	revDNSCacheSize = 10000
-
-	// TODO(e.burkov):  Make these values configurable.
-	revDNSCacheTTL        = 24 * 60 * 60
-	revDNSFailureCacheTTL = 1 * 60 * 60
-
-	revDNSQueueSize = 256
+	defaultRDNSCacheSize = 10000
+	defaultRDNSCacheTTL  = 1 * 60 * 60
+	defaultRDNSIPChSize  = 256
 )
 
 // NewRDNS creates and returns initialized RDNS.
@@ -53,12 +48,13 @@ func NewRDNS(
 		clients:   clients,
 		ipCache: cache.New(cache.Config{
 			EnableLRU: true,
-			MaxCount:  revDNSCacheSize,
+			MaxCount:  defaultRDNSCacheSize,
 		}),
-		ipCh: make(chan netip.Addr, revDNSQueueSize),
+		ipCh: make(chan netip.Addr, defaultRDNSIPChSize),
+	}
+	if usePrivate {
+		rDNS.usePrivate = 1
 	}
-
-	rDNS.usePrivate.Store(usePrivate)
 
 	go rDNS.workerLoop()
 
@@ -72,8 +68,12 @@ func NewRDNS(
 // approach since only unresolved locally-served addresses should be removed.
 // Implement when improving the cache.
 func (r *RDNS) ensurePrivateCache() {
-	usePrivate := r.exchanger.ResolvesPrivatePTR()
-	if r.usePrivate.CompareAndSwap(!usePrivate, usePrivate) {
+	var usePrivate uint32
+	if r.exchanger.ResolvesPrivatePTR() {
+		usePrivate = 1
+	}
+
+	if atomic.CompareAndSwapUint32(&r.usePrivate, 1-usePrivate, usePrivate) {
 		r.ipCache.Clear()
 	}
 }
@@ -84,28 +84,25 @@ func (r *RDNS) isCached(ip netip.Addr) (ok bool) {
 	ipBytes := ip.AsSlice()
 	now := uint64(time.Now().Unix())
 	if expire := r.ipCache.Get(ipBytes); len(expire) != 0 {
-		return binary.BigEndian.Uint64(expire) > now
+		if binary.BigEndian.Uint64(expire) > now {
+			return true
+		}
 	}
 
+	// The cache entry either expired or doesn't exist.
+	ttl := make([]byte, 8)
+	binary.BigEndian.PutUint64(ttl, now+defaultRDNSCacheTTL)
+	r.ipCache.Set(ipBytes, ttl)
+
 	return false
 }
 
-// cache caches the ip address for ttl seconds.
-func (r *RDNS) cache(ip netip.Addr, ttl uint64) {
-	ipData := ip.AsSlice()
-
-	ttlData := [8]byte{}
-	binary.BigEndian.PutUint64(ttlData[:], uint64(time.Now().Unix())+ttl)
-
-	r.ipCache.Set(ipData, ttlData[:])
-}
-
 // Begin adds the ip to the resolving queue if it is not cached or already
 // resolved.
 func (r *RDNS) Begin(ip netip.Addr) {
 	r.ensurePrivateCache()
 
-	if r.isCached(ip) || r.clients.clientSource(ip) > ClientSourceRDNS {
+	if r.isCached(ip) || r.clients.exists(ip, ClientSourceRDNS) {
 		return
 	}
 
@@ -123,21 +120,15 @@ func (r *RDNS) workerLoop() {
 	defer log.OnPanic("rdns")
 
 	for ip := range r.ipCh {
-		ttl := uint64(revDNSCacheTTL)
-
 		host, err := r.exchanger.Exchange(ip.AsSlice())
 		if err != nil {
 			log.Debug("rdns: resolving %q: %s", ip, err)
-			if errors.Is(err, dnsforward.ErrRDNSFailed) {
-				// Cache failure for a less time.
-				ttl = revDNSFailureCacheTTL
-			}
+
+			continue
+		} else if host == "" {
+			continue
 		}
 
-		r.cache(ip, ttl)
-
-		if host != "" {
-			_ = r.clients.AddHost(ip, host, ClientSourceRDNS)
-		}
+		_ = r.clients.AddHost(ip, host, ClientSourceRDNS)
 	}
 }

internal/home/rdns_test.go

@@ -76,7 +76,7 @@ func TestRDNS_Begin(t *testing.T) {
 
 		ipCache := cache.New(cache.Config{
 			EnableLRU: true,
-			MaxCount:  revDNSCacheSize,
+			MaxCount:  defaultRDNSCacheSize,
 		})
 		ttl := make([]byte, binary.Size(uint64(0)))
 		binary.BigEndian.PutUint64(ttl, uint64(time.Now().Add(100*time.Hour).Unix()))
@@ -153,7 +153,7 @@ func TestRDNS_ensurePrivateCache(t *testing.T) {
 
 	ipCache := cache.New(cache.Config{
 		EnableLRU: true,
-		MaxCount:  revDNSCacheSize,
+		MaxCount:  defaultRDNSCacheSize,
 	})
 
 	ex := &rDNSExchanger{
@@ -200,29 +200,25 @@ func TestRDNS_WorkerLoop(t *testing.T) {
 	errUpstream := aghtest.NewErrorUpstream()
 
 	testCases := []struct {
-		ups              upstream.Upstream
-		cliIP            netip.Addr
-		wantLog          string
-		name             string
-		wantClientSource clientSource
+		ups     upstream.Upstream
+		cliIP   netip.Addr
+		wantLog string
+		name    string
 	}{{
-		ups:              locUpstream,
-		cliIP:            localIP,
-		wantLog:          "",
-		name:             "all_good",
-		wantClientSource: ClientSourceRDNS,
+		ups:     locUpstream,
+		cliIP:   localIP,
+		wantLog: "",
+		name:    "all_good",
 	}, {
-		ups:              errUpstream,
-		cliIP:            netip.MustParseAddr("192.168.1.2"),
-		wantLog:          `rdns: resolving "192.168.1.2": test upstream error`,
-		name:             "resolve_error",
-		wantClientSource: ClientSourceNone,
+		ups:     errUpstream,
+		cliIP:   netip.MustParseAddr("192.168.1.2"),
+		wantLog: `rdns: resolving "192.168.1.2": test upstream error`,
+		name:    "resolve_error",
 	}, {
-		ups:              locUpstream,
-		cliIP:            netip.MustParseAddr("2a00:1450:400c:c06::93"),
-		wantLog:          "",
-		name:             "ipv6_good",
-		wantClientSource: ClientSourceRDNS,
+		ups:     locUpstream,
+		cliIP:   netip.MustParseAddr("2a00:1450:400c:c06::93"),
+		wantLog: "",
+		name:    "ipv6_good",
 	}}
 
 	for _, tc := range testCases {
@@ -241,10 +237,6 @@ func TestRDNS_WorkerLoop(t *testing.T) {
 			},
 			clients: cc,
 			ipCh:    ch,
-			ipCache: cache.New(cache.Config{
-				EnableLRU: true,
-				MaxCount:  revDNSCacheSize,
-			}),
 		}
 
 		t.Run(tc.name, func(t *testing.T) {
@@ -261,9 +253,11 @@ func TestRDNS_WorkerLoop(t *testing.T) {
 
 			if tc.wantLog != "" {
 				assert.Contains(t, w.String(), tc.wantLog)
+
+				return
 			}
 
-			assert.Equal(t, tc.wantClientSource, cc.clientSource(tc.cliIP))
+			assert.True(t, cc.exists(tc.cliIP, ClientSourceRDNS))
 		})
 	}
 }

internal/home/upgrade.go

@@ -22,7 +22,7 @@ import (
 )
 
 // currentSchemaVersion is the current schema version.
-const currentSchemaVersion = 16
+const currentSchemaVersion = 14
 
 // These aliases are provided for convenience.
 type (
@@ -87,8 +87,6 @@ func upgradeConfigSchema(oldVersion int, diskConf yobj) (err error) {
 		upgradeSchema11to12,
 		upgradeSchema12to13,
 		upgradeSchema13to14,
-		upgradeSchema14to15,
-		upgradeSchema15to16,
 	}
 
 	n := 0
@@ -804,107 +802,6 @@ func upgradeSchema13to14(diskConf yobj) (err error) {
 	return nil
 }
 
-// upgradeSchema14to15 performs the following changes:
-//
-//	# BEFORE:
-//	'dns':
-//	  'querylog_enabled': true
-//	  'querylog_file_enabled': true
-//	  'querylog_interval': '2160h'
-//	  'querylog_size_memory': 1000
-//
-//	# AFTER:
-//	'querylog':
-//	  'enabled': true
-//	  'file_enabled': true
-//	  'interval': '2160h'
-//	  'size_memory': 1000
-//	  'ignored': []
-func upgradeSchema14to15(diskConf yobj) (err error) {
-	log.Printf("Upgrade yaml: 14 to 15")
-	diskConf["schema_version"] = 15
-
-	dnsVal, ok := diskConf["dns"]
-	if !ok {
-		return nil
-	}
-
-	dns, ok := dnsVal.(yobj)
-	if !ok {
-		return fmt.Errorf("unexpected type of dns: %T", dnsVal)
-	}
-
-	type temp struct {
-		from string
-		to   string
-		val  any
-	}
-	replaces := []temp{
-		{from: "querylog_enabled", to: "enabled", val: true},
-		{from: "querylog_file_enabled", to: "file_enabled", val: true},
-		{from: "querylog_interval", to: "interval", val: "2160h"},
-		{from: "querylog_size_memory", to: "size_memory", val: 1000},
-	}
-	qlog := map[string]any{
-		"ignored": []any{},
-	}
-	for _, r := range replaces {
-		v, has := dns[r.from]
-		if !has {
-			v = r.val
-		}
-		delete(dns, r.from)
-		qlog[r.to] = v
-	}
-	diskConf["querylog"] = qlog
-
-	return nil
-}
-
-// upgradeSchema15to16 performs the following changes:
-//
-//	# BEFORE:
-//	'dns':
-//	  'statistics_interval': 1
-//
-//	# AFTER:
-//	'statistics':
-//	  'enabled': true
-//	  'interval': 1
-//	  'ignored': []
-func upgradeSchema15to16(diskConf yobj) (err error) {
-	log.Printf("Upgrade yaml: 15 to 16")
-	diskConf["schema_version"] = 16
-
-	dnsVal, ok := diskConf["dns"]
-	if !ok {
-		return nil
-	}
-
-	dns, ok := dnsVal.(yobj)
-	if !ok {
-		return fmt.Errorf("unexpected type of dns: %T", dnsVal)
-	}
-
-	stats := map[string]any{
-		"enabled":  true,
-		"interval": 1,
-		"ignored":  []any{},
-	}
-
-	k := "statistics_interval"
-	v, has := dns[k]
-	if has {
-		stats["enabled"] = v != 0
-		stats["interval"] = v
-	}
-	delete(dns, k)
-
-	diskConf["statistics"] = stats
-
-	return nil
-}
-
 // TODO(a.garipov): Replace with log.Output when we port it to our logging
 // package.
 func funcName() string {

internal/home/upgrade_test.go

@@ -640,110 +640,3 @@ func TestUpgradeSchema13to14(t *testing.T) {
 		})
 	}
 }
-
-func TestUpgradeSchema14to15(t *testing.T) {
-	const newSchemaVer = 15
-
-	defaultWantObj := yobj{
-		"querylog": map[string]any{
-			"enabled":      true,
-			"file_enabled": true,
-			"interval":     "2160h",
-			"size_memory":  1000,
-			"ignored":      []any{},
-		},
-		"dns":            map[string]any{},
-		"schema_version": newSchemaVer,
-	}
-
-	testCases := []struct {
-		in   yobj
-		want yobj
-		name string
-	}{{
-		in: yobj{
-			"dns": map[string]any{
-				"querylog_enabled":      true,
-				"querylog_file_enabled": true,
-				"querylog_interval":     "2160h",
-				"querylog_size_memory":  1000,
-			},
-		},
-		want: defaultWantObj,
-		name: "basic",
-	}, {
-		in: yobj{
-			"dns": map[string]any{},
-		},
-		want: defaultWantObj,
-		name: "default_values",
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			err := upgradeSchema14to15(tc.in)
-			require.NoError(t, err)
-
-			assert.Equal(t, tc.want, tc.in)
-		})
-	}
-}
-
-func TestUpgradeSchema15to16(t *testing.T) {
-	const newSchemaVer = 16
-
-	defaultWantObj := yobj{
-		"statistics": map[string]any{
-			"enabled":  true,
-			"interval": 1,
-			"ignored":  []any{},
-		},
-		"dns":            map[string]any{},
-		"schema_version": newSchemaVer,
-	}
-
-	testCases := []struct {
-		in   yobj
-		want yobj
-		name string
-	}{{
-		in: yobj{
-			"dns": map[string]any{
-				"statistics_interval": 1,
-			},
-		},
-		want: defaultWantObj,
-		name: "basic",
-	}, {
-		in: yobj{
-			"dns": map[string]any{},
-		},
-		want: defaultWantObj,
-		name: "default_values",
-	}, {
-		in: yobj{
-			"dns": map[string]any{
-				"statistics_interval": 0,
-			},
-		},
-		want: yobj{
-			"statistics": map[string]any{
-				"enabled":  false,
-				"interval": 0,
-				"ignored":  []any{},
-			},
-			"dns":            map[string]any{},
-			"schema_version": newSchemaVer,
-		},
-		name: "stats_disabled",
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			err := upgradeSchema15to16(tc.in)
-			require.NoError(t, err)
-
-			assert.Equal(t, tc.want, tc.in)
-		})
-	}
-}

internal/home/web.go

@@ -15,8 +15,8 @@ import (
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/NYTimes/gziphandler"
-	"github.com/quic-go/quic-go"
-	"github.com/quic-go/quic-go/http3"
+	"github.com/lucas-clemente/quic-go"
+	"github.com/lucas-clemente/quic-go/http3"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/h2c"
 )

internal/next/agh/agh.go

@@ -1,63 +0,0 @@
-// Package agh contains common entities and interfaces of AdGuard Home.
-package agh
-
-import "context"
-
-// Service is the interface for API servers.
-//
-// TODO(a.garipov): Consider adding a context to Start.
-//
-// TODO(a.garipov): Consider adding a Wait method or making an extension
-// interface for that.
-type Service interface {
-	// Start starts the service.  It does not block.
-	Start() (err error)
-
-	// Shutdown gracefully stops the service.  ctx is used to determine
-	// a timeout before trying to stop the service less gracefully.
-	Shutdown(ctx context.Context) (err error)
-}
-
-// type check
-var _ Service = EmptyService{}
-
-// EmptyService is a [Service] that does nothing.
-//
-// TODO(a.garipov): Remove if unnecessary.
-type EmptyService struct{}
-
-// Start implements the [Service] interface for EmptyService.
-func (EmptyService) Start() (err error) { return nil }
-
-// Shutdown implements the [Service] interface for EmptyService.
-func (EmptyService) Shutdown(_ context.Context) (err error) { return nil }
-
-// ServiceWithConfig is an extension of the [Service] interface for services
-// that can return their configuration.
-//
-// TODO(a.garipov): Consider removing this generic interface if we figure out
-// how to make it testable in a better way.
-type ServiceWithConfig[ConfigType any] interface {
-	Service
-
-	Config() (c ConfigType)
-}
-
-// type check
-var _ ServiceWithConfig[struct{}] = (*EmptyServiceWithConfig[struct{}])(nil)
-
-// EmptyServiceWithConfig is a ServiceWithConfig that does nothing.  Its Config
-// method returns Conf.
-//
-// TODO(a.garipov): Remove if unnecessary.
-type EmptyServiceWithConfig[ConfigType any] struct {
-	EmptyService
-
-	Conf ConfigType
-}
-
-// Config implements the [ServiceWithConfig] interface for
-// *EmptyServiceWithConfig.
-func (s *EmptyServiceWithConfig[ConfigType]) Config() (conf ConfigType) {
-	return s.Conf
-}

internal/next/cmd/cmd.go

@@ -1,77 +0,0 @@
-// Package cmd is the AdGuard Home entry point.  It contains the on-disk
-// configuration file utilities, signal processing logic, and so on.
-//
-// TODO(a.garipov): Move to the upper-level internal/.
-package cmd
-
-import (
-	"context"
-	"io/fs"
-	"math/rand"
-	"os"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/configmgr"
-	"github.com/AdguardTeam/AdGuardHome/internal/version"
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// Main is the entry point of application.
-func Main(clientBuildFS fs.FS) {
-	// Initial Configuration
-
-	start := time.Now()
-	rand.Seed(start.UnixNano())
-
-	// TODO(a.garipov): Set up logging.
-
-	log.Info("starting adguard home, version %s, pid %d", version.Version(), os.Getpid())
-
-	// Web Service
-
-	// TODO(a.garipov): Use in the Web service.
-	_ = clientBuildFS
-
-	// TODO(a.garipov): Set up configuration file name.
-	const confFile = "AdGuardHome.1.yaml"
-
-	confMgr, err := configmgr.New(confFile, start)
-	fatalOnError(err)
-
-	web := confMgr.Web()
-	err = web.Start()
-	fatalOnError(err)
-
-	dns := confMgr.DNS()
-	err = dns.Start()
-	fatalOnError(err)
-
-	sigHdlr := newSignalHandler(
-		confFile,
-		start,
-		web,
-		dns,
-	)
-
-	go sigHdlr.handle()
-
-	select {}
-}
-
-// defaultTimeout is the timeout used for some operations where another timeout
-// hasn't been defined yet.
-const defaultTimeout = 15 * time.Second
-
-// ctxWithDefaultTimeout is a helper function that returns a context with
-// timeout set to defaultTimeout.
-func ctxWithDefaultTimeout() (ctx context.Context, cancel context.CancelFunc) {
-	return context.WithTimeout(context.Background(), defaultTimeout)
-}
-
-// fatalOnError is a helper that exits the program with an error code if err is
-// not nil.  It must only be used within Main.
-func fatalOnError(err error) {
-	if err != nil {
-		log.Fatal(err)
-	}
-}

internal/next/cmd/signal.go

@@ -1,118 +0,0 @@
-package cmd
-
-import (
-	"os"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/configmgr"
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// signalHandler processes incoming signals and shuts services down.
-type signalHandler struct {
-	// signal is the channel to which OS signals are sent.
-	signal chan os.Signal
-
-	// confFile is the path to the configuration file.
-	confFile string
-
-	// start is the time at which AdGuard Home has been started.
-	start time.Time
-
-	// services are the services that are shut down before application exiting.
-	services []agh.Service
-}
-
-// handle processes OS signals.
-func (h *signalHandler) handle() {
-	defer log.OnPanic("signalHandler.handle")
-
-	for sig := range h.signal {
-		log.Info("sighdlr: received signal %q", sig)
-
-		if aghos.IsReconfigureSignal(sig) {
-			h.reconfigure()
-		} else if aghos.IsShutdownSignal(sig) {
-			status := h.shutdown()
-			log.Info("sighdlr: exiting with status %d", status)
-
-			os.Exit(status)
-		}
-	}
-}
-
-// reconfigure rereads the configuration file and updates and restarts services.
-func (h *signalHandler) reconfigure() {
-	log.Info("sighdlr: reconfiguring adguard home")
-
-	status := h.shutdown()
-	if status != statusSuccess {
-		log.Info("sighdlr: reconfiruging: exiting with status %d", status)
-
-		os.Exit(status)
-	}
-
-	// TODO(a.garipov): This is a very rough way to do it.  Some services can be
-	// reconfigured without the full shutdown, and the error handling is
-	// currently not the best.
-
-	confMgr, err := configmgr.New(h.confFile, h.start)
-	fatalOnError(err)
-
-	web := confMgr.Web()
-	err = web.Start()
-	fatalOnError(err)
-
-	dns := confMgr.DNS()
-	err = dns.Start()
-	fatalOnError(err)
-
-	h.services = []agh.Service{
-		dns,
-		web,
-	}
-
-	log.Info("sighdlr: successfully reconfigured adguard home")
-}
-
-// Exit status constants.
-const (
-	statusSuccess = 0
-	statusError   = 1
-)
-
-// shutdown gracefully shuts down all services.
-func (h *signalHandler) shutdown() (status int) {
-	ctx, cancel := ctxWithDefaultTimeout()
-	defer cancel()
-
-	status = statusSuccess
-
-	log.Info("sighdlr: shutting down services")
-	for i, service := range h.services {
-		err := service.Shutdown(ctx)
-		if err != nil {
-			log.Error("sighdlr: shutting down service at index %d: %s", i, err)
-			status = statusError
-		}
-	}
-
-	return status
-}
-
-// newSignalHandler returns a new signalHandler that shuts down svcs.
-func newSignalHandler(confFile string, start time.Time, svcs ...agh.Service) (h *signalHandler) {
-	h = &signalHandler{
-		signal:   make(chan os.Signal, 1),
-		confFile: confFile,
-		start:    start,
-		services: svcs,
-	}
-
-	aghos.NotifyShutdownSignal(h.signal)
-	aghos.NotifyReconfigureSignal(h.signal)
-
-	return h
-}

internal/next/configmgr/config.go

@@ -1,40 +0,0 @@
-package configmgr
-
-import (
-	"net/netip"
-
-	"github.com/AdguardTeam/golibs/timeutil"
-)
-
-// Configuration Structures
-
-// config is the top-level on-disk configuration structure.
-type config struct {
-	DNS  *dnsConfig  `yaml:"dns"`
-	HTTP *httpConfig `yaml:"http"`
-	// TODO(a.garipov): Use.
-	SchemaVersion int `yaml:"schema_version"`
-	// TODO(a.garipov): Use.
-	DebugPprof bool `yaml:"debug_pprof"`
-	Verbose    bool `yaml:"verbose"`
-}
-
-// dnsConfig is the on-disk DNS configuration.
-//
-// TODO(a.garipov): Validate.
-type dnsConfig struct {
-	Addresses       []netip.AddrPort  `yaml:"addresses"`
-	BootstrapDNS    []string          `yaml:"bootstrap_dns"`
-	UpstreamDNS     []string          `yaml:"upstream_dns"`
-	UpstreamTimeout timeutil.Duration `yaml:"upstream_timeout"`
-}
-
-// httpConfig is the on-disk web API configuration.
-//
-// TODO(a.garipov): Validate.
-type httpConfig struct {
-	Addresses       []netip.AddrPort  `yaml:"addresses"`
-	SecureAddresses []netip.AddrPort  `yaml:"secure_addresses"`
-	Timeout         timeutil.Duration `yaml:"timeout"`
-	ForceHTTPS      bool              `yaml:"force_https"`
-}

internal/next/configmgr/configmgr.go

@@ -1,205 +0,0 @@
-// Package configmgr defines the AdGuard Home on-disk configuration entities and
-// configuration manager.
-package configmgr
-
-import (
-	"context"
-	"fmt"
-	"os"
-	"sync"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/log"
-	"gopkg.in/yaml.v3"
-)
-
-// Configuration Manager
-
-// Manager handles full and partial changes in the configuration, persisting
-// them to disk if necessary.
-type Manager struct {
-	// updMu makes sure that at most one reconfiguration is performed at a time.
-	// updMu protects all fields below.
-	updMu *sync.RWMutex
-
-	// dns is the DNS service.
-	dns *dnssvc.Service
-
-	// Web is the Web API service.
-	web *websvc.Service
-
-	// current is the current configuration.
-	current *config
-
-	// fileName is the name of the configuration file.
-	fileName string
-}
-
-// New creates a new *Manager that persists changes to the file pointed to by
-// fileName.  It reads the configuration file and populates the service fields.
-// start is the startup time of AdGuard Home.
-func New(fileName string, start time.Time) (m *Manager, err error) {
-	defer func() { err = errors.Annotate(err, "reading config") }()
-
-	conf := &config{}
-	f, err := os.Open(fileName)
-	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
-		return nil, err
-	}
-	defer func() { err = errors.WithDeferred(err, f.Close()) }()
-
-	err = yaml.NewDecoder(f).Decode(conf)
-	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
-		return nil, err
-	}
-
-	// TODO(a.garipov): Move into a separate function and add other logging
-	// settings.
-	if conf.Verbose {
-		log.SetLevel(log.DEBUG)
-	}
-
-	// TODO(a.garipov): Validate the configuration structure.  Return an error
-	// if it's incorrect.
-
-	m = &Manager{
-		updMu:    &sync.RWMutex{},
-		current:  conf,
-		fileName: fileName,
-	}
-
-	// TODO(a.garipov): Get the context with the timeout from the arguments?
-	const assemblyTimeout = 5 * time.Second
-	ctx, cancel := context.WithTimeout(context.Background(), assemblyTimeout)
-	defer cancel()
-
-	err = m.assemble(ctx, conf, start)
-	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
-		return nil, err
-	}
-
-	return m, nil
-}
-
-// assemble creates all services and puts them into the corresponding fields.
-// The fields of conf must not be modified after calling assemble.
-func (m *Manager) assemble(ctx context.Context, conf *config, start time.Time) (err error) {
-	dnsConf := &dnssvc.Config{
-		Addresses:        conf.DNS.Addresses,
-		BootstrapServers: conf.DNS.BootstrapDNS,
-		UpstreamServers:  conf.DNS.UpstreamDNS,
-		UpstreamTimeout:  conf.DNS.UpstreamTimeout.Duration,
-	}
-	err = m.updateDNS(ctx, dnsConf)
-	if err != nil {
-		return fmt.Errorf("assembling dnssvc: %w", err)
-	}
-
-	webSvcConf := &websvc.Config{
-		ConfigManager: m,
-		// TODO(a.garipov): Fill from config file.
-		TLS:             nil,
-		Start:           start,
-		Addresses:       conf.HTTP.Addresses,
-		SecureAddresses: conf.HTTP.SecureAddresses,
-		Timeout:         conf.HTTP.Timeout.Duration,
-		ForceHTTPS:      conf.HTTP.ForceHTTPS,
-	}
-
-	err = m.updateWeb(ctx, webSvcConf)
-	if err != nil {
-		return fmt.Errorf("assembling websvc: %w", err)
-	}
-
-	return nil
-}
-
-// DNS returns the current DNS service.  It is safe for concurrent use.
-func (m *Manager) DNS() (dns agh.ServiceWithConfig[*dnssvc.Config]) {
-	m.updMu.RLock()
-	defer m.updMu.RUnlock()
-
-	return m.dns
-}
-
-// UpdateDNS implements the [websvc.ConfigManager] interface for *Manager.  The
-// fields of c must not be modified after calling UpdateDNS.
-func (m *Manager) UpdateDNS(ctx context.Context, c *dnssvc.Config) (err error) {
-	m.updMu.Lock()
-	defer m.updMu.Unlock()
-
-	// TODO(a.garipov): Update and write the configuration file.  Return an
-	// error if something went wrong.
-
-	err = m.updateDNS(ctx, c)
-	if err != nil {
-		return fmt.Errorf("reassembling dnssvc: %w", err)
-	}
-
-	return nil
-}
-
-// updateDNS recreates the DNS service.  m.updMu is expected to be locked.
-func (m *Manager) updateDNS(ctx context.Context, c *dnssvc.Config) (err error) {
-	if prev := m.dns; prev != nil {
-		err = prev.Shutdown(ctx)
-		if err != nil {
-			return fmt.Errorf("shutting down dns svc: %w", err)
-		}
-	}
-
-	svc, err := dnssvc.New(c)
-	if err != nil {
-		return fmt.Errorf("creating dns svc: %w", err)
-	}
-
-	m.dns = svc
-
-	return nil
-}
-
-// Web returns the current web service.  It is safe for concurrent use.
-func (m *Manager) Web() (web agh.ServiceWithConfig[*websvc.Config]) {
-	m.updMu.RLock()
-	defer m.updMu.RUnlock()
-
-	return m.web
-}
-
-// UpdateWeb implements the [websvc.ConfigManager] interface for *Manager.  The
-// fields of c must not be modified after calling UpdateWeb.
-func (m *Manager) UpdateWeb(ctx context.Context, c *websvc.Config) (err error) {
-	m.updMu.Lock()
-	defer m.updMu.Unlock()
-
-	// TODO(a.garipov): Update and write the configuration file.  Return an
-	// error if something went wrong.
-
-	err = m.updateWeb(ctx, c)
-	if err != nil {
-		return fmt.Errorf("reassembling websvc: %w", err)
-	}
-
-	return nil
-}
-
-// updateWeb recreates the web service.  m.upd is expected to be locked.
-func (m *Manager) updateWeb(ctx context.Context, c *websvc.Config) (err error) {
-	if prev := m.web; prev != nil {
-		err = prev.Shutdown(ctx)
-		if err != nil {
-			return fmt.Errorf("shutting down web svc: %w", err)
-		}
-	}
-
-	m.web = websvc.New(c)
-
-	return nil
-}

internal/next/dnssvc/dnssvc.go

@@ -1,216 +0,0 @@
-// Package dnssvc contains the AdGuard Home DNS service.
-//
-// TODO(a.garipov): Define, if all methods of a *Service should work with a nil
-// receiver.
-package dnssvc
-
-import (
-	"context"
-	"fmt"
-	"net"
-	"net/netip"
-	"sync/atomic"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	// TODO(a.garipov): Add a “dnsproxy proxy” package to shield us from changes
-	// and replacement of module dnsproxy.
-	"github.com/AdguardTeam/dnsproxy/proxy"
-	"github.com/AdguardTeam/dnsproxy/upstream"
-)
-
-// Config is the AdGuard Home DNS service configuration structure.
-//
-// TODO(a.garipov): Add timeout for incoming requests.
-type Config struct {
-	// Addresses are the addresses on which to serve plain DNS queries.
-	Addresses []netip.AddrPort
-
-	// Upstreams are the DNS upstreams to use.  If not set, upstreams are
-	// created using data from BootstrapServers, UpstreamServers, and
-	// UpstreamTimeout.
-	//
-	// TODO(a.garipov): Think of a better scheme.  Those other three parameters
-	// are here only to make Config work properly.
-	Upstreams []upstream.Upstream
-
-	// BootstrapServers are the addresses for bootstrapping the upstream DNS
-	// server addresses.
-	BootstrapServers []string
-
-	// UpstreamServers are the upstream DNS server addresses to use.
-	UpstreamServers []string
-
-	// UpstreamTimeout is the timeout for upstream requests.
-	UpstreamTimeout time.Duration
-}
-
-// Service is the AdGuard Home DNS service.  A nil *Service is a valid
-// [agh.Service] that does nothing.
-type Service struct {
-	proxy      *proxy.Proxy
-	bootstraps []string
-	upstreams  []string
-	upsTimeout time.Duration
-	running    atomic.Bool
-}
-
-// New returns a new properly initialized *Service.  If c is nil, svc is a nil
-// *Service that does nothing.  The fields of c must not be modified after
-// calling New.
-func New(c *Config) (svc *Service, err error) {
-	if c == nil {
-		return nil, nil
-	}
-
-	svc = &Service{
-		bootstraps: c.BootstrapServers,
-		upstreams:  c.UpstreamServers,
-		upsTimeout: c.UpstreamTimeout,
-	}
-
-	var upstreams []upstream.Upstream
-	if len(c.Upstreams) > 0 {
-		upstreams = c.Upstreams
-	} else {
-		upstreams, err = addressesToUpstreams(
-			c.UpstreamServers,
-			c.BootstrapServers,
-			c.UpstreamTimeout,
-		)
-		if err != nil {
-			return nil, fmt.Errorf("converting upstreams: %w", err)
-		}
-	}
-
-	svc.proxy = &proxy.Proxy{
-		Config: proxy.Config{
-			UDPListenAddr: udpAddrs(c.Addresses),
-			TCPListenAddr: tcpAddrs(c.Addresses),
-			UpstreamConfig: &proxy.UpstreamConfig{
-				Upstreams: upstreams,
-			},
-		},
-	}
-
-	err = svc.proxy.Init()
-	if err != nil {
-		return nil, fmt.Errorf("proxy: %w", err)
-	}
-
-	return svc, nil
-}
-
-// addressesToUpstreams is a wrapper around [upstream.AddressToUpstream].  It
-// accepts a slice of addresses and other upstream parameters, and returns a
-// slice of upstreams.
-func addressesToUpstreams(
-	upsStrs []string,
-	bootstraps []string,
-	timeout time.Duration,
-) (upstreams []upstream.Upstream, err error) {
-	upstreams = make([]upstream.Upstream, len(upsStrs))
-	for i, upsStr := range upsStrs {
-		upstreams[i], err = upstream.AddressToUpstream(upsStr, &upstream.Options{
-			Bootstrap: bootstraps,
-			Timeout:   timeout,
-		})
-		if err != nil {
-			return nil, fmt.Errorf("upstream at index %d: %w", i, err)
-		}
-	}
-
-	return upstreams, nil
-}
-
-// tcpAddrs converts []netip.AddrPort into []*net.TCPAddr.
-func tcpAddrs(addrPorts []netip.AddrPort) (tcpAddrs []*net.TCPAddr) {
-	if addrPorts == nil {
-		return nil
-	}
-
-	tcpAddrs = make([]*net.TCPAddr, len(addrPorts))
-	for i, a := range addrPorts {
-		tcpAddrs[i] = net.TCPAddrFromAddrPort(a)
-	}
-
-	return tcpAddrs
-}
-
-// udpAddrs converts []netip.AddrPort into []*net.UDPAddr.
-func udpAddrs(addrPorts []netip.AddrPort) (udpAddrs []*net.UDPAddr) {
-	if addrPorts == nil {
-		return nil
-	}
-
-	udpAddrs = make([]*net.UDPAddr, len(addrPorts))
-	for i, a := range addrPorts {
-		udpAddrs[i] = net.UDPAddrFromAddrPort(a)
-	}
-
-	return udpAddrs
-}
-
-// type check
-var _ agh.Service = (*Service)(nil)
-
-// Start implements the [agh.Service] interface for *Service.  svc may be nil.
-// After Start exits, all DNS servers have tried to start, but there is no
-// guarantee that they did.  Errors from the servers are written to the log.
-func (svc *Service) Start() (err error) {
-	if svc == nil {
-		return nil
-	}
-
-	defer func() {
-		// TODO(a.garipov): [proxy.Proxy.Start] doesn't actually have any way to
-		// tell when all servers are actually up, so at best this is merely an
-		// assumption.
-		svc.running.Store(err == nil)
-	}()
-
-	return svc.proxy.Start()
-}
-
-// Shutdown implements the [agh.Service] interface for *Service.  svc may be
-// nil.
-func (svc *Service) Shutdown(ctx context.Context) (err error) {
-	if svc == nil {
-		return nil
-	}
-
-	return svc.proxy.Stop()
-}
-
-// Config returns the current configuration of the web service.  Config must not
-// be called simultaneously with Start.  If svc was initialized with ":0"
-// addresses, addrs will not return the actual bound ports until Start is
-// finished.
-func (svc *Service) Config() (c *Config) {
-	// TODO(a.garipov): Do we need to get the TCP addresses separately?
-
-	var addrs []netip.AddrPort
-	if svc.running.Load() {
-		udpAddrs := svc.proxy.Addrs(proxy.ProtoUDP)
-		addrs = make([]netip.AddrPort, len(udpAddrs))
-		for i, a := range udpAddrs {
-			addrs[i] = a.(*net.UDPAddr).AddrPort()
-		}
-	} else {
-		conf := svc.proxy.Config
-		udpAddrs := conf.UDPListenAddr
-		addrs = make([]netip.AddrPort, len(udpAddrs))
-		for i, a := range udpAddrs {
-			addrs[i] = a.AddrPort()
-		}
-	}
-
-	c = &Config{
-		Addresses:        addrs,
-		BootstrapServers: svc.bootstraps,
-		UpstreamServers:  svc.upstreams,
-		UpstreamTimeout:  svc.upsTimeout,
-	}
-
-	return c
-}

internal/next/dnssvc/dnssvc_test.go

@@ -1,96 +0,0 @@
-package dnssvc_test
-
-import (
-	"context"
-	"net/netip"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/dnsproxy/upstream"
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/testutil"
-	"github.com/miekg/dns"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestMain(m *testing.M) {
-	testutil.DiscardLogOutput(m)
-}
-
-// testTimeout is the common timeout for tests.
-const testTimeout = 100 * time.Millisecond
-
-func TestService(t *testing.T) {
-	const (
-		bootstrapAddr = "bootstrap.example"
-		upstreamAddr  = "upstream.example"
-
-		closeErr errors.Error = "closing failed"
-	)
-
-	ups := &aghtest.UpstreamMock{
-		OnAddress: func() (addr string) {
-			return upstreamAddr
-		},
-		OnExchange: func(req *dns.Msg) (resp *dns.Msg, err error) {
-			resp = (&dns.Msg{}).SetReply(req)
-
-			return resp, nil
-		},
-		OnClose: func() (err error) {
-			return closeErr
-		},
-	}
-
-	c := &dnssvc.Config{
-		Addresses:        []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:0")},
-		Upstreams:        []upstream.Upstream{ups},
-		BootstrapServers: []string{bootstrapAddr},
-		UpstreamServers:  []string{upstreamAddr},
-		UpstreamTimeout:  testTimeout,
-	}
-
-	svc, err := dnssvc.New(c)
-	require.NoError(t, err)
-
-	err = svc.Start()
-	require.NoError(t, err)
-
-	gotConf := svc.Config()
-	require.NotNil(t, gotConf)
-	require.Len(t, gotConf.Addresses, 1)
-
-	addr := gotConf.Addresses[0]
-
-	t.Run("dns", func(t *testing.T) {
-		req := &dns.Msg{
-			MsgHdr: dns.MsgHdr{
-				Id:               dns.Id(),
-				RecursionDesired: true,
-			},
-			Question: []dns.Question{{
-				Name:   "example.com.",
-				Qtype:  dns.TypeA,
-				Qclass: dns.ClassINET,
-			}},
-		}
-
-		ctx, cancel := context.WithTimeout(context.Background(), testTimeout)
-		defer cancel()
-
-		cli := &dns.Client{}
-		resp, _, excErr := cli.ExchangeContext(ctx, req, addr.String())
-		require.NoError(t, excErr)
-
-		assert.NotNil(t, resp)
-	})
-
-	ctx, cancel := context.WithTimeout(context.Background(), testTimeout)
-	defer cancel()
-
-	err = svc.Shutdown(ctx)
-	require.ErrorIs(t, err, closeErr)
-}

internal/next/websvc/dns.go

@@ -1,84 +0,0 @@
-package websvc
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/netip"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-)
-
-// DNS Settings Handlers
-
-// ReqPatchSettingsDNS describes the request to the PATCH /api/v1/settings/dns
-// HTTP API.
-type ReqPatchSettingsDNS struct {
-	// TODO(a.garipov): Add more as we go.
-
-	Addresses        []netip.AddrPort `json:"addresses"`
-	BootstrapServers []string         `json:"bootstrap_servers"`
-	UpstreamServers  []string         `json:"upstream_servers"`
-	UpstreamTimeout  JSONDuration     `json:"upstream_timeout"`
-}
-
-// HTTPAPIDNSSettings are the DNS settings as used by the HTTP API.  See the
-// DnsSettings object in the OpenAPI specification.
-type HTTPAPIDNSSettings struct {
-	// TODO(a.garipov): Add more as we go.
-
-	Addresses        []netip.AddrPort `json:"addresses"`
-	BootstrapServers []string         `json:"bootstrap_servers"`
-	UpstreamServers  []string         `json:"upstream_servers"`
-	UpstreamTimeout  JSONDuration     `json:"upstream_timeout"`
-}
-
-// handlePatchSettingsDNS is the handler for the PATCH /api/v1/settings/dns HTTP
-// API.
-func (svc *Service) handlePatchSettingsDNS(w http.ResponseWriter, r *http.Request) {
-	req := &ReqPatchSettingsDNS{
-		Addresses:        []netip.AddrPort{},
-		BootstrapServers: []string{},
-		UpstreamServers:  []string{},
-	}
-
-	// TODO(a.garipov): Validate nulls and proper JSON patch.
-
-	err := json.NewDecoder(r.Body).Decode(&req)
-	if err != nil {
-		writeJSONErrorResponse(w, r, fmt.Errorf("decoding: %w", err))
-
-		return
-	}
-
-	newConf := &dnssvc.Config{
-		Addresses:        req.Addresses,
-		BootstrapServers: req.BootstrapServers,
-		UpstreamServers:  req.UpstreamServers,
-		UpstreamTimeout:  time.Duration(req.UpstreamTimeout),
-	}
-
-	ctx := r.Context()
-	err = svc.confMgr.UpdateDNS(ctx, newConf)
-	if err != nil {
-		writeJSONErrorResponse(w, r, fmt.Errorf("updating: %w", err))
-
-		return
-	}
-
-	newSvc := svc.confMgr.DNS()
-	err = newSvc.Start()
-	if err != nil {
-		writeJSONErrorResponse(w, r, fmt.Errorf("starting new service: %w", err))
-
-		return
-	}
-
-	writeJSONOKResponse(w, r, &HTTPAPIDNSSettings{
-		Addresses:        newConf.Addresses,
-		BootstrapServers: newConf.BootstrapServers,
-		UpstreamServers:  newConf.UpstreamServers,
-		UpstreamTimeout:  JSONDuration(newConf.UpstreamTimeout),
-	})
-}

internal/next/websvc/dns_test.go

@@ -1,68 +0,0 @@
-package websvc_test
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"net/netip"
-	"net/url"
-	"sync/atomic"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestService_HandlePatchSettingsDNS(t *testing.T) {
-	wantDNS := &websvc.HTTPAPIDNSSettings{
-		Addresses:        []netip.AddrPort{netip.MustParseAddrPort("127.0.1.1:53")},
-		BootstrapServers: []string{"1.0.0.1"},
-		UpstreamServers:  []string{"1.1.1.1"},
-		UpstreamTimeout:  websvc.JSONDuration(2 * time.Second),
-	}
-
-	var started atomic.Bool
-	confMgr := newConfigManager()
-	confMgr.onDNS = func() (s agh.ServiceWithConfig[*dnssvc.Config]) {
-		return &aghtest.ServiceWithConfig[*dnssvc.Config]{
-			OnStart: func() (err error) {
-				started.Store(true)
-
-				return nil
-			},
-			OnShutdown: func(_ context.Context) (err error) { panic("not implemented") },
-			OnConfig:   func() (c *dnssvc.Config) { panic("not implemented") },
-		}
-	}
-	confMgr.onUpdateDNS = func(ctx context.Context, c *dnssvc.Config) (err error) {
-		return nil
-	}
-
-	_, addr := newTestServer(t, confMgr)
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addr.String(),
-		Path:   websvc.PathV1SettingsDNS,
-	}
-
-	req := jobj{
-		"addresses":         wantDNS.Addresses,
-		"bootstrap_servers": wantDNS.BootstrapServers,
-		"upstream_servers":  wantDNS.UpstreamServers,
-		"upstream_timeout":  wantDNS.UpstreamTimeout,
-	}
-
-	respBody := httpPatch(t, u, req, http.StatusOK)
-	resp := &websvc.HTTPAPIDNSSettings{}
-	err := json.Unmarshal(respBody, resp)
-	require.NoError(t, err)
-
-	assert.True(t, started.Load())
-	assert.Equal(t, wantDNS, resp)
-	assert.Equal(t, wantDNS, resp)
-}

internal/next/websvc/http.go

@@ -1,110 +0,0 @@
-package websvc
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/netip"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// HTTP Settings Handlers
-
-// ReqPatchSettingsHTTP describes the request to the PATCH /api/v1/settings/http
-// HTTP API.
-type ReqPatchSettingsHTTP struct {
-	// TODO(a.garipov): Add more as we go.
-	//
-	// TODO(a.garipov): Add wait time.
-
-	Addresses       []netip.AddrPort `json:"addresses"`
-	SecureAddresses []netip.AddrPort `json:"secure_addresses"`
-	Timeout         JSONDuration     `json:"timeout"`
-}
-
-// HTTPAPIHTTPSettings are the HTTP settings as used by the HTTP API.  See the
-// HttpSettings object in the OpenAPI specification.
-type HTTPAPIHTTPSettings struct {
-	// TODO(a.garipov): Add more as we go.
-
-	Addresses       []netip.AddrPort `json:"addresses"`
-	SecureAddresses []netip.AddrPort `json:"secure_addresses"`
-	Timeout         JSONDuration     `json:"timeout"`
-	ForceHTTPS      bool             `json:"force_https"`
-}
-
-// handlePatchSettingsHTTP is the handler for the PATCH /api/v1/settings/http
-// HTTP API.
-func (svc *Service) handlePatchSettingsHTTP(w http.ResponseWriter, r *http.Request) {
-	req := &ReqPatchSettingsHTTP{}
-
-	// TODO(a.garipov): Validate nulls and proper JSON patch.
-
-	err := json.NewDecoder(r.Body).Decode(&req)
-	if err != nil {
-		writeJSONErrorResponse(w, r, fmt.Errorf("decoding: %w", err))
-
-		return
-	}
-
-	newConf := &Config{
-		ConfigManager:   svc.confMgr,
-		TLS:             svc.tls,
-		Addresses:       req.Addresses,
-		SecureAddresses: req.SecureAddresses,
-		Timeout:         time.Duration(req.Timeout),
-		ForceHTTPS:      svc.forceHTTPS,
-	}
-
-	writeJSONOKResponse(w, r, &HTTPAPIHTTPSettings{
-		Addresses:       newConf.Addresses,
-		SecureAddresses: newConf.SecureAddresses,
-		Timeout:         JSONDuration(newConf.Timeout),
-		ForceHTTPS:      newConf.ForceHTTPS,
-	})
-
-	cancelUpd := func() {}
-	updCtx := context.Background()
-
-	ctx := r.Context()
-	if deadline, ok := ctx.Deadline(); ok {
-		updCtx, cancelUpd = context.WithDeadline(updCtx, deadline)
-	}
-
-	// Launch the new HTTP service in a separate goroutine to let this handler
-	// finish and thus, this server to shutdown.
-	go func() {
-		defer cancelUpd()
-
-		updErr := svc.confMgr.UpdateWeb(updCtx, newConf)
-		if updErr != nil {
-			writeJSONErrorResponse(w, r, fmt.Errorf("updating: %w", updErr))
-
-			return
-		}
-
-		// TODO(a.garipov): Consider better ways to do this.
-		const maxUpdDur = 10 * time.Second
-		updStart := time.Now()
-		var newSvc agh.ServiceWithConfig[*Config]
-		for newSvc = svc.confMgr.Web(); newSvc == svc; {
-			if time.Since(updStart) >= maxUpdDur {
-				log.Error("websvc: failed to update svc after %s", maxUpdDur)
-
-				return
-			}
-
-			log.Debug("websvc: waiting for new websvc to be configured")
-			time.Sleep(1 * time.Second)
-		}
-
-		updErr = newSvc.Start()
-		if updErr != nil {
-			log.Error("websvc: new svc failed to start with error: %s", updErr)
-		}
-	}()
-}

internal/next/websvc/http_test.go

@@ -1,63 +0,0 @@
-package websvc_test
-
-import (
-	"context"
-	"crypto/tls"
-	"encoding/json"
-	"net/http"
-	"net/netip"
-	"net/url"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestService_HandlePatchSettingsHTTP(t *testing.T) {
-	wantWeb := &websvc.HTTPAPIHTTPSettings{
-		Addresses:       []netip.AddrPort{netip.MustParseAddrPort("127.0.1.1:80")},
-		SecureAddresses: []netip.AddrPort{netip.MustParseAddrPort("127.0.1.1:443")},
-		Timeout:         websvc.JSONDuration(10 * time.Second),
-		ForceHTTPS:      false,
-	}
-
-	confMgr := newConfigManager()
-	confMgr.onWeb = func() (s agh.ServiceWithConfig[*websvc.Config]) {
-		return websvc.New(&websvc.Config{
-			TLS: &tls.Config{
-				Certificates: []tls.Certificate{{}},
-			},
-			Addresses:       []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:80")},
-			SecureAddresses: []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:443")},
-			Timeout:         5 * time.Second,
-			ForceHTTPS:      true,
-		})
-	}
-	confMgr.onUpdateWeb = func(ctx context.Context, c *websvc.Config) (err error) {
-		return nil
-	}
-
-	_, addr := newTestServer(t, confMgr)
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addr.String(),
-		Path:   websvc.PathV1SettingsHTTP,
-	}
-
-	req := jobj{
-		"addresses":        wantWeb.Addresses,
-		"secure_addresses": wantWeb.SecureAddresses,
-		"timeout":          wantWeb.Timeout,
-		"force_https":      wantWeb.ForceHTTPS,
-	}
-
-	respBody := httpPatch(t, u, req, http.StatusOK)
-	resp := &websvc.HTTPAPIHTTPSettings{}
-	err := json.Unmarshal(respBody, resp)
-	require.NoError(t, err)
-
-	assert.Equal(t, wantWeb, resp)
-}

internal/next/websvc/json.go

@@ -1,143 +0,0 @@
-package websvc
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"strconv"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// JSON Utilities
-
-// nsecPerMsec is the number of nanoseconds in a millisecond.
-const nsecPerMsec = float64(time.Millisecond / time.Nanosecond)
-
-// JSONDuration is a time.Duration that can be decoded from JSON and encoded
-// into JSON according to our API conventions.
-type JSONDuration time.Duration
-
-// type check
-var _ json.Marshaler = JSONDuration(0)
-
-// MarshalJSON implements the json.Marshaler interface for JSONDuration.  err is
-// always nil.
-func (d JSONDuration) MarshalJSON() (b []byte, err error) {
-	msec := float64(time.Duration(d)) / nsecPerMsec
-	b = strconv.AppendFloat(nil, msec, 'f', -1, 64)
-
-	return b, nil
-}
-
-// type check
-var _ json.Unmarshaler = (*JSONDuration)(nil)
-
-// UnmarshalJSON implements the json.Marshaler interface for *JSONDuration.
-func (d *JSONDuration) UnmarshalJSON(b []byte) (err error) {
-	if d == nil {
-		return fmt.Errorf("json duration is nil")
-	}
-
-	msec, err := strconv.ParseFloat(string(b), 64)
-	if err != nil {
-		return fmt.Errorf("parsing json time: %w", err)
-	}
-
-	*d = JSONDuration(int64(msec * nsecPerMsec))
-
-	return nil
-}
-
-// JSONTime is a time.Time that can be decoded from JSON and encoded into JSON
-// according to our API conventions.
-type JSONTime time.Time
-
-// type check
-var _ json.Marshaler = JSONTime{}
-
-// MarshalJSON implements the json.Marshaler interface for JSONTime.  err is
-// always nil.
-func (t JSONTime) MarshalJSON() (b []byte, err error) {
-	msec := float64(time.Time(t).UnixNano()) / nsecPerMsec
-	b = strconv.AppendFloat(nil, msec, 'f', -1, 64)
-
-	return b, nil
-}
-
-// type check
-var _ json.Unmarshaler = (*JSONTime)(nil)
-
-// UnmarshalJSON implements the json.Marshaler interface for *JSONTime.
-func (t *JSONTime) UnmarshalJSON(b []byte) (err error) {
-	if t == nil {
-		return fmt.Errorf("json time is nil")
-	}
-
-	msec, err := strconv.ParseFloat(string(b), 64)
-	if err != nil {
-		return fmt.Errorf("parsing json time: %w", err)
-	}
-
-	*t = JSONTime(time.Unix(0, int64(msec*nsecPerMsec)).UTC())
-
-	return nil
-}
-
-// writeJSONOKResponse writes headers with the code 200 OK, encodes v into w,
-// and logs any errors it encounters.  r is used to get additional information
-// from the request.
-func writeJSONOKResponse(w http.ResponseWriter, r *http.Request, v any) {
-	writeJSONResponse(w, r, v, http.StatusOK)
-}
-
-// writeJSONResponse writes headers with code, encodes v into w, and logs any
-// errors it encounters.  r is used to get additional information from the
-// request.
-func writeJSONResponse(w http.ResponseWriter, r *http.Request, v any, code int) {
-	// TODO(a.garipov): Put some of these to a middleware.
-	h := w.Header()
-	h.Set(aghhttp.HdrNameContentType, aghhttp.HdrValApplicationJSON)
-	h.Set(aghhttp.HdrNameServer, aghhttp.UserAgent())
-
-	w.WriteHeader(code)
-
-	err := json.NewEncoder(w).Encode(v)
-	if err != nil {
-		log.Error("websvc: writing resp to %s %s: %s", r.Method, r.URL.Path, err)
-	}
-}
-
-// ErrorCode is the error code as used by the HTTP API.  See the ErrorCode
-// definition in the OpenAPI specification.
-type ErrorCode string
-
-// ErrorCode constants.
-//
-// TODO(a.garipov): Expand and document codes.
-const (
-	// ErrorCodeTMP000 is the temporary error code used for all errors.
-	ErrorCodeTMP000 = ""
-)
-
-// HTTPAPIErrorResp is the error response as used by the HTTP API.  See the
-// BadRequestResp, InternalServerErrorResp, and similar objects in the OpenAPI
-// specification.
-type HTTPAPIErrorResp struct {
-	Code ErrorCode `json:"code"`
-	Msg  string    `json:"msg"`
-}
-
-// writeJSONErrorResponse encodes err as a JSON error into w, and logs any
-// errors it encounters.  r is used to get additional information from the
-// request.
-func writeJSONErrorResponse(w http.ResponseWriter, r *http.Request, err error) {
-	log.Error("websvc: %s %s: %s", r.Method, r.URL.Path, err)
-
-	writeJSONResponse(w, r, &HTTPAPIErrorResp{
-		Code: ErrorCodeTMP000,
-		Msg:  err.Error(),
-	}, http.StatusUnprocessableEntity)
-}

internal/next/websvc/json_test.go

@@ -1,114 +0,0 @@
-package websvc_test
-
-import (
-	"encoding/json"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/AdguardTeam/golibs/testutil"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-// testJSONTime is the JSON time for tests.
-var testJSONTime = websvc.JSONTime(time.Unix(1_234_567_890, 123_456_000).UTC())
-
-// testJSONTimeStr is the string with the JSON encoding of testJSONTime.
-const testJSONTimeStr = "1234567890123.456"
-
-func TestJSONTime_MarshalJSON(t *testing.T) {
-	testCases := []struct {
-		name       string
-		wantErrMsg string
-		in         websvc.JSONTime
-		want       []byte
-	}{{
-		name:       "unix_zero",
-		wantErrMsg: "",
-		in:         websvc.JSONTime(time.Unix(0, 0)),
-		want:       []byte("0"),
-	}, {
-		name:       "empty",
-		wantErrMsg: "",
-		in:         websvc.JSONTime{},
-		want:       []byte("-6795364578871.345"),
-	}, {
-		name:       "time",
-		wantErrMsg: "",
-		in:         testJSONTime,
-		want:       []byte(testJSONTimeStr),
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			got, err := tc.in.MarshalJSON()
-			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
-
-			assert.Equal(t, tc.want, got)
-		})
-	}
-
-	t.Run("json", func(t *testing.T) {
-		in := &struct {
-			A websvc.JSONTime
-		}{
-			A: testJSONTime,
-		}
-
-		got, err := json.Marshal(in)
-		require.NoError(t, err)
-
-		assert.Equal(t, []byte(`{"A":`+testJSONTimeStr+`}`), got)
-	})
-}
-
-func TestJSONTime_UnmarshalJSON(t *testing.T) {
-	testCases := []struct {
-		name       string
-		wantErrMsg string
-		want       websvc.JSONTime
-		data       []byte
-	}{{
-		name:       "time",
-		wantErrMsg: "",
-		want:       testJSONTime,
-		data:       []byte(testJSONTimeStr),
-	}, {
-		name: "bad",
-		wantErrMsg: `parsing json time: strconv.ParseFloat: parsing "{}": ` +
-			`invalid syntax`,
-		want: websvc.JSONTime{},
-		data: []byte(`{}`),
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			var got websvc.JSONTime
-			err := got.UnmarshalJSON(tc.data)
-			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
-
-			assert.Equal(t, tc.want, got)
-		})
-	}
-
-	t.Run("nil", func(t *testing.T) {
-		err := (*websvc.JSONTime)(nil).UnmarshalJSON([]byte("0"))
-		require.Error(t, err)
-
-		msg := err.Error()
-		assert.Equal(t, "json time is nil", msg)
-	})
-
-	t.Run("json", func(t *testing.T) {
-		want := testJSONTime
-		var got struct {
-			A websvc.JSONTime
-		}
-
-		err := json.Unmarshal([]byte(`{"A":`+testJSONTimeStr+`}`), &got)
-		require.NoError(t, err)
-
-		assert.Equal(t, want, got.A)
-	})
-}

internal/next/websvc/middleware.go

@@ -1,16 +0,0 @@
-package websvc
-
-import "net/http"
-
-// Middlewares
-
-// jsonMw sets the content type of the response to application/json.
-func jsonMw(h http.Handler) (wrapped http.HandlerFunc) {
-	f := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Content-Type", "application/json")
-
-		h.ServeHTTP(w, r)
-	}
-
-	return http.HandlerFunc(f)
-}

internal/next/websvc/path.go

@@ -1,11 +0,0 @@
-package websvc
-
-// Path constants
-const (
-	PathHealthCheck = "/health-check"
-
-	PathV1SettingsAll  = "/api/v1/settings/all"
-	PathV1SettingsDNS  = "/api/v1/settings/dns"
-	PathV1SettingsHTTP = "/api/v1/settings/http"
-	PathV1SystemInfo   = "/api/v1/system/info"
-)

internal/next/websvc/settings.go

@@ -1,42 +0,0 @@
-package websvc
-
-import (
-	"net/http"
-)
-
-// All Settings Handlers
-
-// RespGetV1SettingsAll describes the response of the GET /api/v1/settings/all
-// HTTP API.
-type RespGetV1SettingsAll struct {
-	// TODO(a.garipov): Add more as we go.
-
-	DNS  *HTTPAPIDNSSettings  `json:"dns"`
-	HTTP *HTTPAPIHTTPSettings `json:"http"`
-}
-
-// handleGetSettingsAll is the handler for the GET /api/v1/settings/all HTTP
-// API.
-func (svc *Service) handleGetSettingsAll(w http.ResponseWriter, r *http.Request) {
-	dnsSvc := svc.confMgr.DNS()
-	dnsConf := dnsSvc.Config()
-
-	webSvc := svc.confMgr.Web()
-	httpConf := webSvc.Config()
-
-	// TODO(a.garipov): Add all currently supported parameters.
-	writeJSONOKResponse(w, r, &RespGetV1SettingsAll{
-		DNS: &HTTPAPIDNSSettings{
-			Addresses:        dnsConf.Addresses,
-			BootstrapServers: dnsConf.BootstrapServers,
-			UpstreamServers:  dnsConf.UpstreamServers,
-			UpstreamTimeout:  JSONDuration(dnsConf.UpstreamTimeout),
-		},
-		HTTP: &HTTPAPIHTTPSettings{
-			Addresses:       httpConf.Addresses,
-			SecureAddresses: httpConf.SecureAddresses,
-			Timeout:         JSONDuration(httpConf.Timeout),
-			ForceHTTPS:      httpConf.ForceHTTPS,
-		},
-	})
-}

internal/next/websvc/settings_test.go

@@ -1,75 +0,0 @@
-package websvc_test
-
-import (
-	"crypto/tls"
-	"encoding/json"
-	"net/http"
-	"net/netip"
-	"net/url"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestService_HandleGetSettingsAll(t *testing.T) {
-	// TODO(a.garipov): Add all currently supported parameters.
-
-	wantDNS := &websvc.HTTPAPIDNSSettings{
-		Addresses:        []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:53")},
-		BootstrapServers: []string{"94.140.14.140", "94.140.14.141"},
-		UpstreamServers:  []string{"94.140.14.14", "1.1.1.1"},
-		UpstreamTimeout:  websvc.JSONDuration(1 * time.Second),
-	}
-
-	wantWeb := &websvc.HTTPAPIHTTPSettings{
-		Addresses:       []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:80")},
-		SecureAddresses: []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:443")},
-		Timeout:         websvc.JSONDuration(5 * time.Second),
-		ForceHTTPS:      true,
-	}
-
-	confMgr := newConfigManager()
-	confMgr.onDNS = func() (s agh.ServiceWithConfig[*dnssvc.Config]) {
-		c, err := dnssvc.New(&dnssvc.Config{
-			Addresses:        wantDNS.Addresses,
-			UpstreamServers:  wantDNS.UpstreamServers,
-			BootstrapServers: wantDNS.BootstrapServers,
-			UpstreamTimeout:  time.Duration(wantDNS.UpstreamTimeout),
-		})
-		require.NoError(t, err)
-
-		return c
-	}
-
-	confMgr.onWeb = func() (s agh.ServiceWithConfig[*websvc.Config]) {
-		return websvc.New(&websvc.Config{
-			TLS: &tls.Config{
-				Certificates: []tls.Certificate{{}},
-			},
-			Addresses:       wantWeb.Addresses,
-			SecureAddresses: wantWeb.SecureAddresses,
-			Timeout:         time.Duration(wantWeb.Timeout),
-			ForceHTTPS:      true,
-		})
-	}
-
-	_, addr := newTestServer(t, confMgr)
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addr.String(),
-		Path:   websvc.PathV1SettingsAll,
-	}
-
-	body := httpGet(t, u, http.StatusOK)
-	resp := &websvc.RespGetV1SettingsAll{}
-	err := json.Unmarshal(body, resp)
-	require.NoError(t, err)
-
-	assert.Equal(t, wantDNS, resp.DNS)
-	assert.Equal(t, wantWeb, resp.HTTP)
-}

internal/next/websvc/system.go

@@ -1,35 +0,0 @@
-package websvc
-
-import (
-	"net/http"
-	"runtime"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/version"
-)
-
-// System Handlers
-
-// RespGetV1SystemInfo describes the response of the GET /api/v1/system/info
-// HTTP API.
-type RespGetV1SystemInfo struct {
-	Arch       string   `json:"arch"`
-	Channel    string   `json:"channel"`
-	OS         string   `json:"os"`
-	NewVersion string   `json:"new_version,omitempty"`
-	Start      JSONTime `json:"start"`
-	Version    string   `json:"version"`
-}
-
-// handleGetV1SystemInfo is the handler for the GET /api/v1/system/info HTTP
-// API.
-func (svc *Service) handleGetV1SystemInfo(w http.ResponseWriter, r *http.Request) {
-	writeJSONOKResponse(w, r, &RespGetV1SystemInfo{
-		Arch:    runtime.GOARCH,
-		Channel: version.Channel(),
-		OS:      runtime.GOOS,
-		// TODO(a.garipov): Fill this when we have an updater.
-		NewVersion: "",
-		Start:      JSONTime(svc.start),
-		Version:    version.Version(),
-	})
-}

internal/next/websvc/system_test.go

@@ -1,37 +0,0 @@
-package websvc_test
-
-import (
-	"encoding/json"
-	"net/http"
-	"net/url"
-	"runtime"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestService_handleGetV1SystemInfo(t *testing.T) {
-	confMgr := newConfigManager()
-	_, addr := newTestServer(t, confMgr)
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addr.String(),
-		Path:   websvc.PathV1SystemInfo,
-	}
-
-	body := httpGet(t, u, http.StatusOK)
-	resp := &websvc.RespGetV1SystemInfo{}
-	err := json.Unmarshal(body, resp)
-	require.NoError(t, err)
-
-	// TODO(a.garipov): Consider making version.Channel and version.Version
-	// testable and test these better.
-	assert.NotEmpty(t, resp.Channel)
-
-	assert.Equal(t, resp.Arch, runtime.GOARCH)
-	assert.Equal(t, resp.OS, runtime.GOOS)
-	assert.Equal(t, testStart, time.Time(resp.Start))
-}

internal/next/websvc/waitlistener.go

@@ -1,31 +0,0 @@
-package websvc
-
-import (
-	"net"
-	"sync"
-)
-
-// Wait Listener
-
-// waitListener is a wrapper around a listener that also calls wg.Done() on the
-// first call to Accept.  It is useful in situations where it is important to
-// catch the precise moment of the first call to Accept, for example when
-// starting an HTTP server.
-//
-// TODO(a.garipov): Move to aghnet?
-type waitListener struct {
-	net.Listener
-
-	firstAcceptWG   *sync.WaitGroup
-	firstAcceptOnce sync.Once
-}
-
-// type check
-var _ net.Listener = (*waitListener)(nil)
-
-// Accept implements the [net.Listener] interface for *waitListener.
-func (l *waitListener) Accept() (conn net.Conn, err error) {
-	l.firstAcceptOnce.Do(l.firstAcceptWG.Done)
-
-	return l.Listener.Accept()
-}

internal/next/websvc/waitlistener_internal_test.go

@@ -1,45 +0,0 @@
-package websvc
-
-import (
-	"net"
-	"sync"
-	"sync/atomic"
-	"testing"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghchan"
-	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestWaitListener_Accept(t *testing.T) {
-	var accepted atomic.Bool
-	var l net.Listener = &aghtest.Listener{
-		OnAccept: func() (conn net.Conn, err error) {
-			accepted.Store(true)
-
-			return nil, nil
-		},
-		OnAddr:  func() (addr net.Addr) { panic("not implemented") },
-		OnClose: func() (err error) { panic("not implemented") },
-	}
-
-	wg := &sync.WaitGroup{}
-	wg.Add(1)
-
-	done := make(chan struct{})
-	go aghchan.MustReceive(done, testTimeout)
-
-	go func() {
-		var wrapper net.Listener = &waitListener{
-			Listener:      l,
-			firstAcceptWG: wg,
-		}
-
-		_, _ = wrapper.Accept()
-	}()
-
-	wg.Wait()
-	close(done)
-
-	assert.True(t, accepted.Load())
-}

internal/next/websvc/websvc.go

@@ -1,305 +0,0 @@
-// Package websvc contains the AdGuard Home HTTP API service.
-//
-// NOTE: Packages other than cmd must not import this package, as it imports
-// most other packages.
-//
-// TODO(a.garipov): Add tests.
-package websvc
-
-import (
-	"context"
-	"crypto/tls"
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"net/netip"
-	"sync"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/log"
-	httptreemux "github.com/dimfeld/httptreemux/v5"
-)
-
-// ConfigManager is the configuration manager interface.
-type ConfigManager interface {
-	DNS() (svc agh.ServiceWithConfig[*dnssvc.Config])
-	Web() (svc agh.ServiceWithConfig[*Config])
-
-	UpdateDNS(ctx context.Context, c *dnssvc.Config) (err error)
-	UpdateWeb(ctx context.Context, c *Config) (err error)
-}
-
-// Config is the AdGuard Home web service configuration structure.
-type Config struct {
-	// ConfigManager is used to show information about services as well as
-	// dynamically reconfigure them.
-	ConfigManager ConfigManager
-
-	// TLS is the optional TLS configuration.  If TLS is not nil,
-	// SecureAddresses must not be empty.
-	TLS *tls.Config
-
-	// Start is the time of start of AdGuard Home.
-	Start time.Time
-
-	// Addresses are the addresses on which to serve the plain HTTP API.
-	Addresses []netip.AddrPort
-
-	// SecureAddresses are the addresses on which to serve the HTTPS API.  If
-	// SecureAddresses is not empty, TLS must not be nil.
-	SecureAddresses []netip.AddrPort
-
-	// Timeout is the timeout for all server operations.
-	Timeout time.Duration
-
-	// ForceHTTPS tells if all requests to Addresses should be redirected to a
-	// secure address instead.
-	//
-	// TODO(a.garipov): Use; define rules, which address to redirect to.
-	ForceHTTPS bool
-}
-
-// Service is the AdGuard Home web service.  A nil *Service is a valid
-// [agh.Service] that does nothing.
-type Service struct {
-	confMgr    ConfigManager
-	tls        *tls.Config
-	start      time.Time
-	servers    []*http.Server
-	timeout    time.Duration
-	forceHTTPS bool
-}
-
-// New returns a new properly initialized *Service.  If c is nil, svc is a nil
-// *Service that does nothing.  The fields of c must not be modified after
-// calling New.
-func New(c *Config) (svc *Service) {
-	if c == nil {
-		return nil
-	}
-
-	svc = &Service{
-		confMgr:    c.ConfigManager,
-		tls:        c.TLS,
-		start:      c.Start,
-		timeout:    c.Timeout,
-		forceHTTPS: c.ForceHTTPS,
-	}
-
-	mux := newMux(svc)
-
-	for _, a := range c.Addresses {
-		addr := a.String()
-		errLog := log.StdLog("websvc: plain http: "+addr, log.ERROR)
-		svc.servers = append(svc.servers, &http.Server{
-			Addr:              addr,
-			Handler:           mux,
-			ErrorLog:          errLog,
-			ReadTimeout:       c.Timeout,
-			WriteTimeout:      c.Timeout,
-			IdleTimeout:       c.Timeout,
-			ReadHeaderTimeout: c.Timeout,
-		})
-	}
-
-	for _, a := range c.SecureAddresses {
-		addr := a.String()
-		errLog := log.StdLog("websvc: https: "+addr, log.ERROR)
-		svc.servers = append(svc.servers, &http.Server{
-			Addr:              addr,
-			Handler:           mux,
-			TLSConfig:         c.TLS,
-			ErrorLog:          errLog,
-			ReadTimeout:       c.Timeout,
-			WriteTimeout:      c.Timeout,
-			IdleTimeout:       c.Timeout,
-			ReadHeaderTimeout: c.Timeout,
-		})
-	}
-
-	return svc
-}
-
-// newMux returns a new HTTP request multiplexor for the AdGuard Home web
-// service.
-func newMux(svc *Service) (mux *httptreemux.ContextMux) {
-	mux = httptreemux.NewContextMux()
-
-	routes := []struct {
-		handler http.HandlerFunc
-		method  string
-		path    string
-		isJSON  bool
-	}{{
-		handler: svc.handleGetHealthCheck,
-		method:  http.MethodGet,
-		path:    PathHealthCheck,
-		isJSON:  false,
-	}, {
-		handler: svc.handleGetSettingsAll,
-		method:  http.MethodGet,
-		path:    PathV1SettingsAll,
-		isJSON:  true,
-	}, {
-		handler: svc.handlePatchSettingsDNS,
-		method:  http.MethodPatch,
-		path:    PathV1SettingsDNS,
-		isJSON:  true,
-	}, {
-		handler: svc.handlePatchSettingsHTTP,
-		method:  http.MethodPatch,
-		path:    PathV1SettingsHTTP,
-		isJSON:  true,
-	}, {
-		handler: svc.handleGetV1SystemInfo,
-		method:  http.MethodGet,
-		path:    PathV1SystemInfo,
-		isJSON:  true,
-	}}
-
-	for _, r := range routes {
-		if r.isJSON {
-			mux.Handle(r.method, r.path, jsonMw(r.handler))
-		} else {
-			mux.Handle(r.method, r.path, r.handler)
-		}
-	}
-
-	return mux
-}
-
-// addrs returns all addresses on which this server serves the HTTP API.  addrs
-// must not be called simultaneously with Start.  If svc was initialized with
-// ":0" addresses, addrs will not return the actual bound ports until Start is
-// finished.
-func (svc *Service) addrs() (addrs, secureAddrs []netip.AddrPort) {
-	for _, srv := range svc.servers {
-		addrPort, err := netip.ParseAddrPort(srv.Addr)
-		if err != nil {
-			// Technically shouldn't happen, since all servers must have a valid
-			// address.
-			panic(fmt.Errorf("websvc: server %q: bad address: %w", srv.Addr, err))
-		}
-
-		// srv.Serve will set TLSConfig to an almost empty value, so, instead of
-		// relying only on the nilness of TLSConfig, check the length of the
-		// certificates field as well.
-		if srv.TLSConfig == nil || len(srv.TLSConfig.Certificates) == 0 {
-			addrs = append(addrs, addrPort)
-		} else {
-			secureAddrs = append(secureAddrs, addrPort)
-		}
-
-	}
-
-	return addrs, secureAddrs
-}
-
-// handleGetHealthCheck is the handler for the GET /health-check HTTP API.
-func (svc *Service) handleGetHealthCheck(w http.ResponseWriter, _ *http.Request) {
-	_, _ = io.WriteString(w, "OK")
-}
-
-// type check
-var _ agh.Service = (*Service)(nil)
-
-// Start implements the [agh.Service] interface for *Service.  svc may be nil.
-// After Start exits, all HTTP servers have tried to start, possibly failing and
-// writing error messages to the log.
-func (svc *Service) Start() (err error) {
-	if svc == nil {
-		return nil
-	}
-
-	wg := &sync.WaitGroup{}
-	wg.Add(len(svc.servers))
-	for _, srv := range svc.servers {
-		go serve(srv, wg)
-	}
-
-	wg.Wait()
-
-	return nil
-}
-
-// serve starts and runs srv and writes all errors into its log.
-func serve(srv *http.Server, wg *sync.WaitGroup) {
-	addr := srv.Addr
-	defer log.OnPanic(addr)
-
-	var proto string
-	var l net.Listener
-	var err error
-	if srv.TLSConfig == nil {
-		proto = "http"
-		l, err = net.Listen("tcp", addr)
-	} else {
-		proto = "https"
-		l, err = tls.Listen("tcp", addr, srv.TLSConfig)
-	}
-	if err != nil {
-		srv.ErrorLog.Printf("starting srv %s: binding: %s", addr, err)
-	}
-
-	// Update the server's address in case the address had the port zero, which
-	// would mean that a random available port was automatically chosen.
-	srv.Addr = l.Addr().String()
-
-	log.Info("websvc: starting srv %s://%s", proto, srv.Addr)
-
-	l = &waitListener{
-		Listener:      l,
-		firstAcceptWG: wg,
-	}
-
-	err = srv.Serve(l)
-	if err != nil && !errors.Is(err, http.ErrServerClosed) {
-		srv.ErrorLog.Printf("starting srv %s: %s", addr, err)
-	}
-}
-
-// Shutdown implements the [agh.Service] interface for *Service.  svc may be
-// nil.
-func (svc *Service) Shutdown(ctx context.Context) (err error) {
-	if svc == nil {
-		return nil
-	}
-
-	var errs []error
-	for _, srv := range svc.servers {
-		serr := srv.Shutdown(ctx)
-		if serr != nil {
-			errs = append(errs, fmt.Errorf("shutting down srv %s: %w", srv.Addr, serr))
-		}
-	}
-
-	if len(errs) > 0 {
-		return errors.List("shutting down", errs...)
-	}
-
-	return nil
-}
-
-// Config returns the current configuration of the web service.  Config must not
-// be called simultaneously with Start.  If svc was initialized with ":0"
-// addresses, addrs will not return the actual bound ports until Start is
-// finished.
-func (svc *Service) Config() (c *Config) {
-	c = &Config{
-		ConfigManager: svc.confMgr,
-		TLS:           svc.tls,
-		// Leave Addresses and SecureAddresses empty and get the actual
-		// addresses that include the :0 ones later.
-		Start:      svc.start,
-		Timeout:    svc.timeout,
-		ForceHTTPS: svc.forceHTTPS,
-	}
-
-	c.Addresses, c.SecureAddresses = svc.addrs()
-
-	return c
-}

internal/next/websvc/websvc_internal_test.go

@@ -1,6 +0,0 @@
-package websvc
-
-import "time"
-
-// testTimeout is the common timeout for tests.
-const testTimeout = 1 * time.Second

internal/next/websvc/websvc_test.go

@@ -1,187 +0,0 @@
-package websvc_test
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"io"
-	"net/http"
-	"net/netip"
-	"net/url"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/AdguardTeam/golibs/testutil"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestMain(m *testing.M) {
-	testutil.DiscardLogOutput(m)
-}
-
-// testTimeout is the common timeout for tests.
-const testTimeout = 1 * time.Second
-
-// testStart is the server start value for tests.
-var testStart = time.Date(2022, 1, 1, 0, 0, 0, 0, time.UTC)
-
-// type check
-var _ websvc.ConfigManager = (*configManager)(nil)
-
-// configManager is a [websvc.ConfigManager] for tests.
-type configManager struct {
-	onDNS func() (svc agh.ServiceWithConfig[*dnssvc.Config])
-	onWeb func() (svc agh.ServiceWithConfig[*websvc.Config])
-
-	onUpdateDNS func(ctx context.Context, c *dnssvc.Config) (err error)
-	onUpdateWeb func(ctx context.Context, c *websvc.Config) (err error)
-}
-
-// DNS implements the [websvc.ConfigManager] interface for *configManager.
-func (m *configManager) DNS() (svc agh.ServiceWithConfig[*dnssvc.Config]) {
-	return m.onDNS()
-}
-
-// Web implements the [websvc.ConfigManager] interface for *configManager.
-func (m *configManager) Web() (svc agh.ServiceWithConfig[*websvc.Config]) {
-	return m.onWeb()
-}
-
-// UpdateDNS implements the [websvc.ConfigManager] interface for *configManager.
-func (m *configManager) UpdateDNS(ctx context.Context, c *dnssvc.Config) (err error) {
-	return m.onUpdateDNS(ctx, c)
-}
-
-// UpdateWeb implements the [websvc.ConfigManager] interface for *configManager.
-func (m *configManager) UpdateWeb(ctx context.Context, c *websvc.Config) (err error) {
-	return m.onUpdateWeb(ctx, c)
-}
-
-// newConfigManager returns a *configManager all methods of which panic.
-func newConfigManager() (m *configManager) {
-	return &configManager{
-		onDNS: func() (svc agh.ServiceWithConfig[*dnssvc.Config]) { panic("not implemented") },
-		onWeb: func() (svc agh.ServiceWithConfig[*websvc.Config]) { panic("not implemented") },
-		onUpdateDNS: func(_ context.Context, _ *dnssvc.Config) (err error) {
-			panic("not implemented")
-		},
-		onUpdateWeb: func(_ context.Context, _ *websvc.Config) (err error) {
-			panic("not implemented")
-		},
-	}
-}
-
-// newTestServer creates and starts a new web service instance as well as its
-// sole address.  It also registers a cleanup procedure, which shuts the
-// instance down.
-//
-// TODO(a.garipov): Use svc or remove it.
-func newTestServer(
-	t testing.TB,
-	confMgr websvc.ConfigManager,
-) (svc *websvc.Service, addr netip.AddrPort) {
-	t.Helper()
-
-	c := &websvc.Config{
-		ConfigManager:   confMgr,
-		TLS:             nil,
-		Addresses:       []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:0")},
-		SecureAddresses: nil,
-		Timeout:         testTimeout,
-		Start:           testStart,
-		ForceHTTPS:      false,
-	}
-
-	svc = websvc.New(c)
-
-	err := svc.Start()
-	require.NoError(t, err)
-	t.Cleanup(func() {
-		ctx, cancel := context.WithTimeout(context.Background(), testTimeout)
-		t.Cleanup(cancel)
-
-		err = svc.Shutdown(ctx)
-		require.NoError(t, err)
-	})
-
-	c = svc.Config()
-	require.NotNil(t, c)
-	require.Len(t, c.Addresses, 1)
-
-	return svc, c.Addresses[0]
-}
-
-// jobj is a utility alias for JSON objects.
-type jobj map[string]any
-
-// httpGet is a helper that performs an HTTP GET request and returns the body of
-// the response as well as checks that the status code is correct.
-//
-// TODO(a.garipov): Add helpers for other methods.
-func httpGet(t testing.TB, u *url.URL, wantCode int) (body []byte) {
-	t.Helper()
-
-	req, err := http.NewRequest(http.MethodGet, u.String(), nil)
-	require.NoErrorf(t, err, "creating req")
-
-	httpCli := &http.Client{
-		Timeout: testTimeout,
-	}
-	resp, err := httpCli.Do(req)
-	require.NoErrorf(t, err, "performing req")
-	require.Equal(t, wantCode, resp.StatusCode)
-
-	testutil.CleanupAndRequireSuccess(t, resp.Body.Close)
-
-	body, err = io.ReadAll(resp.Body)
-	require.NoErrorf(t, err, "reading body")
-
-	return body
-}
-
-// httpPatch is a helper that performs an HTTP PATCH request with JSON-encoded
-// reqBody as the request body and returns the body of the response as well as
-// checks that the status code is correct.
-//
-// TODO(a.garipov): Add helpers for other methods.
-func httpPatch(t testing.TB, u *url.URL, reqBody any, wantCode int) (body []byte) {
-	t.Helper()
-
-	b, err := json.Marshal(reqBody)
-	require.NoErrorf(t, err, "marshaling reqBody")
-
-	req, err := http.NewRequest(http.MethodPatch, u.String(), bytes.NewReader(b))
-	require.NoErrorf(t, err, "creating req")
-
-	httpCli := &http.Client{
-		Timeout: testTimeout,
-	}
-	resp, err := httpCli.Do(req)
-	require.NoErrorf(t, err, "performing req")
-	require.Equal(t, wantCode, resp.StatusCode)
-
-	testutil.CleanupAndRequireSuccess(t, resp.Body.Close)
-
-	body, err = io.ReadAll(resp.Body)
-	require.NoErrorf(t, err, "reading body")
-
-	return body
-}
-
-func TestService_Start_getHealthCheck(t *testing.T) {
-	confMgr := newConfigManager()
-	_, addr := newTestServer(t, confMgr)
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addr.String(),
-		Path:   websvc.PathHealthCheck,
-	}
-
-	body := httpGet(t, u, http.StatusOK)
-
-	assert.Equal(t, []byte("OK"), body)
-}

internal/querylog/http.go

@@ -44,9 +44,6 @@ func (l *queryLog) initWeb() {
 }
 
 func (l *queryLog) handleQueryLog(w http.ResponseWriter, r *http.Request) {
-	l.lock.Lock()
-	defer l.lock.Unlock()
-
 	params, err := l.parseSearchParams(r)
 	if err != nil {
 		aghhttp.Error(r, w, http.StatusBadRequest, "failed to parse params: %s", err)

internal/querylog/qlog.go

@@ -247,13 +247,3 @@ func (l *queryLog) Add(params *AddParams) {
 		}()
 	}
 }
-
-// ShouldLog returns true if request for the host should be logged.
-func (l *queryLog) ShouldLog(host string, _, _ uint16) bool {
-	return !l.isIgnored(host)
-}
-
-// isIgnored returns true if the host is in the Ignored list.
-func (l *queryLog) isIgnored(host string) bool {
-	return l.conf.Ignored.Has(host)
-}

internal/querylog/qlog_test.go

@@ -2,12 +2,14 @@ package querylog
 
 import (
 	"fmt"
+	"math/rand"
 	"net"
+	"sort"
 	"testing"
+	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/dnsproxy/proxyutil"
-	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/AdguardTeam/golibs/timeutil"
 	"github.com/miekg/dns"
@@ -247,48 +249,6 @@ func TestQueryLogFileDisabled(t *testing.T) {
 	assert.Equal(t, "example2.org", ll[1].QHost)
 }
 
-func TestQueryLogShouldLog(t *testing.T) {
-	const (
-		ignored1 = "ignor.ed"
-		ignored2 = "ignored.to"
-	)
-	set := stringutil.NewSet(ignored1, ignored2)
-
-	l := newQueryLog(Config{
-		Enabled:     true,
-		RotationIvl: timeutil.Day,
-		MemSize:     100,
-		BaseDir:     t.TempDir(),
-		Ignored:     set,
-	})
-
-	testCases := []struct {
-		name    string
-		host    string
-		wantLog bool
-	}{{
-		name:    "log",
-		host:    "example.com",
-		wantLog: true,
-	}, {
-		name:    "no_log_ignored_1",
-		host:    ignored1,
-		wantLog: false,
-	}, {
-		name:    "no_log_ignored_2",
-		host:    ignored2,
-		wantLog: false,
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			res := l.ShouldLog(tc.host, dns.TypeA, dns.ClassINET)
-
-			assert.Equal(t, tc.wantLog, res)
-		})
-	}
-}
-
 func addEntry(l *queryLog, host string, answerStr, client net.IP) {
 	q := dns.Msg{
 		Question: []dns.Question{{
@@ -349,3 +309,72 @@ func assertLogEntry(t *testing.T, entry *logEntry, host string, answer, client n
 	ip := proxyutil.IPFromRR(msg.Answer[0]).To16()
 	assert.Equal(t, answer, ip)
 }
+
+func testEntries() (entries []*logEntry) {
+	rsrc := rand.NewSource(time.Now().UnixNano())
+	rgen := rand.New(rsrc)
+
+	entries = make([]*logEntry, 1000)
+	for i := range entries {
+		min := rgen.Intn(60)
+		sec := rgen.Intn(60)
+		entries[i] = &logEntry{
+			Time: time.Date(2020, 1, 1, 0, min, sec, 0, time.UTC),
+		}
+	}
+
+	return entries
+}
+
+// logEntriesByTimeDesc is a wrapper over []*logEntry for sorting.
+//
+// NOTE(a.garipov): Weirdly enough, on my machine this gets consistently
+// outperformed by sort.Slice, see the benchmark below.  I'm leaving this
+// implementation here, in tests, in case we want to make sure it outperforms on
+// most machines, but for now this is unused in the actual code.
+type logEntriesByTimeDesc []*logEntry
+
+// Len implements the sort.Interface interface for logEntriesByTimeDesc.
+func (les logEntriesByTimeDesc) Len() (n int) { return len(les) }
+
+// Less implements the sort.Interface interface for logEntriesByTimeDesc.
+func (les logEntriesByTimeDesc) Less(i, j int) (less bool) {
+	return les[i].Time.After(les[j].Time)
+}
+
+// Swap implements the sort.Interface interface for logEntriesByTimeDesc.
+func (les logEntriesByTimeDesc) Swap(i, j int) { les[i], les[j] = les[j], les[i] }
+
+func BenchmarkLogEntry_sort(b *testing.B) {
+	b.Run("methods", func(b *testing.B) {
+		for i := 0; i < b.N; i++ {
+			b.StopTimer()
+			entries := testEntries()
+			b.StartTimer()
+
+			sort.Stable(logEntriesByTimeDesc(entries))
+		}
+	})
+
+	b.Run("reflect", func(b *testing.B) {
+		for i := 0; i < b.N; i++ {
+			b.StopTimer()
+			entries := testEntries()
+			b.StartTimer()
+
+			sort.SliceStable(entries, func(i, j int) (less bool) {
+				return entries[i].Time.After(entries[j].Time)
+			})
+		}
+	})
+}
+
+func TestLogEntriesByTime_sort(t *testing.T) {
+	entries := testEntries()
+	sort.Sort(logEntriesByTimeDesc(entries))
+
+	for i := range entries[1:] {
+		assert.False(t, entries[i+1].Time.After(entries[i].Time),
+			"%s %s", entries[i+1].Time, entries[i].Time)
+	}
+}

internal/querylog/querylog.go

@@ -10,7 +10,6 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
-	"github.com/AdguardTeam/golibs/stringutil"
 	"github.com/AdguardTeam/golibs/timeutil"
 	"github.com/miekg/dns"
 )
@@ -27,9 +26,6 @@ type QueryLog interface {
 
 	// WriteDiskConfig - write configuration
 	WriteDiskConfig(c *Config)
-
-	// ShouldLog returns true if request for the host should be logged.
-	ShouldLog(host string, qType, qClass uint16) bool
 }
 
 // Config is the query log configuration structure.
@@ -75,10 +71,6 @@ type Config struct {
 	// AnonymizeClientIP tells if the query log should anonymize clients' IP
 	// addresses.
 	AnonymizeClientIP bool
-
-	// Ignored is the list of host names, which should not be written to
-	// log.
-	Ignored *stringutil.Set
 }
 
 // AddParams is the parameters for adding an entry.

internal/querylog/querylogfile.go

@@ -155,9 +155,6 @@ func (l *queryLog) periodicRotate() {
 // checkAndRotate rotates log files if those are older than the specified
 // rotation interval.
 func (l *queryLog) checkAndRotate() {
-	l.lock.Lock()
-	defer l.lock.Unlock()
-
 	oldest, err := l.readFileFirstTimeValue()
 	if err != nil && !errors.Is(err, os.ErrNotExist) {
 		log.Error("querylog: reading oldest record for rotation: %s", err)

internal/querylog/search.go

@@ -2,10 +2,10 @@ package querylog
 
 import (
 	"io"
+	"sort"
 	"time"
 
 	"github.com/AdguardTeam/golibs/log"
-	"golang.org/x/exp/slices"
 )
 
 // client finds the client info, if any, by its ClientID and IP address,
@@ -98,8 +98,8 @@ func (l *queryLog) search(params *searchParams) (entries []*logEntry, oldest tim
 	// weird on the frontend.
 	//
 	// See https://github.com/AdguardTeam/AdGuardHome/issues/2293.
-	slices.SortStableFunc(entries, func(a, b *logEntry) (sortsBefore bool) {
-		return a.Time.After(b.Time)
+	sort.SliceStable(entries, func(i, j int) (less bool) {
+		return entries[i].Time.After(entries[j].Time)
 	})
 
 	if params.offset > 0 {
@@ -263,10 +263,6 @@ func (l *queryLog) readNextEntry(
 	e = &logEntry{}
 	decodeLogEntry(e, line)
 
-	if l.isIgnored(e.QHost) {
-		return nil, ts, nil
-	}
-
 	e.client, err = l.client(e.ClientID, e.IP.String(), cache)
 	if err != nil {
 		log.Error(

internal/stats/http.go

@@ -5,6 +5,7 @@ package stats
 import (
 	"encoding/json"
 	"net/http"
+	"sync/atomic"
 	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
@@ -40,11 +41,10 @@ type StatsResp struct {
 
 // handleStats handles requests to the GET /control/stats endpoint.
 func (s *StatsCtx) handleStats(w http.ResponseWriter, r *http.Request) {
-	s.lock.Lock()
-	defer s.lock.Unlock()
+	limit := atomic.LoadUint32(&s.limitHours)
 
 	start := time.Now()
-	resp, ok := s.getData(s.limitHours)
+	resp, ok := s.getData(limit)
 	log.Debug("stats: prepared data in %v", time.Since(start))
 
 	if !ok {
@@ -65,13 +65,7 @@ type configResp struct {
 
 // handleStatsInfo handles requests to the GET /control/stats_info endpoint.
 func (s *StatsCtx) handleStatsInfo(w http.ResponseWriter, r *http.Request) {
-	s.lock.Lock()
-	defer s.lock.Unlock()
-
-	resp := configResp{IntervalDays: s.limitHours / 24}
-	if !s.enabled {
-		resp.IntervalDays = 0
-	}
+	resp := configResp{IntervalDays: atomic.LoadUint32(&s.limitHours) / 24}
 	_ = aghhttp.WriteJSONResponse(w, r, resp)
 }
 

internal/stats/stats.go

@@ -15,10 +15,16 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
-	"github.com/AdguardTeam/golibs/stringutil"
 	"go.etcd.io/bbolt"
 )
 
+// DiskConfig is the configuration structure that is stored in file.
+type DiskConfig struct {
+	// Interval is the number of days for which the statistics are collected
+	// before flushing to the database.
+	Interval uint32 `yaml:"statistics_interval"`
+}
+
 // checkInterval returns true if days is valid to be used as statistics
 // retention interval.  The valid values are 0, 1, 7, 30 and 90.
 func checkInterval(days uint32) (ok bool) {
@@ -45,12 +51,6 @@ type Config struct {
 	// LimitDays is the maximum number of days to collect statistics into the
 	// current unit.
 	LimitDays uint32
-
-	// Enabled tells if the statistics are enabled.
-	Enabled bool
-
-	// Ignored is the list of host names, which should not be counted.
-	Ignored *stringutil.Set
 }
 
 // Interface is the statistics interface to be used by other packages.
@@ -68,22 +68,30 @@ type Interface interface {
 	TopClientsIP(limit uint) []netip.Addr
 
 	// WriteDiskConfig puts the Interface's configuration to the dc.
-	WriteDiskConfig(dc *Config)
-
-	// ShouldCount returns true if request for the host should be counted.
-	ShouldCount(host string, qType, qClass uint16) bool
+	WriteDiskConfig(dc *DiskConfig)
 }
 
 // StatsCtx collects the statistics and flushes it to the database.  Its default
 // flushing interval is one hour.
+//
+// TODO(e.burkov):  Use atomic.Pointer for accessing db in go1.19.
 type StatsCtx struct {
+	// limitHours is the maximum number of hours to collect statistics into the
+	// current unit.
+	//
+	// It is of type uint32 to be accessed by atomic.  It's arranged at the
+	// beginning of the structure to keep 64-bit alignment.
+	limitHours uint32
+
 	// currMu protects curr.
 	currMu *sync.RWMutex
 	// curr is the actual statistics collection result.
 	curr *unit
 
+	// dbMu protects db.
+	dbMu *sync.Mutex
 	// db is the opened statistics database, if any.
-	db atomic.Pointer[bbolt.DB]
+	db *bbolt.DB
 
 	// unitIDGen is the function that generates an identifier for the current
 	// unit.  It's here for only testing purposes.
@@ -98,21 +106,6 @@ type StatsCtx struct {
 
 	// filename is the name of database file.
 	filename string
-
-	// lock protects all the fields below.
-	lock sync.Mutex
-
-	// enabled tells if the statistics are enabled.
-	enabled bool
-
-	// limitHours is the maximum number of hours to collect statistics into the
-	// current unit.
-	//
-	// TODO(s.chzhen):  Rewrite to use time.Duration.
-	limitHours uint32
-
-	// ignored is the list of host names, which should not be counted.
-	ignored *stringutil.Set
 }
 
 // New creates s from conf and properly initializes it.  Don't use s before
@@ -121,12 +114,11 @@ func New(conf Config) (s *StatsCtx, err error) {
 	defer withRecovered(&err)
 
 	s = &StatsCtx{
-		enabled:        conf.Enabled,
 		currMu:         &sync.RWMutex{},
+		dbMu:           &sync.Mutex{},
 		filename:       conf.Filename,
 		configModified: conf.ConfigModified,
 		httpRegister:   conf.HTTPRegister,
-		ignored:        conf.Ignored,
 	}
 	if s.limitHours = conf.LimitDays * 24; !checkInterval(conf.LimitDays) {
 		s.limitHours = 24
@@ -145,7 +137,7 @@ func New(conf Config) (s *StatsCtx, err error) {
 	var udb *unitDB
 	id := s.unitIDGen()
 
-	tx, err := s.db.Load().Begin(true)
+	tx, err := s.db.Begin(true)
 	if err != nil {
 		return nil, fmt.Errorf("stats: opening a transaction: %w", err)
 	}
@@ -199,7 +191,7 @@ func (s *StatsCtx) Start() {
 func (s *StatsCtx) Close() (err error) {
 	defer func() { err = errors.Annotate(err, "stats: closing: %w") }()
 
-	db := s.db.Swap(nil)
+	db := s.swapDatabase(nil)
 	if db == nil {
 		return nil
 	}
@@ -228,10 +220,7 @@ func (s *StatsCtx) Close() (err error) {
 
 // Update implements the Interface interface for *StatsCtx.
 func (s *StatsCtx) Update(e Entry) {
-	s.lock.Lock()
-	defer s.lock.Unlock()
-
-	if !s.enabled || s.limitHours == 0 {
+	if atomic.LoadUint32(&s.limitHours) == 0 {
 		return
 	}
 
@@ -259,22 +248,14 @@ func (s *StatsCtx) Update(e Entry) {
 }
 
 // WriteDiskConfig implements the Interface interface for *StatsCtx.
-func (s *StatsCtx) WriteDiskConfig(dc *Config) {
-	s.lock.Lock()
-	defer s.lock.Unlock()
-
-	dc.LimitDays = s.limitHours / 24
-	dc.Enabled = s.enabled
-	dc.Ignored = s.ignored
+func (s *StatsCtx) WriteDiskConfig(dc *DiskConfig) {
+	dc.Interval = atomic.LoadUint32(&s.limitHours) / 24
 }
 
 // TopClientsIP implements the [Interface] interface for *StatsCtx.
 func (s *StatsCtx) TopClientsIP(maxCount uint) (ips []netip.Addr) {
-	s.lock.Lock()
-	defer s.lock.Unlock()
-
-	limit := s.limitHours
-	if !s.enabled || limit == 0 {
+	limit := atomic.LoadUint32(&s.limitHours)
+	if limit == 0 {
 		return nil
 	}
 
@@ -303,6 +284,25 @@ func (s *StatsCtx) TopClientsIP(maxCount uint) (ips []netip.Addr) {
 	return ips
 }
 
+// database returns the database if it's opened.  It's safe for concurrent use.
+func (s *StatsCtx) database() (db *bbolt.DB) {
+	s.dbMu.Lock()
+	defer s.dbMu.Unlock()
+
+	return s.db
+}
+
+// swapDatabase swaps the database with another one and returns it.  It's safe
+// for concurrent use.
+func (s *StatsCtx) swapDatabase(with *bbolt.DB) (old *bbolt.DB) {
+	s.dbMu.Lock()
+	defer s.dbMu.Unlock()
+
+	old, s.db = s.db, with
+
+	return old
+}
+
 // deleteOldUnits walks the buckets available to tx and deletes old units.  It
 // returns the number of deletions performed.
 func deleteOldUnits(tx *bbolt.Tx, firstID uint32) (deleted int) {
@@ -358,7 +358,10 @@ func (s *StatsCtx) openDB() (err error) {
 	// Use defer to unlock the mutex as soon as possible.
 	defer log.Debug("stats: database opened")
 
-	s.db.Store(db)
+	s.dbMu.Lock()
+	defer s.dbMu.Unlock()
+
+	s.db = db
 
 	return nil
 }
@@ -366,9 +369,6 @@ func (s *StatsCtx) openDB() (err error) {
 func (s *StatsCtx) flush() (cont bool, sleepFor time.Duration) {
 	id := s.unitIDGen()
 
-	s.lock.Lock()
-	defer s.lock.Unlock()
-
 	s.currMu.Lock()
 	defer s.currMu.Unlock()
 
@@ -377,12 +377,12 @@ func (s *StatsCtx) flush() (cont bool, sleepFor time.Duration) {
 		return false, 0
 	}
 
-	limit := s.limitHours
+	limit := atomic.LoadUint32(&s.limitHours)
 	if limit == 0 || ptr.id == id {
 		return true, time.Second
 	}
 
-	db := s.db.Load()
+	db := s.database()
 	if db == nil {
 		return true, 0
 	}
@@ -437,30 +437,21 @@ func (s *StatsCtx) periodicFlush() {
 }
 
 func (s *StatsCtx) setLimit(limitDays int) {
-	s.lock.Lock()
-	defer s.lock.Unlock()
-
-	if limitDays != 0 {
-		s.enabled = true
-		s.limitHours = uint32(24 * limitDays)
-		log.Debug("stats: set limit: %d days", limitDays)
-
-		return
+	atomic.StoreUint32(&s.limitHours, uint32(24*limitDays))
+	if limitDays == 0 {
+		if err := s.clear(); err != nil {
+			log.Error("stats: %s", err)
+		}
 	}
 
-	s.enabled = false
-	log.Debug("stats: disabled")
-
-	if err := s.clear(); err != nil {
-		log.Error("stats: %s", err)
-	}
+	log.Debug("stats: set limit: %d days", limitDays)
 }
 
 // Reset counters and clear database
 func (s *StatsCtx) clear() (err error) {
 	defer func() { err = errors.Annotate(err, "clearing: %w") }()
 
-	db := s.db.Swap(nil)
+	db := s.swapDatabase(nil)
 	if db != nil {
 		var tx *bbolt.Tx
 		tx, err = db.Begin(true)
@@ -504,7 +495,7 @@ func (s *StatsCtx) clear() (err error) {
 }
 
 func (s *StatsCtx) loadUnits(limit uint32) (units []*unitDB, firstID uint32) {
-	db := s.db.Load()
+	db := s.database()
 	if db == nil {
 		return nil, 0
 	}
@@ -556,13 +547,3 @@ func (s *StatsCtx) loadUnits(limit uint32) (units []*unitDB, firstID uint32) {
 
 	return units, firstID
 }
-
-// ShouldCount returns true if request for the host should be counted.
-func (s *StatsCtx) ShouldCount(host string, _, _ uint16) bool {
-	return !s.isIgnored(host)
-}
-
-// isIgnored returns true if the host is in the Ignored list.
-func (s *StatsCtx) isIgnored(host string) bool {
-	return s.ignored.Has(host)
-}

internal/stats/stats_internal_test.go

@@ -47,6 +47,8 @@ func TestStats_races(t *testing.T) {
 	startTime := time.Now()
 	testutil.CleanupAndRequireSuccess(t, s.Close)
 
+	type signal = struct{}
+
 	writeFunc := func(start, fin *sync.WaitGroup, waitCh <-chan unit, i int) {
 		e := Entry{
 			Domain: fmt.Sprintf("example-%d.org", i),

internal/stats/stats_test.go

@@ -53,7 +53,6 @@ func TestStats(t *testing.T) {
 	conf := stats.Config{
 		Filename:  filepath.Join(t.TempDir(), "stats.db"),
 		LimitDays: 1,
-		Enabled:   true,
 		UnitID:    constUnitID,
 		HTTPRegister: func(_, url string, handler http.HandlerFunc) {
 			handlers[url] = handler
@@ -159,7 +158,6 @@ func TestLargeNumbers(t *testing.T) {
 	conf := stats.Config{
 		Filename:     filepath.Join(t.TempDir(), "stats.db"),
 		LimitDays:    1,
-		Enabled:      true,
 		UnitID:       func() (id uint32) { return atomic.LoadUint32(&curHour) },
 		HTTPRegister: func(_, url string, handler http.HandlerFunc) { handlers[url] = handler },
 	}

internal/stats/unit.go

@@ -5,13 +5,12 @@ import (
 	"encoding/binary"
 	"encoding/gob"
 	"fmt"
+	"sort"
 	"time"
 
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
-	"github.com/AdguardTeam/golibs/stringutil"
 	"go.etcd.io/bbolt"
-	"golang.org/x/exp/slices"
 )
 
 // TODO(a.garipov): Rewrite all of this.  Add proper error handling and
@@ -180,8 +179,8 @@ func convertMapToSlice(m map[string]uint64, max int) (s []countPair) {
 		s = append(s, countPair{Name: k, Count: v})
 	}
 
-	slices.SortFunc(s, func(a, b countPair) (sortsBefore bool) {
-		return a.Count < b.Count
+	sort.Slice(s, func(i, j int) bool {
+		return s[j].Count < s[i].Count
 	})
 	if max > len(s) {
 		max = len(s)
@@ -342,13 +341,11 @@ type pairsGetter func(u *unitDB) (pairs []countPair)
 
 // topsCollector collects statistics about highest values from the given *unitDB
 // slice using pg to retrieve data.
-func topsCollector(units []*unitDB, max int, ignored *stringutil.Set, pg pairsGetter) []map[string]uint64 {
+func topsCollector(units []*unitDB, max int, pg pairsGetter) []map[string]uint64 {
 	m := map[string]uint64{}
 	for _, u := range units {
 		for _, cp := range pg(u) {
-			if !ignored.Has(cp.Name) {
-				m[cp.Name] += cp.Count
-			}
+			m[cp.Name] += cp.Count
 		}
 	}
 	a2 := convertMapToSlice(m, max)
@@ -411,9 +408,9 @@ func (s *StatsCtx) getData(limit uint32) (StatsResp, bool) {
 		BlockedFiltering:     statsCollector(units, firstID, timeUnit, func(u *unitDB) (num uint64) { return u.NResult[RFiltered] }),
 		ReplacedSafebrowsing: statsCollector(units, firstID, timeUnit, func(u *unitDB) (num uint64) { return u.NResult[RSafeBrowsing] }),
 		ReplacedParental:     statsCollector(units, firstID, timeUnit, func(u *unitDB) (num uint64) { return u.NResult[RParental] }),
-		TopQueried:           topsCollector(units, maxDomains, s.ignored, func(u *unitDB) (pairs []countPair) { return u.Domains }),
-		TopBlocked:           topsCollector(units, maxDomains, s.ignored, func(u *unitDB) (pairs []countPair) { return u.BlockedDomains }),
-		TopClients:           topsCollector(units, maxClients, nil, func(u *unitDB) (pairs []countPair) { return u.Clients }),
+		TopQueried:           topsCollector(units, maxDomains, func(u *unitDB) (pairs []countPair) { return u.Domains }),
+		TopBlocked:           topsCollector(units, maxDomains, func(u *unitDB) (pairs []countPair) { return u.BlockedDomains }),
+		TopClients:           topsCollector(units, maxClients, func(u *unitDB) (pairs []countPair) { return u.Clients }),
 	}
 
 	// Total counters:

internal/tools/go.mod

@@ -1,6 +1,6 @@
 module github.com/AdguardTeam/AdGuardHome/internal/tools
 
-go 1.19
+go 1.18
 
 require (
 	github.com/fzipp/gocyclo v0.6.0
@@ -8,10 +8,10 @@ require (
 	github.com/gordonklaus/ineffassign v0.0.0-20230107090616-13ace0543b28
 	github.com/kisielk/errcheck v1.6.3
 	github.com/kyoh86/looppointer v0.2.1
-	github.com/securego/gosec/v2 v2.15.0
-	golang.org/x/tools v0.6.1-0.20230217175706-3102dad5faf9
-	golang.org/x/vuln v0.0.0-20230217204342-b91abcc5ae3c
-	honnef.co/go/tools v0.4.2
+	github.com/securego/gosec/v2 v2.14.0
+	golang.org/x/tools v0.5.1-0.20230117180257-8aba49bb5ea2
+	golang.org/x/vuln v0.0.0-20230130175424-dd534eeddf33
+	honnef.co/go/tools v0.3.3
 	mvdan.cc/gofumpt v0.4.0
 	mvdan.cc/unparam v0.0.0-20230125043941-70a0ce6e7b95
 )
@@ -24,10 +24,10 @@ require (
 	github.com/kyoh86/nolint v0.0.1 // indirect
 	github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
-	golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb // indirect
-	golang.org/x/exp/typeparams v0.0.0-20230213192124-5e25df0256eb // indirect
-	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/exp v0.0.0-20230131160201-f062dba9d201 // indirect
+	golang.org/x/exp/typeparams v0.0.0-20230131160201-f062dba9d201 // indirect
+	golang.org/x/mod v0.7.0 // indirect
 	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
+	golang.org/x/sys v0.4.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 )

internal/tools/go.sum

@@ -7,7 +7,6 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fzipp/gocyclo v0.6.0 h1:lsblElZG7d3ALtGMx9fmxeTKZaLLpU8mET09yN4BBLo=
 github.com/fzipp/gocyclo v0.6.0/go.mod h1:rXPyn8fnlpa0R2csP/31uerbiVBugk5whMdlyaLkLoA=
-github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
 github.com/golangci/misspell v0.4.0 h1:KtVB/hTK4bbL/S6bs64rYyk8adjmh1BygbBiaAiX+a0=
 github.com/golangci/misspell v0.4.0/go.mod h1:W6O/bwV6lGDxUCChm2ykw9NQdd5bYd1Xkjo88UcWyJc=
 github.com/google/go-cmdtest v0.4.1-0.20220921163831-55ab3332a786 h1:rcv+Ippz6RAtvaGgKxc+8FQIpxHgsF+HBzPyYL2cyVU=
@@ -30,14 +29,14 @@ github.com/kyoh86/nolint v0.0.1 h1:GjNxDEkVn2wAxKHtP7iNTrRxytRZ1wXxLV5j4XzGfRU=
 github.com/kyoh86/nolint v0.0.1/go.mod h1:1ZiZZ7qqrZ9dZegU96phwVcdQOMKIqRzFJL3ewq9gtI=
 github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 h1:4kuARK6Y6FxaNu/BnU2OAaLF86eTVhP2hjTB6iMvItA=
 github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354/go.mod h1:KSVJerMDfblTH7p5MZaTt+8zaT2iEk3AkVb9PQdZuE8=
-github.com/onsi/ginkgo/v2 v2.8.0 h1:pAM+oBNPrpXRs+E/8spkeGx9QgekbRVyr74EUvRVOUI=
-github.com/onsi/gomega v1.26.0 h1:03cDLK28U6hWvCAns6NeydX3zIm4SF3ci69ulidS32Q=
+github.com/onsi/ginkgo/v2 v2.3.1 h1:8SbseP7qM32WcvE6VaN6vfXxv698izmsJ1UQX9ve7T8=
+github.com/onsi/gomega v1.22.1 h1:pY8O4lBfsHKZHM/6nrxkhVPUznOlIu3quZcKP/M20KI=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
-github.com/securego/gosec/v2 v2.15.0 h1:v4Ym7FF58/jlykYmmhZ7mTm7FQvN/setNm++0fgIAtw=
-github.com/securego/gosec/v2 v2.15.0/go.mod h1:VOjTrZOkUtSDt2QLSJmQBMWnvwiQPEjg0l+5juIqGk8=
+github.com/securego/gosec/v2 v2.14.0 h1:U1hfs0oBackChXA72plCYVA4cOlQ4gO+209dHiSNZbI=
+github.com/securego/gosec/v2 v2.14.0/go.mod h1:Ff03zEi5NwSOfXj9nFpBfhbWTtROCkg9N+9goggrYn4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v1.1.4/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
@@ -54,22 +53,22 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb h1:PaBZQdo+iSDyHT053FjUCgZQ/9uqVwPOcl7KSWhKn6w=
-golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
-golang.org/x/exp/typeparams v0.0.0-20230213192124-5e25df0256eb h1:WGs/bGIWYyAY5PVgGGMXqGGCxSJz4fpoUExb/vgqNCU=
-golang.org/x/exp/typeparams v0.0.0-20230213192124-5e25df0256eb/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
+golang.org/x/exp v0.0.0-20230131160201-f062dba9d201 h1:BEABXpNXLEz0WxtA+6CQIz2xkg80e+1zrhWyMcq8VzE=
+golang.org/x/exp v0.0.0-20230131160201-f062dba9d201/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
+golang.org/x/exp/typeparams v0.0.0-20230131160201-f062dba9d201 h1:O1QcdQUR9htWjzzsXVFPX+RJ3n1P/u/5bsQR8dbs5BY=
+golang.org/x/exp/typeparams v0.0.0-20230131160201-f062dba9d201/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
-golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA=
+golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q=
+golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -84,33 +83,35 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18=
+golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k=
+golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20201007032633-0806396f153e/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
-golang.org/x/tools v0.6.1-0.20230217175706-3102dad5faf9 h1:IuFp2CklNBim6OdHXn/1P4VoeKt5pA2jcDKWlboqtlQ=
-golang.org/x/tools v0.6.1-0.20230217175706-3102dad5faf9/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/vuln v0.0.0-20230217204342-b91abcc5ae3c h1:7/jJkMpaKZMxdyOQ7IP7aPbJQaDk4cOUxtXtWHQ1cSk=
-golang.org/x/vuln v0.0.0-20230217204342-b91abcc5ae3c/go.mod h1:LTLnfk/dpXDNKsX6aCg/cI4LyCVnTyrQhgV/yLJuly0=
+golang.org/x/tools v0.5.1-0.20230117180257-8aba49bb5ea2 h1:v0FhRDmSCNH/0EurAT6T8KRY4aNuUhz6/WwBMxG+gvQ=
+golang.org/x/tools v0.5.1-0.20230117180257-8aba49bb5ea2/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k=
+golang.org/x/vuln v0.0.0-20230130175424-dd534eeddf33 h1:je2aB5nnlseeGvJy5clg6EyC3jjbbCNsRDroC3qQJsA=
+golang.org/x/vuln v0.0.0-20230130175424-dd534eeddf33/go.mod h1:cBP4HMKv0X+x96j8IJWCKk0eqpakBmmHjKGSSC0NaYE=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.4.2 h1:6qXr+R5w+ktL5UkwEbPp+fEvfyoMPche6GkOpGHZcLc=
-honnef.co/go/tools v0.4.2/go.mod h1:36ZgoUOrqOk1GxwHhyryEkq8FQWkUO2xGuSMhUCcdvA=
+honnef.co/go/tools v0.3.3 h1:oDx7VAwstgpYpb3wv0oxiZlxY+foCpRAwY7Vk6XpAgA=
+honnef.co/go/tools v0.3.3/go.mod h1:jzwdWgg7Jdq75wlfblQxO4neNaFFSvgc1tD5Wv8U0Yw=
 mvdan.cc/gofumpt v0.4.0 h1:JVf4NN1mIpHogBj7ABpgOyZc65/UUOkKQFkoURsz4MM=
 mvdan.cc/gofumpt v0.4.0/go.mod h1:PljLOHDeZqgS8opHRKLzp2It2VBuSdteAgqUfzMTxlQ=
 mvdan.cc/unparam v0.0.0-20230125043941-70a0ce6e7b95 h1:n/xhncJPSt0YzfOhnyn41XxUdrWQNgmLBG72FE27Fqw=

internal/tools/tools.go

@@ -1,4 +1,5 @@
 //go:build tools
+// +build tools
 
 package tools
 

main.go

@@ -1,5 +1,3 @@
-//go:build !next
-
 package main
 
 import (

main_next.go

@@ -1,20 +0,0 @@
-//go:build next
-
-package main
-
-import (
-	"embed"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/cmd"
-)
-
-// Embed the prebuilt client here since we strive to keep .go files inside the
-// internal directory and the embed package is unable to embed files located
-// outside of the same or underlying directory.
-
-//go:embed build
-var clientBuildFS embed.FS
-
-func main() {
-	cmd.Main(clientBuildFS)
-}

scripts/README.md

@@ -205,7 +205,7 @@ code from [the repo][companiesrepo].
  ###  Usage
 
 ```sh
-sh ./scripts/companiesdb/download.sh
+( cd scripts/companiesdb && sh ./download.sh )
 ```
 
 [companiesrepo]: https://github.com/AdguardTeam/companiesdb

scripts/companiesdb/download.sh

@@ -4,9 +4,11 @@ set -e -f -u -x
 
 # This script syncs companies DB that we bundle with AdGuard Home.  The source
 # for this database is https://github.com/AdguardTeam/companiesdb.
-#
-trackers_url='https://raw.githubusercontent.com/AdguardTeam/companiesdb/main/dist/trackers.json'
-output='./client/src/helpers/trackers/trackers.json'
-readonly trackers_url output
 
-curl -o "$output" -v "$trackers_url"
+whotracksme='https://raw.githubusercontent.com/AdguardTeam/companiesdb/main/dist/whotracksme.json'
+adguard='https://raw.githubusercontent.com/AdguardTeam/companiesdb/main/dist/adguard.json'
+base_path='../../client/src/helpers/trackers'
+readonly whotracksme adguard base_path
+
+curl -o "${base_path}/whotracksme.json" -v "$whotracksme"
+curl -o "${base_path}/adguard.json"     -v "$adguard"

scripts/hooks/pre-commit

@@ -2,18 +2,10 @@
 
 set -e -f -u
 
-# This comment is used to simplify checking local copies of the script.
-# Bump this number every time a significant change is made to this
-# script.
-#
-# AdGuard-Project-Version: 1
-
-# Only show interactive prompts if there a terminal is attached to
-# stdout.  While this technically doesn't guarantee that reading from
-# /dev/tty works, this should work reasonably well on all of our
-# supported development systems and in most terminal emulators.
+# Only show interactive prompts if there is a terminal attached.  This
+# should work on all of our supported Unix systems.
 is_tty='0'
-if [ -t '1' ]
+if [ -e /dev/tty ]
 then
 	is_tty='1'
 fi

scripts/install.sh

@@ -33,19 +33,6 @@ usage() {
 	exit 2
 }
 
-# Function maybe_sudo runs passed command with root privileges if use_sudo isn't
-# equal to 0.
-#
-# TODO(e.burkov):  Use everywhere the sudo_cmd isn't quoted.
-maybe_sudo() {
-	if [ "$use_sudo" -eq 0 ]
-	then
-		"$@"
-	else
-		"$sudo_cmd" "$@"
-	fi
-}
-
 # Function is_command checks if the command exists on the machine.
 is_command() {
 	command -v "$1" >/dev/null 2>&1
@@ -351,18 +338,6 @@ download_wget() {
 	wget --no-verbose -O "$wget_output" "$1"
 }
 
-# download_fetch uses fetch(1) to download a file.  The first argument is the
-# URL.  The second argument is optional and is the output file.
-download_fetch() {
-	fetch_output="${2:-}"
-	if [ "$fetch_output" = '' ]
-	then
-		fetch -o '-' "$1"
-	else
-		fetch -o "$fetch_output" "$1"
-	fi
-}
-
 # Function set_download_func sets the appropriate function for downloading
 # files.
 set_download_func() {
@@ -373,9 +348,6 @@ set_download_func() {
 	elif is_command 'wget'
 	then
 		download_func='download_wget'
-	elif is_command 'fetch'
-	then
-		download_func='download_fetch'
 	else
 		error_exit "either curl or wget is required to install AdGuard Home via this script"
 	fi
@@ -567,14 +539,7 @@ handle_existing() {
 
 # Function install_service tries to install AGH as service.
 install_service() {
-	# Installing the service as root is required at least on FreeBSD.
-	use_sudo='0'
-	if [ "$os" = 'freebsd' ]
-	then
-		use_sudo='1'
-	fi
-
-	if ( cd "$agh_dir" && maybe_sudo ./AdGuardHome -s install )
+	if ( cd "$agh_dir" && ./AdGuardHome -s install )
 	then
 		return 0
 	fi

scripts/make/Dockerfile

@@ -1,6 +1,6 @@
 # A docker file for scripts/make/build-docker.sh.
 
-FROM alpine:3.17
+FROM alpine:3.16
 
 ARG BUILD_DATE
 ARG VERSION

scripts/make/go-build.sh

@@ -6,11 +6,6 @@
 # only has superficial knowledge of the POSIX shell language and alike.
 # Experienced readers may find it overly verbose.
 
-# This comment is used to simplify checking local copies of the script.  Bump
-# this number every time a significant change is made to this script.
-#
-# AdGuard-Project-Version: 1
-
 # The default verbosity level is 0.  Show every command that is run and every
 # package that is processed if the caller requested verbosity level greater than
 # 0.  Also show subcommands if the requested verbosity level is greater than 1.
@@ -116,37 +111,16 @@ readonly o_flags
 # must be enabled.
 if [ "${RACE:-0}" -eq '0' ]
 then
-	CGO_ENABLED='0'
+	cgo_enabled='0'
 	race_flags='--race=0'
 else
-	CGO_ENABLED='1'
+	cgo_enabled='1'
 	race_flags='--race=1'
 fi
-readonly CGO_ENABLED race_flags
-export CGO_ENABLED
+readonly cgo_enabled race_flags
 
+CGO_ENABLED="$cgo_enabled"
 GO111MODULE='on'
-export GO111MODULE
+export CGO_ENABLED GO111MODULE
 
-# Build the new binary if requested.
-if [ "${NEXTAPI:-0}" -eq '0' ]
-then
-	tags_flags='--tags='
-else
-	tags_flags='--tags=next'
-fi
-readonly tags_flags
-
-if [ "$verbose" -gt '0' ]
-then
-	"$go" env
-fi
-
-"$go" build\
-	--ldflags "$ldflags"\
-	"$race_flags"\
-	"$tags_flags"\
-	--trimpath\
-	"$o_flags"\
-	"$v_flags"\
-	"$x_flags"
+"$go" build --ldflags "$ldflags" "$race_flags" --trimpath "$o_flags" "$v_flags" "$x_flags"

scripts/make/go-deps.sh

@@ -1,10 +1,5 @@
 #!/bin/sh
 
-# This comment is used to simplify checking local copies of the script.  Bump
-# this number every time a significant change is made to this script.
-#
-# AdGuard-Project-Version: 1
-
 verbose="${VERBOSE:-0}"
 readonly verbose
 
@@ -12,14 +7,14 @@ if [ "$verbose" -gt '1' ]
 then
 	env
 	set -x
-	x_flags='-x=1'
+	x_flags='-x'
 elif [ "$verbose" -gt '0' ]
 then
 	set -x
-	x_flags='-x=0'
+	x_flags=''
 else
 	set +x
-	x_flags='-x=0'
+	x_flags=''
 fi
 readonly x_flags
 
@@ -28,4 +23,6 @@ set -e -f -u
 go="${GO:-go}"
 readonly go
 
-"$go" mod download "$x_flags"
+# Don't use quotes with flag variables because we want an empty space if those
+# aren't set.
+"$go" mod download $x_flags

scripts/make/go-lint.sh

@@ -1,13 +1,8 @@
 #!/bin/sh
 
-# This comment is used to simplify checking local copies of the script.  Bump
-# this number every time a significant change is made to this script.
-#
-# AdGuard-Project-Version: 3
-
 verbose="${VERBOSE:-0}"
-readonly verbose
 
+# Set verbosity.
 if [ "$verbose" -gt '0' ]
 then
 	set -x
@@ -21,12 +16,34 @@ else
 	set -e
 fi
 
+# We don't need glob expansions and we want to see errors about unset variables.
 set -f -u
 
 
 
-# Source the common helpers, including not_found and run_linter.
-. ./scripts/make/helper.sh
+# Deferred Helpers
+
+not_found_msg='
+looks like a binary not found error.
+make sure you have installed the linter binaries using:
+
+	$ make go-tools
+'
+readonly not_found_msg
+
+# TODO(a.garipov): Put it into a separate script and source it both here and in
+# txt-lint.sh?
+not_found() {
+	if [ "$?" -eq '127' ]
+	then
+		# Code 127 is the exit status a shell uses when a command or
+		# a file is not found, according to the Bash Hackers wiki.
+		#
+		# See https://wiki.bash-hackers.org/dict/terms/exit_status.
+		echo "$not_found_msg" 1>&2
+	fi
+}
+trap not_found EXIT
 
 
 
@@ -35,7 +52,7 @@ set -f -u
 go_version="$( "${GO:-go}" version )"
 readonly go_version
 
-go_min_version='go1.19.6'
+go_min_version='go1.18'
 go_version_msg="
 warning: your go version (${go_version}) is different from the recommended minimal one (${go_min_version}).
 if you have the version installed, please set the GO environment variable.
@@ -57,7 +74,7 @@ esac
 
 
 
-# Simple analyzers
+# Simple Analyzers
 
 # blocklist_imports is a simple check against unwanted packages.  The following
 # packages are banned:
@@ -74,8 +91,6 @@ esac
 #
 #      See https://github.com/golang/go/issues/45200.
 #
-#   *  Package sort is replaced by golang.org/x/exp/slices.
-#
 #   *  Package unsafe is… unsafe.
 #
 #   *  Package golang.org/x/net/context has been moved into stdlib.
@@ -86,7 +101,6 @@ blocklist_imports() {
 		-e '[[:space:]]"io/ioutil"$'\
 		-e '[[:space:]]"log"$'\
 		-e '[[:space:]]"reflect"$'\
-		-e '[[:space:]]"sort"$'\
 		-e '[[:space:]]"unsafe"$'\
 		-e '[[:space:]]"golang.org/x/net/context"$'\
 		-n\
@@ -122,7 +136,6 @@ underscores() {
 			-e '_freebsd.go'\
 			-e '_linux.go'\
 			-e '_little.go'\
-			-e '_next.go'\
 			-e '_openbsd.go'\
 			-e '_others.go'\
 			-e '_test.go'\
@@ -144,67 +157,95 @@ underscores() {
 
 
 
+# Helpers
+
+# exit_on_output exits with a nonzero exit code if there is anything in the
+# command's combined output.
+exit_on_output() (
+	set +e
+
+	if [ "$VERBOSE" -lt '2' ]
+	then
+		set +x
+	fi
+
+	cmd="$1"
+	shift
+
+	output="$( "$cmd" "$@" 2>&1 )"
+	exitcode="$?"
+	if [ "$exitcode" -ne '0' ]
+	then
+		echo "'$cmd' failed with code $exitcode"
+	fi
+
+	if [ "$output" != '' ]
+	then
+		if [ "$*" != '' ]
+		then
+			echo "combined output of linter '$cmd $*':"
+		else
+			echo "combined output of linter '$cmd':"
+		fi
+
+		echo "$output"
+
+		if [ "$exitcode" -eq '0' ]
+		then
+			exitcode='1'
+		fi
+	fi
+
+	return "$exitcode"
+)
+
+
+
 # Checks
 
-run_linter -e blocklist_imports
+exit_on_output blocklist_imports
 
-run_linter -e method_const
+exit_on_output method_const
 
-run_linter -e underscores
+exit_on_output underscores
 
-run_linter -e gofumpt --extra -e -l .
+exit_on_output gofumpt --extra -e -l .
 
-# TODO(a.garipov): golint is deprecated, find a suitable replacement.
+# TODO(a.garipov): golint is deprecated, and seems to cause more and more
+# issues with each release.  Find a suitable replacement.
+#
+#	golint --set_exit_status ./...
 
-run_linter "$GO" vet ./...
+"$GO" vet ./...
 
-run_linter govulncheck ./...
+govulncheck ./...
 
 # Apply more lax standards to the code we haven't properly refactored yet.
-run_linter gocyclo --over 17 ./internal/querylog/
-run_linter gocyclo --over 13\
-	./internal/dhcpd\
-	./internal/filtering/\
-	./internal/home/\
-	;
+gocyclo --over 17 ./internal/querylog/
+gocyclo --over 13 ./internal/dhcpd ./internal/filtering/ ./internal/home/
 
-# Apply the normal standards to new or somewhat refactored code.
-run_linter gocyclo --over 10\
-	./internal/aghio/\
-	./internal/aghnet/\
-	./internal/aghos/\
-	./internal/aghtest/\
-	./internal/dnsforward/\
-	./internal/filtering/rewrite/\
-	./internal/stats/\
-	./internal/tools/\
-	./internal/updater/\
-	./internal/next/\
-	./internal/version/\
-	./scripts/blocked-services/\
-	./scripts/vetted-filters/\
-	./main.go\
-	;
+# Apply stricter standards to new or somewhat refactored code.
+gocyclo --over 10 ./internal/aghio/ ./internal/aghnet/ ./internal/aghos/\
+	./internal/aghtest/ ./internal/dnsforward/ ./internal/filtering/rewrite/\
+	./internal/stats/ ./internal/tools/ ./internal/updater/ ./internal/version/\
+	./scripts/vetted-filters/ ./main.go
 
-run_linter ineffassign ./...
+ineffassign ./...
 
-run_linter unparam ./...
+unparam ./...
 
-git ls-files -- 'Makefile' '*.go' '*.mod' '*.sh' '*.yaml' '*.yml'\
-	| xargs misspell --error
+git ls-files -- '*.go' '*.mod' '*.sh' 'Makefile' | xargs misspell --error
 
-run_linter looppointer ./...
+looppointer ./...
 
-run_linter nilness ./...
+nilness ./...
 
-# TODO(a.garipov): Add fieldalignment?
-
-run_linter -e shadow --strict ./...
+exit_on_output shadow --strict ./...
 
 # TODO(a.garipov): Enable in v0.108.0.
-# run_linter gosec --quiet ./...
+# gosec --quiet ./...
 
 # TODO(a.garipov): Enable --blank?
-run_linter errcheck --asserts ./...
+errcheck --asserts ./...
 
-run_linter staticcheck ./...
+staticcheck ./...