all: sync with master; upd chlog

Updates #5959.

* commit '4b9264531be50e81fe610050a12827b71bc3a9cd':
  clients: use constant a day in milliseconds
  clients: fix lint
  fix error days

.github/workflows/build.yml

@@ -1,7 +1,7 @@
 'name': 'build'
 
 'env':
-  'GO_VERSION': '1.19.10'
+  'GO_VERSION': '1.19.11'
   'NODE_VERSION': '14'
 
 'on':

.github/workflows/lint.yml

@@ -1,7 +1,7 @@
 'name': 'lint'
 
 'env':
-  'GO_VERSION': '1.19.10'
+  'GO_VERSION': '1.19.11'
 
 'on':
   'push':

.gitignore

@@ -9,6 +9,7 @@
 *.db
 *.log
 *.snap
+*.test
 /agh-backup/
 /bin/
 /build/*

CHANGELOG.md

@@ -14,11 +14,11 @@ and this project adheres to
 <!--
 ## [v0.108.0] - TBA
 
-## [v0.107.34] - 2023-07-26 (APPROX.)
+## [v0.107.35] - 2023-08-02 (APPROX.)
 
-See also the [v0.107.34 GitHub milestone][ms-v0.107.34].
+See also the [v0.107.35 GitHub milestone][ms-v0.107.35].
 
-[ms-v0.107.34]: https://github.com/AdguardTeam/AdGuardHome/milestone/69?closed=1
+[ms-v0.107.35]: https://github.com/AdguardTeam/AdGuardHome/milestone/70?closed=1
 
 NOTE: Add new changes BELOW THIS COMMENT.
 -->
@@ -29,6 +29,88 @@ NOTE: Add new changes ABOVE THIS COMMENT.
 
 
 
+## [v0.107.34] - 2023-07-12
+
+See also the [v0.107.34 GitHub milestone][ms-v0.107.34].
+
+### Security
+
+- Go version has been updated to prevent the possibility of exploiting the
+  CVE-2023-29406 Go vulnerability fixed in [Go 1.19.11][go-1.19.11].
+
+### Added
+
+- Ability to ignore queries for the root domain, such as `NS .` queries
+  ([#5990]).
+
+### Changed
+
+- Improved CPU and RAM consumption during updates of filtering-rule lists.
+
+#### Configuration Changes
+
+In this release, the schema version has changed from 23 to 24.
+
+- Properties starting with `log_`, and `verbose` property, which used to set up
+  logging are now moved to the new object `log` containing new properties
+  `file`, `max_backups`, `max_size`, `max_age`, `compress`, `local_time`, and
+  `verbose`:
+
+  ```yaml
+  # BEFORE:
+  'log_file': ""
+  'log_max_backups': 0
+  'log_max_size': 100
+  'log_max_age': 3
+  'log_compress': false
+  'log_localtime': false
+  'verbose': false
+
+  # AFTER:
+  'log':
+      'file': ""
+      'max_backups': 0
+      'max_size': 100
+      'max_age': 3
+      'compress': false
+      'local_time': false
+      'verbose': false
+  ```
+
+  To rollback this change, remove the new object `log`, set back `log_` and
+  `verbose` properties and change the `schema_version` back to `23`.
+
+### Deprecated
+
+- Default exposure of the non-standard ports 784 and 8853 for DNS-over-QUIC in
+  the `Dockerfile`.
+
+### Fixed
+
+- Two unspecified IPs when a host is blocked in two filter lists ([#5972]).
+- Incorrect setting of Parental Control cache size.
+- Excessive RAM and CPU consumption by Safe Browsing and Parental Control
+  filters ([#5896]).
+
+### Removed
+
+- The `HEALTHCHECK` section and the use of `tini` in the `ENTRYPOINT` section in
+  `Dockerfile` ([#5939]).  They caused a lot of issues, especially with tools
+  like `docker-compose` and `podman`.
+
+  **NOTE:** Some Docker tools may cache `ENTRYPOINT` sections, so some users may
+  be required to backup their configuration, stop the container, purge the old
+  image, and reload it from scratch.
+
+[#5896]: https://github.com/AdguardTeam/AdGuardHome/issues/5896
+[#5972]: https://github.com/AdguardTeam/AdGuardHome/issues/5972
+[#5990]: https://github.com/AdguardTeam/AdGuardHome/issues/5990
+
+[go-1.19.11]:   https://groups.google.com/g/golang-announce/c/2q13H6LEEx0/m/sduSepLLBwAJ
+[ms-v0.107.34]: https://github.com/AdguardTeam/AdGuardHome/milestone/69?closed=1
+
+
+
 ## [v0.107.33] - 2023-07-03
 
 See also the [v0.107.33 GitHub milestone][ms-v0.107.33].
@@ -147,9 +229,9 @@ In this release, the schema version has changed from 20 to 23.
 
 ### Deprecated
 
-- `HEALTHCHECK` and `ENTRYPOINT` sections in `Dockerfile` ([#5939]).  They cause
-  a lot of issues, especially with tools like `docker-compose` and `podman`, and
-  will be removed in a future release.
+- The `HEALTHCHECK` section and the use of `tini` in the `ENTRYPOINT` section in
+  `Dockerfile` ([#5939]).  They cause a lot of issues, especially with tools
+  like `docker-compose` and `podman`, and will be removed in a future release.
 - Flags `-h`, `--host`, `-p`, `--port` have been deprecated.  The `-h` flag
   will work as an alias for `--help`, instead of the deprecated `--host` in the
   future releases.
@@ -2160,11 +2242,12 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].
 
 
 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.34...HEAD
-[v0.107.34]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.33...v0.107.34
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.35...HEAD
+[v0.107.35]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.34...v0.107.35
 -->
 
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.33...HEAD
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.34...HEAD
+[v0.107.34]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.33...v0.107.34
 [v0.107.33]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.32...v0.107.33
 [v0.107.32]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.31...v0.107.32
 [v0.107.31]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.30...v0.107.31

Makefile

@@ -37,8 +37,6 @@ SIGN = 1
 VERSION = v0.0.0
 YARN = yarn
 
-NEXTAPI = 0
-
 # Macros for the build-release target.  If FRONTEND_PREBUILT is 0, the
 # default, the macro $(BUILD_RELEASE_DEPS_$(FRONTEND_PREBUILT)) expands
 # into BUILD_RELEASE_DEPS_0, and so both frontend and backend
@@ -66,7 +64,6 @@ ENV = env\
 	PATH="$${PWD}/bin:$$( "$(GO.MACRO)" env GOPATH )/bin:$${PATH}"\
 	RACE='$(RACE)'\
 	SIGN='$(SIGN)'\
-	NEXTAPI='$(NEXTAPI)'\
 	VERBOSE="$(VERBOSE.MACRO)"\
 	VERSION='$(VERSION)'\
 
@@ -78,7 +75,7 @@ build: deps quick-build
 
 quick-build: js-build go-build
 
-ci: deps test
+ci: deps test go-bench go-fuzz
 
 deps: js-deps go-deps
 lint: js-lint go-lint
@@ -104,8 +101,10 @@ js-deps:
 js-lint: ; $(NPM) $(NPM_FLAGS) run lint
 js-test: ; $(NPM) $(NPM_FLAGS) run test
 
+go-bench: ; $(ENV) "$(SHELL)" ./scripts/make/go-bench.sh
 go-build: ; $(ENV) "$(SHELL)" ./scripts/make/go-build.sh
 go-deps:  ; $(ENV) "$(SHELL)" ./scripts/make/go-deps.sh
+go-fuzz:  ; $(ENV) "$(SHELL)" ./scripts/make/go-fuzz.sh
 go-lint:  ; $(ENV) "$(SHELL)" ./scripts/make/go-lint.sh
 go-tools: ; $(ENV) "$(SHELL)" ./scripts/make/go-tools.sh
 

bamboo-specs/release.yaml

@@ -7,7 +7,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
     'channel': 'edge'
-    'dockerGo': 'adguard/golang-ubuntu:6.7'
+    'dockerGo': 'adguard/golang-ubuntu:6.8'
 
 'stages':
   - 'Build frontend':
@@ -272,7 +272,7 @@
         # need to build a few of these.
         'variables':
             'channel': 'beta'
-            'dockerGo': 'adguard/golang-ubuntu:6.7'
+            'dockerGo': 'adguard/golang-ubuntu:6.8'
     # release-vX.Y.Z branches are the branches from which the actual final
     # release is built.
   - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
@@ -287,4 +287,4 @@
         # are the ones that actually get released.
         'variables':
             'channel': 'release'
-            'dockerGo': 'adguard/golang-ubuntu:6.7'
+            'dockerGo': 'adguard/golang-ubuntu:6.8'

bamboo-specs/snapcraft.yaml

@@ -10,7 +10,7 @@
 # Make sure to sync any changes with the branch overrides below.
 'variables':
     'channel': 'edge'
-    'dockerGo': 'adguard/golang-ubuntu:6.7'
+    'dockerGo': 'adguard/golang-ubuntu:6.8'
     'snapcraftChannel': 'edge'
 
 'stages':
@@ -191,7 +191,7 @@
         # need to build a few of these.
         'variables':
             'channel': 'beta'
-            'dockerGo': 'adguard/golang-ubuntu:6.7'
+            'dockerGo': 'adguard/golang-ubuntu:6.8'
             'snapcraftChannel': 'beta'
     # release-vX.Y.Z branches are the branches from which the actual final
     # release is built.
@@ -207,5 +207,5 @@
         # are the ones that actually get released.
         'variables':
             'channel': 'release'
-            'dockerGo': 'adguard/golang-ubuntu:6.7'
+            'dockerGo': 'adguard/golang-ubuntu:6.8'
             'snapcraftChannel': 'candidate'

bamboo-specs/test.yaml

@@ -5,7 +5,7 @@
     'key': 'AHBRTSPECS'
     'name': 'AdGuard Home - Build and run tests'
 'variables':
-    'dockerGo': 'adguard/golang-ubuntu:6.7'
+    'dockerGo': 'adguard/golang-ubuntu:6.8'
 
 'stages':
   - 'Tests':

docker/Dockerfile

@@ -1,6 +1,6 @@
 # A docker file for scripts/make/build-docker.sh.
 
-FROM alpine:3.17
+FROM alpine:3.18
 
 ARG BUILD_DATE
 ARG VERSION
@@ -25,8 +25,6 @@ RUN apk --no-cache add ca-certificates libcap tzdata && \
 	mkdir -p /opt/adguardhome/conf /opt/adguardhome/work && \
 	chown -R nobody: /opt/adguardhome
 
-RUN apk --no-cache add tini
-
 ARG DIST_DIR
 ARG TARGETARCH
 ARG TARGETOS
@@ -43,43 +41,24 @@ RUN setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome
 # 68     :      UDP : DHCP (client)
 # 80     : TCP      : HTTP (main)
 # 443    : TCP, UDP : HTTPS, DNS-over-HTTPS (incl. HTTP/3), DNSCrypt (main)
-# 784    :      UDP : DNS-over-QUIC (experimental)
+# 784    :      UDP : DNS-over-QUIC (deprecated; use 853)
 # 853    : TCP, UDP : DNS-over-TLS, DNS-over-QUIC
 # 3000   : TCP, UDP : HTTP(S) (alt, incl. HTTP/3)
-# 3001   : TCP, UDP : HTTP(S) (beta, incl. HTTP/3)
 # 5443   : TCP, UDP : DNSCrypt (alt)
 # 6060   : TCP      : HTTP (pprof)
-# 8853   :      UDP : DNS-over-QUIC (experimental)
+# 8853   :      UDP : DNS-over-QUIC (deprecated; use 853)
 #
 # TODO(a.garipov): Remove the old, non-standard 784 and 8853 ports for
 # DNS-over-QUIC in a future release.
 EXPOSE 53/tcp 53/udp 67/udp 68/udp 80/tcp 443/tcp 443/udp 784/udp\
-	853/tcp 853/udp 3000/tcp 3000/udp 5443/tcp\
-	5443/udp 6060/tcp 8853/udp
+	853/tcp 853/udp 3000/tcp 3000/udp 5443/tcp 5443/udp 6060/tcp\
+	8853/udp
 
 WORKDIR /opt/adguardhome/work
 
-# Install helpers for healthcheck.
-COPY --chown=nobody:nogroup\
-	./${DIST_DIR}/docker/scripts\
-	/opt/adguardhome/scripts
-
-HEALTHCHECK \
-	--interval=30s \
-	--timeout=10s \
-	--retries=3 \
-	CMD [ "/opt/adguardhome/scripts/healthcheck.sh" ]
-
-# It seems that the healthckech script sometimes spawns zombie processes, so we
-# need a way to handle them, since AdGuard Home doesn't know how to keep track
-# of the processes delegated to it by the OS.  Use tini as entry point because
-# it needs the PID=1 to be the default parent for orphaned processes.
-#
-# See https://github.com/adguardTeam/adGuardHome/issues/3290.
-ENTRYPOINT [ "/sbin/tini", "--" ]
+ENTRYPOINT ["/opt/adguardhome/AdGuardHome"]
 
 CMD [ \
-	"/opt/adguardhome/AdGuardHome", \
 	"--no-check-update", \
 	"-c", "/opt/adguardhome/conf/AdGuardHome.yaml", \
 	"-w", "/opt/adguardhome/work" \

docker/dns-bind.awk

@@ -1,29 +0,0 @@
-/^[^[:space:]]/ { is_dns = /^dns:/ }
-
-/^[[:space:]]+bind_hosts:/ { if (is_dns) prev_line = FNR }
-
-/^[[:space:]]+- .+/ {
-    if (FNR - prev_line == 1) {
-        addrs[$2] = true
-        prev_line = FNR
-
-        if ($2 == "0.0.0.0" || $2 == "'::'") {
-            # Drop all the other addresses.
-            delete addrs
-            addrs[""] = true
-            prev_line = -1
-        }
-    }
-}
-
-/^[[:space:]]+port:/ { if (is_dns) port = $2 }
-
-END {
-    for (addr in addrs) {
-        if (match(addr, ":")) {
-            print "[" addr "]:" port
-        } else {
-            print addr ":" port
-        }
-    }
-}

docker/healthcheck.sh

@@ -1,107 +0,0 @@
-#!/bin/sh
-
-# AdGuard Home Docker healthcheck script
-
-# Exit the script if a pipeline fails (-e), prevent accidental filename
-# expansion (-f), and consider undefined variables as errors (-u).
-set -e -f -u
-
-# Function error_exit is an echo wrapper that writes to stderr and stops the
-# script execution with code 1.
-error_exit() {
-	echo "$1" 1>&2
-
-	exit 1
-}
-
-agh_dir="/opt/adguardhome"
-readonly agh_dir
-
-filename="${agh_dir}/conf/AdGuardHome.yaml"
-readonly filename
-
-if ! [ -f "$filename" ]
-then
-    wget "http://127.0.0.1:3000" -O /dev/null -q || exit 1
-
-    exit 0
-fi
-
-help_dir="${agh_dir}/scripts"
-readonly help_dir
-
-# Parse web host
-
-web_url="$( awk -f "${help_dir}/web-bind.awk" "$filename" )"
-readonly web_url
-
-if [ "$web_url" = '' ]
-then
-    error_exit "no web bindings could be retrieved from $filename"
-fi
-
-# TODO(e.burkov):  Deal with 0 port.
-case "$web_url"
-in
-(*':0')
-    error_exit '0 in web port is not supported by healthcheck'
-    ;;
-(*)
-    # Go on.
-    ;;
-esac
-
-# Parse DNS hosts
-
-dns_hosts="$( awk -f "${help_dir}/dns-bind.awk" "$filename" )"
-readonly dns_hosts
-
-if [ "$dns_hosts" = '' ]
-then
-    error_exit "no DNS bindings could be retrieved from $filename"
-fi
-
-first_dns="$( echo "$dns_hosts" | head -n 1 )"
-readonly first_dns
-
-# TODO(e.burkov):  Deal with 0 port.
-case "$first_dns"
-in
-(*':0')
-    error_exit '0 in DNS port is not supported by healthcheck'
-    ;;
-(*)
-    # Go on.
-    ;;
-esac
-
-# Check
-
-# Skip SSL certificate validation since there is no guarantee the container
-# trusts the one used.  It should be safe to drop the SSL validation since the
-# current script intended to be used from inside the container and only checks
-# the endpoint availability, ignoring the content of the response.
-#
-# See https://github.com/AdguardTeam/AdGuardHome/issues/5642.
-wget --no-check-certificate "$web_url" -O /dev/null -q || exit 1
-
-test_fqdn="healthcheck.adguardhome.test."
-readonly test_fqdn
-
-# The awk script currently returns only port prefixed with colon in case of
-# unspecified address.
-case "$first_dns"
-in
-(':'*)
-    nslookup -type=a "$test_fqdn" "127.0.0.1${first_dns}" > /dev/null ||\
-    nslookup -type=a "$test_fqdn" "[::1]${first_dns}" > /dev/null ||\
-        error_exit "nslookup failed for $host"
-    ;;
-(*)
-    echo "$dns_hosts" | while read -r host
-    do
-        nslookup -type=a "$test_fqdn" "$host" > /dev/null ||\
-            error_exit "nslookup failed for $host"
-    done
-    ;;
-esac

docker/web-bind.awk

@@ -1,5 +0,0 @@
-# Don't consider the HTTPS hostname since the enforced HTTPS redirection should
-# work if the SSL check skipped.  See file docker/healthcheck.sh.
-/^[^[:space:]]/ { is_http = /^http:/ }
-
-/^[[:space:]]+address:/ { if (is_http) print "http://" $2 }

internal/aghnet/addr.go

@@ -0,0 +1,43 @@
+package aghnet
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/AdguardTeam/golibs/stringutil"
+)
+
+// NormalizeDomain returns a lowercased version of host without the final dot,
+// unless host is ".", in which case it returns it unchanged.  That is a special
+// case that to allow matching queries like:
+//
+//	dig IN NS '.'
+func NormalizeDomain(host string) (norm string) {
+	if host == "." {
+		return host
+	}
+
+	return strings.ToLower(strings.TrimSuffix(host, "."))
+}
+
+// NewDomainNameSet returns nil and error, if list has duplicate or empty domain
+// name.  Otherwise returns a set, which contains domain names normalized using
+// [NormalizeDomain].
+func NewDomainNameSet(list []string) (set *stringutil.Set, err error) {
+	set = stringutil.NewSet()
+
+	for i, host := range list {
+		if host == "" {
+			return nil, fmt.Errorf("at index %d: hostname is empty", i)
+		}
+
+		host = NormalizeDomain(host)
+		if set.Has(host) {
+			return nil, fmt.Errorf("duplicate hostname %q at index %d", host, i)
+		}
+
+		set.Add(host)
+	}
+
+	return set, nil
+}

internal/aghnet/addr_test.go

@@ -0,0 +1,59 @@
+package aghnet_test
+
+import (
+	"testing"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
+	"github.com/AdguardTeam/golibs/testutil"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNewDomainNameSet(t *testing.T) {
+	t.Parallel()
+
+	testCases := []struct {
+		name       string
+		wantErrMsg string
+		in         []string
+	}{{
+		name:       "nil",
+		wantErrMsg: "",
+		in:         nil,
+	}, {
+		name:       "success",
+		wantErrMsg: "",
+		in: []string{
+			"Domain.Example",
+			".",
+		},
+	}, {
+		name:       "dups",
+		wantErrMsg: `duplicate hostname "domain.example" at index 1`,
+		in: []string{
+			"Domain.Example",
+			"domain.example",
+		},
+	}, {
+		name:       "bad_domain",
+		wantErrMsg: "at index 0: hostname is empty",
+		in: []string{
+			"",
+		},
+	}}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			set, err := aghnet.NewDomainNameSet(tc.in)
+			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
+			if err != nil {
+				return
+			}
+
+			for _, host := range tc.in {
+				assert.Truef(t, set.Has(aghnet.NormalizeDomain(host)), "%q not matched", host)
+			}
+		})
+	}
+}

internal/aghnet/hostgen.go

@@ -1,12 +1,8 @@
 package aghnet
 
 import (
-	"fmt"
 	"net/netip"
 	"strings"
-
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/stringutil"
 )
 
 // GenerateHostname generates the hostname from ip.  In case of using IPv4 the
@@ -29,32 +25,8 @@ func GenerateHostname(ip netip.Addr) (hostname string) {
 	hostname = ip.StringExpanded()
 
 	if ip.Is4() {
-		return strings.Replace(hostname, ".", "-", -1)
+		return strings.ReplaceAll(hostname, ".", "-")
 	}
 
-	return strings.Replace(hostname, ":", "-", -1)
-}
-
-// NewDomainNameSet returns nil and error, if list has duplicate or empty
-// domain name.  Otherwise returns a set, which contains non-FQDN domain names,
-// and nil error.
-func NewDomainNameSet(list []string) (set *stringutil.Set, err error) {
-	set = stringutil.NewSet()
-
-	for i, v := range list {
-		host := strings.ToLower(strings.TrimSuffix(v, "."))
-		// TODO(a.garipov): Think about ignoring empty (".") names in the
-		// future.
-		if host == "" {
-			return nil, errors.Error("host name is empty")
-		}
-
-		if set.Has(host) {
-			return nil, fmt.Errorf("duplicate host name %q at index %d", host, i)
-		}
-
-		set.Add(host)
-	}
-
-	return set, nil
+	return strings.ReplaceAll(hostname, ":", "-")
 }

internal/aghtest/interface.go

@@ -2,8 +2,8 @@ package aghtest
 
 import (
 	"context"
+	"io"
 	"io/fs"
-	"net"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
@@ -19,23 +19,23 @@ import (
 
 // Package fs
 
-// type check
-var _ fs.FS = &FS{}
-
-// FS is a mock [fs.FS] implementation for tests.
+// FS is a fake [fs.FS] implementation for tests.
 type FS struct {
 	OnOpen func(name string) (fs.File, error)
 }
 
+// type check
+var _ fs.FS = (*FS)(nil)
+
 // Open implements the [fs.FS] interface for *FS.
 func (fsys *FS) Open(name string) (fs.File, error) {
 	return fsys.OnOpen(name)
 }
 
 // type check
-var _ fs.GlobFS = &GlobFS{}
+var _ fs.GlobFS = (*GlobFS)(nil)
 
-// GlobFS is a mock [fs.GlobFS] implementation for tests.
+// GlobFS is a fake [fs.GlobFS] implementation for tests.
 type GlobFS struct {
 	// FS is embedded here to avoid implementing all it's methods.
 	FS
@@ -48,9 +48,9 @@ func (fsys *GlobFS) Glob(pattern string) ([]string, error) {
 }
 
 // type check
-var _ fs.StatFS = &StatFS{}
+var _ fs.StatFS = (*StatFS)(nil)
 
-// StatFS is a mock [fs.StatFS] implementation for tests.
+// StatFS is a fake [fs.StatFS] implementation for tests.
 type StatFS struct {
 	// FS is embedded here to avoid implementing all it's methods.
 	FS
@@ -62,47 +62,34 @@ func (fsys *StatFS) Stat(name string) (fs.FileInfo, error) {
 	return fsys.OnStat(name)
 }
 
-// Package net
+// Package io
 
-// type check
-var _ net.Listener = (*Listener)(nil)
-
-// Listener is a mock [net.Listener] implementation for tests.
-type Listener struct {
-	OnAccept func() (conn net.Conn, err error)
-	OnAddr   func() (addr net.Addr)
-	OnClose  func() (err error)
+// Writer is a fake [io.Writer] implementation for tests.
+type Writer struct {
+	OnWrite func(b []byte) (n int, err error)
 }
 
-// Accept implements the [net.Listener] interface for *Listener.
-func (l *Listener) Accept() (conn net.Conn, err error) {
-	return l.OnAccept()
-}
+var _ io.Writer = (*Writer)(nil)
 
-// Addr implements the [net.Listener] interface for *Listener.
-func (l *Listener) Addr() (addr net.Addr) {
-	return l.OnAddr()
-}
-
-// Close implements the [net.Listener] interface for *Listener.
-func (l *Listener) Close() (err error) {
-	return l.OnClose()
+// Write implements the [io.Writer] interface for *Writer.
+func (w *Writer) Write(b []byte) (n int, err error) {
+	return w.OnWrite(b)
 }
 
 // Module adguard-home
 
 // Package aghos
 
-// type check
-var _ aghos.FSWatcher = (*FSWatcher)(nil)
-
-// FSWatcher is a mock [aghos.FSWatcher] implementation for tests.
+// FSWatcher is a fake [aghos.FSWatcher] implementation for tests.
 type FSWatcher struct {
 	OnEvents func() (e <-chan struct{})
 	OnAdd    func(name string) (err error)
 	OnClose  func() (err error)
 }
 
+// type check
+var _ aghos.FSWatcher = (*FSWatcher)(nil)
+
 // Events implements the [aghos.FSWatcher] interface for *FSWatcher.
 func (w *FSWatcher) Events() (e <-chan struct{}) {
 	return w.OnEvents()
@@ -120,16 +107,16 @@ func (w *FSWatcher) Close() (err error) {
 
 // Package agh
 
-// type check
-var _ agh.ServiceWithConfig[struct{}] = (*ServiceWithConfig[struct{}])(nil)
-
-// ServiceWithConfig is a mock [agh.ServiceWithConfig] implementation for tests.
+// ServiceWithConfig is a fake [agh.ServiceWithConfig] implementation for tests.
 type ServiceWithConfig[ConfigType any] struct {
 	OnStart    func() (err error)
 	OnShutdown func(ctx context.Context) (err error)
 	OnConfig   func() (c ConfigType)
 }
 
+// type check
+var _ agh.ServiceWithConfig[struct{}] = (*ServiceWithConfig[struct{}])(nil)
+
 // Start implements the [agh.ServiceWithConfig] interface for
 // *ServiceWithConfig.
 func (s *ServiceWithConfig[_]) Start() (err error) {
@@ -152,10 +139,7 @@ func (s *ServiceWithConfig[ConfigType]) Config() (c ConfigType) {
 
 // Package upstream
 
-// type check
-var _ upstream.Upstream = (*UpstreamMock)(nil)
-
-// UpstreamMock is a mock [upstream.Upstream] implementation for tests.
+// UpstreamMock is a fake [upstream.Upstream] implementation for tests.
 //
 // TODO(a.garipov): Replace with all uses of Upstream with UpstreamMock and
 // rename it to just Upstream.
@@ -165,6 +149,9 @@ type UpstreamMock struct {
 	OnClose    func() (err error)
 }
 
+// type check
+var _ upstream.Upstream = (*UpstreamMock)(nil)
+
 // Address implements the [upstream.Upstream] interface for *UpstreamMock.
 func (u *UpstreamMock) Address() (addr string) {
 	return u.OnAddress()

internal/dnsforward/dnsforward.go

@@ -17,6 +17,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/AdGuardHome/internal/querylog"
+	"github.com/AdguardTeam/AdGuardHome/internal/rdns"
 	"github.com/AdguardTeam/AdGuardHome/internal/stats"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/dnsproxy/upstream"
@@ -277,17 +278,6 @@ func (s *Server) Resolve(host string) ([]net.IPAddr, error) {
 	return s.internalProxy.LookupIPAddr(host)
 }
 
-// RDNSExchanger is a resolver for clients' addresses.
-type RDNSExchanger interface {
-	// Exchange tries to resolve the ip in a suitable way, i.e. either as local
-	// or as external.
-	Exchange(ip net.IP) (host string, err error)
-
-	// ResolvesPrivatePTR returns true if the RDNSExchanger is able to
-	// resolve PTR requests for locally-served addresses.
-	ResolvesPrivatePTR() (ok bool)
-}
-
 const (
 	// ErrRDNSNoData is returned by [RDNSExchanger.Exchange] when the answer
 	// section of response is either NODATA or has no PTR records.
@@ -299,10 +289,10 @@ const (
 )
 
 // type check
-var _ RDNSExchanger = (*Server)(nil)
+var _ rdns.Exchanger = (*Server)(nil)
 
-// Exchange implements the RDNSExchanger interface for *Server.
-func (s *Server) Exchange(ip net.IP) (host string, err error) {
+// Exchange implements the [rdns.Exchanger] interface for *Server.
+func (s *Server) Exchange(ip netip.Addr) (host string, err error) {
 	s.serverLock.RLock()
 	defer s.serverLock.RUnlock()
 
@@ -310,7 +300,7 @@ func (s *Server) Exchange(ip net.IP) (host string, err error) {
 		return "", nil
 	}
 
-	arpa, err := netutil.IPToReversedAddr(ip)
+	arpa, err := netutil.IPToReversedAddr(ip.AsSlice())
 	if err != nil {
 		return "", fmt.Errorf("reversing ip: %w", err)
 	}
@@ -335,7 +325,7 @@ func (s *Server) Exchange(ip net.IP) (host string, err error) {
 	}
 
 	var resolver *proxy.Proxy
-	if s.privateNets.Contains(ip) {
+	if s.isPrivateIP(ip) {
 		if !s.conf.UsePrivateRDNS {
 			return "", nil
 		}
@@ -350,8 +340,12 @@ func (s *Server) Exchange(ip net.IP) (host string, err error) {
 		return "", err
 	}
 
+	return hostFromPTR(ctx.Res)
+}
+
+// hostFromPTR returns domain name from the PTR response or error.
+func hostFromPTR(resp *dns.Msg) (host string, err error) {
 	// Distinguish between NODATA response and a failed request.
-	resp := ctx.Res
 	if resp.Rcode != dns.RcodeSuccess && resp.Rcode != dns.RcodeNameError {
 		return "", fmt.Errorf(
 			"received %s response: %w",
@@ -370,12 +364,25 @@ func (s *Server) Exchange(ip net.IP) (host string, err error) {
 	return "", ErrRDNSNoData
 }
 
-// ResolvesPrivatePTR implements the RDNSExchanger interface for *Server.
-func (s *Server) ResolvesPrivatePTR() (ok bool) {
+// isPrivateIP returns true if the ip is private.
+func (s *Server) isPrivateIP(ip netip.Addr) (ok bool) {
+	return s.privateNets.Contains(ip.AsSlice())
+}
+
+// ShouldResolveClient returns false if ip is a loopback address, or ip is
+// private and resolving of private addresses is disabled.
+func (s *Server) ShouldResolveClient(ip netip.Addr) (ok bool) {
+	if ip.IsLoopback() {
+		return false
+	}
+
+	isPrivate := s.isPrivateIP(ip)
+
 	s.serverLock.RLock()
 	defer s.serverLock.RUnlock()
 
-	return s.conf.UsePrivateRDNS
+	return s.conf.ResolveClients &&
+		(s.conf.UsePrivateRDNS || !isPrivate)
 }
 
 // Start starts the DNS server.

internal/dnsforward/dnsforward_test.go

@@ -1273,11 +1273,11 @@ func TestServer_Exchange(t *testing.T) {
 	)
 
 	var (
-		onesIP  = net.IP{1, 1, 1, 1}
-		localIP = net.IP{192, 168, 1, 1}
+		onesIP  = netip.MustParseAddr("1.1.1.1")
+		localIP = netip.MustParseAddr("192.168.1.1")
 	)
 
-	revExtIPv4, err := netutil.IPToReversedAddr(onesIP)
+	revExtIPv4, err := netutil.IPToReversedAddr(onesIP.AsSlice())
 	require.NoError(t, err)
 
 	extUpstream := &aghtest.UpstreamMock{
@@ -1290,7 +1290,7 @@ func TestServer_Exchange(t *testing.T) {
 		},
 	}
 
-	revLocIPv4, err := netutil.IPToReversedAddr(localIP)
+	revLocIPv4, err := netutil.IPToReversedAddr(localIP.AsSlice())
 	require.NoError(t, err)
 
 	locUpstream := &aghtest.UpstreamMock{
@@ -1330,7 +1330,7 @@ func TestServer_Exchange(t *testing.T) {
 		want        string
 		wantErr     error
 		locUpstream upstream.Upstream
-		req         net.IP
+		req         netip.Addr
 	}{{
 		name:        "external_good",
 		want:        onesHost,
@@ -1354,7 +1354,7 @@ func TestServer_Exchange(t *testing.T) {
 		want:        "",
 		wantErr:     ErrRDNSNoData,
 		locUpstream: locUpstream,
-		req:         net.IP{192, 168, 1, 2},
+		req:         netip.MustParseAddr("192.168.1.2"),
 	}, {
 		name:        "invalid_answer",
 		want:        "",
@@ -1396,3 +1396,57 @@ func TestServer_Exchange(t *testing.T) {
 		assert.Empty(t, host)
 	})
 }
+
+func TestServer_ShouldResolveClient(t *testing.T) {
+	srv := &Server{
+		privateNets: netutil.SubnetSetFunc(netutil.IsLocallyServed),
+	}
+
+	testCases := []struct {
+		ip         netip.Addr
+		want       require.BoolAssertionFunc
+		name       string
+		resolve    bool
+		usePrivate bool
+	}{{
+		name:       "default",
+		ip:         netip.MustParseAddr("1.1.1.1"),
+		want:       require.True,
+		resolve:    true,
+		usePrivate: true,
+	}, {
+		name:       "no_rdns",
+		ip:         netip.MustParseAddr("1.1.1.1"),
+		want:       require.False,
+		resolve:    false,
+		usePrivate: true,
+	}, {
+		name:       "loopback",
+		ip:         netip.MustParseAddr("127.0.0.1"),
+		want:       require.False,
+		resolve:    true,
+		usePrivate: true,
+	}, {
+		name:       "private_resolve",
+		ip:         netip.MustParseAddr("192.168.0.1"),
+		want:       require.True,
+		resolve:    true,
+		usePrivate: true,
+	}, {
+		name:       "private_no_resolve",
+		ip:         netip.MustParseAddr("192.168.0.1"),
+		want:       require.False,
+		resolve:    true,
+		usePrivate: false,
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			srv.conf.ResolveClients = tc.resolve
+			srv.conf.UsePrivateRDNS = tc.usePrivate
+
+			ok := srv.ShouldResolveClient(tc.ip)
+			tc.want(t, ok)
+		})
+	}
+}

internal/dnsforward/filter_test.go

@@ -21,6 +21,8 @@ func TestHandleDNSRequest_filterDNSResponse(t *testing.T) {
 ||cname.specific^$dnstype=~CNAME
 ||0.0.0.1^$dnstype=~A
 ||::1^$dnstype=~AAAA
+0.0.0.0 duplicate.domain
+0.0.0.0 duplicate.domain
 `
 
 	forwardConf := ServerConfig{
@@ -137,6 +139,17 @@ func TestHandleDNSRequest_filterDNSResponse(t *testing.T) {
 			},
 			A: netutil.IPv4Zero(),
 		}},
+	}, {
+		req:  createTestMessage("duplicate.domain."),
+		name: "duplicate_domain",
+		wantAns: []dns.RR{&dns.A{
+			Hdr: dns.RR_Header{
+				Name:   "duplicate.domain.",
+				Rrtype: dns.TypeA,
+				Class:  dns.ClassINET,
+			},
+			A: netutil.IPv4Zero(),
+		}},
 	}}
 
 	for _, tc := range testCases {

internal/dnsforward/msg.go

@@ -26,11 +26,25 @@ func (s *Server) makeResponse(req *dns.Msg) (resp *dns.Msg) {
 	return resp
 }
 
-// ipsFromRules extracts non-IP addresses from the filtering result rules.
+// containsIP returns true if the IP is already in the list.
+func containsIP(ips []net.IP, ip net.IP) bool {
+	for _, a := range ips {
+		if a.Equal(ip) {
+			return true
+		}
+	}
+
+	return false
+}
+
+// ipsFromRules extracts unique non-IP addresses from the filtering result
+// rules.
 func ipsFromRules(resRules []*filtering.ResultRule) (ips []net.IP) {
 	for _, r := range resRules {
-		if r.IP != nil {
-			ips = append(ips, r.IP)
+		// len(resRules) and len(ips) are actually small enough for O(n^2) to do
+		// not raise performance questions.
+		if ip := r.IP; ip != nil && !containsIP(ips, ip) {
+			ips = append(ips, ip)
 		}
 	}
 

internal/dnsforward/stats.go

@@ -2,9 +2,9 @@ package dnsforward
 
 import (
 	"net"
-	"strings"
 	"time"
 
+	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/AdGuardHome/internal/querylog"
 	"github.com/AdguardTeam/AdGuardHome/internal/stats"
@@ -24,7 +24,7 @@ func (s *Server) processQueryLogsAndStats(dctx *dnsContext) (rc resultCode) {
 	pctx := dctx.proxyCtx
 
 	q := pctx.Req.Question[0]
-	host := strings.ToLower(strings.TrimSuffix(q.Name, "."))
+	host := aghnet.NormalizeDomain(q.Name)
 
 	ip, _ := netutil.IPAndPortFromAddr(pctx.Addr)
 	ip = slices.Clone(ip)
@@ -139,11 +139,10 @@ func (s *Server) updateStats(
 	clientIP string,
 ) {
 	pctx := ctx.proxyCtx
-	e := stats.Entry{}
-	e.Domain = strings.ToLower(pctx.Req.Question[0].Name)
-	if e.Domain != "." {
-		// Remove last ".", but save the domain as is for "." queries.
-		e.Domain = e.Domain[:len(e.Domain)-1]
+	e := stats.Entry{
+		Domain: aghnet.NormalizeDomain(pctx.Req.Question[0].Name),
+		Result: stats.RNotFiltered,
+		Time:   uint32(elapsed / 1000),
 	}
 
 	if clientID := ctx.clientID; clientID != "" {
@@ -152,9 +151,6 @@ func (s *Server) updateStats(
 		e.Client = clientIP
 	}
 
-	e.Time = uint32(elapsed / 1000)
-	e.Result = stats.RNotFiltered
-
 	switch res.Reason {
 	case filtering.FilteredSafeBrowsing:
 		e.Result = stats.RSafeBrowsing
@@ -162,7 +158,8 @@ func (s *Server) updateStats(
 		e.Result = stats.RParental
 	case filtering.FilteredSafeSearch:
 		e.Result = stats.RSafeSearch
-	case filtering.FilteredBlockList,
+	case
+		filtering.FilteredBlockList,
 		filtering.FilteredInvalid,
 		filtering.FilteredBlockedService:
 		e.Result = stats.RFiltered

internal/filtering/filter.go

@@ -1,10 +1,7 @@
 package filtering
 
 import (
-	"bufio"
-	"bytes"
 	"fmt"
-	"hash/crc32"
 	"io"
 	"net/http"
 	"os"
@@ -14,6 +11,7 @@ import (
 	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
+	"github.com/AdguardTeam/AdGuardHome/internal/filtering/rulelist"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/stringutil"
@@ -29,9 +27,9 @@ const filterDir = "filters"
 // TODO(e.burkov):  Use more deterministic approach.
 var nextFilterID = time.Now().Unix()
 
-// FilterYAML respresents a filter list in the configuration file.
+// FilterYAML represents a filter list in the configuration file.
 //
-// TODO(e.burkov):  Investigate if the field oredering is important.
+// TODO(e.burkov):  Investigate if the field ordering is important.
 type FilterYAML struct {
 	Enabled     bool
 	URL         string    // URL or a file path
@@ -213,7 +211,7 @@ func (d *DNSFilter) loadFilters(array []FilterYAML) {
 
 		err := d.load(filter)
 		if err != nil {
-			log.Error("Couldn't load filter %d contents due to %s", filter.ID, err)
+			log.Error("filtering: loading filter %d: %s", filter.ID, err)
 		}
 	}
 }
@@ -338,7 +336,8 @@ func (d *DNSFilter) refreshFiltersArray(filters *[]FilterYAML, force bool) (int,
 		updateFlags = append(updateFlags, updated)
 		if err != nil {
 			nfail++
-			log.Printf("Failed to update filter %s: %s\n", uf.URL, err)
+			log.Info("filtering: updating filter from url %q: %s\n", uf.URL, err)
+
 			continue
 		}
 	}
@@ -367,7 +366,13 @@ func (d *DNSFilter) refreshFiltersArray(filters *[]FilterYAML, force bool) (int,
 				continue
 			}
 
-			log.Info("Updated filter #%d.  Rules: %d -> %d", f.ID, f.RulesCount, uf.RulesCount)
+			log.Info(
+				"filtering: updated filter %d; rule count: %d (was %d)",
+				f.ID,
+				uf.RulesCount,
+				f.RulesCount,
+			)
+
 			f.Name = uf.Name
 			f.RulesCount = uf.RulesCount
 			f.checksum = uf.checksum
@@ -397,9 +402,10 @@ func (d *DNSFilter) refreshFiltersArray(filters *[]FilterYAML, force bool) (int,
 //
 // TODO(a.garipov, e.burkov): What the hell?
 func (d *DNSFilter) refreshFiltersIntl(block, allow, force bool) (int, bool) {
-	log.Debug("filtering: updating...")
-
 	updNum := 0
+	log.Debug("filtering: starting updating")
+	defer func() { log.Debug("filtering: finished updating, %d updated", updNum) }()
+
 	var lists []FilterYAML
 	var toUpd []bool
 	isNetErr := false
@@ -437,131 +443,9 @@ func (d *DNSFilter) refreshFiltersIntl(block, allow, force bool) (int, bool) {
 		}
 	}
 
-	log.Debug("filtering: update finished: %d lists updated", updNum)
-
 	return updNum, false
 }
 
-// isPrintableText returns true if data is printable UTF-8 text with CR, LF, TAB
-// characters.
-//
-// TODO(e.burkov):  Investigate the purpose of this and improve the
-// implementation.  Perhaps, use something from the unicode package.
-func isPrintableText(data string) (ok bool) {
-	for _, c := range []byte(data) {
-		if (c >= ' ' && c != 0x7f) || c == '\n' || c == '\r' || c == '\t' {
-			continue
-		}
-
-		return false
-	}
-
-	return true
-}
-
-// scanLinesWithBreak is essentially a [bufio.ScanLines] which keeps trailing
-// line breaks.
-func scanLinesWithBreak(data []byte, atEOF bool) (advance int, token []byte, err error) {
-	if atEOF && len(data) == 0 {
-		return 0, nil, nil
-	}
-
-	if i := bytes.IndexByte(data, '\n'); i >= 0 {
-		return i + 1, data[0 : i+1], nil
-	}
-
-	if atEOF {
-		return len(data), data, nil
-	}
-
-	// Request more data.
-	return 0, nil, nil
-}
-
-// parseFilter copies filter's content from src to dst and returns the number of
-// rules, number of bytes written, checksum, and title of the parsed list.  dst
-// must not be nil.
-func (d *DNSFilter) parseFilter(
-	src io.Reader,
-	dst io.Writer,
-) (rulesNum, written int, checksum uint32, title string, err error) {
-	scanner := bufio.NewScanner(src)
-	scanner.Split(scanLinesWithBreak)
-
-	titleFound := false
-	for n := 0; scanner.Scan(); written += n {
-		line := scanner.Text()
-		var isRule bool
-		var likelyTitle string
-		isRule, likelyTitle, err = d.parseFilterLine(line, !titleFound, written == 0)
-		if err != nil {
-			return 0, written, 0, "", err
-		}
-
-		if isRule {
-			rulesNum++
-		} else if likelyTitle != "" {
-			title, titleFound = likelyTitle, true
-		}
-
-		checksum = crc32.Update(checksum, crc32.IEEETable, []byte(line))
-
-		n, err = dst.Write([]byte(line))
-		if err != nil {
-			return 0, written, 0, "", fmt.Errorf("writing filter line: %w", err)
-		}
-	}
-
-	if err = scanner.Err(); err != nil {
-		return 0, written, 0, "", fmt.Errorf("scanning filter contents: %w", err)
-	}
-
-	return rulesNum, written, checksum, title, nil
-}
-
-// parseFilterLine returns true if the passed line is a rule.  line is
-// considered a rule if it's not a comment and contains no title.
-func (d *DNSFilter) parseFilterLine(
-	line string,
-	lookForTitle bool,
-	testHTML bool,
-) (isRule bool, title string, err error) {
-	if !isPrintableText(line) {
-		return false, "", errors.Error("filter contains non-printable characters")
-	}
-
-	line = strings.TrimSpace(line)
-	if line == "" || line[0] == '#' {
-		return false, "", nil
-	}
-
-	if testHTML && isHTML(line) {
-		return false, "", errors.Error("data is HTML, not plain text")
-	}
-
-	if line[0] == '!' && lookForTitle {
-		match := d.filterTitleRegexp.FindStringSubmatch(line)
-		if len(match) > 1 {
-			title = match[1]
-		}
-
-		return false, title, nil
-	}
-
-	return true, "", nil
-}
-
-// isHTML returns true if the line contains HTML tags instead of plain text.
-// line shouldn have no leading space symbols.
-//
-// TODO(ameshkov):  It actually gives too much false-positives.  Perhaps, just
-// check if trimmed string begins with angle bracket.
-func isHTML(line string) (ok bool) {
-	line = strings.ToLower(line)
-
-	return strings.HasPrefix(line, "<html") || strings.HasPrefix(line, "<!doctype")
-}
-
 // update refreshes filter's content and a/mtimes of it's file.
 func (d *DNSFilter) update(filter *FilterYAML) (b bool, err error) {
 	b, err = d.updateIntl(filter)
@@ -573,7 +457,7 @@ func (d *DNSFilter) update(filter *FilterYAML) (b bool, err error) {
 			filter.LastUpdated,
 		)
 		if chErr != nil {
-			log.Error("os.Chtimes(): %v", chErr)
+			log.Error("filtering: os.Chtimes(): %s", chErr)
 		}
 	}
 
@@ -582,14 +466,12 @@ func (d *DNSFilter) update(filter *FilterYAML) (b bool, err error) {
 
 // finalizeUpdate closes and gets rid of temporary file f with filter's content
 // according to updated.  It also saves new values of flt's name, rules number
-// and checksum if sucсeeded.
+// and checksum if succeeded.
 func (d *DNSFilter) finalizeUpdate(
 	file *os.File,
 	flt *FilterYAML,
 	updated bool,
-	name string,
-	rnum int,
-	cs uint32,
+	res *rulelist.ParseResult,
 ) (err error) {
 	tmpFileName := file.Name()
 
@@ -602,23 +484,24 @@ func (d *DNSFilter) finalizeUpdate(
 	}
 
 	if !updated {
-		log.Tracef("filter #%d from %s has no changes, skip", flt.ID, flt.URL)
+		log.Debug("filtering: filter %d from url %q has no changes, skipping", flt.ID, flt.URL)
 
 		return os.Remove(tmpFileName)
 	}
 
 	fltPath := flt.Path(d.DataDir)
 
-	log.Printf("saving contents of filter #%d into %s", flt.ID, fltPath)
+	log.Info("filtering: saving contents of filter %d into %q", flt.ID, fltPath)
 
-	// Don't use renamio or maybe packages, since those will require loading the
-	// whole filter content to the memory on Windows.
+	// Don't use renameio or maybe packages, since those will require loading
+	// the whole filter content to the memory on Windows.
 	err = os.Rename(tmpFileName, fltPath)
 	if err != nil {
 		return errors.WithDeferred(err, os.Remove(tmpFileName))
 	}
 
-	flt.Name, flt.checksum, flt.RulesCount = aghalg.Coalesce(flt.Name, name), cs, rnum
+	flt.Name = aghalg.Coalesce(flt.Name, res.Title)
+	flt.checksum, flt.RulesCount = res.Checksum, res.RulesCount
 
 	return nil
 }
@@ -626,11 +509,9 @@ func (d *DNSFilter) finalizeUpdate(
 // updateIntl updates the flt rewriting it's actual file.  It returns true if
 // the actual update has been performed.
 func (d *DNSFilter) updateIntl(flt *FilterYAML) (ok bool, err error) {
-	log.Tracef("downloading update for filter %d from %s", flt.ID, flt.URL)
+	log.Debug("filtering: downloading update for filter %d from %q", flt.ID, flt.URL)
 
-	var name string
-	var rnum, n int
-	var cs uint32
+	var res *rulelist.ParseResult
 
 	var tmpFile *os.File
 	tmpFile, err = os.CreateTemp(filepath.Join(d.DataDir, filterDir), "")
@@ -638,9 +519,14 @@ func (d *DNSFilter) updateIntl(flt *FilterYAML) (ok bool, err error) {
 		return false, err
 	}
 	defer func() {
-		finErr := d.finalizeUpdate(tmpFile, flt, ok, name, rnum, cs)
+		finErr := d.finalizeUpdate(tmpFile, flt, ok, res)
 		if ok && finErr == nil {
-			log.Printf("updated filter %d: %d bytes, %d rules", flt.ID, n, rnum)
+			log.Info(
+				"filtering: updated filter %d: %d bytes, %d rules",
+				flt.ID,
+				res.BytesWritten,
+				res.RulesCount,
+			)
 
 			return
 		}
@@ -661,14 +547,14 @@ func (d *DNSFilter) updateIntl(flt *FilterYAML) (ok bool, err error) {
 		var resp *http.Response
 		resp, err = d.HTTPClient.Get(flt.URL)
 		if err != nil {
-			log.Printf("requesting filter from %s, skip: %s", flt.URL, err)
+			log.Info("filtering: requesting filter from %q: %s, skipping", flt.URL, err)
 
 			return false, err
 		}
 		defer func() { err = errors.WithDeferred(err, resp.Body.Close()) }()
 
 		if resp.StatusCode != http.StatusOK {
-			log.Printf("got status code %d from %s, skip", resp.StatusCode, flt.URL)
+			log.Info("filtering got status code %d from %q, skipping", resp.StatusCode, flt.URL)
 
 			return false, fmt.Errorf("got status code %d, want %d", resp.StatusCode, http.StatusOK)
 		}
@@ -685,16 +571,20 @@ func (d *DNSFilter) updateIntl(flt *FilterYAML) (ok bool, err error) {
 		r = f
 	}
 
-	rnum, n, cs, name, err = d.parseFilter(r, tmpFile)
+	bufPtr := d.bufPool.Get().(*[]byte)
+	defer d.bufPool.Put(bufPtr)
 
-	return cs != flt.checksum && err == nil, err
+	p := rulelist.NewParser()
+	res, err = p.Parse(tmpFile, r, *bufPtr)
+
+	return res.Checksum != flt.checksum && err == nil, err
 }
 
 // loads filter contents from the file in dataDir
 func (d *DNSFilter) load(flt *FilterYAML) (err error) {
 	fileName := flt.Path(d.DataDir)
 
-	log.Debug("filtering: loading filter %d from %s", flt.ID, fileName)
+	log.Debug("filtering: loading filter %d from %q", flt.ID, fileName)
 
 	file, err := os.Open(fileName)
 	if errors.Is(err, os.ErrNotExist) {
@@ -710,14 +600,18 @@ func (d *DNSFilter) load(flt *FilterYAML) (err error) {
 		return fmt.Errorf("getting filter file stat: %w", err)
 	}
 
-	log.Debug("filtering: file %s, id %d, length %d", fileName, flt.ID, st.Size())
+	log.Debug("filtering: file %q, id %d, length %d", fileName, flt.ID, st.Size())
 
-	rulesCount, _, checksum, _, err := d.parseFilter(file, io.Discard)
+	bufPtr := d.bufPool.Get().(*[]byte)
+	defer d.bufPool.Put(bufPtr)
+
+	p := rulelist.NewParser()
+	res, err := p.Parse(io.Discard, file, *bufPtr)
 	if err != nil {
 		return fmt.Errorf("parsing filter file: %w", err)
 	}
 
-	flt.RulesCount, flt.checksum, flt.LastUpdated = rulesCount, checksum, st.ModTime()
+	flt.RulesCount, flt.checksum, flt.LastUpdated = res.RulesCount, res.Checksum, st.ModTime()
 
 	return nil
 }
@@ -759,8 +653,9 @@ func (d *DNSFilter) enableFiltersLocked(async bool) {
 		})
 	}
 
-	if err := d.SetFilters(filters, allowFilters, async); err != nil {
-		log.Debug("enabling filters: %s", err)
+	err := d.setFilters(filters, allowFilters, async)
+	if err != nil {
+		log.Error("filtering: enabling filters: %s", err)
 	}
 
 	d.SetEnabled(d.FilteringEnabled)

internal/filtering/filtering.go

@@ -9,7 +9,6 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
-	"regexp"
 	"runtime"
 	"runtime/debug"
 	"strings"
@@ -18,6 +17,7 @@ import (
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
+	"github.com/AdguardTeam/AdGuardHome/internal/filtering/rulelist"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/mathutil"
@@ -170,6 +170,15 @@ type Checker interface {
 
 // DNSFilter matches hostnames and DNS requests against filtering rules.
 type DNSFilter struct {
+	// bufPool is a pool of buffers used for filtering-rule list parsing.
+	bufPool *sync.Pool
+
+	rulesStorage    *filterlist.RuleStorage
+	filteringEngine *urlfilter.DNSEngine
+
+	rulesStorageAllow    *filterlist.RuleStorage
+	filteringEngineAllow *urlfilter.DNSEngine
+
 	safeSearch SafeSearch
 
 	// safeBrowsingChecker is the safe browsing hash-prefix checker.
@@ -178,12 +187,6 @@ type DNSFilter struct {
 	// parentalControl is the parental control hash-prefix checker.
 	parentalControlChecker Checker
 
-	rulesStorage    *filterlist.RuleStorage
-	filteringEngine *urlfilter.DNSEngine
-
-	rulesStorageAllow    *filterlist.RuleStorage
-	filteringEngineAllow *urlfilter.DNSEngine
-
 	engineLock sync.RWMutex
 
 	Config // for direct access by library users, even a = assignment
@@ -196,12 +199,6 @@ type DNSFilter struct {
 
 	refreshLock *sync.Mutex
 
-	// filterTitleRegexp is the regular expression to retrieve a name of a
-	// filter list.
-	//
-	// TODO(e.burkov):  Don't use regexp for such a simple text processing task.
-	filterTitleRegexp *regexp.Regexp
-
 	hostCheckers []hostChecker
 }
 
@@ -339,12 +336,12 @@ func cloneRewrites(entries []*LegacyRewrite) (clone []*LegacyRewrite) {
 	return clone
 }
 
-// SetFilters sets new filters, synchronously or asynchronously.  When filters
+// setFilters sets new filters, synchronously or asynchronously.  When filters
 // are set asynchronously, the old filters continue working until the new
 // filters are ready.
 //
 // In this case the caller must ensure that the old filter files are intact.
-func (d *DNSFilter) SetFilters(blockFilters, allowFilters []Filter, async bool) error {
+func (d *DNSFilter) setFilters(blockFilters, allowFilters []Filter, async bool) error {
 	if async {
 		params := filtersInitializerParams{
 			allowFilters: allowFilters,
@@ -370,14 +367,7 @@ func (d *DNSFilter) SetFilters(blockFilters, allowFilters []Filter, async bool)
 		return nil
 	}
 
-	err := d.initFiltering(allowFilters, blockFilters)
-	if err != nil {
-		log.Error("filtering: can't initialize filtering subsystem: %s", err)
-
-		return err
-	}
-
-	return nil
+	return d.initFiltering(allowFilters, blockFilters)
 }
 
 // Starts initializing new filters by signal from channel
@@ -386,7 +376,8 @@ func (d *DNSFilter) filtersInitializer() {
 		params := <-d.filtersInitializerChan
 		err := d.initFiltering(params.allowFilters, params.blockFilters)
 		if err != nil {
-			log.Error("Can't initialize filtering subsystem: %s", err)
+			log.Error("filtering: initializing: %s", err)
+
 			continue
 		}
 	}
@@ -718,7 +709,7 @@ func newRuleStorage(filters []Filter) (rs *filterlist.RuleStorage, err error) {
 }
 
 // Initialize urlfilter objects.
-func (d *DNSFilter) initFiltering(allowFilters, blockFilters []Filter) error {
+func (d *DNSFilter) initFiltering(allowFilters, blockFilters []Filter) (err error) {
 	rulesStorage, err := newRuleStorage(blockFilters)
 	if err != nil {
 		return err
@@ -745,7 +736,8 @@ func (d *DNSFilter) initFiltering(allowFilters, blockFilters []Filter) error {
 
 	// Make sure that the OS reclaims memory as soon as possible.
 	debug.FreeOSMemory()
-	log.Debug("initialized filtering engine")
+
+	log.Debug("filtering: initialized filtering engine")
 
 	return nil
 }
@@ -949,8 +941,14 @@ func InitModule() {
 // be non-nil.
 func New(c *Config, blockFilters []Filter) (d *DNSFilter, err error) {
 	d = &DNSFilter{
+		bufPool: &sync.Pool{
+			New: func() (buf any) {
+				bufVal := make([]byte, rulelist.MaxRuleLen)
+
+				return &bufVal
+			},
+		},
 		refreshLock:            &sync.Mutex{},
-		filterTitleRegexp:      regexp.MustCompile(`^! Title: +(.*)$`),
 		safeBrowsingChecker:    c.SafeBrowsingChecker,
 		parentalControlChecker: c.ParentalControlChecker,
 	}
@@ -1047,7 +1045,7 @@ func (d *DNSFilter) checkSafeBrowsing(
 
 	if log.GetLevel() >= log.DEBUG {
 		timer := log.StartTimer()
-		defer timer.LogElapsed("safebrowsing lookup for %q", host)
+		defer timer.LogElapsed("filtering: safebrowsing lookup for %q", host)
 	}
 
 	res = Result{
@@ -1079,7 +1077,7 @@ func (d *DNSFilter) checkParental(
 
 	if log.GetLevel() >= log.DEBUG {
 		timer := log.StartTimer()
-		defer timer.LogElapsed("parental lookup for %q", host)
+		defer timer.LogElapsed("filtering: parental lookup for %q", host)
 	}
 
 	res = Result{

internal/filtering/filtering_test.go

@@ -547,7 +547,7 @@ func TestWhitelist(t *testing.T) {
 	}}
 	d, setts := newForTest(t, nil, filters)
 
-	err := d.SetFilters(filters, whiteFilters, false)
+	err := d.setFilters(filters, whiteFilters, false)
 	require.NoError(t, err)
 
 	t.Cleanup(d.Close)

internal/filtering/hashprefix/cache.go

@@ -25,7 +25,7 @@ func toCacheItem(data []byte) *cacheItem {
 	t := time.Unix(int64(binary.BigEndian.Uint64(data)), 0)
 
 	data = data[expirySize:]
-	hashes := make([]hostnameHash, len(data)/hashSize)
+	hashes := make([]hostnameHash, 0, len(data)/hashSize)
 
 	for i := 0; i < len(data); i += hashSize {
 		var hash hostnameHash
@@ -41,12 +41,13 @@ func toCacheItem(data []byte) *cacheItem {
 
 // fromCacheItem encodes cacheItem into data.
 func fromCacheItem(item *cacheItem) (data []byte) {
-	data = make([]byte, len(item.hashes)*hashSize+expirySize)
+	data = make([]byte, 0, len(item.hashes)*hashSize+expirySize)
+
 	expiry := item.expiry.Unix()
-	binary.BigEndian.PutUint64(data[:expirySize], uint64(expiry))
+	data = binary.BigEndian.AppendUint64(data, uint64(expiry))
 
 	for _, v := range item.hashes {
-		// nolint:looppointer // The subsilce is used for a copy.
+		// nolint:looppointer // The subslice of v is used for a copy.
 		data = append(data, v[:]...)
 	}
 
@@ -62,7 +63,7 @@ func (c *Checker) findInCache(
 
 	i := 0
 	for _, hash := range hashes {
-		// nolint:looppointer // The subsilce is used for a safe cache lookup.
+		// nolint:looppointer // The has subslice is used for a cache lookup.
 		data := c.cache.Get(hash[:prefixLen])
 		if data == nil {
 			hashes[i] = hash
@@ -97,34 +98,36 @@ func (c *Checker) storeInCache(hashesToRequest, respHashes []hostnameHash) {
 
 	for _, hash := range respHashes {
 		var pref prefix
-		// nolint:looppointer // The subsilce is used for a copy.
+		// nolint:looppointer // The hash subslice is used for a copy.
 		copy(pref[:], hash[:])
 
 		hashToStore[pref] = append(hashToStore[pref], hash)
 	}
 
 	for pref, hash := range hashToStore {
-		// nolint:looppointer // The subsilce is used for a safe cache lookup.
-		c.setCache(pref[:], hash)
+		c.setCache(pref, hash)
 	}
 
 	for _, hash := range hashesToRequest {
-		// nolint:looppointer // The subsilce is used for a safe cache lookup.
-		pref := hash[:prefixLen]
-		val := c.cache.Get(pref)
+		// nolint:looppointer // The hash subslice is used for a cache lookup.
+		val := c.cache.Get(hash[:prefixLen])
 		if val == nil {
+			var pref prefix
+			// nolint:looppointer // The hash subslice is used for a copy.
+			copy(pref[:], hash[:])
+
 			c.setCache(pref, nil)
 		}
 	}
 }
 
 // setCache stores hash in cache.
-func (c *Checker) setCache(pref []byte, hashes []hostnameHash) {
+func (c *Checker) setCache(pref prefix, hashes []hostnameHash) {
 	item := &cacheItem{
 		expiry: time.Now().Add(c.cacheTime),
 		hashes: hashes,
 	}
 
-	c.cache.Set(pref, fromCacheItem(item))
+	c.cache.Set(pref[:], fromCacheItem(item))
 	log.Debug("%s: stored in cache: %v", c.svc, pref)
 }

internal/filtering/hashprefix/cache_internal_test.go

@@ -0,0 +1,44 @@
+package hashprefix
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCacheItem(t *testing.T) {
+	item := &cacheItem{
+		expiry: time.Unix(0x01_23_45_67_89_AB_CD_EF, 0),
+		hashes: []hostnameHash{{
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+		}, {
+			0x01, 0x03, 0x05, 0x07, 0x02, 0x04, 0x06, 0x08,
+			0x01, 0x03, 0x05, 0x07, 0x02, 0x04, 0x06, 0x08,
+			0x01, 0x03, 0x05, 0x07, 0x02, 0x04, 0x06, 0x08,
+			0x01, 0x03, 0x05, 0x07, 0x02, 0x04, 0x06, 0x08,
+		}},
+	}
+
+	wantData := []byte{
+		0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+		0x01, 0x03, 0x05, 0x07, 0x02, 0x04, 0x06, 0x08,
+		0x01, 0x03, 0x05, 0x07, 0x02, 0x04, 0x06, 0x08,
+		0x01, 0x03, 0x05, 0x07, 0x02, 0x04, 0x06, 0x08,
+		0x01, 0x03, 0x05, 0x07, 0x02, 0x04, 0x06, 0x08,
+	}
+
+	gotData := fromCacheItem(item)
+	assert.Equal(t, wantData, gotData)
+
+	newItem := toCacheItem(gotData)
+	gotData = fromCacheItem(newItem)
+	assert.Equal(t, wantData, gotData)
+}

internal/filtering/hashprefix/hashprefix.go

@@ -173,7 +173,7 @@ func (c *Checker) getQuestion(hashes []hostnameHash) (q string) {
 	b := &strings.Builder{}
 
 	for _, hash := range hashes {
-		// nolint:looppointer // The subsilce is used for safe hex encoding.
+		// nolint:looppointer // The hash subslice is used for hex encoding.
 		stringutil.WriteToBuilder(b, hex.EncodeToString(hash[:prefixLen]), ".")
 	}
 

internal/filtering/http.go

@@ -95,7 +95,7 @@ func (d *DNSFilter) handleFilteringAddURL(w http.ResponseWriter, r *http.Request
 			r,
 			w,
 			http.StatusBadRequest,
-			"Couldn't fetch filter from url %s: %s",
+			"Couldn't fetch filter from URL %q: %s",
 			filt.URL,
 			err,
 		)

internal/filtering/rewrites.go

@@ -122,7 +122,7 @@ func matchDomainWildcard(host, wildcard string) (ok bool) {
 	return isWildcard(wildcard) && strings.HasSuffix(host, wildcard[1:])
 }
 
-// legacyRewriteSortsBefore sorts rewirtes according to the following priority:
+// legacyRewriteSortsBefore sorts rewrites according to the following priority:
 //
 //  1. A and AAAA > CNAME;
 //  2. wildcard > exact;

internal/filtering/rulelist/error.go

@@ -0,0 +1,9 @@
+package rulelist
+
+import "github.com/AdguardTeam/golibs/errors"
+
+// ErrHTML is returned by [Parser.Parse] if the data is likely to be HTML.
+//
+// TODO(a.garipov): This error is currently returned to the UI.  Stop that and
+// make it all-lowercase.
+const ErrHTML errors.Error = "data is HTML, not plain text"

internal/filtering/rulelist/parser.go

@@ -0,0 +1,184 @@
+package rulelist
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"hash/crc32"
+	"io"
+	"unicode"
+
+	"github.com/AdguardTeam/golibs/errors"
+)
+
+// Parser is a filtering-rule parser that collects data, such as the checksum
+// and the title, as well as counts rules and removes comments.
+type Parser struct {
+	title      string
+	rulesCount int
+	written    int
+	checksum   uint32
+	titleFound bool
+}
+
+// NewParser returns a new filtering-rule parser.
+func NewParser() (p *Parser) {
+	return &Parser{}
+}
+
+// ParseResult contains information about the results of parsing a
+// filtering-rule list by [Parser.Parse].
+type ParseResult struct {
+	// Title is the title contained within the filtering-rule list, if any.
+	Title string
+
+	// RulesCount is the number of rules in the list.  It excludes empty lines
+	// and comments.
+	RulesCount int
+
+	// BytesWritten is the number of bytes written to dst.
+	BytesWritten int
+
+	// Checksum is the CRC-32 checksum of the rules content.  That is, excluding
+	// empty lines and comments.
+	Checksum uint32
+}
+
+// Parse parses data from src into dst using buf during parsing.  r is never
+// nil.
+func (p *Parser) Parse(dst io.Writer, src io.Reader, buf []byte) (r *ParseResult, err error) {
+	s := bufio.NewScanner(src)
+	s.Buffer(buf, MaxRuleLen)
+
+	lineIdx := 0
+	for s.Scan() {
+		var n int
+		n, err = p.processLine(dst, s.Bytes(), lineIdx)
+		p.written += n
+		if err != nil {
+			// Don't wrap the error, because it's informative enough as is.
+			return p.result(), err
+		}
+
+		lineIdx++
+	}
+
+	r = p.result()
+	err = s.Err()
+
+	return r, errors.Annotate(err, "scanning filter contents: %w")
+}
+
+// result returns the current parsing result.
+func (p *Parser) result() (r *ParseResult) {
+	return &ParseResult{
+		Title:        p.title,
+		RulesCount:   p.rulesCount,
+		BytesWritten: p.written,
+		Checksum:     p.checksum,
+	}
+}
+
+// processLine processes a single line.  It may write to dst, and if it does, n
+// is the number of bytes written.
+func (p *Parser) processLine(dst io.Writer, line []byte, lineIdx int) (n int, err error) {
+	trimmed := bytes.TrimSpace(line)
+	if p.written == 0 && isHTMLLine(trimmed) {
+		return 0, ErrHTML
+	}
+
+	badIdx, isRule := 0, false
+	if p.titleFound {
+		badIdx, isRule = parseLine(trimmed)
+	} else {
+		badIdx, isRule = p.parseLineTitle(trimmed)
+	}
+	if badIdx != -1 {
+		return 0, fmt.Errorf(
+			"line at index %d: character at index %d: non-printable character",
+			lineIdx,
+			badIdx+bytes.Index(line, trimmed),
+		)
+	}
+
+	if !isRule {
+		return 0, nil
+	}
+
+	p.rulesCount++
+	p.checksum = crc32.Update(p.checksum, crc32.IEEETable, trimmed)
+
+	// Assume that there is generally enough space in the buffer to add a
+	// newline.
+	n, err = dst.Write(append(trimmed, '\n'))
+
+	return n, errors.Annotate(err, "writing rule line: %w")
+}
+
+// isHTMLLine returns true if line is likely an HTML line.  line is assumed to
+// be trimmed of whitespace characters.
+func isHTMLLine(line []byte) (isHTML bool) {
+	return hasPrefixFold(line, []byte("<html")) || hasPrefixFold(line, []byte("<!doctype"))
+}
+
+// hasPrefixFold is a simple, best-effort prefix matcher.  It may return
+// incorrect results for some non-ASCII characters.
+func hasPrefixFold(b, prefix []byte) (ok bool) {
+	l := len(prefix)
+
+	return len(b) >= l && bytes.EqualFold(b[:l], prefix)
+}
+
+// parseLine returns true if the parsed line is a filtering rule.  line is
+// assumed to be trimmed of whitespace characters.  nonPrintIdx is the index of
+// the first non-printable character, if any; if there are none, nonPrintIdx is
+// -1.
+//
+// A line is considered a rule if it's not empty, not a comment, and contains
+// only printable characters.
+func parseLine(line []byte) (nonPrintIdx int, isRule bool) {
+	if len(line) == 0 || line[0] == '#' || line[0] == '!' {
+		return -1, false
+	}
+
+	nonPrintIdx = bytes.IndexFunc(line, isNotPrintable)
+
+	return nonPrintIdx, nonPrintIdx == -1
+}
+
+// isNotPrintable returns true if r is not a printable character that can be
+// contained in a filtering rule.
+func isNotPrintable(r rune) (ok bool) {
+	// Tab isn't included into Unicode's graphic symbols, so include it here
+	// explicitly.
+	return r != '\t' && !unicode.IsGraphic(r)
+}
+
+// parseLineTitle is like [parseLine] but additionally looks for a title.  line
+// is assumed to be trimmed of whitespace characters.
+func (p *Parser) parseLineTitle(line []byte) (nonPrintIdx int, isRule bool) {
+	if len(line) == 0 || line[0] == '#' {
+		return -1, false
+	}
+
+	if line[0] != '!' {
+		nonPrintIdx = bytes.IndexFunc(line, isNotPrintable)
+
+		return nonPrintIdx, nonPrintIdx == -1
+	}
+
+	const titlePattern = "! Title: "
+	if !bytes.HasPrefix(line, []byte(titlePattern)) {
+		return -1, false
+	}
+
+	title := bytes.TrimSpace(line[len(titlePattern):])
+	if title != nil {
+		// Note that title can be a non-nil empty slice.  Consider that normal
+		// and just stop looking for other titles.
+		p.title = string(title)
+		p.titleFound = true
+	}
+
+	return -1, false
+}

internal/filtering/rulelist/parser_test.go

@@ -0,0 +1,247 @@
+package rulelist_test
+
+import (
+	"bufio"
+	"bytes"
+	"strings"
+	"testing"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
+	"github.com/AdguardTeam/AdGuardHome/internal/filtering/rulelist"
+	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/testutil"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestParser_Parse(t *testing.T) {
+	t.Parallel()
+
+	testCases := []struct {
+		name         string
+		in           string
+		wantDst      string
+		wantErrMsg   string
+		wantTitle    string
+		wantRulesNum int
+		wantWritten  int
+	}{{
+		name:         "empty",
+		in:           "",
+		wantDst:      "",
+		wantErrMsg:   "",
+		wantTitle:    "",
+		wantRulesNum: 0,
+		wantWritten:  0,
+	}, {
+		name:         "html",
+		in:           testRuleTextHTML,
+		wantErrMsg:   rulelist.ErrHTML.Error(),
+		wantTitle:    "",
+		wantRulesNum: 0,
+		wantWritten:  0,
+	}, {
+		name: "comments",
+		in: "# Comment 1\n" +
+			"! Comment 2\n",
+		wantErrMsg:   "",
+		wantTitle:    "",
+		wantRulesNum: 0,
+		wantWritten:  0,
+	}, {}, {
+		name:         "rule",
+		in:           testRuleTextBlocked,
+		wantDst:      testRuleTextBlocked,
+		wantErrMsg:   "",
+		wantRulesNum: 1,
+		wantTitle:    "",
+		wantWritten:  len(testRuleTextBlocked),
+	}, {
+		name:         "html_in_rule",
+		in:           testRuleTextBlocked + testRuleTextHTML,
+		wantDst:      testRuleTextBlocked + testRuleTextHTML,
+		wantErrMsg:   "",
+		wantTitle:    "",
+		wantRulesNum: 2,
+		wantWritten:  len(testRuleTextBlocked) + len(testRuleTextHTML),
+	}, {
+		name: "title",
+		in: "! Title:  Test Title \n" +
+			"! Title: Bad, Ignored Title\n" +
+			testRuleTextBlocked,
+		wantDst:      testRuleTextBlocked,
+		wantErrMsg:   "",
+		wantTitle:    "Test Title",
+		wantRulesNum: 1,
+		wantWritten:  len(testRuleTextBlocked),
+	}, {
+		name: "bad_char",
+		in: "! Title:  Test Title \n" +
+			testRuleTextBlocked +
+			">>>\x7F<<<",
+		wantDst: testRuleTextBlocked,
+		wantErrMsg: "line at index 2: " +
+			"character at index 3: " +
+			"non-printable character",
+		wantTitle:    "Test Title",
+		wantRulesNum: 1,
+		wantWritten:  len(testRuleTextBlocked),
+	}, {
+		name:         "too_long",
+		in:           strings.Repeat("a", rulelist.MaxRuleLen+1),
+		wantDst:      "",
+		wantErrMsg:   "scanning filter contents: " + bufio.ErrTooLong.Error(),
+		wantTitle:    "",
+		wantRulesNum: 0,
+		wantWritten:  0,
+	}, {
+		name:         "bad_tab_and_comment",
+		in:           testRuleTextBadTab,
+		wantDst:      testRuleTextBadTab,
+		wantErrMsg:   "",
+		wantTitle:    "",
+		wantRulesNum: 1,
+		wantWritten:  len(testRuleTextBadTab),
+	}, {
+		name:         "etc_hosts_tab_and_comment",
+		in:           testRuleTextEtcHostsTab,
+		wantDst:      testRuleTextEtcHostsTab,
+		wantErrMsg:   "",
+		wantTitle:    "",
+		wantRulesNum: 1,
+		wantWritten:  len(testRuleTextEtcHostsTab),
+	}}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			dst := &bytes.Buffer{}
+			buf := make([]byte, rulelist.MaxRuleLen)
+
+			p := rulelist.NewParser()
+			r, err := p.Parse(dst, strings.NewReader(tc.in), buf)
+			require.NotNil(t, r)
+
+			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
+			assert.Equal(t, tc.wantDst, dst.String())
+			assert.Equal(t, tc.wantTitle, r.Title)
+			assert.Equal(t, tc.wantRulesNum, r.RulesCount)
+			assert.Equal(t, tc.wantWritten, r.BytesWritten)
+
+			if tc.wantWritten > 0 {
+				assert.NotZero(t, r.Checksum)
+			}
+		})
+	}
+}
+
+func TestParser_Parse_writeError(t *testing.T) {
+	t.Parallel()
+
+	dst := &aghtest.Writer{
+		OnWrite: func(b []byte) (n int, err error) {
+			return 1, errors.Error("test error")
+		},
+	}
+	buf := make([]byte, rulelist.MaxRuleLen)
+
+	p := rulelist.NewParser()
+	r, err := p.Parse(dst, strings.NewReader(testRuleTextBlocked), buf)
+	require.NotNil(t, r)
+
+	testutil.AssertErrorMsg(t, "writing rule line: test error", err)
+	assert.Equal(t, 1, r.BytesWritten)
+}
+
+func TestParser_Parse_checksums(t *testing.T) {
+	t.Parallel()
+
+	const (
+		withoutComments = testRuleTextBlocked
+		withComments    = "! Some comment.\n" +
+			"  " + testRuleTextBlocked +
+			"# Another comment.\n"
+	)
+
+	buf := make([]byte, rulelist.MaxRuleLen)
+
+	p := rulelist.NewParser()
+	r, err := p.Parse(&bytes.Buffer{}, strings.NewReader(withoutComments), buf)
+	require.NotNil(t, r)
+	require.NoError(t, err)
+
+	gotWithoutComments := r.Checksum
+
+	p = rulelist.NewParser()
+
+	r, err = p.Parse(&bytes.Buffer{}, strings.NewReader(withComments), buf)
+	require.NotNil(t, r)
+	require.NoError(t, err)
+
+	gotWithComments := r.Checksum
+	assert.Equal(t, gotWithoutComments, gotWithComments)
+}
+
+var (
+	resSink *rulelist.ParseResult
+	errSink error
+)
+
+func BenchmarkParser_Parse(b *testing.B) {
+	dst := &bytes.Buffer{}
+	src := strings.NewReader(strings.Repeat(testRuleTextBlocked, 1000))
+	buf := make([]byte, rulelist.MaxRuleLen)
+	p := rulelist.NewParser()
+
+	b.ReportAllocs()
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		resSink, errSink = p.Parse(dst, src, buf)
+		dst.Reset()
+	}
+
+	require.NoError(b, errSink)
+	require.NotNil(b, resSink)
+}
+
+func FuzzParser_Parse(f *testing.F) {
+	const n = 64
+
+	testCases := []string{
+		"",
+		"# Comment",
+		"! Comment",
+		"! Title ",
+		"! Title XXX",
+		testRuleTextEtcHostsTab,
+		testRuleTextHTML,
+		testRuleTextBlocked,
+		testRuleTextBadTab,
+		"1.2.3.4",
+		"1.2.3.4 etc-hosts.example",
+		">>>\x00<<<",
+		">>>\x7F<<<",
+		strings.Repeat("a", n+1),
+	}
+
+	for _, tc := range testCases {
+		f.Add(tc)
+	}
+
+	buf := make([]byte, n)
+
+	f.Fuzz(func(t *testing.T, input string) {
+		require.Eventually(t, func() (ok bool) {
+			dst := &bytes.Buffer{}
+			src := strings.NewReader(input)
+
+			p := rulelist.NewParser()
+			r, _ := p.Parse(dst, src, buf)
+			require.NotNil(t, r)
+
+			return true
+		}, testTimeout, testTimeout/100)
+	})
+}

internal/filtering/rulelist/rulelist.go

@@ -0,0 +1,11 @@
+// Package rulelist contains the implementation of the standard rule-list
+// filter that wraps an urlfilter filtering-engine.
+//
+// TODO(a.garipov): Expand.
+package rulelist
+
+// MaxRuleLen is the maximum length of a line with a filtering rule, in bytes.
+//
+// TODO(a.garipov): Consider changing this to a rune length, like AdGuardDNS
+// does.
+const MaxRuleLen = 1024

internal/filtering/rulelist/rulelist_test.go

@@ -0,0 +1,14 @@
+package rulelist_test
+
+import "time"
+
+// testTimeout is the common timeout for tests.
+const testTimeout = 1 * time.Second
+
+// Common texts for tests.
+const (
+	testRuleTextHTML        = "<!DOCTYPE html>\n"
+	testRuleTextBlocked     = "||blocked.example^\n"
+	testRuleTextBadTab      = "||bad-tab-and-comment.example^\t# A comment.\n"
+	testRuleTextEtcHostsTab = "0.0.0.0 tab..example^\t# A comment.\n"
+)

internal/filtering/servicelist.go

@@ -1505,6 +1505,7 @@ var blockedServices = []blockedService{{
 		"||aus.social^",
 		"||awscommunity.social^",
 		"||climatejustice.social^",
+		"||cupoftea.social^",
 		"||cyberplace.social^",
 		"||defcon.social^",
 		"||det.social^",
@@ -1530,6 +1531,7 @@ var blockedServices = []blockedService{{
 		"||masto.pt^",
 		"||mastodon.au^",
 		"||mastodon.bida.im^",
+		"||mastodon.com.tr^",
 		"||mastodon.eus^",
 		"||mastodon.green^",
 		"||mastodon.ie^",
@@ -1551,11 +1553,11 @@ var blockedServices = []blockedService{{
 		"||mastodont.cat^",
 		"||mastodontech.de^",
 		"||mastodontti.fi^",
-		"||mastouille.fr^",
 		"||mathstodon.xyz^",
 		"||metalhead.club^",
 		"||mindly.social^",
 		"||mstdn.ca^",
+		"||mstdn.jp^",
 		"||mstdn.party^",
 		"||mstdn.plus^",
 		"||mstdn.social^",
@@ -1567,7 +1569,6 @@ var blockedServices = []blockedService{{
 		"||nrw.social^",
 		"||o3o.ca^",
 		"||ohai.social^",
-		"||pewtix.com^",
 		"||piaille.fr^",
 		"||pol.social^",
 		"||ravenation.club^",
@@ -1582,20 +1583,19 @@ var blockedServices = []blockedService{{
 		"||social.linux.pizza^",
 		"||social.politicaconciencia.org^",
 		"||social.vivaldi.net^",
-		"||sself.co^",
 		"||stranger.social^",
 		"||sueden.social^",
 		"||tech.lgbt^",
 		"||techhub.social^",
 		"||theblower.au^",
 		"||tkz.one^",
-		"||todon.eu^",
 		"||toot.aquilenet.fr^",
 		"||toot.community^",
 		"||toot.funami.tech^",
 		"||toot.io^",
 		"||toot.wales^",
 		"||troet.cafe^",
+		"||twingyeo.kr^",
 		"||union.place^",
 		"||universeodon.com^",
 		"||urbanists.social^",

internal/home/config.go

@@ -30,32 +30,30 @@ import (
 const dataDir = "data"
 
 // logSettings are the logging settings part of the configuration file.
-//
-// TODO(a.garipov): Put them into a separate object.
 type logSettings struct {
 	// File is the path to the log file.  If empty, logs are written to stdout.
 	// If "syslog", logs are written to syslog.
-	File string `yaml:"log_file"`
+	File string `yaml:"file"`
 
 	// MaxBackups is the maximum number of old log files to retain.
 	//
 	// NOTE: MaxAge may still cause them to get deleted.
-	MaxBackups int `yaml:"log_max_backups"`
+	MaxBackups int `yaml:"max_backups"`
 
 	// MaxSize is the maximum size of the log file before it gets rotated, in
 	// megabytes.  The default value is 100 MB.
-	MaxSize int `yaml:"log_max_size"`
+	MaxSize int `yaml:"max_size"`
 
 	// MaxAge is the maximum duration for retaining old log files, in days.
-	MaxAge int `yaml:"log_max_age"`
+	MaxAge int `yaml:"max_age"`
 
 	// Compress determines, if the rotated log files should be compressed using
 	// gzip.
-	Compress bool `yaml:"log_compress"`
+	Compress bool `yaml:"compress"`
 
 	// LocalTime determines, if the time used for formatting the timestamps in
 	// is the computer's local time.
-	LocalTime bool `yaml:"log_localtime"`
+	LocalTime bool `yaml:"local_time"`
 
 	// Verbose determines, if verbose (aka debug) logging is enabled.
 	Verbose bool `yaml:"verbose"`
@@ -142,7 +140,8 @@ type configuration struct {
 	// Keep this field sorted to ensure consistent ordering.
 	Clients *clientsConfig `yaml:"clients"`
 
-	logSettings `yaml:",inline"`
+	// Log is a block with log configuration settings.
+	Log logSettings `yaml:"log"`
 
 	OSConfig *osConfig `yaml:"os"`
 
@@ -241,6 +240,7 @@ type tlsConfigSettings struct {
 
 type queryLogConfig struct {
 	// Ignored is the list of host names, which should not be written to log.
+	// "." is considered to be the root domain.
 	Ignored []string `yaml:"ignored"`
 
 	// Interval is the interval for query log's files rotation.
@@ -390,7 +390,7 @@ var config = &configuration{
 			HostsFile: true,
 		},
 	},
-	logSettings: logSettings{
+	Log: logSettings{
 		Compress:   false,
 		LocalTime:  false,
 		MaxBackups: 0,
@@ -421,19 +421,19 @@ func (c *configuration) getConfigFilename() string {
 // separate method in order to configure logger before the actual configuration
 // is parsed and applied.
 func readLogSettings() (ls *logSettings) {
-	ls = &logSettings{}
+	conf := &configuration{}
 
 	yamlFile, err := readConfigFile()
 	if err != nil {
-		return ls
+		return &logSettings{}
 	}
 
-	err = yaml.Unmarshal(yamlFile, ls)
+	err = yaml.Unmarshal(yamlFile, conf)
 	if err != nil {
 		log.Error("Couldn't get logging settings from the configuration: %s", err)
 	}
 
-	return ls
+	return &conf.Log
 }
 
 // validateBindHosts returns error if any of binding hosts from configuration is

internal/home/dns.go

@@ -17,6 +17,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/AdGuardHome/internal/querylog"
+	"github.com/AdguardTeam/AdGuardHome/internal/rdns"
 	"github.com/AdguardTeam/AdGuardHome/internal/stats"
 	"github.com/AdguardTeam/AdGuardHome/internal/whois"
 	"github.com/AdguardTeam/dnsproxy/proxy"
@@ -167,30 +168,77 @@ func initDNSServer(
 		return fmt.Errorf("dnsServer.Prepare: %w", err)
 	}
 
-	if config.Clients.Sources.RDNS {
-		Context.rdns = NewRDNS(Context.dnsServer, &Context.clients, config.DNS.UsePrivateRDNS)
-	}
-
+	initRDNS()
 	initWHOIS()
 
 	return nil
 }
 
+const (
+	// defaultQueueSize is the size of queue of IPs for rDNS and WHOIS
+	// processing.
+	defaultQueueSize = 255
+
+	// defaultCacheSize is the maximum size of the cache for rDNS and WHOIS
+	// processing.  It must be greater than zero.
+	defaultCacheSize = 10_000
+
+	// defaultIPTTL is the Time to Live duration for IP addresses cached by
+	// rDNS and WHOIS.
+	defaultIPTTL = 1 * time.Hour
+)
+
+// initRDNS initializes the rDNS.
+func initRDNS() {
+	Context.rdnsCh = make(chan netip.Addr, defaultQueueSize)
+
+	// TODO(s.chzhen):  Add ability to disable it on dns server configuration
+	// update in [dnsforward] package.
+	r := rdns.New(&rdns.Config{
+		Exchanger: Context.dnsServer,
+		CacheSize: defaultCacheSize,
+		CacheTTL:  defaultIPTTL,
+	})
+
+	go processRDNS(r)
+}
+
+// processRDNS processes reverse DNS lookup queries.  It is intended to be used
+// as a goroutine.
+func processRDNS(r rdns.Interface) {
+	defer log.OnPanic("rdns")
+
+	for ip := range Context.rdnsCh {
+		ok := Context.dnsServer.ShouldResolveClient(ip)
+		if !ok {
+			continue
+		}
+
+		host, changed := r.Process(ip)
+		if host == "" || !changed {
+			continue
+		}
+
+		ok = Context.clients.AddHost(ip, host, ClientSourceRDNS)
+		if ok {
+			continue
+		}
+
+		log.Debug(
+			"dns: can't set rdns info for client %q: already set with higher priority source",
+			ip,
+		)
+	}
+}
+
 // initWHOIS initializes the WHOIS.
 //
 // TODO(s.chzhen):  Consider making configurable.
 func initWHOIS() {
 	const (
-		// defaultQueueSize is the size of queue of IPs for WHOIS processing.
-		defaultQueueSize = 255
-
 		// defaultTimeout is the timeout for WHOIS requests.
 		defaultTimeout = 5 * time.Second
 
-		// defaultCacheSize is the maximum size of the cache.  If it's zero,
-		// cache size is unlimited.
-		defaultCacheSize = 10_000
-
 		// defaultMaxConnReadSize is an upper limit in bytes for reading from
 		// net.Conn.
 		defaultMaxConnReadSize = 64 * 1024
@@ -200,9 +248,6 @@ func initWHOIS() {
 
 		// defaultMaxInfoLen is the maximum length of whois.Info fields.
 		defaultMaxInfoLen = 250
-
-		// defaultIPTTL is the Time to Live duration for cached IP addresses.
-		defaultIPTTL = 1 * time.Hour
 	)
 
 	Context.whoisCh = make(chan netip.Addr, defaultQueueSize)
@@ -274,11 +319,7 @@ func onDNSRequest(pctx *proxy.DNSContext) {
 		return
 	}
 
-	srcs := config.Clients.Sources
-	if srcs.RDNS && !ip.IsLoopback() {
-		Context.rdns.Begin(ip)
-	}
-
+	Context.rdnsCh <- ip
 	Context.whoisCh <- ip
 }
 
@@ -517,11 +558,7 @@ func startDNSServer() error {
 
 	const topClientsNumber = 100 // the number of clients to get
 	for _, ip := range Context.stats.TopClientsIP(topClientsNumber) {
-		srcs := config.Clients.Sources
-		if srcs.RDNS && !ip.IsLoopback() {
-			Context.rdns.Begin(ip)
-		}
-
+		Context.rdnsCh <- ip
 		Context.whoisCh <- ip
 	}
 

internal/home/home.go

@@ -56,7 +56,6 @@ type homeContext struct {
 	stats      stats.Interface      // statistics module
 	queryLog   querylog.QueryLog    // query log module
 	dnsServer  *dnsforward.Server   // DNS module
-	rdns       *RDNS                // rDNS module
 	dhcpServer dhcpd.Interface      // DHCP module
 	auth       *Auth                // HTTP authentication module
 	filters    *filtering.DNSFilter // DNS filtering module
@@ -83,6 +82,9 @@ type homeContext struct {
 	client           *http.Client
 	appSignalChannel chan os.Signal // Channel for receiving OS signals by the console app
 
+	// rdnsCh is the channel for receiving IPs for rDNS processing.
+	rdnsCh chan netip.Addr
+
 	// whoisCh is the channel for receiving IPs for WHOIS processing.
 	whoisCh chan netip.Addr
 
@@ -468,7 +470,7 @@ func setupDNSFilteringConf(conf *filtering.Config) (err error) {
 		ServiceName: pcService,
 		TXTSuffix:   pcTXTSuffix,
 		CacheTime:   cacheTime,
-		CacheSize:   conf.SafeBrowsingCacheSize,
+		CacheSize:   conf.ParentalCacheSize,
 	})
 
 	conf.SafeSearchConf.CustomResolver = safeSearchResolver{}
@@ -829,20 +831,21 @@ func configureLogger(opts options) (err error) {
 // getLogSettings returns a log settings object properly initialized from opts.
 func getLogSettings(opts options) (ls *logSettings) {
 	ls = readLogSettings()
+	configLogSettings := config.Log
 
 	// Command-line arguments can override config settings.
-	if opts.verbose || config.Verbose {
+	if opts.verbose || configLogSettings.Verbose {
 		ls.Verbose = true
 	}
 
-	ls.File = stringutil.Coalesce(opts.logFile, config.File, ls.File)
+	ls.File = stringutil.Coalesce(opts.logFile, configLogSettings.File, ls.File)
 
 	// Handle default log settings overrides.
-	ls.Compress = config.Compress
-	ls.LocalTime = config.LocalTime
-	ls.MaxBackups = config.MaxBackups
-	ls.MaxSize = config.MaxSize
-	ls.MaxAge = config.MaxAge
+	ls.Compress = configLogSettings.Compress
+	ls.LocalTime = configLogSettings.LocalTime
+	ls.MaxBackups = configLogSettings.MaxBackups
+	ls.MaxSize = configLogSettings.MaxSize
+	ls.MaxAge = configLogSettings.MaxAge
 
 	if opts.runningAsService && ls.File == "" && runtime.GOOS == "windows" {
 		// When running as a Windows service, use eventlog by default if

internal/home/rdns.go

@@ -1,143 +0,0 @@
-package home
-
-import (
-	"encoding/binary"
-	"net/netip"
-	"sync/atomic"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
-	"github.com/AdguardTeam/golibs/cache"
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// RDNS resolves clients' addresses to enrich their metadata.
-type RDNS struct {
-	exchanger dnsforward.RDNSExchanger
-	clients   *clientsContainer
-
-	// ipCh used to pass client's IP to rDNS workerLoop.
-	ipCh chan netip.Addr
-
-	// ipCache caches the IP addresses to be resolved by rDNS.  The resolved
-	// address stays here while it's inside clients.  After leaving clients the
-	// address will be resolved once again.  If the address couldn't be
-	// resolved, cache prevents further attempts to resolve it for some time.
-	ipCache cache.Cache
-
-	// usePrivate stores the state of current private reverse-DNS resolving
-	// settings.
-	usePrivate atomic.Bool
-}
-
-// Default AdGuard Home reverse DNS values.
-const (
-	revDNSCacheSize = 10000
-
-	// TODO(e.burkov):  Make these values configurable.
-	revDNSCacheTTL        = 24 * 60 * 60
-	revDNSFailureCacheTTL = 1 * 60 * 60
-
-	revDNSQueueSize = 256
-)
-
-// NewRDNS creates and returns initialized RDNS.
-func NewRDNS(
-	exchanger dnsforward.RDNSExchanger,
-	clients *clientsContainer,
-	usePrivate bool,
-) (rDNS *RDNS) {
-	rDNS = &RDNS{
-		exchanger: exchanger,
-		clients:   clients,
-		ipCache: cache.New(cache.Config{
-			EnableLRU: true,
-			MaxCount:  revDNSCacheSize,
-		}),
-		ipCh: make(chan netip.Addr, revDNSQueueSize),
-	}
-
-	rDNS.usePrivate.Store(usePrivate)
-
-	go rDNS.workerLoop()
-
-	return rDNS
-}
-
-// ensurePrivateCache ensures that the state of the RDNS cache is consistent
-// with the current private client RDNS resolving settings.
-//
-// TODO(e.burkov): Clearing cache each time this value changed is not a perfect
-// approach since only unresolved locally-served addresses should be removed.
-// Implement when improving the cache.
-func (r *RDNS) ensurePrivateCache() {
-	usePrivate := r.exchanger.ResolvesPrivatePTR()
-	if r.usePrivate.CompareAndSwap(!usePrivate, usePrivate) {
-		r.ipCache.Clear()
-	}
-}
-
-// isCached returns true if ip is already cached and not expired yet.  It also
-// caches it otherwise.
-func (r *RDNS) isCached(ip netip.Addr) (ok bool) {
-	ipBytes := ip.AsSlice()
-	now := uint64(time.Now().Unix())
-	if expire := r.ipCache.Get(ipBytes); len(expire) != 0 {
-		return binary.BigEndian.Uint64(expire) > now
-	}
-
-	return false
-}
-
-// cache caches the ip address for ttl seconds.
-func (r *RDNS) cache(ip netip.Addr, ttl uint64) {
-	ipData := ip.AsSlice()
-
-	ttlData := [8]byte{}
-	binary.BigEndian.PutUint64(ttlData[:], uint64(time.Now().Unix())+ttl)
-
-	r.ipCache.Set(ipData, ttlData[:])
-}
-
-// Begin adds the ip to the resolving queue if it is not cached or already
-// resolved.
-func (r *RDNS) Begin(ip netip.Addr) {
-	r.ensurePrivateCache()
-
-	if r.isCached(ip) || r.clients.clientSource(ip) > ClientSourceRDNS {
-		return
-	}
-
-	select {
-	case r.ipCh <- ip:
-		log.Debug("rdns: %q added to queue", ip)
-	default:
-		log.Debug("rdns: queue is full")
-	}
-}
-
-// workerLoop handles incoming IP addresses from ipChan and adds it into
-// clients.
-func (r *RDNS) workerLoop() {
-	defer log.OnPanic("rdns")
-
-	for ip := range r.ipCh {
-		ttl := uint64(revDNSCacheTTL)
-
-		host, err := r.exchanger.Exchange(ip.AsSlice())
-		if err != nil {
-			log.Debug("rdns: resolving %q: %s", ip, err)
-			if errors.Is(err, dnsforward.ErrRDNSFailed) {
-				// Cache failure for a less time.
-				ttl = revDNSFailureCacheTTL
-			}
-		}
-
-		r.cache(ip, ttl)
-
-		if host != "" {
-			_ = r.clients.AddHost(ip, host, ClientSourceRDNS)
-		}
-	}
-}

internal/home/rdns_test.go

@@ -1,264 +0,0 @@
-package home
-
-import (
-	"bytes"
-	"encoding/binary"
-	"fmt"
-	"net"
-	"net/netip"
-	"sync"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
-	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
-	"github.com/AdguardTeam/dnsproxy/upstream"
-	"github.com/AdguardTeam/golibs/cache"
-	"github.com/AdguardTeam/golibs/log"
-	"github.com/AdguardTeam/golibs/netutil"
-	"github.com/AdguardTeam/golibs/stringutil"
-	"github.com/miekg/dns"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestRDNS_Begin(t *testing.T) {
-	aghtest.ReplaceLogLevel(t, log.DEBUG)
-	w := &bytes.Buffer{}
-	aghtest.ReplaceLogWriter(t, w)
-
-	ip1234, ip1235 := netip.MustParseAddr("1.2.3.4"), netip.MustParseAddr("1.2.3.5")
-
-	testCases := []struct {
-		cliIDIndex    map[string]*Client
-		customChan    chan netip.Addr
-		name          string
-		wantLog       string
-		ip            netip.Addr
-		wantCacheHit  int
-		wantCacheMiss int
-	}{{
-		cliIDIndex:    map[string]*Client{},
-		customChan:    nil,
-		name:          "cached",
-		wantLog:       "",
-		ip:            ip1234,
-		wantCacheHit:  1,
-		wantCacheMiss: 0,
-	}, {
-		cliIDIndex:    map[string]*Client{},
-		customChan:    nil,
-		name:          "not_cached",
-		wantLog:       "rdns: queue is full",
-		ip:            ip1235,
-		wantCacheHit:  0,
-		wantCacheMiss: 1,
-	}, {
-		cliIDIndex:    map[string]*Client{"1.2.3.5": {}},
-		customChan:    nil,
-		name:          "already_in_clients",
-		wantLog:       "",
-		ip:            ip1235,
-		wantCacheHit:  0,
-		wantCacheMiss: 1,
-	}, {
-		cliIDIndex:    map[string]*Client{},
-		customChan:    make(chan netip.Addr, 1),
-		name:          "add_to_queue",
-		wantLog:       `rdns: "1.2.3.5" added to queue`,
-		ip:            ip1235,
-		wantCacheHit:  0,
-		wantCacheMiss: 1,
-	}}
-
-	for _, tc := range testCases {
-		w.Reset()
-
-		ipCache := cache.New(cache.Config{
-			EnableLRU: true,
-			MaxCount:  revDNSCacheSize,
-		})
-		ttl := make([]byte, binary.Size(uint64(0)))
-		binary.BigEndian.PutUint64(ttl, uint64(time.Now().Add(100*time.Hour).Unix()))
-
-		rdns := &RDNS{
-			ipCache: ipCache,
-			exchanger: &rDNSExchanger{
-				ex: aghtest.NewErrorUpstream(),
-			},
-			clients: &clientsContainer{
-				list:    map[string]*Client{},
-				idIndex: tc.cliIDIndex,
-				ipToRC:  map[netip.Addr]*RuntimeClient{},
-				allTags: stringutil.NewSet(),
-			},
-		}
-		ipCache.Clear()
-		ipCache.Set(net.IP{1, 2, 3, 4}, ttl)
-
-		if tc.customChan != nil {
-			rdns.ipCh = tc.customChan
-			defer close(tc.customChan)
-		}
-
-		t.Run(tc.name, func(t *testing.T) {
-			rdns.Begin(tc.ip)
-			assert.Equal(t, tc.wantCacheHit, ipCache.Stats().Hit)
-			assert.Equal(t, tc.wantCacheMiss, ipCache.Stats().Miss)
-			assert.Contains(t, w.String(), tc.wantLog)
-		})
-	}
-}
-
-// rDNSExchanger is a mock dnsforward.RDNSExchanger implementation for tests.
-type rDNSExchanger struct {
-	ex         upstream.Upstream
-	usePrivate bool
-}
-
-// Exchange implements dnsforward.RDNSExchanger interface for *RDNSExchanger.
-func (e *rDNSExchanger) Exchange(ip net.IP) (host string, err error) {
-	rev, err := netutil.IPToReversedAddr(ip)
-	if err != nil {
-		return "", fmt.Errorf("reversing ip: %w", err)
-	}
-
-	req := &dns.Msg{
-		Question: []dns.Question{{
-			Name:   dns.Fqdn(rev),
-			Qclass: dns.ClassINET,
-			Qtype:  dns.TypePTR,
-		}},
-	}
-
-	resp, err := e.ex.Exchange(req)
-	if err != nil {
-		return "", err
-	}
-
-	if len(resp.Answer) == 0 {
-		return "", nil
-	}
-
-	return resp.Answer[0].Header().Name, nil
-}
-
-// Exchange implements dnsforward.RDNSExchanger interface for *RDNSExchanger.
-func (e *rDNSExchanger) ResolvesPrivatePTR() (ok bool) {
-	return e.usePrivate
-}
-
-func TestRDNS_ensurePrivateCache(t *testing.T) {
-	data := []byte{1, 2, 3, 4}
-
-	ipCache := cache.New(cache.Config{
-		EnableLRU: true,
-		MaxCount:  revDNSCacheSize,
-	})
-
-	ex := &rDNSExchanger{
-		ex: aghtest.NewErrorUpstream(),
-	}
-
-	rdns := &RDNS{
-		ipCache:   ipCache,
-		exchanger: ex,
-	}
-
-	rdns.ipCache.Set(data, data)
-	require.NotZero(t, rdns.ipCache.Stats().Count)
-
-	ex.usePrivate = !ex.usePrivate
-
-	rdns.ensurePrivateCache()
-	require.Zero(t, rdns.ipCache.Stats().Count)
-}
-
-func TestRDNS_WorkerLoop(t *testing.T) {
-	aghtest.ReplaceLogLevel(t, log.DEBUG)
-	w := &bytes.Buffer{}
-	aghtest.ReplaceLogWriter(t, w)
-
-	localIP := netip.MustParseAddr("192.168.1.1")
-	revIPv4, err := netutil.IPToReversedAddr(localIP.AsSlice())
-	require.NoError(t, err)
-
-	revIPv6, err := netutil.IPToReversedAddr(net.ParseIP("2a00:1450:400c:c06::93"))
-	require.NoError(t, err)
-
-	locUpstream := &aghtest.UpstreamMock{
-		OnAddress: func() (addr string) { return "local.upstream.example" },
-		OnExchange: func(req *dns.Msg) (resp *dns.Msg, err error) {
-			return aghalg.Coalesce(
-				aghtest.MatchedResponse(req, dns.TypePTR, revIPv4, "local.domain"),
-				aghtest.MatchedResponse(req, dns.TypePTR, revIPv6, "ipv6.domain"),
-				new(dns.Msg).SetRcode(req, dns.RcodeNameError),
-			), nil
-		},
-	}
-
-	errUpstream := aghtest.NewErrorUpstream()
-
-	testCases := []struct {
-		ups              upstream.Upstream
-		cliIP            netip.Addr
-		wantLog          string
-		name             string
-		wantClientSource clientSource
-	}{{
-		ups:              locUpstream,
-		cliIP:            localIP,
-		wantLog:          "",
-		name:             "all_good",
-		wantClientSource: ClientSourceRDNS,
-	}, {
-		ups:              errUpstream,
-		cliIP:            netip.MustParseAddr("192.168.1.2"),
-		wantLog:          `rdns: resolving "192.168.1.2": test upstream error`,
-		name:             "resolve_error",
-		wantClientSource: ClientSourceNone,
-	}, {
-		ups:              locUpstream,
-		cliIP:            netip.MustParseAddr("2a00:1450:400c:c06::93"),
-		wantLog:          "",
-		name:             "ipv6_good",
-		wantClientSource: ClientSourceRDNS,
-	}}
-
-	for _, tc := range testCases {
-		w.Reset()
-
-		cc := newClientsContainer(t)
-		ch := make(chan netip.Addr)
-		rdns := &RDNS{
-			exchanger: &rDNSExchanger{
-				ex: tc.ups,
-			},
-			clients: cc,
-			ipCh:    ch,
-			ipCache: cache.New(cache.Config{
-				EnableLRU: true,
-				MaxCount:  revDNSCacheSize,
-			}),
-		}
-
-		t.Run(tc.name, func(t *testing.T) {
-			var wg sync.WaitGroup
-			wg.Add(1)
-			go func() {
-				rdns.workerLoop()
-				wg.Done()
-			}()
-
-			ch <- tc.cliIP
-			close(ch)
-			wg.Wait()
-
-			if tc.wantLog != "" {
-				assert.Contains(t, w.String(), tc.wantLog)
-			}
-
-			assert.Equal(t, tc.wantClientSource, cc.clientSource(tc.cliIP))
-		})
-	}
-}

internal/home/upgrade.go

@@ -23,7 +23,7 @@ import (
 )
 
 // currentSchemaVersion is the current schema version.
-const currentSchemaVersion = 23
+const currentSchemaVersion = 24
 
 // These aliases are provided for convenience.
 type (
@@ -98,6 +98,7 @@ func upgradeConfigSchema(oldVersion int, diskConf yobj) (err error) {
 		upgradeSchema20to21,
 		upgradeSchema21to22,
 		upgradeSchema22to23,
+		upgradeSchema23to24,
 	}
 
 	n := 0
@@ -1325,6 +1326,110 @@ func upgradeSchema22to23(diskConf yobj) (err error) {
 	return nil
 }
 
+// upgradeSchema23to24 performs the following changes:
+//
+//	# BEFORE:
+//	'log_file': ""
+//	'log_max_backups': 0
+//	'log_max_size': 100
+//	'log_max_age': 3
+//	'log_compress': false
+//	'log_localtime': false
+//	'verbose': false
+//
+//	# AFTER:
+//	'log':
+//	  'file': ""
+//	  'max_backups': 0
+//	  'max_size': 100
+//	  'max_age': 3
+//	  'compress': false
+//	  'local_time': false
+//	  'verbose': false
+func upgradeSchema23to24(diskConf yobj) (err error) {
+	log.Printf("Upgrade yaml: 23 to 24")
+	diskConf["schema_version"] = 24
+
+	logObj := yobj{}
+	err = coalesceError(
+		moveField[string](diskConf, logObj, "log_file", "file"),
+		moveField[int](diskConf, logObj, "log_max_backups", "max_backups"),
+		moveField[int](diskConf, logObj, "log_max_size", "max_size"),
+		moveField[int](diskConf, logObj, "log_max_age", "max_age"),
+		moveField[bool](diskConf, logObj, "log_compress", "compress"),
+		moveField[bool](diskConf, logObj, "log_localtime", "local_time"),
+		moveField[bool](diskConf, logObj, "verbose", "verbose"),
+	)
+	if err != nil {
+		// Don't wrap the error, because it's informative enough as is.
+		return err
+	}
+
+	if len(logObj) != 0 {
+		diskConf["log"] = logObj
+	}
+
+	delete(diskConf, "log_file")
+	delete(diskConf, "log_max_backups")
+	delete(diskConf, "log_max_size")
+	delete(diskConf, "log_max_age")
+	delete(diskConf, "log_compress")
+	delete(diskConf, "log_localtime")
+	delete(diskConf, "verbose")
+
+	return nil
+}
+
+// moveField gets field value for key from diskConf, and then set this value
+// in newConf for newKey.
+func moveField[T any](diskConf, newConf yobj, key, newKey string) (err error) {
+	ok, newVal, err := fieldValue[T](diskConf, key)
+	if !ok {
+		return err
+	}
+
+	switch v := newVal.(type) {
+	case int, bool, string:
+		newConf[newKey] = v
+	default:
+		return fmt.Errorf("invalid type of %s: %T", key, newVal)
+	}
+
+	return nil
+}
+
+// fieldValue returns the value of type T for key in diskConf object.
+func fieldValue[T any](diskConf yobj, key string) (ok bool, field any, err error) {
+	fieldVal, ok := diskConf[key]
+	if !ok {
+		return false, new(T), nil
+	}
+
+	f, ok := fieldVal.(T)
+	if !ok {
+		return false, nil, fmt.Errorf("unexpected type of %s: %T", key, fieldVal)
+	}
+
+	return true, f, nil
+}
+
+// coalesceError returns the first non-nil error.  It is named after function
+// COALESCE in SQL.  If all errors are nil, it returns nil.
+//
+// TODO(a.garipov): Consider a similar helper to group errors together to show
+// as many errors as possible.
+//
+// TODO(a.garipov): Think of ways to merge with [aghalg.Coalesce].
+func coalesceError(errors ...error) (res error) {
+	for _, err := range errors {
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 // TODO(a.garipov): Replace with log.Output when we port it to our logging
 // package.
 func funcName() string {

internal/home/upgrade_test.go

@@ -1306,3 +1306,76 @@ func TestUpgradeSchema22to23(t *testing.T) {
 		})
 	}
 }
+
+func TestUpgradeSchema23to24(t *testing.T) {
+	const newSchemaVer = 24
+
+	testCases := []struct {
+		in         yobj
+		want       yobj
+		name       string
+		wantErrMsg string
+	}{{
+		name: "empty",
+		in:   yobj{},
+		want: yobj{
+			"schema_version": newSchemaVer,
+		},
+		wantErrMsg: "",
+	}, {
+		name: "ok",
+		in: yobj{
+			"log_file":        "/test/path.log",
+			"log_max_backups": 1,
+			"log_max_size":    2,
+			"log_max_age":     3,
+			"log_compress":    true,
+			"log_localtime":   true,
+			"verbose":         true,
+		},
+		want: yobj{
+			"log": yobj{
+				"file":        "/test/path.log",
+				"max_backups": 1,
+				"max_size":    2,
+				"max_age":     3,
+				"compress":    true,
+				"local_time":  true,
+				"verbose":     true,
+			},
+			"schema_version": newSchemaVer,
+		},
+		wantErrMsg: "",
+	}, {
+		name: "invalid",
+		in: yobj{
+			"log_file":        "/test/path.log",
+			"log_max_backups": 1,
+			"log_max_size":    2,
+			"log_max_age":     3,
+			"log_compress":    "",
+			"log_localtime":   true,
+			"verbose":         true,
+		},
+		want: yobj{
+			"log_file":        "/test/path.log",
+			"log_max_backups": 1,
+			"log_max_size":    2,
+			"log_max_age":     3,
+			"log_compress":    "",
+			"log_localtime":   true,
+			"verbose":         true,
+			"schema_version":  newSchemaVer,
+		},
+		wantErrMsg: "unexpected type of log_compress: string",
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			err := upgradeSchema23to24(tc.in)
+			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
+
+			assert.Equal(t, tc.want, tc.in)
+		})
+	}
+}

internal/next/AdGuardHome.example.yaml

@@ -1,27 +0,0 @@
-# This is a file showing example configuration for AdGuard Home.
-#
-# TODO(a.garipov): Move to the top level once the rewrite is over.
-
-dns:
-  addresses:
-  - '0.0.0.0:53'
-  bootstrap_dns:
-  - '9.9.9.10'
-  - '149.112.112.10'
-  - '2620:fe::10'
-  - '2620:fe::fe:10'
-  upstream_dns:
-  - '8.8.8.8'
-  dns64_prefixes:
-  - '1234::/64'
-  upstream_timeout: 1s
-  bootstrap_prefer_ipv6: true
-  use_dns64: true
-http:
-  addresses:
-  - '0.0.0.0:3000'
-  secure_addresses: []
-  timeout: 5s
-  force_https: true
-log:
-  verbose: true

internal/next/changelog.md

@@ -1,41 +0,0 @@
-# AdGuard Home v0.108.0 Changelog DRAFT
-
-This changelog should be merged into the main one once the next API matures
-enough.
-
-## [v0.108.0] - TODO
-
-### Added
-
-- The ability to log to stderr using `--logFile=stderr`.
-- The new `--web-addr` flag to set the Web UI address in a `host:port` form.
-- `SIGHUP` now reloads all configuration from the configuration file ([#5676]).
-
-### Changed
-
-#### New HTTP API
-
-**TODO(a.garipov):** Describe the new API and add a link to the new OpenAPI doc.
-
-#### Other changes
-
-- `-h` is now an alias for `--help` instead of the removed `--host`, see below.
-  Use `--web-addr=host:port` to set an address on which to serve the Web UI.
-
-### Fixed
-
-- `--check-config` breaking the configuration file ([#4067]).
-- Inconsistent application of `--work-dir/-w` ([#2598], [#2902]).
-- The order of `-v/--verbose` and `--version` being significant ([#2893]).
-
-### Removed
-
-- The deprecated `--no-mem-optimization` and `--no-etc-hosts` flags.
-- `--host` and `-p/--port` flags.  Use `--web-addr=host:port` to set an address
-  on which to serve the Web UI.  `-h` is now an alias for `--help`, see above.
-
-[#2598]: https://github.com/AdguardTeam/AdGuardHome/issues/2598
-[#2893]: https://github.com/AdguardTeam/AdGuardHome/issues/2893
-[#2902]: https://github.com/AdguardTeam/AdGuardHome/issues/2902
-[#4067]: https://github.com/AdguardTeam/AdGuardHome/issues/4067
-[#5676]: https://github.com/AdguardTeam/AdGuardHome/issues/5676

internal/next/cmd/cmd.go

@@ -1,95 +0,0 @@
-// Package cmd is the AdGuard Home entry point.  It assembles the configuration
-// file manager, sets up signal processing logic, and so on.
-//
-// TODO(a.garipov): Move to the upper-level internal/.
-package cmd
-
-import (
-	"context"
-	"io/fs"
-	"os"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/configmgr"
-	"github.com/AdguardTeam/AdGuardHome/internal/version"
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// Main is the entry point of AdGuard Home.
-func Main(embeddedFrontend fs.FS) {
-	start := time.Now()
-
-	cmdName := os.Args[0]
-	opts, err := parseOptions(cmdName, os.Args[1:])
-	exitCode, needExit := processOptions(opts, cmdName, err)
-	if needExit {
-		os.Exit(exitCode)
-	}
-
-	err = setLog(opts)
-	check(err)
-
-	log.Info("starting adguard home, version %s, pid %d", version.Version(), os.Getpid())
-
-	if opts.workDir != "" {
-		log.Info("changing working directory to %q", opts.workDir)
-		err = os.Chdir(opts.workDir)
-		check(err)
-	}
-
-	frontend, err := frontendFromOpts(opts, embeddedFrontend)
-	check(err)
-
-	confMgrConf := &configmgr.Config{
-		Frontend: frontend,
-		WebAddr:  opts.webAddr,
-		Start:    start,
-		FileName: opts.confFile,
-	}
-
-	confMgr, err := newConfigMgr(confMgrConf)
-	check(err)
-
-	web := confMgr.Web()
-	err = web.Start()
-	check(err)
-
-	dns := confMgr.DNS()
-	err = dns.Start()
-	check(err)
-
-	sigHdlr := newSignalHandler(
-		confMgrConf,
-		opts.pidFile,
-		web,
-		dns,
-	)
-
-	sigHdlr.handle()
-}
-
-// defaultTimeout is the timeout used for some operations where another timeout
-// hasn't been defined yet.
-const defaultTimeout = 5 * time.Second
-
-// ctxWithDefaultTimeout is a helper function that returns a context with
-// timeout set to defaultTimeout.
-func ctxWithDefaultTimeout() (ctx context.Context, cancel context.CancelFunc) {
-	return context.WithTimeout(context.Background(), defaultTimeout)
-}
-
-// newConfigMgr returns a new configuration manager using defaultTimeout as the
-// context timeout.
-func newConfigMgr(c *configmgr.Config) (m *configmgr.Manager, err error) {
-	ctx, cancel := ctxWithDefaultTimeout()
-	defer cancel()
-
-	return configmgr.New(ctx, c)
-}
-
-// check is a simple error-checking helper.  It must only be used within Main.
-func check(err error) {
-	if err != nil {
-		panic(err)
-	}
-}

internal/next/cmd/log.go

@@ -1,39 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// syslogServiceName is the name of the AdGuard Home service used for writing
-// logs to the system log.
-const syslogServiceName = "AdGuardHome"
-
-// setLog sets up the text logging.
-//
-// TODO(a.garipov): Add parameters from configuration file.
-func setLog(opts *options) (err error) {
-	switch opts.confFile {
-	case "stdout":
-		log.SetOutput(os.Stdout)
-	case "stderr":
-		log.SetOutput(os.Stderr)
-	case "syslog":
-		err = aghos.ConfigureSyslog(syslogServiceName)
-		if err != nil {
-			return fmt.Errorf("initializing syslog: %w", err)
-		}
-	default:
-		// TODO(a.garipov): Use the path.
-	}
-
-	if opts.verbose {
-		log.SetLevel(log.DEBUG)
-		log.Debug("verbose logging enabled")
-	}
-
-	return nil
-}

internal/next/cmd/opt.go

@@ -1,418 +0,0 @@
-package cmd
-
-import (
-	"encoding"
-	"flag"
-	"fmt"
-	"io"
-	"io/fs"
-	"net/netip"
-	"os"
-	"strings"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/configmgr"
-	"github.com/AdguardTeam/AdGuardHome/internal/version"
-	"github.com/AdguardTeam/golibs/log"
-	"golang.org/x/exp/slices"
-)
-
-// options contains all command-line options for the AdGuardHome(.exe) binary.
-type options struct {
-	// confFile is the path to the configuration file.
-	confFile string
-
-	// logFile is the path to the log file.  Special values:
-	//
-	//   - "stdout":  Write to stdout (the default).
-	//   - "stderr":  Write to stderr.
-	//   - "syslog":  Write to the system log.
-	logFile string
-
-	// pidFile is the path to the file where to store the PID.
-	pidFile string
-
-	// serviceAction is the service control action to perform:
-	//
-	//   - "install":  Installs AdGuard Home as a system service.
-	//   - "uninstall":  Uninstalls it.
-	//   - "status":  Prints the service status.
-	//   - "start":  Starts the previously installed service.
-	//   - "stop":  Stops the previously installed service.
-	//   - "restart":  Restarts the previously installed service.
-	//   - "reload":  Reloads the configuration.
-	//   - "run":  This is a special command that is not supposed to be used
-	//     directly it is specified when we register a service, and it indicates
-	//     to the app that it is being run as a service.
-	//
-	// TODO(a.garipov): Use.
-	serviceAction string
-
-	// workDir is the path to the working directory.  It is applied before all
-	// other configuration is read, so all relative paths are relative to it.
-	workDir string
-
-	// webAddr contains the address on which to serve the web UI.
-	webAddr netip.AddrPort
-
-	// checkConfig, if true, instructs AdGuard Home to check the configuration
-	// file, optionally print an error message to stdout, and exit with a
-	// corresponding exit code.
-	checkConfig bool
-
-	// disableUpdate, if true, prevents AdGuard Home from automatically checking
-	// for updates.
-	//
-	// TODO(a.garipov): Use.
-	disableUpdate bool
-
-	// glinetMode enables the GL-Inet compatibility mode.
-	//
-	// TODO(a.garipov): Use.
-	glinetMode bool
-
-	// help, if true, instructs AdGuard Home to print the command-line option
-	// help message and quit with a successful exit-code.
-	help bool
-
-	// localFrontend, if true, instructs AdGuard Home to use the local frontend
-	// directory instead of the files compiled into the binary.
-	//
-	// TODO(a.garipov): Use.
-	localFrontend bool
-
-	// performUpdate, if true, instructs AdGuard Home to update the current
-	// binary and restart the service in case it's installed.
-	//
-	// TODO(a.garipov): Use.
-	performUpdate bool
-
-	// verbose, if true, instructs AdGuard Home to enable verbose logging.
-	verbose bool
-
-	// version, if true, instructs AdGuard Home to print the version to stdout
-	// and quit with a successful exit-code.  If verbose is also true, print a
-	// more detailed version description.
-	version bool
-}
-
-// Indexes to help with the [commandLineOptions] initialization.
-const (
-	confFileIdx = iota
-	logFileIdx
-	pidFileIdx
-	serviceActionIdx
-	workDirIdx
-	webAddrIdx
-	checkConfigIdx
-	disableUpdateIdx
-	glinetModeIdx
-	helpIdx
-	localFrontend
-	performUpdateIdx
-	verboseIdx
-	versionIdx
-)
-
-// commandLineOption contains information about a command-line option: its long
-// and, if there is one, short forms, the value type, the description, and the
-// default value.
-type commandLineOption struct {
-	defaultValue any
-	description  string
-	long         string
-	short        string
-	valueType    string
-}
-
-// commandLineOptions are all command-line options currently supported by
-// AdGuard Home.
-var commandLineOptions = []*commandLineOption{
-	confFileIdx: {
-		// TODO(a.garipov): Remove the directory when the new code is ready.
-		defaultValue: "internal/next/AdGuardHome.yaml",
-		description:  "Path to the config file.",
-		long:         "config",
-		short:        "c",
-		valueType:    "path",
-	},
-
-	logFileIdx: {
-		defaultValue: "stdout",
-		description:  `Path to log file.  Special values include "stdout", "stderr", and "syslog".`,
-		long:         "logfile",
-		short:        "l",
-		valueType:    "path",
-	},
-
-	pidFileIdx: {
-		defaultValue: "",
-		description:  "Path to the file where to store the PID.",
-		long:         "pidfile",
-		short:        "",
-		valueType:    "path",
-	},
-
-	serviceActionIdx: {
-		defaultValue: "",
-		description: `Service control action: "status", "install" (as a service), ` +
-			`"uninstall" (as a service), "start", "stop", "restart", "reload" (configuration).`,
-		long:      "service",
-		short:     "s",
-		valueType: "action",
-	},
-
-	workDirIdx: {
-		defaultValue: "",
-		description: `Path to the working directory.  ` +
-			`It is applied before all other configuration is read, ` +
-			`so all relative paths are relative to it.`,
-		long:      "work-dir",
-		short:     "w",
-		valueType: "path",
-	},
-
-	webAddrIdx: {
-		defaultValue: netip.AddrPort{},
-		description:  `Address to serve the web UI on, in the host:port format.`,
-		long:         "web-addr",
-		short:        "",
-		valueType:    "host:port",
-	},
-
-	checkConfigIdx: {
-		defaultValue: false,
-		description:  "Check configuration, print errors to stdout, and quit.",
-		long:         "check-config",
-		short:        "",
-		valueType:    "",
-	},
-
-	disableUpdateIdx: {
-		defaultValue: false,
-		description:  "Disable automatic update checking.",
-		long:         "no-check-update",
-		short:        "",
-		valueType:    "",
-	},
-
-	glinetModeIdx: {
-		defaultValue: false,
-		description:  "Run in GL-Inet compatibility mode.",
-		long:         "glinet",
-		short:        "",
-		valueType:    "",
-	},
-
-	helpIdx: {
-		defaultValue: false,
-		description:  "Print this help message and quit.",
-		long:         "help",
-		short:        "h",
-		valueType:    "",
-	},
-
-	localFrontend: {
-		defaultValue: false,
-		description:  "Use local frontend directories.",
-		long:         "local-frontend",
-		short:        "",
-		valueType:    "",
-	},
-
-	performUpdateIdx: {
-		defaultValue: false,
-		description:  "Update the current binary and restart the service in case it's installed.",
-		long:         "update",
-		short:        "",
-		valueType:    "",
-	},
-
-	verboseIdx: {
-		defaultValue: false,
-		description:  "Enable verbose logging.",
-		long:         "verbose",
-		short:        "v",
-		valueType:    "",
-	},
-
-	versionIdx: {
-		defaultValue: false,
-		description: `Print the version to stdout and quit.  ` +
-			`Print a more detailed version description with -v.`,
-		long:      "version",
-		short:     "",
-		valueType: "",
-	},
-}
-
-// parseOptions parses the command-line options for AdGuardHome.
-func parseOptions(cmdName string, args []string) (opts *options, err error) {
-	flags := flag.NewFlagSet(cmdName, flag.ContinueOnError)
-
-	opts = &options{}
-	for i, fieldPtr := range []any{
-		confFileIdx:      &opts.confFile,
-		logFileIdx:       &opts.logFile,
-		pidFileIdx:       &opts.pidFile,
-		serviceActionIdx: &opts.serviceAction,
-		workDirIdx:       &opts.workDir,
-		webAddrIdx:       &opts.webAddr,
-		checkConfigIdx:   &opts.checkConfig,
-		disableUpdateIdx: &opts.disableUpdate,
-		glinetModeIdx:    &opts.glinetMode,
-		helpIdx:          &opts.help,
-		localFrontend:    &opts.localFrontend,
-		performUpdateIdx: &opts.performUpdate,
-		verboseIdx:       &opts.verbose,
-		versionIdx:       &opts.version,
-	} {
-		addOption(flags, fieldPtr, commandLineOptions[i])
-	}
-
-	flags.Usage = func() { usage(cmdName, os.Stderr) }
-
-	err = flags.Parse(args)
-	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
-		return nil, err
-	}
-
-	return opts, nil
-}
-
-// addOption adds the command-line option described by o to flags using fieldPtr
-// as the pointer to the value.
-func addOption(flags *flag.FlagSet, fieldPtr any, o *commandLineOption) {
-	switch fieldPtr := fieldPtr.(type) {
-	case *string:
-		flags.StringVar(fieldPtr, o.long, o.defaultValue.(string), o.description)
-		if o.short != "" {
-			flags.StringVar(fieldPtr, o.short, o.defaultValue.(string), o.description)
-		}
-	case *bool:
-		flags.BoolVar(fieldPtr, o.long, o.defaultValue.(bool), o.description)
-		if o.short != "" {
-			flags.BoolVar(fieldPtr, o.short, o.defaultValue.(bool), o.description)
-		}
-	case encoding.TextUnmarshaler:
-		flags.TextVar(fieldPtr, o.long, o.defaultValue.(encoding.TextMarshaler), o.description)
-		if o.short != "" {
-			flags.TextVar(fieldPtr, o.short, o.defaultValue.(encoding.TextMarshaler), o.description)
-		}
-	default:
-		panic(fmt.Errorf("unexpected field pointer type %T", fieldPtr))
-	}
-}
-
-// usage prints a usage message similar to the one printed by package flag but
-// taking long vs. short versions into account as well as using more informative
-// value hints.
-func usage(cmdName string, output io.Writer) {
-	options := slices.Clone(commandLineOptions)
-	slices.SortStableFunc(options, func(a, b *commandLineOption) (sortsBefore bool) {
-		return a.long < b.long
-	})
-
-	b := &strings.Builder{}
-	_, _ = fmt.Fprintf(b, "Usage of %s:\n", cmdName)
-
-	for _, o := range options {
-		writeUsageLine(b, o)
-
-		// Use four spaces before the tab to trigger good alignment for both 4-
-		// and 8-space tab stops.
-		if shouldIncludeDefault(o.defaultValue) {
-			_, _ = fmt.Fprintf(b, "    \t%s  (Default value: %q)\n", o.description, o.defaultValue)
-		} else {
-			_, _ = fmt.Fprintf(b, "    \t%s\n", o.description)
-		}
-	}
-
-	_, _ = io.WriteString(output, b.String())
-}
-
-// shouldIncludeDefault returns true if this default value should be printed.
-func shouldIncludeDefault(v any) (ok bool) {
-	switch v := v.(type) {
-	case bool:
-		return v
-	case string:
-		return v != ""
-	default:
-		return v == nil
-	}
-}
-
-// writeUsageLine writes the usage line for the provided command-line option.
-func writeUsageLine(b *strings.Builder, o *commandLineOption) {
-	if o.short == "" {
-		if o.valueType == "" {
-			_, _ = fmt.Fprintf(b, "  --%s\n", o.long)
-		} else {
-			_, _ = fmt.Fprintf(b, "  --%s=%s\n", o.long, o.valueType)
-		}
-
-		return
-	}
-
-	if o.valueType == "" {
-		_, _ = fmt.Fprintf(b, "  --%s/-%s\n", o.long, o.short)
-	} else {
-		_, _ = fmt.Fprintf(b, "  --%[1]s=%[3]s/-%[2]s %[3]s\n", o.long, o.short, o.valueType)
-	}
-}
-
-// processOptions decides if AdGuard Home should exit depending on the results
-// of command-line option parsing.
-func processOptions(
-	opts *options,
-	cmdName string,
-	parseErr error,
-) (exitCode int, needExit bool) {
-	if parseErr != nil {
-		// Assume that usage has already been printed.
-		return statusArgumentError, true
-	}
-
-	if opts.help {
-		usage(cmdName, os.Stdout)
-
-		return statusSuccess, true
-	}
-
-	if opts.version {
-		if opts.verbose {
-			fmt.Println(version.Verbose())
-		} else {
-			fmt.Printf("AdGuard Home %s\n", version.Version())
-		}
-
-		return statusSuccess, true
-	}
-
-	if opts.checkConfig {
-		err := configmgr.Validate(opts.confFile)
-		if err != nil {
-			_, _ = io.WriteString(os.Stdout, err.Error()+"\n")
-
-			return statusError, true
-		}
-
-		return statusSuccess, true
-	}
-
-	return 0, false
-}
-
-// frontendFromOpts returns the frontend to use based on the options.
-func frontendFromOpts(opts *options, embeddedFrontend fs.FS) (frontend fs.FS, err error) {
-	const frontendSubdir = "build/static"
-
-	if opts.localFrontend {
-		log.Info("warning: using local frontend files")
-
-		return os.DirFS(frontendSubdir), nil
-	}
-
-	return fs.Sub(embeddedFrontend, frontendSubdir)
-}

internal/next/cmd/signal.go

@@ -1,167 +0,0 @@
-package cmd
-
-import (
-	"os"
-	"strconv"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/configmgr"
-	"github.com/AdguardTeam/golibs/log"
-	"github.com/google/renameio/maybe"
-)
-
-// signalHandler processes incoming signals and shuts services down.
-type signalHandler struct {
-	// confMgrConf contains the configuration parameters for the configuration
-	// manager.
-	confMgrConf *configmgr.Config
-
-	// signal is the channel to which OS signals are sent.
-	signal chan os.Signal
-
-	// pidFile is the path to the file where to store the PID, if any.
-	pidFile string
-
-	// services are the services that are shut down before application exiting.
-	services []agh.Service
-}
-
-// handle processes OS signals.
-func (h *signalHandler) handle() {
-	defer log.OnPanic("signalHandler.handle")
-
-	h.writePID()
-
-	for sig := range h.signal {
-		log.Info("sighdlr: received signal %q", sig)
-
-		if aghos.IsReconfigureSignal(sig) {
-			h.reconfigure()
-		} else if aghos.IsShutdownSignal(sig) {
-			status := h.shutdown()
-			h.removePID()
-
-			log.Info("sighdlr: exiting with status %d", status)
-
-			os.Exit(status)
-		}
-	}
-}
-
-// reconfigure rereads the configuration file and updates and restarts services.
-func (h *signalHandler) reconfigure() {
-	log.Info("sighdlr: reconfiguring adguard home")
-
-	status := h.shutdown()
-	if status != statusSuccess {
-		log.Info("sighdlr: reconfiguring: exiting with status %d", status)
-
-		os.Exit(status)
-	}
-
-	// TODO(a.garipov): This is a very rough way to do it.  Some services can be
-	// reconfigured without the full shutdown, and the error handling is
-	// currently not the best.
-
-	confMgr, err := newConfigMgr(h.confMgrConf)
-	check(err)
-
-	web := confMgr.Web()
-	err = web.Start()
-	check(err)
-
-	dns := confMgr.DNS()
-	err = dns.Start()
-	check(err)
-
-	h.services = []agh.Service{
-		dns,
-		web,
-	}
-
-	log.Info("sighdlr: successfully reconfigured adguard home")
-}
-
-// Exit status constants.
-const (
-	statusSuccess       = 0
-	statusError         = 1
-	statusArgumentError = 2
-)
-
-// shutdown gracefully shuts down all services.
-func (h *signalHandler) shutdown() (status int) {
-	ctx, cancel := ctxWithDefaultTimeout()
-	defer cancel()
-
-	status = statusSuccess
-
-	log.Info("sighdlr: shutting down services")
-	for i, service := range h.services {
-		err := service.Shutdown(ctx)
-		if err != nil {
-			log.Error("sighdlr: shutting down service at index %d: %s", i, err)
-			status = statusError
-		}
-	}
-
-	return status
-}
-
-// newSignalHandler returns a new signalHandler that shuts down svcs.
-func newSignalHandler(
-	confMgrConf *configmgr.Config,
-	pidFile string,
-	svcs ...agh.Service,
-) (h *signalHandler) {
-	h = &signalHandler{
-		confMgrConf: confMgrConf,
-		signal:      make(chan os.Signal, 1),
-		pidFile:     pidFile,
-		services:    svcs,
-	}
-
-	aghos.NotifyShutdownSignal(h.signal)
-	aghos.NotifyReconfigureSignal(h.signal)
-
-	return h
-}
-
-// writePID writes the PID to the file, if needed.  Any errors are reported to
-// log.
-func (h *signalHandler) writePID() {
-	if h.pidFile == "" {
-		return
-	}
-
-	// Use 8, since most PIDs will fit.
-	data := make([]byte, 0, 8)
-	data = strconv.AppendInt(data, int64(os.Getpid()), 10)
-	data = append(data, '\n')
-
-	err := maybe.WriteFile(h.pidFile, data, 0o644)
-	if err != nil {
-		log.Error("sighdlr: writing pidfile: %s", err)
-
-		return
-	}
-
-	log.Debug("sighdlr: wrote pid to %q", h.pidFile)
-}
-
-// removePID removes the PID file, if any.
-func (h *signalHandler) removePID() {
-	if h.pidFile == "" {
-		return
-	}
-
-	err := os.Remove(h.pidFile)
-	if err != nil {
-		log.Error("sighdlr: removing pidfile: %s", err)
-
-		return
-	}
-
-	log.Debug("sighdlr: removed pid at %q", h.pidFile)
-}

internal/next/configmgr/config.go

@@ -1,123 +0,0 @@
-package configmgr
-
-import (
-	"fmt"
-	"net/netip"
-
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/timeutil"
-)
-
-// Configuration Structures
-
-// config is the top-level on-disk configuration structure.
-type config struct {
-	DNS  *dnsConfig  `yaml:"dns"`
-	HTTP *httpConfig `yaml:"http"`
-	Log  *logConfig  `yaml:"log"`
-	// TODO(a.garipov): Use.
-	SchemaVersion int `yaml:"schema_version"`
-	// TODO(a.garipov): Use.
-	DebugPprof bool `yaml:"debug_pprof"`
-}
-
-const errNoConf errors.Error = "configuration not found"
-
-// validate returns an error if the configuration structure is invalid.
-func (c *config) validate() (err error) {
-	if c == nil {
-		return errNoConf
-	}
-
-	// TODO(a.garipov): Add more validations.
-
-	// Keep this in the same order as the fields in the config.
-	validators := []struct {
-		validate func() (err error)
-		name     string
-	}{{
-		validate: c.DNS.validate,
-		name:     "dns",
-	}, {
-		validate: c.HTTP.validate,
-		name:     "http",
-	}, {
-		validate: c.Log.validate,
-		name:     "log",
-	}}
-
-	for _, v := range validators {
-		err = v.validate()
-		if err != nil {
-			return fmt.Errorf("%s: %w", v.name, err)
-		}
-	}
-
-	return nil
-}
-
-// dnsConfig is the on-disk DNS configuration.
-type dnsConfig struct {
-	Addresses           []netip.AddrPort  `yaml:"addresses"`
-	BootstrapDNS        []string          `yaml:"bootstrap_dns"`
-	UpstreamDNS         []string          `yaml:"upstream_dns"`
-	DNS64Prefixes       []netip.Prefix    `yaml:"dns64_prefixes"`
-	UpstreamTimeout     timeutil.Duration `yaml:"upstream_timeout"`
-	BootstrapPreferIPv6 bool              `yaml:"bootstrap_prefer_ipv6"`
-	UseDNS64            bool              `yaml:"use_dns64"`
-}
-
-// validate returns an error if the DNS configuration structure is invalid.
-//
-// TODO(a.garipov): Add more validations.
-func (c *dnsConfig) validate() (err error) {
-	// TODO(a.garipov): Add more validations.
-	switch {
-	case c == nil:
-		return errNoConf
-	case c.UpstreamTimeout.Duration <= 0:
-		return newMustBePositiveError("upstream_timeout", c.UpstreamTimeout)
-	default:
-		return nil
-	}
-}
-
-// httpConfig is the on-disk web API configuration.
-type httpConfig struct {
-	// TODO(a.garipov): Document the configuration change.
-	Addresses       []netip.AddrPort  `yaml:"addresses"`
-	SecureAddresses []netip.AddrPort  `yaml:"secure_addresses"`
-	Timeout         timeutil.Duration `yaml:"timeout"`
-	ForceHTTPS      bool              `yaml:"force_https"`
-}
-
-// validate returns an error if the HTTP configuration structure is invalid.
-//
-// TODO(a.garipov): Add more validations.
-func (c *httpConfig) validate() (err error) {
-	switch {
-	case c == nil:
-		return errNoConf
-	case c.Timeout.Duration <= 0:
-		return newMustBePositiveError("timeout", c.Timeout)
-	default:
-		return nil
-	}
-}
-
-// logConfig is the on-disk web API configuration.
-type logConfig struct {
-	// TODO(a.garipov): Use.
-	Verbose bool `yaml:"verbose"`
-}
-
-// validate returns an error if the HTTP configuration structure is invalid.
-//
-// TODO(a.garipov): Add more validations.
-func (c *logConfig) validate() (err error) {
-	if c == nil {
-		return errNoConf
-	}
-
-	return nil
-}

internal/next/configmgr/configmgr.go

@@ -1,298 +0,0 @@
-// Package configmgr defines the AdGuard Home on-disk configuration entities and
-// configuration manager.
-//
-// TODO(a.garipov): Add tests.
-package configmgr
-
-import (
-	"context"
-	"fmt"
-	"io/fs"
-	"net/netip"
-	"os"
-	"sync"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/log"
-	"github.com/AdguardTeam/golibs/timeutil"
-	"github.com/google/renameio/maybe"
-	"golang.org/x/exp/slices"
-	"gopkg.in/yaml.v3"
-)
-
-// Configuration Manager
-
-// Manager handles full and partial changes in the configuration, persisting
-// them to disk if necessary.
-//
-// TODO(a.garipov): Support missing configs and default values.
-type Manager struct {
-	// updMu makes sure that at most one reconfiguration is performed at a time.
-	// updMu protects all fields below.
-	updMu *sync.RWMutex
-
-	// dns is the DNS service.
-	dns *dnssvc.Service
-
-	// Web is the Web API service.
-	web *websvc.Service
-
-	// current is the current configuration.
-	current *config
-
-	// fileName is the name of the configuration file.
-	fileName string
-}
-
-// Validate returns an error if the configuration file with the given name does
-// not exist or is invalid.
-func Validate(fileName string) (err error) {
-	conf, err := read(fileName)
-	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
-		return err
-	}
-
-	// Don't wrap the error, because it's informative enough as is.
-	return conf.validate()
-}
-
-// Config contains the configuration parameters for the configuration manager.
-type Config struct {
-	// Frontend is the filesystem with the frontend files.
-	Frontend fs.FS
-
-	// WebAddr is the initial or override address for the Web UI.  It is not
-	// written to the configuration file.
-	WebAddr netip.AddrPort
-
-	// Start is the time of start of AdGuard Home.
-	Start time.Time
-
-	// FileName is the path to the configuration file.
-	FileName string
-}
-
-// New creates a new *Manager that persists changes to the file pointed to by
-// c.FileName.  It reads the configuration file and populates the service
-// fields.  c must not be nil.
-func New(ctx context.Context, c *Config) (m *Manager, err error) {
-	conf, err := read(c.FileName)
-	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
-		return nil, err
-	}
-
-	err = conf.validate()
-	if err != nil {
-		return nil, fmt.Errorf("validating config: %w", err)
-	}
-
-	m = &Manager{
-		updMu:    &sync.RWMutex{},
-		current:  conf,
-		fileName: c.FileName,
-	}
-
-	err = m.assemble(ctx, conf, c.Frontend, c.WebAddr, c.Start)
-	if err != nil {
-		return nil, fmt.Errorf("creating config manager: %w", err)
-	}
-
-	return m, nil
-}
-
-// read reads and decodes configuration from the provided filename.
-func read(fileName string) (conf *config, err error) {
-	defer func() { err = errors.Annotate(err, "reading config: %w") }()
-
-	conf = &config{}
-	f, err := os.Open(fileName)
-	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
-		return nil, err
-	}
-	defer func() { err = errors.WithDeferred(err, f.Close()) }()
-
-	err = yaml.NewDecoder(f).Decode(conf)
-	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
-		return nil, err
-	}
-
-	return conf, nil
-}
-
-// assemble creates all services and puts them into the corresponding fields.
-// The fields of conf must not be modified after calling assemble.
-func (m *Manager) assemble(
-	ctx context.Context,
-	conf *config,
-	frontend fs.FS,
-	webAddr netip.AddrPort,
-	start time.Time,
-) (err error) {
-	dnsConf := &dnssvc.Config{
-		Addresses:           conf.DNS.Addresses,
-		BootstrapServers:    conf.DNS.BootstrapDNS,
-		UpstreamServers:     conf.DNS.UpstreamDNS,
-		DNS64Prefixes:       conf.DNS.DNS64Prefixes,
-		UpstreamTimeout:     conf.DNS.UpstreamTimeout.Duration,
-		BootstrapPreferIPv6: conf.DNS.BootstrapPreferIPv6,
-		UseDNS64:            conf.DNS.UseDNS64,
-	}
-	err = m.updateDNS(ctx, dnsConf)
-	if err != nil {
-		return fmt.Errorf("assembling dnssvc: %w", err)
-	}
-
-	webSvcConf := &websvc.Config{
-		ConfigManager: m,
-		Frontend:      frontend,
-		// TODO(a.garipov): Fill from config file.
-		TLS:             nil,
-		Start:           start,
-		Addresses:       conf.HTTP.Addresses,
-		SecureAddresses: conf.HTTP.SecureAddresses,
-		OverrideAddress: webAddr,
-		Timeout:         conf.HTTP.Timeout.Duration,
-		ForceHTTPS:      conf.HTTP.ForceHTTPS,
-	}
-
-	err = m.updateWeb(ctx, webSvcConf)
-	if err != nil {
-		return fmt.Errorf("assembling websvc: %w", err)
-	}
-
-	return nil
-}
-
-// write writes the current configuration to disk.
-func (m *Manager) write() (err error) {
-	b, err := yaml.Marshal(m.current)
-	if err != nil {
-		return fmt.Errorf("encoding: %w", err)
-	}
-
-	err = maybe.WriteFile(m.fileName, b, 0o644)
-	if err != nil {
-		return fmt.Errorf("writing: %w", err)
-	}
-
-	log.Info("configmgr: written to %q", m.fileName)
-
-	return nil
-}
-
-// DNS returns the current DNS service.  It is safe for concurrent use.
-func (m *Manager) DNS() (dns agh.ServiceWithConfig[*dnssvc.Config]) {
-	m.updMu.RLock()
-	defer m.updMu.RUnlock()
-
-	return m.dns
-}
-
-// UpdateDNS implements the [websvc.ConfigManager] interface for *Manager.  The
-// fields of c must not be modified after calling UpdateDNS.
-func (m *Manager) UpdateDNS(ctx context.Context, c *dnssvc.Config) (err error) {
-	m.updMu.Lock()
-	defer m.updMu.Unlock()
-
-	// TODO(a.garipov): Update and write the configuration file.  Return an
-	// error if something went wrong.
-
-	err = m.updateDNS(ctx, c)
-	if err != nil {
-		return fmt.Errorf("reassembling dnssvc: %w", err)
-	}
-
-	m.updateCurrentDNS(c)
-
-	return m.write()
-}
-
-// updateDNS recreates the DNS service.  m.updMu is expected to be locked.
-func (m *Manager) updateDNS(ctx context.Context, c *dnssvc.Config) (err error) {
-	if prev := m.dns; prev != nil {
-		err = prev.Shutdown(ctx)
-		if err != nil {
-			return fmt.Errorf("shutting down dns svc: %w", err)
-		}
-	}
-
-	svc, err := dnssvc.New(c)
-	if err != nil {
-		return fmt.Errorf("creating dns svc: %w", err)
-	}
-
-	m.dns = svc
-
-	return nil
-}
-
-// updateCurrentDNS updates the DNS configuration in the current config.
-func (m *Manager) updateCurrentDNS(c *dnssvc.Config) {
-	m.current.DNS.Addresses = slices.Clone(c.Addresses)
-	m.current.DNS.BootstrapDNS = slices.Clone(c.BootstrapServers)
-	m.current.DNS.UpstreamDNS = slices.Clone(c.UpstreamServers)
-	m.current.DNS.DNS64Prefixes = slices.Clone(c.DNS64Prefixes)
-	m.current.DNS.UpstreamTimeout = timeutil.Duration{Duration: c.UpstreamTimeout}
-	m.current.DNS.BootstrapPreferIPv6 = c.BootstrapPreferIPv6
-	m.current.DNS.UseDNS64 = c.UseDNS64
-}
-
-// Web returns the current web service.  It is safe for concurrent use.
-func (m *Manager) Web() (web agh.ServiceWithConfig[*websvc.Config]) {
-	m.updMu.RLock()
-	defer m.updMu.RUnlock()
-
-	return m.web
-}
-
-// UpdateWeb implements the [websvc.ConfigManager] interface for *Manager.  The
-// fields of c must not be modified after calling UpdateWeb.
-func (m *Manager) UpdateWeb(ctx context.Context, c *websvc.Config) (err error) {
-	m.updMu.Lock()
-	defer m.updMu.Unlock()
-
-	// TODO(a.garipov): Update and write the configuration file.  Return an
-	// error if something went wrong.
-
-	err = m.updateWeb(ctx, c)
-	if err != nil {
-		return fmt.Errorf("reassembling websvc: %w", err)
-	}
-
-	m.updateCurrentWeb(c)
-
-	return m.write()
-}
-
-// updateWeb recreates the web service.  m.upd is expected to be locked.
-func (m *Manager) updateWeb(ctx context.Context, c *websvc.Config) (err error) {
-	if prev := m.web; prev != nil {
-		err = prev.Shutdown(ctx)
-		if err != nil {
-			return fmt.Errorf("shutting down web svc: %w", err)
-		}
-	}
-
-	m.web, err = websvc.New(c)
-	if err != nil {
-		return fmt.Errorf("creating web svc: %w", err)
-	}
-
-	return nil
-}
-
-// updateCurrentWeb updates the web configuration in the current config.
-func (m *Manager) updateCurrentWeb(c *websvc.Config) {
-	m.current.HTTP.Addresses = slices.Clone(c.Addresses)
-	m.current.HTTP.SecureAddresses = slices.Clone(c.SecureAddresses)
-	m.current.HTTP.Timeout = timeutil.Duration{Duration: c.Timeout}
-	m.current.HTTP.ForceHTTPS = c.ForceHTTPS
-}

internal/next/configmgr/error.go

@@ -1,27 +0,0 @@
-package configmgr
-
-import (
-	"fmt"
-
-	"github.com/AdguardTeam/golibs/timeutil"
-	"golang.org/x/exp/constraints"
-)
-
-// numberOrDuration is the constraint for integer types along with
-// timeutil.Duration.
-type numberOrDuration interface {
-	constraints.Integer | timeutil.Duration
-}
-
-// newMustBePositiveError returns an error about the value that must be positive
-// but isn't.  prop is the name of the property to mention in the error message.
-//
-// TODO(a.garipov): Consider moving such helpers to golibs and use in AdGuardDNS
-// as well.
-func newMustBePositiveError[T numberOrDuration](prop string, v T) (err error) {
-	if s, ok := any(v).(fmt.Stringer); ok {
-		return fmt.Errorf("%s must be positive, got %s", prop, s)
-	}
-
-	return fmt.Errorf("%s must be positive, got %d", prop, v)
-}

internal/next/dnssvc/config.go

@@ -1,35 +0,0 @@
-package dnssvc
-
-import (
-	"net/netip"
-	"time"
-)
-
-// Config is the AdGuard Home DNS service configuration structure.
-//
-// TODO(a.garipov): Add timeout for incoming requests.
-type Config struct {
-	// Addresses are the addresses on which to serve plain DNS queries.
-	Addresses []netip.AddrPort
-
-	// BootstrapServers are the addresses of DNS servers used for bootstrapping
-	// the upstream DNS server addresses.
-	BootstrapServers []string
-
-	// UpstreamServers are the upstream DNS server addresses to use.
-	UpstreamServers []string
-
-	// DNS64Prefixes is a slice of NAT64 prefixes to be used for DNS64.  See
-	// also [Config.UseDNS64].
-	DNS64Prefixes []netip.Prefix
-
-	// UpstreamTimeout is the timeout for upstream requests.
-	UpstreamTimeout time.Duration
-
-	// BootstrapPreferIPv6, if true, instructs the bootstrapper to prefer IPv6
-	// addresses to IPv4 ones when bootstrapping.
-	BootstrapPreferIPv6 bool
-
-	// UseDNS64, if true, enables DNS64 protection for incoming requests.
-	UseDNS64 bool
-}

internal/next/dnssvc/dnssvc.go

@@ -1,202 +0,0 @@
-// Package dnssvc contains the AdGuard Home DNS service.
-//
-// TODO(a.garipov): Define, if all methods of a *Service should work with a nil
-// receiver.
-package dnssvc
-
-import (
-	"context"
-	"fmt"
-	"net"
-	"net/netip"
-	"sync/atomic"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	// TODO(a.garipov): Add a “dnsproxy proxy” package to shield us from changes
-	// and replacement of module dnsproxy.
-	"github.com/AdguardTeam/dnsproxy/proxy"
-	"github.com/AdguardTeam/dnsproxy/upstream"
-)
-
-// Service is the AdGuard Home DNS service.  A nil *Service is a valid
-// [agh.Service] that does nothing.
-//
-// TODO(a.garipov): Consider saving a [*proxy.Config] instance for those
-// fields that are only used in [New] and [Service.Config].
-type Service struct {
-	proxy               *proxy.Proxy
-	bootstraps          []string
-	upstreams           []string
-	dns64Prefixes       []netip.Prefix
-	upsTimeout          time.Duration
-	running             atomic.Bool
-	bootstrapPreferIPv6 bool
-	useDNS64            bool
-}
-
-// New returns a new properly initialized *Service.  If c is nil, svc is a nil
-// *Service that does nothing.  The fields of c must not be modified after
-// calling New.
-func New(c *Config) (svc *Service, err error) {
-	if c == nil {
-		return nil, nil
-	}
-
-	svc = &Service{
-		bootstraps:          c.BootstrapServers,
-		upstreams:           c.UpstreamServers,
-		dns64Prefixes:       c.DNS64Prefixes,
-		upsTimeout:          c.UpstreamTimeout,
-		bootstrapPreferIPv6: c.BootstrapPreferIPv6,
-		useDNS64:            c.UseDNS64,
-	}
-
-	upstreams, err := addressesToUpstreams(
-		c.UpstreamServers,
-		c.BootstrapServers,
-		c.UpstreamTimeout,
-		c.BootstrapPreferIPv6,
-	)
-	if err != nil {
-		return nil, fmt.Errorf("converting upstreams: %w", err)
-	}
-
-	svc.proxy = &proxy.Proxy{
-		Config: proxy.Config{
-			UDPListenAddr: udpAddrs(c.Addresses),
-			TCPListenAddr: tcpAddrs(c.Addresses),
-			UpstreamConfig: &proxy.UpstreamConfig{
-				Upstreams: upstreams,
-			},
-			UseDNS64:   c.UseDNS64,
-			DNS64Prefs: c.DNS64Prefixes,
-		},
-	}
-
-	err = svc.proxy.Init()
-	if err != nil {
-		return nil, fmt.Errorf("proxy: %w", err)
-	}
-
-	return svc, nil
-}
-
-// addressesToUpstreams is a wrapper around [upstream.AddressToUpstream].  It
-// accepts a slice of addresses and other upstream parameters, and returns a
-// slice of upstreams.
-func addressesToUpstreams(
-	upsStrs []string,
-	bootstraps []string,
-	timeout time.Duration,
-	preferIPv6 bool,
-) (upstreams []upstream.Upstream, err error) {
-	upstreams = make([]upstream.Upstream, len(upsStrs))
-	for i, upsStr := range upsStrs {
-		upstreams[i], err = upstream.AddressToUpstream(upsStr, &upstream.Options{
-			Bootstrap:  bootstraps,
-			Timeout:    timeout,
-			PreferIPv6: preferIPv6,
-		})
-		if err != nil {
-			return nil, fmt.Errorf("upstream at index %d: %w", i, err)
-		}
-	}
-
-	return upstreams, nil
-}
-
-// tcpAddrs converts []netip.AddrPort into []*net.TCPAddr.
-func tcpAddrs(addrPorts []netip.AddrPort) (tcpAddrs []*net.TCPAddr) {
-	if addrPorts == nil {
-		return nil
-	}
-
-	tcpAddrs = make([]*net.TCPAddr, len(addrPorts))
-	for i, a := range addrPorts {
-		tcpAddrs[i] = net.TCPAddrFromAddrPort(a)
-	}
-
-	return tcpAddrs
-}
-
-// udpAddrs converts []netip.AddrPort into []*net.UDPAddr.
-func udpAddrs(addrPorts []netip.AddrPort) (udpAddrs []*net.UDPAddr) {
-	if addrPorts == nil {
-		return nil
-	}
-
-	udpAddrs = make([]*net.UDPAddr, len(addrPorts))
-	for i, a := range addrPorts {
-		udpAddrs[i] = net.UDPAddrFromAddrPort(a)
-	}
-
-	return udpAddrs
-}
-
-// type check
-var _ agh.Service = (*Service)(nil)
-
-// Start implements the [agh.Service] interface for *Service.  svc may be nil.
-// After Start exits, all DNS servers have tried to start, but there is no
-// guarantee that they did.  Errors from the servers are written to the log.
-func (svc *Service) Start() (err error) {
-	if svc == nil {
-		return nil
-	}
-
-	defer func() {
-		// TODO(a.garipov): [proxy.Proxy.Start] doesn't actually have any way to
-		// tell when all servers are actually up, so at best this is merely an
-		// assumption.
-		svc.running.Store(err == nil)
-	}()
-
-	return svc.proxy.Start()
-}
-
-// Shutdown implements the [agh.Service] interface for *Service.  svc may be
-// nil.
-func (svc *Service) Shutdown(ctx context.Context) (err error) {
-	if svc == nil {
-		return nil
-	}
-
-	return svc.proxy.Stop()
-}
-
-// Config returns the current configuration of the web service.  Config must not
-// be called simultaneously with Start.  If svc was initialized with ":0"
-// addresses, addrs will not return the actual bound ports until Start is
-// finished.
-func (svc *Service) Config() (c *Config) {
-	// TODO(a.garipov): Do we need to get the TCP addresses separately?
-
-	var addrs []netip.AddrPort
-	if svc.running.Load() {
-		udpAddrs := svc.proxy.Addrs(proxy.ProtoUDP)
-		addrs = make([]netip.AddrPort, len(udpAddrs))
-		for i, a := range udpAddrs {
-			addrs[i] = a.(*net.UDPAddr).AddrPort()
-		}
-	} else {
-		conf := svc.proxy.Config
-		udpAddrs := conf.UDPListenAddr
-		addrs = make([]netip.AddrPort, len(udpAddrs))
-		for i, a := range udpAddrs {
-			addrs[i] = a.AddrPort()
-		}
-	}
-
-	c = &Config{
-		Addresses:           addrs,
-		BootstrapServers:    svc.bootstraps,
-		UpstreamServers:     svc.upstreams,
-		DNS64Prefixes:       svc.dns64Prefixes,
-		UpstreamTimeout:     svc.upsTimeout,
-		BootstrapPreferIPv6: svc.bootstrapPreferIPv6,
-		UseDNS64:            svc.useDNS64,
-	}
-
-	return c
-}

internal/next/dnssvc/dnssvc_test.go

@@ -1,125 +0,0 @@
-package dnssvc_test
-
-import (
-	"context"
-	"net/netip"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/golibs/testutil"
-	"github.com/miekg/dns"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestMain(m *testing.M) {
-	testutil.DiscardLogOutput(m)
-}
-
-// testTimeout is the common timeout for tests.
-const testTimeout = 1 * time.Second
-
-func TestService(t *testing.T) {
-	const (
-		listenAddr    = "127.0.0.1:0"
-		bootstrapAddr = "127.0.0.1:0"
-		upstreamAddr  = "upstream.example"
-	)
-
-	upstreamErrCh := make(chan error, 1)
-	upstreamStartedCh := make(chan struct{})
-	upstreamSrv := &dns.Server{
-		Addr: bootstrapAddr,
-		Net:  "udp",
-		Handler: dns.HandlerFunc(func(w dns.ResponseWriter, req *dns.Msg) {
-			pt := testutil.PanicT{}
-
-			resp := (&dns.Msg{}).SetReply(req)
-			resp.Answer = append(resp.Answer, &dns.A{
-				Hdr: dns.RR_Header{},
-				A:   netip.MustParseAddrPort(bootstrapAddr).Addr().AsSlice(),
-			})
-
-			writeErr := w.WriteMsg(resp)
-			require.NoError(pt, writeErr)
-		}),
-		NotifyStartedFunc: func() { close(upstreamStartedCh) },
-	}
-
-	go func() {
-		listenErr := upstreamSrv.ListenAndServe()
-		if listenErr != nil {
-			// Log these immediately to see what happens.
-			t.Logf("upstream listen error: %s", listenErr)
-		}
-
-		upstreamErrCh <- listenErr
-	}()
-
-	_, _ = testutil.RequireReceive(t, upstreamStartedCh, testTimeout)
-
-	c := &dnssvc.Config{
-		Addresses:           []netip.AddrPort{netip.MustParseAddrPort(listenAddr)},
-		BootstrapServers:    []string{upstreamSrv.PacketConn.LocalAddr().String()},
-		UpstreamServers:     []string{upstreamAddr},
-		DNS64Prefixes:       nil,
-		UpstreamTimeout:     testTimeout,
-		BootstrapPreferIPv6: false,
-		UseDNS64:            false,
-	}
-
-	svc, err := dnssvc.New(c)
-	require.NoError(t, err)
-
-	err = svc.Start()
-	require.NoError(t, err)
-
-	gotConf := svc.Config()
-	require.NotNil(t, gotConf)
-	require.Len(t, gotConf.Addresses, 1)
-
-	addr := gotConf.Addresses[0]
-
-	t.Run("dns", func(t *testing.T) {
-		req := &dns.Msg{
-			MsgHdr: dns.MsgHdr{
-				Id:               dns.Id(),
-				RecursionDesired: true,
-			},
-			Question: []dns.Question{{
-				Name:   "example.com.",
-				Qtype:  dns.TypeA,
-				Qclass: dns.ClassINET,
-			}},
-		}
-
-		ctx, cancel := context.WithTimeout(context.Background(), testTimeout)
-		defer cancel()
-
-		cli := &dns.Client{}
-
-		var resp *dns.Msg
-		require.Eventually(t, func() (ok bool) {
-			var excErr error
-			resp, _, excErr = cli.ExchangeContext(ctx, req, addr.String())
-
-			return excErr == nil
-		}, testTimeout, testTimeout/10)
-
-		assert.NotNil(t, resp)
-	})
-
-	ctx, cancel := context.WithTimeout(context.Background(), testTimeout)
-	defer cancel()
-
-	err = svc.Shutdown(ctx)
-	require.NoError(t, err)
-
-	err = upstreamSrv.Shutdown()
-	require.NoError(t, err)
-
-	err, ok := testutil.RequireReceive(t, upstreamErrCh, testTimeout)
-	require.True(t, ok)
-	require.NoError(t, err)
-}

internal/next/websvc/dns.go

@@ -1,96 +0,0 @@
-package websvc
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/netip"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-)
-
-// DNS Settings Handlers
-
-// ReqPatchSettingsDNS describes the request to the PATCH /api/v1/settings/dns
-// HTTP API.
-type ReqPatchSettingsDNS struct {
-	// TODO(a.garipov): Add more as we go.
-
-	Addresses           []netip.AddrPort `json:"addresses"`
-	BootstrapServers    []string         `json:"bootstrap_servers"`
-	UpstreamServers     []string         `json:"upstream_servers"`
-	DNS64Prefixes       []netip.Prefix   `json:"dns64_prefixes"`
-	UpstreamTimeout     JSONDuration     `json:"upstream_timeout"`
-	BootstrapPreferIPv6 bool             `json:"bootstrap_prefer_ipv6"`
-	UseDNS64            bool             `json:"use_dns64"`
-}
-
-// HTTPAPIDNSSettings are the DNS settings as used by the HTTP API.  See the
-// DnsSettings object in the OpenAPI specification.
-type HTTPAPIDNSSettings struct {
-	// TODO(a.garipov): Add more as we go.
-
-	Addresses           []netip.AddrPort `json:"addresses"`
-	BootstrapServers    []string         `json:"bootstrap_servers"`
-	UpstreamServers     []string         `json:"upstream_servers"`
-	DNS64Prefixes       []netip.Prefix   `json:"dns64_prefixes"`
-	UpstreamTimeout     JSONDuration     `json:"upstream_timeout"`
-	BootstrapPreferIPv6 bool             `json:"bootstrap_prefer_ipv6"`
-	UseDNS64            bool             `json:"use_dns64"`
-}
-
-// handlePatchSettingsDNS is the handler for the PATCH /api/v1/settings/dns HTTP
-// API.
-func (svc *Service) handlePatchSettingsDNS(w http.ResponseWriter, r *http.Request) {
-	req := &ReqPatchSettingsDNS{
-		Addresses:        []netip.AddrPort{},
-		BootstrapServers: []string{},
-		UpstreamServers:  []string{},
-	}
-
-	// TODO(a.garipov): Validate nulls and proper JSON patch.
-
-	err := json.NewDecoder(r.Body).Decode(&req)
-	if err != nil {
-		writeJSONErrorResponse(w, r, fmt.Errorf("decoding: %w", err))
-
-		return
-	}
-
-	newConf := &dnssvc.Config{
-		Addresses:           req.Addresses,
-		BootstrapServers:    req.BootstrapServers,
-		UpstreamServers:     req.UpstreamServers,
-		DNS64Prefixes:       req.DNS64Prefixes,
-		UpstreamTimeout:     time.Duration(req.UpstreamTimeout),
-		BootstrapPreferIPv6: req.BootstrapPreferIPv6,
-		UseDNS64:            req.UseDNS64,
-	}
-
-	ctx := r.Context()
-	err = svc.confMgr.UpdateDNS(ctx, newConf)
-	if err != nil {
-		writeJSONErrorResponse(w, r, fmt.Errorf("updating: %w", err))
-
-		return
-	}
-
-	newSvc := svc.confMgr.DNS()
-	err = newSvc.Start()
-	if err != nil {
-		writeJSONErrorResponse(w, r, fmt.Errorf("starting new service: %w", err))
-
-		return
-	}
-
-	writeJSONOKResponse(w, r, &HTTPAPIDNSSettings{
-		Addresses:           newConf.Addresses,
-		BootstrapServers:    newConf.BootstrapServers,
-		UpstreamServers:     newConf.UpstreamServers,
-		DNS64Prefixes:       newConf.DNS64Prefixes,
-		UpstreamTimeout:     JSONDuration(newConf.UpstreamTimeout),
-		BootstrapPreferIPv6: newConf.BootstrapPreferIPv6,
-		UseDNS64:            newConf.UseDNS64,
-	})
-}

internal/next/websvc/dns_test.go

@@ -1,74 +0,0 @@
-package websvc_test
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"net/netip"
-	"net/url"
-	"sync/atomic"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestService_HandlePatchSettingsDNS(t *testing.T) {
-	wantDNS := &websvc.HTTPAPIDNSSettings{
-		Addresses:           []netip.AddrPort{netip.MustParseAddrPort("127.0.1.1:53")},
-		BootstrapServers:    []string{"1.0.0.1"},
-		UpstreamServers:     []string{"1.1.1.1"},
-		DNS64Prefixes:       []netip.Prefix{netip.MustParsePrefix("1234::/64")},
-		UpstreamTimeout:     websvc.JSONDuration(2 * time.Second),
-		BootstrapPreferIPv6: true,
-		UseDNS64:            true,
-	}
-
-	var started atomic.Bool
-	confMgr := newConfigManager()
-	confMgr.onDNS = func() (s agh.ServiceWithConfig[*dnssvc.Config]) {
-		return &aghtest.ServiceWithConfig[*dnssvc.Config]{
-			OnStart: func() (err error) {
-				started.Store(true)
-
-				return nil
-			},
-			OnShutdown: func(_ context.Context) (err error) { panic("not implemented") },
-			OnConfig:   func() (c *dnssvc.Config) { panic("not implemented") },
-		}
-	}
-	confMgr.onUpdateDNS = func(ctx context.Context, c *dnssvc.Config) (err error) {
-		return nil
-	}
-
-	_, addr := newTestServer(t, confMgr)
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addr.String(),
-		Path:   websvc.PathV1SettingsDNS,
-	}
-
-	req := jobj{
-		"addresses":             wantDNS.Addresses,
-		"bootstrap_servers":     wantDNS.BootstrapServers,
-		"upstream_servers":      wantDNS.UpstreamServers,
-		"dns64_prefixes":        wantDNS.DNS64Prefixes,
-		"upstream_timeout":      wantDNS.UpstreamTimeout,
-		"bootstrap_prefer_ipv6": wantDNS.BootstrapPreferIPv6,
-		"use_dns64":             wantDNS.UseDNS64,
-	}
-
-	respBody := httpPatch(t, u, req, http.StatusOK)
-	resp := &websvc.HTTPAPIDNSSettings{}
-	err := json.Unmarshal(respBody, resp)
-	require.NoError(t, err)
-
-	assert.True(t, started.Load())
-	assert.Equal(t, wantDNS, resp)
-	assert.Equal(t, wantDNS, resp)
-}

internal/next/websvc/http.go

@@ -1,118 +0,0 @@
-package websvc
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"net/netip"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// HTTP Settings Handlers
-
-// ReqPatchSettingsHTTP describes the request to the PATCH /api/v1/settings/http
-// HTTP API.
-type ReqPatchSettingsHTTP struct {
-	// TODO(a.garipov): Add more as we go.
-	//
-	// TODO(a.garipov): Add wait time.
-
-	Addresses       []netip.AddrPort `json:"addresses"`
-	SecureAddresses []netip.AddrPort `json:"secure_addresses"`
-	Timeout         JSONDuration     `json:"timeout"`
-}
-
-// HTTPAPIHTTPSettings are the HTTP settings as used by the HTTP API.  See the
-// HttpSettings object in the OpenAPI specification.
-type HTTPAPIHTTPSettings struct {
-	// TODO(a.garipov): Add more as we go.
-
-	Addresses       []netip.AddrPort `json:"addresses"`
-	SecureAddresses []netip.AddrPort `json:"secure_addresses"`
-	Timeout         JSONDuration     `json:"timeout"`
-	ForceHTTPS      bool             `json:"force_https"`
-}
-
-// handlePatchSettingsHTTP is the handler for the PATCH /api/v1/settings/http
-// HTTP API.
-func (svc *Service) handlePatchSettingsHTTP(w http.ResponseWriter, r *http.Request) {
-	req := &ReqPatchSettingsHTTP{}
-
-	// TODO(a.garipov): Validate nulls and proper JSON patch.
-
-	err := json.NewDecoder(r.Body).Decode(&req)
-	if err != nil {
-		writeJSONErrorResponse(w, r, fmt.Errorf("decoding: %w", err))
-
-		return
-	}
-
-	newConf := &Config{
-		ConfigManager:   svc.confMgr,
-		Frontend:        svc.frontend,
-		TLS:             svc.tls,
-		Addresses:       req.Addresses,
-		SecureAddresses: req.SecureAddresses,
-		Timeout:         time.Duration(req.Timeout),
-		ForceHTTPS:      svc.forceHTTPS,
-	}
-
-	writeJSONOKResponse(w, r, &HTTPAPIHTTPSettings{
-		Addresses:       newConf.Addresses,
-		SecureAddresses: newConf.SecureAddresses,
-		Timeout:         JSONDuration(newConf.Timeout),
-		ForceHTTPS:      newConf.ForceHTTPS,
-	})
-
-	cancelUpd := func() {}
-	updCtx := context.Background()
-
-	ctx := r.Context()
-	if deadline, ok := ctx.Deadline(); ok {
-		updCtx, cancelUpd = context.WithDeadline(updCtx, deadline)
-	}
-
-	// Launch the new HTTP service in a separate goroutine to let this handler
-	// finish and thus, this server to shutdown.
-	go svc.relaunch(updCtx, cancelUpd, newConf)
-}
-
-// relaunch updates the web service in the configuration manager and starts it.
-// It is intended to be used as a goroutine.
-func (svc *Service) relaunch(ctx context.Context, cancel context.CancelFunc, newConf *Config) {
-	defer log.OnPanic("websvc: relaunching")
-
-	defer cancel()
-
-	err := svc.confMgr.UpdateWeb(ctx, newConf)
-	if err != nil {
-		log.Error("websvc: updating web: %s", err)
-
-		return
-	}
-
-	// TODO(a.garipov): Consider better ways to do this.
-	const maxUpdDur = 5 * time.Second
-	updStart := time.Now()
-	var newSvc agh.ServiceWithConfig[*Config]
-	for newSvc = svc.confMgr.Web(); newSvc == svc; {
-		if time.Since(updStart) >= maxUpdDur {
-			log.Error("websvc: failed to update svc after %s", maxUpdDur)
-
-			return
-		}
-
-		log.Debug("websvc: waiting for new websvc to be configured")
-
-		time.Sleep(100 * time.Millisecond)
-	}
-
-	err = newSvc.Start()
-	if err != nil {
-		log.Error("websvc: new svc failed to start with error: %s", err)
-	}
-}

internal/next/websvc/http_test.go

@@ -1,62 +0,0 @@
-package websvc_test
-
-import (
-	"context"
-	"crypto/tls"
-	"encoding/json"
-	"net/http"
-	"net/netip"
-	"net/url"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestService_HandlePatchSettingsHTTP(t *testing.T) {
-	wantWeb := &websvc.HTTPAPIHTTPSettings{
-		Addresses:       []netip.AddrPort{netip.MustParseAddrPort("127.0.1.1:80")},
-		SecureAddresses: []netip.AddrPort{netip.MustParseAddrPort("127.0.1.1:443")},
-		Timeout:         websvc.JSONDuration(10 * time.Second),
-		ForceHTTPS:      false,
-	}
-
-	svc, err := websvc.New(&websvc.Config{
-		TLS: &tls.Config{
-			Certificates: []tls.Certificate{{}},
-		},
-		Addresses:       []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:80")},
-		SecureAddresses: []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:443")},
-		Timeout:         5 * time.Second,
-		ForceHTTPS:      true,
-	})
-	require.NoError(t, err)
-
-	confMgr := newConfigManager()
-	confMgr.onWeb = func() (s agh.ServiceWithConfig[*websvc.Config]) { return svc }
-	confMgr.onUpdateWeb = func(ctx context.Context, c *websvc.Config) (err error) { return nil }
-
-	_, addr := newTestServer(t, confMgr)
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addr.String(),
-		Path:   websvc.PathV1SettingsHTTP,
-	}
-
-	req := jobj{
-		"addresses":        wantWeb.Addresses,
-		"secure_addresses": wantWeb.SecureAddresses,
-		"timeout":          wantWeb.Timeout,
-		"force_https":      wantWeb.ForceHTTPS,
-	}
-
-	respBody := httpPatch(t, u, req, http.StatusOK)
-	resp := &websvc.HTTPAPIHTTPSettings{}
-	err = json.Unmarshal(respBody, resp)
-	require.NoError(t, err)
-
-	assert.Equal(t, wantWeb, resp)
-}

internal/next/websvc/json.go

@@ -1,144 +0,0 @@
-package websvc
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"strconv"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
-	"github.com/AdguardTeam/golibs/httphdr"
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// JSON Utilities
-
-// nsecPerMsec is the number of nanoseconds in a millisecond.
-const nsecPerMsec = float64(time.Millisecond / time.Nanosecond)
-
-// JSONDuration is a time.Duration that can be decoded from JSON and encoded
-// into JSON according to our API conventions.
-type JSONDuration time.Duration
-
-// type check
-var _ json.Marshaler = JSONDuration(0)
-
-// MarshalJSON implements the json.Marshaler interface for JSONDuration.  err is
-// always nil.
-func (d JSONDuration) MarshalJSON() (b []byte, err error) {
-	msec := float64(time.Duration(d)) / nsecPerMsec
-	b = strconv.AppendFloat(nil, msec, 'f', -1, 64)
-
-	return b, nil
-}
-
-// type check
-var _ json.Unmarshaler = (*JSONDuration)(nil)
-
-// UnmarshalJSON implements the json.Marshaler interface for *JSONDuration.
-func (d *JSONDuration) UnmarshalJSON(b []byte) (err error) {
-	if d == nil {
-		return fmt.Errorf("json duration is nil")
-	}
-
-	msec, err := strconv.ParseFloat(string(b), 64)
-	if err != nil {
-		return fmt.Errorf("parsing json time: %w", err)
-	}
-
-	*d = JSONDuration(int64(msec * nsecPerMsec))
-
-	return nil
-}
-
-// JSONTime is a time.Time that can be decoded from JSON and encoded into JSON
-// according to our API conventions.
-type JSONTime time.Time
-
-// type check
-var _ json.Marshaler = JSONTime{}
-
-// MarshalJSON implements the json.Marshaler interface for JSONTime.  err is
-// always nil.
-func (t JSONTime) MarshalJSON() (b []byte, err error) {
-	msec := float64(time.Time(t).UnixNano()) / nsecPerMsec
-	b = strconv.AppendFloat(nil, msec, 'f', -1, 64)
-
-	return b, nil
-}
-
-// type check
-var _ json.Unmarshaler = (*JSONTime)(nil)
-
-// UnmarshalJSON implements the json.Marshaler interface for *JSONTime.
-func (t *JSONTime) UnmarshalJSON(b []byte) (err error) {
-	if t == nil {
-		return fmt.Errorf("json time is nil")
-	}
-
-	msec, err := strconv.ParseFloat(string(b), 64)
-	if err != nil {
-		return fmt.Errorf("parsing json time: %w", err)
-	}
-
-	*t = JSONTime(time.Unix(0, int64(msec*nsecPerMsec)).UTC())
-
-	return nil
-}
-
-// writeJSONOKResponse writes headers with the code 200 OK, encodes v into w,
-// and logs any errors it encounters.  r is used to get additional information
-// from the request.
-func writeJSONOKResponse(w http.ResponseWriter, r *http.Request, v any) {
-	writeJSONResponse(w, r, v, http.StatusOK)
-}
-
-// writeJSONResponse writes headers with code, encodes v into w, and logs any
-// errors it encounters.  r is used to get additional information from the
-// request.
-func writeJSONResponse(w http.ResponseWriter, r *http.Request, v any, code int) {
-	// TODO(a.garipov): Put some of these to a middleware.
-	h := w.Header()
-	h.Set(httphdr.ContentType, aghhttp.HdrValApplicationJSON)
-	h.Set(httphdr.Server, aghhttp.UserAgent())
-
-	w.WriteHeader(code)
-
-	err := json.NewEncoder(w).Encode(v)
-	if err != nil {
-		log.Error("websvc: writing resp to %s %s: %s", r.Method, r.URL.Path, err)
-	}
-}
-
-// ErrorCode is the error code as used by the HTTP API.  See the ErrorCode
-// definition in the OpenAPI specification.
-type ErrorCode string
-
-// ErrorCode constants.
-//
-// TODO(a.garipov): Expand and document codes.
-const (
-	// ErrorCodeTMP000 is the temporary error code used for all errors.
-	ErrorCodeTMP000 = ""
-)
-
-// HTTPAPIErrorResp is the error response as used by the HTTP API.  See the
-// BadRequestResp, InternalServerErrorResp, and similar objects in the OpenAPI
-// specification.
-type HTTPAPIErrorResp struct {
-	Code ErrorCode `json:"code"`
-	Msg  string    `json:"msg"`
-}
-
-// writeJSONErrorResponse encodes err as a JSON error into w, and logs any
-// errors it encounters.  r is used to get additional information from the
-// request.
-func writeJSONErrorResponse(w http.ResponseWriter, r *http.Request, err error) {
-	log.Error("websvc: %s %s: %s", r.Method, r.URL.Path, err)
-
-	writeJSONResponse(w, r, &HTTPAPIErrorResp{
-		Code: ErrorCodeTMP000,
-		Msg:  err.Error(),
-	}, http.StatusUnprocessableEntity)
-}

internal/next/websvc/json_test.go

@@ -1,114 +0,0 @@
-package websvc_test
-
-import (
-	"encoding/json"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/AdguardTeam/golibs/testutil"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-// testJSONTime is the JSON time for tests.
-var testJSONTime = websvc.JSONTime(time.Unix(1_234_567_890, 123_456_000).UTC())
-
-// testJSONTimeStr is the string with the JSON encoding of testJSONTime.
-const testJSONTimeStr = "1234567890123.456"
-
-func TestJSONTime_MarshalJSON(t *testing.T) {
-	testCases := []struct {
-		name       string
-		wantErrMsg string
-		in         websvc.JSONTime
-		want       []byte
-	}{{
-		name:       "unix_zero",
-		wantErrMsg: "",
-		in:         websvc.JSONTime(time.Unix(0, 0)),
-		want:       []byte("0"),
-	}, {
-		name:       "empty",
-		wantErrMsg: "",
-		in:         websvc.JSONTime{},
-		want:       []byte("-6795364578871.345"),
-	}, {
-		name:       "time",
-		wantErrMsg: "",
-		in:         testJSONTime,
-		want:       []byte(testJSONTimeStr),
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			got, err := tc.in.MarshalJSON()
-			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
-
-			assert.Equal(t, tc.want, got)
-		})
-	}
-
-	t.Run("json", func(t *testing.T) {
-		in := &struct {
-			A websvc.JSONTime
-		}{
-			A: testJSONTime,
-		}
-
-		got, err := json.Marshal(in)
-		require.NoError(t, err)
-
-		assert.Equal(t, []byte(`{"A":`+testJSONTimeStr+`}`), got)
-	})
-}
-
-func TestJSONTime_UnmarshalJSON(t *testing.T) {
-	testCases := []struct {
-		name       string
-		wantErrMsg string
-		want       websvc.JSONTime
-		data       []byte
-	}{{
-		name:       "time",
-		wantErrMsg: "",
-		want:       testJSONTime,
-		data:       []byte(testJSONTimeStr),
-	}, {
-		name: "bad",
-		wantErrMsg: `parsing json time: strconv.ParseFloat: parsing "{}": ` +
-			`invalid syntax`,
-		want: websvc.JSONTime{},
-		data: []byte(`{}`),
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			var got websvc.JSONTime
-			err := got.UnmarshalJSON(tc.data)
-			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
-
-			assert.Equal(t, tc.want, got)
-		})
-	}
-
-	t.Run("nil", func(t *testing.T) {
-		err := (*websvc.JSONTime)(nil).UnmarshalJSON([]byte("0"))
-		require.Error(t, err)
-
-		msg := err.Error()
-		assert.Equal(t, "json time is nil", msg)
-	})
-
-	t.Run("json", func(t *testing.T) {
-		want := testJSONTime
-		var got struct {
-			A websvc.JSONTime
-		}
-
-		err := json.Unmarshal([]byte(`{"A":`+testJSONTimeStr+`}`), &got)
-		require.NoError(t, err)
-
-		assert.Equal(t, want, got.A)
-	})
-}

internal/next/websvc/middleware.go

@@ -1,38 +0,0 @@
-package websvc
-
-import (
-	"net/http"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
-	"github.com/AdguardTeam/golibs/httphdr"
-	"github.com/AdguardTeam/golibs/log"
-)
-
-// Middlewares
-
-// jsonMw sets the content type of the response to application/json.
-func jsonMw(h http.Handler) (wrapped http.HandlerFunc) {
-	f := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set(httphdr.ContentType, aghhttp.HdrValApplicationJSON)
-
-		h.ServeHTTP(w, r)
-	}
-
-	return http.HandlerFunc(f)
-}
-
-// logMw logs the queries with level debug.
-func logMw(h http.Handler) (wrapped http.HandlerFunc) {
-	f := func(w http.ResponseWriter, r *http.Request) {
-		start := time.Now()
-		m, u := r.Method, r.RequestURI
-
-		log.Debug("websvc: %s %s started", m, u)
-		defer func() { log.Debug("websvc: %s %s finished in %s", m, u, time.Since(start)) }()
-
-		h.ServeHTTP(w, r)
-	}
-
-	return http.HandlerFunc(f)
-}

internal/next/websvc/path.go

@@ -1,14 +0,0 @@
-package websvc
-
-// Path constants
-const (
-	PathRoot     = "/"
-	PathFrontend = "/*filepath"
-
-	PathHealthCheck = "/health-check"
-
-	PathV1SettingsAll  = "/api/v1/settings/all"
-	PathV1SettingsDNS  = "/api/v1/settings/dns"
-	PathV1SettingsHTTP = "/api/v1/settings/http"
-	PathV1SystemInfo   = "/api/v1/system/info"
-)

internal/next/websvc/settings.go

@@ -1,45 +0,0 @@
-package websvc
-
-import (
-	"net/http"
-)
-
-// All Settings Handlers
-
-// RespGetV1SettingsAll describes the response of the GET /api/v1/settings/all
-// HTTP API.
-type RespGetV1SettingsAll struct {
-	// TODO(a.garipov): Add more as we go.
-
-	DNS  *HTTPAPIDNSSettings  `json:"dns"`
-	HTTP *HTTPAPIHTTPSettings `json:"http"`
-}
-
-// handleGetSettingsAll is the handler for the GET /api/v1/settings/all HTTP
-// API.
-func (svc *Service) handleGetSettingsAll(w http.ResponseWriter, r *http.Request) {
-	dnsSvc := svc.confMgr.DNS()
-	dnsConf := dnsSvc.Config()
-
-	webSvc := svc.confMgr.Web()
-	httpConf := webSvc.Config()
-
-	// TODO(a.garipov): Add all currently supported parameters.
-	writeJSONOKResponse(w, r, &RespGetV1SettingsAll{
-		DNS: &HTTPAPIDNSSettings{
-			Addresses:           dnsConf.Addresses,
-			BootstrapServers:    dnsConf.BootstrapServers,
-			UpstreamServers:     dnsConf.UpstreamServers,
-			DNS64Prefixes:       dnsConf.DNS64Prefixes,
-			UpstreamTimeout:     JSONDuration(dnsConf.UpstreamTimeout),
-			BootstrapPreferIPv6: dnsConf.BootstrapPreferIPv6,
-			UseDNS64:            dnsConf.UseDNS64,
-		},
-		HTTP: &HTTPAPIHTTPSettings{
-			Addresses:       httpConf.Addresses,
-			SecureAddresses: httpConf.SecureAddresses,
-			Timeout:         JSONDuration(httpConf.Timeout),
-			ForceHTTPS:      httpConf.ForceHTTPS,
-		},
-	})
-}

internal/next/websvc/settings_test.go

@@ -1,80 +0,0 @@
-package websvc_test
-
-import (
-	"crypto/tls"
-	"encoding/json"
-	"net/http"
-	"net/netip"
-	"net/url"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestService_HandleGetSettingsAll(t *testing.T) {
-	// TODO(a.garipov): Add all currently supported parameters.
-
-	wantDNS := &websvc.HTTPAPIDNSSettings{
-		Addresses:           []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:53")},
-		BootstrapServers:    []string{"94.140.14.140", "94.140.14.141"},
-		UpstreamServers:     []string{"94.140.14.14", "1.1.1.1"},
-		UpstreamTimeout:     websvc.JSONDuration(1 * time.Second),
-		BootstrapPreferIPv6: true,
-	}
-
-	wantWeb := &websvc.HTTPAPIHTTPSettings{
-		Addresses:       []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:80")},
-		SecureAddresses: []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:443")},
-		Timeout:         websvc.JSONDuration(5 * time.Second),
-		ForceHTTPS:      true,
-	}
-
-	confMgr := newConfigManager()
-	confMgr.onDNS = func() (s agh.ServiceWithConfig[*dnssvc.Config]) {
-		c, err := dnssvc.New(&dnssvc.Config{
-			Addresses:           wantDNS.Addresses,
-			UpstreamServers:     wantDNS.UpstreamServers,
-			BootstrapServers:    wantDNS.BootstrapServers,
-			UpstreamTimeout:     time.Duration(wantDNS.UpstreamTimeout),
-			BootstrapPreferIPv6: true,
-		})
-		require.NoError(t, err)
-
-		return c
-	}
-
-	svc, err := websvc.New(&websvc.Config{
-		TLS: &tls.Config{
-			Certificates: []tls.Certificate{{}},
-		},
-		Addresses:       wantWeb.Addresses,
-		SecureAddresses: wantWeb.SecureAddresses,
-		Timeout:         time.Duration(wantWeb.Timeout),
-		ForceHTTPS:      true,
-	})
-	require.NoError(t, err)
-
-	confMgr.onWeb = func() (s agh.ServiceWithConfig[*websvc.Config]) {
-		return svc
-	}
-
-	_, addr := newTestServer(t, confMgr)
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addr.String(),
-		Path:   websvc.PathV1SettingsAll,
-	}
-
-	body := httpGet(t, u, http.StatusOK)
-	resp := &websvc.RespGetV1SettingsAll{}
-	err = json.Unmarshal(body, resp)
-	require.NoError(t, err)
-
-	assert.Equal(t, wantDNS, resp.DNS)
-	assert.Equal(t, wantWeb, resp.HTTP)
-}

internal/next/websvc/system.go

@@ -1,35 +0,0 @@
-package websvc
-
-import (
-	"net/http"
-	"runtime"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/version"
-)
-
-// System Handlers
-
-// RespGetV1SystemInfo describes the response of the GET /api/v1/system/info
-// HTTP API.
-type RespGetV1SystemInfo struct {
-	Arch       string   `json:"arch"`
-	Channel    string   `json:"channel"`
-	OS         string   `json:"os"`
-	NewVersion string   `json:"new_version,omitempty"`
-	Start      JSONTime `json:"start"`
-	Version    string   `json:"version"`
-}
-
-// handleGetV1SystemInfo is the handler for the GET /api/v1/system/info HTTP
-// API.
-func (svc *Service) handleGetV1SystemInfo(w http.ResponseWriter, r *http.Request) {
-	writeJSONOKResponse(w, r, &RespGetV1SystemInfo{
-		Arch:    runtime.GOARCH,
-		Channel: version.Channel(),
-		OS:      runtime.GOOS,
-		// TODO(a.garipov): Fill this when we have an updater.
-		NewVersion: "",
-		Start:      JSONTime(svc.start),
-		Version:    version.Version(),
-	})
-}

internal/next/websvc/system_test.go

@@ -1,37 +0,0 @@
-package websvc_test
-
-import (
-	"encoding/json"
-	"net/http"
-	"net/url"
-	"runtime"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestService_handleGetV1SystemInfo(t *testing.T) {
-	confMgr := newConfigManager()
-	_, addr := newTestServer(t, confMgr)
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addr.String(),
-		Path:   websvc.PathV1SystemInfo,
-	}
-
-	body := httpGet(t, u, http.StatusOK)
-	resp := &websvc.RespGetV1SystemInfo{}
-	err := json.Unmarshal(body, resp)
-	require.NoError(t, err)
-
-	// TODO(a.garipov): Consider making version.Channel and version.Version
-	// testable and test these better.
-	assert.NotEmpty(t, resp.Channel)
-
-	assert.Equal(t, resp.Arch, runtime.GOARCH)
-	assert.Equal(t, resp.OS, runtime.GOOS)
-	assert.Equal(t, testStart, time.Time(resp.Start))
-}

internal/next/websvc/waitlistener.go

@@ -1,31 +0,0 @@
-package websvc
-
-import (
-	"net"
-	"sync"
-)
-
-// Wait Listener
-
-// waitListener is a wrapper around a listener that also calls wg.Done() on the
-// first call to Accept.  It is useful in situations where it is important to
-// catch the precise moment of the first call to Accept, for example when
-// starting an HTTP server.
-//
-// TODO(a.garipov): Move to aghnet?
-type waitListener struct {
-	net.Listener
-
-	firstAcceptWG   *sync.WaitGroup
-	firstAcceptOnce sync.Once
-}
-
-// type check
-var _ net.Listener = (*waitListener)(nil)
-
-// Accept implements the [net.Listener] interface for *waitListener.
-func (l *waitListener) Accept() (conn net.Conn, err error) {
-	l.firstAcceptOnce.Do(l.firstAcceptWG.Done)
-
-	return l.Listener.Accept()
-}

internal/next/websvc/waitlistener_internal_test.go

@@ -1,40 +0,0 @@
-package websvc
-
-import (
-	"net"
-	"sync"
-	"sync/atomic"
-	"testing"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestWaitListener_Accept(t *testing.T) {
-	var accepted atomic.Bool
-	var l net.Listener = &aghtest.Listener{
-		OnAccept: func() (conn net.Conn, err error) {
-			accepted.Store(true)
-
-			return nil, nil
-		},
-		OnAddr:  func() (addr net.Addr) { panic("not implemented") },
-		OnClose: func() (err error) { panic("not implemented") },
-	}
-
-	wg := &sync.WaitGroup{}
-	wg.Add(1)
-
-	go func() {
-		var wrapper net.Listener = &waitListener{
-			Listener:      l,
-			firstAcceptWG: wg,
-		}
-
-		_, _ = wrapper.Accept()
-	}()
-
-	wg.Wait()
-
-	assert.Eventually(t, accepted.Load, testTimeout, testTimeout/10)
-}

internal/next/websvc/websvc.go

@@ -1,344 +0,0 @@
-// Package websvc contains the AdGuard Home HTTP API service.
-//
-// NOTE: Packages other than cmd must not import this package, as it imports
-// most other packages.
-//
-// TODO(a.garipov): Add tests.
-package websvc
-
-import (
-	"context"
-	"crypto/tls"
-	"fmt"
-	"io"
-	"io/fs"
-	"net"
-	"net/http"
-	"net/netip"
-	"sync"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/log"
-	httptreemux "github.com/dimfeld/httptreemux/v5"
-)
-
-// ConfigManager is the configuration manager interface.
-type ConfigManager interface {
-	DNS() (svc agh.ServiceWithConfig[*dnssvc.Config])
-	Web() (svc agh.ServiceWithConfig[*Config])
-
-	UpdateDNS(ctx context.Context, c *dnssvc.Config) (err error)
-	UpdateWeb(ctx context.Context, c *Config) (err error)
-}
-
-// Config is the AdGuard Home web service configuration structure.
-type Config struct {
-	// ConfigManager is used to show information about services as well as
-	// dynamically reconfigure them.
-	ConfigManager ConfigManager
-
-	// Frontend is the filesystem with the frontend and other statically
-	// compiled files.
-	Frontend fs.FS
-
-	// TLS is the optional TLS configuration.  If TLS is not nil,
-	// SecureAddresses must not be empty.
-	TLS *tls.Config
-
-	// Start is the time of start of AdGuard Home.
-	Start time.Time
-
-	// OverrideAddress is the initial or override address for the HTTP API.  If
-	// set, it is used instead of [Addresses] and [SecureAddresses].
-	OverrideAddress netip.AddrPort
-
-	// Addresses are the addresses on which to serve the plain HTTP API.
-	Addresses []netip.AddrPort
-
-	// SecureAddresses are the addresses on which to serve the HTTPS API.  If
-	// SecureAddresses is not empty, TLS must not be nil.
-	SecureAddresses []netip.AddrPort
-
-	// Timeout is the timeout for all server operations.
-	Timeout time.Duration
-
-	// ForceHTTPS tells if all requests to Addresses should be redirected to a
-	// secure address instead.
-	//
-	// TODO(a.garipov): Use; define rules, which address to redirect to.
-	ForceHTTPS bool
-}
-
-// Service is the AdGuard Home web service.  A nil *Service is a valid
-// [agh.Service] that does nothing.
-type Service struct {
-	confMgr      ConfigManager
-	frontend     fs.FS
-	tls          *tls.Config
-	start        time.Time
-	overrideAddr netip.AddrPort
-	servers      []*http.Server
-	timeout      time.Duration
-	forceHTTPS   bool
-}
-
-// New returns a new properly initialized *Service.  If c is nil, svc is a nil
-// *Service that does nothing.  The fields of c must not be modified after
-// calling New.
-//
-// TODO(a.garipov): Get rid of this special handling of nil or explain it
-// better.
-func New(c *Config) (svc *Service, err error) {
-	if c == nil {
-		return nil, nil
-	}
-
-	svc = &Service{
-		confMgr:      c.ConfigManager,
-		frontend:     c.Frontend,
-		tls:          c.TLS,
-		start:        c.Start,
-		overrideAddr: c.OverrideAddress,
-		timeout:      c.Timeout,
-		forceHTTPS:   c.ForceHTTPS,
-	}
-
-	mux := newMux(svc)
-
-	if svc.overrideAddr != (netip.AddrPort{}) {
-		svc.servers = []*http.Server{newSrv(svc.overrideAddr, nil, mux, c.Timeout)}
-	} else {
-		for _, a := range c.Addresses {
-			svc.servers = append(svc.servers, newSrv(a, nil, mux, c.Timeout))
-		}
-
-		for _, a := range c.SecureAddresses {
-			svc.servers = append(svc.servers, newSrv(a, c.TLS, mux, c.Timeout))
-		}
-	}
-
-	return svc, nil
-}
-
-// newSrv returns a new *http.Server with the given parameters.
-func newSrv(
-	addr netip.AddrPort,
-	tlsConf *tls.Config,
-	h http.Handler,
-	timeout time.Duration,
-) (srv *http.Server) {
-	addrStr := addr.String()
-	srv = &http.Server{
-		Addr:              addrStr,
-		Handler:           h,
-		TLSConfig:         tlsConf,
-		ReadTimeout:       timeout,
-		WriteTimeout:      timeout,
-		IdleTimeout:       timeout,
-		ReadHeaderTimeout: timeout,
-	}
-
-	if tlsConf == nil {
-		srv.ErrorLog = log.StdLog("websvc: plain http: "+addrStr, log.ERROR)
-	} else {
-		srv.ErrorLog = log.StdLog("websvc: https: "+addrStr, log.ERROR)
-	}
-
-	return srv
-}
-
-// newMux returns a new HTTP request multiplexer for the AdGuard Home web
-// service.
-func newMux(svc *Service) (mux *httptreemux.ContextMux) {
-	mux = httptreemux.NewContextMux()
-
-	routes := []struct {
-		handler http.HandlerFunc
-		method  string
-		pattern string
-		isJSON  bool
-	}{{
-		handler: svc.handleGetHealthCheck,
-		method:  http.MethodGet,
-		pattern: PathHealthCheck,
-		isJSON:  false,
-	}, {
-		handler: http.FileServer(http.FS(svc.frontend)).ServeHTTP,
-		method:  http.MethodGet,
-		pattern: PathFrontend,
-		isJSON:  false,
-	}, {
-		handler: http.FileServer(http.FS(svc.frontend)).ServeHTTP,
-		method:  http.MethodGet,
-		pattern: PathRoot,
-		isJSON:  false,
-	}, {
-		handler: svc.handleGetSettingsAll,
-		method:  http.MethodGet,
-		pattern: PathV1SettingsAll,
-		isJSON:  true,
-	}, {
-		handler: svc.handlePatchSettingsDNS,
-		method:  http.MethodPatch,
-		pattern: PathV1SettingsDNS,
-		isJSON:  true,
-	}, {
-		handler: svc.handlePatchSettingsHTTP,
-		method:  http.MethodPatch,
-		pattern: PathV1SettingsHTTP,
-		isJSON:  true,
-	}, {
-		handler: svc.handleGetV1SystemInfo,
-		method:  http.MethodGet,
-		pattern: PathV1SystemInfo,
-		isJSON:  true,
-	}}
-
-	for _, r := range routes {
-		var hdlr http.Handler
-		if r.isJSON {
-			hdlr = jsonMw(r.handler)
-		} else {
-			hdlr = r.handler
-		}
-
-		mux.Handle(r.method, r.pattern, logMw(hdlr))
-	}
-
-	return mux
-}
-
-// addrs returns all addresses on which this server serves the HTTP API.  addrs
-// must not be called simultaneously with Start.  If svc was initialized with
-// ":0" addresses, addrs will not return the actual bound ports until Start is
-// finished.
-func (svc *Service) addrs() (addrs, secureAddrs []netip.AddrPort) {
-	if svc.overrideAddr != (netip.AddrPort{}) {
-		return []netip.AddrPort{svc.overrideAddr}, nil
-	}
-
-	for _, srv := range svc.servers {
-		// Use MustParseAddrPort, since no errors should technically happen
-		// here, because all servers must have a valid address.
-		addrPort := netip.MustParseAddrPort(srv.Addr)
-
-		// [srv.Serve] will set TLSConfig to an almost empty value, so, instead
-		// of relying only on the nilness of TLSConfig, check the length of the
-		// certificates field as well.
-		if srv.TLSConfig == nil || len(srv.TLSConfig.Certificates) == 0 {
-			addrs = append(addrs, addrPort)
-		} else {
-			secureAddrs = append(secureAddrs, addrPort)
-		}
-	}
-
-	return addrs, secureAddrs
-}
-
-// handleGetHealthCheck is the handler for the GET /health-check HTTP API.
-func (svc *Service) handleGetHealthCheck(w http.ResponseWriter, _ *http.Request) {
-	_, _ = io.WriteString(w, "OK")
-}
-
-// type check
-var _ agh.Service = (*Service)(nil)
-
-// Start implements the [agh.Service] interface for *Service.  svc may be nil.
-// After Start exits, all HTTP servers have tried to start, possibly failing and
-// writing error messages to the log.
-func (svc *Service) Start() (err error) {
-	if svc == nil {
-		return nil
-	}
-
-	wg := &sync.WaitGroup{}
-	wg.Add(len(svc.servers))
-	for _, srv := range svc.servers {
-		go serve(srv, wg)
-	}
-
-	wg.Wait()
-
-	return nil
-}
-
-// serve starts and runs srv and writes all errors into its log.
-func serve(srv *http.Server, wg *sync.WaitGroup) {
-	addr := srv.Addr
-	defer log.OnPanic(addr)
-
-	var proto string
-	var l net.Listener
-	var err error
-	if srv.TLSConfig == nil {
-		proto = "http"
-		l, err = net.Listen("tcp", addr)
-	} else {
-		proto = "https"
-		l, err = tls.Listen("tcp", addr, srv.TLSConfig)
-	}
-	if err != nil {
-		srv.ErrorLog.Printf("starting srv %s: binding: %s", addr, err)
-	}
-
-	// Update the server's address in case the address had the port zero, which
-	// would mean that a random available port was automatically chosen.
-	srv.Addr = l.Addr().String()
-
-	log.Info("websvc: starting srv %s://%s", proto, srv.Addr)
-
-	l = &waitListener{
-		Listener:      l,
-		firstAcceptWG: wg,
-	}
-
-	err = srv.Serve(l)
-	if err != nil && !errors.Is(err, http.ErrServerClosed) {
-		srv.ErrorLog.Printf("starting srv %s: %s", addr, err)
-	}
-}
-
-// Shutdown implements the [agh.Service] interface for *Service.  svc may be
-// nil.
-func (svc *Service) Shutdown(ctx context.Context) (err error) {
-	if svc == nil {
-		return nil
-	}
-
-	var errs []error
-	for _, srv := range svc.servers {
-		serr := srv.Shutdown(ctx)
-		if serr != nil {
-			errs = append(errs, fmt.Errorf("shutting down srv %s: %w", srv.Addr, serr))
-		}
-	}
-
-	if len(errs) > 0 {
-		return errors.List("shutting down", errs...)
-	}
-
-	return nil
-}
-
-// Config returns the current configuration of the web service.  Config must not
-// be called simultaneously with Start.  If svc was initialized with ":0"
-// addresses, addrs will not return the actual bound ports until Start is
-// finished.
-func (svc *Service) Config() (c *Config) {
-	c = &Config{
-		ConfigManager: svc.confMgr,
-		TLS:           svc.tls,
-		// Leave Addresses and SecureAddresses empty and get the actual
-		// addresses that include the :0 ones later.
-		Start:      svc.start,
-		Timeout:    svc.timeout,
-		ForceHTTPS: svc.forceHTTPS,
-	}
-
-	c.Addresses, c.SecureAddresses = svc.addrs()
-
-	return c
-}

internal/next/websvc/websvc_internal_test.go

@@ -1,6 +0,0 @@
-package websvc
-
-import "time"
-
-// testTimeout is the common timeout for tests.
-const testTimeout = 1 * time.Second

internal/next/websvc/websvc_test.go

@@ -1,193 +0,0 @@
-package websvc_test
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"io"
-	"io/fs"
-	"net/http"
-	"net/netip"
-	"net/url"
-	"testing"
-	"time"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/agh"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/dnssvc"
-	"github.com/AdguardTeam/AdGuardHome/internal/next/websvc"
-	"github.com/AdguardTeam/golibs/testutil"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestMain(m *testing.M) {
-	testutil.DiscardLogOutput(m)
-}
-
-// testTimeout is the common timeout for tests.
-const testTimeout = 1 * time.Second
-
-// testStart is the server start value for tests.
-var testStart = time.Date(2022, 1, 1, 0, 0, 0, 0, time.UTC)
-
-// type check
-var _ websvc.ConfigManager = (*configManager)(nil)
-
-// configManager is a [websvc.ConfigManager] for tests.
-type configManager struct {
-	onDNS func() (svc agh.ServiceWithConfig[*dnssvc.Config])
-	onWeb func() (svc agh.ServiceWithConfig[*websvc.Config])
-
-	onUpdateDNS func(ctx context.Context, c *dnssvc.Config) (err error)
-	onUpdateWeb func(ctx context.Context, c *websvc.Config) (err error)
-}
-
-// DNS implements the [websvc.ConfigManager] interface for *configManager.
-func (m *configManager) DNS() (svc agh.ServiceWithConfig[*dnssvc.Config]) {
-	return m.onDNS()
-}
-
-// Web implements the [websvc.ConfigManager] interface for *configManager.
-func (m *configManager) Web() (svc agh.ServiceWithConfig[*websvc.Config]) {
-	return m.onWeb()
-}
-
-// UpdateDNS implements the [websvc.ConfigManager] interface for *configManager.
-func (m *configManager) UpdateDNS(ctx context.Context, c *dnssvc.Config) (err error) {
-	return m.onUpdateDNS(ctx, c)
-}
-
-// UpdateWeb implements the [websvc.ConfigManager] interface for *configManager.
-func (m *configManager) UpdateWeb(ctx context.Context, c *websvc.Config) (err error) {
-	return m.onUpdateWeb(ctx, c)
-}
-
-// newConfigManager returns a *configManager all methods of which panic.
-func newConfigManager() (m *configManager) {
-	return &configManager{
-		onDNS: func() (svc agh.ServiceWithConfig[*dnssvc.Config]) { panic("not implemented") },
-		onWeb: func() (svc agh.ServiceWithConfig[*websvc.Config]) { panic("not implemented") },
-		onUpdateDNS: func(_ context.Context, _ *dnssvc.Config) (err error) {
-			panic("not implemented")
-		},
-		onUpdateWeb: func(_ context.Context, _ *websvc.Config) (err error) {
-			panic("not implemented")
-		},
-	}
-}
-
-// newTestServer creates and starts a new web service instance as well as its
-// sole address.  It also registers a cleanup procedure, which shuts the
-// instance down.
-//
-// TODO(a.garipov): Use svc or remove it.
-func newTestServer(
-	t testing.TB,
-	confMgr websvc.ConfigManager,
-) (svc *websvc.Service, addr netip.AddrPort) {
-	t.Helper()
-
-	c := &websvc.Config{
-		ConfigManager: confMgr,
-		Frontend: &aghtest.FS{
-			OnOpen: func(_ string) (_ fs.File, _ error) { return nil, fs.ErrNotExist },
-		},
-		TLS:             nil,
-		Addresses:       []netip.AddrPort{netip.MustParseAddrPort("127.0.0.1:0")},
-		SecureAddresses: nil,
-		Timeout:         testTimeout,
-		Start:           testStart,
-		ForceHTTPS:      false,
-	}
-
-	svc, err := websvc.New(c)
-	require.NoError(t, err)
-
-	err = svc.Start()
-	require.NoError(t, err)
-	t.Cleanup(func() {
-		ctx, cancel := context.WithTimeout(context.Background(), testTimeout)
-		t.Cleanup(cancel)
-
-		err = svc.Shutdown(ctx)
-		require.NoError(t, err)
-	})
-
-	c = svc.Config()
-	require.NotNil(t, c)
-	require.Len(t, c.Addresses, 1)
-
-	return svc, c.Addresses[0]
-}
-
-// jobj is a utility alias for JSON objects.
-type jobj map[string]any
-
-// httpGet is a helper that performs an HTTP GET request and returns the body of
-// the response as well as checks that the status code is correct.
-//
-// TODO(a.garipov): Add helpers for other methods.
-func httpGet(t testing.TB, u *url.URL, wantCode int) (body []byte) {
-	t.Helper()
-
-	req, err := http.NewRequest(http.MethodGet, u.String(), nil)
-	require.NoErrorf(t, err, "creating req")
-
-	httpCli := &http.Client{
-		Timeout: testTimeout,
-	}
-	resp, err := httpCli.Do(req)
-	require.NoErrorf(t, err, "performing req")
-	require.Equal(t, wantCode, resp.StatusCode)
-
-	testutil.CleanupAndRequireSuccess(t, resp.Body.Close)
-
-	body, err = io.ReadAll(resp.Body)
-	require.NoErrorf(t, err, "reading body")
-
-	return body
-}
-
-// httpPatch is a helper that performs an HTTP PATCH request with JSON-encoded
-// reqBody as the request body and returns the body of the response as well as
-// checks that the status code is correct.
-//
-// TODO(a.garipov): Add helpers for other methods.
-func httpPatch(t testing.TB, u *url.URL, reqBody any, wantCode int) (body []byte) {
-	t.Helper()
-
-	b, err := json.Marshal(reqBody)
-	require.NoErrorf(t, err, "marshaling reqBody")
-
-	req, err := http.NewRequest(http.MethodPatch, u.String(), bytes.NewReader(b))
-	require.NoErrorf(t, err, "creating req")
-
-	httpCli := &http.Client{
-		Timeout: testTimeout,
-	}
-	resp, err := httpCli.Do(req)
-	require.NoErrorf(t, err, "performing req")
-	require.Equal(t, wantCode, resp.StatusCode)
-
-	testutil.CleanupAndRequireSuccess(t, resp.Body.Close)
-
-	body, err = io.ReadAll(resp.Body)
-	require.NoErrorf(t, err, "reading body")
-
-	return body
-}
-
-func TestService_Start_getHealthCheck(t *testing.T) {
-	confMgr := newConfigManager()
-	_, addr := newTestServer(t, confMgr)
-	u := &url.URL{
-		Scheme: "http",
-		Host:   addr.String(),
-		Path:   websvc.PathHealthCheck,
-	}
-
-	body := httpGet(t, u, http.StatusOK)
-
-	assert.Equal(t, []byte("OK"), body)
-}

internal/querylog/qlog.go

@@ -4,7 +4,6 @@ package querylog
 import (
 	"fmt"
 	"os"
-	"strings"
 	"sync"
 	"time"
 
@@ -161,10 +160,7 @@ func (l *queryLog) clear() {
 // newLogEntry creates an instance of logEntry from parameters.
 func newLogEntry(params *AddParams) (entry *logEntry) {
 	q := params.Question.Question[0]
-	qHost := q.Name
-	if qHost != "." {
-		qHost = strings.ToLower(q.Name[:len(q.Name)-1])
-	}
+	qHost := aghnet.NormalizeDomain(q.Name)
 
 	entry = &logEntry{
 		// TODO(d.kolyshev): Export this timestamp to func params.

internal/rdns/rdns.go

@@ -0,0 +1,132 @@
+// Package rdns processes reverse DNS lookup queries.
+package rdns
+
+import (
+	"net/netip"
+	"time"
+
+	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/log"
+	"github.com/bluele/gcache"
+)
+
+// Interface processes rDNS queries.
+type Interface interface {
+	// Process makes rDNS request and returns domain name.  changed indicates
+	// that domain name was updated since last request.
+	Process(ip netip.Addr) (host string, changed bool)
+}
+
+// Empty is an empty [Inteface] implementation which does nothing.
+type Empty struct{}
+
+// type check
+var _ Interface = (*Empty)(nil)
+
+// Process implements the [Interface] interface for Empty.
+func (Empty) Process(_ netip.Addr) (host string, changed bool) {
+	return "", false
+}
+
+// Exchanger is a resolver for clients' addresses.
+type Exchanger interface {
+	// Exchange tries to resolve the ip in a suitable way, i.e. either as local
+	// or as external.
+	Exchange(ip netip.Addr) (host string, err error)
+}
+
+// Config is the configuration structure for Default.
+type Config struct {
+	// Exchanger resolves IP addresses to domain names.
+	Exchanger Exchanger
+
+	// CacheSize is the maximum size of the cache.  It must be greater than
+	// zero.
+	CacheSize int
+
+	// CacheTTL is the Time to Live duration for cached IP addresses.
+	CacheTTL time.Duration
+}
+
+// Default is the default rDNS query processor.
+type Default struct {
+	// cache is the cache containing IP addresses of clients.  An active IP
+	// address is resolved once again after it expires.  If IP address couldn't
+	// be resolved, it stays here for some time to prevent further attempts to
+	// resolve the same IP.
+	cache gcache.Cache
+
+	// exchanger resolves IP addresses to domain names.
+	exchanger Exchanger
+
+	// cacheTTL is the Time to Live duration for cached IP addresses.
+	cacheTTL time.Duration
+}
+
+// New returns a new default rDNS query processor.  conf must not be nil.
+func New(conf *Config) (r *Default) {
+	return &Default{
+		cache:     gcache.New(conf.CacheSize).LRU().Build(),
+		exchanger: conf.Exchanger,
+		cacheTTL:  conf.CacheTTL,
+	}
+}
+
+// type check
+var _ Interface = (*Default)(nil)
+
+// Process implements the [Interface] interface for Default.
+func (r *Default) Process(ip netip.Addr) (host string, changed bool) {
+	fromCache, expired := r.findInCache(ip)
+	if !expired {
+		return fromCache, false
+	}
+
+	host, err := r.exchanger.Exchange(ip)
+	if err != nil {
+		log.Debug("rdns: resolving %q: %s", ip, err)
+	}
+
+	item := &cacheItem{
+		expiry: time.Now().Add(r.cacheTTL),
+		host:   host,
+	}
+
+	err = r.cache.Set(ip, item)
+	if err != nil {
+		log.Debug("rdns: cache: adding item %q: %s", ip, err)
+	}
+
+	return host, fromCache == "" || host != fromCache
+}
+
+// findInCache finds domain name in the cache.  expired is true if host is not
+// valid anymore.
+func (r *Default) findInCache(ip netip.Addr) (host string, expired bool) {
+	val, err := r.cache.Get(ip)
+	if err != nil {
+		if !errors.Is(err, gcache.KeyNotFoundError) {
+			log.Debug("rdns: cache: retrieving %q: %s", ip, err)
+		}
+
+		return "", true
+	}
+
+	item, ok := val.(*cacheItem)
+	if !ok {
+		log.Debug("rdns: cache: %q bad type %T", ip, val)
+
+		return "", true
+	}
+
+	return item.host, time.Now().After(item.expiry)
+}
+
+// cacheItem represents an item that we will store in the cache.
+type cacheItem struct {
+	// expiry is the time when cacheItem will expire.
+	expiry time.Time
+
+	// host is the domain name of a runtime client.
+	host string
+}

internal/rdns/rdns_test.go

@@ -0,0 +1,105 @@
+package rdns_test
+
+import (
+	"net/netip"
+	"testing"
+	"time"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/rdns"
+	"github.com/AdguardTeam/golibs/netutil"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// fakeRDNSExchanger is a mock [rdns.Exchanger] implementation for tests.
+type fakeRDNSExchanger struct {
+	OnExchange func(ip netip.Addr) (host string, err error)
+}
+
+// type check
+var _ rdns.Exchanger = (*fakeRDNSExchanger)(nil)
+
+// Exchange implements [rdns.Exchanger] interface for *fakeRDNSExchanger.
+func (e *fakeRDNSExchanger) Exchange(ip netip.Addr) (host string, err error) {
+	return e.OnExchange(ip)
+}
+
+func TestDefault_Process(t *testing.T) {
+	ip1 := netip.MustParseAddr("1.2.3.4")
+	revAddr1, err := netutil.IPToReversedAddr(ip1.AsSlice())
+	require.NoError(t, err)
+
+	ip2 := netip.MustParseAddr("4.3.2.1")
+	revAddr2, err := netutil.IPToReversedAddr(ip2.AsSlice())
+	require.NoError(t, err)
+
+	localIP := netip.MustParseAddr("192.168.0.1")
+	localRevAddr1, err := netutil.IPToReversedAddr(localIP.AsSlice())
+	require.NoError(t, err)
+
+	config := &rdns.Config{
+		CacheSize: 100,
+		CacheTTL:  time.Hour,
+	}
+
+	testCases := []struct {
+		name string
+		addr netip.Addr
+		want string
+	}{{
+		name: "first",
+		addr: ip1,
+		want: revAddr1,
+	}, {
+		name: "second",
+		addr: ip2,
+		want: revAddr2,
+	}, {
+		name: "empty",
+		addr: netip.MustParseAddr("0.0.0.0"),
+		want: "",
+	}, {
+		name: "private",
+		addr: localIP,
+		want: localRevAddr1,
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			hit := 0
+			onExchange := func(ip netip.Addr) (host string, err error) {
+				hit++
+
+				switch ip {
+				case ip1:
+					return revAddr1, nil
+				case ip2:
+					return revAddr2, nil
+				case localIP:
+					return localRevAddr1, nil
+				default:
+					return "", nil
+				}
+			}
+			exchanger := &fakeRDNSExchanger{
+				OnExchange: onExchange,
+			}
+
+			config.Exchanger = exchanger
+			r := rdns.New(config)
+
+			got, changed := r.Process(tc.addr)
+			require.True(t, changed)
+
+			assert.Equal(t, tc.want, got)
+			assert.Equal(t, 1, hit)
+
+			// From cache.
+			got, changed = r.Process(tc.addr)
+			require.False(t, changed)
+
+			assert.Equal(t, tc.want, got)
+			assert.Equal(t, 1, hit)
+		})
+	}
+}

internal/stats/http_test.go

@@ -86,7 +86,7 @@ func TestHandleStatsConfig(t *testing.T) {
 			},
 		},
 		wantCode: http.StatusUnprocessableEntity,
-		wantErr:  "ignored: duplicate host name \"ignor.ed\" at index 1\n",
+		wantErr:  "ignored: duplicate hostname \"ignor.ed\" at index 1\n",
 	}, {
 		name: "ignored_empty",
 		body: getConfigResp{
@@ -97,7 +97,7 @@ func TestHandleStatsConfig(t *testing.T) {
 			},
 		},
 		wantCode: http.StatusUnprocessableEntity,
-		wantErr:  "ignored: host name is empty\n",
+		wantErr:  "ignored: at index 0: hostname is empty\n",
 	}, {
 		name: "enabled_is_null",
 		body: getConfigResp{

internal/tools/go.mod

@@ -10,9 +10,10 @@ require (
 	github.com/kyoh86/looppointer v0.2.1
 	github.com/securego/gosec/v2 v2.16.0
 	github.com/uudashr/gocognit v1.0.6
-	golang.org/x/tools v0.10.0
+	golang.org/x/tools v0.11.0
 	golang.org/x/vuln v0.2.0
-	honnef.co/go/tools v0.4.3
+	// TODO(a.garipov): Return to tagged releases once a new one appears.
+	honnef.co/go/tools v0.5.0-0.dev.0.20230709092525-bc759185c5ee
 	mvdan.cc/gofumpt v0.5.0
 	mvdan.cc/unparam v0.0.0-20230610194454-9ea02bef9868
 )
@@ -26,9 +27,9 @@ require (
 	github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/exp/typeparams v0.0.0-20230626212559-97b1e661b5df // indirect
-	golang.org/x/mod v0.11.0 // indirect
+	golang.org/x/exp/typeparams v0.0.0-20230711023510-fffb14384f22 // indirect
+	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.9.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

internal/tools/go.sum

@@ -52,21 +52,21 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
-golang.org/x/exp/typeparams v0.0.0-20230626212559-97b1e661b5df h1:jfUqBujZx2dktJVEmZpCkyngz7MWrVv1y9kLOqFNsqw=
-golang.org/x/exp/typeparams v0.0.0-20230626212559-97b1e661b5df/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
+golang.org/x/exp/typeparams v0.0.0-20230711023510-fffb14384f22 h1:e8iSCQYXZ4EB6q3kIfy2fgPFTvDbozqzRe4OuIOyrL4=
+golang.org/x/exp/typeparams v0.0.0-20230711023510-fffb14384f22/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
-golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU=
+golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -82,8 +82,8 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220702020025-31831981b65f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
-golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -96,8 +96,8 @@ golang.org/x/tools v0.0.0-20201007032633-0806396f153e/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4=
-golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg=
-golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM=
+golang.org/x/tools v0.11.0 h1:EMCa6U9S2LtZXLAMoWiR/R8dAQFRqbAitmbJ2UKhoi8=
+golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8=
 golang.org/x/vuln v0.2.0 h1:Dlz47lW0pvPHU7tnb10S8vbMn9GnV2B6eyT7Tem5XBI=
 golang.org/x/vuln v0.2.0/go.mod h1:V0eyhHwaAaHrt42J9bgrN6rd12f6GU4T0Lu0ex2wDg4=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -107,8 +107,8 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.4.3 h1:o/n5/K5gXqk8Gozvs2cnL0F2S1/g1vcGCAx2vETjITw=
-honnef.co/go/tools v0.4.3/go.mod h1:36ZgoUOrqOk1GxwHhyryEkq8FQWkUO2xGuSMhUCcdvA=
+honnef.co/go/tools v0.5.0-0.dev.0.20230709092525-bc759185c5ee h1:mpyvMqtlVZTwEv78QL3S2ZDTMHMO1fgNwr2kC7+K7oU=
+honnef.co/go/tools v0.5.0-0.dev.0.20230709092525-bc759185c5ee/go.mod h1:GUV+uIBCLpdf0/v6UhHHG/yzI/z6qPskBeQCjcNB96k=
 mvdan.cc/gofumpt v0.5.0 h1:0EQ+Z56k8tXjj/6TQD25BFNKQXpCvT0rnansIc7Ug5E=
 mvdan.cc/gofumpt v0.5.0/go.mod h1:HBeVDtMKRZpXyxFciAirzdKklDlGu8aAy1wEbH5Y9js=
 mvdan.cc/unparam v0.0.0-20230610194454-9ea02bef9868 h1:F4Q7pXcrU9UiU1fq0ZWqSOxKjNAteRuDr7JDk7uVLRQ=

main.go

@@ -1,5 +1,3 @@
-//go:build !next
-
 package main
 
 import (

main_next.go

@@ -1,20 +0,0 @@
-//go:build next
-
-package main
-
-import (
-	"embed"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/next/cmd"
-)
-
-// Embed the prebuilt client here since we strive to keep .go files inside the
-// internal directory and the embed package is unable to embed files located
-// outside of the same or underlying directory.
-
-//go:embed build
-var frontend embed.FS
-
-func main() {
-	cmd.Main(frontend)
-}

scripts/README.md

@@ -18,7 +18,7 @@ Run `make init` from the project root.
 
 
 
-##  `make/`: Makefile Scripts
+##  `make/`: Makefile scripts
 
 The release channels are: `development` (the default), `edge`, `beta`, and
 `release`.  If verbosity levels aren't documented here, there are only two: `0`,
@@ -26,7 +26,7 @@ don't print anything, and `1`, be verbose.
 
 
 
-   ###  `build-docker.sh`: Build A Multi-Architecture Docker Image
+   ###  `build-docker.sh`: Build a multi-architecture Docker image
 
 Required environment:
 
@@ -51,7 +51,7 @@ Optional environment:
 
 
 
-   ###  `build-release.sh`: Build A Release For All Platforms
+   ###  `build-release.sh`: Build a release for all platforms
 
 Required environment:
 
@@ -101,7 +101,22 @@ Required environment:
 
 
 
-   ###  `go-build.sh`: Build The Backend
+   ###  `go-bench.sh`: Run backend benchmarks
+
+Optional environment:
+
+ *  `GO`: set an alternative name for the Go compiler.
+
+ *  `TIMEOUT_FLAGS`: set timeout flags for tests.  The default value is
+    `--timeout=30s`.
+
+ *  `VERBOSE`: verbosity level.  `1` shows every command that is run and every
+    Go package that is processed.  `2` also shows subcommands and environment.
+    The default value is `0`, don't be verbose.
+
+
+
+   ###  `go-build.sh`: Build the backend
 
 Optional environment:
 
@@ -135,7 +150,7 @@ Required environment:
 
 
 
-   ###  `go-deps.sh`: Install Backend Dependencies
+   ###  `go-deps.sh`: Install backend dependencies
 
 Optional environment:
 
@@ -147,7 +162,25 @@ Optional environment:
 
 
 
-   ###  `go-lint.sh`: Run Backend Static Analyzers
+   ###  `go-fuzz.sh`: Run backend fuzz tests
+
+Optional environment:
+
+ *  `GO`: set an alternative name for the Go compiler.
+
+ *  `FUZZTIME_FLAGS`: set fuss flags for tests.  The default value is
+    `--fuzztime=20s`.
+
+ *  `TIMEOUT_FLAGS`: set timeout flags for tests.  The default value is
+    `--timeout=30s`.
+
+ *  `VERBOSE`: verbosity level.  `1` shows every command that is run and every
+    Go package that is processed.  `2` also shows subcommands and environment.
+    The default value is `0`, don't be verbose.
+
+
+
+   ###  `go-lint.sh`: Run backend static analyzers
 
 Don't forget to run `make go-tools` once first!
 
@@ -163,7 +196,7 @@ Optional environment:
 
 
 
-   ###  `go-test.sh`: Run Backend Tests
+   ###  `go-test.sh`: Run backend tests
 
 Optional environment:
 
@@ -173,7 +206,7 @@ Optional environment:
     `1`, use the race detector.
 
  *  `TIMEOUT_FLAGS`: set timeout flags for tests.  The default value is
-    `--timeout 30s`.
+    `--timeout=30s`.
 
  *  `VERBOSE`: verbosity level.  `1` shows every command that is run and every
     Go package that is processed.  `2` also shows subcommands.  The default
@@ -181,7 +214,7 @@ Optional environment:
 
 
 
-   ###  `go-tools.sh`: Install Backend Tooling
+   ###  `go-tools.sh`: Install backend tooling
 
 Installs the Go static analysis and other tools into `${PWD}/bin`.  Either add
 `${PWD}/bin` to your `$PATH` before all other entries, or use the commands

scripts/make/build-docker.sh

@@ -107,18 +107,6 @@ cp "${dist_dir}/AdGuardHome_linux_arm_7/AdGuardHome/AdGuardHome"\
 cp "${dist_dir}/AdGuardHome_linux_ppc64le/AdGuardHome/AdGuardHome"\
 	"${dist_docker}/AdGuardHome_linux_ppc64le_"
 
-# Copy the helper scripts.  See file docker/Dockerfile.
-dist_docker_scripts="${dist_docker}/scripts"
-readonly dist_docker_scripts
-
-mkdir -p "$dist_docker_scripts"
-cp "./docker/dns-bind.awk"\
-	"${dist_docker_scripts}/dns-bind.awk"
-cp "./docker/web-bind.awk"\
-	"${dist_docker_scripts}/web-bind.awk"
-cp "./docker/healthcheck.sh"\
-	"${dist_docker_scripts}/healthcheck.sh"
-
 # Don't use quotes with $docker_version_tag and $docker_channel_tag, because we
 # want word splitting and or an empty space if tags are empty.
 #

scripts/make/go-bench.sh

@@ -0,0 +1,55 @@
+#!/bin/sh
+
+verbose="${VERBOSE:-0}"
+readonly verbose
+
+# Verbosity levels:
+#   0 = Don't print anything except for errors.
+#   1 = Print commands, but not nested commands.
+#   2 = Print everything.
+if [ "$verbose" -gt '1' ]
+then
+	set -x
+	v_flags='-v=1'
+	x_flags='-x=1'
+elif [ "$verbose" -gt '0' ]
+then
+	set -x
+	v_flags='-v=1'
+	x_flags='-x=0'
+else
+	set +x
+	v_flags='-v=0'
+	x_flags='-x=0'
+fi
+readonly v_flags x_flags
+
+set -e -f -u
+
+if [ "${RACE:-1}" -eq '0' ]
+then
+	race_flags='--race=0'
+else
+	race_flags='--race=1'
+fi
+readonly race_flags
+
+go="${GO:-go}"
+
+count_flags='--count=1'
+shuffle_flags='--shuffle=on'
+timeout_flags="${TIMEOUT_FLAGS:---timeout=30s}"
+readonly go count_flags shuffle_flags timeout_flags
+
+"$go" test\
+	"$count_flags"\
+	"$shuffle_flags"\
+	"$race_flags"\
+	"$timeout_flags"\
+	"$x_flags"\
+	"$v_flags"\
+	--bench='.'\
+	--benchmem\
+	--benchtime=1s\
+	--run='^$'\
+	./...

scripts/make/go-build.sh

@@ -128,13 +128,7 @@ export CGO_ENABLED
 GO111MODULE='on'
 export GO111MODULE
 
-# Build the new binary if requested.
-if [ "${NEXTAPI:-0}" -eq '0' ]
-then
-	tags_flags='--tags='
-else
-	tags_flags='--tags=next'
-fi
+tags_flags='--tags='
 readonly tags_flags
 
 if [ "$verbose" -gt '0' ]

scripts/make/go-fuzz.sh

@@ -0,0 +1,58 @@
+#!/bin/sh
+
+verbose="${VERBOSE:-0}"
+readonly verbose
+
+# Verbosity levels:
+#   0 = Don't print anything except for errors.
+#   1 = Print commands, but not nested commands.
+#   2 = Print everything.
+if [ "$verbose" -gt '1' ]
+then
+	set -x
+	v_flags='-v=1'
+	x_flags='-x=1'
+elif [ "$verbose" -gt '0' ]
+then
+	set -x
+	v_flags='-v=1'
+	x_flags='-x=0'
+else
+	set +x
+	v_flags='-v=0'
+	x_flags='-x=0'
+fi
+readonly v_flags x_flags
+
+set -e -f -u
+
+if [ "${RACE:-1}" -eq '0' ]
+then
+	race_flags='--race=0'
+else
+	race_flags='--race=1'
+fi
+readonly race_flags
+
+go="${GO:-go}"
+
+count_flags='--count=1'
+shuffle_flags='--shuffle=on'
+timeout_flags="${TIMEOUT_FLAGS:---timeout=30s}"
+fuzztime_flags="${FUZZTIME_FLAGS:---fuzztime=20s}"
+
+readonly go count_flags shuffle_flags timeout_flags fuzztime_flags
+
+# TODO(a.garipov): File an issue about using --fuzz with multiple packages.
+"$go" test\
+	"$count_flags"\
+	"$shuffle_flags"\
+	"$race_flags"\
+	"$timeout_flags"\
+	"$x_flags"\
+	"$v_flags"\
+	"$fuzztime_flags"\
+	--fuzz='.'\
+	--run='^$'\
+	./internal/filtering/rulelist/\
+	;

scripts/make/go-lint.sh

@@ -35,7 +35,7 @@ set -f -u
 go_version="$( "${GO:-go}" version )"
 readonly go_version
 
-go_min_version='go1.19.10'
+go_min_version='go1.19.11'
 go_version_msg="
 warning: your go version (${go_version}) is different from the recommended minimal one (${go_min_version}).
 if you have the version installed, please set the GO environment variable.
@@ -176,7 +176,10 @@ run_linter gocognit --over 10\
 	./internal/aghchan/\
 	./internal/aghhttp/\
 	./internal/aghio/\
+	./internal/filtering/hashprefix/\
+	./internal/filtering/rulelist/\
 	./internal/next/\
+	./internal/rdns/\
 	./internal/tools/\
 	./internal/version/\
 	./internal/whois/\
@@ -210,6 +213,8 @@ run_linter gosec --quiet\
 	./internal/dhcpd\
 	./internal/dhcpsvc\
 	./internal/dnsforward\
+	./internal/filtering/hashprefix/\
+	./internal/filtering/rulelist/\
 	./internal/next\
 	./internal/schedule\
 	./internal/stats\
@@ -218,8 +223,7 @@ run_linter gosec --quiet\
 	./internal/whois\
 	;
 
-# TODO(a.garipov): Enable --blank?
-run_linter errcheck --asserts ./...
+run_linter errcheck ./...
 
 staticcheck_matrix='
 darwin:  GOOS=darwin