Merge branch 'master' into ADG-9565

Closes #7599.
Updates #7600.

* commit 'a4ea6c22335dff3a0f9cfba1ccf9db65a1e6db71':
  fix: time in `enable_protection_timer` translation

.github/workflows/build.yml

@@ -1,7 +1,7 @@
 'name': 'build'
 
 'env':
-  'GO_VERSION': '1.22.5'
+  'GO_VERSION': '1.23.5'
   'NODE_VERSION': '16'
 
 'on':
@@ -95,7 +95,7 @@
         'key': "${{ runner.os }}-node-${{ hashFiles('client/package-lock.json') }}"
         'restore-keys': '${{ runner.os }}-node-'
     - 'name': 'Set up Snapcraft'
-      'run': 'sudo apt-get -yq --no-install-suggests --no-install-recommends install snapcraft'
+      'run': 'sudo snap install snapcraft --classic'
     - 'name': 'Set up QEMU'
       'uses': 'docker/setup-qemu-action@v1'
     - 'name': 'Set up Docker Buildx'

.github/workflows/lint.yml

@@ -1,7 +1,7 @@
 'name': 'lint'
 
 'env':
-  'GO_VERSION': '1.22.5'
+  'GO_VERSION': '1.23.5'
 
 'on':
   'push':

.gitignore

@@ -1,3 +1,8 @@
+# This comment is used to simplify checking local copies of the file.  Bump
+# this number every time a significant change is made to this file.
+#
+# AdGuard-Project-Version: 1
+
 # Please, DO NOT put your text editors' temporary files here.  The more are
 # added, the harder it gets to maintain and manage projects' gitignores.  Put
 # them into your global gitignore file instead.
@@ -8,6 +13,7 @@
 # bottom to make sure they take effect.
 *.db
 *.log
+*.out
 *.snap
 *.test
 /agh-backup/
@@ -21,6 +27,7 @@
 /launchpad_credentials
 /querylog.json*
 /snapcraft_login
+/test-reports/
 AdGuardHome
 AdGuardHome.exe
 AdGuardHome.yaml*

.markdownlint.json

@@ -0,0 +1,25 @@
+{
+  "ul-indent": {
+    "indent": 4
+  },
+  "ul-style": {
+    "style": "dash"
+  },
+  "emphasis-style": {
+    "style": "asterisk"
+  },
+  "no-duplicate-heading": {
+    "siblings_only": true
+  },
+  "no-inline-html": {
+    "allowed_elements": [
+      "a"
+    ]
+  },
+  "no-trailing-spaces": {
+    "br_spaces": 0
+  },
+  "line-length": false,
+  "no-bare-urls": false,
+  "link-fragments": false
+}

Makefile

@@ -1,14 +1,14 @@
 # Keep the Makefile POSIX-compliant.  We currently allow hyphens in
 # target names, but that may change in the future.
 #
-# See https://pubs.opengroup.org/onlinepubs/9699919799/utilities/make.html.
+# See https://pubs.opengroup.org/onlinepubs/9799919799/utilities/make.html.
 .POSIX:
 
 # This comment is used to simplify checking local copies of the
 # Makefile.  Bump this number every time a significant change is made to
 # this Makefile.
 #
-# AdGuard-Project-Version: 4
+# AdGuard-Project-Version: 9
 
 # Don't name these macros "GO" etc., because GNU Make apparently makes
 # them exported environment variables with the literal value of
@@ -22,12 +22,12 @@ VERBOSE.MACRO = $${VERBOSE:-0}
 
 CHANNEL = development
 CLIENT_DIR = client
-COMMIT = $$( git rev-parse --short HEAD )
+DEPLOY_SCRIPT_PATH = not/a/real/path
 DIST_DIR = dist
 GOAMD64 = v1
-GOPROXY = https://goproxy.cn|https://proxy.golang.org|direct
-GOSUMDB = sum.golang.google.cn
-GOTOOLCHAIN = go1.22.5
+GOPROXY = https://proxy.golang.org|direct
+GOTELEMETRY = off
+GOTOOLCHAIN = go1.23.5
 GPG_KEY = devteam@adguard.com
 GPG_KEY_PASSPHRASE = not-a-real-password
 NPM = npm
@@ -35,7 +35,9 @@ NPM_FLAGS = --prefix $(CLIENT_DIR)
 NPM_INSTALL_FLAGS = $(NPM_FLAGS) --quiet --no-progress --ignore-engines\
 	--ignore-optional --ignore-platform --ignore-scripts
 RACE = 0
+REVISION = $${REVISION:-$$(git rev-parse --short HEAD)}
 SIGN = 1
+SIGNER_API_KEY = not-a-real-key
 VERSION = v0.0.0
 YARN = yarn
 
@@ -58,21 +60,29 @@ BUILD_RELEASE_DEPS_1 = go-deps
 
 ENV = env\
 	CHANNEL='$(CHANNEL)'\
-	COMMIT='$(COMMIT)'\
+	DEPLOY_SCRIPT_PATH='$(DEPLOY_SCRIPT_PATH)' \
 	DIST_DIR='$(DIST_DIR)'\
 	GO="$(GO.MACRO)"\
-	GOAMD64="$(GOAMD64)"\
+	GOAMD64='$(GOAMD64)'\
 	GOPROXY='$(GOPROXY)'\
-	GOSUMDB='$(GOSUMDB)'\
+	GOTELEMETRY='$(GOTELEMETRY)'\
 	GOTOOLCHAIN='$(GOTOOLCHAIN)'\
 	GPG_KEY='$(GPG_KEY)'\
 	GPG_KEY_PASSPHRASE='$(GPG_KEY_PASSPHRASE)'\
+	NEXTAPI='$(NEXTAPI)'\
 	PATH="$${PWD}/bin:$$( "$(GO.MACRO)" env GOPATH )/bin:$${PATH}"\
 	RACE='$(RACE)'\
+	REVISION='$(REVISION)'\
 	SIGN='$(SIGN)'\
-	NEXTAPI='$(NEXTAPI)'\
+	SIGNER_API_KEY='$(SIGNER_API_KEY)' \
+	VERBOSE="$(VERBOSE.MACRO)"\
+	VERSION="$(VERSION)"\
+
+# Keep the line above blank.
+
+ENV_MISC = env\
+	PATH="$${PWD}/bin:$$("$(GO.MACRO)" env GOPATH)/bin:$${PATH}"\
 	VERBOSE="$(VERBOSE.MACRO)"\
-	VERSION='$(VERSION)'\
 
 # Keep the line above blank.
 
@@ -80,6 +90,8 @@ ENV = env\
 # full build.
 build: deps quick-build
 
+init: ; git config core.hooksPath ./scripts/hooks
+
 quick-build: js-build go-build
 
 deps: js-deps go-deps
@@ -93,39 +105,38 @@ build-docker: ; $(ENV) "$(SHELL)" ./scripts/make/build-docker.sh
 build-release: $(BUILD_RELEASE_DEPS_$(FRONTEND_PREBUILT))
 	$(ENV) "$(SHELL)" ./scripts/make/build-release.sh
 
-clean: ; $(ENV) "$(SHELL)" ./scripts/make/clean.sh
-init:  ; git config core.hooksPath ./scripts/hooks
-
 js-build: ; $(NPM) $(NPM_FLAGS) run build-prod
 js-deps:  ; $(NPM) $(NPM_INSTALL_FLAGS) ci
 js-lint:  ; $(NPM) $(NPM_FLAGS) run lint
 js-test:  ; $(NPM) $(NPM_FLAGS) run test
 
-go-bench: ; $(ENV) "$(SHELL)" ./scripts/make/go-bench.sh
-go-build: ; $(ENV) "$(SHELL)" ./scripts/make/go-build.sh
-go-deps:  ; $(ENV) "$(SHELL)" ./scripts/make/go-deps.sh
-go-fuzz:  ; $(ENV) "$(SHELL)" ./scripts/make/go-fuzz.sh
-go-lint:  ; $(ENV) "$(SHELL)" ./scripts/make/go-lint.sh
-go-tools: ; $(ENV) "$(SHELL)" ./scripts/make/go-tools.sh
-
+go-bench:     ; $(ENV) "$(SHELL)"    ./scripts/make/go-bench.sh
+go-build:     ; $(ENV) "$(SHELL)"    ./scripts/make/go-build.sh
+go-deps:      ; $(ENV) "$(SHELL)"    ./scripts/make/go-deps.sh
+go-env:       ; $(ENV) "$(GO.MACRO)" env
+go-fuzz:      ; $(ENV) "$(SHELL)"    ./scripts/make/go-fuzz.sh
+go-lint:      ; $(ENV) "$(SHELL)"    ./scripts/make/go-lint.sh
 # TODO(a.garipov): Think about making RACE='1' the default for all
 # targets.
-go-test:  ; $(ENV) RACE='1' "$(SHELL)" ./scripts/make/go-test.sh
-
-go-upd-tools: ; $(ENV) "$(SHELL)" ./scripts/make/go-upd-tools.sh
+go-test:      ; $(ENV) RACE='1' "$(SHELL)" ./scripts/make/go-test.sh
+go-tools:     ; $(ENV)          "$(SHELL)" ./scripts/make/go-tools.sh
+go-upd-tools: ; $(ENV)          "$(SHELL)" ./scripts/make/go-upd-tools.sh
 
 go-check: go-tools go-lint go-test
 
-# A quick check to make sure that all supported operating systems can be
-# typechecked and built successfully.
+# A quick check to make sure that all operating systems relevant to the
+# development of the project can be typechecked and built successfully.
 go-os-check:
-	env GOOS='darwin'  "$(GO.MACRO)" vet ./internal/...
-	env GOOS='freebsd' "$(GO.MACRO)" vet ./internal/...
-	env GOOS='openbsd' "$(GO.MACRO)" vet ./internal/...
-	env GOOS='linux'   "$(GO.MACRO)" vet ./internal/...
-	env GOOS='windows' "$(GO.MACRO)" vet ./internal/...
+	$(ENV) GOOS='darwin'  "$(GO.MACRO)" vet ./internal/...
+	$(ENV) GOOS='freebsd' "$(GO.MACRO)" vet ./internal/...
+	$(ENV) GOOS='openbsd' "$(GO.MACRO)" vet ./internal/...
+	$(ENV) GOOS='linux'   "$(GO.MACRO)" vet ./internal/...
+	$(ENV) GOOS='windows' "$(GO.MACRO)" vet ./internal/...
+
+txt-lint: ; $(ENV) "$(SHELL)" ./scripts/make/txt-lint.sh
+
+md-lint:  ; $(ENV_MISC) "$(SHELL)" ./scripts/make/md-lint.sh
+sh-lint:  ; $(ENV_MISC) "$(SHELL)" ./scripts/make/sh-lint.sh
 
 openapi-lint: ; cd ./openapi/ && $(YARN) test
 openapi-show: ; cd ./openapi/ && $(YARN) start
-
-txt-lint: ; $(ENV) "$(SHELL)" ./scripts/make/txt-lint.sh

README.md

@@ -114,7 +114,7 @@ If you're running **Linux,** there's a secure and easy way to install AdGuard Ho
 
 [Docker Hub]: https://hub.docker.com/r/adguard/adguardhome
 [Snap Store]: https://snapcraft.io/adguard-home
-[wiki-start]: https://github.com/AdguardTeam/AdGuardHome/wiki/Getting-Started
+[wiki-start]: https://adguard-dns.io/kb/adguard-home/getting-started/
 
 ### <a href="#guides" id="guides" name="guides">Guides</a>
 
@@ -205,7 +205,7 @@ Run `make init` to prepare the development environment.
 
 You will need this to build AdGuard Home:
 
-- [Go](https://golang.org/dl/) v1.22 or later;
+- [Go](https://golang.org/dl/) v1.23 or later;
 - [Node.js](https://nodejs.org/en/download/) v18.18 or later;
 - [npm](https://www.npmjs.com/) v8 or later;
 

bamboo-specs/release.yaml

@@ -8,7 +8,7 @@
 'variables':
     'channel': 'edge'
     'dockerFrontend': 'adguard/home-js-builder:2.0'
-    'dockerGo': 'adguard/go-builder:1.22.5--1'
+    'dockerGo': 'adguard/go-builder:1.23.5--1'
 
 'stages':
   - 'Build frontend':
@@ -91,6 +91,11 @@
     'tasks':
       - 'checkout':
             'force-clean-build': true
+      - 'checkout':
+            'repository': 'bamboo-deploy-publisher'
+            # The paths are always relative to the working directory.
+            'path': 'bamboo-deploy-publisher'
+            'force-clean-build': true
       - 'script':
             'interpreter': 'SHELL'
             'scripts':
@@ -99,6 +104,9 @@
 
                 set -e -f -u -x
 
+                # Explicitly checkout the revision that we need.
+                git checkout "${bamboo.repository.revision.number}"
+
                 # Run the build with the specified channel.
                 echo "${bamboo.gpgSecretKeyPart1}${bamboo.gpgSecretKeyPart2}"\
                         | awk '{ gsub(/\\n/, "\n"); print; }'\
@@ -107,6 +115,8 @@
                 make\
                         CHANNEL=${bamboo.channel}\
                         GPG_KEY_PASSPHRASE=${bamboo.gpgPassword}\
+                        DEPLOY_SCRIPT_PATH="./bamboo-deploy-publisher/deploy.sh"\
+                        SIGNER_API_KEY="${bamboo.adguardHomeWinSignerSecretApiKey}"\
                         FRONTEND_PREBUILT=1\
                         PARALLELISM=1\
                         VERBOSE=2\
@@ -132,13 +142,15 @@
                 # Install Qemu, create builder.
                 docker version -f '{{ .Server.Experimental }}'
                 docker buildx rm buildx-builder || :
-                docker buildx create --name buildx-builder --driver docker-container\
-                                --use
+                docker buildx create \
+                    --name buildx-builder \
+                    --driver docker-container \
+                    --use
                 docker buildx inspect --bootstrap
 
                 # Login to DockerHub.
-                docker login -u="${bamboo.dockerHubUsername}"\
-                        -p="${bamboo.dockerHubPassword}"
+                docker login -u="${bamboo.dockerHubUsername}" \
+                    -p="${bamboo.dockerHubPassword}"
 
                 # Boot the builder.
                 docker buildx inspect --bootstrap
@@ -147,14 +159,14 @@
                 docker info
 
                 # Prepare and push the build.
-                env\
-                        CHANNEL="${bamboo.channel}"\
-                        COMMIT="${bamboo.repository.revision.number}"\
-                        DIST_DIR='dist'\
-                        DOCKER_IMAGE_NAME='adguard/adguardhome'\
-                        DOCKER_OUTPUT="type=image,name=adguard/adguardhome,push=true"\
-                        VERBOSE='1'\
-                        sh ./scripts/make/build-docker.sh
+                env \
+                    CHANNEL="${bamboo.channel}" \
+                    REVISION="${bamboo.repository.revision.number}" \
+                    DIST_DIR='dist' \
+                    DOCKER_IMAGE_NAME='adguard/adguardhome' \
+                    DOCKER_OUTPUT="type=image,name=adguard/adguardhome,push=true" \
+                    VERBOSE='1' \
+                    sh ./scripts/make/build-docker.sh
             'environment':
                 DOCKER_CLI_EXPERIMENTAL=enabled
     'final-tasks':
@@ -266,7 +278,7 @@
         'variables':
             'channel': 'beta'
             'dockerFrontend': 'adguard/home-js-builder:2.0'
-            'dockerGo': 'adguard/go-builder:1.22.5--1'
+            'dockerGo': 'adguard/go-builder:1.23.5--1'
     # release-vX.Y.Z branches are the branches from which the actual final
     # release is built.
   - '^release-v[0-9]+\.[0-9]+\.[0-9]+':
@@ -282,4 +294,4 @@
         'variables':
             'channel': 'release'
             'dockerFrontend': 'adguard/home-js-builder:2.0'
-            'dockerGo': 'adguard/go-builder:1.22.5--1'
+            'dockerGo': 'adguard/go-builder:1.23.5--1'

bamboo-specs/test.yaml

@@ -6,7 +6,7 @@
     'name': 'AdGuard Home - Build and run tests'
 'variables':
     'dockerFrontend': 'adguard/home-js-builder:2.0'
-    'dockerGo': 'adguard/go-builder:1.22.5--1'
+    'dockerGo': 'adguard/go-builder:1.23.5--1'
     'channel': 'development'
 
 'stages':
@@ -54,6 +54,7 @@
     'requirements':
       - 'adg-docker': 'true'
 
+# TODO(e.burkov):  Add the linting stage for markdown docs and shell scripts.
 'Test backend':
     'docker':
         'image': '${bamboo.dockerGo}'
@@ -195,5 +196,5 @@
         # may need to build a few of these.
         'variables':
             'dockerFrontend': 'adguard/home-js-builder:2.0'
-            'dockerGo': 'adguard/go-builder:1.22.5--1'
+            'dockerGo': 'adguard/go-builder:1.23.5--1'
             'channel': 'candidate'

client/src/__locales/ar.json

@@ -291,7 +291,7 @@
     "custom_ip": "عنوان IP مخصص",
     "blocking_ipv4": "حجب عنوان IPv4",
     "blocking_ipv6": "حجب عنوان IPv6",
-    "blocked_response_ttl": "زمن حظر الاستجابة",
+    "blocked_response_ttl": "حظر استجابة TTL",
     "blocked_response_ttl_desc": "تحديد عدد الثواني التي يجب على العملاء تخزين الاستجابة التي تمت تصفيتها مؤقتًا",
     "form_enter_blocked_response_ttl": "أدخل وقت الاستجابة المحظورة TTL (بالثواني)",
     "dnscrypt": "DNSCrypt",
@@ -734,10 +734,10 @@
     "thursday": "الخميس",
     "friday": "الجمعة",
     "saturday": "السبت",
-    "sunday_short": "الاحد",
+    "sunday_short": "الأحد",
     "monday_short": "الإثنين",
     "tuesday_short": "الثلاثاء",
-    "wednesday_short": "الاربعاء",
+    "wednesday_short": "الأربعاء",
     "thursday_short": "الخميس",
     "friday_short": "الجمعة",
     "saturday_short": "السبت",

client/src/__locales/bg.json

@@ -159,6 +159,8 @@
     "dns_over_https": "DNS-пред-HTTPS",
     "dns_over_quic": "DNS-over-QUIC",
     "plain_dns": "Обикновен DNS",
+    "theme_light": "Светла тема",
+    "theme_dark": "Тъмна тема",
     "source_label": "Източник",
     "found_in_known_domain_db": "Намерен в списъците с домейни.",
     "category_label": "Категория",
@@ -283,5 +285,12 @@
     "filter_category_general": "General",
     "filter_category_security": "Сигурност",
     "port_53_faq_link": "Порт 53 често е зает от \"DNSStubListener\" или \"systemd-resolved\" услуги. Моля, прочетете <0>тази инструкция</0> как да решите това.",
-    "parental_control": "Родителски контрол"
+    "parental_control": "Родителски контрол",
+    "sunday_short": "Нд",
+    "monday_short": "Пон",
+    "tuesday_short": "Вт",
+    "wednesday_short": "Ср",
+    "thursday_short": "Чт",
+    "friday_short": "Пт",
+    "saturday_short": "Съб"
 }

client/src/__locales/cs.json

@@ -154,7 +154,7 @@
     "use_adguard_parental": "Použít službu AdGuard Rodičovská kontrola",
     "use_adguard_parental_hint": "AdGuard Home zkontroluje, zda doména obsahuje materiály pro dospělé. Používá stejné API přátelské k ochraně osobních údajů jako služba Bezpečnost prohlížení.",
     "enforce_safe_search": "Použít bezpečné vyhledávání",
-    "enforce_save_search_hint": "AdGuard Home vynutí bezpečné vyhledávání v následujících vyhledávačích: Google, YouTube, Bing, DuckDuckGo, Yandex, Pixabay.",
+    "enforce_save_search_hint": "AdGuard Home vynutí bezpečné vyhledávání v následujících vyhledávačích: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex, Pixabay.",
     "no_servers_specified": "Nebyly specifikovány žádné servery",
     "general_settings": "Obecná nastavení",
     "dns_settings": "Nastavení DNS",

client/src/__locales/da.json

@@ -154,7 +154,7 @@
     "use_adguard_parental": "Brug AdGuards forældrekontrolwebtjeneste",
     "use_adguard_parental_hint": "AdGuard Home vil tjekke, om domænet indeholder voksenindhold vha. den samme fortrolighedsvenlige API som browsingsikkerhedswebtjenesten.",
     "enforce_safe_search": "Brug sikker søgning",
-    "enforce_save_search_hint": "AdGuard Home vil håndhæve sikker søgning i flg. søgemaskiner: Google, YouTube, Bing, DuckDuckGo, Yandex og Pixabay.",
+    "enforce_save_search_hint": "AdGuard Home vil håndhæve sikker søgning i flg. søgemaskiner: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex, Pixabay.",
     "no_servers_specified": "Ingen servere angivet",
     "general_settings": "Generelle indstillinger",
     "dns_settings": "DNS-indstillinger",

client/src/__locales/de.json

@@ -154,7 +154,7 @@
     "use_adguard_parental": "AdGuard Webservice für Kindersicherung verwenden",
     "use_adguard_parental_hint": "AdGuard Home wird prüfen, ob die Domain jugendgefährdende Inhalte enthält. Zum Schutz Ihrer Privatsphäre wird die selbe API wie für den Webservice für Internetsicherheit verwendet.",
     "enforce_safe_search": "Sichere Suche verwenden",
-    "enforce_save_search_hint": "AdGuard kann Sichere Suche für folgende Suchmaschinen erzwingen: Google, YouTube, Bing, DuckDuckGo, Yandex und Pixabay.",
+    "enforce_save_search_hint": "AdGuard kann Sichere Suche für folgende Suchmaschinen erzwingen: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex und Pixabay.",
     "no_servers_specified": "Keine Server festgelegt",
     "general_settings": "Allgemeine Einstellungen",
     "dns_settings": "DNS-Einstellungen",

client/src/__locales/en.json

@@ -154,7 +154,7 @@
     "use_adguard_parental": "Use AdGuard parental control web service",
     "use_adguard_parental_hint": "AdGuard Home will check if domain contains adult materials. It uses the same privacy-friendly API as the browsing security web service.",
     "enforce_safe_search": "Use Safe Search",
-    "enforce_save_search_hint": "AdGuard Home will enforce safe search in the following search engines: Google, YouTube, Bing, DuckDuckGo, Yandex, Pixabay.",
+    "enforce_save_search_hint": "AdGuard Home will enforce safe search in the following search engines: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex, Pixabay.",
     "no_servers_specified": "No servers specified",
     "general_settings": "General settings",
     "dns_settings": "DNS settings",

client/src/__locales/es.json

@@ -154,7 +154,7 @@
     "use_adguard_parental": "Usar el control parental de AdGuard",
     "use_adguard_parental_hint": "AdGuard Home comprobará si el dominio contiene materiales para adultos. Utiliza la misma API amigable con la privacidad del servicio web de seguridad de navegación.",
     "enforce_safe_search": "Usar búsqueda segura",
-    "enforce_save_search_hint": "AdGuard Home reforzará la búsqueda segura en los siguientes motores de búsqueda: Google, YouTube, Bing, DuckDuckGo, Yandex y Pixabay.",
+    "enforce_save_search_hint": "AdGuard Home reforzará la búsqueda segura en los siguientes motores de búsqueda: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex y Pixabay.",
     "no_servers_specified": "No hay servidores especificados",
     "general_settings": "Configuración general",
     "dns_settings": "Configuración del DNS",

client/src/__locales/fi.json

@@ -6,7 +6,7 @@
     "upstream_parallel": "Käytä rinnakkaisia pyyntöjä ja nopeuta selvitystä käyttämällä kaikkia ylävirtapalvelimia samanaikaisesti.",
     "parallel_requests": "Rinnakkaiset pyynnöt",
     "load_balancing": "Kuormantasaus",
-    "load_balancing_desc": "Lähetä pyyntö yhdelle ylävirtapalvelimelle kerrallaan. AdGuard Home pyrkii valitsemaan nopeimman palvelimen painotetun satunnaisalgoritminsa avulla.",
+    "load_balancing_desc": "Lähetä kysely kerrallaan yhdelle ylävirtapalvelimelle. AdGuard Home valitsee painotetun satunnaisalgoritmin avulla palvelimet, joilla on vähiten epäonnistuneita hakuja ja keskimääräisesti lyhin hakuaika.",
     "bootstrap_dns": "Bootstrap DNS-palvelimet",
     "bootstrap_dns_desc": "Ylävirroiksi määrittämiesi DoH/DoT-resolverien IP-osoitteiden selvitykseen käytettävien DNS-palvelimien IP-osoitteet. Kommentteja ei sallita.",
     "fallback_dns_title": "DNS-varapalvelimet",
@@ -154,7 +154,7 @@
     "use_adguard_parental": "Käytä AdGuardin lapsilukko-palvelua",
     "use_adguard_parental_hint": "AdGuard Home tarkistaa, sisältääkö verkkotunnus aikuisille tarkoitettua sisältöä. Se käyttää samaa tietosuojapainotteista rajapintaa, kuin turvallisen selauksen palvelu.",
     "enforce_safe_search": "Käytä turvallista hakua",
-    "enforce_save_search_hint": "AdGuard Home voi pakottaa turvallisen haun käyttöön seuraavissa hakukoneissa: Google, YouTube, Bing, DuckDuckGo, Yandex, Pixabay.",
+    "enforce_save_search_hint": "AdGuard Home pakottaa turvallisen haun käyttöön seuraavissa hakukoneissa: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex ja Pixabay.",
     "no_servers_specified": "Palvelimia ei ole määritetty",
     "general_settings": "Yleiset asetukset",
     "dns_settings": "DNS-asetukset",
@@ -542,7 +542,7 @@
     "stats_params": "Tilastoinnin määritys",
     "config_successfully_saved": "Asetukset tallennettiin",
     "interval_6_hour": "6 tuntia",
-    "interval_24_hour": "24 tuntia",
+    "interval_24_hour": "24 tunnilta",
     "interval_days": "{{count}} päivä",
     "interval_days_plural": "{{count}} päivää",
     "domain": "Verkkotunnus",
@@ -709,9 +709,9 @@
     "log_and_stats_section_label": "Pyyntöhistoria ja tilastot",
     "ignore_query_log": "Älä huomioi tätä päätelaitetta pyyntöhistoriassa",
     "ignore_statistics": "Älä huomioi tätä päätettä tilastoissa",
-    "schedule_services": "Keskeytä palveluesto",
-    "schedule_services_desc": "Määritä palvelunestosuodattimen keskeytysajoitus.",
-    "schedule_services_desc_client": "Määritä palvelunestosuodattimen keskeytysajoitus tälle päätteelle.",
+    "schedule_services": "Pysäytä palveluesto",
+    "schedule_services_desc": "Määritä palvelunestosuodattimen pysäytysajoitus.",
+    "schedule_services_desc_client": "Määritä palvelunestosuodattimen pysäytysajoitus tälle päätteelle.",
     "schedule_desc": "Aseta estettujen palveluiden käyttämättömyysjaksot",
     "schedule_invalid_select": "Aloitusaika on oltava ennen lopetusaikaa",
     "schedule_select_days": "Valitse päivät",

client/src/__locales/fr.json

@@ -154,7 +154,7 @@
     "use_adguard_parental": "Utiliser le contrôle parental d'AdGuard",
     "use_adguard_parental_hint": "AdGuard Home va vérifier s'il y a du contenu pour adultes sur le domaine. Ce sera fait par aide du même API discret que celui utilisé par le service de Sécurité de navigation.",
     "enforce_safe_search": "Utiliser la Recherche Sécurisée",
-    "enforce_save_search_hint": "AdGuard Home appliquera la recherche sécurisée dans les moteurs de recherche suivants : Google, YouTube, Bing, DuckDuckGo, Yandex, Pixabay.",
+    "enforce_save_search_hint": "AdGuard Home appliquera la recherche sécurisée dans les moteurs de recherche suivants : Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex, Pixabay.",
     "no_servers_specified": "Pas de serveurs spécifiés",
     "general_settings": "Paramètres généraux",
     "dns_settings": "Paramètres DNS",
@@ -676,7 +676,7 @@
     "filter_allowlist": "ATTENTION : Cette action exclura également la règle « {{disallowed_rule}} » de la liste des clients autorisés.",
     "last_rule_in_allowlist": "Impossible d’interdire ce client, car l’exclusion de la règle « {{disallowed_rule}} » DÉSACTIVERA la liste des « clients autorisés ».",
     "use_saved_key": "Utiliser la clef précédemment enregistrée",
-    "parental_control": "Contrôle parental",
+    "parental_control": "Contrôle Parental",
     "safe_browsing": "Navigation sécurisée",
     "served_from_cache_label": "Servi depuis le cache",
     "form_error_password_length": "Le mot de passe doit comporter entre {{min}} et {{max}}  caractères",

client/src/__locales/id.json

@@ -147,7 +147,7 @@
     "average_upstream_response_time": "Rata-rata waktu respons hulu",
     "response_time": "Waktu respons",
     "average_processing_time_hint": "Rata-rata waktu dalam milidetik untuk pemrosesan sebuah permintaan DNS",
-    "block_domain_use_filters_and_hosts": "Blokir domain menggunakan filter dan file hosts",
+    "block_domain_use_filters_and_hosts": "Blokir domain menggunakan filter dan berkas host",
     "filters_block_toggle_hint": "Anda dapat menyiapkan aturan pemblokiran dalam pengaturan <a>Filter</a>.",
     "use_adguard_browsing_sec": "Gunakan layanan web Keamanan Penjelajahan AdGuard",
     "use_adguard_browsing_sec_hint": "AdGuard Home akan memeriksa apakah domain diblokir oleh layanan web keamanan penjelajahan. Ini akan menggunakan API pencarian yang ramah privasi untuk melakukan pemeriksaan: hanya awalan singkat dari hash nama domain SHA256 yang dikirim ke server.",
@@ -191,7 +191,7 @@
     "edit_table_action": "Ubah",
     "delete_table_action": "Hapus",
     "elapsed": "Berlalu",
-    "filters_and_hosts_hint": "AdGuard Home memahami aturan dasar adblock dan sintak file hosts.",
+    "filters_and_hosts_hint": "AdGuard Home memahami aturan dasar adblock dan sintak berkas host.",
     "no_blocklist_added": "Tidak ada daftar hitam yang ditambahkan",
     "no_whitelist_added": "Tidak ada daftar putih yang ditambahkan",
     "add_blocklist": "Tambahkan daftar hitam",
@@ -211,8 +211,8 @@
     "form_error_url_format": "Format URL tidak valid",
     "form_error_url_or_path_format": "URL atau jalur absolut dari daftar tidak valid",
     "custom_filter_rules": "Aturan penyaringan khusus",
-    "custom_filter_rules_hint": "Masukkan satu aturan dalam sebuah baris. Anda dapat menggunakan baik aturan adblock maupun sintaks file hosts.",
-    "system_host_files": "File host sistem",
+    "custom_filter_rules_hint": "Masukkan satu aturan pada satu baris. Anda dapat menggunakan aturan adblock atau sintaks berkas host.",
+    "system_host_files": "Berkas host sistem",
     "examples_title": "Contoh",
     "example_meaning_filter_block": "blokir akses ke example.org dan seluruh subdomainnya;",
     "example_meaning_filter_whitelist": "buka blokir akses ke domain example.orf dan seluruh subdomainnya;",
@@ -476,7 +476,7 @@
     "client_confirm_delete": "Apakah anda yakin ingin menghapus klien \"{{key}}\"?",
     "list_confirm_delete": "Anda yakin ingin menghapus daftar ini?",
     "auto_clients_title": "Klien (waktu berjalan)",
-    "auto_clients_desc": "Informasi tentang alamat IP perangkat yang menggunakan atau mungkin menggunakan AdGuard Home. Informasi ini dikumpulkan dari beberapa sumber, termasuk file host, reverse DNS, dll.",
+    "auto_clients_desc": "Informasi tentang alamat IP perangkat yang menggunakan atau mungkin menggunakan AdGuard Home. Informasi ini dikumpulkan dari beberapa sumber, termasuk berkas host, DNS terbalik, dll.",
     "access_title": "Pengaturan akses",
     "access_desc": "Disini anda dapat mengatur aturan akses untuk server AdGuard Home DNS",
     "access_allowed_title": "Klien yang diizinkan",
@@ -494,7 +494,7 @@
     "setup_dns_privacy_1": "<0>DNS melalui TLS:</0> Gunakan <1>{{address}}</1> string.",
     "setup_dns_privacy_2": "<0>DNS-over-TLS:</0> Memakai <1>{{address}}</1> string.",
     "setup_dns_privacy_3": "<0>Berikut daftar perangkat lunak yang dapat Anda gunakan.</0>",
-    "setup_dns_privacy_4": "Di perangkat iOS 14 atau macOS Big Sur, Anda dapat mengunduh file '.mobileconfig' khusus yang menambahkan server <highlight>DNS-over-HTTPS</highlight> atau <highlight>DNS-over-TLS</highlight> ke pengaturan DNS.",
+    "setup_dns_privacy_4": "Pada perangkat iOS 14 atau macOS Big Sur, Anda dapat mengunduh berkas khusus '.mobileconfig' yang menambahkan server <highlight>DNS melalui HTTPS</highlight> atau <highlight>DNS melalui TLS</highlight> ke pengaturan DNS.",
     "setup_dns_privacy_android_1": "Android 9 mendukung DNS-over-TLS secara asli. Untuk mengkonfigurasinya, buka Pengaturan → Jaringan & internet → Tingkat Lanjut → DNS Pribadi dan masukkan nama domain Anda di sana.",
     "setup_dns_privacy_android_2": "<0>AdGuard untuk Android</0> mendukung <1>DNS-over-HTTPS</1> dan <1>DNS-over-TLS</1>.",
     "setup_dns_privacy_android_3": "<0>Intra</0> menambahkan dukungan <1>DNS-over-HTTPS</1> untuk Android.",
@@ -517,7 +517,7 @@
     "rewrite_confirm_delete": "Apakah anda yakin ingin menghapus DNS rewrite untuk \"{{key}}\"?",
     "rewrite_desc": "Memungkinkan untuk dengan mudah mengkonfigurasi respons DNS kustom untuk nama domain tertentu.",
     "rewrite_applied": "Aturan Rewrite yang diterapkan",
-    "rewrite_hosts_applied": "Ditulis ulang oleh aturan file hosts",
+    "rewrite_hosts_applied": "Ditulis ulang oleh aturan berkas host",
     "dns_rewrites": "DNS rewrite",
     "form_domain": "Masukkan nama domain",
     "form_answer": "Masaukan alamat IP atau nama domain",
@@ -676,7 +676,7 @@
     "filter_allowlist": "PERINGATAN: Tindakan ini juga akan mengecualikan aturan \"{{disallowed_rule}}\" dari daftar klien yang diizinkan.",
     "last_rule_in_allowlist": "Tidak dapat melarang klien ini karena mengecualikan aturan \"{{disallowed_rule}}\" akan MENONAKTIFKAN daftar \"Klien yang diizinkan\".",
     "use_saved_key": "Gunakan kunci yang disimpan sebelumnya",
-    "parental_control": "Kontrol Orang Tua",
+    "parental_control": "Pengawasan Orang Tua",
     "safe_browsing": "Penjelajahan Aman",
     "served_from_cache": "{{value}} <i>(disajikan dari cache)</i>",
     "form_error_password_length": "Kata sandi harus terdiri dari {{min}} hingga {{max}}",

client/src/__locales/it.json

@@ -154,7 +154,7 @@
     "use_adguard_parental": "Utilizza il Controllo Parentale di AdGuard",
     "use_adguard_parental_hint": "AdGuard Home verificherà se il dominio contiene materiale per adulti. Utilizza le stesse API privacy-friendly del servizio web 'sicurezza di navigazione'.",
     "enforce_safe_search": "Utilizza Ricerca Sicura",
-    "enforce_save_search_hint": "AdGuard Home forzerà la ricerca sicura sui seguenti motori di ricerca: Google, YouTube, Bing, DuckDuckGo, Yandex, Pixabay.",
+    "enforce_save_search_hint": "AdGuard Home applicherà la ricerca sicura nei seguenti motori di ricerca: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex, Pixabay.",
     "no_servers_specified": "Nessun server specificato",
     "general_settings": "Impostazioni generali",
     "dns_settings": "Impostazioni DNS",

client/src/__locales/ja.json

@@ -154,7 +154,7 @@
     "use_adguard_parental": "AdGuardペアレンタルコントロール・ウェブサービスを使用する",
     "use_adguard_parental_hint": "AdGuard Homeは、ドメインにアダルトコンテンツが含まれているかどうかを確認します。 ブラウジングセキュリティ・ウェブサービスと同じプライバシーに優しいAPIを使用します。",
     "enforce_safe_search": "セーフサーチを使用する",
-    "enforce_save_search_hint": "AdGuard Homeは、次の検索エンジンでセーフサーチを強制適用します: Google, YouTube, Bing, DuckDuckGo, Yandex, Pixabay",
+    "enforce_save_search_hint": "AdGuard Homeは、次の検索エンジンでセーフサーチを強制適用します: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex, Pixabay",
     "no_servers_specified": "サーバが指定されていません",
     "general_settings": "一般設定",
     "dns_settings": "DNS設定",

client/src/__locales/ko.json

@@ -108,7 +108,7 @@
     "off": "OFF",
     "copyright": "Copyright",
     "homepage": "홈페이지",
-    "report_an_issue": "문제를 보고합니다",
+    "report_an_issue": "문제 신고",
     "privacy_policy": "개인정보취급방침",
     "enable_protection": "보호 활성화",
     "enabled_protection": "보호 활성화됨",
@@ -154,7 +154,7 @@
     "use_adguard_parental": "AdGuard 자녀 보호 웹 서비스 사용",
     "use_adguard_parental_hint": "AdGuard Home은 도메인에 성인 자료가 포함되어 있는지 확인합니다. 브라우징 보안 웹 서비스와 동일한 개인정보 보호 API를 사용함.",
     "enforce_safe_search": "세이프서치 사용",
-    "enforce_save_search_hint": "AdGuard Home은 Google, YouTube, Bing, DuckDuckGo, Yandex, Pixabay와 같은 검색 엔진에서 세이프서치를 시행합니다.",
+    "enforce_save_search_hint": "AdGuard Home은 Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex, Pixabay와 같은 검색 엔진에서 세이프서치를 시행합니다.",
     "no_servers_specified": "지정된 서버 없음",
     "general_settings": "일반 설정",
     "dns_settings": "DNS 설정",

client/src/__locales/nl.json

@@ -154,7 +154,7 @@
     "use_adguard_parental": "Gebruik AdGuard Ouderlijk toezicht web service",
     "use_adguard_parental_hint": "AdGuard Home controleert of het domein 18+ content bevat. Dit gebeurt dmv dezelfde privacy vriendelijke API als de Browsing Security web service.",
     "enforce_safe_search": "Veilig zoeken gebruiken",
-    "enforce_save_search_hint": "AdGuard Home kan veilig zoeken forceren voor de volgende zoekmachines: Google, Youtube, Bing, en DuckDuckGo, Yandex, Pixabay.",
+    "enforce_save_search_hint": "AdGuard Home dwingt veilig zoeken af in de volgende zoekmachines: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex, Pixabay.",
     "no_servers_specified": "Geen servers gespecificeerd",
     "general_settings": "Algemene instellingen",
     "dns_settings": "DNS instellingen",
@@ -166,7 +166,7 @@
     "encryption_settings": "Encryptie instellingen",
     "dhcp_settings": "DHCP instellingen",
     "upstream_dns": "Upstream DNS-servers",
-    "upstream_dns_help": "Een server-adres per regel invoeren. <a>Meer weten</a> over het configureren van upstream DNS-servers.",
+    "upstream_dns_help": "Een server-adres per regel invoeren. <a>Meer informatie</a> over het configureren van upstream DNS-servers.",
     "upstream_dns_configured_in_file": "Geconfigureerd in {{path}}",
     "test_upstream_btn": "Test upstream",
     "upstreams": "Upstreams",

client/src/__locales/no.json

@@ -128,6 +128,7 @@
     "enforced_save_search": "Påtvungede barnevennlige søk",
     "number_of_dns_query_to_safe_search": "Antall DNS-forespørsler til søkemotorer der \"Safe Search\" ble fremtvunget",
     "average_processing_time": "Gjennomsnittlig behandlingstid",
+    "response_time": "Responstid",
     "average_processing_time_hint": "Gjennomsnittstid for behandling av DNS-forespørsler i millisekunder",
     "block_domain_use_filters_and_hosts": "Blokker domener ved hjelp av filtre, «hosts»-filer, og rå domener",
     "filters_block_toggle_hint": "Du kan sette opp blokkeringsoppføringer i <a>Filtre</a>-innstillingene.",

client/src/__locales/pl.json

@@ -6,7 +6,7 @@
     "upstream_parallel": "Użyj zapytań równoległych, aby przyspieszyć rozwiązywanie przez jednoczesne wysyłanie zapytań do wszystkich serwerów nadrzędnych.",
     "parallel_requests": "Równoległe żądania",
     "load_balancing": "Równoważenie obciążenia",
-    "load_balancing_desc": "Wysyłaj zapytania do jednego serwera nadrzędnego na raz. AdGuard Home używa swojego losowego algorytmu ważonego, aby wybrać serwer, tak aby najszybszy serwer był używany częściej.",
+    "load_balancing_desc": "Zapytaj jeden serwer nadrzędny na raz. AdGuard Home używa ważonego, losowego algorytmu do wybierania serwerów z najmniejszą liczbą nieudanych wyszukiwań i najniższym uśrednionym czasem wyszukiwania.",
     "bootstrap_dns": "Serwery DNS Bootstrap",
     "bootstrap_dns_desc": "Adresy IP serwerów DNS używanych do rozpoznawania adresów IP programów rozpoznawania nazw DoH/DoT określonych jako nadrzędne. Komentarze są niedozwolone.",
     "fallback_dns_title": "Rezerwowe serwery DNS",
@@ -122,7 +122,7 @@
     "stats_query_domain": "Najczęściej wyszukiwane domeny",
     "for_last_hours": "w ciągu ostatniej {{count}} godziny",
     "for_last_hours_plural": "w ciągu ostatnich {{count}} godzin",
-    "for_last_days": "za ostatni dzień {{count}}",
+    "for_last_days": "za ostatni {{count}} dzień",
     "for_last_days_plural": "z ostatnich {{count}} dni",
     "stats_disabled": "Statystyki zostały wyłączone. Można je włączyć na <0>stronie ustawień</0>.",
     "stats_disabled_short": "Statystyki zostały wyłączone",
@@ -130,7 +130,7 @@
     "requests_count": "Licznik żądań",
     "top_blocked_domains": "Najpopularniejsze zablokowane domeny",
     "top_clients": "Główni klienci",
-    "no_clients_found": "Nie znaleziono klienta",
+    "no_clients_found": "Nie znaleziono klientów",
     "general_statistics": "Ogólne statystyki",
     "top_upstreams": "Często żądane serwery nadrzędne",
     "no_upstreams_data_found": "Brak danych dotyczących serwerów nadrzędnych",
@@ -154,7 +154,7 @@
     "use_adguard_parental": "Użyj usługi Kontrola Rodzicielska AdGuard",
     "use_adguard_parental_hint": "AdGuard Home sprawdzi, czy domena zawiera materiały dla dorosłych. Używa tego samego interfejsu API przyjaznego prywatności, co usługa sieciowa Bezpieczne Przeglądanie. ",
     "enforce_safe_search": "Użyj bezpiecznego wyszukiwania",
-    "enforce_save_search_hint": "AdGuard Home wymusza bezpieczne wyszukiwanie w następujących wyszukiwarkach: Google, YouTube, Bing, DuckDuckGo, Yandex, Pixabay.",
+    "enforce_save_search_hint": "AdGuard Home wymusza bezpieczne wyszukiwanie w następujących wyszukiwarkach: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex, Pixabay.",
     "no_servers_specified": "Nie określono serwerów",
     "general_settings": "Ustawienia główne",
     "dns_settings": "Ustawienia DNS",

client/src/__locales/pt-br.json

@@ -154,7 +154,7 @@
     "use_adguard_parental": "Usar o serviço de controle parental do AdGuard",
     "use_adguard_parental_hint": "O AdGuard Home irá verificar se o domínio contém conteúdo adulto. Ele usa a mesma API amigável de privacidade que o serviço de segurança da navegação.",
     "enforce_safe_search": "Usar pesquisa segura",
-    "enforce_save_search_hint": "O AdGuard Home forcará a pesquisa segura nos seguintes motores de busca: Google, YouTube, Bing, DuckDuckGo, Yandex, Pixabay.",
+    "enforce_save_search_hint": "O AdGuard Home forcará a pesquisa segura nos seguintes motores de busca: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex, Pixabay.",
     "no_servers_specified": "Nenhum servidor especificado",
     "general_settings": "Configurações gerais",
     "dns_settings": "Configurações de DNS",

client/src/__locales/pt-pt.json

@@ -154,7 +154,7 @@
     "use_adguard_parental": "Usar o serviço de controlo parental do AdGuard",
     "use_adguard_parental_hint": "O AdGuard Home irá verificar se o domínio contém conteúdo adulto. Usa a mesma API amigável de privacidade que o serviço de segurança da navegação.",
     "enforce_safe_search": "Usar pesquisa segura",
-    "enforce_save_search_hint": "O AdGuard Home forçará a pesquisa segura nos seguintes motores de busca: Google, Youtube, Bing, DuckDuckGo, Yandex, Pixabay.",
+    "enforce_save_search_hint": "O AdGuard Home aplicará pesquisa segura nos seguintes motores de busca: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex, Pixabay.",
     "no_servers_specified": "Nenhum servidor especificado",
     "general_settings": "Definições gerais",
     "dns_settings": "Definições de DNS",

client/src/__locales/ru.json

@@ -154,7 +154,7 @@
     "use_adguard_parental": "Включить модуль Родительского контроля AdGuard ",
     "use_adguard_parental_hint": "AdGuard Home проверит, содержит ли домен материалы 18+. Он использует тот же API для обеспечения конфиденциальности, что и веб-служба безопасности браузера.",
     "enforce_safe_search": "Включить безопасный поиск",
-    "enforce_save_search_hint": "AdGuard Home может обеспечить безопасный поиск в следующих поисковых системах: Google, YouTube, Bing, DuckDuckGo, Yandex и Pixabay.",
+    "enforce_save_search_hint": "AdGuard Home будет обеспечивать безопасный поиск в следующих поисковых системах: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex, Pixabay.",
     "no_servers_specified": "Нет указанных серверов",
     "general_settings": "Основные настройки",
     "dns_settings": "Настройки DNS",

client/src/__locales/si-lk.json

@@ -7,7 +7,7 @@
     "local_ptr_desc": "ස්ථානීය PTR විමසුම් සඳහා ඇඩ්ගාර්ඩ් හෝම් භාවිතා කරන ව.නා.ප. සේවාදායක. මෙම සේවාදායක පුද්ගලික අ.ජා.කෙ. ලිපින පරාසවල PTR විමසුම් විසඳීමට භාවිතා කරයි, උදාහරණයක් ලෙස ප්‍රතිවර්ත ව.නා.ප. භාවිතයෙන් \"192.168.12.34\". මෙය සකසා නැති නම්, ඇඩ්ගාර්ඩ් හෝම් හි ලිපින සඳහා හැරුනු විට ඔබගේ මෙහෙයුම් පද්ධතියේ පෙරනිමි ව.නා.ප. විසදුම්වල ලිපින භාවිතා කරයි.",
     "local_ptr_default_resolver": "පෙරනිමි පරිදි, ඇඩ්ගාර්ඩ් හෝම් පහත ප්‍රතිවර්ත ව.නා.ප. පිළිවිසඳු භාවිතා කරයි: {{ip}}.",
     "local_ptr_no_default_resolver": "ඇඩ්ගාර්ඩ් හෝම් හට මෙම පද්ධතිය සඳහා සුදුසු පුද්ගලික ප්‍රතිවර්ත ව.නා.ප. පිළිවිසඳු නිශ්චය කරගත නොහැකි විය.",
-    "local_ptr_placeholder": "පේළියකට එක් සේවාදායක ලිපිනය බැගින් යොදන්න",
+    "local_ptr_placeholder": "පේළියකට අ.ජා.කෙ. ලිපිනය බැගින් ලියන්න",
     "resolve_clients_title": "අනුග්‍රාහකවල අ.ජා.කෙ. ලිපින ප්‍රතිවර්ත විසඳීම සබල කරන්න",
     "use_private_ptr_resolvers_title": "පෞද්. ප්‍රතිවර්ත ව.නා.ප. පිළිවිසඳු භාවිතය",
     "check_dhcp_servers": "ග.ධා.වි.කෙ. සේවාදායක පරීක්‍ෂා කරන්න",
@@ -102,7 +102,6 @@
     "stats_malware_phishing": "අවහිර කළ ද්වේශාංග/තතුබෑම්",
     "stats_adult": "අවහිර කළ වැඩිහිටි වියමන අඩවි",
     "stats_query_domain": "ප්‍රචලිත විමසන ලද වසම්",
-    "for_last_24_hours": "පසුගිය පැය 24 සඳහා",
     "for_last_days": "පසුගිය දවස් {{count}} සඳහා",
     "for_last_days_plural": "පසුගිය දවස් {{count}} සඳහා",
     "stats_disabled": "සංඛ්‍යාලේඛන අබල කර ඇත. එය <0>සැකසුම් පිටුවෙන්</0> සබල කළ හැකිය.",
@@ -115,13 +114,15 @@
     "general_statistics": "පොදු සංඛ්‍යාලේඛන",
     "number_of_dns_query_days": "පසුගිය දවස් {{count}} සඳහා සැකසූ ව.නා.ප. විමසුම් ගණන",
     "number_of_dns_query_days_plural": "පසුගිය දවස් {{count}} සඳහා සැකසූ ව.නා.ප. විමසුම් ගණන",
-    "number_of_dns_query_24_hours": "පසුගිය පැය 24 සඳහා සැකසූ ව.නා.ප. විමසුම් ගණන",
+    "number_of_dns_query_hours": "පසුගිය පැය {{count}} සඳහා සැකසූ ව.නා.ප. විමසුම් ගණන",
+    "number_of_dns_query_hours_plural": "පසුගිය පැය {{count}} සඳහා සැකසූ ව.නා.ප. විමසුම් ගණන",
     "number_of_dns_query_blocked_24_hours": "දැන්වීම් වාරණ පෙරහන් සහ සත්කාරක වාරණ ලැයිස්තු මගින් අවහිර කළ ව.නා.ප. ඉල්ලීම් ගණන",
     "number_of_dns_query_blocked_24_hours_by_sec": "ඇඩ්ගාර්ඩ් පිරික්සුම් ආරක්‍ෂණ ඒකකය මගින් අවහිර කළ ව.නා.ප. ඉල්ලීම් ගණන",
     "number_of_dns_query_blocked_24_hours_adult": "අවහිර කළ වැඩිහිටි වියමන අඩවි ගණන",
     "enforced_save_search": "ආරක්‍ෂිත සෙවීම බලාත්මක කළ",
     "number_of_dns_query_to_safe_search": "ආරක්‍ෂිත සෙවීම බලාත්මක කළ සෙවුම් යන්ත්‍ර සඳහා ව.නා.ප. ඉල්ලීම් ගණන",
     "average_processing_time": "සාමාන්‍ය සැකසුම් කාලය",
+    "response_time": "ප්‍රතිචාර කාලය",
     "average_processing_time_hint": "ව.නා.ප. ඉල්ලීමක් සැකසීමේ සාමාන්‍ය කාලය මිලි තත්පර වලින්",
     "block_domain_use_filters_and_hosts": "පෙරහන් හා සත්කාරක ගොනු භාවිතයෙන් වසම් අවහිර කරන්න",
     "filters_block_toggle_hint": "ඔබට අවහිර කිරීමේ නීති <a>පෙරහන්</a> තුළ පිහිටුවිය හැකිය.",
@@ -130,7 +131,7 @@
     "use_adguard_parental": "ඇඩ්ගාර්ඩ් දෙමාපිය පාලන වියමන සේවාව භාවිතා කරන්න",
     "use_adguard_parental_hint": "වසමේ වැඩිහිටියන්ට අදාල කරුණු අඩංගු දැයි ඇඩ්ගාර්ඩ් හෝම් විසින් පරීක්‍ෂා කරනු ඇත. එය පිරික්සුම් ආරක්‍ෂණ වියමන සේවාව මෙන් රහස්‍යතා හිතකාමී යෙ.ක්‍ර. අ.මු. (API) භාවිතා කරයි.",
     "enforce_safe_search": "ආරක්‍ෂිත සෙවුම භාවිතා කරන්න",
-    "enforce_save_search_hint": "ඇඩ්ගාර්ඩ් හෝම් පහත සෙවුම් යන්ත්‍ර තුළ ආරක්‍ෂිත සෙවුම බලාත්මක කරනු ඇත: ගූගල්, යූටියුබ්, බින්ග්, ඩක්ඩක්ගෝ, යාන්ඩෙක්ස් සහ පික්සාබේ.",
+    "enforce_save_search_hint": "ඇඩ්ගාර්ඩ් හෝම් පහත සෙවුම් යන්ත්‍ර තුළ ආරක්‍ෂිත සෙවුම බලාත්මක කරනු ඇත: ගූගල්, යූටියුබ්, බින්ග්, ඩක්ඩක්ගෝ, එකොසියා, යාන්ඩෙක්ස් සහ පික්සාබේ.",
     "no_servers_specified": "සේවාදායක කිසිවක් නිශ්චිතව දක්වා නැත",
     "general_settings": "පොදු සැකසුම්",
     "dns_settings": "ව.නා.ප. සැකසුම්",
@@ -196,12 +197,14 @@
     "example_comment_hash": "# එසේම අදහස් දැක්වීමක්.",
     "example_regex_meaning": "නිශ්චිතව දක්වා ඇති නිත්‍ය වාක්‍යවිධියට ගැළපෙන වසම් වෙත ප්‍රවේශය අවහිර කරයි.",
     "example_upstream_regular": "සාමාන්‍ය ව.නා.ප. (UDP හරහා);",
+    "example_upstream_regular_port": "සාමාන්‍ය ව.නා.ප. (UDP හරහා, තොට සමඟ);",
     "example_upstream_udp": "සාමාන්‍ය ව.නා.ප. (UDP, සත්කාරක-නම හරහා);",
     "example_upstream_dot": "සංකේතිත <0>TLS-මගින්-ව.නා.ප.</0>;",
     "example_upstream_doh": "සංකේතිත <0>HTTPS-මගින්-ව.නා.ප.</0>;",
     "example_upstream_doq": "සංකේතිත <0>QUIC-මගින්-ව.නා.ප.</0>;",
     "example_upstream_sdns": "<1>DNSCrypt</1> හෝ <2>HTTPS-මගින්-ව.නා.ප.</2> පිළිවිසඳු සඳහා <0>ව.නා.ප. මුද්දර</0>;",
     "example_upstream_tcp": "සාමාන්‍ය ව.නා.ප. (TCP/ස.පා.කෙ. හරහා);",
+    "example_upstream_tcp_port": "සාමාන්‍ය ව.නා.ප. (TCP හරහා, තොට සමඟ);",
     "example_upstream_tcp_hostname": "සාමාන්‍ය ව.නා.ප. (ස.පා.කෙ., සත්කාරක-නම හරහා);",
     "all_lists_up_to_date_toast": "සියළුම ලැයිස්තු දැනටමත් යාවත්කාලීනයි",
     "dns_test_ok_toast": "සඳහන් කළ ව.නා.ප. සේවාදායක නිවැරදිව ක්‍රියා කරයි",
@@ -275,6 +278,7 @@
     "edns_use_custom_ip": "EDNS සඳහා අභිරුචි අ.ජා.කෙ. යොදාගන්න",
     "edns_use_custom_ip_desc": "EDNS සඳහා අභිරුචි අ.ජා.කෙ. භාවිතයට ඉඩදෙන්න",
     "rate_limit_desc": "එක් අනුග්‍රාහකයකට ඉඩ දී ඇති තත්පරයට ඉල්ලීම් ගණන. එය 0 ලෙස සැකසීම යනුවෙන් අදහස් කරන්නේ සීමාවක් නැති බවයි.",
+    "rate_limit_whitelist_placeholder": "පේළියකට අ.ජා.කෙ. ලිපිනය බැගින් ලියන්න",
     "blocking_ipv4_desc": "අවහිර කළ A ඉල්ලීමක් සඳහා ආපසු එවිය යුතු අ.ජා.කෙ. (IP) ලිපිනය",
     "blocking_ipv6_desc": "අවහිර කළ AAAA ඉල්ලීමක් සඳහා ආපසු එවිය යුතු අ.ජා.කෙ. (IP) ලිපිනය",
     "blocking_mode_default": "පොදු: දැන්වීම් අවහිර කරන ආකාරයේ නීතියක් මගින් අවහිර කළ විට REFUSED සමඟ ප්‍රතිචාර දක්වයි; /etc/host-style ආකාරයේ නීතියක් මගින් අවහිර කළ විට නීතියේ දක්වා ඇති අ.ජා.කෙ. ලිපිනය සමඟ ප්‍රතිචාර දක්වයි",
@@ -505,8 +509,8 @@
     "statistics_enable": "සංඛ්‍යාලේඛන සබල කරන්න",
     "ignore_domains": "නොසලකන වසම් (පේළියකට එක බැගින්)",
     "ignore_domains_title": "නොසලකන වසම්",
-    "ignore_domains_desc_stats": "සංඛ්‍යාලේඛනයෙහි මෙම වසම් සඳහා විමසුම් නොලියැවෙයි",
-    "ignore_domains_desc_query": "විමසුම් සටහනෙහි මෙම වසම් සඳහා විමසුම් නොලියැවෙයි",
+    "ignore_domains_desc_stats": "මෙම නීති වලට ගැළපෙන විමසුම් සංඛ්‍යාලේඛනයට නොලියැවෙයි",
+    "ignore_domains_desc_query": "විමසුම් සටහනට මෙම නීති වලට ගැළපෙන විමසුම් නොලියැවෙයි",
     "interval_hours": "පැය {{count}}",
     "interval_hours_plural": "පැය {{count}}",
     "filters_configuration": "පෙරහන් වින්‍යාසය",
@@ -615,8 +619,8 @@
     "use_saved_key": "පෙර සුරැකි යතුර භාවිතා කරන්න",
     "parental_control": "දෙමාපිය පාලනය",
     "safe_browsing": "ආරක්‍ෂිත පිරික්සුම",
-    "served_from_cache": "{{value}} <i>(නිහිතයෙන් ගැනිණි)</i>",
-    "form_error_password_length": "මුරපදය අවම වශයෙන් අකුරු {{value}} ක් දිගු විය යුතුමයි",
+    "served_from_cache_label": "නිහිතයෙන් සැපයිණි",
+    "form_error_password_length": "මුරපදය අකුරු {{min}} සහ {{value}} ක් අතර විය යුතුය",
     "anonymizer_notification": "<0>සටහන:</0> අ.ජා.කෙ. නිර්නාමිකකරණය සබලයි. ඔබට එය <1>පොදු සැකසුම්</1> හරහා අබල කිරීමට හැකිය .",
     "confirm_dns_cache_clear": "ඔබට ව.නා.ප. නිහිතය හිස් කිරීමට වුවමනාද?",
     "cache_cleared": "ව.නා.ප. නිහිතය හිස් කෙරිණි",
@@ -646,6 +650,7 @@
     "log_and_stats_section_label": "විමසුම් සටහන හා සංඛ්‍යාලේඛන",
     "ignore_query_log": "විමසුම් සටහනට මෙම අනුග්‍රාහකය යොදන්න එපා",
     "ignore_statistics": "සංඛ්‍යාලේඛනයට මෙම අනුග්‍රාහකය යොදන්න එපා",
+    "schedule_services": "සේවා අවහිර විරාමය",
     "schedule_invalid_select": "ආරම්භක වේලාව අවසන් වේලාවට කලින් විය යුතුය",
     "schedule_select_days": "දවස් තෝරන්න",
     "schedule_timezone": "වේලා කලාපයක් තෝරන්න",

client/src/__locales/sk.json

@@ -154,7 +154,7 @@
     "use_adguard_parental": "Použiť AdGuard službu Rodičovská kontrola",
     "use_adguard_parental_hint": "AdGuard Home skontroluje, či doména obsahuje materiály pre dospelých. Používa rovnaké API priateľské k ochrane osobných údajov ako služba Bezpečného prehliadania.",
     "enforce_safe_search": "Používať bezpečné vyhľadávanie",
-    "enforce_save_search_hint": "AdGuard Home vynucuje bezpečné vyhľadávanie v nasledujúcich vyhľadávačoch: Google, YouTube, Bing, DuckDuckGo, Yandex a Pixabay.",
+    "enforce_save_search_hint": "AdGuard Home vynúti bezpečné vyhľadávanie v nasledujúcich vyhľadávačoch: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex, Pixabay.",
     "no_servers_specified": "Neboli špecifikované žiadne servery",
     "general_settings": "Všeobecné nastavenia",
     "dns_settings": "Nastavenia DNS",
@@ -484,7 +484,7 @@
     "access_disallowed_title": "Nepovolení klienti",
     "access_disallowed_desc": "Zoznam CIDR, IP adries alebo <a>ClientID</a>. Ak tento zoznam obsahuje položky, AdGuard Home zruší dopyty od týchto klientov. Toto pole sa ignoruje, ak sú v poli Povolení klienti položky.",
     "access_blocked_title": "Nepovolené domény",
-    "access_blocked_desc": "Nesmie byť zamieňaná s filtrami. AdGuard Home zruší DNS dopyty, ktoré sa zhodujú s týmito doménami, a tieto dopyty sa nezobrazia ani v denníku dopytov. Môžete určiť presné názvy domén, zástupné znaky alebo pravidlá filtrovania URL adries, napr. \"example.org\", \"*.example.org\" alebo ||example.org^\" zodpovedajúcim spôsobom.",
+    "access_blocked_desc": "Nesmie byť zamieňaná s filtrami. AdGuard Home zruší DNS dopyty, ktoré sa zhodujú s týmito doménami, a tieto dopyty sa nezobrazia ani v denníku dopytov. Môžete určiť presné názvy domén, zástupné znaky alebo pravidlá filtrácie URL adries, napr. \"example.org\", \"*.example.org\" alebo ||example.org^\" zodpovedajúcim spôsobom.",
     "access_settings_saved": "Nastavenia prístupu úspešne uložené",
     "updates_checked": "K dispozícii je nová verzia aplikácie AdGuard Home\n",
     "updates_version_equal": "AdGuard Home je aktuálny",

client/src/__locales/sv.json

@@ -461,7 +461,7 @@
     "form_enter_mac": "Skriv in MAC",
     "form_enter_id": "Ange identifierare",
     "form_add_id": "Lägg till identifierare",
-    "form_client_name": "Skriv in klientnamn",
+    "form_client_name": "Ange klientnamn",
     "name": "Namn",
     "client_name": "Klient {{id}}",
     "client_global_settings": "Använda globala inställningar",
@@ -674,7 +674,6 @@
     "use_saved_key": "Använd den tidigare sparade nyckeln",
     "parental_control": "Föräldrakontroll",
     "safe_browsing": "Säker surfning",
-    "served_from_cache": "{{value}} <i>(levereras från cache)</i>",
     "form_error_password_length": "Lösenordet måste vara {{min}} till {{max}} tecken långt",
     "anonymizer_notification": "<0>Observera:</0> IP-anonymisering är aktiverad. Du kan inaktivera den i <1>Allmänna inställningar</1>.",
     "confirm_dns_cache_clear": "Är du säker på att du vill rensa DNS-cache?",

client/src/__locales/th.json

@@ -46,6 +46,7 @@
     "settings": "การตั้งค่า",
     "filters": "ตัวกรอง",
     "query_log": "บันทึกการสืบค้น",
+    "nothing_found": "ไม่พบอะไร",
     "faq": "คำถามที่พบบ่อย",
     "version": "รุ่น",
     "address": "ที่อยู่",
@@ -349,7 +350,7 @@
     "statistics_configuration": "การกำหนดค่าสถิติ",
     "statistics_retention": "การเก็บรักษาสถิติ",
     "statistics_retention_desc": "หากคุณลดค่าช่วงเวลาข้อมูลบางอย่างจะหายไป",
-    "statistics_clear": " ล้างค่าสถิติ",
+    "statistics_clear": "ล้างสถิติ",
     "statistics_clear_confirm": "คุณแน่ใจหรือไม่ว่าต้องการล้างสถิติ?",
     "statistics_retention_confirm": "คุณแน่ใจหรือไม่ว่าต้องการเปลี่ยนการเก็บรักษาสถิติ? หากคุณลดค่าช่วงเวลา ข้อมูลบางอย่างจะหายไป",
     "statistics_cleared": "สถิติได้ถูกล้างเรียบร้อยแล้ว",
@@ -390,10 +391,13 @@
     "check_title": "ตรวจสอบการกรอง",
     "check_desc": "ตรวจสอบว่าชื่อโฮสต์ถูกกรอง",
     "form_enter_host": "ป้อนชื่อโฮสต์",
-    "show_processed_responses": "การประมวลผล",
+    "show_blocked_responses": "ปิดกั้นแล้ว",
+    "show_whitelisted_responses": "รายการที่อนุญาต",
+    "show_processed_responses": "ประมวลผลแล้ว",
     "blocked_adult_websites": "ถูกปิดกั้นโดยการควบคุมของผู้ปกครอง",
     "safe_search": "ค้นหาอย่างปลอดภัย",
     "blocklist": "บัญชีดำ",
+    "allowed": "รายการที่อนุญาต",
     "filter_category_other": "อื่น ๆ",
     "parental_control": "ควบคุมโดยผู้ปกครอง",
     "sunday_short": "อาทิตย์",

client/src/__locales/tr.json

@@ -68,7 +68,7 @@
     "ip": "IP",
     "dhcp_table_hostname": "Ana makine Adı",
     "dhcp_table_expires": "Bitiş tarihi",
-    "dhcp_warning": "DHCP sunucusunu yine de etkinleştirmek istiyorsanız, ağınızda başka aktif DHCP sunucusu olmadığından emin olun, aksi takdirde ağa bağlı cihazların İnternet bağlantısı kesilebilir!",
+    "dhcp_warning": "DHCP sunucusunu yine de etkinleştirmek istiyorsanız, ağınızda başka aktif DHCP sunucusu olmadığından emin olun, aksi takdirde ağa bağlı cihazların internet bağlantısı kesilebilir!",
     "dhcp_error": "AdGuard Home, ağda başka bir etkin DHCP sunucusu olup olmadığını belirleyemedi",
     "dhcp_static_ip_error": "DHCP sunucusunu kullanmak için sabit bir IP adresi ayarlanmalıdır. AdGuard Home, bu ağ arayüzünün sabit bir IP adresi kullanılarak yapılandırılıp yapılandırılmadığını belirleyemedi. Lütfen sabit IP adresini elle ayarlayın.",
     "dhcp_dynamic_ip_found": "Sisteminiz, <0>{{interfaceName}}</0> arayüzü için dinamik IP adresi yapılandırması kullanıyor. DHCP sunucusunu kullanmak için sabit bir IP adresi ayarlanmalıdır. Geçerli olan IP adresiniz <0>{{ipAddress}}</0>. \"DHCP sunucusunu etkinleştir\" düğmesine basarsanız, AdGuard Home bu IP adresini otomatik bir şekilde sabit olarak ayarlayacaktır.",
@@ -154,7 +154,7 @@
     "use_adguard_parental": "AdGuard ebeveyn denetimi web hizmetini kullan",
     "use_adguard_parental_hint": "AdGuard Home, alan adının yetişkin içerik bulundurup bulundurmadığını kontrol eder. Gezinti koruması web hizmeti ile kullandığımız aynı gizlilik dostu API'yi kullanır.",
     "enforce_safe_search": "Güvenli Aramayı kullan",
-    "enforce_save_search_hint": "AdGuard Home, şu arama motorlarında güvenli aramayı uygular: Google, YouTube, Bing, DuckDuckGo, Yandex ve Pixabay.",
+    "enforce_save_search_hint": "AdGuard Home, şu arama motorlarında güvenli aramayı uygular: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex, Pixabay.",
     "no_servers_specified": "Sunucu belirtilmedi",
     "general_settings": "Genel ayarlar",
     "dns_settings": "DNS ayarları",
@@ -476,7 +476,7 @@
     "client_confirm_delete": "\"{{key}}\" istemcisini silmek istediğinizden emin misiniz?",
     "list_confirm_delete": "Bu listeyi silmek istediğinizden emin misiniz?",
     "auto_clients_title": "Çalışma zamanı istemcileri",
-    "auto_clients_desc": "AdGuard Home'u kullanan veya kullanabilecek cihazların IP adresleri hakkında bilgiler. Bu bilgiler, hosts dosyaları, ters DNS, vb. dahil olmak üzere çeşitli kaynaklardan toplanır.",
+    "auto_clients_desc": "AdGuard Home'u kullanan veya kullanabilecek cihazların IP adresleri hakkında bilgiler. Bu bilgiler, hosts dosyaları, ters DNS, vb. dâhil olmak üzere çeşitli kaynaklardan toplanır.",
     "access_title": "Erişim ayarları",
     "access_desc": "AdGuard Home DNS sunucusu için erişim kurallarını buradan yapılandırabilirsiniz",
     "access_allowed_title": "İzin verilen istemciler",
@@ -603,7 +603,7 @@
     "autofix_warning_list": "Bu görevleri gerçekleştirir: <0>Sistem DNSStubListener'ı devre dışı bırakın</0> <0>DNS sunucusu adresini 127.0.0.1 olarak ayarlayın</0> <0>/etc/resolv.conf'un sembolik bağlantı hedefini /run/systemd/resolve/resolv.conf ile değiştirin<0> <0>DNSStubListener'ı durdurun (systemd çözümlenmiş hizmeti yeniden yükleyin)</0>",
     "autofix_warning_result": "Sonuç olarak, sisteminizden gelen tüm DNS istekleri varsayılan olarak AdGuard Home tarafından işlenecektir.",
     "tags_title": "Etiketler",
-    "tags_desc": "İstemciye karşılık gelen etiketleri seçebilirsiniz. Etiketleri daha kesin olarak uygulamak için filtreleme kurallarına dahil edin. <0>Daha fazla bilgi edinin</0>.",
+    "tags_desc": "İstemciye karşılık gelen etiketleri seçebilirsiniz. Etiketleri daha kesin olarak uygulamak için filtreleme kurallarına dâhil edin. <0>Daha fazla bilgi edinin</0>.",
     "form_select_tags": "İstemci etiketlerini seçin",
     "check_title": "Filtrelemeyi denetleyin",
     "check_desc": "Ana makine adının filtreleme durumunu kontrol edin.",

client/src/__locales/uk.json

@@ -20,7 +20,7 @@
     "resolve_clients_title": "Увімкнути зворотне вирішення IP-адрес клієнтів",
     "resolve_clients_desc": "Визначати доменні імена клієнтів за допомогою PTR-запитів до відповідних серверів — приватних DNS-серверів для локальних клієнтів та upstream-серверів для клієнтів з публічними IP-адресами.",
     "use_private_ptr_resolvers_title": "Використовувати приватні зворотні DNS-резолвери",
-    "use_private_ptr_resolvers_desc": "Надсилати зворотні DNS-запити до вказаних серверів для клієнтів, що обслуговуються локально. Якщо вимкнено, AdGuard Home буде відповідати NXDOMAIN на всі такі PTR-запити, окрім запитів про клієнтів, що уже відомі завдяки DHCP, /etc/hosts тощо.",
+    "use_private_ptr_resolvers_desc": "Розвʼязувати запити PTR, SOA та NS для доменів ARPA, що містять приватні IP-адреси, через приватні вихідні сервери, DHCP, /etc/hosts тощо. Якщо вимкнено, AdGuard Home відповідатиме на всі такі запити з NXDOMAIN.",
     "check_dhcp_servers": "Перевірити DHCP-сервери",
     "save_config": "Зберегти конфігурацію",
     "enabled_dhcp": "DHCP-сервер увімкнено",
@@ -343,10 +343,10 @@
     "known_tracker": "Відомі трекери",
     "install_welcome_title": "Вітаємо в AdGuard Home!",
     "install_welcome_desc": "AdGuard Home — це мережевий DNS-сервер, що блокує рекламу та відстеження. Його мета — надати вам контроль над усією мережею та всіма пристроями в ній без потреби використання програми на стороні клієнта.",
-    "install_settings_title": "Веб-інтерфейс адміністратора",
+    "install_settings_title": "Вебінтерфейс адміністратора",
     "install_settings_listen": "Мережевий інтерфейс",
     "install_settings_port": "Порт",
-    "install_settings_interface_link": "Веб-інтерфейс адміністратора AdGuard Home буде доступний за такими адресами:",
+    "install_settings_interface_link": "Вебінтерфейс адміністратора AdGuard Home буде доступний за такими адресами:",
     "form_error_port": "Уведіть правильне значення порту",
     "install_settings_dns": "DNS-сервер",
     "install_settings_dns_desc": "Вам потрібно буде налаштувати свої пристрої або маршрутизатор для використання DNS-сервера за такими адресами:",

client/src/__locales/vi.json

@@ -6,21 +6,21 @@
     "upstream_parallel": "Sử dụng truy vấn song song để tăng tốc độ giải quyết bằng cách truy vấn đồng thời tất cả các máy chủ ngược tuyến",
     "parallel_requests": "Yêu cầu song song",
     "load_balancing": "Cân bằng tải",
-    "load_balancing_desc": "Chỉ truy xuất một máy chủ trong cùng thời điểm. AdGuard Home sẽ sử dụng thuật toán trọng số ngẫu nhiên để chọn một máy chủ nhanh nhất và sử dụng máy chủ đó thường xuyên hơn.",
+    "load_balancing_desc": "Truy vấn một máy chủ thượng nguồn tại một thời điểm. AdGuard Home sử dụng thuật toán ngẫu nhiên có trọng số để chọn máy chủ có số lần tìm kiếm không thành công thấp nhất và thời gian tìm kiếm trung bình thấp nhất.",
     "bootstrap_dns": "Máy chủ DNS Bootstrap",
     "bootstrap_dns_desc": "Địa chỉ IP của máy chủ DNS được sử dụng để phân giải địa chỉ IP của trình phân giải DoH/DoT mà bạn chỉ định làm thượng nguồn. Bình luận không được phép.",
     "fallback_dns_title": "Máy chủ DNS dự phòng",
     "fallback_dns_desc": "Danh sách máy chủ DNS dự phòng được sử dụng khi máy chủ DNS ngược tuyến không phản hồi. Cú pháp tương tự như trong trường ngược dòng chính ở trên.",
     "fallback_dns_placeholder": "Nhập một máy chủ DNS dự phòng trên mỗi dòng",
     "local_ptr_title": "Máy chủ DNS riêng tư",
-    "local_ptr_desc": "Máy chủ DNS hoặc các máy chủ mà AdGuard Home sẽ sử dụng cho các truy vấn về tài nguyên được phân phối cục bộ. Ví dụ: máy chủ này sẽ được sử dụng để phân giải tên máy khách của máy khách cho các máy khách có địa chỉ IP riêng. Nếu không được cài đặt, AdGuard Home sẽ tự động sử dụng trình phân giải DNS mặc định của bạn.",
+    "local_ptr_desc": "Máy chủ DNS được AdGuard Home sử dụng cho các yêu cầu PTR, SOA và NS riêng tư. Một yêu cầu được coi là riêng tư nếu nó yêu cầu một miền ARPA chứa một mạng con trong phạm vi IP riêng tư (chẳng hạn như \"192.168.12.34\") và đến từ một máy khách có địa chỉ IP riêng tư. Nếu không được thiết lập, các trình phân giải DNS mặc định của hệ điều hành của bạn sẽ được sử dụng, ngoại trừ các địa chỉ IP của AdGuard Home.",
     "local_ptr_default_resolver": "Theo mặc định, AdGuard Home sử dụng các hệ thống phân giải tên miền ngược sau: {{ip}}.",
     "local_ptr_no_default_resolver": "AdGuard Home không thể xác định hệ thống phân giải tên miền ngược riêng phù hợp cho hệ thống này.",
     "local_ptr_placeholder": "Nhập một địa chỉ IP trên mỗi dòng",
     "resolve_clients_title": "Kích hoạt cho phép phân giải ngược về địa chỉ IP của máy khách",
     "resolve_clients_desc": "Nếu được bật, AdGuard Home sẽ cố gắng phân giải ngược lại địa chỉ IP của khách hàng thành tên máy chủ của họ bằng cách gửi các truy vấn PTR tới trình phân giải tương ứng (máy chủ DNS riêng cho máy khách cục bộ, máy chủ ngược dòng cho máy khách có địa chỉ IP công cộng).",
     "use_private_ptr_resolvers_title": "Sử dụng trình rDNS riêng tư",
-    "use_private_ptr_resolvers_desc": "Thực hiện tra cứu ngược DNS cho các địa chỉ được phân phối cục bộ bằng cách sử dụng các máy chủ nguồn. Nếu bị vô hiệu hóa, AdGuard Home sẽ phản hồi với NXDOMAIN cho tất cả các yêu cầu PTR ngoại trừ các ứng dụng khách được biết đến bởi DHCP, / etc / hosts, v. v.",
+    "use_private_ptr_resolvers_desc": "Giải quyết các yêu cầu PTR, SOA và NS cho các miền ARPA chứa địa chỉ IP riêng thông qua máy chủ thượng nguồn riêng, DHCP, /etc/hosts, v. v. Nếu bị vô hiệu hóa, AdGuard Home sẽ phản hồi tất cả các yêu cầu đó bằng NXDOMAIN.",
     "check_dhcp_servers": "Kiểm tra máy chủ DHCP",
     "save_config": "Lưu thiết lập",
     "enabled_dhcp": "Máy chủ DHCP đã kích hoạt",
@@ -154,7 +154,7 @@
     "use_adguard_parental": "Sử dụng dịch vụ quản lý của phụ huynh AdGuard",
     "use_adguard_parental_hint": "AdGuard Home sẽ kiểm tra nếu tên miền chứa từ khoá người lớn. Tính năng sử dụng API thân thiện với quyền riêng tư tương tự với dịch vụ bảo vệ duyệt web",
     "enforce_safe_search": "Bắt buộc tìm kiếm an toàn",
-    "enforce_save_search_hint": "AdGuard Home có thể bắt buộc tìm kiếm an toàn với các dịch vụ tìm kiếm: Google, Youtube, Bing, Yandex.",
+    "enforce_save_search_hint": "AdGuard Home sẽ thực thi tìm kiếm an toàn trong các công cụ tìm kiếm sau: Google, YouTube, Bing, DuckDuckGo, Ecosia, Yandex, Pixabay.",
     "no_servers_specified": "Không có máy chủ nào được liệt kê",
     "general_settings": "Cài đặt chung",
     "dns_settings": "Cài đặt DNS",
@@ -425,6 +425,9 @@
     "encryption_hostnames": "Tên máy chủ",
     "encryption_reset": "Bạn có chắc chắn muốn đặt lại cài đặt mã hóa?",
     "encryption_warning": "Cảnh báo",
+    "encryption_plain_dns_enable": "Kích hoạt DNS đơn giản",
+    "encryption_plain_dns_desc": "DNS đơn giản được bật theo mặc định. Bạn có thể vô hiệu hóa nó để buộc tất cả các thiết bị sử dụng DNS được mã hóa. Để thực hiện việc này, bạn phải kích hoạt ít nhất một giao thức DNS được mã hóa",
+    "encryption_plain_dns_error": "Để tắt DNS đơn giản, hãy bật ít nhất một giao thức DNS được mã hóa",
     "topline_expiring_certificate": "Chứng chỉ SSL của bạn sắp hết hạn. Cập nhật <0>Cài đặt mã hóa</0>.",
     "topline_expired_certificate": "Chứng chỉ SSL của bạn đã hết hạn. Cập nhật <0>Cài đặt mã hóa</0>.",
     "form_error_port_range": "Nhập giá trị cổng trong phạm vi 80-65535",
@@ -675,7 +678,7 @@
     "use_saved_key": "Sử dụng khóa đã lưu trước đó",
     "parental_control": "Quản lý của phụ huynh",
     "safe_browsing": "Duyệt web an toàn",
-    "served_from_cache": "{{value}} <i>(được phục vụ từ bộ nhớ cache)</i>",
+    "served_from_cache_label": "Được phục vụ từ bộ nhớ đệm",
     "form_error_password_length": "Mật khẩu phải dài từ {{min}} đến {{max}} ký tự",
     "anonymizer_notification": "<0> Lưu ý:</0> Tính năng ẩn danh IP được bật. Bạn có thể tắt nó trong <1> Cài đặt chung</1>.",
     "confirm_dns_cache_clear": "Bạn có chắc chắn muốn xóa bộ đệm ẩn DNS không?",

client/src/__locales/zh-cn.json

@@ -154,7 +154,7 @@
     "use_adguard_parental": "使用 AdGuard 【家长控制】服务",
     "use_adguard_parental_hint": "AdGuard Home 将使用与浏览安全服务相同的隐私性强的 API 来检查域名指向的网站是否包含成人内容。",
     "enforce_safe_search": "使用安全搜索",
-    "enforce_save_search_hint": "AdGuard Home 对以下搜索引擎可强制启用安全搜索：Google、YouTube、Bing、DuckDuckGo、Yandex、Pixabay。",
+    "enforce_save_search_hint": "AdGuard Home 将会在下列搜索引擎中强制启用安全搜索：Google、YouTube、Bing、DuckDuckGo、Ecosia、Yandex、Pixabay。",
     "no_servers_specified": "未找到指定的服务器",
     "general_settings": "常规设置",
     "dns_settings": "DNS 设置",

client/src/__locales/zh-tw.json

@@ -20,7 +20,7 @@
     "resolve_clients_title": "啟用用戶端的 IP 位址之反向的解析",
     "resolve_clients_desc": "透過傳送指標（PTR）查詢到對應的解析器（私人 DNS 伺服器供區域的用戶端，上游的伺服器供有公共 IP 位址的用戶端），反向地解析用戶端的 IP 位址變為它們的主機名稱。",
     "use_private_ptr_resolvers_title": "使用私人反向的 DNS 解析器",
-    "use_private_ptr_resolvers_desc": "使用私人上游伺服器、DHCP、/etc/hosts 等方式解析包含私人 IP 位址的 ARPA 網域的 PTR、SOA 和 NS 請求。如果禁用，AdGuard Home 將對所有此類請求以 NXDOMAIN 回應。",
+    "use_private_ptr_resolvers_desc": "通過私人上游伺服器、DHCP、/etc/hosts 等等，對包含私人 IP 位址的 ARPA 網域解析 PTR、SOA 和 NS 請求。如果被禁用，AdGuard Home 將對所有此類的請求以 NXDOMAIN 回覆。",
     "check_dhcp_servers": "檢查動態主機設定協定（DHCP）伺服器",
     "save_config": "儲存配置",
     "enabled_dhcp": "動態主機設定協定（DHCP）伺服器被啟用",
@@ -154,7 +154,7 @@
     "use_adguard_parental": "使用 AdGuard 家長控制之網路服務",
     "use_adguard_parental_hint": "AdGuard Home 將檢查網域是否包含成人資料。它使用如同瀏覽安全網路服務一樣之對隱私友好的應用程式介面（API）。",
     "enforce_safe_search": "使用安全搜尋",
-    "enforce_save_search_hint": "AdGuard Home 將在下列的搜尋引擎：Google、YouTube、Bing、DuckDuckGo、Yandex 和 Pixabay 中強制執行安全搜尋。",
+    "enforce_save_search_hint": "AdGuard Home 將在下列的搜尋引擎：Google、YouTube、Bing、DuckDuckGo、Ecosia、Yandex 和 Pixabay 中強制執行安全搜尋。",
     "no_servers_specified": "無已明確指定的伺服器",
     "general_settings": "一般設定",
     "dns_settings": "DNS 設定",

client/src/actions/stats.ts

@@ -46,7 +46,7 @@ export const getStats = () => async (dispatch: any) => {
         const normalizedTopClients = normalizeTopStats(stats.top_clients);
 
         const clientsParams = getParamsForClientsSearch(normalizedTopClients, 'name');
-        const clients = await apiClient.findClients(clientsParams);
+        const clients = await apiClient.searchClients(clientsParams);
         const topClientsWithInfo = addClientInfo(normalizedTopClients, clients, 'name');
 
         const normalizedStats = {

client/src/api/Api.ts

@@ -415,7 +415,7 @@ class Api {
     // Per-client settings
     GET_CLIENTS = { path: 'clients', method: 'GET' };
 
-    FIND_CLIENTS = { path: 'clients/find', method: 'GET' };
+    SEARCH_CLIENTS = { path: 'clients/search', method: 'POST' };
 
     ADD_CLIENT = { path: 'clients/add', method: 'POST' };
 
@@ -453,11 +453,12 @@ class Api {
         return this.makeRequest(path, method, parameters);
     }
 
-    findClients(params: any) {
-        const { path, method } = this.FIND_CLIENTS;
-        const url = getPathWithQueryString(path, params);
-
-        return this.makeRequest(url, method);
+    searchClients(config: any) {
+        const { path, method } = this.SEARCH_CLIENTS;
+        const parameters = {
+            data: config,
+        };
+        return this.makeRequest(path, method, parameters);
     }
 
     // DNS access settings

client/src/components/Dashboard/Counters.tsx

@@ -23,7 +23,7 @@ interface RowProps {
 
 const Row = ({ label, count, response_status, tooltipTitle, translationComponents }: RowProps) => {
     const content = response_status ? (
-        <LogsSearchLink response_status={response_status}>{formatNumber(count)}</LogsSearchLink>
+        <LogsSearchLink response_status={response_status}>{count}</LogsSearchLink>
     ) : (
         count
     );
@@ -77,16 +77,16 @@ const Counters = ({ refreshButton, subtitle }: CountersProps) => {
             ? t('number_of_dns_query_hours', { count: msToHours(interval) })
             : t('number_of_dns_query_days', { count: msToDays(interval) });
 
-    const rows = [
+    const rows: RowProps[] = [
         {
             label: 'dns_query',
-            count: numDnsQueries.toString(),
+            count: formatNumber(numDnsQueries),
             tooltipTitle: dnsQueryTooltip,
             response_status: RESPONSE_FILTER.ALL.QUERY,
         },
         {
             label: 'blocked_by',
-            count: numBlockedFiltering.toString(),
+            count: formatNumber(numBlockedFiltering),
             tooltipTitle: 'number_of_dns_query_blocked_24_hours',
             response_status: RESPONSE_FILTER.BLOCKED.QUERY,
 
@@ -98,19 +98,19 @@ const Counters = ({ refreshButton, subtitle }: CountersProps) => {
         },
         {
             label: 'stats_malware_phishing',
-            count: numReplacedSafebrowsing.toString(),
+            count: formatNumber(numReplacedSafebrowsing),
             tooltipTitle: 'number_of_dns_query_blocked_24_hours_by_sec',
             response_status: RESPONSE_FILTER.BLOCKED_THREATS.QUERY,
         },
         {
             label: 'stats_adult',
-            count: numReplacedParental.toString(),
+            count: formatNumber(numReplacedParental),
             tooltipTitle: 'number_of_dns_query_blocked_24_hours_adult',
             response_status: RESPONSE_FILTER.BLOCKED_ADULT_WEBSITES.QUERY,
         },
         {
             label: 'enforced_save_search',
-            count: numReplacedSafesearch.toString(),
+            count: formatNumber(numReplacedSafesearch),
             tooltipTitle: 'number_of_dns_query_to_safe_search',
             response_status: RESPONSE_FILTER.SAFE_SEARCH.QUERY,
         },

client/src/components/Dashboard/UpstreamAvgTime.tsx

@@ -10,6 +10,7 @@ import Card from '../ui/Card';
 
 import DomainCell from './DomainCell';
 import { DASHBOARD_TABLES_DEFAULT_PAGE_SIZE, TABLES_MIN_ROWS } from '../../helpers/constants';
+import { formatNumber } from '../../helpers/helpers';
 
 interface TimeCellProps {
     value?: string | number;
@@ -20,7 +21,7 @@ const TimeCell = ({ value }: TimeCellProps) => {
         return '–';
     }
 
-    const valueInMilliseconds = round(Number(value) * 1000);
+    const valueInMilliseconds = formatNumber(round(Number(value) * 1000));
 
     return (
         <div className="logs__row o-hidden">

client/src/components/Dashboard/index.tsx

@@ -154,7 +154,7 @@ const Dashboard = ({
                         }}
                         disabled={processingProtection}>
                         {protectionDisabledDuration
-                            ? `${t('enable_protection_timer')} ${getRemaningTimeText(protectionDisabledDuration)}`
+                            ? `${t('enable_protection_timer', { time: getRemaningTimeText(protectionDisabledDuration) })}`
                             : getProtectionBtnText(protectionEnabled)}
                     </button>
 

client/src/components/Logs/Filters/Form.tsx

@@ -1,6 +1,6 @@
 import React, { useEffect } from 'react';
 
-import { Field, reduxForm } from 'redux-form';
+import { Field, type InjectedFormProps, reduxForm } from 'redux-form';
 import { useTranslation } from 'react-i18next';
 import { shallowEqual, useDispatch, useSelector } from 'react-redux';
 
@@ -104,14 +104,13 @@ const FORM_NAMES = {
     response_status: 'response_status',
 };
 
-interface FiltersFormProps {
+type FiltersFormProps = {
     className?: string;
     responseStatusClass?: string;
-    change: (...args: unknown[]) => unknown;
-    setIsLoading?: (...args: unknown[]) => unknown;
-}
+    setIsLoading: (...args: unknown[]) => unknown;
+};
 
-const Form = (props: FiltersFormProps) => {
+const Form = (props: FiltersFormProps & InjectedFormProps) => {
     const { className = '', responseStatusClass, setIsLoading, change } = props;
 
     const { t } = useTranslation();
@@ -142,7 +141,6 @@ const Form = (props: FiltersFormProps) => {
 
     const onInputClear = async () => {
         setIsLoading(true);
-
         change(FORM_NAMES.search, DEFAULT_LOGS_FILTER[FORM_NAMES.search]);
         setIsLoading(false);
     };
@@ -195,7 +193,7 @@ const Form = (props: FiltersFormProps) => {
     );
 };
 
-export default reduxForm({
+export const FiltersForm = reduxForm<Record<string, any>, FiltersFormProps>({
     form: FORM_NAME.LOGS_FILTER,
     enableReinitialize: true,
 })(Form);

client/src/components/Logs/Filters/index.tsx

@@ -2,7 +2,7 @@ import React from 'react';
 import { useTranslation } from 'react-i18next';
 import { useDispatch } from 'react-redux';
 
-import Form from './Form';
+import { FiltersForm } from './Form';
 import { refreshFilteredLogs } from '../../../actions/queryLogs';
 import { addSuccessToast } from '../../../actions/toasts';
 
@@ -38,12 +38,7 @@ const Filters = ({ filter, setIsLoading }: FiltersProps) => {
                     </svg>
                 </button>
             </h1>
-
-            <Form
-                // responseStatusClass="d-sm-block"
-                // setIsLoading={setIsLoading}
-                initialValues={filter}
-            />
+            <FiltersForm responseStatusClass="d-sm-block" setIsLoading={setIsLoading} initialValues={filter} />
         </div>
     );
 };

client/src/components/Settings/Clients/ClientsTable/ClientsTable.tsx

@@ -306,7 +306,7 @@ const ClientsTable = ({
                     return content;
                 }
 
-                return <LogsSearchLink search={row.original.ids[0]}>{content}</LogsSearchLink>;
+                return <LogsSearchLink search={row.original.name}>{content}</LogsSearchLink>;
             },
         },
         {

client/src/components/SetupGuide/Guide.css

@@ -14,6 +14,17 @@
     font-size: 15px;
 }
 
+.guide__list {
+    margin-top: 16px;
+    padding-left: 0;
+}
+
+@media screen and (min-width: 768px) {
+    .guide__list {
+        padding-left: 24px;
+    }
+}
+
 .guide__address {
     display: block;
     margin-bottom: 7px;

client/src/components/SetupGuide/index.tsx

@@ -33,13 +33,13 @@ const SetupGuide = ({
                     <Trans>install_devices_address</Trans>:
                 </div>
 
-                <div className="mt-3">
+                <ul className="guide__list">
                     {dnsAddresses.map((ip: any) => (
                         <li key={ip} className="guide__address">
                             {ip}
                         </li>
                     ))}
-                </div>
+                </ul>
             </div>
 
             <Guide dnsAddresses={dnsAddresses} />

client/src/helpers/filters/filters.ts

@@ -238,6 +238,12 @@ export default {
             "homepage": "https://github.com/hagezi/dns-blocklists",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_51.txt"
         },
+        "hagezi_samsung_tracker_blocklist": {
+            "name": "HaGeZi's Samsung Tracker Blocklist",
+            "categoryId": "other",
+            "homepage": "https://github.com/hagezi/dns-blocklists",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_61.txt"
+        },
         "hagezi_the_worlds_most_abused_tlds": {
             "name": "HaGeZi's The World's Most Abused TLDs",
             "categoryId": "security",
@@ -256,6 +262,18 @@ export default {
             "homepage": "https://github.com/hagezi/dns-blocklists",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_49.txt"
         },
+        "hagezi_windows_office_tracker_blocklist": {
+            "name": "HaGeZi's Windows/Office Tracker Blocklist",
+            "categoryId": "other",
+            "homepage": "https://github.com/hagezi/dns-blocklists",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_63.txt"
+        },
+        "hagezi_xiaomi_tracking_blocklist": {
+            "name": "HaGeZi's Xiaomi Tracker Blocklist",
+            "categoryId": "other",
+            "homepage": "https://github.com/hagezi/dns-blocklists",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_60.txt"
+        },
         "no_google": {
             "name": "No Google",
             "categoryId": "other",
@@ -340,17 +358,17 @@ export default {
             "homepage": "https://github.com/uBlockOrigin/uAssets",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_50.txt"
         },
+        "ukrainian_security_filter": {
+            "name": "Ukrainian Security Filter",
+            "categoryId": "other",
+            "homepage": "https://github.com/braveinnovators/ukrainian-security-filter",
+            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_62.txt"
+        },
         "urlhaus_filter_online": {
             "name": "Malicious URL Blocklist (URLHaus)",
             "categoryId": "security",
             "homepage": "https://urlhaus.abuse.ch/",
             "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt"
-        },
-        "windowsspyblocker_hosts_spy_rules": {
-            "name": "WindowsSpyBlocker - Hosts spy rules",
-            "categoryId": "other",
-            "homepage": "https://github.com/crazy-max/WindowsSpyBlocker",
-            "source": "https://adguardteam.github.io/HostlistsRegistry/assets/filter_23.txt"
         }
     }
 }

client/src/helpers/helpers.tsx

@@ -451,13 +451,10 @@ export const getParamsForClientsSearch = (data: any, param: any, additionalParam
             clients.add(e[additionalParam]);
         }
     });
-    const params = {};
-    const ids = Array.from(clients.values());
-    ids.forEach((id, i) => {
-        params[`ip${i}`] = id;
-    });
 
-    return params;
+    return {
+        clients: Array.from(clients).map((id) => ({ id })),
+    };
 };
 
 /**
@@ -524,7 +521,7 @@ export const getObjDiff = (initialValues: any, values: any) =>
  * @param num {number} to format
  * @returns {string} Returns a string with a language-sensitive representation of this number
  */
-export const formatNumber = (num: any) => {
+export const formatNumber = (num: number): string => {
     const currentLanguage = i18n.languages[0] || DEFAULT_LANGUAGE;
     return num.toLocaleString(currentLanguage);
 };
@@ -673,9 +670,16 @@ export const countClientsStatistics = (ids: any, autoClients: any) => {
  * @param {function} t translate
  * @returns {string}
  */
-export const formatElapsedMs = (elapsedMs: any, t: any) => {
-    const formattedElapsedMs = parseInt(elapsedMs, 10) || parseFloat(elapsedMs).toFixed(2);
-    return `${formattedElapsedMs} ${t('milliseconds_abbreviation')}`;
+export const formatElapsedMs = (elapsedMs: string, t: (key: string) => string) => {
+    const parsedElapsedMs = parseInt(elapsedMs, 10);
+
+    if (Number.isNaN(parsedElapsedMs)) {
+        return elapsedMs;
+    }
+
+    const formattedMs = formatNumber(parsedElapsedMs);
+
+    return `${formattedMs} ${t('milliseconds_abbreviation')}`;
 };
 
 /**
@@ -757,12 +761,9 @@ type NestedObject = {
     order: number;
 };
 
-export const getObjectKeysSorted = <
-    T extends Record<string, NestedObject>,
-    K extends keyof NestedObject
->(
+export const getObjectKeysSorted = <T extends Record<string, NestedObject>, K extends keyof NestedObject>(
     object: T,
-    sortKey: K
+    sortKey: K,
 ): string[] => {
     return Object.entries(object)
         .sort(([, a], [, b]) => (a[sortKey] as number) - (b[sortKey] as number))

client/src/helpers/renderFormattedClientCell.tsx

@@ -66,7 +66,7 @@ export const renderFormattedClientCell = (value: any, info: any, isDetailed = fa
     }
 
     return (
-        <div className="logs__text mw-100" title={value}>
+        <div className="logs__text logs__text--client mw-100" title={value}>
             <Link to={`logs?search="${encodeURIComponent(value)}"`}>{nameContainer}</Link>
             {whoisContainer}
         </div>

go.mod

@@ -1,24 +1,25 @@
 module github.com/AdguardTeam/AdGuardHome
 
-go 1.22.5
+go 1.23.5
 
 require (
-	github.com/AdguardTeam/dnsproxy v0.71.2
-	github.com/AdguardTeam/golibs v0.24.0
-	github.com/AdguardTeam/urlfilter v0.19.0
+	github.com/AdguardTeam/dnsproxy v0.73.5
+	github.com/AdguardTeam/golibs v0.31.0
+	github.com/AdguardTeam/urlfilter v0.20.0
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.3.0
 	github.com/bluele/gcache v0.0.2
 	github.com/c2h5oh/datasize v0.0.0-20231215233829-aa82cc1e6500
 	github.com/digineo/go-ipset/v2 v2.2.1
-	github.com/dimfeld/httptreemux/v5 v5.5.0
-	github.com/fsnotify/fsnotify v1.7.0
-	github.com/go-ping/ping v1.1.0
+	github.com/fsnotify/fsnotify v1.8.0
+	// TODO(e.burkov): This package is deprecated; find a new one or use our
+	// own code for that.  Perhaps, use gopacket.
+	github.com/go-ping/ping v1.2.0
 	github.com/google/go-cmp v0.6.0
 	github.com/google/gopacket v1.1.19
 	github.com/google/renameio/v2 v2.0.0
 	github.com/google/uuid v1.6.0
-	github.com/insomniacslk/dhcp v0.0.0-20240419123447-f1cffa2c0c49
+	github.com/insomniacslk/dhcp v0.0.0-20241203100832-a481575ed0ef
 	github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86
 	github.com/kardianos/service v1.2.2
 	github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118
@@ -27,15 +28,15 @@ require (
 	// TODO(a.garipov): This package is deprecated; find a new one or use our
 	// own code for that.  Perhaps, use gopacket.
 	github.com/mdlayher/raw v0.1.0
-	github.com/miekg/dns v1.1.61
-	github.com/quic-go/quic-go v0.44.0
-	github.com/stretchr/testify v1.9.0
+	github.com/miekg/dns v1.1.62
+	github.com/quic-go/quic-go v0.48.2
+	github.com/stretchr/testify v1.10.0
 	github.com/ti-mo/netfilter v0.5.2
-	go.etcd.io/bbolt v1.3.10
-	golang.org/x/crypto v0.24.0
-	golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8
-	golang.org/x/net v0.26.0
-	golang.org/x/sys v0.21.0
+	go.etcd.io/bbolt v1.3.11
+	golang.org/x/crypto v0.31.0
+	golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67
+	golang.org/x/net v0.33.0
+	golang.org/x/sys v0.28.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	gopkg.in/yaml.v3 v3.0.1
 	howett.net/plist v1.0.1
@@ -48,19 +49,19 @@ require (
 	github.com/beefsack/go-rate v0.0.0-20220214233405-116f4ca011a0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
-	github.com/google/pprof v0.0.0-20240521024322-9665fa269a30 // indirect
+	github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect
 	github.com/mdlayher/socket v0.5.1 // indirect
-	github.com/onsi/ginkgo/v2 v2.17.3 // indirect
+	github.com/onsi/ginkgo/v2 v2.22.1 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/quic-go/qpack v0.4.0 // indirect
+	github.com/quic-go/qpack v0.5.1 // indirect
 	github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 // indirect
-	go.uber.org/mock v0.4.0 // indirect
-	golang.org/x/mod v0.18.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
-	golang.org/x/tools v0.22.0 // indirect
-	gonum.org/v1/gonum v0.15.0 // indirect
+	go.uber.org/mock v0.5.0 // indirect
+	golang.org/x/mod v0.22.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
+	golang.org/x/tools v0.28.0 // indirect
+	gonum.org/v1/gonum v0.15.1 // indirect
 )

go.sum

@@ -1,9 +1,9 @@
-github.com/AdguardTeam/dnsproxy v0.71.2 h1:dFG2wga4GDdj1eI3rU2wqjQ6QGQm9MjLRb5ZzyH3Vgg=
-github.com/AdguardTeam/dnsproxy v0.71.2/go.mod h1:huI5zyWhlimHBhg0jt2CMinXzsEHymI+WlvxIfmfEGA=
-github.com/AdguardTeam/golibs v0.24.0 h1:qAnOq7BQtwSVo7Co9q703/n+nZ2Ap6smkugU9G9MomY=
-github.com/AdguardTeam/golibs v0.24.0/go.mod h1:9/vJcYznW7RlmCT/Qzi8XNZGj+ZbWfHZJmEXKnRpCAU=
-github.com/AdguardTeam/urlfilter v0.19.0 h1:q7eH13+yNETlpD/VD3u5rLQOripcUdEktqZFy+KiQLk=
-github.com/AdguardTeam/urlfilter v0.19.0/go.mod h1:+N54ZvxqXYLnXuvpaUhK2exDQW+djZBRSb6F6j0rkBY=
+github.com/AdguardTeam/dnsproxy v0.73.5 h1:3EiVaTfmuW6PcJGbqloR6ZdHACsrYkm9z0eH8ZQTZnQ=
+github.com/AdguardTeam/dnsproxy v0.73.5/go.mod h1:Oqw+k7LyjDObfYzXYCkpgtirbzbUrmotr92jrb3N09I=
+github.com/AdguardTeam/golibs v0.31.0 h1:Z0oPfLTLw6iZmpE58dePy2Bel0MaX+lnDwtFEE5EmIo=
+github.com/AdguardTeam/golibs v0.31.0/go.mod h1:wIkZ9o2UnppeW6/YD7yJB71dYbMhiuC1Fh/I2ElW7GQ=
+github.com/AdguardTeam/urlfilter v0.20.0 h1:X32qiuVCVd8WDYCEsbdZKfXMzwdVqrdulamtUi4rmzs=
+github.com/AdguardTeam/urlfilter v0.20.0/go.mod h1:gjrywLTxfJh6JOkwi9SU+frhP7kVVEZ5exFGkR99qpk=
 github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
@@ -25,16 +25,14 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/digineo/go-ipset/v2 v2.2.1 h1:k6skY+0fMqeUjjeWO/m5OuWPSZUAn7AucHMnQ1MX77g=
 github.com/digineo/go-ipset/v2 v2.2.1/go.mod h1:wBsNzJlZlABHUITkesrggFnZQtgW5wkqw1uo8Qxe0VU=
-github.com/dimfeld/httptreemux/v5 v5.5.0 h1:p8jkiMrCuZ0CmhwYLcbNbl7DDo21fozhKHQ2PccwOFQ=
-github.com/dimfeld/httptreemux/v5 v5.5.0/go.mod h1:QeEylH57C0v3VO0tkKraVz9oD3Uu93CKPnTLbsidvSw=
-github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
-github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
-github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
-github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
+github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
-github.com/go-ping/ping v1.1.0 h1:3MCGhVX4fyEUuhsfwPrsEdQw6xspHkv5zHsiSoDFZYw=
-github.com/go-ping/ping v1.1.0/go.mod h1:xIFjORFzTxqIV/tDVGO4eDy/bLuSyawEeojSm3GfRGk=
+github.com/go-ping/ping v1.2.0 h1:vsJ8slZBZAXNCK4dPcI2PEE9eM9n9RbXbGouVQ/Y4yQ=
+github.com/go-ping/ping v1.2.0/go.mod h1:xIFjORFzTxqIV/tDVGO4eDy/bLuSyawEeojSm3GfRGk=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -44,8 +42,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
 github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
-github.com/google/pprof v0.0.0-20240521024322-9665fa269a30 h1:r6YdmbD41tGHeCWDyHF691LWtL7D1iSTyJaKejTWwVU=
-github.com/google/pprof v0.0.0-20240521024322-9665fa269a30/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
+github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg=
+github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/google/renameio/v2 v2.0.0 h1:UifI23ZTGY8Tt29JbYFiuyIU3eX+RNFtUwefq9qAhxg=
 github.com/google/renameio/v2 v2.0.0/go.mod h1:BtmJXm5YlszgC+TD4HOEEUFgkJP3nLxehU6hfe7jRt4=
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -53,8 +51,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714 h1:/jC7qQFrv8CrSJVmaolDVOxTfS9kc36uB6H40kdbQq8=
 github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714/go.mod h1:2Goc3h8EklBH5mspfHFxBnEoURQCGzQQH1ga9Myjvis=
-github.com/insomniacslk/dhcp v0.0.0-20240419123447-f1cffa2c0c49 h1:/OuvSMGT9+xnyZ+7MZQ1zdngaCCAdPoSw8B/uurZ7pg=
-github.com/insomniacslk/dhcp v0.0.0-20240419123447-f1cffa2c0c49/go.mod h1:KclMyHxX06VrVr0DJmeFSUb1ankt7xTfoOA35pCkoic=
+github.com/insomniacslk/dhcp v0.0.0-20241203100832-a481575ed0ef h1:NzQKDfd5ZOPnuZYf9MnRee8x2qecsVqzsnaLjEZiBko=
+github.com/insomniacslk/dhcp v0.0.0-20241203100832-a481575ed0ef/go.mod h1:KclMyHxX06VrVr0DJmeFSUb1ankt7xTfoOA35pCkoic=
 github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/josharian/native v1.0.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
 github.com/josharian/native v1.1.1-0.20230202152459-5c7d0dd6ab86 h1:elKwZS1OcdQ0WwEDBeqxKwb7WB62QX8bvZ/FJnVXIfk=
@@ -78,14 +76,14 @@ github.com/mdlayher/raw v0.1.0/go.mod h1:yXnxvs6c0XoF/aK52/H5PjsVHmWBCFfZUfoh/Y5
 github.com/mdlayher/socket v0.2.1/go.mod h1:QLlNPkFR88mRUNQIzRBMfXxwKal8H7u1h3bL1CV+f0E=
 github.com/mdlayher/socket v0.5.1 h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos=
 github.com/mdlayher/socket v0.5.1/go.mod h1:TjPLHI1UgwEv5J1B5q0zTZq12A/6H7nKmtTanQE37IQ=
-github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs=
-github.com/miekg/dns v1.1.61/go.mod h1:mnAarhS3nWaW+NVP2wTkYVIZyHNJ098SJZUki3eykwQ=
+github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ=
+github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/onsi/ginkgo/v2 v2.17.3 h1:oJcvKpIb7/8uLpDDtnQuf18xVnwKp8DTD7DQ6gTd/MU=
-github.com/onsi/ginkgo/v2 v2.17.3/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc=
-github.com/onsi/gomega v1.33.0 h1:snPCflnZrpMsy94p4lXVEkHo12lmPnc3vY5XBbreexE=
-github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY=
+github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM=
+github.com/onsi/ginkgo/v2 v2.22.1/go.mod h1:S6aTpoRsSq2cZOd+pssHAlKW/Q/jZt6cPrPlnj4a1xM=
+github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw=
+github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
@@ -97,10 +95,10 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
-github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
-github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
-github.com/quic-go/quic-go v0.44.0 h1:So5wOr7jyO4vzL2sd8/pD9Kesciv91zSk8BoFngItQ0=
-github.com/quic-go/quic-go v0.44.0/go.mod h1:z4cx/9Ny9UtGITIPzmPTXh1ULfOyWh4qGQlpnPcWmek=
+github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
+github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
+github.com/quic-go/quic-go v0.48.2 h1:wsKXZPeGWpMpCGSWqOcqpW2wZYic/8T3aqiOID0/KWE=
+github.com/quic-go/quic-go v0.48.2/go.mod h1:yBgs3rWBOADpga7F+jJsb6Ybg1LSYiQvwWlLX+/6HMs=
 github.com/shirou/gopsutil/v3 v3.24.5 h1:i0t8kL+kQTvpAYToeuiVk3TgDeKOFioZO3Ztz/iZ9pI=
 github.com/shirou/gopsutil/v3 v3.24.5/go.mod h1:bsoOS1aStSs9ErQ1WWfxllSeS1K5D+U30r2NfcubMVk=
 github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
@@ -109,8 +107,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/ti-mo/netfilter v0.2.0/go.mod h1:8GbBGsY/8fxtyIdfwy29JiluNcPK4K7wIT+x42ipqUU=
 github.com/ti-mo/netfilter v0.5.2 h1:CTjOwFuNNeZ9QPdRXt1MZFLFUf84cKtiQutNauHWd40=
 github.com/ti-mo/netfilter v0.5.2/go.mod h1:Btx3AtFiOVdHReTDmP9AE+hlkOcvIy403u7BXXbWZKo=
@@ -122,32 +120,32 @@ github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 h1:pyC9PaHYZFgEKFdlp3G8
 github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701/go.mod h1:P3a5rG4X7tI17Nn3aOIAYr5HbIMukwXG0urG0WuL8OA=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
-go.etcd.io/bbolt v1.3.10 h1:+BqfJTcCzTItrop8mq/lbzL8wSGtj94UO/3U31shqG0=
-go.etcd.io/bbolt v1.3.10/go.mod h1:bK3UQLPJZly7IlNmV7uVHJDxfe5aK9Ll93e/74Y9oEQ=
-go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
-go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
+go.etcd.io/bbolt v1.3.11 h1:yGEzV1wPz2yVCLsD8ZAiGHhHVlczyC9d1rP43/VCRJ0=
+go.etcd.io/bbolt v1.3.11/go.mod h1:dksAq7YMXoljX0xu6VF5DMZGbhYYoLUalEiSySYAS4I=
+go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
+go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
-golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
-golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM=
-golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 h1:1UoZQm6f0P/ZO0w1Ri+f+ifG/gXhegadRdwBIXEFWDo=
+golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
-golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
+golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
-golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190322080309-f49334f85ddc/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -158,25 +156,25 @@ golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
-golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
+golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8=
+golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gonum.org/v1/gonum v0.15.0 h1:2lYxjRbTYyxkJxlhC+LvJIx3SsANPdRybu1tGj9/OrQ=
-gonum.org/v1/gonum v0.15.0/go.mod h1:xzZVBJBtS+Mz4q0Yl2LJTk+OxOg4jiXZ7qBoM0uISGo=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gonum.org/v1/gonum v0.15.1 h1:FNy7N6OUZVUaWG9pTiD+jlhdQ3lMP+/LcTpJ6+a8sQ0=
+gonum.org/v1/gonum v0.15.1/go.mod h1:eZTZuRFrzu5pcyjN5wJhcIhnUdNijYxX1T2IcrOGY0o=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

internal/aghalg/ringbuffer.go

@@ -1,94 +0,0 @@
-package aghalg
-
-// RingBuffer is the implementation of ring buffer data structure.
-type RingBuffer[T any] struct {
-	buf  []T
-	cur  uint
-	full bool
-}
-
-// NewRingBuffer initializes the new instance of ring buffer.  size must be
-// greater or equal to zero.
-func NewRingBuffer[T any](size uint) (rb *RingBuffer[T]) {
-	return &RingBuffer[T]{
-		buf: make([]T, size),
-	}
-}
-
-// Append appends an element to the buffer.
-func (rb *RingBuffer[T]) Append(e T) {
-	if len(rb.buf) == 0 {
-		return
-	}
-
-	rb.buf[rb.cur] = e
-	rb.cur = (rb.cur + 1) % uint(cap(rb.buf))
-	if rb.cur == 0 {
-		rb.full = true
-	}
-}
-
-// Range calls cb for each element of the buffer.  If cb returns false it stops.
-func (rb *RingBuffer[T]) Range(cb func(T) (cont bool)) {
-	before, after := rb.splitCur()
-
-	for _, e := range before {
-		if !cb(e) {
-			return
-		}
-	}
-
-	for _, e := range after {
-		if !cb(e) {
-			return
-		}
-	}
-}
-
-// ReverseRange calls cb for each element of the buffer in reverse order.  If
-// cb returns false it stops.
-func (rb *RingBuffer[T]) ReverseRange(cb func(T) (cont bool)) {
-	before, after := rb.splitCur()
-
-	for i := len(after) - 1; i >= 0; i-- {
-		if !cb(after[i]) {
-			return
-		}
-	}
-
-	for i := len(before) - 1; i >= 0; i-- {
-		if !cb(before[i]) {
-			return
-		}
-	}
-}
-
-// splitCur splits the buffer in two, before and after current position in
-// chronological order.  If buffer is not full, after is nil.
-func (rb *RingBuffer[T]) splitCur() (before, after []T) {
-	if len(rb.buf) == 0 {
-		return nil, nil
-	}
-
-	cur := rb.cur
-	if !rb.full {
-		return rb.buf[:cur], nil
-	}
-
-	return rb.buf[cur:], rb.buf[:cur]
-}
-
-// Len returns a length of the buffer.
-func (rb *RingBuffer[T]) Len() (l uint) {
-	if !rb.full {
-		return rb.cur
-	}
-
-	return uint(cap(rb.buf))
-}
-
-// Clear clears the buffer.
-func (rb *RingBuffer[T]) Clear() {
-	rb.full = false
-	rb.cur = 0
-}

internal/aghalg/ringbuffer_test.go

@@ -1,169 +0,0 @@
-package aghalg_test
-
-import (
-	"slices"
-	"testing"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
-	"github.com/stretchr/testify/assert"
-)
-
-// elements is a helper function that returns n elements of the buffer.
-func elements(b *aghalg.RingBuffer[int], n uint, reverse bool) (es []int) {
-	fn := b.Range
-	if reverse {
-		fn = b.ReverseRange
-	}
-
-	var i uint
-	fn(func(e int) (cont bool) {
-		if i >= n {
-			return false
-		}
-
-		es = append(es, e)
-		i++
-
-		return true
-	})
-
-	return es
-}
-
-func TestNewRingBuffer(t *testing.T) {
-	t.Run("success_and_clear", func(t *testing.T) {
-		b := aghalg.NewRingBuffer[int](5)
-		for i := range 10 {
-			b.Append(i)
-		}
-		assert.Equal(t, []int{5, 6, 7, 8, 9}, elements(b, b.Len(), false))
-
-		b.Clear()
-		assert.Zero(t, b.Len())
-	})
-
-	t.Run("zero", func(t *testing.T) {
-		b := aghalg.NewRingBuffer[int](0)
-		for i := range 10 {
-			b.Append(i)
-			bufLen := b.Len()
-			assert.EqualValues(t, 0, bufLen)
-			assert.Empty(t, elements(b, bufLen, false))
-			assert.Empty(t, elements(b, bufLen, true))
-		}
-	})
-
-	t.Run("single", func(t *testing.T) {
-		b := aghalg.NewRingBuffer[int](1)
-		for i := range 10 {
-			b.Append(i)
-			bufLen := b.Len()
-			assert.EqualValues(t, 1, bufLen)
-			assert.Equal(t, []int{i}, elements(b, bufLen, false))
-			assert.Equal(t, []int{i}, elements(b, bufLen, true))
-		}
-	})
-}
-
-func TestRingBuffer_Range(t *testing.T) {
-	const size = 5
-
-	b := aghalg.NewRingBuffer[int](size)
-
-	testCases := []struct {
-		name   string
-		want   []int
-		count  int
-		length uint
-	}{{
-		name:   "three",
-		count:  3,
-		length: 3,
-		want:   []int{0, 1, 2},
-	}, {
-		name:   "ten",
-		count:  10,
-		length: size,
-		want:   []int{5, 6, 7, 8, 9},
-	}, {
-		name:   "hundred",
-		count:  100,
-		length: size,
-		want:   []int{95, 96, 97, 98, 99},
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			for i := range tc.count {
-				b.Append(i)
-			}
-
-			bufLen := b.Len()
-			assert.Equal(t, tc.length, bufLen)
-
-			want := tc.want
-			assert.Equal(t, want, elements(b, bufLen, false))
-			assert.Equal(t, want[:len(want)-1], elements(b, bufLen-1, false))
-			assert.Equal(t, want[:len(want)/2], elements(b, bufLen/2, false))
-
-			want = want[:cap(want)]
-			slices.Reverse(want)
-
-			assert.Equal(t, want, elements(b, bufLen, true))
-			assert.Equal(t, want[:len(want)-1], elements(b, bufLen-1, true))
-			assert.Equal(t, want[:len(want)/2], elements(b, bufLen/2, true))
-		})
-	}
-}
-
-func TestRingBuffer_Range_increment(t *testing.T) {
-	const size = 5
-
-	b := aghalg.NewRingBuffer[int](size)
-
-	testCases := []struct {
-		name string
-		want []int
-	}{{
-		name: "one",
-		want: []int{0},
-	}, {
-		name: "two",
-		want: []int{0, 1},
-	}, {
-		name: "three",
-		want: []int{0, 1, 2},
-	}, {
-		name: "four",
-		want: []int{0, 1, 2, 3},
-	}, {
-		name: "five",
-		want: []int{0, 1, 2, 3, 4},
-	}, {
-		name: "six",
-		want: []int{1, 2, 3, 4, 5},
-	}, {
-		name: "seven",
-		want: []int{2, 3, 4, 5, 6},
-	}, {
-		name: "eight",
-		want: []int{3, 4, 5, 6, 7},
-	}, {
-		name: "nine",
-		want: []int{4, 5, 6, 7, 8},
-	}, {
-		name: "ten",
-		want: []int{5, 6, 7, 8, 9},
-	}}
-
-	for i, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			b.Append(i)
-			bufLen := b.Len()
-			assert.Equal(t, tc.want, elements(b, bufLen, false))
-
-			slices.Reverse(tc.want)
-			assert.Equal(t, tc.want, elements(b, bufLen, true))
-		})
-	}
-}

internal/aghhttp/aghhttp.go

@@ -2,19 +2,16 @@
 package aghhttp
 
 import (
+	"context"
 	"fmt"
 	"io"
+	"log/slog"
 	"net/http"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/version"
 	"github.com/AdguardTeam/golibs/httphdr"
 	"github.com/AdguardTeam/golibs/log"
-)
-
-// HTTP scheme constants.
-const (
-	SchemeHTTP  = "http"
-	SchemeHTTPS = "https"
+	"github.com/AdguardTeam/golibs/logutil/slogutil"
 )
 
 // RegisterFunc is the function that sets the handler to handle the URL for the
@@ -31,12 +28,39 @@ func OK(w http.ResponseWriter) {
 }
 
 // Error writes formatted message to w and also logs it.
+//
+// TODO(s.chzhen):  Remove it.
 func Error(r *http.Request, w http.ResponseWriter, code int, format string, args ...any) {
 	text := fmt.Sprintf(format, args...)
 	log.Error("%s %s %s: %s", r.Method, r.Host, r.URL, text)
 	http.Error(w, text, code)
 }
 
+// ErrorAndLog writes formatted message to w and also logs it with the specified
+// logging level.
+func ErrorAndLog(
+	ctx context.Context,
+	l *slog.Logger,
+	r *http.Request,
+	w http.ResponseWriter,
+	code int,
+	format string,
+	args ...any,
+) {
+	text := fmt.Sprintf(format, args...)
+	l.ErrorContext(
+		ctx,
+		"http error",
+		"host", r.Host,
+		"method", r.Method,
+		"raddr", r.RemoteAddr,
+		"request_uri", r.RequestURI,
+		slogutil.KeyError, text,
+	)
+
+	http.Error(w, text, code)
+}
+
 // UserAgent returns the ID of the service as a User-Agent string.  It can also
 // be used as the value of the Server HTTP header.
 func UserAgent() (ua string) {

internal/aghnet/net_freebsd.go

@@ -6,10 +6,10 @@ import (
 	"bufio"
 	"fmt"
 	"io"
-	"net"
 	"strings"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
+	"github.com/AdguardTeam/golibs/netutil"
 )
 
 func ifaceHasStaticIP(ifaceName string) (ok bool, err error) {
@@ -38,9 +38,13 @@ func (n interfaceName) rcConfStaticConfig(r io.Reader) (_ []string, cont bool, e
 		// TODO(e.burkov):  Expand the check to cover possible
 		// configurations from man rc.conf(5).
 		fields := strings.Fields(line[cfgLeft:cfgRight])
-		if len(fields) >= 2 &&
-			strings.EqualFold(fields[0], "inet") &&
-			net.ParseIP(fields[1]) != nil {
+		switch {
+		case
+			len(fields) < 2,
+			!strings.EqualFold(fields[0], "inet"),
+			!netutil.IsValidIPString(fields[1]):
+			continue
+		default:
 			return nil, false, s.Err()
 		}
 	}

internal/aghnet/net_openbsd.go

@@ -6,10 +6,10 @@ import (
 	"bufio"
 	"fmt"
 	"io"
-	"net"
 	"strings"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
+	"github.com/AdguardTeam/golibs/netutil"
 )
 
 func ifaceHasStaticIP(ifaceName string) (ok bool, err error) {
@@ -25,7 +25,13 @@ func hostnameIfStaticConfig(r io.Reader) (_ []string, ok bool, err error) {
 	for s.Scan() {
 		line := strings.TrimSpace(s.Text())
 		fields := strings.Fields(line)
-		if len(fields) >= 2 && fields[0] == "inet" && net.ParseIP(fields[1]) != nil {
+		switch {
+		case
+			len(fields) < 2,
+			fields[0] != "inet",
+			!netutil.IsValidIPString(fields[1]):
+			continue
+		default:
 			return nil, false, s.Err()
 		}
 	}

internal/aghos/os.go

@@ -7,6 +7,7 @@ import (
 	"bufio"
 	"fmt"
 	"io"
+	"io/fs"
 	"os"
 	"os/exec"
 	"path"
@@ -19,6 +20,13 @@ import (
 	"github.com/AdguardTeam/golibs/log"
 )
 
+// Default file, binary, and directory permissions.
+const (
+	DefaultPermDir  fs.FileMode = 0o700
+	DefaultPermExe  fs.FileMode = 0o700
+	DefaultPermFile fs.FileMode = 0o600
+)
+
 // Unsupported is a helper that returns a wrapped [errors.ErrUnsupported].
 func Unsupported(op string) (err error) {
 	return fmt.Errorf("%s: not supported on %s: %w", op, runtime.GOOS, errors.ErrUnsupported)
@@ -138,16 +146,6 @@ func IsOpenWrt() (ok bool) {
 	return isOpenWrt()
 }
 
-// NotifyReconfigureSignal notifies c on receiving reconfigure signals.
-func NotifyReconfigureSignal(c chan<- os.Signal) {
-	notifyReconfigureSignal(c)
-}
-
-// IsReconfigureSignal returns true if sig is a reconfigure signal.
-func IsReconfigureSignal(sig os.Signal) (ok bool) {
-	return isReconfigureSignal(sig)
-}
-
 // SendShutdownSignal sends the shutdown signal to the channel.
 func SendShutdownSignal(c chan<- os.Signal) {
 	sendShutdownSignal(c)

internal/aghos/os_unix.go

@@ -1,22 +1,11 @@
-//go:build darwin || freebsd || linux || openbsd
+//go:build unix
 
 package aghos
 
 import (
 	"os"
-	"os/signal"
-
-	"golang.org/x/sys/unix"
 )
 
-func notifyReconfigureSignal(c chan<- os.Signal) {
-	signal.Notify(c, unix.SIGHUP)
-}
-
-func isReconfigureSignal(sig os.Signal) (ok bool) {
-	return sig == unix.SIGHUP
-}
-
 func sendShutdownSignal(_ chan<- os.Signal) {
 	// On Unix we are already notified by the system.
 }

internal/aghos/os_windows.go

@@ -4,12 +4,11 @@ package aghos
 
 import (
 	"os"
-	"os/signal"
 
 	"golang.org/x/sys/windows"
 )
 
-func setRlimit(val uint64) (err error) {
+func setRlimit(_ uint64) (err error) {
 	return Unsupported("setrlimit")
 }
 
@@ -38,14 +37,6 @@ func isOpenWrt() (ok bool) {
 	return false
 }
 
-func notifyReconfigureSignal(c chan<- os.Signal) {
-	signal.Notify(c, windows.SIGHUP)
-}
-
-func isReconfigureSignal(sig os.Signal) (ok bool) {
-	return sig == windows.SIGHUP
-}
-
 func sendShutdownSignal(c chan<- os.Signal) {
 	c <- os.Interrupt
 }

internal/aghos/syslog.go

@@ -1,6 +1,6 @@
 package aghos
 
 // ConfigureSyslog reroutes standard logger output to syslog.
-func ConfigureSyslog(serviceName string) error {
+func ConfigureSyslog(serviceName string) (err error) {
 	return configureSyslog(serviceName)
 }

internal/aghos/syslog_others.go

@@ -8,11 +8,15 @@ import (
 	"github.com/AdguardTeam/golibs/log"
 )
 
-func configureSyslog(serviceName string) error {
+// configureSyslog sets standard log output to syslog.
+func configureSyslog(serviceName string) (err error) {
 	w, err := syslog.New(syslog.LOG_NOTICE|syslog.LOG_USER, serviceName)
 	if err != nil {
+		// Don't wrap the error, because it's informative enough as is.
 		return err
 	}
+
 	log.SetOutput(w)
+
 	return nil
 }

internal/aghos/syslog_windows.go

@@ -19,23 +19,30 @@ func (w *eventLogWriter) Write(b []byte) (int, error) {
 	return len(b), w.el.Info(1, string(b))
 }
 
-func configureSyslog(serviceName string) error {
-	// Note that the eventlog src is the same as the service name
-	// Otherwise, we will get "the description for event id cannot be found" warning in every log record
+// configureSyslog sets standard log output to event log.
+func configureSyslog(serviceName string) (err error) {
+	// Note that the eventlog src is the same as the service name, otherwise we
+	// will get "the description for event id cannot be found" warning in every
+	// log record.
 
 	// Continue if we receive "registry key already exists" or if we get
 	// ERROR_ACCESS_DENIED so that we can log without administrative permissions
 	// for pre-existing eventlog sources.
-	if err := eventlog.InstallAsEventCreate(serviceName, eventlog.Info|eventlog.Warning|eventlog.Error); err != nil {
-		if !strings.Contains(err.Error(), "registry key already exists") && err != windows.ERROR_ACCESS_DENIED {
-			return err
-		}
+	err = eventlog.InstallAsEventCreate(serviceName, eventlog.Info|eventlog.Warning|eventlog.Error)
+	if err != nil &&
+		!strings.Contains(err.Error(), "registry key already exists") &&
+		err != windows.ERROR_ACCESS_DENIED {
+		// Don't wrap the error, because it's informative enough as is.
+		return err
 	}
+
 	el, err := eventlog.Open(serviceName)
 	if err != nil {
+		// Don't wrap the error, because it's informative enough as is.
 		return err
 	}
 
 	log.SetOutput(&eventLogWriter{el: el})
+
 	return nil
 }

internal/aghrenameio/renameio_windows.go

@@ -62,7 +62,9 @@ func newPendingFile(filePath string, mode fs.FileMode) (f PendingFile, err error
 		return nil, fmt.Errorf("opening pending file: %w", err)
 	}
 
-	err = file.Chmod(mode)
+	// TODO(e.burkov):  The [os.Chmod] implementation is useless on Windows,
+	// investigate if it can be removed.
+	err = os.Chmod(file.Name(), mode)
 	if err != nil {
 		return nil, fmt.Errorf("preparing pending file: %w", err)
 	}

internal/aghtest/interface.go

@@ -58,7 +58,7 @@ func (w *FSWatcher) Add(name string) (err error) {
 
 // ServiceWithConfig is a fake [agh.ServiceWithConfig] implementation for tests.
 type ServiceWithConfig[ConfigType any] struct {
-	OnStart    func() (err error)
+	OnStart    func(ctx context.Context) (err error)
 	OnShutdown func(ctx context.Context) (err error)
 	OnConfig   func() (c ConfigType)
 }
@@ -68,8 +68,8 @@ var _ agh.ServiceWithConfig[struct{}] = (*ServiceWithConfig[struct{}])(nil)
 
 // Start implements the [agh.ServiceWithConfig] interface for
 // *ServiceWithConfig.
-func (s *ServiceWithConfig[_]) Start() (err error) {
-	return s.OnStart()
+func (s *ServiceWithConfig[_]) Start(ctx context.Context) (err error) {
+	return s.OnStart(ctx)
 }
 
 // Shutdown implements the [agh.ServiceWithConfig] interface for
@@ -89,14 +89,14 @@ func (s *ServiceWithConfig[ConfigType]) Config() (c ConfigType) {
 // AddressProcessor is a fake [client.AddressProcessor] implementation for
 // tests.
 type AddressProcessor struct {
-	OnProcess func(ip netip.Addr)
+	OnProcess func(ctx context.Context, ip netip.Addr)
 	OnClose   func() (err error)
 }
 
 // Process implements the [client.AddressProcessor] interface for
 // *AddressProcessor.
-func (p *AddressProcessor) Process(ip netip.Addr) {
-	p.OnProcess(ip)
+func (p *AddressProcessor) Process(ctx context.Context, ip netip.Addr) {
+	p.OnProcess(ctx, ip)
 }
 
 // Close implements the [client.AddressProcessor] interface for
@@ -107,13 +107,18 @@ func (p *AddressProcessor) Close() (err error) {
 
 // AddressUpdater is a fake [client.AddressUpdater] implementation for tests.
 type AddressUpdater struct {
-	OnUpdateAddress func(ip netip.Addr, host string, info *whois.Info)
+	OnUpdateAddress func(ctx context.Context, ip netip.Addr, host string, info *whois.Info)
 }
 
 // UpdateAddress implements the [client.AddressUpdater] interface for
 // *AddressUpdater.
-func (p *AddressUpdater) UpdateAddress(ip netip.Addr, host string, info *whois.Info) {
-	p.OnUpdateAddress(ip, host, info)
+func (p *AddressUpdater) UpdateAddress(
+	ctx context.Context,
+	ip netip.Addr,
+	host string,
+	info *whois.Info,
+) {
+	p.OnUpdateAddress(ctx, ip, host, info)
 }
 
 // Package dnsforward

internal/aghtls/aghtls.go

@@ -5,9 +5,10 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
-	"net/netip"
+	"slices"
 
 	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/netutil"
 )
 
 // init makes sure that the cipher name map is filled.
@@ -75,15 +76,5 @@ func SaferCipherSuites() (safe []uint16) {
 // CertificateHasIP returns true if cert has at least a single IP address among
 // its subjectAltNames.
 func CertificateHasIP(cert *x509.Certificate) (ok bool) {
-	if len(cert.IPAddresses) > 0 {
-		return true
-	}
-
-	for _, name := range cert.DNSNames {
-		if _, err := netip.ParseAddr(name); err == nil {
-			return true
-		}
-	}
-
-	return false
+	return len(cert.IPAddresses) > 0 || slices.ContainsFunc(cert.DNSNames, netutil.IsValidIPString)
 }

internal/arpdb/arpdb.go

@@ -5,6 +5,7 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
+	"log/slog"
 	"net"
 	"net/netip"
 	"slices"
@@ -12,7 +13,7 @@ import (
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/logutil/slogutil"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/osutil"
 )
@@ -38,8 +39,8 @@ type Interface interface {
 }
 
 // New returns the [Interface] properly initialized for the OS.
-func New() (arp Interface) {
-	return newARPDB()
+func New(logger *slog.Logger) (arp Interface) {
+	return newARPDB(logger)
 }
 
 // Empty is the [Interface] implementation that does nothing.
@@ -69,6 +70,30 @@ type Neighbor struct {
 	MAC net.HardwareAddr
 }
 
+// newNeighbor returns the new initialized [Neighbor] by parsing string
+// representations of IP and MAC addresses.
+func newNeighbor(host, ipStr, macStr string) (n *Neighbor, err error) {
+	defer func() { err = errors.Annotate(err, "getting arp neighbor: %w") }()
+
+	ip, err := netip.ParseAddr(ipStr)
+	if err != nil {
+		// Don't wrap the error, as it will get annotated.
+		return nil, err
+	}
+
+	mac, err := net.ParseMAC(macStr)
+	if err != nil {
+		// Don't wrap the error, as it will get annotated.
+		return nil, err
+	}
+
+	return &Neighbor{
+		Name: host,
+		IP:   ip,
+		MAC:  mac,
+	}, nil
+}
+
 // Clone returns the deep copy of n.
 func (n Neighbor) Clone() (clone Neighbor) {
 	return Neighbor{
@@ -80,10 +105,10 @@ func (n Neighbor) Clone() (clone Neighbor) {
 
 // validatedHostname returns h if it's a valid hostname, or an empty string
 // otherwise, logging the validation error.
-func validatedHostname(h string) (host string) {
+func validatedHostname(logger *slog.Logger, h string) (host string) {
 	err := netutil.ValidateHostname(h)
 	if err != nil {
-		log.Debug("arpdb: parsing arp output: host: %s", err)
+		logger.Debug("parsing host of arp output", slogutil.KeyError, err)
 
 		return ""
 	}
@@ -132,15 +157,18 @@ func (ns *neighs) reset(with []Neighbor) {
 // parseNeighsFunc parses the text from sc as if it'd be an output of some
 // ARP-related command.  lenHint is a hint for the size of the allocated slice
 // of Neighbors.
-type parseNeighsFunc func(sc *bufio.Scanner, lenHint int) (ns []Neighbor)
+//
+// TODO(s.chzhen):  Return []*Neighbor instead.
+type parseNeighsFunc func(logger *slog.Logger, sc *bufio.Scanner, lenHint int) (ns []Neighbor)
 
 // cmdARPDB is the implementation of the [Interface] that uses command line to
 // retrieve data.
 type cmdARPDB struct {
-	parse parseNeighsFunc
-	ns    *neighs
-	cmd   string
-	args  []string
+	logger *slog.Logger
+	parse  parseNeighsFunc
+	ns     *neighs
+	cmd    string
+	args   []string
 }
 
 // type check
@@ -158,7 +186,7 @@ func (arp *cmdARPDB) Refresh() (err error) {
 	}
 
 	sc := bufio.NewScanner(bytes.NewReader(out))
-	ns := arp.parse(sc, arp.ns.len())
+	ns := arp.parse(arp.logger, sc, arp.ns.len())
 	if err = sc.Err(); err != nil {
 		// TODO(e.burkov):  This error seems unreachable.  Investigate.
 		return fmt.Errorf("scanning the output: %w", err)

internal/arpdb/arpdb_bsd.go

@@ -4,17 +4,17 @@ package arpdb
 
 import (
 	"bufio"
-	"net"
-	"net/netip"
+	"log/slog"
 	"strings"
 	"sync"
 
-	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/logutil/slogutil"
 )
 
-func newARPDB() (arp *cmdARPDB) {
+func newARPDB(logger *slog.Logger) (arp *cmdARPDB) {
 	return &cmdARPDB{
-		parse: parseArpA,
+		logger: logger,
+		parse:  parseArpA,
 		ns: &neighs{
 			mu: &sync.RWMutex{},
 			ns: make([]Neighbor, 0),
@@ -33,7 +33,7 @@ func newARPDB() (arp *cmdARPDB) {
 // The expected input format:
 //
 //	host.name (192.168.0.1) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]
-func parseArpA(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
+func parseArpA(logger *slog.Logger, sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 	ns = make([]Neighbor, 0, lenHint)
 	for sc.Scan() {
 		ln := sc.Text()
@@ -48,26 +48,15 @@ func parseArpA(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 			continue
 		}
 
-		ip, err := netip.ParseAddr(ipStr[1 : len(ipStr)-1])
+		host := validatedHostname(logger, fields[0])
+		n, err := newNeighbor(host, ipStr[1:len(ipStr)-1], fields[3])
 		if err != nil {
-			log.Debug("arpdb: parsing arp output: ip: %s", err)
+			logger.Debug("parsing arp output", "line", ln, slogutil.KeyError, err)
 
 			continue
 		}
 
-		hwStr := fields[3]
-		mac, err := net.ParseMAC(hwStr)
-		if err != nil {
-			log.Debug("arpdb: parsing arp output: mac: %s", err)
-
-			continue
-		}
-
-		ns = append(ns, Neighbor{
-			IP:   ip,
-			MAC:  mac,
-			Name: validatedHostname(fields[0]),
-		})
+		ns = append(ns, *n)
 	}
 
 	return ns

internal/arpdb/arpdb_internal_test.go

@@ -11,6 +11,7 @@ import (
 	"testing"
 
 	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/logutil/slogutil"
 	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -61,7 +62,7 @@ func (s mapShell) RunCmd(cmd string, args ...string) (code int, out []byte, err
 
 func Test_New(t *testing.T) {
 	var a Interface
-	require.NotPanics(t, func() { a = New() })
+	require.NotPanics(t, func() { a = New(slogutil.NewDiscardLogger()) })
 
 	assert.NotNil(t, a)
 }
@@ -201,8 +202,9 @@ func Test_NewARPDBs(t *testing.T) {
 
 func TestCmdARPDB_arpa(t *testing.T) {
 	a := &cmdARPDB{
-		cmd:   "cmd",
-		parse: parseArpA,
+		logger: slogutil.NewDiscardLogger(),
+		cmd:    "cmd",
+		parse:  parseArpA,
 		ns: &neighs{
 			mu: &sync.RWMutex{},
 			ns: make([]Neighbor, 0),

internal/arpdb/arpdb_linux.go

@@ -6,17 +6,18 @@ import (
 	"bufio"
 	"fmt"
 	"io/fs"
+	"log/slog"
 	"net"
 	"net/netip"
 	"strings"
 	"sync"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
-	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/logutil/slogutil"
 	"github.com/AdguardTeam/golibs/stringutil"
 )
 
-func newARPDB() (arp *arpdbs) {
+func newARPDB(logger *slog.Logger) (arp *arpdbs) {
 	// Use the common storage among the implementations.
 	ns := &neighs{
 		mu: &sync.RWMutex{},
@@ -39,9 +40,10 @@ func newARPDB() (arp *arpdbs) {
 		},
 		// Then, try "arp -a -n".
 		&cmdARPDB{
-			parse: parseF,
-			ns:    ns,
-			cmd:   "arp",
+			logger: logger,
+			parse:  parseF,
+			ns:     ns,
+			cmd:    "arp",
 			// Use -n flag to avoid resolving the hostnames of the neighbors.
 			// By default ARP attempts to resolve the hostnames via DNS.  See
 			// man 8 arp.
@@ -51,10 +53,11 @@ func newARPDB() (arp *arpdbs) {
 		},
 		// Finally, try "ip neigh".
 		&cmdARPDB{
-			parse: parseIPNeigh,
-			ns:    ns,
-			cmd:   "ip",
-			args:  []string{"neigh"},
+			logger: logger,
+			parse:  parseIPNeigh,
+			ns:     ns,
+			cmd:    "ip",
+			args:   []string{"neigh"},
 		},
 	)
 }
@@ -131,7 +134,7 @@ func (arp *fsysARPDB) Neighbors() (ns []Neighbor) {
 //
 //	IP address     HW type  Flags  HW address         Mask  Device
 //	192.168.11.98  0x1      0x2    5a:92:df:a9:7e:28  *     wan
-func parseArpAWrt(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
+func parseArpAWrt(logger *slog.Logger, sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 	if !sc.Scan() {
 		// Skip the header.
 		return
@@ -146,25 +149,14 @@ func parseArpAWrt(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 			continue
 		}
 
-		ip, err := netip.ParseAddr(fields[0])
+		n, err := newNeighbor("", fields[0], fields[3])
 		if err != nil {
-			log.Debug("arpdb: parsing arp output: ip: %s", err)
+			logger.Debug("parsing arp output", "line", ln, slogutil.KeyError, err)
 
 			continue
 		}
 
-		hwStr := fields[3]
-		mac, err := net.ParseMAC(hwStr)
-		if err != nil {
-			log.Debug("arpdb: parsing arp output: mac: %s", err)
-
-			continue
-		}
-
-		ns = append(ns, Neighbor{
-			IP:  ip,
-			MAC: mac,
-		})
+		ns = append(ns, *n)
 	}
 
 	return ns
@@ -174,7 +166,7 @@ func parseArpAWrt(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 // expected input format:
 //
 //	hostname (192.168.1.1) at ab:cd:ef:ab:cd:ef [ether] on enp0s3
-func parseArpA(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
+func parseArpA(logger *slog.Logger, sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 	ns = make([]Neighbor, 0, lenHint)
 	for sc.Scan() {
 		ln := sc.Text()
@@ -189,26 +181,15 @@ func parseArpA(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 			continue
 		}
 
-		ip, err := netip.ParseAddr(ipStr[1 : len(ipStr)-1])
+		host := validatedHostname(logger, fields[0])
+		n, err := newNeighbor(host, ipStr[1:len(ipStr)-1], fields[3])
 		if err != nil {
-			log.Debug("arpdb: parsing arp output: ip: %s", err)
+			logger.Debug("parsing arp output", "line", ln, slogutil.KeyError, err)
 
 			continue
 		}
 
-		hwStr := fields[3]
-		mac, err := net.ParseMAC(hwStr)
-		if err != nil {
-			log.Debug("arpdb: parsing arp output: mac: %s", err)
-
-			continue
-		}
-
-		ns = append(ns, Neighbor{
-			IP:   ip,
-			MAC:  mac,
-			Name: validatedHostname(fields[0]),
-		})
+		ns = append(ns, *n)
 	}
 
 	return ns
@@ -218,7 +199,7 @@ func parseArpA(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 // expected input format:
 //
 //	192.168.1.1 dev enp0s3 lladdr ab:cd:ef:ab:cd:ef REACHABLE
-func parseIPNeigh(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
+func parseIPNeigh(logger *slog.Logger, sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 	ns = make([]Neighbor, 0, lenHint)
 	for sc.Scan() {
 		ln := sc.Text()
@@ -228,27 +209,14 @@ func parseIPNeigh(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 			continue
 		}
 
-		n := Neighbor{}
-
-		ip, err := netip.ParseAddr(fields[0])
+		n, err := newNeighbor("", fields[0], fields[4])
 		if err != nil {
-			log.Debug("arpdb: parsing arp output: ip: %s", err)
+			logger.Debug("parsing arp output", "line", ln, slogutil.KeyError, err)
 
 			continue
-		} else {
-			n.IP = ip
 		}
 
-		mac, err := net.ParseMAC(fields[4])
-		if err != nil {
-			log.Debug("arpdb: parsing arp output: mac: %s", err)
-
-			continue
-		} else {
-			n.MAC = mac
-		}
-
-		ns = append(ns, n)
+		ns = append(ns, *n)
 	}
 
 	return ns

internal/arpdb/arpdb_linux_internal_test.go

@@ -9,6 +9,7 @@ import (
 	"testing"
 	"testing/fstest"
 
+	"github.com/AdguardTeam/golibs/logutil/slogutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -69,9 +70,10 @@ func TestCmdARPDB_linux(t *testing.T) {
 
 	t.Run("wrt", func(t *testing.T) {
 		a := &cmdARPDB{
-			parse: parseArpAWrt,
-			cmd:   "arp",
-			args:  []string{"-a"},
+			logger: slogutil.NewDiscardLogger(),
+			parse:  parseArpAWrt,
+			cmd:    "arp",
+			args:   []string{"-a"},
 			ns: &neighs{
 				mu: &sync.RWMutex{},
 				ns: make([]Neighbor, 0),
@@ -86,9 +88,10 @@ func TestCmdARPDB_linux(t *testing.T) {
 
 	t.Run("ip_neigh", func(t *testing.T) {
 		a := &cmdARPDB{
-			parse: parseIPNeigh,
-			cmd:   "ip",
-			args:  []string{"neigh"},
+			logger: slogutil.NewDiscardLogger(),
+			parse:  parseIPNeigh,
+			cmd:    "ip",
+			args:   []string{"neigh"},
 			ns: &neighs{
 				mu: &sync.RWMutex{},
 				ns: make([]Neighbor, 0),

internal/arpdb/arpdb_openbsd.go

@@ -4,17 +4,17 @@ package arpdb
 
 import (
 	"bufio"
-	"net"
-	"net/netip"
+	"log/slog"
 	"strings"
 	"sync"
 
-	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/logutil/slogutil"
 )
 
-func newARPDB() (arp *cmdARPDB) {
+func newARPDB(logger *slog.Logger) (arp *cmdARPDB) {
 	return &cmdARPDB{
-		parse: parseArpA,
+		logger: logger,
+		parse:  parseArpA,
 		ns: &neighs{
 			mu: &sync.RWMutex{},
 			ns: make([]Neighbor, 0),
@@ -34,7 +34,7 @@ func newARPDB() (arp *cmdARPDB) {
 //
 //	Host        Ethernet Address  Netif Expire    Flags
 //	192.168.1.1 ab:cd:ef:ab:cd:ef   em0 19m59s
-func parseArpA(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
+func parseArpA(logger *slog.Logger, sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 	// Skip the header.
 	if !sc.Scan() {
 		return nil
@@ -49,27 +49,14 @@ func parseArpA(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 			continue
 		}
 
-		n := Neighbor{}
-
-		ip, err := netip.ParseAddr(fields[0])
+		n, err := newNeighbor("", fields[0], fields[1])
 		if err != nil {
-			log.Debug("arpdb: parsing arp output: ip: %s", err)
+			logger.Debug("parsing arp output", "line", ln, slogutil.KeyError, err)
 
 			continue
-		} else {
-			n.IP = ip
 		}
 
-		mac, err := net.ParseMAC(fields[1])
-		if err != nil {
-			log.Debug("arpdb: parsing arp output: mac: %s", err)
-
-			continue
-		} else {
-			n.MAC = mac
-		}
-
-		ns = append(ns, n)
+		ns = append(ns, *n)
 	}
 
 	return ns

internal/arpdb/arpdb_windows.go

@@ -4,17 +4,17 @@ package arpdb
 
 import (
 	"bufio"
-	"net"
-	"net/netip"
+	"log/slog"
 	"strings"
 	"sync"
 
-	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/logutil/slogutil"
 )
 
-func newARPDB() (arp *cmdARPDB) {
+func newARPDB(logger *slog.Logger) (arp *cmdARPDB) {
 	return &cmdARPDB{
-		parse: parseArpA,
+		logger: logger,
+		parse:  parseArpA,
 		ns: &neighs{
 			mu: &sync.RWMutex{},
 			ns: make([]Neighbor, 0),
@@ -31,7 +31,7 @@ func newARPDB() (arp *cmdARPDB) {
 //	  Internet Address      Physical Address      Type
 //	  192.168.56.1          0a-00-27-00-00-00     dynamic
 //	  192.168.56.255        ff-ff-ff-ff-ff-ff     static
-func parseArpA(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
+func parseArpA(logger *slog.Logger, sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 	ns = make([]Neighbor, 0, lenHint)
 	for sc.Scan() {
 		ln := sc.Text()
@@ -44,24 +44,14 @@ func parseArpA(sc *bufio.Scanner, lenHint int) (ns []Neighbor) {
 			continue
 		}
 
-		ip, err := netip.ParseAddr(fields[0])
+		n, err := newNeighbor("", fields[0], fields[1])
 		if err != nil {
-			log.Debug("arpdb: parsing arp output: ip: %s", err)
+			logger.Debug("parsing arp output", "line", ln, slogutil.KeyError, err)
 
 			continue
 		}
 
-		mac, err := net.ParseMAC(fields[1])
-		if err != nil {
-			log.Debug("arpdb: parsing arp output: mac: %s", err)
-
-			continue
-		}
-
-		ns = append(ns, Neighbor{
-			IP:  ip,
-			MAC: mac,
-		})
+		ns = append(ns, *n)
 	}
 
 	return ns

internal/client/addrproc.go

@@ -2,6 +2,7 @@ package client
 
 import (
 	"context"
+	"log/slog"
 	"net/netip"
 	"sync"
 	"time"
@@ -10,7 +11,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/rdns"
 	"github.com/AdguardTeam/AdGuardHome/internal/whois"
 	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/logutil/slogutil"
 	"github.com/AdguardTeam/golibs/netutil"
 )
 
@@ -20,7 +21,7 @@ const ErrClosed errors.Error = "use of closed address processor"
 
 // AddressProcessor is the interface for types that can process clients.
 type AddressProcessor interface {
-	Process(ip netip.Addr)
+	Process(ctx context.Context, ip netip.Addr)
 	Close() (err error)
 }
 
@@ -31,13 +32,17 @@ type EmptyAddrProc struct{}
 var _ AddressProcessor = EmptyAddrProc{}
 
 // Process implements the [AddressProcessor] interface for EmptyAddrProc.
-func (EmptyAddrProc) Process(_ netip.Addr) {}
+func (EmptyAddrProc) Process(_ context.Context, _ netip.Addr) {}
 
 // Close implements the [AddressProcessor] interface for EmptyAddrProc.
 func (EmptyAddrProc) Close() (_ error) { return nil }
 
 // DefaultAddrProcConfig is the configuration structure for address processors.
 type DefaultAddrProcConfig struct {
+	// BaseLogger is used to create loggers with custom prefixes for sources of
+	// information about runtime clients.  It must not be nil.
+	BaseLogger *slog.Logger
+
 	// DialContext is used to create TCP connections to WHOIS servers.
 	// DialContext must not be nil if [DefaultAddrProcConfig.UseWHOIS] is true.
 	DialContext aghnet.DialContextFunc
@@ -84,12 +89,15 @@ type DefaultAddrProcConfig struct {
 type AddressUpdater interface {
 	// UpdateAddress updates information about an IP address, setting host (if
 	// not empty) and WHOIS information (if not nil).
-	UpdateAddress(ip netip.Addr, host string, info *whois.Info)
+	UpdateAddress(ctx context.Context, ip netip.Addr, host string, info *whois.Info)
 }
 
 // DefaultAddrProc processes incoming client addresses with rDNS and WHOIS, if
 // configured, and updates that information in a client storage.
 type DefaultAddrProc struct {
+	// logger is used to log the operation of address processor.
+	logger *slog.Logger
+
 	// clientIPsMu serializes closure of clientIPs and access to isClosed.
 	clientIPsMu *sync.Mutex
 
@@ -136,6 +144,7 @@ const (
 // not be nil.
 func NewDefaultAddrProc(c *DefaultAddrProcConfig) (p *DefaultAddrProc) {
 	p = &DefaultAddrProc{
+		logger:         c.BaseLogger.With(slogutil.KeyPrefix, "addrproc"),
 		clientIPsMu:    &sync.Mutex{},
 		clientIPs:      make(chan netip.Addr, defaultQueueSize),
 		rdns:           &rdns.Empty{},
@@ -147,6 +156,7 @@ func NewDefaultAddrProc(c *DefaultAddrProcConfig) (p *DefaultAddrProc) {
 
 	if c.UseRDNS {
 		p.rdns = rdns.New(&rdns.Config{
+			Logger:    c.BaseLogger.With(slogutil.KeyPrefix, "rdns"),
 			Exchanger: c.Exchanger,
 			CacheSize: defaultCacheSize,
 			CacheTTL:  defaultIPTTL,
@@ -154,13 +164,16 @@ func NewDefaultAddrProc(c *DefaultAddrProcConfig) (p *DefaultAddrProc) {
 	}
 
 	if c.UseWHOIS {
-		p.whois = newWHOIS(c.DialContext)
+		p.whois = newWHOIS(c.BaseLogger.With(slogutil.KeyPrefix, "whois"), c.DialContext)
 	}
 
-	go p.process(c.CatchPanics)
+	// TODO(s.chzhen):  Pass context.
+	ctx := context.TODO()
+
+	go p.process(ctx, c.CatchPanics)
 
 	for _, ip := range c.InitialAddresses {
-		p.Process(ip)
+		p.Process(ctx, ip)
 	}
 
 	return p
@@ -168,7 +181,7 @@ func NewDefaultAddrProc(c *DefaultAddrProcConfig) (p *DefaultAddrProc) {
 
 // newWHOIS returns a whois.Interface instance using the given function for
 // dialing.
-func newWHOIS(dialFunc aghnet.DialContextFunc) (w whois.Interface) {
+func newWHOIS(logger *slog.Logger, dialFunc aghnet.DialContextFunc) (w whois.Interface) {
 	// TODO(s.chzhen):  Consider making configurable.
 	const (
 		// defaultTimeout is the timeout for WHOIS requests.
@@ -186,6 +199,7 @@ func newWHOIS(dialFunc aghnet.DialContextFunc) (w whois.Interface) {
 	)
 
 	return whois.New(&whois.Config{
+		Logger:          logger,
 		DialContext:     dialFunc,
 		ServerAddr:      whois.DefaultServer,
 		Port:            whois.DefaultPort,
@@ -202,7 +216,7 @@ func newWHOIS(dialFunc aghnet.DialContextFunc) (w whois.Interface) {
 var _ AddressProcessor = (*DefaultAddrProc)(nil)
 
 // Process implements the [AddressProcessor] interface for *DefaultAddrProc.
-func (p *DefaultAddrProc) Process(ip netip.Addr) {
+func (p *DefaultAddrProc) Process(ctx context.Context, ip netip.Addr) {
 	p.clientIPsMu.Lock()
 	defer p.clientIPsMu.Unlock()
 
@@ -214,36 +228,42 @@ func (p *DefaultAddrProc) Process(ip netip.Addr) {
 	case p.clientIPs <- ip:
 		// Go on.
 	default:
-		log.Debug("clients: ip channel is full; len: %d", len(p.clientIPs))
+		p.logger.DebugContext(ctx, "ip channel is full", "len", len(p.clientIPs))
 	}
 }
 
 // process processes the incoming client IP-address information.  It is intended
 // to be used as a goroutine.  Once clientIPs is closed, process exits.
-func (p *DefaultAddrProc) process(catchPanics bool) {
+func (p *DefaultAddrProc) process(ctx context.Context, catchPanics bool) {
 	if catchPanics {
-		defer log.OnPanic("addrProcessor.process")
+		defer slogutil.RecoverAndLog(ctx, p.logger)
 	}
 
-	log.Info("clients: processing addresses")
+	p.logger.InfoContext(ctx, "processing addresses")
 
 	for ip := range p.clientIPs {
-		host := p.processRDNS(ip)
-		info := p.processWHOIS(ip)
+		host := p.processRDNS(ctx, ip)
+		info := p.processWHOIS(ctx, ip)
 
-		p.addrUpdater.UpdateAddress(ip, host, info)
+		p.addrUpdater.UpdateAddress(ctx, ip, host, info)
 	}
 
-	log.Info("clients: finished processing addresses")
+	p.logger.InfoContext(ctx, "finished processing addresses")
 }
 
 // processRDNS resolves the clients' IP addresses using reverse DNS.  host is
 // empty if there were errors or if the information hasn't changed.
-func (p *DefaultAddrProc) processRDNS(ip netip.Addr) (host string) {
+func (p *DefaultAddrProc) processRDNS(ctx context.Context, ip netip.Addr) (host string) {
 	start := time.Now()
-	log.Debug("clients: processing %s with rdns", ip)
+	p.logger.DebugContext(ctx, "processing rdns", "ip", ip)
 	defer func() {
-		log.Debug("clients: finished processing %s with rdns in %s", ip, time.Since(start))
+		p.logger.DebugContext(
+			ctx,
+			"finished processing rdns",
+			"ip", ip,
+			"host", host,
+			"elapsed", time.Since(start),
+		)
 	}()
 
 	ok := p.shouldResolve(ip)
@@ -251,7 +271,7 @@ func (p *DefaultAddrProc) processRDNS(ip netip.Addr) (host string) {
 		return
 	}
 
-	host, changed := p.rdns.Process(ip)
+	host, changed := p.rdns.Process(ctx, ip)
 	if !changed {
 		host = ""
 	}
@@ -268,16 +288,22 @@ func (p *DefaultAddrProc) shouldResolve(ip netip.Addr) (ok bool) {
 // processWHOIS looks up the information about clients' IP addresses in the
 // WHOIS databases.  info is nil if there were errors or if the information
 // hasn't changed.
-func (p *DefaultAddrProc) processWHOIS(ip netip.Addr) (info *whois.Info) {
+func (p *DefaultAddrProc) processWHOIS(ctx context.Context, ip netip.Addr) (info *whois.Info) {
 	start := time.Now()
-	log.Debug("clients: processing %s with whois", ip)
+	p.logger.DebugContext(ctx, "processing whois", "ip", ip)
 	defer func() {
-		log.Debug("clients: finished processing %s with whois in %s", ip, time.Since(start))
+		p.logger.DebugContext(
+			ctx,
+			"finished processing whois",
+			"ip", ip,
+			"whois", info,
+			"elapsed", time.Since(start),
+		)
 	}()
 
 	// TODO(s.chzhen):  Move the timeout logic from WHOIS configuration to the
 	// context.
-	info, changed := p.whois.Process(context.Background(), ip)
+	info, changed := p.whois.Process(ctx, ip)
 	if !changed {
 		info = nil
 	}

internal/client/addrproc_test.go

@@ -13,6 +13,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/client"
 	"github.com/AdguardTeam/AdGuardHome/internal/whois"
 	"github.com/AdguardTeam/golibs/errors"
+	"github.com/AdguardTeam/golibs/logutil/slogutil"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/AdguardTeam/golibs/testutil/fakenet"
@@ -25,7 +26,8 @@ func TestEmptyAddrProc(t *testing.T) {
 	p := client.EmptyAddrProc{}
 
 	assert.NotPanics(t, func() {
-		p.Process(testIP)
+		ctx := testutil.ContextWithTimeout(t, testTimeout)
+		p.Process(ctx, testIP)
 	})
 
 	assert.NotPanics(t, func() {
@@ -99,6 +101,7 @@ func TestDefaultAddrProc_Process_rDNS(t *testing.T) {
 			updInfoCh := make(chan *whois.Info, 1)
 
 			p := client.NewDefaultAddrProc(&client.DefaultAddrProcConfig{
+				BaseLogger: slogutil.NewDiscardLogger(),
 				DialContext: func(_ context.Context, _, _ string) (conn net.Conn, err error) {
 					panic("not implemented")
 				},
@@ -118,7 +121,8 @@ func TestDefaultAddrProc_Process_rDNS(t *testing.T) {
 			})
 			testutil.CleanupAndRequireSuccess(t, p.Close)
 
-			p.Process(tc.ip)
+			ctx := testutil.ContextWithTimeout(t, testTimeout)
+			p.Process(ctx, tc.ip)
 
 			if !tc.wantUpd {
 				return
@@ -144,8 +148,8 @@ func newOnUpdateAddress(
 	ips chan<- netip.Addr,
 	hosts chan<- string,
 	infos chan<- *whois.Info,
-) (f func(ip netip.Addr, host string, info *whois.Info)) {
-	return func(ip netip.Addr, host string, info *whois.Info) {
+) (f func(ctx context.Context, ip netip.Addr, host string, info *whois.Info)) {
+	return func(ctx context.Context, ip netip.Addr, host string, info *whois.Info) {
 		if !want && (host != "" || info != nil) {
 			panic(fmt.Errorf("got unexpected update for %v with %q and %v", ip, host, info))
 		}
@@ -208,6 +212,7 @@ func TestDefaultAddrProc_Process_WHOIS(t *testing.T) {
 			updInfoCh := make(chan *whois.Info, 1)
 
 			p := client.NewDefaultAddrProc(&client.DefaultAddrProcConfig{
+				BaseLogger: slogutil.NewDiscardLogger(),
 				DialContext: func(_ context.Context, _, _ string) (conn net.Conn, err error) {
 					return whoisConn, nil
 				},
@@ -227,7 +232,8 @@ func TestDefaultAddrProc_Process_WHOIS(t *testing.T) {
 			})
 			testutil.CleanupAndRequireSuccess(t, p.Close)
 
-			p.Process(testIP)
+			ctx := testutil.ContextWithTimeout(t, testTimeout)
+			p.Process(ctx, testIP)
 
 			if !tc.wantUpd {
 				return
@@ -248,7 +254,9 @@ func TestDefaultAddrProc_Process_WHOIS(t *testing.T) {
 func TestDefaultAddrProc_Close(t *testing.T) {
 	t.Parallel()
 
-	p := client.NewDefaultAddrProc(&client.DefaultAddrProcConfig{})
+	p := client.NewDefaultAddrProc(&client.DefaultAddrProcConfig{
+		BaseLogger: slogutil.NewDiscardLogger(),
+	})
 
 	err := p.Close()
 	assert.NoError(t, err)

internal/client/client.go

@@ -8,6 +8,7 @@ import (
 	"encoding"
 	"fmt"
 	"net/netip"
+	"slices"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/whois"
 )
@@ -118,8 +119,9 @@ func (r *Runtime) Info() (cs Source, host string) {
 	return cs, info[0]
 }
 
-// SetInfo sets a host as a client information from the cs.
-func (r *Runtime) SetInfo(cs Source, hosts []string) {
+// setInfo sets a host as a client information from the cs.
+func (r *Runtime) setInfo(cs Source, hosts []string) {
+	// TODO(s.chzhen):  Use contract where hosts must contain non-empty host.
 	if len(hosts) == 1 && hosts[0] == "" {
 		hosts = []string{}
 	}
@@ -136,13 +138,13 @@ func (r *Runtime) SetInfo(cs Source, hosts []string) {
 	}
 }
 
-// WHOIS returns a WHOIS client information.
+// WHOIS returns a copy of WHOIS client information.
 func (r *Runtime) WHOIS() (info *whois.Info) {
-	return r.whois
+	return r.whois.Clone()
 }
 
-// SetWHOIS sets a WHOIS client information.  info must be non-nil.
-func (r *Runtime) SetWHOIS(info *whois.Info) {
+// setWHOIS sets a WHOIS client information.  info must be non-nil.
+func (r *Runtime) setWHOIS(info *whois.Info) {
 	r.whois = info
 }
 
@@ -175,3 +177,15 @@ func (r *Runtime) isEmpty() (ok bool) {
 func (r *Runtime) Addr() (ip netip.Addr) {
 	return r.ip
 }
+
+// clone returns a deep copy of the runtime client.
+func (r *Runtime) clone() (c *Runtime) {
+	return &Runtime{
+		ip:        r.ip,
+		whois:     r.whois.Clone(),
+		arp:       slices.Clone(r.arp),
+		rdns:      slices.Clone(r.rdns),
+		dhcp:      slices.Clone(r.dhcp),
+		hostsFile: slices.Clone(r.hostsFile),
+	}
+}

internal/client/index.go

@@ -2,6 +2,7 @@ package client
 
 import (
 	"fmt"
+	"maps"
 	"net"
 	"net/netip"
 	"slices"
@@ -9,7 +10,6 @@ import (
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/AdguardTeam/golibs/errors"
-	"golang.org/x/exp/maps"
 )
 
 // macKey contains MAC as byte array of 6, 8, or 20 bytes.
@@ -330,12 +330,14 @@ func (ci *index) size() (n int) {
 // rangeByName is like [Index.Range] but sorts the persistent clients by name
 // before iterating ensuring a predictable order.
 func (ci *index) rangeByName(f func(c *Persistent) (cont bool)) {
-	cs := maps.Values(ci.uidToClient)
-	slices.SortFunc(cs, func(a, b *Persistent) (n int) {
-		return strings.Compare(a.Name, b.Name)
-	})
+	clients := slices.SortedStableFunc(
+		maps.Values(ci.uidToClient),
+		func(a, b *Persistent) (res int) {
+			return strings.Compare(a.Name, b.Name)
+		},
+	)
 
-	for _, c := range cs {
+	for _, c := range clients {
 		if !f(c) {
 			break
 		}

internal/client/persistent.go

@@ -1,21 +1,20 @@
 package client
 
 import (
+	"context"
 	"encoding"
 	"fmt"
+	"log/slog"
 	"net"
 	"net/netip"
 	"slices"
 	"strings"
-	"time"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
-	"github.com/AdguardTeam/AdGuardHome/internal/filtering/safesearch"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/dnsproxy/upstream"
-	"github.com/AdguardTeam/golibs/container"
 	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/logutil/slogutil"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/google/uuid"
 )
@@ -136,7 +135,8 @@ type Persistent struct {
 }
 
 // validate returns an error if persistent client information contains errors.
-func (c *Persistent) validate(allTags *container.MapSet[string]) (err error) {
+// allTags must be sorted.
+func (c *Persistent) validate(ctx context.Context, l *slog.Logger, allTags []string) (err error) {
 	switch {
 	case c.Name == "":
 		return errors.Error("empty name")
@@ -153,11 +153,12 @@ func (c *Persistent) validate(allTags *container.MapSet[string]) (err error) {
 
 	err = conf.Close()
 	if err != nil {
-		log.Error("client: closing upstream config: %s", err)
+		l.ErrorContext(ctx, "client: closing upstream config", slogutil.KeyError, err)
 	}
 
 	for _, t := range c.Tags {
-		if !allTags.Has(t) {
+		_, ok := slices.BinarySearch(allTags, t)
+		if !ok {
 			return fmt.Errorf("invalid tag: %q", t)
 		}
 	}
@@ -322,20 +323,3 @@ func (c *Persistent) CloseUpstreams() (err error) {
 
 	return nil
 }
-
-// SetSafeSearch initializes and sets the safe search filter for this client.
-func (c *Persistent) SetSafeSearch(
-	conf filtering.SafeSearchConfig,
-	cacheSize uint,
-	cacheTTL time.Duration,
-) (err error) {
-	ss, err := safesearch.NewDefault(conf, fmt.Sprintf("client %q", c.Name), cacheSize, cacheTTL)
-	if err != nil {
-		// Don't wrap the error, because it's informative enough as is.
-		return err
-	}
-
-	c.SafeSearch = ss
-
-	return nil
-}

internal/client/persistent_internal_test.go

@@ -1,11 +1,8 @@
 package client
 
 import (
-	"net/netip"
 	"testing"
 
-	"github.com/AdguardTeam/golibs/container"
-	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -125,69 +122,3 @@ func TestPersistent_EqualIDs(t *testing.T) {
 		})
 	}
 }
-
-func TestPersistent_Validate(t *testing.T) {
-	const (
-		allowedTag    = "allowed_tag"
-		notAllowedTag = "not_allowed_tag"
-	)
-
-	allowedTags := container.NewMapSet(allowedTag)
-
-	testCases := []struct {
-		name       string
-		cli        *Persistent
-		wantErrMsg string
-	}{{
-		name: "success",
-		cli: &Persistent{
-			Name: "basic",
-			IPs: []netip.Addr{
-				netip.MustParseAddr("1.2.3.4"),
-			},
-			UID: MustNewUID(),
-		},
-		wantErrMsg: "",
-	}, {
-		name: "empty_name",
-		cli: &Persistent{
-			Name: "",
-		},
-		wantErrMsg: "empty name",
-	}, {
-		name: "no_id",
-		cli: &Persistent{
-			Name: "no_id",
-		},
-		wantErrMsg: "id required",
-	}, {
-		name: "no_uid",
-		cli: &Persistent{
-			Name: "no_uid",
-			IPs: []netip.Addr{
-				netip.MustParseAddr("1.2.3.4"),
-			},
-		},
-		wantErrMsg: "uid required",
-	}, {
-		name: "not_allowed_tag",
-		cli: &Persistent{
-			Name: "basic",
-			IPs: []netip.Addr{
-				netip.MustParseAddr("1.2.3.4"),
-			},
-			UID: MustNewUID(),
-			Tags: []string{
-				notAllowedTag,
-			},
-		},
-		wantErrMsg: `invalid tag: "` + notAllowedTag + `"`,
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			err := tc.cli.validate(allowedTags)
-			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
-		})
-	}
-}

internal/client/runtimeindex.go

@@ -2,39 +2,34 @@ package client
 
 import "net/netip"
 
-// RuntimeIndex stores information about runtime clients.
-type RuntimeIndex struct {
+// runtimeIndex stores information about runtime clients.
+type runtimeIndex struct {
 	// index maps IP address to runtime client.
 	index map[netip.Addr]*Runtime
 }
 
-// NewRuntimeIndex returns initialized runtime index.
-func NewRuntimeIndex() (ri *RuntimeIndex) {
-	return &RuntimeIndex{
+// newRuntimeIndex returns initialized runtime index.
+func newRuntimeIndex() (ri *runtimeIndex) {
+	return &runtimeIndex{
 		index: map[netip.Addr]*Runtime{},
 	}
 }
 
-// Client returns the saved runtime client by ip.  If no such client exists,
+// client returns the saved runtime client by ip.  If no such client exists,
 // returns nil.
-func (ri *RuntimeIndex) Client(ip netip.Addr) (rc *Runtime) {
+func (ri *runtimeIndex) client(ip netip.Addr) (rc *Runtime) {
 	return ri.index[ip]
 }
 
-// Add saves the runtime client in the index.  IP address of a client must be
+// add saves the runtime client in the index.  IP address of a client must be
 // unique.  See [Runtime.Client].  rc must not be nil.
-func (ri *RuntimeIndex) Add(rc *Runtime) {
+func (ri *runtimeIndex) add(rc *Runtime) {
 	ip := rc.Addr()
 	ri.index[ip] = rc
 }
 
-// Size returns the number of the runtime clients.
-func (ri *RuntimeIndex) Size() (n int) {
-	return len(ri.index)
-}
-
-// Range calls f for each runtime client in an undefined order.
-func (ri *RuntimeIndex) Range(f func(rc *Runtime) (cont bool)) {
+// rangeClients calls f for each runtime client in an undefined order.
+func (ri *runtimeIndex) rangeClients(f func(rc *Runtime) (cont bool)) {
 	for _, rc := range ri.index {
 		if !f(rc) {
 			return
@@ -42,17 +37,31 @@ func (ri *RuntimeIndex) Range(f func(rc *Runtime) (cont bool)) {
 	}
 }
 
-// Delete removes the runtime client by ip.
-func (ri *RuntimeIndex) Delete(ip netip.Addr) {
-	delete(ri.index, ip)
+// setInfo sets the client information from cs for runtime client stored by ip.
+// If no such client exists, it creates one.
+func (ri *runtimeIndex) setInfo(ip netip.Addr, cs Source, hosts []string) (rc *Runtime) {
+	rc = ri.index[ip]
+	if rc == nil {
+		rc = NewRuntime(ip)
+		ri.add(rc)
+	}
+
+	rc.setInfo(cs, hosts)
+
+	return rc
 }
 
-// DeleteBySource removes all runtime clients that have information only from
-// the specified source and returns the number of removed clients.
-func (ri *RuntimeIndex) DeleteBySource(src Source) (n int) {
-	for ip, rc := range ri.index {
+// clearSource removes information from the specified source from all clients.
+func (ri *runtimeIndex) clearSource(src Source) {
+	for _, rc := range ri.index {
 		rc.unset(src)
+	}
+}
 
+// removeEmpty removes empty runtime clients and returns the number of removed
+// clients.
+func (ri *runtimeIndex) removeEmpty() (n int) {
+	for ip, rc := range ri.index {
 		if rc.isEmpty() {
 			delete(ri.index, ip)
 			n++

internal/client/runtimeindex_test.go

@@ -1,85 +0,0 @@
-package client_test
-
-import (
-	"net/netip"
-	"testing"
-
-	"github.com/AdguardTeam/AdGuardHome/internal/client"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestRuntimeIndex(t *testing.T) {
-	const cliSrc = client.SourceARP
-
-	var (
-		ip1 = netip.MustParseAddr("1.1.1.1")
-		ip2 = netip.MustParseAddr("2.2.2.2")
-		ip3 = netip.MustParseAddr("3.3.3.3")
-	)
-
-	ri := client.NewRuntimeIndex()
-	currentSize := 0
-
-	testCases := []struct {
-		ip    netip.Addr
-		name  string
-		hosts []string
-		src   client.Source
-	}{{
-		src:   cliSrc,
-		ip:    ip1,
-		name:  "1",
-		hosts: []string{"host1"},
-	}, {
-		src:   cliSrc,
-		ip:    ip2,
-		name:  "2",
-		hosts: []string{"host2"},
-	}, {
-		src:   cliSrc,
-		ip:    ip3,
-		name:  "3",
-		hosts: []string{"host3"},
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			rc := client.NewRuntime(tc.ip)
-			rc.SetInfo(tc.src, tc.hosts)
-
-			ri.Add(rc)
-			currentSize++
-
-			got := ri.Client(tc.ip)
-			assert.Equal(t, rc, got)
-		})
-	}
-
-	t.Run("size", func(t *testing.T) {
-		assert.Equal(t, currentSize, ri.Size())
-	})
-
-	t.Run("range", func(t *testing.T) {
-		s := 0
-
-		ri.Range(func(rc *client.Runtime) (cont bool) {
-			s++
-
-			return true
-		})
-
-		assert.Equal(t, currentSize, s)
-	})
-
-	t.Run("delete", func(t *testing.T) {
-		ri.Delete(ip1)
-		currentSize--
-
-		assert.Equal(t, currentSize, ri.Size())
-	})
-
-	t.Run("delete_by_src", func(t *testing.T) {
-		assert.Equal(t, currentSize, ri.DeleteBySource(cliSrc))
-		assert.Equal(t, 0, ri.Size())
-	})
-}

internal/client/storage.go

@@ -1,28 +1,121 @@
 package client
 
 import (
+	"context"
 	"fmt"
+	"log/slog"
 	"net"
 	"net/netip"
+	"slices"
 	"sync"
+	"time"
 
-	"github.com/AdguardTeam/golibs/container"
+	"github.com/AdguardTeam/AdGuardHome/internal/arpdb"
+	"github.com/AdguardTeam/AdGuardHome/internal/dhcpsvc"
+	"github.com/AdguardTeam/AdGuardHome/internal/whois"
 	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/golibs/hostsfile"
+	"github.com/AdguardTeam/golibs/logutil/slogutil"
 )
 
-// Config is the client storage configuration structure.
-//
-// TODO(s.chzhen):  Expand.
-type Config struct {
-	// AllowedTags is a list of all allowed client tags.
-	AllowedTags []string
+// allowedTags is the list of available client tags.
+var allowedTags = []string{
+	"device_audio",
+	"device_camera",
+	"device_gameconsole",
+	"device_laptop",
+	"device_nas", // Network-attached Storage
+	"device_other",
+	"device_pc",
+	"device_phone",
+	"device_printer",
+	"device_securityalarm",
+	"device_tablet",
+	"device_tv",
+
+	"os_android",
+	"os_ios",
+	"os_linux",
+	"os_macos",
+	"os_other",
+	"os_windows",
+
+	"user_admin",
+	"user_child",
+	"user_regular",
+}
+
+// DHCP is an interface for accessing DHCP lease data the [Storage] needs.
+type DHCP interface {
+	// Leases returns all the DHCP leases.
+	Leases() (leases []*dhcpsvc.Lease)
+
+	// HostByIP returns the hostname of the DHCP client with the given IP
+	// address.  host will be empty if there is no such client, due to an
+	// assumption that a DHCP client must always have a hostname.
+	HostByIP(ip netip.Addr) (host string)
+
+	// MACByIP returns the MAC address for the given IP address leased.  It
+	// returns nil if there is no such client, due to an assumption that a DHCP
+	// client must always have a MAC address.
+	MACByIP(ip netip.Addr) (mac net.HardwareAddr)
+}
+
+// EmptyDHCP is the empty [DHCP] implementation that does nothing.
+type EmptyDHCP struct{}
+
+// type check
+var _ DHCP = EmptyDHCP{}
+
+// Leases implements the [DHCP] interface for emptyDHCP.
+func (EmptyDHCP) Leases() (leases []*dhcpsvc.Lease) { return nil }
+
+// HostByIP implements the [DHCP] interface for emptyDHCP.
+func (EmptyDHCP) HostByIP(_ netip.Addr) (host string) { return "" }
+
+// MACByIP implements the [DHCP] interface for emptyDHCP.
+func (EmptyDHCP) MACByIP(_ netip.Addr) (mac net.HardwareAddr) { return nil }
+
+// HostsContainer is an interface for receiving updates to the system hosts
+// file.
+type HostsContainer interface {
+	Upd() (updates <-chan *hostsfile.DefaultStorage)
+}
+
+// StorageConfig is the client storage configuration structure.
+type StorageConfig struct {
+	// Logger is used for logging the operation of the client storage.  It must
+	// not be nil.
+	Logger *slog.Logger
+
+	// DHCP is used to match IPs against MACs of persistent clients and update
+	// [SourceDHCP] runtime client information.  It must not be nil.
+	DHCP DHCP
+
+	// EtcHosts is used to update [SourceHostsFile] runtime client information.
+	EtcHosts HostsContainer
+
+	// ARPDB is used to update [SourceARP] runtime client information.
+	ARPDB arpdb.Interface
+
+	// InitialClients is a list of persistent clients parsed from the
+	// configuration file.  Each client must not be nil.
+	InitialClients []*Persistent
+
+	// ARPClientsUpdatePeriod defines how often [SourceARP] runtime client
+	// information is updated.
+	ARPClientsUpdatePeriod time.Duration
+
+	// RuntimeSourceDHCP specifies whether to update [SourceDHCP] information
+	// of runtime clients.
+	RuntimeSourceDHCP bool
 }
 
 // Storage contains information about persistent and runtime clients.
 type Storage struct {
-	// allowedTags is a set of all allowed tags.
-	allowedTags *container.MapSet[string]
+	// logger is used for logging the operation of the client storage.  It must
+	// not be nil.
+	logger *slog.Logger
 
 	// mu protects indexes of persistent and runtime clients.
 	mu *sync.Mutex
@@ -31,28 +124,277 @@ type Storage struct {
 	index *index
 
 	// runtimeIndex contains information about runtime clients.
+	runtimeIndex *runtimeIndex
+
+	// dhcp is used to update [SourceDHCP] runtime client information.
+	dhcp DHCP
+
+	// etcHosts is used to update [SourceHostsFile] runtime client information.
+	etcHosts HostsContainer
+
+	// arpDB is used to update [SourceARP] runtime client information.
+	arpDB arpdb.Interface
+
+	// done is the shutdown signaling channel.
+	done chan struct{}
+
+	// allowedTags is a sorted list of all allowed tags.  It must not be
+	// modified after initialization.
 	//
-	// TODO(s.chzhen):  Use it.
-	runtimeIndex *RuntimeIndex
+	// TODO(s.chzhen):  Use custom type.
+	allowedTags []string
+
+	// arpClientsUpdatePeriod defines how often [SourceARP] runtime client
+	// information is updated.  It must be greater than zero.
+	arpClientsUpdatePeriod time.Duration
+
+	// runtimeSourceDHCP specifies whether to update [SourceDHCP] information
+	// of runtime clients.
+	runtimeSourceDHCP bool
 }
 
 // NewStorage returns initialized client storage.  conf must not be nil.
-func NewStorage(conf *Config) (s *Storage) {
-	allowedTags := container.NewMapSet(conf.AllowedTags...)
+func NewStorage(ctx context.Context, conf *StorageConfig) (s *Storage, err error) {
+	tags := slices.Clone(allowedTags)
+	slices.Sort(tags)
 
-	return &Storage{
-		allowedTags:  allowedTags,
-		mu:           &sync.Mutex{},
-		index:        newIndex(),
-		runtimeIndex: NewRuntimeIndex(),
+	s = &Storage{
+		logger:                 conf.Logger,
+		mu:                     &sync.Mutex{},
+		index:                  newIndex(),
+		runtimeIndex:           newRuntimeIndex(),
+		dhcp:                   conf.DHCP,
+		etcHosts:               conf.EtcHosts,
+		arpDB:                  conf.ARPDB,
+		done:                   make(chan struct{}),
+		allowedTags:            tags,
+		arpClientsUpdatePeriod: conf.ARPClientsUpdatePeriod,
+		runtimeSourceDHCP:      conf.RuntimeSourceDHCP,
+	}
+
+	for i, p := range conf.InitialClients {
+		err = s.Add(ctx, p)
+		if err != nil {
+			return nil, fmt.Errorf("adding client %q at index %d: %w", p.Name, i, err)
+		}
+	}
+
+	s.ReloadARP(ctx)
+
+	return s, nil
+}
+
+// Start starts the goroutines for updating the runtime client information.
+//
+// TODO(s.chzhen):  Pass context.
+func (s *Storage) Start(ctx context.Context) (err error) {
+	go s.periodicARPUpdate(ctx)
+	go s.handleHostsUpdates(ctx)
+
+	return nil
+}
+
+// Shutdown gracefully stops the client storage.
+//
+// TODO(s.chzhen):  Pass context.
+func (s *Storage) Shutdown(_ context.Context) (err error) {
+	close(s.done)
+
+	return s.closeUpstreams()
+}
+
+// periodicARPUpdate periodically reloads runtime clients from ARP.  It is
+// intended to be used as a goroutine.
+func (s *Storage) periodicARPUpdate(ctx context.Context) {
+	defer slogutil.RecoverAndLog(ctx, s.logger)
+
+	t := time.NewTicker(s.arpClientsUpdatePeriod)
+
+	for {
+		select {
+		case <-t.C:
+			s.ReloadARP(ctx)
+		case <-s.done:
+			return
+		}
 	}
 }
 
+// ReloadARP reloads runtime clients from ARP, if configured.
+func (s *Storage) ReloadARP(ctx context.Context) {
+	if s.arpDB != nil {
+		s.addFromSystemARP(ctx)
+	}
+}
+
+// addFromSystemARP adds the IP-hostname pairings from the output of the arp -a
+// command.
+func (s *Storage) addFromSystemARP(ctx context.Context) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	if err := s.arpDB.Refresh(); err != nil {
+		s.arpDB = arpdb.Empty{}
+		s.logger.ErrorContext(ctx, "refreshing arp container", slogutil.KeyError, err)
+
+		return
+	}
+
+	ns := s.arpDB.Neighbors()
+	if len(ns) == 0 {
+		s.logger.DebugContext(ctx, "refreshing arp container: the update is empty")
+
+		return
+	}
+
+	src := SourceARP
+	s.runtimeIndex.clearSource(src)
+
+	for _, n := range ns {
+		s.runtimeIndex.setInfo(n.IP, src, []string{n.Name})
+	}
+
+	removed := s.runtimeIndex.removeEmpty()
+
+	s.logger.DebugContext(
+		ctx,
+		"updating client aliases from arp neighborhood",
+		"added", len(ns),
+		"removed", removed,
+	)
+}
+
+// handleHostsUpdates receives the updates from the hosts container and adds
+// them to the clients storage.  It is intended to be used as a goroutine.
+func (s *Storage) handleHostsUpdates(ctx context.Context) {
+	if s.etcHosts == nil {
+		return
+	}
+
+	defer slogutil.RecoverAndLog(ctx, s.logger)
+
+	for {
+		select {
+		case upd, ok := <-s.etcHosts.Upd():
+			if !ok {
+				return
+			}
+
+			s.addFromHostsFile(ctx, upd)
+		case <-s.done:
+			return
+		}
+	}
+}
+
+// addFromHostsFile fills the client-hostname pairing index from the system's
+// hosts files.
+func (s *Storage) addFromHostsFile(ctx context.Context, hosts *hostsfile.DefaultStorage) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	src := SourceHostsFile
+	s.runtimeIndex.clearSource(src)
+
+	added := 0
+	hosts.RangeNames(func(addr netip.Addr, names []string) (cont bool) {
+		// Only the first name of the first record is considered a canonical
+		// hostname for the IP address.
+		//
+		// TODO(e.burkov):  Consider using all the names from all the records.
+		s.runtimeIndex.setInfo(addr, src, []string{names[0]})
+		added++
+
+		return true
+	})
+
+	removed := s.runtimeIndex.removeEmpty()
+	s.logger.DebugContext(
+		ctx,
+		"updating client aliases from system hosts file",
+		"added", added,
+		"removed", removed,
+	)
+}
+
+// type check
+var _ AddressUpdater = (*Storage)(nil)
+
+// UpdateAddress implements the [AddressUpdater] interface for *Storage
+func (s *Storage) UpdateAddress(ctx context.Context, ip netip.Addr, host string, info *whois.Info) {
+	// Common fast path optimization.
+	if host == "" && info == nil {
+		return
+	}
+
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	if host != "" {
+		s.runtimeIndex.setInfo(ip, SourceRDNS, []string{host})
+	}
+
+	if info != nil {
+		s.setWHOISInfo(ctx, ip, info)
+	}
+}
+
+// UpdateDHCP updates [SourceDHCP] runtime client information.
+func (s *Storage) UpdateDHCP(ctx context.Context) {
+	if s.dhcp == nil || !s.runtimeSourceDHCP {
+		return
+	}
+
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	src := SourceDHCP
+	s.runtimeIndex.clearSource(src)
+
+	added := 0
+	for _, l := range s.dhcp.Leases() {
+		s.runtimeIndex.setInfo(l.IP, src, []string{l.Hostname})
+		added++
+	}
+
+	removed := s.runtimeIndex.removeEmpty()
+	s.logger.DebugContext(
+		ctx,
+		"updating client aliases from dhcp",
+		"added", added,
+		"removed", removed,
+	)
+}
+
+// setWHOISInfo sets the WHOIS information for a runtime client.
+func (s *Storage) setWHOISInfo(ctx context.Context, ip netip.Addr, wi *whois.Info) {
+	_, ok := s.index.findByIP(ip)
+	if ok {
+		s.logger.DebugContext(
+			ctx,
+			"persistent client is already created, ignore whois info",
+			"ip", ip,
+		)
+
+		return
+	}
+
+	rc := s.runtimeIndex.client(ip)
+	if rc == nil {
+		rc = NewRuntime(ip)
+		s.runtimeIndex.add(rc)
+	}
+
+	rc.setWHOIS(wi)
+
+	s.logger.DebugContext(ctx, "set whois info for runtime client", "ip", ip, "whois", wi)
+}
+
 // Add stores persistent client information or returns an error.
-func (s *Storage) Add(p *Persistent) (err error) {
+func (s *Storage) Add(ctx context.Context, p *Persistent) (err error) {
 	defer func() { err = errors.Annotate(err, "adding client: %w") }()
 
-	err = p.validate(s.allowedTags)
+	err = p.validate(ctx, s.logger, s.allowedTags)
 	if err != nil {
 		// Don't wrap the error since there is already an annotation deferred.
 		return err
@@ -75,7 +417,13 @@ func (s *Storage) Add(p *Persistent) (err error) {
 
 	s.index.add(p)
 
-	log.Debug("client storage: added %q: IDs: %q [%d]", p.Name, p.IDs(), s.index.size())
+	s.logger.DebugContext(
+		ctx,
+		"client added",
+		"name", p.Name,
+		"ids", p.IDs(),
+		"clients_count", s.index.size(),
+	)
 
 	return nil
 }
@@ -95,6 +443,9 @@ func (s *Storage) FindByName(name string) (p *Persistent, ok bool) {
 
 // Find finds persistent client by string representation of the client ID, IP
 // address, or MAC.  And returns its shallow copy.
+//
+// TODO(s.chzhen):  Accept ClientIDData structure instead, which will contain
+// the parsed IP address, if any.
 func (s *Storage) Find(id string) (p *Persistent, ok bool) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
@@ -104,6 +455,16 @@ func (s *Storage) Find(id string) (p *Persistent, ok bool) {
 		return p.ShallowClone(), ok
 	}
 
+	ip, err := netip.ParseAddr(id)
+	if err != nil {
+		return nil, false
+	}
+
+	foundMAC := s.dhcp.MACByIP(ip)
+	if foundMAC != nil {
+		return s.FindByMAC(foundMAC)
+	}
+
 	return nil, false
 }
 
@@ -131,11 +492,9 @@ func (s *Storage) FindLoose(ip netip.Addr, id string) (p *Persistent, ok bool) {
 	return nil, false
 }
 
-// FindByMAC finds persistent client by MAC and returns its shallow copy.
+// FindByMAC finds persistent client by MAC and returns its shallow copy.  s.mu
+// is expected to be locked.
 func (s *Storage) FindByMAC(mac net.HardwareAddr) (p *Persistent, ok bool) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-
 	p, ok = s.index.findByMAC(mac)
 	if ok {
 		return p.ShallowClone(), ok
@@ -146,7 +505,7 @@ func (s *Storage) FindByMAC(mac net.HardwareAddr) (p *Persistent, ok bool) {
 
 // RemoveByName removes persistent client information.  ok is false if no such
 // client exists by that name.
-func (s *Storage) RemoveByName(name string) (ok bool) {
+func (s *Storage) RemoveByName(ctx context.Context, name string) (ok bool) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
@@ -156,7 +515,7 @@ func (s *Storage) RemoveByName(name string) (ok bool) {
 	}
 
 	if err := p.CloseUpstreams(); err != nil {
-		log.Error("client storage: removing client %q: %s", p.Name, err)
+		s.logger.ErrorContext(ctx, "removing client", "name", p.Name, slogutil.KeyError, err)
 	}
 
 	s.index.remove(p)
@@ -166,10 +525,10 @@ func (s *Storage) RemoveByName(name string) (ok bool) {
 
 // Update finds the stored persistent client by its name and updates its
 // information from p.
-func (s *Storage) Update(name string, p *Persistent) (err error) {
+func (s *Storage) Update(ctx context.Context, name string, p *Persistent) (err error) {
 	defer func() { err = errors.Annotate(err, "updating client: %w") }()
 
-	err = p.validate(s.allowedTags)
+	err = p.validate(ctx, s.logger, s.allowedTags)
 	if err != nil {
 		// Don't wrap the error since there is already an annotation deferred.
 		return err
@@ -217,8 +576,8 @@ func (s *Storage) Size() (n int) {
 	return s.index.size()
 }
 
-// CloseUpstreams closes upstream configurations of persistent clients.
-func (s *Storage) CloseUpstreams() (err error) {
+// closeUpstreams closes upstream configurations of persistent clients.
+func (s *Storage) closeUpstreams() (err error) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
@@ -227,63 +586,39 @@ func (s *Storage) CloseUpstreams() (err error) {
 
 // ClientRuntime returns a copy of the saved runtime client by ip.  If no such
 // client exists, returns nil.
-//
-// TODO(s.chzhen):  Use it.
 func (s *Storage) ClientRuntime(ip netip.Addr) (rc *Runtime) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
-	return s.runtimeIndex.Client(ip)
-}
+	rc = s.runtimeIndex.client(ip)
+	if rc != nil {
+		return rc.clone()
+	}
 
-// AddRuntime saves the runtime client information in the storage.  IP address
-// of a client must be unique.  rc must not be nil.
-//
-// TODO(s.chzhen):  Use it.
-func (s *Storage) AddRuntime(rc *Runtime) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
+	if !s.runtimeSourceDHCP {
+		return nil
+	}
 
-	s.runtimeIndex.Add(rc)
-}
+	host := s.dhcp.HostByIP(ip)
+	if host == "" {
+		return nil
+	}
 
-// SizeRuntime returns the number of the runtime clients.
-//
-// TODO(s.chzhen):  Use it.
-func (s *Storage) SizeRuntime() (n int) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
+	rc = s.runtimeIndex.setInfo(ip, SourceDHCP, []string{host})
 
-	return s.runtimeIndex.Size()
+	return rc.clone()
 }
 
 // RangeRuntime calls f for each runtime client in an undefined order.
-//
-// TODO(s.chzhen):  Use it.
 func (s *Storage) RangeRuntime(f func(rc *Runtime) (cont bool)) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
-	s.runtimeIndex.Range(f)
+	s.runtimeIndex.rangeClients(f)
 }
 
-// DeleteRuntime removes the runtime client by ip.
-//
-// TODO(s.chzhen):  Use it.
-func (s *Storage) DeleteRuntime(ip netip.Addr) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-
-	s.runtimeIndex.Delete(ip)
-}
-
-// DeleteBySource removes all runtime clients that have information only from
-// the specified source and returns the number of removed clients.
-//
-// TODO(s.chzhen):  Use it.
-func (s *Storage) DeleteBySource(src Source) (n int) {
-	s.mu.Lock()
-	defer s.mu.Unlock()
-
-	return s.runtimeIndex.DeleteBySource(src)
+// AllowedTags returns the list of available client tags.  tags must not be
+// modified.
+func (s *Storage) AllowedTags() (tags []string) {
+	return s.allowedTags
 }

internal/client/storage_test.go

@@ -3,28 +3,549 @@ package client_test
 import (
 	"net"
 	"net/netip"
+	"runtime"
+	"slices"
+	"sync"
 	"testing"
+	"time"
 
+	"github.com/AdguardTeam/AdGuardHome/internal/arpdb"
 	"github.com/AdguardTeam/AdGuardHome/internal/client"
+	"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
+	"github.com/AdguardTeam/AdGuardHome/internal/dhcpsvc"
+	"github.com/AdguardTeam/AdGuardHome/internal/whois"
+	"github.com/AdguardTeam/golibs/hostsfile"
+	"github.com/AdguardTeam/golibs/logutil/slogutil"
 	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
+// newTestStorage is a helper function that returns initialized storage.
+func newTestStorage(tb testing.TB) (s *client.Storage) {
+	tb.Helper()
+
+	ctx := testutil.ContextWithTimeout(tb, testTimeout)
+	s, err := client.NewStorage(ctx, &client.StorageConfig{
+		Logger: slogutil.NewDiscardLogger(),
+	})
+	require.NoError(tb, err)
+
+	return s
+}
+
+// testHostsContainer is a mock implementation of the [client.HostsContainer]
+// interface.
+type testHostsContainer struct {
+	onUpd func() (updates <-chan *hostsfile.DefaultStorage)
+}
+
+// type check
+var _ client.HostsContainer = (*testHostsContainer)(nil)
+
+// Upd implements the [client.HostsContainer] interface for *testHostsContainer.
+func (c *testHostsContainer) Upd() (updates <-chan *hostsfile.DefaultStorage) {
+	return c.onUpd()
+}
+
+// Interface stores and refreshes the network neighborhood reported by ARP
+// (Address Resolution Protocol).
+type Interface interface {
+	// Refresh updates the stored data.  It must be safe for concurrent use.
+	Refresh() (err error)
+
+	// Neighbors returnes the last set of data reported by ARP.  Both the method
+	// and it's result must be safe for concurrent use.
+	Neighbors() (ns []arpdb.Neighbor)
+}
+
+// testARPDB is a mock implementation of the [arpdb.Interface].
+type testARPDB struct {
+	onRefresh   func() (err error)
+	onNeighbors func() (ns []arpdb.Neighbor)
+}
+
+// type check
+var _ arpdb.Interface = (*testARPDB)(nil)
+
+// Refresh implements the [arpdb.Interface] interface for *testARP.
+func (c *testARPDB) Refresh() (err error) {
+	return c.onRefresh()
+}
+
+// Neighbors implements the [arpdb.Interface] interface for *testARP.
+func (c *testARPDB) Neighbors() (ns []arpdb.Neighbor) {
+	return c.onNeighbors()
+}
+
+// testDHCP is a mock implementation of the [client.DHCP].
+type testDHCP struct {
+	OnLeases func() (leases []*dhcpsvc.Lease)
+	OnHostBy func(ip netip.Addr) (host string)
+	OnMACBy  func(ip netip.Addr) (mac net.HardwareAddr)
+}
+
+// type check
+var _ client.DHCP = (*testDHCP)(nil)
+
+// Lease implements the [client.DHCP] interface for *testDHCP.
+func (t *testDHCP) Leases() (leases []*dhcpsvc.Lease) { return t.OnLeases() }
+
+// HostByIP implements the [client.DHCP] interface for *testDHCP.
+func (t *testDHCP) HostByIP(ip netip.Addr) (host string) { return t.OnHostBy(ip) }
+
+// MACByIP implements the [client.DHCP] interface for *testDHCP.
+func (t *testDHCP) MACByIP(ip netip.Addr) (mac net.HardwareAddr) { return t.OnMACBy(ip) }
+
+// compareRuntimeInfo is a helper function that returns true if the runtime
+// client has provided info.
+func compareRuntimeInfo(rc *client.Runtime, src client.Source, host string) (ok bool) {
+	s, h := rc.Info()
+	if s != src {
+		return false
+	} else if h != host {
+		return false
+	}
+
+	return true
+}
+
+func TestStorage_Add_hostsfile(t *testing.T) {
+	var (
+		cliIP1   = netip.MustParseAddr("1.1.1.1")
+		cliName1 = "client_one"
+
+		cliIP2   = netip.MustParseAddr("2.2.2.2")
+		cliName2 = "client_two"
+	)
+
+	hostCh := make(chan *hostsfile.DefaultStorage)
+	h := &testHostsContainer{
+		onUpd: func() (updates <-chan *hostsfile.DefaultStorage) { return hostCh },
+	}
+
+	ctx := testutil.ContextWithTimeout(t, testTimeout)
+	storage, err := client.NewStorage(ctx, &client.StorageConfig{
+		Logger:                 slogutil.NewDiscardLogger(),
+		DHCP:                   client.EmptyDHCP{},
+		EtcHosts:               h,
+		ARPClientsUpdatePeriod: testTimeout / 10,
+	})
+	require.NoError(t, err)
+
+	err = storage.Start(testutil.ContextWithTimeout(t, testTimeout))
+	require.NoError(t, err)
+
+	testutil.CleanupAndRequireSuccess(t, func() (err error) {
+		return storage.Shutdown(testutil.ContextWithTimeout(t, testTimeout))
+	})
+
+	t.Run("add_hosts", func(t *testing.T) {
+		var s *hostsfile.DefaultStorage
+		s, err = hostsfile.NewDefaultStorage()
+		require.NoError(t, err)
+
+		s.Add(&hostsfile.Record{
+			Addr:  cliIP1,
+			Names: []string{cliName1},
+		})
+
+		testutil.RequireSend(t, hostCh, s, testTimeout)
+
+		require.Eventually(t, func() (ok bool) {
+			cli1 := storage.ClientRuntime(cliIP1)
+			if cli1 == nil {
+				return false
+			}
+
+			assert.True(t, compareRuntimeInfo(cli1, client.SourceHostsFile, cliName1))
+
+			return true
+		}, testTimeout, testTimeout/10)
+	})
+
+	t.Run("update_hosts", func(t *testing.T) {
+		var s *hostsfile.DefaultStorage
+		s, err = hostsfile.NewDefaultStorage()
+		require.NoError(t, err)
+
+		s.Add(&hostsfile.Record{
+			Addr:  cliIP2,
+			Names: []string{cliName2},
+		})
+
+		testutil.RequireSend(t, hostCh, s, testTimeout)
+
+		require.Eventually(t, func() (ok bool) {
+			cli2 := storage.ClientRuntime(cliIP2)
+			if cli2 == nil {
+				return false
+			}
+
+			assert.True(t, compareRuntimeInfo(cli2, client.SourceHostsFile, cliName2))
+
+			cli1 := storage.ClientRuntime(cliIP1)
+			require.Nil(t, cli1)
+
+			return true
+		}, testTimeout, testTimeout/10)
+	})
+}
+
+func TestStorage_Add_arp(t *testing.T) {
+	var (
+		mu        sync.Mutex
+		neighbors []arpdb.Neighbor
+
+		cliIP1   = netip.MustParseAddr("1.1.1.1")
+		cliName1 = "client_one"
+
+		cliIP2   = netip.MustParseAddr("2.2.2.2")
+		cliName2 = "client_two"
+	)
+
+	a := &testARPDB{
+		onRefresh: func() (err error) { return nil },
+		onNeighbors: func() (ns []arpdb.Neighbor) {
+			mu.Lock()
+			defer mu.Unlock()
+
+			return neighbors
+		},
+	}
+
+	ctx := testutil.ContextWithTimeout(t, testTimeout)
+	storage, err := client.NewStorage(ctx, &client.StorageConfig{
+		Logger:                 slogutil.NewDiscardLogger(),
+		DHCP:                   client.EmptyDHCP{},
+		ARPDB:                  a,
+		ARPClientsUpdatePeriod: testTimeout / 10,
+	})
+	require.NoError(t, err)
+
+	err = storage.Start(testutil.ContextWithTimeout(t, testTimeout))
+	require.NoError(t, err)
+
+	testutil.CleanupAndRequireSuccess(t, func() (err error) {
+		return storage.Shutdown(testutil.ContextWithTimeout(t, testTimeout))
+	})
+
+	t.Run("add_hosts", func(t *testing.T) {
+		func() {
+			mu.Lock()
+			defer mu.Unlock()
+
+			neighbors = []arpdb.Neighbor{{
+				Name: cliName1,
+				IP:   cliIP1,
+			}}
+		}()
+
+		require.Eventually(t, func() (ok bool) {
+			cli1 := storage.ClientRuntime(cliIP1)
+			if cli1 == nil {
+				return false
+			}
+
+			assert.True(t, compareRuntimeInfo(cli1, client.SourceARP, cliName1))
+
+			return true
+		}, testTimeout, testTimeout/10)
+	})
+
+	t.Run("update_hosts", func(t *testing.T) {
+		func() {
+			mu.Lock()
+			defer mu.Unlock()
+
+			neighbors = []arpdb.Neighbor{{
+				Name: cliName2,
+				IP:   cliIP2,
+			}}
+		}()
+
+		require.Eventually(t, func() (ok bool) {
+			cli2 := storage.ClientRuntime(cliIP2)
+			if cli2 == nil {
+				return false
+			}
+
+			assert.True(t, compareRuntimeInfo(cli2, client.SourceARP, cliName2))
+
+			cli1 := storage.ClientRuntime(cliIP1)
+			require.Nil(t, cli1)
+
+			return true
+		}, testTimeout, testTimeout/10)
+	})
+}
+
+func TestStorage_Add_whois(t *testing.T) {
+	var (
+		cliIP1 = netip.MustParseAddr("1.1.1.1")
+
+		cliIP2   = netip.MustParseAddr("2.2.2.2")
+		cliName2 = "client_two"
+
+		cliIP3   = netip.MustParseAddr("3.3.3.3")
+		cliName3 = "client_three"
+	)
+
+	ctx := testutil.ContextWithTimeout(t, testTimeout)
+	storage, err := client.NewStorage(ctx, &client.StorageConfig{
+		Logger: slogutil.NewDiscardLogger(),
+		DHCP:   client.EmptyDHCP{},
+	})
+	require.NoError(t, err)
+
+	whois := &whois.Info{
+		Country: "AU",
+		Orgname: "Example Org",
+	}
+
+	t.Run("new_client", func(t *testing.T) {
+		storage.UpdateAddress(ctx, cliIP1, "", whois)
+		cli1 := storage.ClientRuntime(cliIP1)
+		require.NotNil(t, cli1)
+
+		assert.Equal(t, whois, cli1.WHOIS())
+	})
+
+	t.Run("existing_runtime_client", func(t *testing.T) {
+		storage.UpdateAddress(ctx, cliIP2, cliName2, nil)
+		storage.UpdateAddress(ctx, cliIP2, "", whois)
+
+		cli2 := storage.ClientRuntime(cliIP2)
+		require.NotNil(t, cli2)
+
+		assert.True(t, compareRuntimeInfo(cli2, client.SourceRDNS, cliName2))
+
+		assert.Equal(t, whois, cli2.WHOIS())
+	})
+
+	t.Run("can't_set_persistent_client", func(t *testing.T) {
+		err = storage.Add(ctx, &client.Persistent{
+			Name: cliName3,
+			UID:  client.MustNewUID(),
+			IPs:  []netip.Addr{cliIP3},
+		})
+		require.NoError(t, err)
+
+		storage.UpdateAddress(ctx, cliIP3, "", whois)
+		rc := storage.ClientRuntime(cliIP3)
+		require.Nil(t, rc)
+	})
+}
+
+func TestClientsDHCP(t *testing.T) {
+	var (
+		cliIP1   = netip.MustParseAddr("1.1.1.1")
+		cliName1 = "one.dhcp"
+
+		cliIP2   = netip.MustParseAddr("2.2.2.2")
+		cliMAC2  = mustParseMAC("22:22:22:22:22:22")
+		cliName2 = "two.dhcp"
+
+		cliIP3   = netip.MustParseAddr("3.3.3.3")
+		cliMAC3  = mustParseMAC("33:33:33:33:33:33")
+		cliName3 = "three.dhcp"
+
+		prsCliIP   = netip.MustParseAddr("4.3.2.1")
+		prsCliMAC  = mustParseMAC("AA:AA:AA:AA:AA:AA")
+		prsCliName = "persistent.dhcp"
+	)
+
+	ipToHost := map[netip.Addr]string{
+		cliIP1: cliName1,
+	}
+	ipToMAC := map[netip.Addr]net.HardwareAddr{
+		prsCliIP: prsCliMAC,
+	}
+
+	leases := []*dhcpsvc.Lease{{
+		IP:       cliIP2,
+		Hostname: cliName2,
+		HWAddr:   cliMAC2,
+	}, {
+		IP:       cliIP3,
+		Hostname: cliName3,
+		HWAddr:   cliMAC3,
+	}}
+
+	d := &testDHCP{
+		OnLeases: func() (ls []*dhcpsvc.Lease) {
+			return leases
+		},
+		OnHostBy: func(ip netip.Addr) (host string) {
+			return ipToHost[ip]
+		},
+		OnMACBy: func(ip netip.Addr) (mac net.HardwareAddr) {
+			return ipToMAC[ip]
+		},
+	}
+
+	ctx := testutil.ContextWithTimeout(t, testTimeout)
+	storage, err := client.NewStorage(ctx, &client.StorageConfig{
+		Logger:            slogutil.NewDiscardLogger(),
+		DHCP:              d,
+		RuntimeSourceDHCP: true,
+	})
+	require.NoError(t, err)
+
+	t.Run("find_runtime", func(t *testing.T) {
+		cli1 := storage.ClientRuntime(cliIP1)
+		require.NotNil(t, cli1)
+
+		assert.True(t, compareRuntimeInfo(cli1, client.SourceDHCP, cliName1))
+	})
+
+	t.Run("find_persistent", func(t *testing.T) {
+		err = storage.Add(ctx, &client.Persistent{
+			Name: prsCliName,
+			UID:  client.MustNewUID(),
+			MACs: []net.HardwareAddr{prsCliMAC},
+		})
+		require.NoError(t, err)
+
+		prsCli, ok := storage.Find(prsCliIP.String())
+		require.True(t, ok)
+
+		assert.Equal(t, prsCliName, prsCli.Name)
+	})
+
+	t.Run("leases", func(t *testing.T) {
+		delete(ipToHost, cliIP1)
+		storage.UpdateDHCP(ctx)
+
+		cli1 := storage.ClientRuntime(cliIP1)
+		require.Nil(t, cli1)
+
+		for i, l := range leases {
+			cli := storage.ClientRuntime(l.IP)
+			require.NotNil(t, cli)
+
+			src, host := cli.Info()
+			assert.Equal(t, client.SourceDHCP, src)
+			assert.Equal(t, leases[i].Hostname, host)
+		}
+	})
+
+	t.Run("range", func(t *testing.T) {
+		s := 0
+		storage.RangeRuntime(func(rc *client.Runtime) (cont bool) {
+			s++
+
+			return true
+		})
+
+		assert.Equal(t, len(leases), s)
+	})
+}
+
+func TestClientsAddExisting(t *testing.T) {
+	ctx := testutil.ContextWithTimeout(t, testTimeout)
+
+	t.Run("simple", func(t *testing.T) {
+		storage, err := client.NewStorage(ctx, &client.StorageConfig{
+			Logger: slogutil.NewDiscardLogger(),
+			DHCP:   client.EmptyDHCP{},
+		})
+		require.NoError(t, err)
+
+		ip := netip.MustParseAddr("1.1.1.1")
+
+		// Add a client.
+		err = storage.Add(ctx, &client.Persistent{
+			Name:    "client1",
+			UID:     client.MustNewUID(),
+			IPs:     []netip.Addr{ip, netip.MustParseAddr("1:2:3::4")},
+			Subnets: []netip.Prefix{netip.MustParsePrefix("2.2.2.0/24")},
+			MACs:    []net.HardwareAddr{{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA}},
+		})
+		require.NoError(t, err)
+
+		// Now add an auto-client with the same IP.
+		storage.UpdateAddress(ctx, ip, "test", nil)
+		rc := storage.ClientRuntime(ip)
+		assert.True(t, compareRuntimeInfo(rc, client.SourceRDNS, "test"))
+	})
+
+	t.Run("complicated", func(t *testing.T) {
+		// TODO(a.garipov): Properly decouple the DHCP server from the client
+		// storage.
+		if runtime.GOOS == "windows" {
+			t.Skip("skipping dhcp test on windows")
+		}
+
+		// First, init a DHCP server with a single static lease.
+		config := &dhcpd.ServerConfig{
+			Enabled: true,
+			DataDir: t.TempDir(),
+			Conf4: dhcpd.V4ServerConf{
+				Enabled:    true,
+				GatewayIP:  netip.MustParseAddr("1.2.3.1"),
+				SubnetMask: netip.MustParseAddr("255.255.255.0"),
+				RangeStart: netip.MustParseAddr("1.2.3.2"),
+				RangeEnd:   netip.MustParseAddr("1.2.3.10"),
+			},
+		}
+
+		dhcpServer, err := dhcpd.Create(config)
+		require.NoError(t, err)
+
+		storage, err := client.NewStorage(ctx, &client.StorageConfig{
+			Logger: slogutil.NewDiscardLogger(),
+			DHCP:   dhcpServer,
+		})
+		require.NoError(t, err)
+
+		ip := netip.MustParseAddr("1.2.3.4")
+
+		err = dhcpServer.AddStaticLease(&dhcpsvc.Lease{
+			HWAddr:   net.HardwareAddr{0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA},
+			IP:       ip,
+			Hostname: "testhost",
+			Expiry:   time.Now().Add(time.Hour),
+		})
+		require.NoError(t, err)
+
+		// Add a new client with the same IP as for a client with MAC.
+		err = storage.Add(ctx, &client.Persistent{
+			Name: "client2",
+			UID:  client.MustNewUID(),
+			IPs:  []netip.Addr{ip},
+		})
+		require.NoError(t, err)
+
+		// Add a new client with the IP from the first client's IP range.
+		err = storage.Add(ctx, &client.Persistent{
+			Name: "client3",
+			UID:  client.MustNewUID(),
+			IPs:  []netip.Addr{netip.MustParseAddr("2.2.2.2")},
+		})
+		require.NoError(t, err)
+	})
+}
+
 // newStorage is a helper function that returns a client storage filled with
 // persistent clients from the m.  It also generates a UID for each client.
 func newStorage(tb testing.TB, m []*client.Persistent) (s *client.Storage) {
 	tb.Helper()
 
-	s = client.NewStorage(&client.Config{
-		AllowedTags: nil,
+	ctx := testutil.ContextWithTimeout(tb, testTimeout)
+	s, err := client.NewStorage(ctx, &client.StorageConfig{
+		Logger: slogutil.NewDiscardLogger(),
+		DHCP:   client.EmptyDHCP{},
 	})
+	require.NoError(tb, err)
 
 	for _, c := range m {
 		c.UID = client.MustNewUID()
-		require.NoError(tb, s.Add(c))
+		require.NoError(tb, s.Add(ctx, c))
 	}
 
+	require.Equal(tb, len(m), s.Size())
+
 	return s
 }
 
@@ -43,6 +564,9 @@ func TestStorage_Add(t *testing.T) {
 	const (
 		existingName     = "existing_name"
 		existingClientID = "existing_client_id"
+
+		allowedTag    = "user_admin"
+		notAllowedTag = "not_allowed_tag"
 	)
 
 	var (
@@ -59,10 +583,19 @@ func TestStorage_Add(t *testing.T) {
 		UID:       existingClientUID,
 	}
 
-	s := client.NewStorage(&client.Config{
-		AllowedTags: nil,
-	})
-	err := s.Add(existingClient)
+	ctx := testutil.ContextWithTimeout(t, testTimeout)
+	s := newTestStorage(t)
+	tags := s.AllowedTags()
+	require.NotZero(t, len(tags))
+	require.True(t, slices.IsSorted(tags))
+
+	_, ok := slices.BinarySearch(tags, allowedTag)
+	require.True(t, ok)
+
+	_, ok = slices.BinarySearch(tags, notAllowedTag)
+	require.False(t, ok)
+
+	err := s.Add(ctx, existingClient)
 	require.NoError(t, err)
 
 	testCases := []struct {
@@ -119,11 +652,51 @@ func TestStorage_Add(t *testing.T) {
 		},
 		wantErrMsg: `adding client: another client "existing_name" ` +
 			`uses the same ClientID "existing_client_id"`,
+	}, {
+		name: "not_allowed_tag",
+		cli: &client.Persistent{
+			Name: "not_allowed_tag",
+			Tags: []string{notAllowedTag},
+			IPs:  []netip.Addr{netip.MustParseAddr("4.4.4.4")},
+			UID:  client.MustNewUID(),
+		},
+		wantErrMsg: `adding client: invalid tag: "not_allowed_tag"`,
+	}, {
+		name: "allowed_tag",
+		cli: &client.Persistent{
+			Name: "allowed_tag",
+			Tags: []string{allowedTag},
+			IPs:  []netip.Addr{netip.MustParseAddr("5.5.5.5")},
+			UID:  client.MustNewUID(),
+		},
+		wantErrMsg: "",
+	}, {
+		name: "",
+		cli: &client.Persistent{
+			Name: "",
+			IPs:  []netip.Addr{netip.MustParseAddr("6.6.6.6")},
+			UID:  client.MustNewUID(),
+		},
+		wantErrMsg: "adding client: empty name",
+	}, {
+		name: "no_id",
+		cli: &client.Persistent{
+			Name: "no_id",
+			UID:  client.MustNewUID(),
+		},
+		wantErrMsg: "adding client: id required",
+	}, {
+		name: "no_uid",
+		cli: &client.Persistent{
+			Name: "no_uid",
+			IPs:  []netip.Addr{netip.MustParseAddr("7.7.7.7")},
+		},
+		wantErrMsg: "adding client: uid required",
 	}}
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			err = s.Add(tc.cli)
+			err = s.Add(ctx, tc.cli)
 
 			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
 		})
@@ -141,10 +714,9 @@ func TestStorage_RemoveByName(t *testing.T) {
 		UID:  client.MustNewUID(),
 	}
 
-	s := client.NewStorage(&client.Config{
-		AllowedTags: nil,
-	})
-	err := s.Add(existingClient)
+	ctx := testutil.ContextWithTimeout(t, testTimeout)
+	s := newTestStorage(t)
+	err := s.Add(ctx, existingClient)
 	require.NoError(t, err)
 
 	testCases := []struct {
@@ -163,19 +735,17 @@ func TestStorage_RemoveByName(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			tc.want(t, s.RemoveByName(tc.cliName))
+			tc.want(t, s.RemoveByName(ctx, tc.cliName))
 		})
 	}
 
 	t.Run("duplicate_remove", func(t *testing.T) {
-		s = client.NewStorage(&client.Config{
-			AllowedTags: nil,
-		})
-		err = s.Add(existingClient)
+		s = newTestStorage(t)
+		err = s.Add(ctx, existingClient)
 		require.NoError(t, err)
 
-		assert.True(t, s.RemoveByName(existingName))
-		assert.False(t, s.RemoveByName(existingName))
+		assert.True(t, s.RemoveByName(ctx, existingName))
+		assert.False(t, s.RemoveByName(ctx, existingName))
 	})
 }
 
@@ -341,6 +911,127 @@ func TestStorage_FindLoose(t *testing.T) {
 	}
 }
 
+func TestStorage_FindByName(t *testing.T) {
+	const (
+		cliIP1 = "1.1.1.1"
+		cliIP2 = "2.2.2.2"
+	)
+
+	const (
+		clientExistingName        = "client_existing"
+		clientAnotherExistingName = "client_another_existing"
+		nonExistingClientName     = "client_non_existing"
+	)
+
+	var (
+		clientExisting = &client.Persistent{
+			Name: clientExistingName,
+			IPs:  []netip.Addr{netip.MustParseAddr(cliIP1)},
+		}
+
+		clientAnotherExisting = &client.Persistent{
+			Name: clientAnotherExistingName,
+			IPs:  []netip.Addr{netip.MustParseAddr(cliIP2)},
+		}
+	)
+
+	clients := []*client.Persistent{
+		clientExisting,
+		clientAnotherExisting,
+	}
+	s := newStorage(t, clients)
+
+	testCases := []struct {
+		want       *client.Persistent
+		name       string
+		clientName string
+	}{{
+		name:       "existing",
+		clientName: clientExistingName,
+		want:       clientExisting,
+	}, {
+		name:       "another_existing",
+		clientName: clientAnotherExistingName,
+		want:       clientAnotherExisting,
+	}, {
+		name:       "non_existing",
+		clientName: nonExistingClientName,
+		want:       nil,
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			c, ok := s.FindByName(tc.clientName)
+			if tc.want == nil {
+				assert.False(t, ok)
+
+				return
+			}
+
+			assert.True(t, ok)
+			assert.Equal(t, tc.want, c)
+		})
+	}
+}
+
+func TestStorage_FindByMAC(t *testing.T) {
+	var (
+		cliMAC               = mustParseMAC("11:11:11:11:11:11")
+		cliAnotherMAC        = mustParseMAC("22:22:22:22:22:22")
+		nonExistingClientMAC = mustParseMAC("33:33:33:33:33:33")
+	)
+
+	var (
+		clientExisting = &client.Persistent{
+			Name: "client",
+			MACs: []net.HardwareAddr{cliMAC},
+		}
+
+		clientAnotherExisting = &client.Persistent{
+			Name: "another_client",
+			MACs: []net.HardwareAddr{cliAnotherMAC},
+		}
+	)
+
+	clients := []*client.Persistent{
+		clientExisting,
+		clientAnotherExisting,
+	}
+	s := newStorage(t, clients)
+
+	testCases := []struct {
+		want      *client.Persistent
+		name      string
+		clientMAC net.HardwareAddr
+	}{{
+		name:      "existing",
+		clientMAC: cliMAC,
+		want:      clientExisting,
+	}, {
+		name:      "another_existing",
+		clientMAC: cliAnotherMAC,
+		want:      clientAnotherExisting,
+	}, {
+		name:      "non_existing",
+		clientMAC: nonExistingClientMAC,
+		want:      nil,
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			c, ok := s.FindByMAC(tc.clientMAC)
+			if tc.want == nil {
+				assert.False(t, ok)
+
+				return
+			}
+
+			assert.True(t, ok)
+			assert.Equal(t, tc.want, c)
+		})
+	}
+}
+
 func TestStorage_Update(t *testing.T) {
 	const (
 		clientName          = "client_name"
@@ -413,6 +1104,7 @@ func TestStorage_Update(t *testing.T) {
 			`uses the same ClientID "obstructing_client_id"`,
 	}}
 
+	ctx := testutil.ContextWithTimeout(t, testTimeout)
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			s := newStorage(
@@ -423,7 +1115,7 @@ func TestStorage_Update(t *testing.T) {
 				},
 			)
 
-			err := s.Update(clientName, tc.cli)
+			err := s.Update(ctx, clientName, tc.cli)
 			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
 		})
 	}

internal/configmigrate/configmigrate.go

@@ -2,4 +2,4 @@
 package configmigrate
 
 // LastSchemaVersion is the most recent schema version.
-const LastSchemaVersion uint = 28
+const LastSchemaVersion uint = 29

internal/configmigrate/migrations_internal_test.go

@@ -19,6 +19,7 @@ func TestUpgradeSchema1to2(t *testing.T) {
 
 	m := New(&Config{
 		WorkingDir: "",
+		DataDir:    "",
 	})
 
 	err := m.migrateTo2(diskConf)
@@ -520,7 +521,7 @@ func TestUpgradeSchema11to12(t *testing.T) {
 		name    string
 	}{{
 		ivl:     1,
-		want:    timeutil.Duration{Duration: timeutil.Day},
+		want:    timeutil.Duration(timeutil.Day),
 		wantErr: "",
 		name:    "success",
 	}, {
@@ -603,7 +604,7 @@ func TestUpgradeSchema11to12(t *testing.T) {
 		ivlVal, ok = ivl.(timeutil.Duration)
 		require.True(t, ok)
 
-		assert.Equal(t, 90*24*time.Hour, ivlVal.Duration)
+		assert.Equal(t, 90*24*time.Hour, time.Duration(ivlVal))
 	})
 }
 
@@ -1054,12 +1055,12 @@ func TestUpgradeSchema19to20(t *testing.T) {
 		name    string
 	}{{
 		ivl:     1,
-		want:    timeutil.Duration{Duration: timeutil.Day},
+		want:    timeutil.Duration(timeutil.Day),
 		wantErr: "",
 		name:    "success",
 	}, {
 		ivl:     0,
-		want:    timeutil.Duration{Duration: timeutil.Day},
+		want:    timeutil.Duration(timeutil.Day),
 		wantErr: "",
 		name:    "success",
 	}, {
@@ -1142,7 +1143,7 @@ func TestUpgradeSchema19to20(t *testing.T) {
 		ivlVal, ok = ivl.(timeutil.Duration)
 		require.True(t, ok)
 
-		assert.Equal(t, 24*time.Hour, ivlVal.Duration)
+		assert.Equal(t, 24*time.Hour, time.Duration(ivlVal))
 	})
 }
 

internal/configmigrate/migrator.go

@@ -10,20 +10,24 @@ import (
 
 // Config is a the configuration for initializing a [Migrator].
 type Config struct {
-	// WorkingDir is an absolute path to the working directory of AdGuardHome.
+	// WorkingDir is the absolute path to the working directory of AdGuardHome.
 	WorkingDir string
+
+	// DataDir is the absolute path to the data directory of AdGuardHome.
+	DataDir string
 }
 
 // Migrator performs the YAML configuration file migrations.
 type Migrator struct {
-	// workingDir is an absolute path to the working directory of AdGuardHome.
 	workingDir string
+	dataDir    string
 }
 
 // New creates a new Migrator.
-func New(cfg *Config) (m *Migrator) {
+func New(c *Config) (m *Migrator) {
 	return &Migrator{
-		workingDir: cfg.WorkingDir,
+		workingDir: c.WorkingDir,
+		dataDir:    c.DataDir,
 	}
 }
 
@@ -120,6 +124,7 @@ func (m *Migrator) upgradeConfigSchema(current, target uint, diskConf yobj) (err
 		25: migrateTo26,
 		26: migrateTo27,
 		27: migrateTo28,
+		28: m.migrateTo29,
 	}
 
 	for i, migrate := range upgrades[current:target] {

internal/configmigrate/migrator_test.go

@@ -1,9 +1,12 @@
 package configmigrate_test
 
 import (
+	"bytes"
 	"io/fs"
 	"os"
 	"path"
+	"path/filepath"
+	"runtime"
 	"testing"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/configmigrate"
@@ -202,6 +205,7 @@ func TestMigrateConfig_Migrate(t *testing.T) {
 
 			migrator := configmigrate.New(&configmigrate.Config{
 				WorkingDir: t.Name(),
+				DataDir:    filepath.Join(t.Name(), "data"),
 			})
 			newBody, upgraded, err := migrator.Migrate(body, tc.targetVersion)
 			require.NoError(t, err)
@@ -211,3 +215,43 @@ func TestMigrateConfig_Migrate(t *testing.T) {
 		})
 	}
 }
+
+// TODO(a.garipov):  Consider ways of merging into the previous one.
+func TestMigrateConfig_Migrate_v29(t *testing.T) {
+	const (
+		pathUnix       = `/path/to/file.txt`
+		userDirPatUnix = `TestMigrateConfig_Migrate/v29/data/userfilters/*`
+
+		pathWindows       = `C:\path\to\file.txt`
+		userDirPatWindows = `TestMigrateConfig_Migrate\v29\data\userfilters\*`
+	)
+
+	pathToReplace := pathUnix
+	patternToReplace := userDirPatUnix
+	if runtime.GOOS == "windows" {
+		pathToReplace = pathWindows
+		patternToReplace = userDirPatWindows
+	}
+
+	body, err := fs.ReadFile(testdata, "TestMigrateConfig_Migrate/v29/input.yml")
+	require.NoError(t, err)
+
+	body = bytes.ReplaceAll(body, []byte("FILEPATH"), []byte(pathToReplace))
+
+	wantBody, err := fs.ReadFile(testdata, "TestMigrateConfig_Migrate/v29/output.yml")
+	require.NoError(t, err)
+
+	wantBody = bytes.ReplaceAll(wantBody, []byte("FILEPATH"), []byte(pathToReplace))
+	wantBody = bytes.ReplaceAll(wantBody, []byte("USERFILTERSPATH"), []byte(patternToReplace))
+
+	migrator := configmigrate.New(&configmigrate.Config{
+		WorkingDir: t.Name(),
+		DataDir:    "TestMigrateConfig_Migrate/v29/data",
+	})
+
+	newBody, upgraded, err := migrator.Migrate(body, 29)
+	require.NoError(t, err)
+	require.True(t, upgraded)
+
+	require.YAMLEq(t, string(wantBody), string(newBody))
+}

internal/configmigrate/testdata/TestMigrateConfig_Migrate/v29/input.yml

@@ -0,0 +1,117 @@
+http:
+  address: 127.0.0.1:3000
+  session_ttl: 3h
+  pprof:
+    enabled: true
+    port: 6060
+users:
+- name: testuser
+  password: testpassword
+dns:
+  bind_hosts:
+  - 127.0.0.1
+  port: 53
+  parental_sensitivity: 0
+  upstream_dns:
+  - tls://1.1.1.1
+  - tls://1.0.0.1
+  - quic://8.8.8.8:784
+  bootstrap_dns:
+  - 8.8.8.8:53
+  edns_client_subnet:
+    enabled:    true
+    use_custom: false
+    custom_ip:  ""
+filtering:
+  filtering_enabled: true
+  parental_enabled: false
+  safebrowsing_enabled: false
+  safe_search:
+    enabled:    false
+    bing:       true
+    duckduckgo: true
+    google:     true
+    pixabay:    true
+    yandex:     true
+    youtube:    true
+  protection_enabled: true
+  blocked_services:
+    schedule:
+      time_zone: Local
+    ids:
+    - 500px
+  blocked_response_ttl: 10
+filters:
+- url: https://adaway.org/hosts.txt
+  name: AdAway
+  enabled: false
+- url: FILEPATH
+  name: Local Filter
+  enabled: false
+clients:
+  persistent:
+  - name: localhost
+    ids:
+    - 127.0.0.1
+    - aa:aa:aa:aa:aa:aa
+    use_global_settings: true
+    use_global_blocked_services: true
+    filtering_enabled: false
+    parental_enabled: false
+    safebrowsing_enabled: false
+    safe_search:
+      enabled:    true
+      bing:       true
+      duckduckgo: true
+      google:     true
+      pixabay:    true
+      yandex:     true
+      youtube:    true
+    blocked_services:
+      schedule:
+        time_zone: Local
+      ids:
+      - 500px
+  runtime_sources:
+    whois: true
+    arp:   true
+    rdns:  true
+    dhcp:  true
+    hosts: true
+dhcp:
+  enabled: false
+  interface_name: vboxnet0
+  local_domain_name: local
+  dhcpv4:
+    gateway_ip: 192.168.0.1
+    subnet_mask: 255.255.255.0
+    range_start: 192.168.0.10
+    range_end: 192.168.0.250
+    lease_duration: 1234
+    icmp_timeout_msec: 10
+schema_version: 28
+user_rules: []
+querylog:
+  enabled: true
+  file_enabled: true
+  interval: 720h
+  size_memory: 1000
+  ignored:
+  - '|.^'
+statistics:
+  enabled: true
+  interval: 240h
+  ignored:
+  - '|.^'
+os:
+  group: ''
+  rlimit_nofile: 123
+  user: ''
+log:
+  file: ""
+  max_backups: 0
+  max_size: 100
+  max_age: 3
+  compress: true
+  local_time: false
+  verbose: true

internal/configmigrate/testdata/TestMigrateConfig_Migrate/v29/output.yml

@@ -0,0 +1,120 @@
+http:
+  address: 127.0.0.1:3000
+  session_ttl: 3h
+  pprof:
+    enabled: true
+    port: 6060
+users:
+- name: testuser
+  password: testpassword
+dns:
+  bind_hosts:
+  - 127.0.0.1
+  port: 53
+  parental_sensitivity: 0
+  upstream_dns:
+  - tls://1.1.1.1
+  - tls://1.0.0.1
+  - quic://8.8.8.8:784
+  bootstrap_dns:
+  - 8.8.8.8:53
+  edns_client_subnet:
+    enabled:    true
+    use_custom: false
+    custom_ip:  ""
+filtering:
+  filtering_enabled: true
+  parental_enabled: false
+  safebrowsing_enabled: false
+  safe_fs_patterns:
+      - USERFILTERSPATH
+      - FILEPATH
+  safe_search:
+    enabled:    false
+    bing:       true
+    duckduckgo: true
+    google:     true
+    pixabay:    true
+    yandex:     true
+    youtube:    true
+  protection_enabled: true
+  blocked_services:
+    schedule:
+      time_zone: Local
+    ids:
+    - 500px
+  blocked_response_ttl: 10
+filters:
+- url: https://adaway.org/hosts.txt
+  name: AdAway
+  enabled: false
+- url: FILEPATH
+  name: Local Filter
+  enabled: false
+clients:
+  persistent:
+  - name: localhost
+    ids:
+    - 127.0.0.1
+    - aa:aa:aa:aa:aa:aa
+    use_global_settings: true
+    use_global_blocked_services: true
+    filtering_enabled: false
+    parental_enabled: false
+    safebrowsing_enabled: false
+    safe_search:
+      enabled:    true
+      bing:       true
+      duckduckgo: true
+      google:     true
+      pixabay:    true
+      yandex:     true
+      youtube:    true
+    blocked_services:
+      schedule:
+        time_zone: Local
+      ids:
+      - 500px
+  runtime_sources:
+    whois: true
+    arp:   true
+    rdns:  true
+    dhcp:  true
+    hosts: true
+dhcp:
+  enabled: false
+  interface_name: vboxnet0
+  local_domain_name: local
+  dhcpv4:
+    gateway_ip: 192.168.0.1
+    subnet_mask: 255.255.255.0
+    range_start: 192.168.0.10
+    range_end: 192.168.0.250
+    lease_duration: 1234
+    icmp_timeout_msec: 10
+schema_version: 29
+user_rules: []
+querylog:
+  enabled: true
+  file_enabled: true
+  interval: 720h
+  size_memory: 1000
+  ignored:
+  - '|.^'
+statistics:
+  enabled: true
+  interval: 240h
+  ignored:
+  - '|.^'
+os:
+  group: ''
+  rlimit_nofile: 123
+  user: ''
+log:
+  file: ""
+  max_backups: 0
+  max_size: 100
+  max_age: 3
+  compress: true
+  local_time: false
+  verbose: true

internal/configmigrate/v12.go

@@ -37,7 +37,7 @@ func migrateTo12(diskConf yobj) (err error) {
 		qlogIvl = 90
 	}
 
-	dns[field] = timeutil.Duration{Duration: time.Duration(qlogIvl) * timeutil.Day}
+	dns[field] = timeutil.Duration(time.Duration(qlogIvl) * timeutil.Day)
 
 	return nil
 }

internal/configmigrate/v20.go

@@ -38,7 +38,7 @@ func migrateTo20(diskConf yobj) (err error) {
 		ivl = 1
 	}
 
-	stats[field] = timeutil.Duration{Duration: time.Duration(ivl) * timeutil.Day}
+	stats[field] = timeutil.Duration(time.Duration(ivl) * timeutil.Day)
 
 	return nil
 }

internal/configmigrate/v23.go

@@ -48,7 +48,7 @@ func migrateTo23(diskConf yobj) (err error) {
 
 	diskConf["http"] = yobj{
 		"address":     netip.AddrPortFrom(bindHostAddr, uint16(bindPort)).String(),
-		"session_ttl": timeutil.Duration{Duration: time.Duration(sessionTTL) * time.Hour}.String(),
+		"session_ttl": timeutil.Duration(time.Duration(sessionTTL) * time.Hour).String(),
 	}
 
 	delete(diskConf, "bind_host")

internal/configmigrate/v29.go

@@ -0,0 +1,63 @@
+package configmigrate
+
+import (
+	"fmt"
+	"path/filepath"
+)
+
+// migrateTo29 performs the following changes:
+//
+//	# BEFORE:
+//	'filters':
+//	  - 'enabled': true
+//	    'url': /path/to/file.txt
+//	    'name': My FS Filter
+//	    'id': 1234
+//
+//	# AFTER:
+//	'filters':
+//	  - 'enabled': true
+//	    'url': /path/to/file.txt
+//	    'name': My FS Filter
+//	    'id': 1234
+//	# …
+//	'filtering':
+//	  'safe_fs_patterns':
+//	    - '/opt/AdGuardHome/data/userfilters/*'
+//	    - '/path/to/file.txt'
+//	  # …
+func (m Migrator) migrateTo29(diskConf yobj) (err error) {
+	diskConf["schema_version"] = 29
+
+	filterVals, ok, err := fieldVal[[]any](diskConf, "filters")
+	if !ok {
+		return err
+	}
+
+	paths := []string{
+		filepath.Join(m.dataDir, "userfilters", "*"),
+	}
+
+	for i, v := range filterVals {
+		var f yobj
+		f, ok = v.(yobj)
+		if !ok {
+			return fmt.Errorf("filters: at index %d: expected object, got %T", i, v)
+		}
+
+		var u string
+		u, ok, _ = fieldVal[string](f, "url")
+		if ok && filepath.IsAbs(u) {
+			paths = append(paths, u)
+		}
+	}
+
+	fltConf, ok, err := fieldVal[yobj](diskConf, "filtering")
+	if !ok {
+		return err
+	}
+
+	fltConf["safe_fs_patterns"] = paths
+
+	return nil
+}

internal/dhcpd/README.md

@@ -1,61 +1,50 @@
- #  Testing DHCP Server
+# Testing DHCP Server
 
 Contents:
- *  [Test setup with Virtual Box](#vbox)
- *  [Quick test with DHCPTest](#dhcptest)
 
-##  <a href="#vbox" id="vbox" name="vbox">Test setup with Virtual Box</a>
+- [Test setup with Virtual Box](#vbox)
+- [Quick test with DHCPTest](#dhcptest)
 
-   ### Prerequisites
+## <a href="#vbox" id="vbox" name="vbox">Test setup with Virtual Box</a>
+
+### Prerequisites
 
 To set up a test environment for DHCP server you will need:
 
- *  Linux AG Home host machine (Virtual).
- *  Virtual Box.
- *  Virtual machine (guest OS doesn't matter).
+- Linux AG Home host machine (Virtual)
+- Virtual Box
+- Virtual machine (guest OS doesn't matter)
 
-   ### Configure Virtual Box
+### Configure Virtual Box
 
- 1.  Install Virtual Box and run the following command to create a Host-Only
-     network:
+1. Install Virtual Box and run the following command to create a Host-Only network:
 
-     ```sh
-     $ VBoxManage hostonlyif create
-     ```
+    ```sh
+    VBoxManage hostonlyif create
+    ```
 
-     You can check its status by `ip a` command.
+    You can check its status by `ip a` command.
 
-     You can also set up Host-Only network using Virtual Box menu:
+    You can also set up Host-Only network using Virtual Box menu in *File → Host Network Manager.*
 
-     ```
-     File -> Host Network Manager...
-     ```
+2. Create your virtual machine and set up its network in *VM Settings → Network → Host-only Adapter.*
 
- 2.  Create your virtual machine and set up its network:
+3. Start your VM, install an OS. Configure your network interface to use DHCP and the OS should ask for a IP address from our DHCP server.
 
-     ```
-     VM Settings -> Network -> Host-only Adapter
-     ```
+4. To see the current IP addresses on client OS you can use `ip a` command on Linux or `ipconfig` on Windows.
 
- 3.  Start your VM, install an OS.  Configure your network interface to use
-     DHCP and the OS should ask for a IP address from our DHCP server.
+5. To force the client OS to request an IP from DHCP server again, you can use `dhclient` on Linux or `ipconfig /release` on Windows.
 
- 4.  To see the current IP addresses on client OS you can use `ip a` command on
-     Linux or `ipconfig` on Windows.
+### Configure server
 
- 5.  To force the client OS to request an IP from DHCP server again, you can
-     use `dhclient` on Linux or `ipconfig /release` on Windows.
+1. Edit server configuration file `AdGuardHome.yaml`, for example:
 
-   ### Configure server
-
- 1.  Edit server configuration file `AdGuardHome.yaml`, for example:
-
-     ```yaml
-     dhcp:
-          enabled: true
-          interface_name: vboxnet0
-          local_domain_name: lan
-          dhcpv4:
+    ```yaml
+    dhcp:
+        enabled: true
+        interface_name: vboxnet0
+        local_domain_name: lan
+        dhcpv4:
             gateway_ip: 192.168.56.1
             subnet_mask: 255.255.255.0
             range_start: 192.168.56.2
@@ -63,34 +52,33 @@ To set up a test environment for DHCP server you will need:
             lease_duration: 86400
             icmp_timeout_msec: 1000
             options: []
-          dhcpv6:
+        dhcpv6:
             range_start: 2001::1
             lease_duration: 86400
             ra_slaac_only: false
             ra_allow_slaac: false
-     ```
+    ```
 
- 2.  Start the server
+2. Start the server:
 
-     ```sh
-     ./AdGuardHome -v
-     ```
+    ```sh
+    ./AdGuardHome -v
+    ```
 
-     There should be a message in log which shows that DHCP server is ready:
+    There should be a message in log which shows that DHCP server is ready:
 
-     ```
-     [info] DHCP: listening on 0.0.0.0:67
-     ```
+    ```none
+    [info] dhcpv4: listening
+    ```
 
-##  <a href="#dhcptest" id="dhcptest" name="dhcptest">Quick test with DHCPTest utility</a>
+## <a href="#dhcptest" id="dhcptest" name="dhcptest">Quick test with DHCPTest utility</a>
 
-   ### Prerequisites
+### Prerequisites
 
- *  [DHCP test utility][dhcptest-gh].
+- [DHCP test utility][dhcptest-gh].
 
-   ### Quick test
+### Quick test
 
-The DHCP server could be tested for DISCOVER-OFFER packets with in
-interactive mode.
+The DHCP server could be tested for DISCOVER-OFFER packets with in interactive mode.
 
 [dhcptest-gh]: https://github.com/CyberShadow/dhcptest

internal/dhcpd/db.go

@@ -12,6 +12,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpsvc"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
@@ -185,7 +186,7 @@ func writeDB(path string, leases []*dbLease) (err error) {
 		return err
 	}
 
-	err = maybe.WriteFile(path, buf, 0o644)
+	err = maybe.WriteFile(path, buf, aghos.DefaultPermFile)
 	if err != nil {
 		// Don't wrap the error since it's informative enough as is.
 		return err

internal/dhcpd/options_unix.go

@@ -84,7 +84,7 @@ func parseDHCPOptionDur(s string) (val dhcpv4.OptionValue, err error) {
 		return nil, fmt.Errorf("decoding dur: %w", err)
 	}
 
-	return dhcpv4.Duration(v.Duration), nil
+	return dhcpv4.Duration(v), nil
 }
 
 // parseDHCPOptionUint parses a DHCP option as an unsigned integer.  bitSize is

internal/dhcpd/options_unix_test.go

@@ -144,8 +144,8 @@ func TestParseOpt(t *testing.T) {
 		in:       "24 dur 3y",
 		wantCode: nil,
 		wantVal:  nil,
-		wantErrMsg: "invalid option string \"24 dur 3y\": decoding dur: " +
-			"unmarshaling duration: time: unknown unit \"y\" in duration \"3y\"",
+		wantErrMsg: `invalid option string "24 dur 3y": decoding dur: time: ` +
+			`unknown unit "y" in duration "3y"`,
 	}, {
 		name:     "u8_error",
 		in:       "23 u8 256",

internal/dhcpd/v4_unix.go

@@ -18,9 +18,11 @@ import (
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/timeutil"
-	"github.com/go-ping/ping"
 	"github.com/insomniacslk/dhcp/dhcpv4"
 	"github.com/insomniacslk/dhcp/dhcpv4/server4"
+
+	//lint:ignore SA1019 See the TODO in go.mod.
+	"github.com/go-ping/ping"
 )
 
 // v4Server is a DHCPv4 server.

internal/dhcpsvc/config.go

@@ -3,10 +3,12 @@ package dhcpsvc
 import (
 	"fmt"
 	"log/slog"
+	"maps"
+	"os"
+	"slices"
 	"time"
 
 	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/mapsutil"
 	"github.com/AdguardTeam/golibs/netutil"
 )
 
@@ -23,7 +25,8 @@ type Config struct {
 	// clients' hostnames.
 	LocalDomainName string
 
-	// TODO(e.burkov):  Add DB path.
+	// DBFilePath is the path to the database file containing the DHCP leases.
+	DBFilePath string
 
 	// ICMPTimeout is the timeout for checking another DHCP server's presence.
 	ICMPTimeout time.Duration
@@ -64,20 +67,25 @@ func (conf *Config) Validate() (err error) {
 		errs = append(errs, err)
 	}
 
+	// This is a best-effort check for the file accessibility.  The file will be
+	// checked again when it is opened later.
+	if _, err = os.Stat(conf.DBFilePath); err != nil && !errors.Is(err, os.ErrNotExist) {
+		errs = append(errs, fmt.Errorf("db file path %q: %w", conf.DBFilePath, err))
+	}
+
 	if len(conf.Interfaces) == 0 {
 		errs = append(errs, errNoInterfaces)
 
 		return errors.Join(errs...)
 	}
 
-	mapsutil.SortedRange(conf.Interfaces, func(iface string, ic *InterfaceConfig) (ok bool) {
+	for _, iface := range slices.Sorted(maps.Keys(conf.Interfaces)) {
+		ic := conf.Interfaces[iface]
 		err = ic.validate()
 		if err != nil {
 			errs = append(errs, fmt.Errorf("interface %q: %w", iface, err))
 		}
-
-		return true
-	})
+	}
 
 	return errors.Join(errs...)
 }