changelog

CHANGELOG.md

@@ -9,46 +9,25 @@ The format is based on [*Keep a Changelog*](https://keepachangelog.com/en/1.0.0/
 <!--
 ## [v0.108.0] – TBA
 
-## [v0.107.59] - 2025-04-01 (APPROX.)
+## [v0.107.58] - 2025-03-11 (APPROX.)
 
-See also the [v0.107.59 GitHub milestone][ms-v0.107.59].
+See also the [v0.107.58 GitHub milestone][ms-v0.107.58].
 
-[ms-v0.107.59]: https://github.com/AdguardTeam/AdGuardHome/milestone/94?closed=1
+[ms-v0.107.58]: https://github.com/AdguardTeam/AdGuardHome/milestone/93?closed=1
 
 NOTE: Add new changes BELOW THIS COMMENT.
 -->
 
-### Fixed
+### Added
 
-- Rules with the `client` modifier not working ([#7708]).
+- Client id and DNS record type to the filtering check form.
-
-- The search form not working in the query log ([#7704]).
-
-[#7704]: https://github.com/AdguardTeam/AdGuardHome/issues/7704
-[#7708]: https://github.com/AdguardTeam/AdGuardHome/issues/7708
-
-<!--
-NOTE: Add new changes ABOVE THIS COMMENT.
--->
-
-## [v0.107.58] - 2025-03-19
-
-See also the [v0.107.58 GitHub milestone][ms-v0.107.58].
 
 ### Security
 
 - Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in [1.24.1][go-1.24.1].
 
-### Added
-
-- The ability to check filtering rules for host names using an optional query type and optional ClientID or client IP address ([#4036]).
-
-- Optional `client` and `qtype` URL query parameters to the `GET /control/check_host` HTTP API.
-
 ### Fixed
 
-- Clearing the DNS cache on the *DNS settings* page now includes both global cache and custom client cache.
-
 - Invalid ICMPv6 Router Advertisement messages ([#7547]).
 
 - Disabled button for autofilled login form.
@@ -59,12 +38,14 @@ See also the [v0.107.58 GitHub milestone][ms-v0.107.58].
 
 - The formatting of large numbers in the clients tables on the *Client settings* page ([#7583]).
 
-[#4036]: https://github.com/AdguardTeam/AdGuardHome/issues/4036
 [#7547]: https://github.com/AdguardTeam/AdGuardHome/issues/7547
 [#7583]: https://github.com/AdguardTeam/AdGuardHome/issues/7583
 
 [go-1.24.1]: https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI
-[ms-v0.107.58]: https://github.com/AdguardTeam/AdGuardHome/milestone/93?closed=1
+
+<!--
+NOTE: Add new changes ABOVE THIS COMMENT.
+-->
 
 ## [v0.107.57] - 2025-02-20
 
@@ -3062,12 +3043,11 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].
 [ms-v0.104.2]: https://github.com/AdguardTeam/AdGuardHome/milestone/28?closed=1
 
 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.59...HEAD
-[v0.107.59]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.58...v0.107.59
--->
-
 [Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.58...HEAD
 [v0.107.58]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.57...v0.107.58
+-->
+
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.57...HEAD
 [v0.107.57]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.56...v0.107.57
 [v0.107.56]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.55...v0.107.56
 [v0.107.55]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.54...v0.107.55

client/src/__locales/cs.json

@@ -620,10 +620,6 @@
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "Důvod: {{reason}}",
     "check_service": "Název služby: {{service}}",
-    "check_hostname": "Název hostitele nebo domény",
-    "check_client_id": "Identifikátor klienta (ClientID nebo IP adresa)",
-    "check_enter_client_id": "Zadejte identifikátor klienta",
-    "check_dns_record": "Vyberte typ DNS záznamu",
     "service_name": "Název služby",
     "check_not_found": "Nenalezeno ve Vašich seznamech filtrů",
     "client_confirm_block": "Opravdu chcete zablokovat klienta „{{ip}}“?",

client/src/__locales/da.json

@@ -620,10 +620,6 @@
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "Årsag: {{reason}}",
     "check_service": "Tjenestenavn: {{service}}",
-    "check_hostname": "Værts- eller domænenavn",
-    "check_client_id": "Klientidentifikator (ClientID eller IP-adresse)",
-    "check_enter_client_id": "Angiv klientidentifikator",
-    "check_dns_record": "Vælg DNS-posttype",
     "service_name": "Tjenestenavn",
     "check_not_found": "Ikke fundet i dine filterlister",
     "client_confirm_block": "Sikker på, at du vil blokere klienten \"{{ip}}\"?",

client/src/__locales/de.json

@@ -620,10 +620,6 @@
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "Grund: {{reason}}",
     "check_service": "Dienstname: {{service}}",
-    "check_hostname": "Hostname oder Domainname",
-    "check_client_id": "Client-Kennung (ClientID oder IP-Adresse)",
-    "check_enter_client_id": "Client-Kennung eingeben",
-    "check_dns_record": "DNS-Datensatztyp auswählen",
     "service_name": "Name des Dienstes",
     "check_not_found": "Nicht in Ihren Filterlisten enthalten",
     "client_confirm_block": "Möchten Sie den Client „{{ip}}“ wirklich sperren?",

client/src/__locales/es.json

@@ -620,10 +620,6 @@
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "Razón: {{reason}}",
     "check_service": "Nombre del servicio: {{service}}",
-    "check_hostname": "Nombre de host o nombre de dominio",
-    "check_client_id": "Identificador del cliente (ClientID o dirección IP)",
-    "check_enter_client_id": "Ingresa el identificador del cliente",
-    "check_dns_record": "Selecciona el tipo de registro DNS",
     "service_name": "Nombre del servicio",
     "check_not_found": "No se ha encontrado en tus listas de filtros",
     "client_confirm_block": "¿Estás seguro de que deseas bloquear al cliente \"{{ip}}\"?",

client/src/__locales/fr.json

@@ -620,10 +620,6 @@
     "check_cname": "CNAME : {{cname}}",
     "check_reason": "Raison : {{reason}}",
     "check_service": "Nom du service : {{service}}",
-    "check_hostname": "Nom d'hôte ou nom de domaine",
-    "check_client_id": "Identifiant du client (ClientID ou adresse IP)",
-    "check_enter_client_id": "Saisissez l'identifiant du client",
-    "check_dns_record": "Sélectionnez le type d'enregistrement DNS",
     "service_name": "Nom du service",
     "check_not_found": "Introuvable dans vos listes de filtres",
     "client_confirm_block": "Voulez-vous vraiment bloquer le client « {{ip}} » ?",

client/src/__locales/it.json

@@ -620,10 +620,6 @@
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "Motivo: {{reason}}",
     "check_service": "Nome servizio: {{service}}",
-    "check_hostname": "Nome host o nome di dominio",
-    "check_client_id": "Identificatore client (ClientID o indirizzo IP)",
-    "check_enter_client_id": "Inserisci identificatore client",
-    "check_dns_record": "Seleziona il tipo di registrazione DNS",
     "service_name": "Nome servizio",
     "check_not_found": "Non trovato negli elenchi dei filtri",
     "client_confirm_block": "Sei sicuro di voler bloccare il client \"{{ip}}\"?",

client/src/__locales/ja.json

@@ -620,10 +620,6 @@
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "理由: {{reason}}",
     "check_service": "サービス名: {{service}}",
-    "check_hostname": "ホスト名またはドメイン名",
-    "check_client_id": "クライアント識別子 (ClientID または IP アドレス)",
-    "check_enter_client_id": "クライアント識別子を入力してください",
-    "check_dns_record": "DNSレコードタイプ（DNS record type）を選択",
     "service_name": "サービス名",
     "check_not_found": "フィルタ一覧には見つかりません",
     "client_confirm_block": "クライアント\"{{ip}}\"をブロックしてもよろしいですか？",

client/src/__locales/ko.json

@@ -620,10 +620,6 @@
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "이유: {{reason}}",
     "check_service": "서비스 이름: {{service}}",
-    "check_hostname": "호스트 이름 또는 도메인 이름",
-    "check_client_id": "클라이언트 식별자(클라이언트 ID 또는 IP 주소)",
-    "check_enter_client_id": "클라이언트 식별자 입력",
-    "check_dns_record": "DNS 레코드 유형 선택",
     "service_name": "서비스 이름",
     "check_not_found": "필터 목록에서 찾을 수 없음",
     "client_confirm_block": "정말로 클라이언트 '{{ip}}'을(를) 차단하시겠습니까?",

client/src/__locales/nl.json

@@ -620,10 +620,6 @@
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "Reden: {{reason}}",
     "check_service": "Servicenaam: {{service}}",
-    "check_hostname": "Hostnaam of domeinnaam",
-    "check_client_id": "Client identificator (ClientID of IP-adres)",
-    "check_enter_client_id": "Voer Client identificator in",
-    "check_dns_record": "Selecteer type DNS-record",
     "service_name": "Naam service",
     "check_not_found": "Niet in je lijst met filters gevonden",
     "client_confirm_block": "Weet je zeker dat je client \"{{ip}}\" wil blokkeren?",

client/src/__locales/pt-br.json

@@ -620,10 +620,6 @@
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "Motivo: {{reason}}",
     "check_service": "Nome do serviço: {{service}}",
-    "check_hostname": "Nome do anfitrião ou nome de domínio",
-    "check_client_id": "Identificador do cliente (ClienteID ou endereço de IP)",
-    "check_enter_client_id": "Insira o identificador do cliente",
-    "check_dns_record": "Selecione o tipo de registro DNS",
     "service_name": "Nome do serviço",
     "check_not_found": "Não encontrado em suas listas de filtros",
     "client_confirm_block": "Você tem certeza de que deseja bloquear o cliente \"{{ip}}\"?",

client/src/__locales/pt-pt.json

@@ -620,10 +620,6 @@
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "Motivo: {{reason}}",
     "check_service": "Nome do serviço: {{service}}",
-    "check_hostname": "Nome do hospedeiro ou nome de domínio",
-    "check_client_id": "Identificador do cliente (ClientID ou endereço IP)",
-    "check_enter_client_id": "Insira o identificador do cliente",
-    "check_dns_record": "Selecione o tipo de registro DNS",
     "service_name": "Nome do serviço",
     "check_not_found": "Não encontrado nas tuas listas de filtros",
     "client_confirm_block": "Você tem certeza de que deseja bloquear o cliente \"{{ip}}\"?",

client/src/__locales/ru.json

@@ -620,10 +620,6 @@
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "Причина: {{reason}}",
     "check_service": "Название сервиса: {{service}}",
-    "check_hostname": "Имя хоста или домена",
-    "check_client_id": "Идентификатор клиента (ClientID или IP-адрес)",
-    "check_enter_client_id": "Введите идентификатор клиента",
-    "check_dns_record": "Выберите тип DNS-записи",
     "service_name": "Имя сервиса",
     "check_not_found": "Не найдено в вашем списке фильтров",
     "client_confirm_block": "Вы уверены, что хотите заблокировать клиента «{{ip}}»?",

client/src/__locales/sk.json

@@ -620,10 +620,6 @@
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "Dôvod: {{reason}}",
     "check_service": "Meno služby: {{service}}",
-    "check_hostname": "Názov hostiteľa alebo názov domény",
-    "check_client_id": "Identifikátor klienta (ClientID alebo IP adresa)",
-    "check_enter_client_id": "Zadajte identifikátor klienta",
-    "check_dns_record": "Vyberte typ DNS záznamu",
     "service_name": "Názov služby",
     "check_not_found": "Nenašlo sa vo Vašom zozname filtrov",
     "client_confirm_block": "Naozaj chcete zablokovať klienta \"{{ip}}\"?",

client/src/__locales/tr.json

@@ -620,10 +620,6 @@
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "Sebep: {{reason}}",
     "check_service": "Hizmet adı: {{service}}",
-    "check_hostname": "Ana makine adı veya alan adı",
-    "check_client_id": "İstemci tanımlayıcısı (ClientID veya IP adresi)",
-    "check_enter_client_id": "İstemci tanımlayıcısı girin",
-    "check_dns_record": "DNS kayıt türünü seçin",
     "service_name": "Hizmet adı",
     "check_not_found": "Filtre listelerinizde bulunamadı",
     "client_confirm_block": "\"{{ip}}\" istemcisini engellemek istediğinizden emin misiniz?",

client/src/__locales/zh-cn.json

@@ -620,10 +620,6 @@
     "check_cname": "CNAME: {{cname}}",
     "check_reason": "原因：{{reason}}",
     "check_service": "服务名称：{{service}}",
-    "check_hostname": "主机名或域名",
-    "check_client_id": "客户端标识符（ClientID 或 IP 地址）",
-    "check_enter_client_id": "输入客户端标识符",
-    "check_dns_record": "选择 DNS 记录类型",
     "service_name": "服务名称",
     "check_not_found": "未在您的筛选列表中找到",
     "client_confirm_block": "确定要阻止客户端 \"{{ip}}\"?",

client/src/__locales/zh-tw.json

@@ -620,10 +620,6 @@
     "check_cname": "正規名稱（CNAME）：{{cname}}",
     "check_reason": "原因：{{reason}}",
     "check_service": "服務名稱：{{service}}",
-    "check_hostname": "主機名稱或域名",
-    "check_client_id": "用戶端識別碼（ClientID 或 IP 位址）",
-    "check_enter_client_id": "輸入用戶識別碼",
-    "check_dns_record": "選擇 DNS 記錄類型",
     "service_name": "服務名稱",
     "check_not_found": "未在您的過濾器清單中被找到",
     "client_confirm_block": "您確定您想要封鎖該用戶端 \"{{ip}}\" 嗎？",

client/src/components/Filters/Check/index.tsx

@@ -14,8 +14,8 @@ import { Select } from '../../ui/Controls/Select';
 
 export type FilteringCheckFormValues = {
     name: string;
-    client?: string;
+    client_id?: string;
-    qtype?: string;
+    dns_record_type?: string;
 }
 
 type Props = {
@@ -36,8 +36,8 @@ const Check = ({ onSubmit }: Props) => {
         mode: 'onBlur',
         defaultValues: {
             name: '',
-            client: '',
+            client_id: '',
-            qtype: DNS_RECORD_TYPES[0],
+            dns_record_type: DNS_RECORD_TYPES[0],
         },
     });
 
@@ -63,7 +63,7 @@ const Check = ({ onSubmit }: Props) => {
                         />
 
                         <Controller
-                            name="client"
+                            name="client_id"
                             control={control}
                             render={({ field, fieldState }) => (
                                 <Input
@@ -78,7 +78,7 @@ const Check = ({ onSubmit }: Props) => {
                         />
 
                         <Controller
-                            name="qtype"
+                            name="dns_record_type"
                             control={control}
                             render={({ field }) => (
                                 <Select

client/src/components/Filters/CustomRules.tsx

@@ -49,17 +49,7 @@ class CustomRules extends Component<CustomRulesProps> {
     };
 
     handleCheck = (values: FilteringCheckFormValues) => {
-        const params: FilteringCheckFormValues = { name: values.name };
+        this.props.checkHost(values);
-
-        if (values.client) {
-            params.client = values.client;
-        }
-
-        if (values.qtype) {
-            params.qtype = values.qtype;
-        }
-
-        this.props.checkHost(params);
     };
 
     onScroll = (e: any) => syncScroll(e, this.ref);

client/src/components/Logs/Filters/Form.tsx

@@ -6,8 +6,6 @@ import { useDispatch } from 'react-redux';
 import { useHistory } from 'react-router-dom';
 import classNames from 'classnames';
 import { useFormContext } from 'react-hook-form';
-import queryString from 'query-string';
-
 import {
     DEBOUNCE_FILTER_TIMEOUT,
     DEFAULT_LOGS_FILTER,
@@ -56,17 +54,9 @@ export const Form = ({ className, setIsLoading }: Props) => {
         }
     }, [responseStatusValue, setValue]);
 
-    useEffect(() => {
-        const { search: searchUrlParam } = queryString.parse(history.location.search);
-
-        if (searchUrlParam !== searchValue) {
-            setValue('search', searchUrlParam ? searchUrlParam.toString() : '');
-        }
-    }, [history.location.search]);
-
     const onInputClear = async () => {
         setIsLoading(true);
-        history.push(getLogsUrlParams(DEFAULT_LOGS_FILTER.search, responseStatusValue));
+        setValue('search', DEFAULT_LOGS_FILTER.search);
         setIsLoading(false);
     };
 

client/src/helpers/trackers/trackers.json

@@ -1,5 +1,5 @@
 {
-	"timeUpdated": "2025-03-17T10:05:02.622Z",
+	"timeUpdated": "2025-03-10T15:13:28.992Z",
 	"categories": {
 		"0": "audio_video_player",
 		"1": "comments",
@@ -20958,7 +20958,6 @@
 		"audiencesquare.com": "audiencesquare.com",
 		"ad.gt": "audiencesquare.com",
 		"audigent.com": "audiencesquare.com",
-		"hadronid.net": "audiencesquare.com",
 		"auditude.com": "auditude",
 		"audtd.com": "audtd.com",
 		"cdn.augur.io": "augur",
@@ -21414,7 +21413,6 @@
 		"static.clmbtech.com": "columbia_online",
 		"combotag.com": "combotag",
 		"pdk.theplatform.com": "comcast_technology_solutions",
-		"theplatform.com": "comcast_technology_solutions",
 		"comm100.cn": "comm100",
 		"comm100.com": "comm100",
 		"cdn-cs.com": "commerce_sciences",

go.mod

@@ -43,13 +43,13 @@ require (
 )
 
 require (
-	cloud.google.com/go v0.119.0 // indirect
+	cloud.google.com/go v0.118.3 // indirect
-	cloud.google.com/go/ai v0.10.1 // indirect
+	cloud.google.com/go/ai v0.10.0 // indirect
 	cloud.google.com/go/auth v0.15.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
 	cloud.google.com/go/compute/metadata v0.6.0 // indirect
-	cloud.google.com/go/longrunning v0.6.6 // indirect
+	cloud.google.com/go/longrunning v0.6.5 // indirect
-	github.com/BurntSushi/toml v1.5.0 // indirect
+	github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c // indirect
 	github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect
 	github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 // indirect
 	github.com/ameshkov/dnsstamps v1.0.3 // indirect
@@ -65,7 +65,7 @@ require (
 	github.com/google/generative-ai-go v0.19.0 // indirect
 	github.com/google/pprof v0.0.0-20250202011525-fc3143867406 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.5 // indirect
 	github.com/googleapis/gax-go/v2 v2.14.1 // indirect
 	github.com/gookit/color v1.5.4 // indirect
 	github.com/gordonklaus/ineffassign v0.1.0 // indirect
@@ -95,16 +95,16 @@ require (
 	golang.org/x/mod v0.24.0 // indirect
 	golang.org/x/oauth2 v0.28.0 // indirect
 	golang.org/x/sync v0.12.0 // indirect
-	golang.org/x/telemetry v0.0.0-20250310203348-fdfaad844314 // indirect
+	golang.org/x/telemetry v0.0.0-20250305155315-2a181eac97a3 // indirect
 	golang.org/x/term v0.30.0 // indirect
 	golang.org/x/text v0.23.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
 	golang.org/x/tools v0.31.0 // indirect
 	golang.org/x/vuln v1.1.4 // indirect
 	gonum.org/v1/gonum v0.15.1 // indirect
-	google.golang.org/api v0.227.0 // indirect
+	google.golang.org/api v0.224.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb // indirect
 	google.golang.org/grpc v1.71.0 // indirect
 	google.golang.org/protobuf v1.36.5 // indirect
 	honnef.co/go/tools v0.6.1 // indirect

go.sum

@@ -1,23 +1,23 @@
-cloud.google.com/go v0.119.0 h1:tw7OjErMzJKbbjaEHkrt60KQrK5Wus/boCZ7tm5/RNE=
+cloud.google.com/go v0.118.3 h1:jsypSnrE/w4mJysioGdMBg4MiW/hHx/sArFpaBWHdME=
-cloud.google.com/go v0.119.0/go.mod h1:fwB8QLzTcNevxqi8dcpR+hoMIs3jBherGS9VUBDAW08=
+cloud.google.com/go v0.118.3/go.mod h1:Lhs3YLnBlwJ4KA6nuObNMZ/fCbOQBPuWKPoE0Wa/9Vc=
-cloud.google.com/go/ai v0.10.1 h1:EU93KqYmMeOKgaBXAz2DshH2C/BzAT1P+iJORksLIic=
+cloud.google.com/go/ai v0.10.0 h1:hwj6CI6sMKubXodoJJGTy/c2T1RbbLGM6TL3QoAvzU8=
-cloud.google.com/go/ai v0.10.1/go.mod h1:sWWHZvmJ83BjuxAQtYEiA0SFTpijtbH+SXWFO14ri5A=
+cloud.google.com/go/ai v0.10.0/go.mod h1:kvnt2KeHqX8+41PVeMRBETDyQAp/RFvBWGdx/aGjNMo=
 cloud.google.com/go/auth v0.15.0 h1:Ly0u4aA5vG/fsSsxu98qCQBemXtAtJf+95z9HK+cxps=
 cloud.google.com/go/auth v0.15.0/go.mod h1:WJDGqZ1o9E9wKIL+IwStfyn/+s59zl4Bi+1KQNVXLZ8=
 cloud.google.com/go/auth/oauth2adapt v0.2.7 h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M=
 cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc=
 cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
 cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg=
-cloud.google.com/go/longrunning v0.6.6 h1:XJNDo5MUfMM05xK3ewpbSdmt7R2Zw+aQEMbdQR65Rbw=
+cloud.google.com/go/longrunning v0.6.5 h1:sD+t8DO8j4HKW4QfouCklg7ZC1qC4uzVZt8iz3uTW+Q=
-cloud.google.com/go/longrunning v0.6.6/go.mod h1:hyeGJUrPHcx0u2Uu1UFSoYZLn4lkMrccJig0t4FI7yw=
+cloud.google.com/go/longrunning v0.6.5/go.mod h1:Et04XK+0TTLKa5IPYryKf5DkpwImy6TluQ1QTLwlKmY=
 github.com/AdguardTeam/dnsproxy v0.75.1 h1:ux2sQfF/9+WRo6a32g9NtfaAPU19gJhqkEu2OZflxJg=
 github.com/AdguardTeam/dnsproxy v0.75.1/go.mod h1:HKBI/IO2/ACOjfTV6qIzB5ZDDxfjgHHvQ3hIbGg9wvc=
 github.com/AdguardTeam/golibs v0.32.5 h1:4Rkv2xBnyJe6l/EM2MFgoY1S4pweYwDgLTYg2MDArEA=
 github.com/AdguardTeam/golibs v0.32.5/go.mod h1:agsvz8Iyv0uV9NU56hpCoFLAtSPkiBf9nPVhDvdUIb0=
 github.com/AdguardTeam/urlfilter v0.20.0 h1:X32qiuVCVd8WDYCEsbdZKfXMzwdVqrdulamtUi4rmzs=
 github.com/AdguardTeam/urlfilter v0.20.0/go.mod h1:gjrywLTxfJh6JOkwi9SU+frhP7kVVEZ5exFGkR99qpk=
-github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
+github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c h1:pxW6RcqyfI9/kWtOwnv/G+AzdKuy2ZrqINhenH4HyNs=
-github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
+github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
@@ -87,8 +87,8 @@ github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4=
+github.com/googleapis/enterprise-certificate-proxy v0.3.5 h1:VgzTY2jogw3xt39CusEnFJWm7rlsq5yL5q9XdLOuP5g=
-github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
+github.com/googleapis/enterprise-certificate-proxy v0.3.5/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
 github.com/googleapis/gax-go/v2 v2.14.1 h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrkurSS/Q=
 github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA=
 github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0=
@@ -243,8 +243,8 @@ golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
 golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/telemetry v0.0.0-20250310203348-fdfaad844314 h1:UY+gQAskx5vohcvUlJDKkJPt9lALCgtZs3rs8msRatU=
+golang.org/x/telemetry v0.0.0-20250305155315-2a181eac97a3 h1:k+pofz4/0MRETtVtItAwfDgPUvNlWrUrFw+8dtUVUa8=
-golang.org/x/telemetry v0.0.0-20250310203348-fdfaad844314/go.mod h1:16eI1RtbPZAEm3u7hpIh7JM/w5AbmlDtnrdKYaREic8=
+golang.org/x/telemetry v0.0.0-20250305155315-2a181eac97a3/go.mod h1:16eI1RtbPZAEm3u7hpIh7JM/w5AbmlDtnrdKYaREic8=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
 golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
@@ -268,12 +268,12 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.15.1 h1:FNy7N6OUZVUaWG9pTiD+jlhdQ3lMP+/LcTpJ6+a8sQ0=
 gonum.org/v1/gonum v0.15.1/go.mod h1:eZTZuRFrzu5pcyjN5wJhcIhnUdNijYxX1T2IcrOGY0o=
-google.golang.org/api v0.227.0 h1:QvIHF9IuyG6d6ReE+BNd11kIB8hZvjN8Z5xY5t21zYc=
+google.golang.org/api v0.224.0 h1:Ir4UPtDsNiwIOHdExr3fAj4xZ42QjK7uQte3lORLJwU=
-google.golang.org/api v0.227.0/go.mod h1:EIpaG6MbTgQarWF5xJvX0eOJPK9n/5D4Bynb9j2HXvQ=
+google.golang.org/api v0.224.0/go.mod h1:3V39my2xAGkodXy0vEqcEtkqgw2GtrFL5WuBZlCTCOQ=
-google.golang.org/genproto/googleapis/api v0.0.0-20250313205543-e70fdf4c4cb4 h1:IFnXJq3UPB3oBREOodn1v1aGQeZYQclEmvWRMN0PSsY=
+google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb h1:p31xT4yrYrSM/G4Sn2+TNUkVhFCbG9y8itM2S6Th950=
-google.golang.org/genproto/googleapis/api v0.0.0-20250313205543-e70fdf4c4cb4/go.mod h1:c8q6Z6OCqnfVIqUFJkCzKcrj8eCvUrz+K4KRzSTuANg=
+google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:jbe3Bkdp+Dh2IrslsFCklNhweNTBgSYanP1UXhJDhKg=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 h1:iK2jbkWL86DXjEx0qiHcRE9dE4/Ahua5k6V8OWFb//c=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb h1:TLPQVbx1GJ8VKZxz52VAxl1EBgKXXbTiU9Fc5fZeLn4=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I=
 google.golang.org/grpc v1.71.0 h1:kF77BGdPTQ4/JZWMlb9VpJ5pa25aqvVqogsxNHHdeBg=
 google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec=
 google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=

internal/aghalg/sortedmap_test.go

@@ -1,15 +1,14 @@
-package aghalg_test
+package aghalg
 
 import (
 	"strings"
 	"testing"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
 	"github.com/stretchr/testify/assert"
 )
 
 func TestNewSortedMap(t *testing.T) {
-	var m aghalg.SortedMap[string, int]
+	var m SortedMap[string, int]
 
 	letters := []string{}
 	for i := range 10 {
@@ -18,7 +17,7 @@ func TestNewSortedMap(t *testing.T) {
 	}
 
 	t.Run("create_and_fill", func(t *testing.T) {
-		m = aghalg.NewSortedMap[string, int](strings.Compare)
+		m = NewSortedMap[string, int](strings.Compare)
 
 		nums := []int{}
 		for i, r := range letters {
@@ -69,7 +68,7 @@ func TestNewSortedMap_nil(t *testing.T) {
 		val = "val"
 	)
 
-	var m aghalg.SortedMap[string, string]
+	var m SortedMap[string, string]
 
 	assert.Panics(t, func() {
 		m.Set(key, val)

internal/aghnet/hostgen_test.go

@@ -1,10 +1,9 @@
-package aghnet_test
+package aghnet
 
 import (
 	"net/netip"
 	"testing"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -30,13 +29,13 @@ func TestGenerateHostName(t *testing.T) {
 
 		for _, tc := range testCases {
 			t.Run(tc.name, func(t *testing.T) {
-				hostname := aghnet.GenerateHostname(tc.ip)
+				hostname := GenerateHostname(tc.ip)
 				assert.Equal(t, tc.want, hostname)
 			})
 		}
 	})
 
 	t.Run("invalid", func(t *testing.T) {
-		assert.Panics(t, func() { aghnet.GenerateHostname(netip.Addr{}) })
+		assert.Panics(t, func() { GenerateHostname(netip.Addr{}) })
 	})
 }

internal/aghnet/interfaces_test.go

@@ -1,24 +1,22 @@
-package aghnet_test
+package aghnet
 
 import (
 	"net"
 	"testing"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
-// fakeIface is a stub implementation of [aghnet.NetIface] interface to simplify
+// fakeIface is a stub implementation of aghnet.NetIface to simplify testing.
-// testing.
 type fakeIface struct {
 	err   error
 	addrs []net.Addr
 }
 
-// Addrs implements the [aghnet.NetIface] interface for *fakeIface.
+// Addrs implements the NetIface interface for *fakeIface.
 func (iface *fakeIface) Addrs() (addrs []net.Addr, err error) {
 	if iface.err != nil {
 		return nil, iface.err
@@ -27,9 +25,6 @@ func (iface *fakeIface) Addrs() (addrs []net.Addr, err error) {
 	return iface.addrs, nil
 }
 
-// type check
-var _ aghnet.NetIface = (*fakeIface)(nil)
-
 func TestIfaceIPAddrs(t *testing.T) {
 	const errTest errors.Error = "test error"
 
@@ -40,76 +35,76 @@ func TestIfaceIPAddrs(t *testing.T) {
 	addr6 := &net.IPNet{IP: ip6}
 
 	testCases := []struct {
-		iface      aghnet.NetIface
+		iface      NetIface
 		name       string
 		wantErrMsg string
 		want       []net.IP
-		ipv        aghnet.IPVersion
+		ipv        IPVersion
 	}{{
 		iface:      &fakeIface{addrs: []net.Addr{addr4}, err: nil},
 		name:       "ipv4_success",
 		wantErrMsg: "",
 		want:       []net.IP{ip4},
-		ipv:        aghnet.IPVersion4,
+		ipv:        IPVersion4,
 	}, {
 		iface:      &fakeIface{addrs: []net.Addr{addr6, addr4}, err: nil},
 		name:       "ipv4_success_with_ipv6",
 		wantErrMsg: "",
 		want:       []net.IP{ip4},
-		ipv:        aghnet.IPVersion4,
+		ipv:        IPVersion4,
 	}, {
 		iface:      &fakeIface{addrs: []net.Addr{addr4}, err: errTest},
 		name:       "ipv4_error",
 		wantErrMsg: errTest.Error(),
 		want:       nil,
-		ipv:        aghnet.IPVersion4,
+		ipv:        IPVersion4,
 	}, {
 		iface:      &fakeIface{addrs: []net.Addr{addr6}, err: nil},
 		name:       "ipv6_success",
 		wantErrMsg: "",
 		want:       []net.IP{ip6},
-		ipv:        aghnet.IPVersion6,
+		ipv:        IPVersion6,
 	}, {
 		iface:      &fakeIface{addrs: []net.Addr{addr6, addr4}, err: nil},
 		name:       "ipv6_success_with_ipv4",
 		wantErrMsg: "",
 		want:       []net.IP{ip6},
-		ipv:        aghnet.IPVersion6,
+		ipv:        IPVersion6,
 	}, {
 		iface:      &fakeIface{addrs: []net.Addr{addr6}, err: errTest},
 		name:       "ipv6_error",
 		wantErrMsg: errTest.Error(),
 		want:       nil,
-		ipv:        aghnet.IPVersion6,
+		ipv:        IPVersion6,
 	}, {
 		iface:      &fakeIface{addrs: nil, err: nil},
 		name:       "bad_proto",
 		wantErrMsg: "invalid ip version 10",
 		want:       nil,
-		ipv:        aghnet.IPVersion6 + aghnet.IPVersion4,
+		ipv:        IPVersion6 + IPVersion4,
 	}, {
 		iface:      &fakeIface{addrs: []net.Addr{&net.IPAddr{IP: ip4}}, err: nil},
 		name:       "ipaddr_v4",
 		wantErrMsg: "",
 		want:       []net.IP{ip4},
-		ipv:        aghnet.IPVersion4,
+		ipv:        IPVersion4,
 	}, {
 		iface:      &fakeIface{addrs: []net.Addr{&net.IPAddr{IP: ip6, Zone: ""}}, err: nil},
 		name:       "ipaddr_v6",
 		wantErrMsg: "",
 		want:       []net.IP{ip6},
-		ipv:        aghnet.IPVersion6,
+		ipv:        IPVersion6,
 	}, {
 		iface:      &fakeIface{addrs: []net.Addr{&net.UnixAddr{}}, err: nil},
 		name:       "non-ipv4",
 		wantErrMsg: "",
 		want:       nil,
-		ipv:        aghnet.IPVersion4,
+		ipv:        IPVersion4,
 	}}
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			got, err := aghnet.IfaceIPAddrs(tc.iface, tc.ipv)
+			got, err := IfaceIPAddrs(tc.iface, tc.ipv)
 			testutil.AssertErrorMsg(t, tc.wantErrMsg, err)
 
 			assert.Equal(t, tc.want, got)
@@ -123,10 +118,7 @@ type waitingFakeIface struct {
 	n     int
 }
 
-// type check
+// Addrs implements the NetIface interface for *waitingFakeIface.
-var _ aghnet.NetIface = (*waitingFakeIface)(nil)
-
-// Addrs implements the [aghnet.NetIface] interface for *waitingFakeIface.
 func (iface *waitingFakeIface) Addrs() (addrs []net.Addr, err error) {
 	if iface.err != nil {
 		return nil, iface.err
@@ -151,76 +143,76 @@ func TestIfaceDNSIPAddrs(t *testing.T) {
 	addr6 := &net.IPNet{IP: ip6}
 
 	testCases := []struct {
-		iface   aghnet.NetIface
+		iface   NetIface
 		wantErr error
 		name    string
 		want    []net.IP
-		ipv     aghnet.IPVersion
+		ipv     IPVersion
 	}{{
 		name:    "ipv4_success",
 		iface:   &fakeIface{addrs: []net.Addr{addr4}, err: nil},
-		ipv:     aghnet.IPVersion4,
+		ipv:     IPVersion4,
 		want:    []net.IP{ip4, ip4},
 		wantErr: nil,
 	}, {
 		name:    "ipv4_success_with_ipv6",
 		iface:   &fakeIface{addrs: []net.Addr{addr6, addr4}, err: nil},
-		ipv:     aghnet.IPVersion4,
+		ipv:     IPVersion4,
 		want:    []net.IP{ip4, ip4},
 		wantErr: nil,
 	}, {
 		name:    "ipv4_error",
 		iface:   &fakeIface{addrs: []net.Addr{addr4}, err: errTest},
-		ipv:     aghnet.IPVersion4,
+		ipv:     IPVersion4,
 		want:    nil,
 		wantErr: errTest,
 	}, {
 		name:    "ipv4_wait",
 		iface:   &waitingFakeIface{addrs: []net.Addr{addr4}, err: nil, n: 1},
-		ipv:     aghnet.IPVersion4,
+		ipv:     IPVersion4,
 		want:    []net.IP{ip4, ip4},
 		wantErr: nil,
 	}, {
 		name:    "ipv6_success",
 		iface:   &fakeIface{addrs: []net.Addr{addr6}, err: nil},
-		ipv:     aghnet.IPVersion6,
+		ipv:     IPVersion6,
 		want:    []net.IP{ip6, ip6},
 		wantErr: nil,
 	}, {
 		name:    "ipv6_success_with_ipv4",
 		iface:   &fakeIface{addrs: []net.Addr{addr6, addr4}, err: nil},
-		ipv:     aghnet.IPVersion6,
+		ipv:     IPVersion6,
 		want:    []net.IP{ip6, ip6},
 		wantErr: nil,
 	}, {
 		name:    "ipv6_error",
 		iface:   &fakeIface{addrs: []net.Addr{addr6}, err: errTest},
-		ipv:     aghnet.IPVersion6,
+		ipv:     IPVersion6,
 		want:    nil,
 		wantErr: errTest,
 	}, {
 		name:    "ipv6_wait",
 		iface:   &waitingFakeIface{addrs: []net.Addr{addr6}, err: nil, n: 1},
-		ipv:     aghnet.IPVersion6,
+		ipv:     IPVersion6,
 		want:    []net.IP{ip6, ip6},
 		wantErr: nil,
 	}, {
 		name:    "empty",
 		iface:   &fakeIface{addrs: nil, err: nil},
-		ipv:     aghnet.IPVersion4,
+		ipv:     IPVersion4,
 		want:    nil,
 		wantErr: nil,
 	}, {
 		name:    "many",
 		iface:   &fakeIface{addrs: []net.Addr{addr4, addr4}},
-		ipv:     aghnet.IPVersion4,
+		ipv:     IPVersion4,
 		want:    []net.IP{ip4, ip4},
 		wantErr: nil,
 	}}
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			got, err := aghnet.IfaceDNSIPAddrs(tc.iface, tc.ipv, 2, 0)
+			got, err := IfaceDNSIPAddrs(tc.iface, tc.ipv, 2, 0)
 			require.ErrorIs(t, err, tc.wantErr)
 
 			assert.Equal(t, tc.want, got)

internal/aghnet/ipmut_test.go

@@ -1,10 +1,9 @@
-package aghnet_test
+package aghnet
 
 import (
 	"net"
 	"testing"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/stretchr/testify/assert"
 )
@@ -19,7 +18,7 @@ func TestIPMut(t *testing.T) {
 	}}
 
 	t.Run("nil_no_mut", func(t *testing.T) {
-		ipmut := aghnet.NewIPMut(nil)
+		ipmut := NewIPMut(nil)
 
 		ips := netutil.CloneIPs(testIPs)
 		for i := range ips {
@@ -29,7 +28,7 @@ func TestIPMut(t *testing.T) {
 	})
 
 	t.Run("not_nil_mut", func(t *testing.T) {
-		ipmut := aghnet.NewIPMut(func(ip net.IP) {
+		ipmut := NewIPMut(func(ip net.IP) {
 			for i := range ip {
 				ip[i] = 0
 			}

internal/aghnet/net_darwin_test.go

@@ -1,5 +1,3 @@
-//go:build darwin
-
 package aghnet
 
 import (

internal/client/storage.go

@@ -12,7 +12,6 @@ import (
 
 	"github.com/AdguardTeam/AdGuardHome/internal/arpdb"
 	"github.com/AdguardTeam/AdGuardHome/internal/dhcpsvc"
-	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/AdGuardHome/internal/whois"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/golibs/errors"
@@ -672,37 +671,3 @@ func (s *Storage) ClearUpstreamCache() {
 
 	s.upstreamManager.clearUpstreamCache()
 }
-
-// ApplyClientFiltering retrieves persistent client information using the
-// ClientID or client IP address, and applies it to the filtering settings.
-// setts must not be nil.
-func (s *Storage) ApplyClientFiltering(id string, addr netip.Addr, setts *filtering.Settings) {
-	c, ok := s.index.findByClientID(id)
-	if !ok {
-		c, ok = s.index.findByIP(addr)
-	}
-
-	if !ok {
-		s.logger.Debug("no client filtering settings found", "clientid", id, "addr", addr)
-
-		return
-	}
-
-	s.logger.Debug("applying custom client filtering settings", "client_name", c.Name)
-
-	if c.UseOwnBlockedServices {
-		setts.BlockedServices = c.BlockedServices.Clone()
-	}
-
-	setts.ClientName = c.Name
-	setts.ClientTags = slices.Clone(c.Tags)
-	if !c.UseOwnSettings {
-		return
-	}
-
-	setts.FilteringEnabled = c.FilteringEnabled
-	setts.SafeSearchEnabled = c.SafeSearchConf.Enabled
-	setts.ClientSafeSearch = c.SafeSearch
-	setts.SafeBrowsingEnabled = c.SafeBrowsingEnabled
-	setts.ParentalEnabled = c.ParentalEnabled
-}

internal/client/upstreammanager.go

@@ -153,9 +153,7 @@ func (m *upstreamManager) isConfigChanged(cliConf *customUpstreamConfig) (ok boo
 // upstream configuration.
 func (m *upstreamManager) clearUpstreamCache() {
 	for _, c := range m.uidToCustomConf {
-		if c.proxyConf != nil {
+		c.proxyConf.ClearCache()
-			c.proxyConf.ClearCache()
-		}
 	}
 }
 

internal/dnsforward/config.go

@@ -16,6 +16,7 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtls"
 	"github.com/AdguardTeam/AdGuardHome/internal/client"
+	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/AdguardTeam/golibs/container"
@@ -33,6 +34,9 @@ import (
 type Config struct {
 	// Callbacks for other modules
 
+	// FilterHandler is an optional additional filtering callback.
+	FilterHandler func(cliAddr netip.Addr, clientID string, settings *filtering.Settings) `yaml:"-"`
+
 	// ClientsContainer stores the information about special handling of some
 	// DNS clients.
 	ClientsContainer ClientsContainer `yaml:"-"`

internal/dnsforward/dnsforward_test.go

@@ -27,7 +27,6 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering/hashprefix"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering/safesearch"
-	"github.com/AdguardTeam/AdGuardHome/internal/schedule"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/AdguardTeam/golibs/logutil/slogutil"
@@ -107,21 +106,6 @@ func startDeferStop(t *testing.T, s *Server) {
 	testutil.CleanupAndRequireSuccess(t, s.Stop)
 }
 
-// applyEmptyClientFiltering is a helper function for tests with
-// [filtering.Config] that does nothing.
-func applyEmptyClientFiltering(_ string, _ netip.Addr, _ *filtering.Settings) {}
-
-// emptyFilteringBlockedServices is a helper function that returns an empty
-// filtering blocked services for tests.
-func emptyFilteringBlockedServices() (bsvc *filtering.BlockedServices) {
-	return &filtering.BlockedServices{
-		Schedule: schedule.EmptyWeekly(),
-	}
-}
-
-// createTestServer is a helper function that returns a properly initialized
-// *Server for use in tests, given the provided parameters.  It also populates
-// the filtering configuration with default parameters.
 func createTestServer(
 	t *testing.T,
 	filterConf *filtering.Config,
@@ -139,12 +123,6 @@ func createTestServer(
 		Data: []byte(rules),
 	}}
 
-	filterConf.BlockedServices = cmp.Or(filterConf.BlockedServices, emptyFilteringBlockedServices())
-
-	if filterConf.ApplyClientFiltering == nil {
-		filterConf.ApplyClientFiltering = applyEmptyClientFiltering
-	}
-
 	f, err := filtering.New(filterConf, filters)
 	require.NoError(t, err)
 
@@ -948,6 +926,9 @@ func TestClientRulesForCNAMEMatching(t *testing.T) {
 		UDPListenAddrs: []*net.UDPAddr{{}},
 		TCPListenAddrs: []*net.TCPAddr{{}},
 		Config: Config{
+			FilterHandler: func(_ netip.Addr, _ string, settings *filtering.Settings) {
+				settings.FilteringEnabled = false
+			},
 			UpstreamMode: UpstreamModeLoadBalance,
 			EDNSClientSubnet: &EDNSClientSubnet{
 				Enabled: false,
@@ -1039,12 +1020,10 @@ func TestBlockedCustomIP(t *testing.T) {
 	}}
 
 	f, err := filtering.New(&filtering.Config{
-		ProtectionEnabled:    true,
+		ProtectionEnabled: true,
-		ApplyClientFiltering: applyEmptyClientFiltering,
+		BlockingMode:      filtering.BlockingModeCustomIP,
-		BlockedServices:      emptyFilteringBlockedServices(),
+		BlockingIPv4:      netip.Addr{},
-		BlockingMode:         filtering.BlockingModeCustomIP,
+		BlockingIPv6:      netip.Addr{},
-		BlockingIPv4:         netip.Addr{},
-		BlockingIPv6:         netip.Addr{},
 	}, filters)
 	require.NoError(t, err)
 
@@ -1197,9 +1176,7 @@ func TestBlockedBySafeBrowsing(t *testing.T) {
 
 func TestRewrite(t *testing.T) {
 	c := &filtering.Config{
-		ApplyClientFiltering: applyEmptyClientFiltering,
+		BlockingMode: filtering.BlockingModeDefault,
-		BlockedServices:      emptyFilteringBlockedServices(),
-		BlockingMode:         filtering.BlockingModeDefault,
 		Rewrites: []*filtering.LegacyRewrite{{
 			Domain: "test.com",
 			Answer: "1.2.3.4",
@@ -1345,9 +1322,7 @@ func TestPTRResponseFromDHCPLeases(t *testing.T) {
 	const localDomain = "lan"
 
 	flt, err := filtering.New(&filtering.Config{
-		ApplyClientFiltering: applyEmptyClientFiltering,
+		BlockingMode: filtering.BlockingModeDefault,
-		BlockedServices:      emptyFilteringBlockedServices(),
-		BlockingMode:         filtering.BlockingModeDefault,
 	}, nil)
 	require.NoError(t, err)
 
@@ -1436,10 +1411,8 @@ func TestPTRResponseFromHosts(t *testing.T) {
 	})
 
 	flt, err := filtering.New(&filtering.Config{
-		ApplyClientFiltering: applyEmptyClientFiltering,
+		BlockingMode: filtering.BlockingModeDefault,
-		BlockedServices:      emptyFilteringBlockedServices(),
+		EtcHosts:     hc,
-		BlockingMode:         filtering.BlockingModeDefault,
-		EtcHosts:             hc,
 	}, nil)
 	require.NoError(t, err)
 

internal/dnsforward/filter.go

@@ -17,7 +17,9 @@ import (
 func (s *Server) clientRequestFilteringSettings(dctx *dnsContext) (setts *filtering.Settings) {
 	setts = s.dnsFilter.Settings()
 	setts.ProtectionEnabled = dctx.protectionEnabled
-	s.dnsFilter.ApplyAdditionalFiltering(dctx.proxyCtx.Addr.Addr(), dctx.clientID, setts)
+	if s.conf.FilterHandler != nil {
+		s.conf.FilterHandler(dctx.proxyCtx.Addr.Addr(), dctx.clientID, setts)
+	}
 
 	return setts
 }

internal/dnsforward/filter_test.go

@@ -45,10 +45,8 @@ func TestHandleDNSRequest_handleDNSRequest(t *testing.T) {
 	}}
 
 	f, err := filtering.New(&filtering.Config{
-		ProtectionEnabled:    true,
+		ProtectionEnabled: true,
-		ApplyClientFiltering: applyEmptyClientFiltering,
+		BlockingMode:      filtering.BlockingModeDefault,
-		BlockedServices:      emptyFilteringBlockedServices(),
-		BlockingMode:         filtering.BlockingModeDefault,
 	}, filters)
 	require.NoError(t, err)
 	f.SetEnabled(true)

internal/filtering/blocked.go

@@ -49,9 +49,6 @@ func initBlockedServices() {
 }
 
 // BlockedServices is the configuration of blocked services.
-//
-// TODO(s.chzhen):  Move to a higher-level package to allow importing the client
-// package into the filtering package.
 type BlockedServices struct {
 	// Schedule is blocked services schedule for every day of the week.
 	Schedule *schedule.Weekly `json:"schedule" yaml:"schedule"`

internal/filtering/dnsrewrite_test.go

@@ -1,11 +1,10 @@
-package filtering_test
+package filtering
 
 import (
 	"net/netip"
 	"path"
 	"testing"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/miekg/dns"
 	"github.com/stretchr/testify/assert"
@@ -51,17 +50,8 @@ func TestDNSFilter_CheckHostRules_dnsrewrite(t *testing.T) {
 |1.2.3.5.in-addr.arpa^$dnsrewrite=NOERROR;PTR;new-ptr-with-dot.
 `
 
-	conf := &filtering.Config{
+	f, _ := newForTest(t, nil, []Filter{{ID: 0, Data: []byte(text)}})
-		SafeBrowsingCacheSize: 10000,
+	setts := &Settings{
-		ParentalCacheSize:     10000,
-		SafeSearchCacheSize:   1000,
-		CacheTime:             30,
-	}
-
-	f, err := filtering.New(conf, []filtering.Filter{{ID: 0, Data: []byte(text)}})
-	require.NoError(t, err)
-
-	setts := &filtering.Settings{
 		FilteringEnabled: true,
 	}
 
@@ -127,8 +117,7 @@ func TestDNSFilter_CheckHostRules_dnsrewrite(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			host := path.Base(tc.name)
 
-			var res filtering.Result
+			res, err := f.CheckHostRules(host, tc.dtyp, setts)
-			res, err = f.CheckHostRules(host, tc.dtyp, setts)
 			require.NoError(t, err)
 
 			dnsrr := res.DNSRewriteResult
@@ -152,8 +141,7 @@ func TestDNSFilter_CheckHostRules_dnsrewrite(t *testing.T) {
 		dtyp := dns.TypeA
 		host := path.Base(t.Name())
 
-		var res filtering.Result
+		res, err := f.CheckHostRules(host, dtyp, setts)
-		res, err = f.CheckHostRules(host, dtyp, setts)
 		require.NoError(t, err)
 
 		assert.Equal(t, "new-cname", res.CanonName)
@@ -163,8 +151,7 @@ func TestDNSFilter_CheckHostRules_dnsrewrite(t *testing.T) {
 		dtyp := dns.TypeA
 		host := path.Base(t.Name())
 
-		var res filtering.Result
+		res, err := f.CheckHostRules(host, dtyp, setts)
-		res, err = f.CheckHostRules(host, dtyp, setts)
 		require.NoError(t, err)
 
 		assert.Equal(t, "new-cname-2", res.CanonName)
@@ -175,8 +162,7 @@ func TestDNSFilter_CheckHostRules_dnsrewrite(t *testing.T) {
 		dtyp := dns.TypeA
 		host := path.Base(t.Name())
 
-		var res filtering.Result
+		res, err := f.CheckHostRules(host, dtyp, setts)
-		res, err = f.CheckHostRules(host, dtyp, setts)
 		require.NoError(t, err)
 
 		assert.Empty(t, res.CanonName)
@@ -187,8 +173,7 @@ func TestDNSFilter_CheckHostRules_dnsrewrite(t *testing.T) {
 		dtyp := dns.TypePTR
 		host := path.Base(t.Name())
 
-		var res filtering.Result
+		res, err := f.CheckHostRules(host, dtyp, setts)
-		res, err = f.CheckHostRules(host, dtyp, setts)
 		require.NoError(t, err)
 		require.NotNil(t, res.DNSRewriteResult)
 
@@ -208,8 +193,7 @@ func TestDNSFilter_CheckHostRules_dnsrewrite(t *testing.T) {
 		dtyp := dns.TypePTR
 		host := path.Base(t.Name())
 
-		var res filtering.Result
+		res, err := f.CheckHostRules(host, dtyp, setts)
-		res, err = f.CheckHostRules(host, dtyp, setts)
 		require.NoError(t, err)
 		require.NotNil(t, res.DNSRewriteResult)
 

internal/filtering/filter.go

@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"net/netip"
 	"os"
 	"path/filepath"
 	"slices"
@@ -630,20 +629,3 @@ func (d *DNSFilter) enableFiltersLocked(async bool) {
 
 	d.SetEnabled(d.conf.FilteringEnabled)
 }
-
-// ApplyAdditionalFiltering enhances the provided filtering settings with
-// blocked services and client-specific configurations.
-func (d *DNSFilter) ApplyAdditionalFiltering(cliAddr netip.Addr, clientID string, setts *Settings) {
-	setts.ClientIP = cliAddr
-
-	d.ApplyBlockedServices(setts)
-	d.applyClientFiltering(clientID, cliAddr, setts)
-	if setts.BlockedServices != nil {
-		// TODO(e.burkov):  Get rid of this crutch.
-		setts.ServicesRules = nil
-		svcs := setts.BlockedServices.IDs
-		if !setts.BlockedServices.Schedule.Contains(time.Now()) {
-			d.ApplyBlockedServicesList(setts, svcs)
-		}
-	}
-}

internal/filtering/filtering.go

@@ -40,8 +40,6 @@ type ServiceEntry struct {
 }
 
 // Settings are custom filtering settings for a client.
-//
-// TODO(s.chzhen):  Move to the client package.
 type Settings struct {
 	ClientName string
 	ClientIP   netip.Addr
@@ -49,10 +47,6 @@ type Settings struct {
 
 	ServicesRules []ServiceEntry
 
-	// BlockedServices is the configuration of blocked services of a client.  It
-	// is nil if the client does not have any blocked services.
-	BlockedServices *BlockedServices
-
 	ProtectionEnabled   bool
 	FilteringEnabled    bool
 	SafeSearchEnabled   bool
@@ -84,11 +78,6 @@ type Config struct {
 
 	SafeSearch SafeSearch `yaml:"-"`
 
-	// ApplyClientFiltering retrieves persistent client information using the
-	// ClientID or client IP address, and applies it to the filtering settings.
-	// It must not be nil.
-	ApplyClientFiltering func(clientID string, cliAddr netip.Addr, setts *Settings) `yaml:"-"`
-
 	// BlockedServices is the configuration of blocked services.
 	// Per-client settings can override this configuration.
 	BlockedServices *BlockedServices `yaml:"blocked_services"`
@@ -255,13 +244,6 @@ type DNSFilter struct {
 	// parentalControl is the parental control hash-prefix checker.
 	parentalControlChecker Checker
 
-	// applyClientFiltering retrieves persistent client information using the
-	// ClientID or client IP address, and applies it to the filtering settings.
-	//
-	// TODO(s.chzhen):  Consider finding a better approach while taking an
-	// import cycle into account.
-	applyClientFiltering func(clientID string, cliAddr netip.Addr, setts *Settings)
-
 	engineLock sync.RWMutex
 
 	// confMu protects conf.
@@ -932,9 +914,10 @@ func (d *DNSFilter) matchHost(
 	ufReq := &urlfilter.DNSRequest{
 		Hostname:         host,
 		SortedClientTags: setts.ClientTags,
-		ClientIP:         setts.ClientIP,
+		// TODO(e.burkov): Wait for urlfilter update to pass net.IP.
-		ClientName:       setts.ClientName,
+		ClientIP:   setts.ClientIP,
-		DNSType:          rrtype,
+		ClientName: setts.ClientName,
+		DNSType:    rrtype,
 	}
 
 	d.engineLock.RLock()
@@ -1015,7 +998,6 @@ func New(c *Config, blockFilters []Filter) (d *DNSFilter, err error) {
 		refreshLock:            &sync.Mutex{},
 		safeBrowsingChecker:    c.SafeBrowsingChecker,
 		parentalControlChecker: c.ParentalControlChecker,
-		applyClientFiltering:   c.ApplyClientFiltering,
 		confMu:                 &sync.RWMutex{},
 	}
 

internal/filtering/hosts_test.go

@@ -1,4 +1,4 @@
-package filtering_test
+package filtering
 
 import (
 	"fmt"
@@ -8,7 +8,6 @@ import (
 
 	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtest"
-	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering/rulelist"
 	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/AdguardTeam/urlfilter/rules"
@@ -51,27 +50,27 @@ func TestDNSFilter_CheckHost_hostsContainer(t *testing.T) {
 	require.NoError(t, err)
 	testutil.CleanupAndRequireSuccess(t, hc.Close)
 
-	conf := &filtering.Config{
+	conf := &Config{
 		EtcHosts: hc,
 	}
-	f, err := filtering.New(conf, nil)
+	f, err := New(conf, nil)
 	require.NoError(t, err)
 
-	setts := &filtering.Settings{
+	setts := &Settings{
 		FilteringEnabled: true,
 	}
 
 	testCases := []struct {
 		name      string
 		host      string
-		wantRules []*filtering.ResultRule
+		wantRules []*ResultRule
 		wantResps []rules.RRValue
 		dtyp      uint16
 	}{{
 		name: "v4",
 		host: "v4.host.example",
 		dtyp: dns.TypeA,
-		wantRules: []*filtering.ResultRule{{
+		wantRules: []*ResultRule{{
 			Text:         "1.2.3.4 v4.host.example",
 			FilterListID: rulelist.URLFilterIDEtcHosts,
 		}},
@@ -80,7 +79,7 @@ func TestDNSFilter_CheckHost_hostsContainer(t *testing.T) {
 		name: "v6",
 		host: "v6.host.example",
 		dtyp: dns.TypeAAAA,
-		wantRules: []*filtering.ResultRule{{
+		wantRules: []*ResultRule{{
 			Text:         "::1 v6.host.example",
 			FilterListID: rulelist.URLFilterIDEtcHosts,
 		}},
@@ -89,7 +88,7 @@ func TestDNSFilter_CheckHost_hostsContainer(t *testing.T) {
 		name: "mapped",
 		host: "mapped.host.example",
 		dtyp: dns.TypeAAAA,
-		wantRules: []*filtering.ResultRule{{
+		wantRules: []*ResultRule{{
 			Text:         "::ffff:1.2.3.4 mapped.host.example",
 			FilterListID: rulelist.URLFilterIDEtcHosts,
 		}},
@@ -98,7 +97,7 @@ func TestDNSFilter_CheckHost_hostsContainer(t *testing.T) {
 		name: "ptr",
 		host: "4.3.2.1.in-addr.arpa",
 		dtyp: dns.TypePTR,
-		wantRules: []*filtering.ResultRule{{
+		wantRules: []*ResultRule{{
 			Text:         "1.2.3.4 v4.host.example",
 			FilterListID: rulelist.URLFilterIDEtcHosts,
 		}},
@@ -107,7 +106,7 @@ func TestDNSFilter_CheckHost_hostsContainer(t *testing.T) {
 		name: "ptr-mapped",
 		host: "4.0.3.0.2.0.1.0.f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa",
 		dtyp: dns.TypePTR,
-		wantRules: []*filtering.ResultRule{{
+		wantRules: []*ResultRule{{
 			Text:         "::ffff:1.2.3.4 mapped.host.example",
 			FilterListID: rulelist.URLFilterIDEtcHosts,
 		}},
@@ -134,7 +133,7 @@ func TestDNSFilter_CheckHost_hostsContainer(t *testing.T) {
 		name: "v4_mismatch",
 		host: "v4.host.example",
 		dtyp: dns.TypeAAAA,
-		wantRules: []*filtering.ResultRule{{
+		wantRules: []*ResultRule{{
 			Text:         fmt.Sprintf("%s v4.host.example", addrv4),
 			FilterListID: rulelist.URLFilterIDEtcHosts,
 		}},
@@ -143,7 +142,7 @@ func TestDNSFilter_CheckHost_hostsContainer(t *testing.T) {
 		name: "v6_mismatch",
 		host: "v6.host.example",
 		dtyp: dns.TypeA,
-		wantRules: []*filtering.ResultRule{{
+		wantRules: []*ResultRule{{
 			Text:         fmt.Sprintf("%s v6.host.example", addrv6),
 			FilterListID: rulelist.URLFilterIDEtcHosts,
 		}},
@@ -164,7 +163,7 @@ func TestDNSFilter_CheckHost_hostsContainer(t *testing.T) {
 		name: "v4_dup",
 		host: "v4.host.with-dup",
 		dtyp: dns.TypeA,
-		wantRules: []*filtering.ResultRule{{
+		wantRules: []*ResultRule{{
 			Text:         "4.3.2.1 v4.host.with-dup",
 			FilterListID: rulelist.URLFilterIDEtcHosts,
 		}},
@@ -173,7 +172,7 @@ func TestDNSFilter_CheckHost_hostsContainer(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			var res filtering.Result
+			var res Result
 			res, err = f.CheckHost(tc.host, tc.dtyp, setts)
 			require.NoError(t, err)
 

internal/filtering/http.go

@@ -9,8 +9,6 @@ import (
 	"os"
 	"path/filepath"
 	"slices"
-	"strconv"
-	"strings"
 	"sync"
 	"time"
 
@@ -422,52 +420,15 @@ type checkHostResp struct {
 	FilterID rulelist.URLFilterID `json:"filter_id"`
 }
 
-// handleCheckHost is the handler for the GET /control/filtering/check_host HTTP
-// API.
 func (d *DNSFilter) handleCheckHost(w http.ResponseWriter, r *http.Request) {
-	query := r.URL.Query()
+	host := r.URL.Query().Get("name")
-	host := query.Get("name")
-	if host == "" {
-		aghhttp.Error(
-			r,
-			w,
-			http.StatusBadRequest,
-			`query parameter "name" is required`,
-		)
-
-		return
-	}
-
-	cli := query.Get("client")
-	qTypeStr := query.Get("qtype")
-	qType, err := stringToDNSType(qTypeStr)
-	if err != nil {
-		aghhttp.Error(
-			r,
-			w,
-			http.StatusUnprocessableEntity,
-			"bad qtype query parameter: %q",
-			qTypeStr,
-		)
-
-		return
-	}
 
 	setts := d.Settings()
 	setts.FilteringEnabled = true
 	setts.ProtectionEnabled = true
 
-	addr, err := netip.ParseAddr(cli)
+	d.ApplyBlockedServices(setts)
-	if err == nil {
+	result, err := d.CheckHost(host, dns.TypeA, setts)
-		d.ApplyAdditionalFiltering(addr, "", setts)
-	} else if cli != "" {
-		// TODO(s.chzhen):  Set [Settings.ClientName] once urlfilter supports
-		// multiple client names.  This will handle the case when a rule exists
-		// but the persistent client does not.
-		d.ApplyAdditionalFiltering(netip.Addr{}, cli, setts)
-	}
-
-	result, err := d.CheckHost(host, qType, setts)
 	if err != nil {
 		aghhttp.Error(
 			r,
@@ -505,33 +466,6 @@ func (d *DNSFilter) handleCheckHost(w http.ResponseWriter, r *http.Request) {
 	aghhttp.WriteJSONResponseOK(w, r, resp)
 }
 
-// stringToDNSType is a helper function that converts a string to DNS type.  If
-// the string is empty, it returns the default value [dns.TypeA].
-func stringToDNSType(str string) (qtype uint16, err error) {
-	if str == "" {
-		return dns.TypeA, nil
-	}
-
-	qtype, ok := dns.StringToType[str]
-	if ok {
-		return qtype, nil
-	}
-
-	// typePref is a prefix for DNS types from experimental RFCs.
-	const typePref = "TYPE"
-
-	if !strings.HasPrefix(str, typePref) {
-		return 0, errors.ErrBadEnumValue
-	}
-
-	val, err := strconv.ParseUint(str[len(typePref):], 10, 16)
-	if err != nil {
-		return 0, errors.ErrBadEnumValue
-	}
-
-	return uint16(val), nil
-}
-
 // setProtectedBool sets the value of a boolean pointer under a lock.  l must
 // protect the value under ptr.
 //

internal/filtering/http_test.go

@@ -3,15 +3,11 @@ package filtering
 import (
 	"bytes"
 	"encoding/json"
-	"fmt"
 	"net/http"
 	"net/http/httptest"
-	"net/netip"
-	"strings"
 	"testing"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/schedule"
 	"github.com/AdguardTeam/golibs/testutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -309,168 +305,3 @@ func TestDNSFilter_handleParentalStatus(t *testing.T) {
 		})
 	}
 }
-
-func TestDNSFilter_HandleCheckHost(t *testing.T) {
-	const (
-		cliName = "client_name"
-		cliID   = "client_id"
-
-		notFilteredHost = "not.filterd.example"
-		allowedHost     = "allowed.example"
-		blockedHost     = "blocked.example"
-		cliHost         = "client.example"
-		qTypeHost       = "qtype.example"
-		cliQTypeHost    = "cli.qtype.example"
-
-		target          = "/control/check_host"
-		hostFmt         = target + "?name=%s"
-		hostCliFmt      = hostFmt + "&client=%s"
-		hostQTypeFmt    = hostFmt + "&qtype=%s"
-		hostCliQTypeFmt = hostCliFmt + "&qtype=%s"
-
-		allowedRuleFmt         = "@@||%s^"
-		blockedRuleFmt         = "||%s^"
-		blockedRuleCliFmt      = blockedRuleFmt + "$client=%s"
-		blockedRuleQTypeFmt    = blockedRuleFmt + "$dnstype=%s"
-		blockedRuleCliQTypeFmt = blockedRuleCliFmt + ",dnstype=%s"
-	)
-
-	var (
-		allowedRule            = fmt.Sprintf(allowedRuleFmt, allowedHost)
-		blockedRule            = fmt.Sprintf(blockedRuleFmt, blockedHost)
-		blockedClientRule      = fmt.Sprintf(blockedRuleCliFmt, cliHost, cliName)
-		blockedQTypeRule       = fmt.Sprintf(blockedRuleQTypeFmt, qTypeHost, "CNAME")
-		blockedClientQTypeRule = fmt.Sprintf(blockedRuleCliQTypeFmt, cliQTypeHost, cliName, "CNAME")
-
-		notFilteredURL        = fmt.Sprintf(hostFmt, notFilteredHost)
-		allowedURL            = fmt.Sprintf(hostFmt, allowedHost)
-		blockedURL            = fmt.Sprintf(hostFmt, blockedHost)
-		blockedClientURL      = fmt.Sprintf(hostCliFmt, cliHost, cliID)
-		allowedQTypeURL       = fmt.Sprintf(hostQTypeFmt, qTypeHost, "AAAA")
-		blockedQTypeURL       = fmt.Sprintf(hostQTypeFmt, qTypeHost, "CNAME")
-		allowedClientQTypeURL = fmt.Sprintf(hostCliQTypeFmt, cliQTypeHost, cliID, "AAAA")
-		blockedClientQTypeURL = fmt.Sprintf(hostCliQTypeFmt, cliQTypeHost, cliID, "CNAME")
-	)
-
-	rules := []string{
-		allowedRule,
-		blockedRule,
-		blockedClientRule,
-		blockedQTypeRule,
-		blockedClientQTypeRule,
-	}
-	rulesData := strings.Join(rules, "\n")
-
-	filters := []Filter{{
-		ID: 0, Data: []byte(rulesData),
-	}}
-
-	clientNames := map[string]string{
-		cliID: cliName,
-	}
-
-	dnsFilter, err := New(&Config{
-		BlockedServices: &BlockedServices{
-			Schedule: schedule.EmptyWeekly(),
-		},
-		ApplyClientFiltering: func(clientID string, cliAddr netip.Addr, setts *Settings) {
-			setts.ClientName = clientNames[clientID]
-		},
-	}, filters)
-	require.NoError(t, err)
-
-	testCases := []struct {
-		name string
-		url  string
-		want *checkHostResp
-	}{{
-		name: "not_filtered",
-		url:  notFilteredURL,
-		want: &checkHostResp{
-			Reason: reasonNames[NotFilteredNotFound],
-			Rule:   "",
-			Rules:  []*checkHostRespRule{},
-		},
-	}, {
-		name: "allowed",
-		url:  allowedURL,
-		want: &checkHostResp{
-			Reason: reasonNames[NotFilteredAllowList],
-			Rule:   allowedRule,
-			Rules: []*checkHostRespRule{{
-				Text: allowedRule,
-			}},
-		},
-	}, {
-		name: "blocked",
-		url:  blockedURL,
-		want: &checkHostResp{
-			Reason: reasonNames[FilteredBlockList],
-			Rule:   blockedRule,
-			Rules: []*checkHostRespRule{{
-				Text: blockedRule,
-			}},
-		},
-	}, {
-		name: "blocked_client",
-		url:  blockedClientURL,
-		want: &checkHostResp{
-			Reason: reasonNames[FilteredBlockList],
-			Rule:   blockedClientRule,
-			Rules: []*checkHostRespRule{{
-				Text: blockedClientRule,
-			}},
-		},
-	}, {
-		name: "allowed_qtype",
-		url:  allowedQTypeURL,
-		want: &checkHostResp{
-			Reason: reasonNames[NotFilteredNotFound],
-			Rule:   "",
-			Rules:  []*checkHostRespRule{},
-		},
-	}, {
-		name: "blocked_qtype",
-		url:  blockedQTypeURL,
-		want: &checkHostResp{
-			Reason: reasonNames[FilteredBlockList],
-			Rule:   blockedQTypeRule,
-			Rules: []*checkHostRespRule{{
-				Text: blockedQTypeRule,
-			}},
-		},
-	}, {
-		name: "blocked_client_qtype",
-		url:  blockedClientQTypeURL,
-		want: &checkHostResp{
-			Reason: reasonNames[FilteredBlockList],
-			Rule:   blockedClientQTypeRule,
-			Rules: []*checkHostRespRule{{
-				Text: blockedClientQTypeRule,
-			}},
-		},
-	}, {
-		name: "allowed_client_qtype",
-		url:  allowedClientQTypeURL,
-		want: &checkHostResp{
-			Reason: reasonNames[NotFilteredNotFound],
-			Rule:   "",
-			Rules:  []*checkHostRespRule{},
-		},
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			r := httptest.NewRequest(http.MethodGet, tc.url, nil)
-			w := httptest.NewRecorder()
-
-			dnsFilter.handleCheckHost(w, r)
-
-			res := &checkHostResp{}
-			err = json.NewDecoder(w.Body).Decode(res)
-			require.NoError(t, err)
-
-			assert.Equal(t, tc.want, res)
-		})
-	}
-}

internal/filtering/safesearch.go

@@ -3,9 +3,6 @@ package filtering
 import "context"
 
 // SafeSearch interface describes a service for search engines hosts rewrites.
-//
-// TODO(s.chzhen):  Move to a higher-level package to allow importing the client
-// package into the filtering package.
 type SafeSearch interface {
 	// CheckHost checks host with safe search filter.  CheckHost must be safe
 	// for concurrent use.  qtype must be either [dns.TypeA] or [dns.TypeAAAA].

internal/home/clients.go

@@ -121,8 +121,6 @@ func (clients *clientsContainer) Init(
 
 	sigHdlr.addClientStorage(clients.storage)
 
-	filteringConf.ApplyClientFiltering = clients.storage.ApplyClientFiltering
-
 	return nil
 }
 

internal/home/dns.go

@@ -247,6 +247,7 @@ func newServerConfig(
 	hosts := aghalg.CoalesceSlice(dnsConf.BindHosts, []netip.Addr{netutil.IPv4Localhost()})
 
 	fwdConf := dnsConf.Config
+	fwdConf.FilterHandler = applyAdditionalFiltering
 	fwdConf.ClientsContainer = clientsContainer
 
 	newConf = &dnsforward.ServerConfig{
@@ -410,6 +411,57 @@ func getDNSEncryption(tlsMgr *tlsManager) (de dnsEncryption) {
 	return de
 }
 
+// applyAdditionalFiltering adds additional client information and settings if
+// the client has them.
+func applyAdditionalFiltering(clientIP netip.Addr, clientID string, setts *filtering.Settings) {
+	// pref is a prefix for logging messages around the scope.
+	const pref = "applying filters"
+
+	globalContext.filters.ApplyBlockedServices(setts)
+
+	log.Debug("%s: looking for client with ip %s and clientid %q", pref, clientIP, clientID)
+
+	if !clientIP.IsValid() {
+		return
+	}
+
+	setts.ClientIP = clientIP
+
+	c, ok := globalContext.clients.storage.Find(clientID)
+	if !ok {
+		c, ok = globalContext.clients.storage.Find(clientIP.String())
+		if !ok {
+			log.Debug("%s: no clients with ip %s and clientid %q", pref, clientIP, clientID)
+
+			return
+		}
+	}
+
+	log.Debug("%s: using settings for client %q (%s; %q)", pref, c.Name, clientIP, clientID)
+
+	if c.UseOwnBlockedServices {
+		// TODO(e.burkov):  Get rid of this crutch.
+		setts.ServicesRules = nil
+		svcs := c.BlockedServices.IDs
+		if !c.BlockedServices.Schedule.Contains(time.Now()) {
+			globalContext.filters.ApplyBlockedServicesList(setts, svcs)
+			log.Debug("%s: services for client %q set: %s", pref, c.Name, svcs)
+		}
+	}
+
+	setts.ClientName = c.Name
+	setts.ClientTags = c.Tags
+	if !c.UseOwnSettings {
+		return
+	}
+
+	setts.FilteringEnabled = c.FilteringEnabled
+	setts.SafeSearchEnabled = c.SafeSearchConf.Enabled
+	setts.ClientSafeSearch = c.SafeSearch
+	setts.SafeBrowsingEnabled = c.SafeBrowsingEnabled
+	setts.ParentalEnabled = c.ParentalEnabled
+}
+
 func startDNSServer() error {
 	config.RLock()
 	defer config.RUnlock()
@@ -443,6 +495,31 @@ func startDNSServer() error {
 	return nil
 }
 
+// reconfigureDNSServer updates the DNS server configuration using the provided
+// TLS settings.  tlsMgr must not be nil.
+func reconfigureDNSServer(tlsMgr *tlsManager) (err error) {
+	tlsConf := &tlsConfigSettings{}
+	tlsMgr.WriteDiskConfig(tlsConf)
+
+	newConf, err := newServerConfig(
+		&config.DNS,
+		config.Clients.Sources,
+		tlsConf,
+		httpRegister,
+		globalContext.clients.storage,
+	)
+	if err != nil {
+		return fmt.Errorf("generating forwarding dns server config: %w", err)
+	}
+
+	err = globalContext.dnsServer.Reconfigure(newConf)
+	if err != nil {
+		return fmt.Errorf("starting forwarding dns server: %w", err)
+	}
+
+	return nil
+}
+
 func stopDNSServer() (err error) {
 	if !isRunning() {
 		return nil

internal/home/dns_internal_test.go

@@ -0,0 +1,206 @@
+package home
+
+import (
+	"net/netip"
+	"testing"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/client"
+	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
+	"github.com/AdguardTeam/AdGuardHome/internal/schedule"
+	"github.com/AdguardTeam/golibs/logutil/slogutil"
+	"github.com/AdguardTeam/golibs/testutil"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+var testIPv4 = netip.AddrFrom4([4]byte{1, 2, 3, 4})
+
+// newStorage is a helper function that returns a client storage filled with
+// persistent clients.  It also generates a UID for each client.
+func newStorage(tb testing.TB, clients []*client.Persistent) (s *client.Storage) {
+	tb.Helper()
+
+	ctx := testutil.ContextWithTimeout(tb, testTimeout)
+	s, err := client.NewStorage(ctx, &client.StorageConfig{
+		Logger: slogutil.NewDiscardLogger(),
+	})
+	require.NoError(tb, err)
+
+	for _, p := range clients {
+		p.UID = client.MustNewUID()
+		require.NoError(tb, s.Add(ctx, p))
+	}
+
+	return s
+}
+
+func TestApplyAdditionalFiltering(t *testing.T) {
+	var err error
+
+	globalContext.filters, err = filtering.New(&filtering.Config{
+		BlockedServices: &filtering.BlockedServices{
+			Schedule: schedule.EmptyWeekly(),
+		},
+	}, nil)
+	require.NoError(t, err)
+
+	globalContext.clients.storage = newStorage(t, []*client.Persistent{{
+		Name:                "default",
+		ClientIDs:           []string{"default"},
+		UseOwnSettings:      false,
+		SafeSearchConf:      filtering.SafeSearchConfig{Enabled: false},
+		FilteringEnabled:    false,
+		SafeBrowsingEnabled: false,
+		ParentalEnabled:     false,
+	}, {
+		Name:                "custom_filtering",
+		ClientIDs:           []string{"custom_filtering"},
+		UseOwnSettings:      true,
+		SafeSearchConf:      filtering.SafeSearchConfig{Enabled: true},
+		FilteringEnabled:    true,
+		SafeBrowsingEnabled: true,
+		ParentalEnabled:     true,
+	}, {
+		Name:                "partial_custom_filtering",
+		ClientIDs:           []string{"partial_custom_filtering"},
+		UseOwnSettings:      true,
+		SafeSearchConf:      filtering.SafeSearchConfig{Enabled: true},
+		FilteringEnabled:    true,
+		SafeBrowsingEnabled: false,
+		ParentalEnabled:     false,
+	}})
+
+	testCases := []struct {
+		name                string
+		id                  string
+		FilteringEnabled    assert.BoolAssertionFunc
+		SafeSearchEnabled   assert.BoolAssertionFunc
+		SafeBrowsingEnabled assert.BoolAssertionFunc
+		ParentalEnabled     assert.BoolAssertionFunc
+	}{{
+		name:                "global_settings",
+		id:                  "default",
+		FilteringEnabled:    assert.False,
+		SafeSearchEnabled:   assert.False,
+		SafeBrowsingEnabled: assert.False,
+		ParentalEnabled:     assert.False,
+	}, {
+		name:                "custom_settings",
+		id:                  "custom_filtering",
+		FilteringEnabled:    assert.True,
+		SafeSearchEnabled:   assert.True,
+		SafeBrowsingEnabled: assert.True,
+		ParentalEnabled:     assert.True,
+	}, {
+		name:                "partial",
+		id:                  "partial_custom_filtering",
+		FilteringEnabled:    assert.True,
+		SafeSearchEnabled:   assert.True,
+		SafeBrowsingEnabled: assert.False,
+		ParentalEnabled:     assert.False,
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			setts := &filtering.Settings{}
+
+			applyAdditionalFiltering(testIPv4, tc.id, setts)
+			tc.FilteringEnabled(t, setts.FilteringEnabled)
+			tc.SafeSearchEnabled(t, setts.SafeSearchEnabled)
+			tc.SafeBrowsingEnabled(t, setts.SafeBrowsingEnabled)
+			tc.ParentalEnabled(t, setts.ParentalEnabled)
+		})
+	}
+}
+
+func TestApplyAdditionalFiltering_blockedServices(t *testing.T) {
+	filtering.InitModule()
+
+	var (
+		globalBlockedServices  = []string{"ok"}
+		clientBlockedServices  = []string{"ok", "mail_ru", "vk"}
+		invalidBlockedServices = []string{"invalid"}
+
+		err error
+	)
+
+	globalContext.filters, err = filtering.New(&filtering.Config{
+		BlockedServices: &filtering.BlockedServices{
+			Schedule: schedule.EmptyWeekly(),
+			IDs:      globalBlockedServices,
+		},
+	}, nil)
+	require.NoError(t, err)
+
+	globalContext.clients.storage = newStorage(t, []*client.Persistent{{
+		Name:                  "default",
+		ClientIDs:             []string{"default"},
+		UseOwnBlockedServices: false,
+	}, {
+		Name:      "no_services",
+		ClientIDs: []string{"no_services"},
+		BlockedServices: &filtering.BlockedServices{
+			Schedule: schedule.EmptyWeekly(),
+		},
+		UseOwnBlockedServices: true,
+	}, {
+		Name:      "services",
+		ClientIDs: []string{"services"},
+		BlockedServices: &filtering.BlockedServices{
+			Schedule: schedule.EmptyWeekly(),
+			IDs:      clientBlockedServices,
+		},
+		UseOwnBlockedServices: true,
+	}, {
+		Name:      "invalid_services",
+		ClientIDs: []string{"invalid_services"},
+		BlockedServices: &filtering.BlockedServices{
+			Schedule: schedule.EmptyWeekly(),
+			IDs:      invalidBlockedServices,
+		},
+		UseOwnBlockedServices: true,
+	}, {
+		Name:      "allow_all",
+		ClientIDs: []string{"allow_all"},
+		BlockedServices: &filtering.BlockedServices{
+			Schedule: schedule.FullWeekly(),
+			IDs:      clientBlockedServices,
+		},
+		UseOwnBlockedServices: true,
+	}})
+
+	testCases := []struct {
+		name    string
+		id      string
+		wantLen int
+	}{{
+		name:    "global_settings",
+		id:      "default",
+		wantLen: len(globalBlockedServices),
+	}, {
+		name:    "custom_settings",
+		id:      "no_services",
+		wantLen: 0,
+	}, {
+		name:    "custom_settings_block",
+		id:      "services",
+		wantLen: len(clientBlockedServices),
+	}, {
+		name:    "custom_settings_invalid",
+		id:      "invalid_services",
+		wantLen: 0,
+	}, {
+		name:    "custom_settings_inactive_schedule",
+		id:      "allow_all",
+		wantLen: 0,
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			setts := &filtering.Settings{}
+
+			applyAdditionalFiltering(testIPv4, tc.id, setts)
+			require.Len(t, setts.ServicesRules, tc.wantLen)
+		})
+	}
+}

internal/home/home.go

@@ -664,8 +664,7 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}, sigHdlr *signalH
 	globalContext.auth, err = initUsers()
 	fatalOnError(err)
 
-	tlsMgrLogger := slogLogger.With(slogutil.KeyPrefix, "tls_manager")
+	tlsMgr, err := newTLSManager(config.TLS, config.DNS.ServePlainDNS)
-	tlsMgr, err := newTLSManager(ctx, tlsMgrLogger, config.TLS, config.DNS.ServePlainDNS)
 	if err != nil {
 		log.Error("initializing tls: %s", err)
 		onConfigModified()

internal/home/signal.go

@@ -116,6 +116,6 @@ func (h *signalHandler) reloadConfig(ctx context.Context) {
 	}
 
 	if h.tlsManager != nil {
-		h.tlsManager.reload(ctx)
+		h.tlsManager.reload()
 	}
 }

internal/home/tls.go

@@ -12,7 +12,6 @@ import (
 	"encoding/json"
 	"encoding/pem"
 	"fmt"
-	"log/slog"
 	"net/http"
 	"os"
 	"strings"
@@ -24,17 +23,13 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/aghtls"
 	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
 	"github.com/AdguardTeam/golibs/errors"
-	"github.com/AdguardTeam/golibs/logutil/slogutil"
+	"github.com/AdguardTeam/golibs/log"
-	"github.com/c2h5oh/datasize"
 	"github.com/google/go-cmp/cmp"
 )
 
 // tlsManager contains the current configuration and state of AdGuard Home TLS
 // encryption.
 type tlsManager struct {
-	// logger is used for logging the operation of the TLS Manager.
-	logger *slog.Logger
-
 	// status is the current status of the configuration.  It is never nil.
 	status *tlsConfigStatus
 
@@ -50,38 +45,31 @@ type tlsManager struct {
 
 // newTLSManager initializes the manager of TLS configuration.  m is always
 // non-nil while any returned error indicates that the TLS configuration isn't
-// valid.  Thus TLS may be initialized later, e.g. via the web UI.  logger must
+// valid.  Thus TLS may be initialized later, e.g. via the web UI.
-// not be nil.
+func newTLSManager(conf tlsConfigSettings, servePlainDNS bool) (m *tlsManager, err error) {
-func newTLSManager(
-	ctx context.Context,
-	logger *slog.Logger,
-	conf tlsConfigSettings,
-	servePlainDNS bool,
-) (m *tlsManager, err error) {
 	m = &tlsManager{
-		logger:        logger,
 		status:        &tlsConfigStatus{},
 		conf:          conf,
 		servePlainDNS: servePlainDNS,
 	}
 
 	if m.conf.Enabled {
-		err = m.load(ctx)
+		err = m.load()
 		if err != nil {
 			m.conf.Enabled = false
 
 			return m, err
 		}
 
-		m.setCertFileTime(ctx)
+		m.setCertFileTime()
 	}
 
 	return m, nil
 }
 
 // load reloads the TLS configuration from files or data from the config file.
-func (m *tlsManager) load(ctx context.Context) (err error) {
+func (m *tlsManager) load() (err error) {
-	err = m.loadTLSConf(ctx, &m.conf, m.status)
+	err = loadTLSConf(&m.conf, m.status)
 	if err != nil {
 		return fmt.Errorf("loading config: %w", err)
 	}
@@ -96,16 +84,16 @@ func (m *tlsManager) WriteDiskConfig(conf *tlsConfigSettings) {
 	m.confLock.Unlock()
 }
 
-// setCertFileTime sets [tlsManager.certLastMod] from the certificate.  If there
+// setCertFileTime sets t.certLastMod from the certificate.  If there are
-// are errors, setCertFileTime logs them.
+// errors, setCertFileTime logs them.
-func (m *tlsManager) setCertFileTime(ctx context.Context) {
+func (m *tlsManager) setCertFileTime() {
 	if len(m.conf.CertificatePath) == 0 {
 		return
 	}
 
 	fi, err := os.Stat(m.conf.CertificatePath)
 	if err != nil {
-		m.logger.ErrorContext(ctx, "looking up certificate path", slogutil.KeyError, err)
+		log.Error("tls: looking up certificate path: %s", err)
 
 		return
 	}
@@ -129,8 +117,8 @@ func (m *tlsManager) start(_ context.Context) {
 	globalContext.web.tlsConfigChanged(context.Background(), tlsConf)
 }
 
-// reload updates the configuration and restarts the TLS manager.
+// reload updates the configuration and restarts t.
-func (m *tlsManager) reload(ctx context.Context) {
+func (m *tlsManager) reload() {
 	m.confLock.Lock()
 	tlsConf := m.conf
 	m.confLock.Unlock()
@@ -139,37 +127,33 @@ func (m *tlsManager) reload(ctx context.Context) {
 		return
 	}
 
-	certPath := tlsConf.CertificatePath
+	fi, err := os.Stat(tlsConf.CertificatePath)
-	fi, err := os.Stat(certPath)
 	if err != nil {
-		m.logger.ErrorContext(ctx, "checking certificate file", slogutil.KeyError, err)
+		log.Error("tls: %s", err)
 
 		return
 	}
 
 	if fi.ModTime().UTC().Equal(m.certLastMod) {
-		m.logger.InfoContext(ctx, "certificate file is not modified")
+		log.Debug("tls: certificate file isn't modified")
 
 		return
 	}
 
-	m.logger.InfoContext(ctx, "certificate file is modified")
+	log.Debug("tls: certificate file is modified")
 
 	m.confLock.Lock()
-	err = m.load(ctx)
+	err = m.load()
 	m.confLock.Unlock()
 	if err != nil {
-		m.logger.ErrorContext(ctx, "reloading", slogutil.KeyError, err)
+		log.Error("tls: reloading: %s", err)
 
 		return
 	}
 
 	m.certLastMod = fi.ModTime().UTC()
 
-	err = m.reconfigureDNSServer()
+	_ = reconfigureDNSServer(m)
-	if err != nil {
-		m.logger.ErrorContext(ctx, "reconfiguring dns server", slogutil.KeyError, err)
-	}
 
 	m.confLock.Lock()
 	tlsConf = m.conf
@@ -181,38 +165,9 @@ func (m *tlsManager) reload(ctx context.Context) {
 	globalContext.web.tlsConfigChanged(context.Background(), tlsConf)
 }
 
-// reconfigureDNSServer updates the DNS server configuration using the stored
-// TLS settings.
-func (m *tlsManager) reconfigureDNSServer() (err error) {
-	tlsConf := &tlsConfigSettings{}
-	m.WriteDiskConfig(tlsConf)
-
-	newConf, err := newServerConfig(
-		&config.DNS,
-		config.Clients.Sources,
-		tlsConf,
-		httpRegister,
-		globalContext.clients.storage,
-	)
-	if err != nil {
-		return fmt.Errorf("generating forwarding dns server config: %w", err)
-	}
-
-	err = globalContext.dnsServer.Reconfigure(newConf)
-	if err != nil {
-		return fmt.Errorf("starting forwarding dns server: %w", err)
-	}
-
-	return nil
-}
-
 // loadTLSConf loads and validates the TLS configuration.  The returned error is
 // also set in status.WarningValidation.
-func (m *tlsManager) loadTLSConf(
+func loadTLSConf(tlsConf *tlsConfigSettings, status *tlsConfigStatus) (err error) {
-	ctx context.Context,
-	tlsConf *tlsConfigSettings,
-	status *tlsConfigStatus,
-) (err error) {
 	defer func() {
 		if err != nil {
 			status.WarningValidation = err.Error()
@@ -235,8 +190,7 @@ func (m *tlsManager) loadTLSConf(
 		return err
 	}
 
-	err = m.validateCertificates(
+	err = validateCertificates(
-		ctx,
 		status,
 		tlsConf.CertificateChainData,
 		tlsConf.PrivateKeyData,
@@ -388,7 +342,7 @@ func (m *tlsManager) handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 	// Skip the error check, since we are only interested in the value of
 	// status.WarningValidation.
 	status := &tlsConfigStatus{}
-	_ = m.loadTLSConf(r.Context(), &setts.tlsConfigSettings, status)
+	_ = loadTLSConf(&setts.tlsConfigSettings, status)
 	resp := tlsConfig{
 		tlsConfigSettingsExt: setts,
 		tlsConfigStatus:      status,
@@ -399,7 +353,6 @@ func (m *tlsManager) handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 
 // setConfig updates manager conf with the given one.
 func (m *tlsManager) setConfig(
-	ctx context.Context,
 	newConf tlsConfigSettings,
 	status *tlsConfigStatus,
 	servePlain aghalg.NullBool,
@@ -414,10 +367,10 @@ func (m *tlsManager) setConfig(
 	newConf.DNSCryptConfigFile = m.conf.DNSCryptConfigFile
 	newConf.PortDNSCrypt = m.conf.PortDNSCrypt
 	if !cmp.Equal(m.conf, newConf, cmp.AllowUnexported(dnsforward.TLSConfig{})) {
-		m.logger.InfoContext(ctx, "config has changed, restarting https server")
+		log.Info("tls config has changed, restarting https server")
 		restartHTTPS = true
 	} else {
-		m.logger.InfoContext(ctx, "config has not changed")
+		log.Info("tls: config has not changed")
 	}
 
 	// Note: don't do just `t.conf = data` because we must preserve all other members of t.conf
@@ -445,8 +398,6 @@ func (m *tlsManager) setConfig(
 // handleTLSConfigure is the handler for the POST /control/tls/configure HTTP
 // API.
 func (m *tlsManager) handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-
 	req, err := unmarshalTLS(r)
 	if err != nil {
 		aghhttp.Error(r, w, http.StatusBadRequest, "Failed to unmarshal TLS config: %s", err)
@@ -465,7 +416,7 @@ func (m *tlsManager) handleTLSConfigure(w http.ResponseWriter, r *http.Request)
 	}
 
 	status := &tlsConfigStatus{}
-	err = m.loadTLSConf(ctx, &req.tlsConfigSettings, status)
+	err = loadTLSConf(&req.tlsConfigSettings, status)
 	if err != nil {
 		resp := tlsConfig{
 			tlsConfigSettingsExt: req,
@@ -477,8 +428,8 @@ func (m *tlsManager) handleTLSConfigure(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	restartHTTPS := m.setConfig(ctx, req.tlsConfigSettings, status, req.ServePlainDNS)
+	restartHTTPS := m.setConfig(req.tlsConfigSettings, status, req.ServePlainDNS)
-	m.setCertFileTime(ctx)
+	m.setCertFileTime()
 
 	if req.ServePlainDNS != aghalg.NBNull {
 		func() {
@@ -491,10 +442,8 @@ func (m *tlsManager) handleTLSConfigure(w http.ResponseWriter, r *http.Request)
 
 	onConfigModified()
 
-	err = m.reconfigureDNSServer()
+	err = reconfigureDNSServer(m)
 	if err != nil {
-		m.logger.ErrorContext(ctx, "reconfiguring dns server", slogutil.KeyError, err)
-
 		aghhttp.Error(r, w, http.StatusInternalServerError, "%s", err)
 
 		return
@@ -581,27 +530,15 @@ func validatePorts(
 
 // validateCertChain verifies certs using the first as the main one and others
 // as intermediate.  srvName stands for the expected DNS name.
-func (m *tlsManager) validateCertChain(
+func validateCertChain(certs []*x509.Certificate, srvName string) (err error) {
-	ctx context.Context,
-	certs []*x509.Certificate,
-	srvName string,
-) (err error) {
 	main, others := certs[0], certs[1:]
 
 	pool := x509.NewCertPool()
 	for _, cert := range others {
+		log.Info("tls: got an intermediate cert")
 		pool.AddCert(cert)
 	}
 
-	othersLen := len(others)
-	if othersLen > 0 {
-		m.logger.InfoContext(
-			ctx,
-			"verifying certificate chain: got an intermediate cert",
-			"num", othersLen,
-		)
-	}
-
 	opts := x509.VerifyOptions{
 		DNSName:       srvName,
 		Roots:         globalContext.tlsRoots,
@@ -615,18 +552,15 @@ func (m *tlsManager) validateCertChain(
 	return nil
 }
 
-// errNoIPInCert is the error that is returned from [tlsManager.parseCertChain]
+// errNoIPInCert is the error that is returned from [parseCertChain] if the leaf
-// if the leaf certificate doesn't contain IPs.
+// certificate doesn't contain IPs.
 const errNoIPInCert errors.Error = `certificates has no IP addresses; ` +
 	`DNS-over-TLS won't be advertised via DDR`
 
 // parseCertChain parses the certificate chain from raw data, and returns it.
 // If ok is true, the returned error, if any, is not critical.
-func (m *tlsManager) parseCertChain(
+func parseCertChain(chain []byte) (parsedCerts []*x509.Certificate, ok bool, err error) {
-	ctx context.Context,
+	log.Debug("tls: got certificate chain: %d bytes", len(chain))
-	chain []byte,
-) (parsedCerts []*x509.Certificate, ok bool, err error) {
-	m.logger.DebugContext(ctx, "parsing certificate chain", "size", datasize.ByteSize(len(chain)))
 
 	var certs []*pem.Block
 	for decoded, pemblock := pem.Decode(chain); decoded != nil; {
@@ -642,7 +576,7 @@ func (m *tlsManager) parseCertChain(
 		return nil, false, err
 	}
 
-	m.logger.InfoContext(ctx, "parsing multiple pem certificates", "num", len(parsedCerts))
+	log.Info("tls: number of certs: %d", len(parsedCerts))
 
 	if !aghtls.CertificateHasIP(parsedCerts[0]) {
 		err = errNoIPInCert
@@ -709,8 +643,7 @@ func validatePKey(pkey []byte) (keyType string, err error) {
 // validateCertificates processes certificate data and its private key.  status
 // must not be nil, since it's used to accumulate the validation results.  Other
 // parameters are optional.
-func (m *tlsManager) validateCertificates(
+func validateCertificates(
-	ctx context.Context,
 	status *tlsConfigStatus,
 	certChain []byte,
 	pkey []byte,
@@ -719,7 +652,7 @@ func (m *tlsManager) validateCertificates(
 	// Check only the public certificate separately from the key.
 	if len(certChain) > 0 {
 		var certs []*x509.Certificate
-		certs, status.ValidCert, err = m.parseCertChain(ctx, certChain)
+		certs, status.ValidCert, err = parseCertChain(certChain)
 		if !status.ValidCert {
 			// Don't wrap the error, since it's informative enough as is.
 			return err
@@ -732,7 +665,7 @@ func (m *tlsManager) validateCertificates(
 		status.NotBefore = mainCert.NotBefore
 		status.DNSNames = mainCert.DNSNames
 
-		if chainErr := m.validateCertChain(ctx, certs, serverName); chainErr != nil {
+		if chainErr := validateCertChain(certs, serverName); chainErr != nil {
 			// Let self-signed certs through and don't return this error to set
 			// its message into the status.WarningValidation afterwards.
 			err = chainErr

internal/home/tls_internal_test.go

@@ -1,33 +1,11 @@
 package home
 
 import (
-	"bytes"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/tls"
-	"crypto/x509"
-	"encoding/base64"
-	"encoding/json"
-	"encoding/pem"
-	"fmt"
-	"math/big"
-	"net"
-	"net/http"
-	"net/http/httptest"
-	"net/netip"
-	"os"
-	"path/filepath"
 	"testing"
 	"time"
 
-	"github.com/AdguardTeam/AdGuardHome/internal/aghalg"
-	"github.com/AdguardTeam/AdGuardHome/internal/client"
-	"github.com/AdguardTeam/AdGuardHome/internal/dnsforward"
-	"github.com/AdguardTeam/golibs/logutil/slogutil"
 	"github.com/AdguardTeam/golibs/testutil"
-	"github.com/AdguardTeam/golibs/timeutil"
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 )
 
 var testCertChainData = []byte(`-----BEGIN CERTIFICATE-----
@@ -63,15 +41,9 @@ kXS9jgARhhiWXJrk
 -----END PRIVATE KEY-----`)
 
 func TestValidateCertificates(t *testing.T) {
-	ctx := testutil.ContextWithTimeout(t, testTimeout)
-	logger := slogutil.NewDiscardLogger()
-
-	m, err := newTLSManager(ctx, logger, tlsConfigSettings{}, false)
-	require.NoError(t, err)
-
 	t.Run("bad_certificate", func(t *testing.T) {
 		status := &tlsConfigStatus{}
-		err = m.validateCertificates(ctx, status, []byte("bad cert"), nil, "")
+		err := validateCertificates(status, []byte("bad cert"), nil, "")
 		testutil.AssertErrorMsg(t, "empty certificate", err)
 		assert.False(t, status.ValidCert)
 		assert.False(t, status.ValidChain)
@@ -79,14 +51,14 @@ func TestValidateCertificates(t *testing.T) {
 
 	t.Run("bad_private_key", func(t *testing.T) {
 		status := &tlsConfigStatus{}
-		err = m.validateCertificates(ctx, status, nil, []byte("bad priv key"), "")
+		err := validateCertificates(status, nil, []byte("bad priv key"), "")
 		testutil.AssertErrorMsg(t, "no valid keys were found", err)
 		assert.False(t, status.ValidKey)
 	})
 
 	t.Run("valid", func(t *testing.T) {
 		status := &tlsConfigStatus{}
-		err = m.validateCertificates(ctx, status, testCertChainData, testPrivateKeyData, "")
+		err := validateCertificates(status, testCertChainData, testPrivateKeyData, "")
 		assert.Error(t, err)
 
 		notBefore := time.Date(2019, 2, 27, 9, 24, 23, 0, time.UTC)
@@ -103,422 +75,3 @@ func TestValidateCertificates(t *testing.T) {
 		assert.True(t, status.ValidPair)
 	})
 }
-
-// storeGlobals is a test helper function that saves global variables and
-// restores them once the test is complete.
-//
-// The global variables are:
-//   - [configuration.dns]
-//   - [homeContext.clients.storage]
-//   - [homeContext.dnsServer]
-//   - [homeContext.mux]
-//   - [homeContext.web]
-//
-// TODO(s.chzhen):  Remove this once the TLS manager no longer accesses global
-// variables.  Make tests that use this helper concurrent.
-func storeGlobals(tb testing.TB) {
-	tb.Helper()
-
-	prevConfig := config
-	storage := globalContext.clients.storage
-	dnsServer := globalContext.dnsServer
-	mux := globalContext.mux
-	web := globalContext.web
-
-	tb.Cleanup(func() {
-		config = prevConfig
-		globalContext.clients.storage = storage
-		globalContext.dnsServer = dnsServer
-		globalContext.mux = mux
-		globalContext.web = web
-	})
-}
-
-// newCertAndKey is a helper function that generates certificate and key.
-func newCertAndKey(tb testing.TB, n int64) (certDER []byte, key *rsa.PrivateKey) {
-	tb.Helper()
-
-	key, err := rsa.GenerateKey(rand.Reader, 2048)
-	require.NoError(tb, err)
-
-	certTmpl := &x509.Certificate{
-		SerialNumber: big.NewInt(n),
-	}
-
-	certDER, err = x509.CreateCertificate(rand.Reader, certTmpl, certTmpl, &key.PublicKey, key)
-	require.NoError(tb, err)
-
-	return certDER, key
-}
-
-// writeCertAndKey is a helper function that writes certificate and key to
-// specified paths.
-func writeCertAndKey(
-	tb testing.TB,
-	certDER []byte,
-	certPath string,
-	key *rsa.PrivateKey,
-	keyPath string,
-) {
-	tb.Helper()
-
-	certFile, err := os.OpenFile(certPath, os.O_WRONLY|os.O_CREATE, 0o600)
-	require.NoError(tb, err)
-
-	defer func() {
-		err = certFile.Close()
-		require.NoError(tb, err)
-	}()
-
-	err = pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: certDER})
-	require.NoError(tb, err)
-
-	keyFile, err := os.OpenFile(keyPath, os.O_WRONLY|os.O_CREATE, 0o600)
-	require.NoError(tb, err)
-
-	defer func() {
-		err = keyFile.Close()
-		require.NoError(tb, err)
-	}()
-
-	err = pem.Encode(keyFile, &pem.Block{
-		Type:  "RSA PRIVATE KEY",
-		Bytes: x509.MarshalPKCS1PrivateKey(key),
-	})
-	require.NoError(tb, err)
-}
-
-// assertCertSerialNumber is a helper function that checks serial number of the
-// TLS certificate.
-func assertCertSerialNumber(tb testing.TB, conf *tlsConfigSettings, wantSN int64) {
-	tb.Helper()
-
-	cert, err := tls.X509KeyPair(conf.CertificateChainData, conf.PrivateKeyData)
-	require.NoError(tb, err)
-
-	assert.Equal(tb, wantSN, cert.Leaf.SerialNumber.Int64())
-}
-
-func TestTLSManager_Reload(t *testing.T) {
-	storeGlobals(t)
-
-	var (
-		logger = slogutil.NewDiscardLogger()
-		ctx    = testutil.ContextWithTimeout(t, testTimeout)
-		err    error
-	)
-
-	globalContext.dnsServer, err = dnsforward.NewServer(dnsforward.DNSCreateParams{
-		Logger: logger,
-	})
-	require.NoError(t, err)
-
-	globalContext.clients.storage, err = client.NewStorage(ctx, &client.StorageConfig{
-		Logger: logger,
-		Clock:  timeutil.SystemClock{},
-	})
-	require.NoError(t, err)
-
-	globalContext.mux = http.NewServeMux()
-
-	globalContext.web, err = initWeb(ctx, options{}, nil, nil, logger, nil, false)
-	require.NoError(t, err)
-
-	const (
-		snBefore int64 = 1
-		snAfter  int64 = 2
-	)
-
-	tmpDir := t.TempDir()
-	certPath := filepath.Join(tmpDir, "cert.pem")
-	keyPath := filepath.Join(tmpDir, "key.pem")
-
-	certDER, key := newCertAndKey(t, snBefore)
-	writeCertAndKey(t, certDER, certPath, key, keyPath)
-
-	m, err := newTLSManager(ctx, logger, tlsConfigSettings{
-		Enabled: true,
-		TLSConfig: dnsforward.TLSConfig{
-			CertificatePath: certPath,
-			PrivateKeyPath:  keyPath,
-		},
-	}, false)
-	require.NoError(t, err)
-
-	conf := &tlsConfigSettings{}
-	m.WriteDiskConfig(conf)
-	assertCertSerialNumber(t, conf, snBefore)
-
-	certDER, key = newCertAndKey(t, snAfter)
-	writeCertAndKey(t, certDER, certPath, key, keyPath)
-
-	m.reload(ctx)
-
-	m.WriteDiskConfig(conf)
-	assertCertSerialNumber(t, conf, snAfter)
-}
-
-func TestTLSManager_HandleTLSStatus(t *testing.T) {
-	var (
-		logger = slogutil.NewDiscardLogger()
-		ctx    = testutil.ContextWithTimeout(t, testTimeout)
-		err    error
-	)
-
-	m, err := newTLSManager(ctx, logger, tlsConfigSettings{
-		Enabled: true,
-		TLSConfig: dnsforward.TLSConfig{
-			CertificateChain: string(testCertChainData),
-			PrivateKey:       string(testPrivateKeyData),
-		},
-	}, false)
-	require.NoError(t, err)
-
-	w := httptest.NewRecorder()
-	r := httptest.NewRequest(http.MethodGet, "/control/tls/status", nil)
-	m.handleTLSStatus(w, r)
-
-	res := &tlsConfigSettingsExt{}
-	err = json.NewDecoder(w.Body).Decode(res)
-	require.NoError(t, err)
-
-	wantCertificateChain := base64.StdEncoding.EncodeToString(testCertChainData)
-	assert.True(t, res.Enabled)
-	assert.Equal(t, wantCertificateChain, res.CertificateChain)
-	assert.True(t, res.PrivateKeySaved)
-}
-
-func TestValidateTLSSettings(t *testing.T) {
-	storeGlobals(t)
-
-	var (
-		logger = slogutil.NewDiscardLogger()
-		ctx    = testutil.ContextWithTimeout(t, testTimeout)
-		err    error
-	)
-
-	ln, err := net.Listen("tcp", ":0")
-	require.NoError(t, err)
-
-	testutil.CleanupAndRequireSuccess(t, ln.Close)
-
-	addr := testutil.RequireTypeAssert[*net.TCPAddr](t, ln.Addr())
-
-	busyPort := addr.Port
-
-	globalContext.mux = http.NewServeMux()
-
-	globalContext.web, err = initWeb(ctx, options{}, nil, nil, logger, nil, false)
-	require.NoError(t, err)
-
-	testCases := []struct {
-		setts   tlsConfigSettingsExt
-		name    string
-		wantErr string
-	}{{
-		name:    "basic",
-		setts:   tlsConfigSettingsExt{},
-		wantErr: "",
-	}, {
-		setts: tlsConfigSettingsExt{
-			ServePlainDNS: aghalg.NBFalse,
-		},
-		name:    "disabled_all",
-		wantErr: "plain DNS is required in case encryption protocols are disabled",
-	}, {
-		setts: tlsConfigSettingsExt{
-			tlsConfigSettings: tlsConfigSettings{
-				Enabled:   true,
-				PortHTTPS: uint16(busyPort),
-			},
-		},
-		name:    "busy_port",
-		wantErr: fmt.Sprintf("port %d is not available, cannot enable HTTPS on it", busyPort),
-	}, {
-		setts: tlsConfigSettingsExt{
-			tlsConfigSettings: tlsConfigSettings{
-				Enabled:        true,
-				PortHTTPS:      4433,
-				PortDNSOverTLS: 4433,
-			},
-		},
-		name:    "duplicate_port",
-		wantErr: "validating tcp ports: duplicated values: [4433]",
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			err = validateTLSSettings(tc.setts)
-			testutil.AssertErrorMsg(t, tc.wantErr, err)
-		})
-	}
-}
-
-func TestTLSManager_HandleTLSValidate(t *testing.T) {
-	storeGlobals(t)
-
-	var (
-		logger = slogutil.NewDiscardLogger()
-		ctx    = testutil.ContextWithTimeout(t, testTimeout)
-		err    error
-	)
-
-	globalContext.mux = http.NewServeMux()
-
-	globalContext.web, err = initWeb(ctx, options{}, nil, nil, logger, nil, false)
-	require.NoError(t, err)
-
-	m, err := newTLSManager(ctx, logger, tlsConfigSettings{
-		Enabled: true,
-		TLSConfig: dnsforward.TLSConfig{
-			CertificateChain: string(testCertChainData),
-			PrivateKey:       string(testPrivateKeyData),
-		},
-	}, false)
-	require.NoError(t, err)
-
-	setts := &tlsConfigSettingsExt{
-		tlsConfigSettings: tlsConfigSettings{
-			Enabled: true,
-			TLSConfig: dnsforward.TLSConfig{
-				CertificateChain: base64.StdEncoding.EncodeToString(testCertChainData),
-				PrivateKey:       base64.StdEncoding.EncodeToString(testPrivateKeyData),
-			},
-		},
-	}
-
-	req, err := json.Marshal(setts)
-	require.NoError(t, err)
-
-	w := httptest.NewRecorder()
-	r := httptest.NewRequest(http.MethodPost, "/control/tls/validate", bytes.NewReader(req))
-	m.handleTLSValidate(w, r)
-
-	res := &tlsConfigStatus{}
-	err = json.NewDecoder(w.Body).Decode(res)
-	require.NoError(t, err)
-
-	cert, err := tls.X509KeyPair(testCertChainData, testPrivateKeyData)
-	require.NoError(t, err)
-
-	wantIssuer := cert.Leaf.Issuer.String()
-	assert.Equal(t, wantIssuer, res.Issuer)
-}
-
-func TestTLSManager_HandleTLSConfigure(t *testing.T) {
-	// Store the global state before making any changes.
-	storeGlobals(t)
-
-	var (
-		logger = slogutil.NewDiscardLogger()
-		ctx    = testutil.ContextWithTimeout(t, testTimeout)
-		err    error
-	)
-
-	globalContext.dnsServer, err = dnsforward.NewServer(dnsforward.DNSCreateParams{
-		Logger: logger,
-	})
-	require.NoError(t, err)
-
-	err = globalContext.dnsServer.Prepare(&dnsforward.ServerConfig{
-		Config: dnsforward.Config{
-			UpstreamMode:     dnsforward.UpstreamModeLoadBalance,
-			EDNSClientSubnet: &dnsforward.EDNSClientSubnet{Enabled: false},
-			ClientsContainer: dnsforward.EmptyClientsContainer{},
-		},
-		ServePlainDNS: true,
-	})
-	require.NoError(t, err)
-
-	globalContext.clients.storage, err = client.NewStorage(ctx, &client.StorageConfig{
-		Logger: logger,
-		Clock:  timeutil.SystemClock{},
-	})
-	require.NoError(t, err)
-
-	globalContext.mux = http.NewServeMux()
-
-	globalContext.web, err = initWeb(ctx, options{}, nil, nil, logger, nil, false)
-	require.NoError(t, err)
-
-	config.DNS.BindHosts = []netip.Addr{netip.MustParseAddr("127.0.0.1")}
-	config.DNS.Port = 0
-
-	const wantSerialNumber int64 = 1
-
-	// Prepare the TLS manager configuration.
-	tmpDir := t.TempDir()
-	certPath := filepath.Join(tmpDir, "cert.pem")
-	keyPath := filepath.Join(tmpDir, "key.pem")
-
-	certDER, key := newCertAndKey(t, wantSerialNumber)
-	writeCertAndKey(t, certDER, certPath, key, keyPath)
-
-	// Initialize the TLS manager and assert its configuration.
-	m, err := newTLSManager(ctx, logger, tlsConfigSettings{
-		Enabled: true,
-		TLSConfig: dnsforward.TLSConfig{
-			CertificatePath: certPath,
-			PrivateKeyPath:  keyPath,
-		},
-	}, true)
-	require.NoError(t, err)
-
-	conf := &tlsConfigSettings{}
-	m.WriteDiskConfig(conf)
-	assertCertSerialNumber(t, conf, wantSerialNumber)
-
-	// Prepare a request with the new TLS configuration.
-	setts := &tlsConfigSettingsExt{
-		tlsConfigSettings: tlsConfigSettings{
-			Enabled:   true,
-			PortHTTPS: 4433,
-			TLSConfig: dnsforward.TLSConfig{
-				CertificateChain: base64.StdEncoding.EncodeToString(testCertChainData),
-				PrivateKey:       base64.StdEncoding.EncodeToString(testPrivateKeyData),
-			},
-		},
-	}
-
-	req, err := json.Marshal(setts)
-	require.NoError(t, err)
-
-	r := httptest.NewRequest(http.MethodPost, "/control/tls/configure", bytes.NewReader(req))
-	w := httptest.NewRecorder()
-
-	// Reconfigure the TLS manager.
-	m.handleTLSConfigure(w, r)
-
-	// The [tlsManager.handleTLSConfigure] method will start the DNS server and
-	// it should be stopped after the test ends.
-	testutil.CleanupAndRequireSuccess(t, globalContext.dnsServer.Stop)
-
-	res := &tlsConfig{
-		tlsConfigStatus: &tlsConfigStatus{},
-	}
-	err = json.NewDecoder(w.Body).Decode(res)
-	require.NoError(t, err)
-
-	cert, err := tls.X509KeyPair(testCertChainData, testPrivateKeyData)
-	require.NoError(t, err)
-
-	wantIssuer := cert.Leaf.Issuer.String()
-	assert.Equal(t, wantIssuer, res.tlsConfigStatus.Issuer)
-
-	// Assert that the Web API's TLS configuration has been updated.
-	//
-	// TODO(s.chzhen):  Remove when [httpsServer.cond] is removed.
-	assert.Eventually(t, func() bool {
-		globalContext.web.httpsServer.condLock.Lock()
-		defer globalContext.web.httpsServer.condLock.Unlock()
-
-		cert = globalContext.web.httpsServer.cert
-		if cert.Leaf == nil {
-			return false
-		}
-
-		assert.Equal(t, wantIssuer, cert.Leaf.Issuer.String())
-
-		return true
-	}, testTimeout, testTimeout/10)
-}

openapi/CHANGELOG.md

@@ -4,12 +4,6 @@
 
 ## v0.108.0: API changes
 
-## v0.107.58: API changes
-
-### The ability to check rules for query types and/or clients: GET /control/check_host
-
-- Added optional `client` and `qtype` URL query parameters.
-
 ## v0.107.57: API changes
 
 - The new field `"upstream_timeout"` in `GET /control/dns_info` and `POST /control/dns_config` is the number of seconds to wait for a response from the upstream server.

openapi/openapi.yaml

@@ -739,20 +739,6 @@
       - 'name': 'name'
         'in': 'query'
         'description': 'Filter by host name'
-        'required': true
-        'example': 'google.com'
-        'schema':
-          'type': 'string'
-      - 'name': 'client'
-        'in': 'query'
-        'description': 'Optional ClientID or client IP address'
-        'example': '192.0.2.1'
-        'schema':
-          'type': 'string'
-      - 'name': 'qtype'
-        'in': 'query'
-        'description': 'Optional DNS type'
-        'example': 'AAAA'
         'schema':
           'type': 'string'
       'responses':