From 93a0601f410b0bc80af093b4ee27240742d0f801 Mon Sep 17 00:00:00 2001
From: Stanislav Chzhen <s.chzhen@adguard.com>
Date: Mon, 7 Aug 2023 16:07:21 +0300
Subject: [PATCH] Pull request 1952: 5948-fix-dns-filter

Updates #5948.

Squashed commit of the following:

commit 9dbc197f004a19211e5fedeb9bdd7075e2915fce
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Mon Aug 7 15:06:38 2023 +0300

    all: imp chlog

commit fbcccc2ff3663fc8ae0cd75ef6ac4cdcc0fa7d36
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Thu Aug 3 16:58:35 2023 +0300

    all: upd chlog

commit 4f9e8fcbfb4d43fd98a99529f20e9d40946ee5c1
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Wed Aug 2 19:24:42 2023 +0300

    dnsforward: fix dns filter
---
 CHANGELOG.md                           | 7 +++++++
 internal/dnsforward/dnsforward.go      | 2 +-
 internal/dnsforward/dnsforward_test.go | 4 ++--
 internal/dnsforward/filter.go          | 4 ----
 internal/dnsforward/http.go            | 2 +-
 internal/dnsforward/process.go         | 6 +-----
 internal/dnsforward/upstreams.go       | 2 +-
 7 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 962759ba..fd62f541 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -53,6 +53,13 @@ In this release, the schema version has changed from 24 to 25.
   remove the new object `pprof`, set back `debug_pprof`, and change the
   `schema_version` back to `24`.
 
+### Fixed
+
+- Panic on shutting down while DNS requests are in process of filtering
+  ([#5948]).
+
+[#5948]: https://github.com/AdguardTeam/AdGuardHome/issues/5948
+
 <!--
 NOTE: Add new changes ABOVE THIS COMMENT.
 -->
diff --git a/internal/dnsforward/dnsforward.go b/internal/dnsforward/dnsforward.go
index 894d2ecd..fcc0fa5f 100644
--- a/internal/dnsforward/dnsforward.go
+++ b/internal/dnsforward/dnsforward.go
@@ -244,7 +244,7 @@ func (s *Server) Close() {
 	s.serverLock.Lock()
 	defer s.serverLock.Unlock()
 
-	s.dnsFilter = nil
+	// TODO(s.chzhen):  Remove it.
 	s.stats = nil
 	s.queryLog = nil
 	s.dnsProxy = nil
diff --git a/internal/dnsforward/dnsforward_test.go b/internal/dnsforward/dnsforward_test.go
index e1927a65..2874cef3 100644
--- a/internal/dnsforward/dnsforward_test.go
+++ b/internal/dnsforward/dnsforward_test.go
@@ -335,7 +335,7 @@ func TestServer_timeout(t *testing.T) {
 			},
 		}
 
-		s, err := NewServer(DNSCreateParams{})
+		s, err := NewServer(DNSCreateParams{DNSFilter: &filtering.DNSFilter{}})
 		require.NoError(t, err)
 
 		err = s.Prepare(srvConf)
@@ -345,7 +345,7 @@ func TestServer_timeout(t *testing.T) {
 	})
 
 	t.Run("default", func(t *testing.T) {
-		s, err := NewServer(DNSCreateParams{})
+		s, err := NewServer(DNSCreateParams{DNSFilter: &filtering.DNSFilter{}})
 		require.NoError(t, err)
 
 		s.conf.FilteringConfig.BlockingMode = BlockingModeDefault
diff --git a/internal/dnsforward/filter.go b/internal/dnsforward/filter.go
index 4dee0c07..74df1a6b 100644
--- a/internal/dnsforward/filter.go
+++ b/internal/dnsforward/filter.go
@@ -145,10 +145,6 @@ func (s *Server) checkHostRules(host string, rrtype uint16, setts *filtering.Set
 	s.serverLock.RLock()
 	defer s.serverLock.RUnlock()
 
-	if s.dnsFilter == nil {
-		return nil, nil
-	}
-
 	var res filtering.Result
 	res, err = s.dnsFilter.CheckHostRules(host, rrtype, setts)
 	if err != nil {
diff --git a/internal/dnsforward/http.go b/internal/dnsforward/http.go
index 761cbeb4..49fc040d 100644
--- a/internal/dnsforward/http.go
+++ b/internal/dnsforward/http.go
@@ -667,7 +667,7 @@ func (s *Server) parseUpstreamLine(
 		PreferIPv6: opts.PreferIPv6,
 	}
 
-	if s.dnsFilter != nil && s.dnsFilter.EtcHosts != nil {
+	if s.dnsFilter.EtcHosts != nil {
 		resolved := s.resolveUpstreamHost(extractUpstreamHost(upstreamAddr))
 		sortNetIPAddrs(resolved, opts.PreferIPv6)
 		opts.ServerIPAddrs = resolved
diff --git a/internal/dnsforward/process.go b/internal/dnsforward/process.go
index 13a8a2eb..2abfbac4 100644
--- a/internal/dnsforward/process.go
+++ b/internal/dnsforward/process.go
@@ -762,10 +762,6 @@ func (s *Server) processFilteringBeforeRequest(ctx *dnsContext) (rc resultCode)
 	s.serverLock.RLock()
 	defer s.serverLock.RUnlock()
 
-	if s.dnsFilter == nil {
-		return resultCodeSuccess
-	}
-
 	var err error
 	if ctx.result, err = s.filterDNSRequest(ctx); err != nil {
 		ctx.err = err
@@ -972,7 +968,7 @@ func (s *Server) filterAfterResponse(dctx *dnsContext, pctx *proxy.DNSContext) (
 	// Check the response only if it's from an upstream.  Don't check the
 	// response if the protection is disabled since dnsrewrite rules aren't
 	// applied to it anyway.
-	if !dctx.protectionEnabled || !dctx.responseFromUpstream || s.dnsFilter == nil {
+	if !dctx.protectionEnabled || !dctx.responseFromUpstream {
 		return resultCodeSuccess
 	}
 
diff --git a/internal/dnsforward/upstreams.go b/internal/dnsforward/upstreams.go
index 6d1eac1f..94d96ede 100644
--- a/internal/dnsforward/upstreams.go
+++ b/internal/dnsforward/upstreams.go
@@ -94,7 +94,7 @@ func (s *Server) prepareUpstreamConfig(
 		uc.Upstreams = defaultUpstreamConfig.Upstreams
 	}
 
-	if s.dnsFilter != nil && s.dnsFilter.EtcHosts != nil {
+	if s.dnsFilter.EtcHosts != nil {
 		err = s.replaceUpstreamsWithHosts(uc, opts)
 		if err != nil {
 			return nil, fmt.Errorf("resolving upstreams with hosts: %w", err)