From d27c3284f6fcc7218e249d207e7a6c08c4423fa5 Mon Sep 17 00:00:00 2001 From: Eugene Burkov Date: Wed, 23 Mar 2022 16:00:32 +0300 Subject: [PATCH] cherry-pick: 4276 upd quic port Merge in DNS/adguard-home from 4276-doq-port to master Closes #4276. Squashed commit of the following: commit cbdde622b54d0d5d11d1b4809f95a41ace990a1b Merge: d32c13e9 2c33ab6a Author: Eugene Burkov Date: Wed Mar 23 15:47:43 2022 +0300 Merge branch 'master' into 4276-doq-port commit d32c13e98f0fed2c863160e4e2de02ae3038e3df Author: Eugene Burkov Date: Mon Mar 21 21:55:09 2022 +0300 all: fix link commit 0afd702f5192d727927df2f8d95b9317811a1be0 Author: Eugene Burkov Date: Mon Mar 21 21:47:38 2022 +0300 all: imp docs, log changes commit 9a77fc3daf78d32c577f1bc49aa1f8bc352d44e3 Author: Eugene Burkov Date: Mon Mar 21 21:41:30 2022 +0300 home: upd quic port --- CHANGELOG.md | 15 ++++++++++++-- internal/home/config.go | 36 +++++++++++++++++++++++---------- internal/home/controlinstall.go | 4 ++-- internal/home/home.go | 14 ++++++------- internal/home/tls.go | 28 ++++++++++++------------- 5 files changed, 61 insertions(+), 36 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0be23d07..8b89c6b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,14 @@ and this project adheres to ### Changed +- The default DNS-over-QUIC port number is now `853` instead of `754` in + accoradance with the latest [RFC draft][doq-draft-10] ([#4276]). +- Reverse DNS now has a greater priority as the source of runtime clients' + informmation than ARP neighborhood. +- Improved detection of runtime clients through more resilient ARP processing + ([#3597]). +- The TTL of responses served from the optimistic cache is now lowered to 10 + seconds. - Domain-specific private reverse DNS upstream servers are now validated to allow only `*.in-addr.arpa` and `*.ip6.arpa` domains pointing to locally-served networks ([#3381]). **Note:** If you already have invalid @@ -85,8 +93,10 @@ In this release, the schema version has changed from 12 to 13. [#4213]: https://github.com/AdguardTeam/AdGuardHome/issues/4213 [#4221]: https://github.com/AdguardTeam/AdGuardHome/issues/4221 [#4238]: https://github.com/AdguardTeam/AdGuardHome/issues/4238 +[#4276]: https://github.com/AdguardTeam/AdGuardHome/issues/4276 -[repr]: https://reproducible-builds.org/docs/source-date-epoch/ +[repr]: https://reproducible-builds.org/docs/source-date-epoch/ +[doq-draft-10]: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-10#section-10.2 @@ -229,7 +239,7 @@ See also the [v0.107.0 GitHub milestone][ms-v0.107.0]. - New possible value of `6h` for `querylog_interval` setting ([#2504]). - Blocking access using ClientIDs ([#2624], [#3162]). - `source` directives support in `/etc/network/interfaces` on Linux ([#3257]). -- RFC 9000 support in DNS-over-QUIC. +- [RFC 9000][rfc-9000] support in QUIC. - Completely disabling statistics by setting the statistics interval to zero ([#2141]). - The ability to completely purge DHCP leases ([#1691]). @@ -454,6 +464,7 @@ In this release, the schema version has changed from 10 to 12. [#3933]: https://github.com/AdguardTeam/AdGuardHome/pull/3933 [ms-v0.107.0]: https://github.com/AdguardTeam/AdGuardHome/milestone/23?closed=1 +[rfc-9000]: https://datatracker.ietf.org/doc/html/rfc9000 diff --git a/internal/home/config.go b/internal/home/config.go index a6247164..c553c42c 100644 --- a/internal/home/config.go +++ b/internal/home/config.go @@ -291,18 +291,20 @@ func parseConfig() (err error) { uc := aghalg.UniqChecker{} addPorts( uc, - config.BindPort, - config.BetaBindPort, - config.DNS.Port, + tcpPort(config.BindPort), + tcpPort(config.BetaBindPort), + udpPort(config.DNS.Port), ) if config.TLS.Enabled { addPorts( uc, - config.TLS.PortHTTPS, - config.TLS.PortDNSOverTLS, - config.TLS.PortDNSOverQUIC, - config.TLS.PortDNSCrypt, + // TODO(e.burkov): Consider adding a udpPort with the same value if + // we ever support the HTTP/3 for web admin interface. + tcpPort(config.TLS.PortHTTPS), + tcpPort(config.TLS.PortDNSOverTLS), + udpPort(config.TLS.PortDNSOverQUIC), + tcpPort(config.TLS.PortDNSCrypt), ) } if err = uc.Validate(aghalg.IntIsBefore); err != nil { @@ -320,11 +322,23 @@ func parseConfig() (err error) { return nil } -// addPorts is a helper for ports validation. It skips zero ports. -func addPorts(uc aghalg.UniqChecker, ports ...int) { +// udpPort is the port number for UDP protocol. +type udpPort int + +// tcpPort is the port number for TCP protocol. +type tcpPort int + +// addPorts is a helper for ports validation. It skips zero ports. Each of +// ports should be either a udpPort or a tcpPort. +func addPorts(uc aghalg.UniqChecker, ports ...interface{}) { for _, p := range ports { - if p != 0 { - uc.Add(p) + switch p := p.(type) { + case tcpPort, udpPort: + if p != 0 { + uc.Add(p) + } + default: + // Go on. } } } diff --git a/internal/home/controlinstall.go b/internal/home/controlinstall.go index 82598078..76b8e28d 100644 --- a/internal/home/controlinstall.go +++ b/internal/home/controlinstall.go @@ -108,7 +108,7 @@ func (req *checkConfReq) validateWeb(uc aghalg.UniqChecker) (err error) { defer func() { err = errors.Annotate(err, "validating ports: %w") }() port := req.Web.Port - addPorts(uc, config.BetaBindPort, port) + addPorts(uc, tcpPort(config.BetaBindPort), tcpPort(port)) if err = uc.Validate(aghalg.IntIsBefore); err != nil { // Avoid duplicating the error into the status of DNS. uc[port] = 1 @@ -134,7 +134,7 @@ func (req *checkConfReq) validateDNS(uc aghalg.UniqChecker) (canAutofix bool, er defer func() { err = errors.Annotate(err, "validating ports: %w") }() port := req.DNS.Port - addPorts(uc, port) + addPorts(uc, udpPort(port)) if err = uc.Validate(aghalg.IntIsBefore); err != nil { return false, err } diff --git a/internal/home/home.go b/internal/home/home.go index 90674d48..6a8659c1 100644 --- a/internal/home/home.go +++ b/internal/home/home.go @@ -299,17 +299,17 @@ func setupConfig(args options) (err error) { uc := aghalg.UniqChecker{} addPorts( uc, - args.bindPort, - config.BetaBindPort, - config.DNS.Port, + tcpPort(args.bindPort), + tcpPort(config.BetaBindPort), + udpPort(config.DNS.Port), ) if config.TLS.Enabled { addPorts( uc, - config.TLS.PortHTTPS, - config.TLS.PortDNSOverTLS, - config.TLS.PortDNSOverQUIC, - config.TLS.PortDNSCrypt, + tcpPort(config.TLS.PortHTTPS), + tcpPort(config.TLS.PortDNSOverTLS), + udpPort(config.TLS.PortDNSOverQUIC), + tcpPort(config.TLS.PortDNSCrypt), ) } if err = uc.Validate(aghalg.IntIsBefore); err != nil { diff --git a/internal/home/tls.go b/internal/home/tls.go index a201be14..e2bddb21 100644 --- a/internal/home/tls.go +++ b/internal/home/tls.go @@ -254,13 +254,13 @@ func (t *TLSMod) handleTLSValidate(w http.ResponseWriter, r *http.Request) { uc := aghalg.UniqChecker{} addPorts( uc, - config.BindPort, - config.BetaBindPort, - config.DNS.Port, - setts.PortHTTPS, - setts.PortDNSOverTLS, - setts.PortDNSOverQUIC, - setts.PortDNSCrypt, + tcpPort(config.BindPort), + tcpPort(config.BetaBindPort), + udpPort(config.DNS.Port), + tcpPort(setts.PortHTTPS), + tcpPort(setts.PortDNSOverTLS), + udpPort(setts.PortDNSOverQUIC), + tcpPort(setts.PortDNSCrypt), ) err = uc.Validate(aghalg.IntIsBefore) @@ -347,13 +347,13 @@ func (t *TLSMod) handleTLSConfigure(w http.ResponseWriter, r *http.Request) { uc := aghalg.UniqChecker{} addPorts( uc, - config.BindPort, - config.BetaBindPort, - config.DNS.Port, - data.PortHTTPS, - data.PortDNSOverTLS, - data.PortDNSOverQUIC, - data.PortDNSCrypt, + tcpPort(config.BindPort), + tcpPort(config.BetaBindPort), + udpPort(config.DNS.Port), + tcpPort(data.PortHTTPS), + tcpPort(data.PortDNSOverTLS), + udpPort(data.PortDNSOverQUIC), + tcpPort(data.PortDNSCrypt), ) err = uc.Validate(aghalg.IntIsBefore)