cherry-pick: 4276 upd quic port

Merge in DNS/adguard-home from 4276-doq-port to master Closes #4276. Squashed commit of the following: commit cbdde622b54d0d5d11d1b4809f95a41ace990a1b Merge: d32c13e9 2c33ab6a Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Mar 23 15:47:43 2022 +0300 Merge branch 'master' into 4276-doq-port commit d32c13e98f0fed2c863160e4e2de02ae3038e3df Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Mar 21 21:55:09 2022 +0300 all: fix link commit 0afd702f5192d727927df2f8d95b9317811a1be0 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Mar 21 21:47:38 2022 +0300 all: imp docs, log changes commit 9a77fc3daf78d32c577f1bc49aa1f8bc352d44e3 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Mar 21 21:41:30 2022 +0300 home: upd quic port
2022-03-23 16:00:32 +03:00 · 2022-03-23 16:00:32 +03:00 · d27c3284f6
parent ba24a26b53
commit d27c3284f6
5 changed files with 61 additions and 36 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -23,6 +23,14 @@ and this project adheres to

 ### Changed

+- The default DNS-over-QUIC port number is now `853` instead of `754` in
+  accoradance with the latest [RFC draft][doq-draft-10] ([#4276]).
+- Reverse DNS now has a greater priority as the source of runtime clients'
+  informmation than ARP neighborhood.
+- Improved detection of runtime clients through more resilient ARP processing
+  ([#3597]).
+- The TTL of responses served from the optimistic cache is now lowered to 10
+  seconds.
 - Domain-specific private reverse DNS upstream servers are now validated to
  allow only `*.in-addr.arpa` and `*.ip6.arpa` domains pointing to
  locally-served networks ([#3381]).  **Note:**  If you already have invalid
@ -85,8 +93,10 @@ In this release, the schema version has changed from 12 to 13.
 [#4213]: https://github.com/AdguardTeam/AdGuardHome/issues/4213
 [#4221]: https://github.com/AdguardTeam/AdGuardHome/issues/4221
 [#4238]: https://github.com/AdguardTeam/AdGuardHome/issues/4238
+[#4276]: https://github.com/AdguardTeam/AdGuardHome/issues/4276

 [repr]:         https://reproducible-builds.org/docs/source-date-epoch/
+[doq-draft-10]: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-10#section-10.2



@ -229,7 +239,7 @@ See also the [v0.107.0 GitHub milestone][ms-v0.107.0].
 - New possible value of `6h` for `querylog_interval` setting ([#2504]).
 - Blocking access using ClientIDs ([#2624], [#3162]).
 - `source` directives support in `/etc/network/interfaces` on Linux ([#3257]).
- RFC 9000 support in DNS-over-QUIC.
+- [RFC 9000][rfc-9000] support in QUIC.
 - Completely disabling statistics by setting the statistics interval to zero
  ([#2141]).
 - The ability to completely purge DHCP leases ([#1691]).
@ -454,6 +464,7 @@ In this release, the schema version has changed from 10 to 12.
 [#3933]: https://github.com/AdguardTeam/AdGuardHome/pull/3933

 [ms-v0.107.0]: https://github.com/AdguardTeam/AdGuardHome/milestone/23?closed=1
+[rfc-9000]:    https://datatracker.ietf.org/doc/html/rfc9000



--- a/internal/home/config.go
+++ b/internal/home/config.go
@ -291,18 +291,20 @@ func parseConfig() (err error) {
 	uc := aghalg.UniqChecker{}
 	addPorts(
 		uc,
-		config.BindPort,
-		config.BetaBindPort,
-		config.DNS.Port,
+		tcpPort(config.BindPort),
+		tcpPort(config.BetaBindPort),
+		udpPort(config.DNS.Port),
 	)

 	if config.TLS.Enabled {
 		addPorts(
 			uc,
-			config.TLS.PortHTTPS,
-			config.TLS.PortDNSOverTLS,
-			config.TLS.PortDNSOverQUIC,
-			config.TLS.PortDNSCrypt,
+			// TODO(e.burkov):  Consider adding a udpPort with the same value if
+			// we ever support the HTTP/3 for web admin interface.
+			tcpPort(config.TLS.PortHTTPS),
+			tcpPort(config.TLS.PortDNSOverTLS),
+			udpPort(config.TLS.PortDNSOverQUIC),
+			tcpPort(config.TLS.PortDNSCrypt),
 		)
 	}
 	if err = uc.Validate(aghalg.IntIsBefore); err != nil {
@ -320,12 +322,24 @@ func parseConfig() (err error) {
 	return nil
 }

-// addPorts is a helper for ports validation.  It skips zero ports.
-func addPorts(uc aghalg.UniqChecker, ports ...int) {
+// udpPort is the port number for UDP protocol.
+type udpPort int
+
+// tcpPort is the port number for TCP protocol.
+type tcpPort int
+
+// addPorts is a helper for ports validation.  It skips zero ports.  Each of
+// ports should be either a udpPort or a tcpPort.
+func addPorts(uc aghalg.UniqChecker, ports ...interface{}) {
 	for _, p := range ports {
+		switch p := p.(type) {
+		case tcpPort, udpPort:
 			if p != 0 {
 				uc.Add(p)
 			}
+		default:
+			// Go on.
+		}
 	}
 }

--- a/internal/home/controlinstall.go
+++ b/internal/home/controlinstall.go
@ -108,7 +108,7 @@ func (req *checkConfReq) validateWeb(uc aghalg.UniqChecker) (err error) {
 	defer func() { err = errors.Annotate(err, "validating ports: %w") }()

 	port := req.Web.Port
-	addPorts(uc, config.BetaBindPort, port)
+	addPorts(uc, tcpPort(config.BetaBindPort), tcpPort(port))
 	if err = uc.Validate(aghalg.IntIsBefore); err != nil {
 		// Avoid duplicating the error into the status of DNS.
 		uc[port] = 1
@ -134,7 +134,7 @@ func (req *checkConfReq) validateDNS(uc aghalg.UniqChecker) (canAutofix bool, er
 	defer func() { err = errors.Annotate(err, "validating ports: %w") }()

 	port := req.DNS.Port
-	addPorts(uc, port)
+	addPorts(uc, udpPort(port))
 	if err = uc.Validate(aghalg.IntIsBefore); err != nil {
 		return false, err
 	}
--- a/internal/home/home.go
+++ b/internal/home/home.go
@ -299,17 +299,17 @@ func setupConfig(args options) (err error) {
 		uc := aghalg.UniqChecker{}
 		addPorts(
 			uc,
-			args.bindPort,
-			config.BetaBindPort,
-			config.DNS.Port,
+			tcpPort(args.bindPort),
+			tcpPort(config.BetaBindPort),
+			udpPort(config.DNS.Port),
 		)
 		if config.TLS.Enabled {
 			addPorts(
 				uc,
-				config.TLS.PortHTTPS,
-				config.TLS.PortDNSOverTLS,
-				config.TLS.PortDNSOverQUIC,
-				config.TLS.PortDNSCrypt,
+				tcpPort(config.TLS.PortHTTPS),
+				tcpPort(config.TLS.PortDNSOverTLS),
+				udpPort(config.TLS.PortDNSOverQUIC),
+				tcpPort(config.TLS.PortDNSCrypt),
 			)
 		}
 		if err = uc.Validate(aghalg.IntIsBefore); err != nil {
--- a/internal/home/tls.go
+++ b/internal/home/tls.go
@ -254,13 +254,13 @@ func (t *TLSMod) handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 		uc := aghalg.UniqChecker{}
 		addPorts(
 			uc,
-			config.BindPort,
-			config.BetaBindPort,
-			config.DNS.Port,
-			setts.PortHTTPS,
-			setts.PortDNSOverTLS,
-			setts.PortDNSOverQUIC,
-			setts.PortDNSCrypt,
+			tcpPort(config.BindPort),
+			tcpPort(config.BetaBindPort),
+			udpPort(config.DNS.Port),
+			tcpPort(setts.PortHTTPS),
+			tcpPort(setts.PortDNSOverTLS),
+			udpPort(setts.PortDNSOverQUIC),
+			tcpPort(setts.PortDNSCrypt),
 		)

 		err = uc.Validate(aghalg.IntIsBefore)
@ -347,13 +347,13 @@ func (t *TLSMod) handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 		uc := aghalg.UniqChecker{}
 		addPorts(
 			uc,
-			config.BindPort,
-			config.BetaBindPort,
-			config.DNS.Port,
-			data.PortHTTPS,
-			data.PortDNSOverTLS,
-			data.PortDNSOverQUIC,
-			data.PortDNSCrypt,
+			tcpPort(config.BindPort),
+			tcpPort(config.BetaBindPort),
+			udpPort(config.DNS.Port),
+			tcpPort(data.PortHTTPS),
+			tcpPort(data.PortDNSOverTLS),
+			udpPort(data.PortDNSOverQUIC),
+			tcpPort(data.PortDNSCrypt),
 		)

 		err = uc.Validate(aghalg.IntIsBefore)