Pull request: AG-28961-upd-golibs

Squashed commit of the following: commit b153bbc7100dd9184ca689f1755f068b63e3046b Merge: d16da0cf6 4508ae860 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Jan 17 13:56:34 2024 +0200 Merge remote-tracking branch 'origin/master' into AG-28961-upd-golibs commit d16da0cf61d050afd04f00ffc36bca550548edd9 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Jan 17 09:52:03 2024 +0200 all: imp code commit 46aeca7221586ce0cdc91838764bbacdbdfa8620 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Jan 17 09:50:10 2024 +0200 all: imp code commit 32bc83c0a909467655a258e2e879731a90dc96e6 Merge: ee51c6046 6dbeb5b97 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Jan 16 15:42:32 2024 +0200 Merge remote-tracking branch 'origin/master' into AG-28961-upd-golibs # Conflicts: # go.mod # go.sum commit ee51c6046632f89fbe5aa8f6d857c239f060aba5 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Jan 16 10:56:38 2024 +0200 all: upd libs commit 02c1dbd9b568cb9f6ec52a0e9835d0d39e3cd377 Merge: 1daba8342 58b47adaf Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue Jan 16 10:53:54 2024 +0200 Merge remote-tracking branch 'origin/master' into AG-28961-upd-golibs commit 1daba8342b72163c8a26380e083c4e497d6bb772 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Jan 15 11:15:05 2024 +0200 all: upd dnsproxy commit b1670e8a81c04f400245e1316857578b549e58f1 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Jan 15 10:46:27 2024 +0200 dnsforward: imp code commit 7b65a50fca37ad71b68a8bda504839a78b6f7319 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Fri Jan 12 14:14:34 2024 +0200 all: upd golibs
2024-01-17 15:06:16 +03:00 · 2024-01-17 15:06:16 +03:00 · df40da7c64
parent 4508ae860e
commit df40da7c64
12 changed files with 46 additions and 78 deletions
--- a/go.mod
+++ b/go.mod
@ -3,8 +3,8 @@ module github.com/AdguardTeam/AdGuardHome
 go 1.20
 require (
-	github.com/AdguardTeam/dnsproxy v0.62.0
+	github.com/AdguardTeam/dnsproxy v0.63.0
-	github.com/AdguardTeam/golibs v0.18.1
+	github.com/AdguardTeam/golibs v0.19.0
 	github.com/AdguardTeam/urlfilter v0.17.3
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.2.7
@ -33,7 +33,7 @@ require (
 	github.com/ti-mo/netfilter v0.5.1
 	go.etcd.io/bbolt v1.3.8
 	golang.org/x/crypto v0.16.0
-	golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb
+	golang.org/x/exp v0.0.0-20231219180239-dc181d75b848
 	golang.org/x/net v0.19.0
 	golang.org/x/sys v0.15.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
--- a/go.sum
+++ b/go.sum
@ -1,7 +1,7 @@
-github.com/AdguardTeam/dnsproxy v0.62.0 h1:IaWW+Ln4SJ4V+y8qyVlTlYDN3ATDkqWCufph+Gxz82c=
+github.com/AdguardTeam/dnsproxy v0.63.0 h1:Mpce87y9/RXy8b3A8gZ56Mfxl31fyjukesdm9T+MkR0=
-github.com/AdguardTeam/dnsproxy v0.62.0/go.mod h1:IdmXdkpc+m+S2EajJkVZDZm//yQ4mQm2FCOugQpc/N8=
+github.com/AdguardTeam/dnsproxy v0.63.0/go.mod h1:dRRAFOjrq4QYM92jGs4lt4BoY0Dm3EY3HkaleoM2Feo=
-github.com/AdguardTeam/golibs v0.18.1 h1:6u0fvrIj2qjUsRdbIGJ9AR0g5QRSWdKIo/DYl3tp5aM=
+github.com/AdguardTeam/golibs v0.19.0 h1:y/x+Xn3pDg1ZfQ+QEZapPJqaeVYUIMp/EODMtVhn7PM=
-github.com/AdguardTeam/golibs v0.18.1/go.mod h1:DKhCIXHcUYtBhU8ibTLKh1paUL96n5zhQBlx763sj+U=
+github.com/AdguardTeam/golibs v0.19.0/go.mod h1:3WunclLLfrVAq7fYQRhd6f168FHOEMssnipVXCxDL/w=
 github.com/AdguardTeam/urlfilter v0.17.3 h1:fg/ObbnO0Cv6aw0tW6N/ETDMhhNvmcUUOZ7HlmKC3rw=
 github.com/AdguardTeam/urlfilter v0.17.3/go.mod h1:Jru7jFfeH2CoDf150uDs+rRYcZBzHHBz05r9REyDKyE=
 github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
@ -122,8 +122,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
 golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb h1:c0vyKkb6yr3KR7jEfJaOSv4lG7xPkbN6r52aJz1d8a8=
+golang.org/x/exp v0.0.0-20231219180239-dc181d75b848 h1:+iq7lrkxmFNBM7xx+Rae2W6uyPfhPeDWD+n+JgppptE=
-golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
+golang.org/x/exp v0.0.0-20231219180239-dc181d75b848/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
--- a/internal/client/addrproc.go
+++ b/internal/client/addrproc.go
@ -262,8 +262,7 @@ func (p *DefaultAddrProc) processRDNS(ip netip.Addr) (host string) {
 // shouldResolve returns false if ip is a loopback address, or ip is private and
 // resolving of private addresses is disabled.
 func (p *DefaultAddrProc) shouldResolve(ip netip.Addr) (ok bool) {
-	return !ip.IsLoopback() &&
+	return !ip.IsLoopback() && (p.usePrivateRDNS || !p.privateSubnets.Contains(ip))
 		(p.usePrivateRDNS || !p.privateSubnets.Contains(ip.AsSlice()))
 }
 // processWHOIS looks up the information about clients' IP addresses in the
--- a/internal/dnsforward/config.go
+++ b/internal/dnsforward/config.go
@ -110,11 +110,10 @@ type Config struct {
 	// BlockedHosts is the list of hosts that should be blocked.
 	BlockedHosts []string `yaml:"blocked_hosts"`
-	// TrustedProxies is the list of IP addresses and CIDR networks to detect
+	// TrustedProxies is the list of CIDR networks with proxy servers addresses
-	// proxy servers addresses the DoH requests from which should be handled.
+	// from which the DoH requests should be handled.  The value of nil or an
-	// The value of nil or an empty slice for this field makes Proxy not trust
+	// empty slice for this field makes Proxy not trust any address.
-	// any address.
+	TrustedProxies []netutil.Prefix `yaml:"trusted_proxies"`
 	TrustedProxies []string `yaml:"trusted_proxies"`
 	// DNS cache settings
@ -303,6 +302,8 @@ const (
 // newProxyConfig creates and validates configuration for the main proxy.
 func (s *Server) newProxyConfig() (conf *proxy.Config, err error) {
 	srvConf := s.conf
 	trustedPrefixes := netutil.UnembedPrefixes(srvConf.TrustedProxies)
 	conf = &proxy.Config{
 		HTTP3:                  srvConf.ServeHTTP3,
 		Ratelimit:              int(srvConf.Ratelimit),
@ -310,7 +311,7 @@ func (s *Server) newProxyConfig() (conf *proxy.Config, err error) {
 		RatelimitSubnetLenIPv6: srvConf.RatelimitSubnetLenIPv6,
 		RatelimitWhitelist:     srvConf.RatelimitWhitelist,
 		RefuseAny:              srvConf.RefuseAny,
-		TrustedProxies:         srvConf.TrustedProxies,
+		TrustedProxies:         netutil.SliceSubnetSet(trustedPrefixes),
 		CacheMinTTL:            srvConf.CacheMinTTL,
 		CacheMaxTTL:            srvConf.CacheMaxTTL,
 		CacheOptimistic:        srvConf.CacheOptimistic,
--- a/internal/dnsforward/dnsforward.go
+++ b/internal/dnsforward/dnsforward.go
@ -311,7 +311,7 @@ func (s *Server) WriteDiskConfig(c *Config) {
 	c.AllowedClients = stringutil.CloneSlice(sc.AllowedClients)
 	c.DisallowedClients = stringutil.CloneSlice(sc.DisallowedClients)
 	c.BlockedHosts = stringutil.CloneSlice(sc.BlockedHosts)
-	c.TrustedProxies = stringutil.CloneSlice(sc.TrustedProxies)
+	c.TrustedProxies = slices.Clone(sc.TrustedProxies)
 	c.UpstreamDNS = stringutil.CloneSlice(sc.UpstreamDNS)
 }
@ -390,7 +390,7 @@ func (s *Server) Exchange(ip netip.Addr) (host string, ttl time.Duration, err er
 	var resolver *proxy.Proxy
 	var errMsg string
-	if s.privateNets.Contains(ip.AsSlice()) {
+	if s.privateNets.Contains(ip) {
 		if !s.conf.UsePrivateRDNS {
 			return "", 0, nil
 		}
--- a/internal/dnsforward/process.go
+++ b/internal/dnsforward/process.go
@ -36,11 +36,8 @@ type dnsContext struct {
 	// unreversedReqIP stores an IP address obtained from a PTR request if it
 	// was parsed successfully and belongs to one of the locally served IP
-	// ranges.  It is also filled with unmapped version of the address if it's
+	// ranges.
-	// within DNS64 prefixes.
+	unreversedReqIP netip.Addr
 	//
 	// TODO(e.burkov):  Use netip.Addr when we switch to netip more fully.
 	unreversedReqIP net.IP
 	// err is the error returned from a processing function.
 	err error
@ -350,7 +347,7 @@ func (s *Server) processDetermineLocal(dctx *dnsContext) (rc resultCode) {
 	rc = resultCodeSuccess
-	dctx.isLocalClient = s.privateNets.Contains(dctx.proxyCtx.Addr.Addr().AsSlice())
+	dctx.isLocalClient = s.privateNets.Contains(dctx.proxyCtx.Addr.Addr())
 	return rc
 }
@ -491,14 +488,7 @@ func extractARPASubnet(domain string) (pref netip.Prefix, err error) {
 		}
 	}
-	var subnet *net.IPNet
+	return netutil.PrefixFromReversedAddr(domain[idx:])
 	subnet, err = netutil.SubnetFromReversedAddr(domain[idx:])
 	if err != nil {
 		// Don't wrap the error since it's informative enough as is.
 		return netip.Prefix{}, err
 	}
 	return netutil.IPNetToPrefixNoMapped(subnet)
 }
 // processRestrictLocal responds with NXDOMAIN to PTR requests for IP addresses
@ -532,8 +522,7 @@ func (s *Server) processRestrictLocal(dctx *dnsContext) (rc resultCode) {
 	// assume that all the DHCP leases we give are locally served or at least
 	// shouldn't be accessible externally.
 	subnetAddr := subnet.Addr()
-	addrData := subnetAddr.AsSlice()
+	if !s.privateNets.Contains(subnetAddr) {
 	if !s.privateNets.Contains(addrData) {
 		return resultCodeSuccess
 	}
@ -548,7 +537,7 @@ func (s *Server) processRestrictLocal(dctx *dnsContext) (rc resultCode) {
 	}
 	// Do not perform unreversing ever again.
-	dctx.unreversedReqIP = addrData
+	dctx.unreversedReqIP = subnetAddr
 	// There is no need to filter request from external addresses since this
 	// code is only executed when the request is for locally served ARPA
@ -573,16 +562,8 @@ func (s *Server) processDHCPAddrs(dctx *dnsContext) (rc resultCode) {
 		return resultCodeSuccess
 	}
-	ip := dctx.unreversedReqIP
+	ipAddr := dctx.unreversedReqIP
-	if ip == nil {
+	if ipAddr == (netip.Addr{}) {
 		return resultCodeSuccess
 	}
 	// TODO(a.garipov):  Remove once we switch to [netip.Addr] more fully.
 	ipAddr, err := netutil.IPToAddrNoMapped(ip)
 	if err != nil {
 		log.Debug("dnsforward: bad reverse ip %v from dhcp: %s", ip, err)
 		return resultCodeSuccess
 	}
@ -591,7 +572,7 @@ func (s *Server) processDHCPAddrs(dctx *dnsContext) (rc resultCode) {
 		return resultCodeSuccess
 	}
-	log.Debug("dnsforward: dhcp client %s is %q", ip, host)
+	log.Debug("dnsforward: dhcp client %s is %q", ipAddr, host)
 	req := pctx.Req
 	resp := s.makeResponse(req)
@ -624,7 +605,7 @@ func (s *Server) processLocalPTR(dctx *dnsContext) (rc resultCode) {
 	}
 	ip := dctx.unreversedReqIP
-	if ip == nil {
+	if ip == (netip.Addr{}) {
 		return resultCodeSuccess
 	}
--- a/internal/dnsforward/process_internal_test.go
+++ b/internal/dnsforward/process_internal_test.go
@ -795,7 +795,7 @@ func TestServer_ProcessLocalPTR_usingResolvers(t *testing.T) {
 		}
 		dnsCtx = &dnsContext{
 			proxyCtx:        proxyCtx,
-			unreversedReqIP: net.IP{192, 168, 1, 1},
+			unreversedReqIP: netip.MustParseAddr("192.168.1.1"),
 		}
 		s.conf.UsePrivateRDNS = use
 	}
--- a/internal/dnsforward/upstreams.go
+++ b/internal/dnsforward/upstreams.go
@ -298,7 +298,7 @@ func ValidateUpstreamsPrivate(upstreams []string, privateNets netutil.SubnetSet)
 			continue
 		}
-		if !privateNets.Contains(subnet.Addr().AsSlice()) {
+		if !privateNets.Contains(subnet.Addr()) {
 			errs = append(
 				errs,
 				fmt.Errorf("arpa domain %q should point to a locally-served network", domain),
--- a/internal/filtering/hosts.go
+++ b/internal/filtering/hosts.go
@ -53,15 +53,13 @@ func hostsRewrites(
 	case dns.TypeAAAA:
 		isValidProto = netip.Addr.Is6
 	case dns.TypePTR:
-		// TODO(e.burkov):  Add some [netip]-aware alternative to [netutil].
+		addr, err := netutil.IPFromReversedAddr(host)
 		ip, err := netutil.IPFromReversedAddr(host)
 		if err != nil {
 			log.Debug("filtering: failed to parse PTR record %q: %s", host, err)
 			return nil, nil, false
 		}
 		addr, _ := netip.AddrFromSlice(ip)
 		names := hs.ByAddr(addr)
 		for _, name := range names {
--- a/internal/home/config.go
+++ b/internal/home/config.go
@ -20,6 +20,7 @@ import (
 	"github.com/AdguardTeam/dnsproxy/fastip"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
 	"github.com/AdguardTeam/golibs/timeutil"
 	"github.com/google/renameio/v2/maybe"
 	yaml "gopkg.in/yaml.v3"
@ -200,7 +201,7 @@ type dnsConfig struct {
 	// PrivateNets is the set of IP networks for which the private reverse DNS
 	// resolver should be used.
-	PrivateNets []string `yaml:"private_networks"`
+	PrivateNets []netutil.Prefix `yaml:"private_networks"`
 	// UsePrivateRDNS defines if the PTR requests for unknown addresses from
 	// locally-served networks should be resolved via private PTR resolvers.
@ -321,8 +322,12 @@ var config = &configuration{
 				Duration: fastip.DefaultPingWaitTimeout,
 			},
-			TrustedProxies: []string{"127.0.0.0/8", "::1/128"},
+			TrustedProxies: []netutil.Prefix{{
-			CacheSize:      4 * 1024 * 1024,
+				Prefix: netip.MustParsePrefix("127.0.0.0/8"),
 			}, {
 				Prefix: netip.MustParsePrefix("::1/128"),
 			}},
 			CacheSize: 4 * 1024 * 1024,
 			EDNSClientSubnet: &dnsforward.EDNSClientSubnet{
 				CustomIP:  netip.Addr{},
--- a/internal/home/dns.go
+++ b/internal/home/dns.go
@ -127,16 +127,11 @@ func initDNSServer(
 	httpReg aghhttp.RegisterFunc,
 	tlsConf *tlsConfigSettings,
 ) (err error) {
 	privateNets, err := parseSubnetSet(config.DNS.PrivateNets)
 	if err != nil {
 		return fmt.Errorf("preparing set of private subnets: %w", err)
 	}
 	Context.dnsServer, err = dnsforward.NewServer(dnsforward.DNSCreateParams{
 		DNSFilter:   filters,
 		Stats:       sts,
 		QueryLog:    qlog,
-		PrivateNets: privateNets,
+		PrivateNets: parseSubnetSet(config.DNS.PrivateNets),
 		Anonymizer:  anonymizer,
 		DHCPServer:  dhcpSrv,
 		EtcHosts:    Context.etcHosts,
@ -169,26 +164,15 @@ func initDNSServer(
 // parseSubnetSet parses a slice of subnets.  If the slice is empty, it returns
 // a subnet set that matches all locally served networks, see
 // [netutil.IsLocallyServed].
-func parseSubnetSet(nets []string) (s netutil.SubnetSet, err error) {
+func parseSubnetSet(nets []netutil.Prefix) (s netutil.SubnetSet) {
 	switch len(nets) {
 	case 0:
 		// Use an optimized function-based matcher.
-		return netutil.SubnetSetFunc(netutil.IsLocallyServed), nil
+		return netutil.SubnetSetFunc(netutil.IsLocallyServed)
 	case 1:
-		s, err = netutil.ParseSubnet(nets[0])
+		return nets[0].Prefix
 		if err != nil {
 			return nil, err
 		}
 		return s, nil
 	default:
-		var nets []*net.IPNet
+		return netutil.SliceSubnetSet(netutil.UnembedPrefixes(nets))
 		nets, err = netutil.ParseSubnets(config.DNS.PrivateNets...)
 		if err != nil {
 			return nil, err
 		}
 		return netutil.SliceSubnetSet(nets), nil
 	}
 }
--- a/internal/whois/whois.go
+++ b/internal/whois/whois.go
@ -268,7 +268,7 @@ var _ Interface = (*Default)(nil)
 // Process makes WHOIS request and returns WHOIS information or nil.  changed
 // indicates that Info was updated since last request.
 func (w *Default) Process(ctx context.Context, ip netip.Addr) (wi *Info, changed bool) {
-	if netutil.IsSpecialPurposeAddr(ip) {
+	if netutil.IsSpecialPurpose(ip) {
 		return nil, false
 	}