Pull request: 4276 upd quic port

Merge in DNS/adguard-home from 4276-doq-port to master Closes #4276. Squashed commit of the following: commit cbdde622b54d0d5d11d1b4809f95a41ace990a1b Merge: d32c13e9 2c33ab6a Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Mar 23 15:47:43 2022 +0300 Merge branch 'master' into 4276-doq-port commit d32c13e98f0fed2c863160e4e2de02ae3038e3df Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Mar 21 21:55:09 2022 +0300 all: fix link commit 0afd702f5192d727927df2f8d95b9317811a1be0 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Mar 21 21:47:38 2022 +0300 all: imp docs, log changes commit 9a77fc3daf78d32c577f1bc49aa1f8bc352d44e3 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Mar 21 21:41:30 2022 +0300 home: upd quic port
2024-11-22 21:15:35 +03:00 · 2022-03-23 16:00:32 +03:00 · 2022-03-23 16:00:32 +03:00 · 5cba78a8d5
commit 5cba78a8d5
parent 2c33ab6a92
6 changed files with 56 additions and 37 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -29,6 +29,8 @@ and this project adheres to

 ### Changed

+- The default DNS-over-QUIC port number is now `853` instead of `754` in
+  accoradance with the latest [RFC draft][doq-draft-10] ([#4276]).
 - Reverse DNS now has a greater priority as the source of runtime clients'
  informmation than ARP neighborhood.
 - Improved detection of runtime clients through more resilient ARP processing
@ -103,8 +105,10 @@ In this release, the schema version has changed from 12 to 13.
 [#4216]: https://github.com/AdguardTeam/AdGuardHome/issues/4216
 [#4221]: https://github.com/AdguardTeam/AdGuardHome/issues/4221
 [#4238]: https://github.com/AdguardTeam/AdGuardHome/issues/4238
+[#4276]: https://github.com/AdguardTeam/AdGuardHome/issues/4276

 [repr]:         https://reproducible-builds.org/docs/source-date-epoch/
+[doq-draft-10]: https://datatracker.ietf.org/doc/html/draft-ietf-dprive-dnsoquic-10#section-10.2



@ -234,7 +238,7 @@ See also the [v0.107.0 GitHub milestone][ms-v0.107.0].
 - New possible value of `6h` for `querylog_interval` setting ([#2504]).
 - Blocking access using ClientIDs ([#2624], [#3162]).
 - `source` directives support in `/etc/network/interfaces` on Linux ([#3257]).
- RFC 9000 support in DNS-over-QUIC.
+- [RFC 9000][rfc-9000] support in QUIC.
 - Completely disabling statistics by setting the statistics interval to zero
  ([#2141]).
 - The ability to completely purge DHCP leases ([#1691]).
@ -459,6 +463,7 @@ In this release, the schema version has changed from 10 to 12.
 [#3933]: https://github.com/AdguardTeam/AdGuardHome/pull/3933

 [ms-v0.107.0]: https://github.com/AdguardTeam/AdGuardHome/milestone/23?closed=1
+[rfc-9000]:    https://datatracker.ietf.org/doc/html/rfc9000



--- a/internal/home/config.go
+++ b/internal/home/config.go
@ -292,18 +292,20 @@ func parseConfig() (err error) {
 	uc := aghalg.UniqChecker{}
 	addPorts(
 		uc,
-		config.BindPort,
-		config.BetaBindPort,
-		config.DNS.Port,
+		tcpPort(config.BindPort),
+		tcpPort(config.BetaBindPort),
+		udpPort(config.DNS.Port),
 	)

 	if config.TLS.Enabled {
 		addPorts(
 			uc,
-			config.TLS.PortHTTPS,
-			config.TLS.PortDNSOverTLS,
-			config.TLS.PortDNSOverQUIC,
-			config.TLS.PortDNSCrypt,
+			// TODO(e.burkov):  Consider adding a udpPort with the same value if
+			// we ever support the HTTP/3 for web admin interface.
+			tcpPort(config.TLS.PortHTTPS),
+			tcpPort(config.TLS.PortDNSOverTLS),
+			udpPort(config.TLS.PortDNSOverQUIC),
+			tcpPort(config.TLS.PortDNSCrypt),
 		)
 	}
 	if err = uc.Validate(aghalg.IntIsBefore); err != nil {
@ -321,12 +323,24 @@ func parseConfig() (err error) {
 	return nil
 }

-// addPorts is a helper for ports validation.  It skips zero ports.
-func addPorts(uc aghalg.UniqChecker, ports ...int) {
+// udpPort is the port number for UDP protocol.
+type udpPort int
+
+// tcpPort is the port number for TCP protocol.
+type tcpPort int
+
+// addPorts is a helper for ports validation.  It skips zero ports.  Each of
+// ports should be either a udpPort or a tcpPort.
+func addPorts(uc aghalg.UniqChecker, ports ...interface{}) {
 	for _, p := range ports {
+		switch p := p.(type) {
+		case tcpPort, udpPort:
 			if p != 0 {
 				uc.Add(p)
 			}
+		default:
+			// Go on.
+		}
 	}
 }

--- a/internal/home/controlinstall.go
+++ b/internal/home/controlinstall.go
@ -109,7 +109,7 @@ func (req *checkConfReq) validateWeb(uc aghalg.UniqChecker) (err error) {
 	defer func() { err = errors.Annotate(err, "validating ports: %w") }()

 	port := req.Web.Port
-	addPorts(uc, config.BetaBindPort, port)
+	addPorts(uc, tcpPort(config.BetaBindPort), tcpPort(port))
 	if err = uc.Validate(aghalg.IntIsBefore); err != nil {
 		// Avoid duplicating the error into the status of DNS.
 		uc[port] = 1
@ -135,7 +135,7 @@ func (req *checkConfReq) validateDNS(uc aghalg.UniqChecker) (canAutofix bool, er
 	defer func() { err = errors.Annotate(err, "validating ports: %w") }()

 	port := req.DNS.Port
-	addPorts(uc, port)
+	addPorts(uc, udpPort(port))
 	if err = uc.Validate(aghalg.IntIsBefore); err != nil {
 		return false, err
 	}
--- a/internal/home/dns.go
+++ b/internal/home/dns.go
@ -25,7 +25,7 @@ const (
 	defaultPortDNS   = 53
 	defaultPortHTTP  = 80
 	defaultPortHTTPS = 443
-	defaultPortQUIC  = 784
+	defaultPortQUIC  = 853
 	defaultPortTLS   = 853
 )

--- a/internal/home/home.go
+++ b/internal/home/home.go
@ -305,17 +305,17 @@ func setupConfig(args options) (err error) {
 		uc := aghalg.UniqChecker{}
 		addPorts(
 			uc,
-			args.bindPort,
-			config.BetaBindPort,
-			config.DNS.Port,
+			tcpPort(args.bindPort),
+			tcpPort(config.BetaBindPort),
+			udpPort(config.DNS.Port),
 		)
 		if config.TLS.Enabled {
 			addPorts(
 				uc,
-				config.TLS.PortHTTPS,
-				config.TLS.PortDNSOverTLS,
-				config.TLS.PortDNSOverQUIC,
-				config.TLS.PortDNSCrypt,
+				tcpPort(config.TLS.PortHTTPS),
+				tcpPort(config.TLS.PortDNSOverTLS),
+				udpPort(config.TLS.PortDNSOverQUIC),
+				tcpPort(config.TLS.PortDNSCrypt),
 			)
 		}
 		if err = uc.Validate(aghalg.IntIsBefore); err != nil {
--- a/internal/home/tls.go
+++ b/internal/home/tls.go
@ -253,13 +253,13 @@ func (t *TLSMod) handleTLSValidate(w http.ResponseWriter, r *http.Request) {
 		uc := aghalg.UniqChecker{}
 		addPorts(
 			uc,
-			config.BindPort,
-			config.BetaBindPort,
-			config.DNS.Port,
-			setts.PortHTTPS,
-			setts.PortDNSOverTLS,
-			setts.PortDNSOverQUIC,
-			setts.PortDNSCrypt,
+			tcpPort(config.BindPort),
+			tcpPort(config.BetaBindPort),
+			udpPort(config.DNS.Port),
+			tcpPort(setts.PortHTTPS),
+			tcpPort(setts.PortDNSOverTLS),
+			udpPort(setts.PortDNSOverQUIC),
+			tcpPort(setts.PortDNSCrypt),
 		)

 		err = uc.Validate(aghalg.IntIsBefore)
@ -346,13 +346,13 @@ func (t *TLSMod) handleTLSConfigure(w http.ResponseWriter, r *http.Request) {
 		uc := aghalg.UniqChecker{}
 		addPorts(
 			uc,
-			config.BindPort,
-			config.BetaBindPort,
-			config.DNS.Port,
-			data.PortHTTPS,
-			data.PortDNSOverTLS,
-			data.PortDNSOverQUIC,
-			data.PortDNSCrypt,
+			tcpPort(config.BindPort),
+			tcpPort(config.BetaBindPort),
+			udpPort(config.DNS.Port),
+			tcpPort(data.PortHTTPS),
+			tcpPort(data.PortDNSOverTLS),
+			udpPort(data.PortDNSOverQUIC),
+			tcpPort(data.PortDNSCrypt),
 		)

 		err = uc.Validate(aghalg.IntIsBefore)