Pull request 2263: AGDNS-2280 Upd dnsproxy, golibs

Squashed commit of the following: commit 8d83eebba851e8e09bb08b1c94a247cb049a1b75 Merge: c6574a33c b6ed76965 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Aug 5 16:59:50 2024 +0300 Merge branch 'master' into AGDNS-2280-upd-golibs commit c6574a33c6 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Wed Jul 31 19:56:58 2024 +0300 all: upd proxy, golibs
2024-11-21 12:35:33 +03:00 · 2024-08-05 17:12:33 +03:00 · 2024-08-05 17:12:33 +03:00 · edfa8c147f
commit edfa8c147f
parent b6ed769652
11 changed files with 69 additions and 62 deletions
--- a/go.mod
+++ b/go.mod
@ -3,8 +3,8 @@ module github.com/AdguardTeam/AdGuardHome
 go 1.22.5
 require (
-	github.com/AdguardTeam/dnsproxy v0.72.1
+	github.com/AdguardTeam/dnsproxy v0.72.2
-	github.com/AdguardTeam/golibs v0.24.1
+	github.com/AdguardTeam/golibs v0.25.1
 	github.com/AdguardTeam/urlfilter v0.19.0
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/ameshkov/dnscrypt/v2 v2.3.0
@ -32,10 +32,10 @@ require (
 	github.com/stretchr/testify v1.9.0
 	github.com/ti-mo/netfilter v0.5.2
 	go.etcd.io/bbolt v1.3.10
-	golang.org/x/crypto v0.24.0
+	golang.org/x/crypto v0.25.0
-	golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8
+	golang.org/x/exp v0.0.0-20240707233637-46b078467d37
-	golang.org/x/net v0.26.0
+	golang.org/x/net v0.27.0
-	golang.org/x/sys v0.21.0
+	golang.org/x/sys v0.22.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	gopkg.in/yaml.v3 v3.0.1
 	howett.net/plist v1.0.1
@ -58,9 +58,9 @@ require (
 	github.com/quic-go/qpack v0.4.0 // indirect
 	github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 // indirect
 	go.uber.org/mock v0.4.0 // indirect
-	golang.org/x/mod v0.18.0 // indirect
+	golang.org/x/mod v0.19.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
-	golang.org/x/tools v0.22.0 // indirect
+	golang.org/x/tools v0.23.0 // indirect
 	gonum.org/v1/gonum v0.15.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,7 +1,7 @@
-github.com/AdguardTeam/dnsproxy v0.72.1 h1:VOibdyFLBGEdfG8W4hq+kBJten/tkK6KID43Q4gQyjI=
+github.com/AdguardTeam/dnsproxy v0.72.2 h1:0uItzXnUIuC9r+ZvPbNquGaAHvdWnWLbhSDdxsZk5og=
-github.com/AdguardTeam/dnsproxy v0.72.1/go.mod h1:5ehzbfInAu07not4beAM+FlFPqntw18T1sQCK/kIQR8=
+github.com/AdguardTeam/dnsproxy v0.72.2/go.mod h1:PA1UiTtTHMbXPv9NjHat+zrsgK8S7p/RJ+j/3tNqtUE=
-github.com/AdguardTeam/golibs v0.24.1 h1:/ulkfm65wi33p72ybxiOt3lSdP0nr1GggSoaT4sHbns=
+github.com/AdguardTeam/golibs v0.25.1 h1:po5dBbFCoZAySsbsMN/ZRB0WTLYDA1d8BxPgvriu/EA=
-github.com/AdguardTeam/golibs v0.24.1/go.mod h1:9/vJcYznW7RlmCT/Qzi8XNZGj+ZbWfHZJmEXKnRpCAU=
+github.com/AdguardTeam/golibs v0.25.1/go.mod h1:HaTyS2wCbxFudjht9N/+/Qf1b5cMad2BAYSwe7DPCXI=
 github.com/AdguardTeam/urlfilter v0.19.0 h1:q7eH13+yNETlpD/VD3u5rLQOripcUdEktqZFy+KiQLk=
 github.com/AdguardTeam/urlfilter v0.19.0/go.mod h1:+N54ZvxqXYLnXuvpaUhK2exDQW+djZBRSb6F6j0rkBY=
 github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
@ -128,22 +128,22 @@ go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
 go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
-golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
-golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM=
+golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w=
-golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
+golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
+golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
-golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
-golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
@ -158,8 +158,8 @@ golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.1-0.20230131160137-e7d7f63158de/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@ -169,8 +169,8 @@ golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
+golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
-golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
+golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.15.0 h1:2lYxjRbTYyxkJxlhC+LvJIx3SsANPdRybu1tGj9/OrQ=
--- a/internal/aghnet/net_freebsd.go
+++ b/internal/aghnet/net_freebsd.go
@ -6,10 +6,10 @@ import (
 	"bufio"
 	"fmt"
 	"io"
 	"net"
 	"strings"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 	"github.com/AdguardTeam/golibs/netutil"
 )
 func ifaceHasStaticIP(ifaceName string) (ok bool, err error) {
@ -38,9 +38,13 @@ func (n interfaceName) rcConfStaticConfig(r io.Reader) (_ []string, cont bool, e
 		// TODO(e.burkov):  Expand the check to cover possible
 		// configurations from man rc.conf(5).
 		fields := strings.Fields(line[cfgLeft:cfgRight])
-		if len(fields) >= 2 &&
+		switch {
-			strings.EqualFold(fields[0], "inet") &&
+		case
-			net.ParseIP(fields[1]) != nil {
+			len(fields) < 2,
 			!strings.EqualFold(fields[0], "inet"),
 			!netutil.IsValidIPString(fields[1]):
 			continue
 		default:
 			return nil, false, s.Err()
 		}
 	}
--- a/internal/aghnet/net_openbsd.go
+++ b/internal/aghnet/net_openbsd.go
@ -6,10 +6,10 @@ import (
 	"bufio"
 	"fmt"
 	"io"
 	"net"
 	"strings"
 	"github.com/AdguardTeam/AdGuardHome/internal/aghos"
 	"github.com/AdguardTeam/golibs/netutil"
 )
 func ifaceHasStaticIP(ifaceName string) (ok bool, err error) {
@ -25,7 +25,13 @@ func hostnameIfStaticConfig(r io.Reader) (_ []string, ok bool, err error) {
 	for s.Scan() {
 		line := strings.TrimSpace(s.Text())
 		fields := strings.Fields(line)
-		if len(fields) >= 2 && fields[0] == "inet" && net.ParseIP(fields[1]) != nil {
+		switch {
 		case
 			len(fields) < 2,
 			fields[0] != "inet",
 			!netutil.IsValidIPString(fields[1]):
 			continue
 		default:
 			return nil, false, s.Err()
 		}
 	}
--- a/internal/aghtls/aghtls.go
+++ b/internal/aghtls/aghtls.go
@ -5,9 +5,10 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
-	"net/netip"
+	"slices"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
 )
 // init makes sure that the cipher name map is filled.
@ -75,15 +76,5 @@ func SaferCipherSuites() (safe []uint16) {
 // CertificateHasIP returns true if cert has at least a single IP address among
 // its subjectAltNames.
 func CertificateHasIP(cert *x509.Certificate) (ok bool) {
-	if len(cert.IPAddresses) > 0 {
+	return len(cert.IPAddresses) > 0 || slices.ContainsFunc(cert.DNSNames, netutil.IsValidIPString)
 		return true
 	}
 	for _, name := range cert.DNSNames {
 		if _, err := netip.ParseAddr(name); err == nil {
 			return true
 		}
 	}
 	return false
 }
--- a/internal/dnsforward/config.go
+++ b/internal/dnsforward/config.go
@ -697,7 +697,7 @@ func matchesDomainWildcard(host, pat string) (ok bool) {
 // the DNS names and patterns from certificate.  dnsNames must be sorted.
 func anyNameMatches(dnsNames []string, sni string) (ok bool) {
 	// Check sni is either a valid hostname or a valid IP address.
-	if netutil.ValidateHostname(sni) != nil && net.ParseIP(sni) == nil {
+	if !netutil.IsValidHostname(sni) && !netutil.IsValidIPString(sni) {
 		return false
 	}
--- a/internal/dnsforward/dialcontext.go
+++ b/internal/dnsforward/dialcontext.go
@ -10,6 +10,7 @@ import (
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
 )
 // DialContext is an [aghnet.DialContextFunc] that uses s to resolve hostnames.
@ -28,7 +29,7 @@ func (s *Server) DialContext(ctx context.Context, network, addr string) (conn ne
 		Timeout: time.Minute * 5,
 	}
-	if net.ParseIP(host) != nil {
+	if netutil.IsValidIPString(host) {
 		return dialer.DialContext(ctx, network, addr)
 	}
--- a/internal/home/middlewares.go
+++ b/internal/home/middlewares.go
@ -5,12 +5,15 @@ import (
 	"net/http"
 	"github.com/AdguardTeam/golibs/ioutil"
 	"github.com/c2h5oh/datasize"
 )
 // middlerware is a wrapper function signature.
 type middleware func(http.Handler) http.Handler
 // withMiddlewares consequently wraps h with all the middlewares.
 //
 // TODO(e.burkov):  Use [httputil.Wrap].
 func withMiddlewares(h http.Handler, middlewares ...middleware) (wrapped http.Handler) {
 	wrapped = h
@ -23,11 +26,11 @@ func withMiddlewares(h http.Handler, middlewares ...middleware) (wrapped http.Ha
 const (
 	// defaultReqBodySzLim is the default maximum request body size.
-	defaultReqBodySzLim = 64 * 1024
+	defaultReqBodySzLim datasize.ByteSize = 64 * datasize.KB
 	// largerReqBodySzLim is the maximum request body size for APIs expecting
 	// larger requests.
-	largerReqBodySzLim = 4 * 1024 * 1024
+	largerReqBodySzLim datasize.ByteSize = 4 * datasize.MB
 )
 // expectsLargerRequests shows if this request should use a larger body size
@ -38,26 +41,28 @@ const (
 // See https://github.com/AdguardTeam/AdGuardHome/issues/2666 and
 // https://github.com/AdguardTeam/AdGuardHome/issues/2675.
 func expectsLargerRequests(r *http.Request) (ok bool) {
-	m := r.Method
+	if r.Method != http.MethodPost {
 	if m != http.MethodPost {
 		return false
 	}
-	p := r.URL.Path
+	switch r.URL.Path {
-	return p == "/control/access/set" ||
+	case "/control/access/set", "/control/filtering/set_rules":
-		p == "/control/filtering/set_rules"
+		return true
 	default:
 		return false
 	}
 }
 // limitRequestBody wraps underlying handler h, making it's request's body Read
 // method limited.
 func limitRequestBody(h http.Handler) (limited http.Handler) {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		var szLim uint64 = defaultReqBodySzLim
+		szLim := defaultReqBodySzLim
 		if expectsLargerRequests(r) {
 			szLim = largerReqBodySzLim
 		}
-		reader := ioutil.LimitReader(r.Body, szLim)
+		reader := ioutil.LimitReader(r.Body, szLim.Bytes())
 		// HTTP handlers aren't supposed to call r.Body.Close(), so just
 		// replace the body in a clone.
--- a/internal/home/middlewares_test.go
+++ b/internal/home/middlewares_test.go
@ -14,29 +14,29 @@ import (
 func TestLimitRequestBody(t *testing.T) {
 	errReqLimitReached := &ioutil.LimitError{
-		Limit: defaultReqBodySzLim,
+		Limit: defaultReqBodySzLim.Bytes(),
 	}
 	testCases := []struct {
 		wantErr error
 		name    string
 		body    string
 		want    []byte
 		wantErr error
 	}{{
 		wantErr: nil,
 		name:    "not_so_big",
 		body:    "somestr",
 		want:    []byte("somestr"),
 		wantErr: nil,
 	}, {
 		wantErr: errReqLimitReached,
 		name:    "so_big",
 		body:    string(make([]byte, defaultReqBodySzLim+1)),
 		want:    make([]byte, defaultReqBodySzLim),
 		wantErr: errReqLimitReached,
 	}, {
 		wantErr: nil,
 		name:    "empty",
 		body:    "",
 		want:    []byte(nil),
 		wantErr: nil,
 	}}
 	makeHandler := func(t *testing.T, err *error) http.HandlerFunc {
--- a/internal/home/web.go
+++ b/internal/home/web.go
@ -17,7 +17,7 @@ import (
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
-	"github.com/AdguardTeam/golibs/pprofutil"
+	"github.com/AdguardTeam/golibs/netutil/httputil"
 	"github.com/NYTimes/gziphandler"
 	"github.com/quic-go/quic-go/http3"
 	"golang.org/x/net/http2"
@ -333,7 +333,7 @@ func startPprof(port uint16) {
 	runtime.SetMutexProfileFraction(1)
 	mux := http.NewServeMux()
-	pprofutil.RoutePprof(mux)
+	httputil.RoutePprof(mux)
 	go func() {
 		defer log.OnPanic("pprof server")
--- a/internal/next/websvc/websvc.go
+++ b/internal/next/websvc/websvc.go
@ -24,7 +24,7 @@ import (
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/mathutil"
-	"github.com/AdguardTeam/golibs/pprofutil"
+	"github.com/AdguardTeam/golibs/netutil/httputil"
 	httptreemux "github.com/dimfeld/httptreemux/v5"
 )
@ -107,7 +107,7 @@ func (svc *Service) setupPprof(c *PprofConfig) {
 	runtime.SetMutexProfileFraction(1)
 	pprofMux := http.NewServeMux()
-	pprofutil.RoutePprof(pprofMux)
+	httputil.RoutePprof(pprofMux)
 	svc.pprofPort = c.Port
 	addr := netip.AddrPortFrom(netip.AddrFrom4([4]byte{127, 0, 0, 1}), c.Port)