Pull request 2638: AGDNS-3945-imp-querylog

Squashed commit of the following:

commit 9ca94b0
Merge: 5516a95 44dfffc
Author: Ainar Garipov <a.garipov@adguard.com>
Date:   Fri Apr 24 15:44:56 2026 +0300

    Merge branch 'master' into AGDNS-3945-imp-querylog

commit 5516a95
Author: Ainar Garipov <a.garipov@adguard.com>
Date:   Thu Apr 23 17:10:12 2026 +0300

    all: imp doc, names

commit 6e8ab13
Author: Ainar Garipov <a.garipov@adguard.com>
Date:   Wed Apr 22 21:51:04 2026 +0300

    all: imp go.mod, names, errors

commit 20f5e33
Author: Ainar Garipov <a.garipov@adguard.com>
Date:   Wed Apr 22 21:02:13 2026 +0300

    all: modernize code; imp querylog

Author: ainar-g

go.mod

@@ -36,7 +36,6 @@ require (
 	// TODO(e.burkov): Update to a stable tag.
 	go.yaml.in/yaml/v4 v4.0.0-rc.4.0.20260405193028-802e24f4fbcc
 	golang.org/x/crypto v0.50.0
-	golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f
 	golang.org/x/net v0.53.0
 	golang.org/x/sys v0.43.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
@@ -91,6 +90,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.43.0 // indirect
 	go.opentelemetry.io/otel/trace v1.43.0 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f // indirect
 	golang.org/x/exp/typeparams v0.0.0-20260410095643-746e56fc9e2f // indirect
 	golang.org/x/mod v0.35.0 // indirect
 	golang.org/x/sync v0.20.0 // indirect

internal/aghalg/aghalg.go

@@ -4,10 +4,9 @@
 package aghalg
 
 import (
+	"cmp"
 	"fmt"
 	"slices"
-
-	"golang.org/x/exp/constraints"
 )
 
 // CoalesceSlice returns the first non-zero value.  It is named after function
@@ -26,7 +25,7 @@ func CoalesceSlice[E any, S []E](values ...S) (res S) {
 //
 // TODO(a.garipov): The Ordered constraint is only really necessary in Validate.
 // Consider ways of making this constraint comparable instead.
-type UniqChecker[T constraints.Ordered] map[T]int64
+type UniqChecker[T cmp.Ordered] map[T]int64
 
 // Add adds a value to the validator.  v must not be nil.
 func (uc UniqChecker[T]) Add(elems ...T) {

internal/aghnet/net.go

@@ -11,6 +11,7 @@ import (
 	"net"
 	"net/netip"
 	"net/url"
+	"slices"
 	"strings"
 	"syscall"
 
@@ -255,10 +256,8 @@ func InterfaceByIP(ip netip.Addr) (ifaceName string) {
 	}
 
 	for _, iface := range ifaces {
-		for _, addr := range iface.Addresses {
-			if ip == addr {
-				return iface.Name
-			}
+		if slices.Contains(iface.Addresses, ip) {
+			return iface.Name
 		}
 	}
 

internal/configmigrate/v10.go

@@ -89,8 +89,8 @@ func addQUICPort(ups string, port int) (withPort string) {
 
 	var doms string
 	withPort = ups
-	if strings.HasPrefix(ups, "[/") {
-		domsAndUps := strings.Split(strings.TrimPrefix(ups, "[/"), "/]")
+	if after, ok := strings.CutPrefix(ups, "[/"); ok {
+		domsAndUps := strings.Split(after, "/]")
 		if len(domsAndUps) != 2 {
 			return ups
 		}

internal/dnsforward/filter.go

@@ -42,18 +42,32 @@ func (s *Server) filterDNSRequest(
 
 	// TODO(a.garipov): Make CheckHost return a pointer.
 	res = &resVal
-	switch {
-	case isRewrittenCNAME(res):
+
+	checkReason := true
+	if isRewrittenCNAME(res) {
 		// Resolve the new canonical name, not the original host name.  The
 		// original question is readded in processFilteringAfterResponse.
 		dctx.origQuestion = q
 		req.Question[0].Name = dns.Fqdn(res.CanonName)
-	case res.IsFiltered:
+		checkReason = false
+	} else if res.IsFiltered {
 		l.DebugContext(ctx, "host is filtered", "reason", res.Reason)
 		pctx.Res = s.genDNSFilterMessage(ctx, l, pctx, res)
-	case res.Reason.In(filtering.Rewritten, filtering.FilteredSafeSearch):
+		checkReason = false
+	}
+
+	if !checkReason {
+		return res, err
+	}
+
+	switch res.Reason {
+	case
+		filtering.FilteredSafeSearch,
+		filtering.Rewritten:
 		pctx.Res = s.getCNAMEWithIPs(ctx, req, res.IPList, res.CanonName)
-	case res.Reason.In(filtering.RewrittenRule, filtering.RewrittenAutoHosts):
+	case
+		filtering.RewrittenAutoHosts,
+		filtering.RewrittenRule:
 		if err = s.filterDNSRewrite(ctx, req, res, pctx); err != nil {
 			return nil, err
 		}
@@ -65,12 +79,15 @@ func (s *Server) filterDNSRequest(
 // isRewrittenCNAME returns true if the request considered to be rewritten with
 // CNAME and has no resolved IPs.
 func isRewrittenCNAME(res *filtering.Result) (ok bool) {
-	return res.Reason.In(
+	switch res.Reason {
+	case
+		filtering.FilteredSafeSearch,
 		filtering.Rewritten,
-		filtering.RewrittenRule,
-		filtering.FilteredSafeSearch) &&
-		res.CanonName != "" &&
-		len(res.IPList) == 0
+		filtering.RewrittenRule:
+		return res.CanonName != "" && len(res.IPList) == 0
+	default:
+		return false
+	}
 }
 
 // checkHostRules checks the host against filters.  It is safe for concurrent
@@ -161,9 +178,12 @@ func removeIPv6Hints(rr *dns.HTTPS) {
 }
 
 // filterHTTPSRecords filters HTTPS answers information through all rule list
-// filters of the server filters.  Removes IPv6 hints if IPv6 resolving is
-// disabled.
-func (s *Server) filterHTTPSRecords(rr *dns.HTTPS, setts *filtering.Settings) (r *filtering.Result, err error) {
+// filters of the server filters.  It removes IPv6 hints if IPv6 resolving is
+// disabled.  All arguments must not be nil.
+func (s *Server) filterHTTPSRecords(
+	rr *dns.HTTPS,
+	setts *filtering.Settings,
+) (r *filtering.Result, err error) {
 	if s.conf.AAAADisabled {
 		removeIPv6Hints(rr)
 	}

internal/filtering/reason.go

@@ -0,0 +1,85 @@
+package filtering
+
+import "fmt"
+
+// Reason holds an enum detailing why it was filtered, allowed, or rewritten.
+type Reason uint8
+
+const (
+	// NotFilteredNotFound: the host was not find in any checks, default value
+	// for results.
+	NotFilteredNotFound Reason = iota
+
+	// NotFilteredAllowList: the host is explicitly allowed.
+	NotFilteredAllowList
+
+	// NotFilteredError is returned when there was an error during checking.
+	// Reserved, currently unused.
+	NotFilteredError
+
+	// FilteredBlockList: the host was matched to be advertising host.
+	FilteredBlockList
+
+	// FilteredSafeBrowsing: the host was matched to be malicious/phishing.
+	FilteredSafeBrowsing
+
+	// FilteredParental: the host was matched to be outside of parental control
+	// settings.
+	FilteredParental
+
+	// FilteredInvalid: the request was invalid and was not processed.
+	FilteredInvalid
+
+	// FilteredSafeSearch: the host was replaced with safesearch variant.
+	FilteredSafeSearch
+
+	// FilteredBlockedService: the host is blocked by the blocked services
+	// feature.
+	FilteredBlockedService
+
+	// Rewritten is returned when there was a rewrite by a legacy DNS rewrite
+	// rule.
+	Rewritten
+
+	// RewrittenAutoHosts is returned when there was a rewrite by /etc/hosts.
+	RewrittenAutoHosts
+
+	// RewrittenRule is returned when a $dnsrewrite filter rule was applied.
+	//
+	// TODO(a.garipov): Remove [Rewritten] and [RewrittenAutoHosts] by merging
+	// their functionality into RewrittenRule.
+	//
+	// See https://github.com/AdguardTeam/AdGuardHome/issues/2499.
+	RewrittenRule
+)
+
+// TODO(a.garipov): Resync with actual code names or replace completely in the
+// next version of HTTP API.
+var reasonNames = []string{
+	NotFilteredNotFound:  "NotFilteredNotFound",
+	NotFilteredAllowList: "NotFilteredWhiteList",
+	NotFilteredError:     "NotFilteredError",
+
+	FilteredBlockList:      "FilteredBlackList",
+	FilteredSafeBrowsing:   "FilteredSafeBrowsing",
+	FilteredParental:       "FilteredParental",
+	FilteredInvalid:        "FilteredInvalid",
+	FilteredSafeSearch:     "FilteredSafeSearch",
+	FilteredBlockedService: "FilteredBlockedService",
+
+	Rewritten:          "Rewrite",
+	RewrittenAutoHosts: "RewriteEtcHosts",
+	RewrittenRule:      "RewriteRule",
+}
+
+// type check
+var _ fmt.Stringer = NotFilteredNotFound
+
+// String implements the [fmt.Stringer] interface for Reason.
+func (r Reason) String() (s string) {
+	if int(r) >= len(reasonNames) {
+		return ""
+	}
+
+	return reasonNames[r]
+}

internal/filtering/result.go

@@ -1,9 +1,7 @@
 package filtering
 
 import (
-	"fmt"
 	"net/netip"
-	"slices"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering/rulelist"
 	"github.com/AdguardTeam/urlfilter/rules"
@@ -65,88 +63,3 @@ func NewResultRule(r rules.Rule) (rr *ResultRule) {
 		Text:         r.Text(),
 	}
 }
-
-// Reason holds an enum detailing why it was filtered or not filtered
-type Reason int
-
-const (
-	// NotFilteredNotFound: the host was not find in any checks, default value
-	// for results.
-	NotFilteredNotFound Reason = iota
-
-	// NotFilteredAllowList: the host is explicitly allowed.
-	NotFilteredAllowList
-
-	// NotFilteredError is returned when there was an error during checking.
-	// Reserved, currently unused.
-	NotFilteredError
-
-	// FilteredBlockList: the host was matched to be advertising host.
-	FilteredBlockList
-
-	// FilteredSafeBrowsing: the host was matched to be malicious/phishing.
-	FilteredSafeBrowsing
-
-	// FilteredParental: the host was matched to be outside of parental control
-	// settings.
-	FilteredParental
-
-	// FilteredInvalid: the request was invalid and was not processed.
-	FilteredInvalid
-
-	// FilteredSafeSearch: the host was replaced with safesearch variant.
-	FilteredSafeSearch
-
-	// FilteredBlockedService: the host is blocked by the blocked services
-	// feature.
-	FilteredBlockedService
-
-	// Rewritten is returned when there was a rewrite by a legacy DNS rewrite
-	// rule.
-	Rewritten
-
-	// RewrittenAutoHosts is returned when there was a rewrite by /etc/hosts.
-	RewrittenAutoHosts
-
-	// RewrittenRule is returned when a $dnsrewrite filter rule was applied.
-	//
-	// TODO(a.garipov): Remove [Rewritten] and [RewrittenAutoHosts] by merging
-	// their functionality into RewrittenRule.
-	//
-	// See https://github.com/AdguardTeam/AdGuardHome/issues/2499.
-	RewrittenRule
-)
-
-// TODO(a.garipov): Resync with actual code names or replace completely in HTTP
-// API v1.
-var reasonNames = []string{
-	NotFilteredNotFound:  "NotFilteredNotFound",
-	NotFilteredAllowList: "NotFilteredWhiteList",
-	NotFilteredError:     "NotFilteredError",
-
-	FilteredBlockList:      "FilteredBlackList",
-	FilteredSafeBrowsing:   "FilteredSafeBrowsing",
-	FilteredParental:       "FilteredParental",
-	FilteredInvalid:        "FilteredInvalid",
-	FilteredSafeSearch:     "FilteredSafeSearch",
-	FilteredBlockedService: "FilteredBlockedService",
-
-	Rewritten:          "Rewrite",
-	RewrittenAutoHosts: "RewriteEtcHosts",
-	RewrittenRule:      "RewriteRule",
-}
-
-// type check
-var _ fmt.Stringer = NotFilteredNotFound
-
-// String implements the [fmt.Stringer] interface for Reason.
-func (r Reason) String() (s string) {
-	if r < 0 || int(r) >= len(reasonNames) {
-		return ""
-	}
-
-	return reasonNames[r]
-}
-
-// In returns true if reasons include r.
-func (r Reason) In(reasons ...Reason) (ok bool) { return slices.Contains(reasons, r) }