upstream: upd golibs, imp code

go.mod

@@ -3,7 +3,7 @@ module github.com/AdguardTeam/dnsproxy
 go 1.18
 
 require (
-	github.com/AdguardTeam/golibs v0.10.9
+	github.com/AdguardTeam/golibs v0.11.2
 	github.com/ameshkov/dnscrypt/v2 v2.2.5
 	github.com/ameshkov/dnsstamps v1.0.3
 	github.com/beefsack/go-rate v0.0.0-20220214233405-116f4ca011a0
@@ -13,7 +13,8 @@ require (
 	github.com/miekg/dns v1.1.50
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/stretchr/testify v1.8.0
-	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b
+	golang.org/x/net v0.1.0
+	golang.org/x/sys v0.1.1-0.20221102194838-fc697a31fa06
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -32,10 +33,9 @@ require (
 	github.com/onsi/ginkgo/v2 v2.2.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 // indirect
-	golang.org/x/exp v0.0.0-20220827204233-334a2380cb91 // indirect
+	golang.org/x/exp v0.0.0-20221019170559-20944726eadf // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/sys v0.1.1-0.20221102194838-fc697a31fa06 // indirect
-	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/text v0.4.0 // indirect
 	golang.org/x/tools v0.1.12 // indirect
 	gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect
 )

go.sum

@@ -1,5 +1,5 @@
-github.com/AdguardTeam/golibs v0.10.9 h1:F9oP2da0dQ9RQDM1lGR7LxUTfUWu8hEFOs4icwAkKM0=
-github.com/AdguardTeam/golibs v0.10.9/go.mod h1:W+5rznZa1cSNSFt+gPS7f4Wytnr9fOrd5ZYqwadPw14=
+github.com/AdguardTeam/golibs v0.11.2 h1:JbQB1Dg2JWStXgHh1QqBbOLWnP4t9oDjppoBH6TVXSE=
+github.com/AdguardTeam/golibs v0.11.2/go.mod h1:87bN2x4VsTritptE3XZg9l8T6gznWsIxHBcQ1DeRIXA=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
 github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
 github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=
@@ -64,17 +64,17 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/exp v0.0.0-20220827204233-334a2380cb91 h1:tnebWN09GYg9OLPss1KXj8txwZc6X6uMr6VFdcGNbHw=
-golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE=
+golang.org/x/exp v0.0.0-20221019170559-20944726eadf h1:nFVjjKDgNY37+ZSYCJmtYf7tOlfQswHqplG2eosjOMg=
+golang.org/x/exp v0.0.0-20221019170559-20944726eadf/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY=
-golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
@@ -93,8 +93,8 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=

upstream/upstream_dot.go

@@ -24,41 +24,43 @@ const dialTimeout = 10 * time.Second
 // dnsOverTLS is a struct that implements the Upstream interface for the
 // DNS-over-TLS protocol.
 type dnsOverTLS struct {
-	boot       *bootstrapper
-	conns      *sync.Pool
-	connsInUse *sync.WaitGroup
+	// boot resolves the hostname upstream addresses.
+	boot *bootstrapper
+	// conns stores the connections ready for reuse.
+	conns *sync.Pool
+	// connsWG tracks all the connections usages.
+	connsWG *sync.WaitGroup
 }
 
 // type check
 var _ Upstream = (*dnsOverTLS)(nil)
 
 // newDoT returns the DNS-over-TLS Upstream.
-func newDoT(uu *url.URL, opts *Options) (u Upstream, err error) {
-	addPort(uu, defaultPortDoT)
+func newDoT(u *url.URL, opts *Options) (ups Upstream, err error) {
+	addPort(u, defaultPortDoT)
 
-	var b *bootstrapper
-	b, err = urlToBoot(uu, opts)
+	boot, err := urlToBoot(u, opts)
 	if err != nil {
 		return nil, fmt.Errorf("creating tls bootstrapper: %w", err)
 	}
 
-	u = &dnsOverTLS{
-		boot:       b,
-		conns:      &sync.Pool{},
-		connsInUse: &sync.WaitGroup{},
+	ups = &dnsOverTLS{
+		boot:    boot,
+		conns:   &sync.Pool{},
+		connsWG: &sync.WaitGroup{},
 	}
 
-	runtime.SetFinalizer(u, (*dnsOverTLS).Close)
+	runtime.SetFinalizer(ups, (*dnsOverTLS).Close)
 
-	return u, nil
+	return ups, nil
 }
 
 // Address implements the [Upstream] interface for *dnsOverTLS.
 func (p *dnsOverTLS) Address() string { return p.boot.URL.String() }
 
-// Get gets a connection from the pool (if there's one available) or creates
-// a new TLS connection.
-func (p *dnsOverTLS) getConn() (conn net.Conn, err error) {
+// conn returns a connection from the pool if there's one available or creates a
+// new TLS connection otherwise.
+func (p *dnsOverTLS) conn() (conn net.Conn, err error) {
 	c := p.conns.Get()
 	conn, ok := c.(net.Conn)
 	if conn == nil {
@@ -85,13 +87,13 @@ func (p *dnsOverTLS) getConn() (conn net.Conn, err error) {
 
 // Exchange implements the [Upstream] interface for *dnsOverTLS.
 func (p *dnsOverTLS) Exchange(m *dns.Msg) (reply *dns.Msg, err error) {
-	conn, err := p.getConn()
+	conn, err := p.conn()
 	if err != nil {
 		return nil, fmt.Errorf("getting conn to %s: %w", p.Address(), err)
 	}
 
-	p.connsInUse.Add(1)
-	defer p.connsInUse.Done()
+	p.connsWG.Add(1)
+	defer p.connsWG.Done()
 
 	reply, err = p.exchangeWithConn(conn, m)
 	if err != nil {
@@ -122,7 +124,7 @@ func (p *dnsOverTLS) Exchange(m *dns.Msg) (reply *dns.Msg, err error) {
 // Close implements the [Upstream] interface for *dnsOverTLS.
 func (p *dnsOverTLS) Close() (err error) {
 	runtime.SetFinalizer(p, nil)
-	p.connsInUse.Wait()
+	p.connsWG.Wait()
 
 	var closeErrs []error
 	for c := p.conns.Get(); c != nil; c = p.conns.Get() {
@@ -134,8 +136,7 @@ func (p *dnsOverTLS) Close() (err error) {
 		}
 
 		closeErr := conn.Close()
-		if closeErr != nil && p.isVitalErr(closeErr) {
-			// TODO(e.burkov):  !! inspect.
+		if closeErr != nil && isCriticalTCP(closeErr) {
 			closeErrs = append(closeErrs, closeErr)
 		}
 	}
@@ -201,7 +202,7 @@ func tlsDial(dialContext dialHandler, network string, config *tls.Config) (*tls.
 	err = conn.SetDeadline(time.Now().Add(dialTimeout))
 	if err != nil {
 		// Must not happen in normal circumstances.
-		panic(fmt.Errorf("cannot set deadline: %w", err))
+		panic(fmt.Errorf("dnsproxy: tls dial: setting deadline: %w", err))
 	}
 
 	err = conn.Handshake()
@@ -212,8 +213,11 @@ func tlsDial(dialContext dialHandler, network string, config *tls.Config) (*tls.
 	return conn, nil
 }
 
-func (p *dnsOverTLS) isVitalErr(err error) (ok bool) {
-	if netErr := new(net.Error); errors.As(err, netErr) && (*netErr).Timeout() {
+// isCriticalTCP returns true if err isn't an expected error in terms of closing
+// the TCP connection.
+func isCriticalTCP(err error) (ok bool) {
+	var netErr net.Error
+	if errors.As(err, &netErr) && netErr.Timeout() {
 		return false
 	}
 
@@ -222,7 +226,7 @@ func (p *dnsOverTLS) isVitalErr(err error) (ok bool) {
 		errors.Is(err, io.EOF),
 		errors.Is(err, net.ErrClosed),
 		errors.Is(err, os.ErrDeadlineExceeded),
-		p.isConnBroke(err):
+		isConnBroken(err):
 		return false
 	default:
 		return true

upstream/upstream_dot_test.go

@@ -107,8 +107,7 @@ func TestUpstream_dnsOverTLS_poolReconnect(t *testing.T) {
 	require.NoError(t, err)
 	testutil.CleanupAndRequireSuccess(t, u.Close)
 
-	require.IsType(t, &dnsOverTLS{}, u)
-	p, _ := u.(*dnsOverTLS)
+	p := testutil.RequireTypeAssert[*dnsOverTLS](t, u)
 
 	var usedConn net.Conn
 
@@ -120,8 +119,7 @@ func TestUpstream_dnsOverTLS_poolReconnect(t *testing.T) {
 
 	// Now let's close the pooled connection.
 	conn := p.conns.Get()
-	require.IsType(t, &tls.Conn{}, conn)
-	usedConn, _ = conn.(net.Conn)
+	usedConn = testutil.RequireTypeAssert[net.Conn](t, conn)
 
 	require.NoError(t, usedConn.Close())
 
@@ -136,7 +134,8 @@ func TestUpstream_dnsOverTLS_poolReconnect(t *testing.T) {
 
 	// Now assert that the number of connections in the pool is not changed.
 	conn = p.conns.Get()
-	require.IsType(t, &tls.Conn{}, conn)
+	_ = testutil.RequireTypeAssert[net.Conn](t, conn)
+
 	require.Nil(t, p.conns.Get())
 	assert.NotSame(t, usedConn, conn)
 
@@ -171,12 +170,11 @@ func TestUpstream_dnsOverTLS_poolDeadline(t *testing.T) {
 	require.NoError(t, err)
 	requireResponse(t, req, response)
 
-	p := u.(*dnsOverTLS)
+	p := testutil.RequireTypeAssert[*dnsOverTLS](t, u)
 
 	// Now let's get connection from the pool and use it again.
 	conn := p.conns.Get()
-	require.IsType(t, &tls.Conn{}, conn)
-	usedConn, _ := conn.(net.Conn)
+	usedConn := testutil.RequireTypeAssert[net.Conn](t, conn)
 
 	response, err = p.exchangeWithConn(usedConn, req)
 	require.NoError(t, err)

upstream/upstream_dot_unix.go

@@ -1,10 +1,13 @@
+//go:build darwin || freebsd || linux || openbsd
+
 package upstream
 
 import (
 	"github.com/AdguardTeam/golibs/errors"
 	"golang.org/x/sys/unix"
 )
 
-func (p *dnsOverTLS) isConnBroke(err error) (ok bool) {
+// isConnBroken returns true if err means that a connection is broken.
+func isConnBroken(err error) (ok bool) {
 	return errors.Is(err, unix.EPIPE) || errors.Is(err, unix.ETIMEDOUT)
 }

upstream/upstream_dot_windows.go

@@ -0,0 +1,13 @@
+//go:build windows
+
+package upstream
+
+import (
+	"github.com/AdguardTeam/golibs/errors"
+	"golang.org/x/sys/windows"
+)
+
+// isConnBroken always returns false.
+func isConnBroken(err error) (ok bool) {
+	return errors.Is(err, windows.WSAECONNABORTED)
+}