all: imp docs

CHANGELOG.md

@@ -15,6 +15,12 @@ and this project adheres to
 ## [v0.108.0] - 2022-12-01 (APPROX.)
 -->
 
+### Added
+
+- The new optional `dns.ipset_file` property in the configuration file allows
+  loading the `ipset` list from a file, just like `dns.upstream_dns_file` does
+  for upstream servers ([#4686]).
+
 ### Changed
 
 - The minimum DHCP message size is reassigned back to BOOTP's constraint of 300
@@ -26,6 +32,7 @@ and this project adheres to
   operation have been disabled ([#2993]).
 
 [#2993]: https://github.com/AdguardTeam/AdGuardHome/issues/2993
+[#4686]: https://github.com/AdguardTeam/AdGuardHome/issues/4686
 [#4904]: https://github.com/AdguardTeam/AdGuardHome/issues/4904
 
 
@@ -37,12 +44,6 @@ and this project adheres to
 See also the [v0.107.13 GitHub milestone][ms-v0.107.13].
 
 [ms-v0.107.13]:   https://github.com/AdguardTeam/AdGuardHome/milestone/49?closed=1
-
-### Added
-
-- The `dns.ipset_file` property in the configuration file now allows you to
-  load the ipset list from a separate file instead of setting all upstreams
-  in AdGuard Home settings.  ([#4686]).
 -->
 
 

internal/dnsforward/config.go

@@ -128,12 +128,13 @@ type FilteringConfig struct {
 	// IpsetList is the ipset configuration that allows AdGuard Home to add
 	// IP addresses of the specified domain names to an ipset list.  Syntax:
 	//
-	//   DOMAIN[,DOMAIN].../IPSET_NAME
+	//	DOMAIN[,DOMAIN].../IPSET_NAME
 	//
+	// This field is ignored if [IpsetListFileName] is set.
 	IpsetList []string `yaml:"ipset"`
 
 	// IpsetListFileName, if set, points to the file with ipset configuration.
-	// The format is the same as in IpsetList.
+	// The format is the same as in [IpsetList].
 	IpsetListFileName string `yaml:"ipset_file"`
 }
 
@@ -404,6 +405,26 @@ func setProxyUpstreamMode(
 	}
 }
 
+// prepareIpsetListSettings reads and prepares the ipset configuration either
+// from a file or from the data in the configuration file.
+func (s *Server) prepareIpsetListSettings() (err error) {
+	fn := s.conf.IpsetListFileName
+	if fn == "" {
+		return s.ipset.init(s.conf.IpsetList)
+	}
+
+	data, err := os.ReadFile(fn)
+	if err != nil {
+		return err
+	}
+
+	ipsets := stringutil.SplitTrimmed(string(data), "\n")
+
+	log.Debug("dns: using %d ipset rules from file %q", len(ipsets), fn)
+
+	return s.ipset.init(ipsets)
+}
+
 // prepareTLS - prepares TLS configuration for the DNS proxy
 func (s *Server) prepareTLS(proxyConfig *proxy.Config) error {
 	if len(s.conf.CertificateChainData) == 0 || len(s.conf.PrivateKeyData) == 0 {
@@ -505,22 +526,3 @@ func (s *Server) onGetCertificate(ch *tls.ClientHelloInfo) (*tls.Certificate, er
 	}
 	return &s.conf.cert, nil
 }
-
-// prepareIpsetListSettings - prepares ipset list settings
-func (s *Server) prepareIpsetListSettings() error {
-	var ipsets []string
-	if s.conf.IpsetListFileName != "" {
-		data, err := os.ReadFile(s.conf.IpsetListFileName)
-		if err != nil {
-			return err
-		}
-
-		ipsets = stringutil.SplitTrimmed(string(data), "\n")
-
-		log.Debug("dns: using %d ipset list from file %s", len(ipsets), s.conf.IpsetListFileName)
-	} else {
-		ipsets = s.conf.IpsetList
-	}
-
-	return s.ipset.init(ipsets)
-}

internal/dnsforward/dnsforward.go

@@ -449,7 +449,7 @@ func (s *Server) Prepare(conf *ServerConfig) (err error) {
 	err = s.prepareIpsetListSettings()
 	if err != nil {
 		// Don't wrap the error, because it's informative enough as is.
-		return err
+		return fmt.Errorf("preparing ipset settings: %w", err)
 	}
 
 	err = s.prepareUpstreamSettings()