From a0f1e1f37762bc456d06034b788d0a2b7ac6ff09 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Tue, 20 Feb 2024 20:24:31 -0500 Subject: [PATCH] FakeDNS return TTL=1 and drop HTTPS QType 65 request Co-authored-by: qwerr0 --- app/dispatcher/default.go | 6 +++--- proxy/dns/dns.go | 10 +++++++++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/app/dispatcher/default.go b/app/dispatcher/default.go index effa2198..b8131b8f 100644 --- a/app/dispatcher/default.go +++ b/app/dispatcher/default.go @@ -199,7 +199,7 @@ func (d *DefaultDispatcher) shouldOverride(ctx context.Context, result SniffResu return true } if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && protocolString != "bittorrent" && p == "fakedns" && - destination.Address.Family().IsIP() && fkr0.IsIPInIPPool(destination.Address) { + fkr0.IsIPInIPPool(destination.Address) { newError("Using sniffer ", protocolString, " since the fake DNS missed").WriteToLog(session.ExportIDToError(ctx)) return true } @@ -254,7 +254,7 @@ func (d *DefaultDispatcher) Dispatch(ctx context.Context, destination net.Destin protocol = resComp.ProtocolForDomainResult() } isFakeIP := false - if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && ob.Target.Address.Family().IsIP() && fkr0.IsIPInIPPool(ob.Target.Address) { + if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && fkr0.IsIPInIPPool(ob.Target.Address) { isFakeIP = true } if sniffingRequest.RouteOnly && protocol != "fakedns" && protocol != "fakedns+others" && !isFakeIP { @@ -307,7 +307,7 @@ func (d *DefaultDispatcher) DispatchLink(ctx context.Context, destination net.De protocol = resComp.ProtocolForDomainResult() } isFakeIP := false - if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && ob.Target.Address.Family().IsIP() && fkr0.IsIPInIPPool(ob.Target.Address) { + if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && fkr0.IsIPInIPPool(ob.Target.Address) { isFakeIP = true } if sniffingRequest.RouteOnly && protocol != "fakedns" && protocol != "fakedns+others" && !isFakeIP { diff --git a/proxy/dns/dns.go b/proxy/dns/dns.go index 415fe991..2cf21a42 100644 --- a/proxy/dns/dns.go +++ b/proxy/dns/dns.go @@ -27,6 +27,9 @@ func init() { common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { h := new(Handler) if err := core.RequireFeatures(ctx, func(dnsClient dns.Client, policyManager policy.Manager) error { + core.RequireFeatures(ctx, func(fdns dns.FakeDNSEngine) { + h.fdns = fdns + }) return h.Init(config.(*Config), dnsClient, policyManager) }); err != nil { return nil, err @@ -41,6 +44,7 @@ type ownLinkVerifier interface { type Handler struct { client dns.Client + fdns dns.FakeDNSEngine ownLinkVerifier ownLinkVerifier server net.Destination timeout time.Duration @@ -179,7 +183,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet. if isIPQuery { go h.handleIPQuery(id, qType, domain, writer) } - if isIPQuery || h.nonIPQuery == "drop" { + if isIPQuery || h.nonIPQuery == "drop" || qType == 65 { b.Release() continue } @@ -244,6 +248,10 @@ func (h *Handler) handleIPQuery(id uint16, qType dnsmessage.Type, domain string, return } + if fkr0, ok := h.fdns.(dns.FakeDNSEngineRev0); ok && len(ips) > 0 && fkr0.IsIPInIPPool(net.IPAddress(ips[0])) { + ttl = 1 + } + switch qType { case dnsmessage.TypeA: for i, ip := range ips {