From 3fed0c773f2b8af594b3b9016612b8a6919e96bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=A3=8E=E6=89=87=E6=BB=91=E7=BF=94=E7=BF=BC?= Date: Sun, 15 Sep 2024 12:21:51 +0800 Subject: [PATCH] DNS outbound: Add blockTypes (#3812) --- infra/conf/dns_proxy.go | 2 ++ proxy/dns/config.pb.go | 38 ++++++++++++++++++++++++-------------- proxy/dns/config.proto | 1 + proxy/dns/dns.go | 14 ++++++++++++-- 4 files changed, 39 insertions(+), 16 deletions(-) diff --git a/infra/conf/dns_proxy.go b/infra/conf/dns_proxy.go index 712f4b1f..cb135584 100644 --- a/infra/conf/dns_proxy.go +++ b/infra/conf/dns_proxy.go @@ -13,6 +13,7 @@ type DNSOutboundConfig struct { Port uint16 `json:"port"` UserLevel uint32 `json:"userLevel"` NonIPQuery string `json:"nonIPQuery"` + BlockTypes []int32 `json:"blockTypes"` } func (c *DNSOutboundConfig) Build() (proto.Message, error) { @@ -34,5 +35,6 @@ func (c *DNSOutboundConfig) Build() (proto.Message, error) { return nil, errors.New(`unknown "nonIPQuery": `, c.NonIPQuery) } config.Non_IPQuery = c.NonIPQuery + config.BlockTypes = c.BlockTypes return config, nil } diff --git a/proxy/dns/config.pb.go b/proxy/dns/config.pb.go index 52c680d3..e9927632 100644 --- a/proxy/dns/config.pb.go +++ b/proxy/dns/config.pb.go @@ -31,6 +31,7 @@ type Config struct { Server *net.Endpoint `protobuf:"bytes,1,opt,name=server,proto3" json:"server,omitempty"` UserLevel uint32 `protobuf:"varint,2,opt,name=user_level,json=userLevel,proto3" json:"user_level,omitempty"` Non_IPQuery string `protobuf:"bytes,3,opt,name=non_IP_query,json=nonIPQuery,proto3" json:"non_IP_query,omitempty"` + BlockTypes []int32 `protobuf:"varint,4,rep,packed,name=block_types,json=blockTypes,proto3" json:"block_types,omitempty"` } func (x *Config) Reset() { @@ -86,6 +87,13 @@ func (x *Config) GetNon_IPQuery() string { return "" } +func (x *Config) GetBlockTypes() []int32 { + if x != nil { + return x.BlockTypes + } + return nil +} + var File_proxy_dns_config_proto protoreflect.FileDescriptor var file_proxy_dns_config_proto_rawDesc = []byte{ @@ -93,20 +101,22 @@ var file_proxy_dns_config_proto_rawDesc = []byte{ 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x64, 0x6e, 0x73, 0x1a, 0x1c, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x6e, 0x65, 0x74, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x7c, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x12, 0x31, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x19, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6e, - 0x65, 0x74, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6c, 0x65, 0x76, 0x65, - 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x75, 0x73, 0x65, 0x72, 0x4c, 0x65, 0x76, - 0x65, 0x6c, 0x12, 0x20, 0x0a, 0x0c, 0x6e, 0x6f, 0x6e, 0x5f, 0x49, 0x50, 0x5f, 0x71, 0x75, 0x65, - 0x72, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6e, 0x6f, 0x6e, 0x49, 0x50, 0x51, - 0x75, 0x65, 0x72, 0x79, 0x42, 0x4c, 0x0a, 0x12, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, 0x61, 0x79, - 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x64, 0x6e, 0x73, 0x50, 0x01, 0x5a, 0x23, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, 0x78, 0x72, - 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x64, 0x6e, - 0x73, 0xaa, 0x02, 0x0e, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x44, - 0x6e, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9d, 0x01, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x12, 0x31, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x19, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, + 0x6e, 0x65, 0x74, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6c, 0x65, 0x76, + 0x65, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x09, 0x75, 0x73, 0x65, 0x72, 0x4c, 0x65, + 0x76, 0x65, 0x6c, 0x12, 0x20, 0x0a, 0x0c, 0x6e, 0x6f, 0x6e, 0x5f, 0x49, 0x50, 0x5f, 0x71, 0x75, + 0x65, 0x72, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6e, 0x6f, 0x6e, 0x49, 0x50, + 0x51, 0x75, 0x65, 0x72, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x74, + 0x79, 0x70, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x05, 0x52, 0x0a, 0x62, 0x6c, 0x6f, 0x63, + 0x6b, 0x54, 0x79, 0x70, 0x65, 0x73, 0x42, 0x4c, 0x0a, 0x12, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72, + 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x64, 0x6e, 0x73, 0x50, 0x01, 0x5a, 0x23, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f, + 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, + 0x64, 0x6e, 0x73, 0xaa, 0x02, 0x0e, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, + 0x2e, 0x44, 0x6e, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proxy/dns/config.proto b/proxy/dns/config.proto index e9304a51..af2aad8c 100644 --- a/proxy/dns/config.proto +++ b/proxy/dns/config.proto @@ -14,4 +14,5 @@ message Config { xray.common.net.Endpoint server = 1; uint32 user_level = 2; string non_IP_query = 3; + repeated int32 block_types = 4; } diff --git a/proxy/dns/dns.go b/proxy/dns/dns.go index d797ca86..eeaa4c4c 100644 --- a/proxy/dns/dns.go +++ b/proxy/dns/dns.go @@ -49,6 +49,7 @@ type Handler struct { server net.Destination timeout time.Duration nonIPQuery string + blockTypes []int32 } func (h *Handler) Init(config *Config, dnsClient dns.Client, policyManager policy.Manager) error { @@ -63,6 +64,7 @@ func (h *Handler) Init(config *Config, dnsClient dns.Client, policyManager polic h.server = config.Server.AsDestination() } h.nonIPQuery = config.Non_IPQuery + h.blockTypes = config.BlockTypes return nil } @@ -84,12 +86,12 @@ func parseIPQuery(b []byte) (r bool, domain string, id uint16, qType dnsmessage. errors.LogInfoInner(context.Background(), err, "question") return } + domain = q.Name.String() qType = q.Type if qType != dnsmessage.TypeA && qType != dnsmessage.TypeAAAA { return } - domain = q.Name.String() r = true return } @@ -181,10 +183,18 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet. if !h.isOwnLink(ctx) { isIPQuery, domain, id, qType := parseIPQuery(b.Bytes()) + if len(h.blockTypes) > 0 { + for _, blocktype := range h.blockTypes { + if blocktype == int32(qType) { + errors.LogInfo(ctx, "blocked type ", qType, " query for domain ", domain) + return nil + } + } + } if isIPQuery { go h.handleIPQuery(id, qType, domain, writer) } - if isIPQuery || h.nonIPQuery == "drop" || qType == 65 { + if isIPQuery || h.nonIPQuery == "drop" { b.Release() continue }