mirror of
https://github.com/XTLS/Xray-core.git
synced 2024-11-22 23:13:01 +00:00
FakeDNS return TTL=1 and drop HTTPS QType 65 request
Co-authored-by: qwerr0
This commit is contained in:
parent
c100d35b88
commit
a0f1e1f377
@ -199,7 +199,7 @@ func (d *DefaultDispatcher) shouldOverride(ctx context.Context, result SniffResu
|
|||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && protocolString != "bittorrent" && p == "fakedns" &&
|
if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && protocolString != "bittorrent" && p == "fakedns" &&
|
||||||
destination.Address.Family().IsIP() && fkr0.IsIPInIPPool(destination.Address) {
|
fkr0.IsIPInIPPool(destination.Address) {
|
||||||
newError("Using sniffer ", protocolString, " since the fake DNS missed").WriteToLog(session.ExportIDToError(ctx))
|
newError("Using sniffer ", protocolString, " since the fake DNS missed").WriteToLog(session.ExportIDToError(ctx))
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
@ -254,7 +254,7 @@ func (d *DefaultDispatcher) Dispatch(ctx context.Context, destination net.Destin
|
|||||||
protocol = resComp.ProtocolForDomainResult()
|
protocol = resComp.ProtocolForDomainResult()
|
||||||
}
|
}
|
||||||
isFakeIP := false
|
isFakeIP := false
|
||||||
if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && ob.Target.Address.Family().IsIP() && fkr0.IsIPInIPPool(ob.Target.Address) {
|
if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && fkr0.IsIPInIPPool(ob.Target.Address) {
|
||||||
isFakeIP = true
|
isFakeIP = true
|
||||||
}
|
}
|
||||||
if sniffingRequest.RouteOnly && protocol != "fakedns" && protocol != "fakedns+others" && !isFakeIP {
|
if sniffingRequest.RouteOnly && protocol != "fakedns" && protocol != "fakedns+others" && !isFakeIP {
|
||||||
@ -307,7 +307,7 @@ func (d *DefaultDispatcher) DispatchLink(ctx context.Context, destination net.De
|
|||||||
protocol = resComp.ProtocolForDomainResult()
|
protocol = resComp.ProtocolForDomainResult()
|
||||||
}
|
}
|
||||||
isFakeIP := false
|
isFakeIP := false
|
||||||
if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && ob.Target.Address.Family().IsIP() && fkr0.IsIPInIPPool(ob.Target.Address) {
|
if fkr0, ok := d.fdns.(dns.FakeDNSEngineRev0); ok && fkr0.IsIPInIPPool(ob.Target.Address) {
|
||||||
isFakeIP = true
|
isFakeIP = true
|
||||||
}
|
}
|
||||||
if sniffingRequest.RouteOnly && protocol != "fakedns" && protocol != "fakedns+others" && !isFakeIP {
|
if sniffingRequest.RouteOnly && protocol != "fakedns" && protocol != "fakedns+others" && !isFakeIP {
|
||||||
|
@ -27,6 +27,9 @@ func init() {
|
|||||||
common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
|
common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) {
|
||||||
h := new(Handler)
|
h := new(Handler)
|
||||||
if err := core.RequireFeatures(ctx, func(dnsClient dns.Client, policyManager policy.Manager) error {
|
if err := core.RequireFeatures(ctx, func(dnsClient dns.Client, policyManager policy.Manager) error {
|
||||||
|
core.RequireFeatures(ctx, func(fdns dns.FakeDNSEngine) {
|
||||||
|
h.fdns = fdns
|
||||||
|
})
|
||||||
return h.Init(config.(*Config), dnsClient, policyManager)
|
return h.Init(config.(*Config), dnsClient, policyManager)
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@ -41,6 +44,7 @@ type ownLinkVerifier interface {
|
|||||||
|
|
||||||
type Handler struct {
|
type Handler struct {
|
||||||
client dns.Client
|
client dns.Client
|
||||||
|
fdns dns.FakeDNSEngine
|
||||||
ownLinkVerifier ownLinkVerifier
|
ownLinkVerifier ownLinkVerifier
|
||||||
server net.Destination
|
server net.Destination
|
||||||
timeout time.Duration
|
timeout time.Duration
|
||||||
@ -179,7 +183,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
|
|||||||
if isIPQuery {
|
if isIPQuery {
|
||||||
go h.handleIPQuery(id, qType, domain, writer)
|
go h.handleIPQuery(id, qType, domain, writer)
|
||||||
}
|
}
|
||||||
if isIPQuery || h.nonIPQuery == "drop" {
|
if isIPQuery || h.nonIPQuery == "drop" || qType == 65 {
|
||||||
b.Release()
|
b.Release()
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
@ -244,6 +248,10 @@ func (h *Handler) handleIPQuery(id uint16, qType dnsmessage.Type, domain string,
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if fkr0, ok := h.fdns.(dns.FakeDNSEngineRev0); ok && len(ips) > 0 && fkr0.IsIPInIPPool(net.IPAddress(ips[0])) {
|
||||||
|
ttl = 1
|
||||||
|
}
|
||||||
|
|
||||||
switch qType {
|
switch qType {
|
||||||
case dnsmessage.TypeA:
|
case dnsmessage.TypeA:
|
||||||
for i, ip := range ips {
|
for i, ip := range ips {
|
||||||
|
Loading…
Reference in New Issue
Block a user