Add Fake DNS support (#309)

Co-authored-by: Xiaokang Wang <xiaokangwang@outlook.com> Co-authored-by: loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com> Co-authored-by: kslr <kslrwang@gmail.com>
2025-04-30 01:08:33 +00:00 · 2021-03-06 23:39:50 -05:00 · 2021-03-06 23:39:50 -05:00 · f50eff5ebb
commit f50eff5ebb
parent db32ce6fd9
43 changed files with 1351 additions and 301 deletions
--- a/app/dispatcher/default.go
+++ b/app/dispatcher/default.go
@ -15,6 +15,7 @@ import (
 	"github.com/xtls/xray-core/common/protocol"
 	"github.com/xtls/xray-core/common/session"
 	"github.com/xtls/xray-core/core"
+	"github.com/xtls/xray-core/features/dns"
 	"github.com/xtls/xray-core/features/outbound"
 	"github.com/xtls/xray-core/features/policy"
 	"github.com/xtls/xray-core/features/routing"
@ -175,17 +176,28 @@ func (d *DefaultDispatcher) getLink(ctx context.Context) (*transport.Link, *tran
 	return inboundLink, outboundLink
 }

-func shouldOverride(result SniffResult, request session.SniffingRequest) bool {
+func shouldOverride(ctx context.Context, result SniffResult, request session.SniffingRequest, destination net.Destination) bool {
 	domain := result.Domain()
 	for _, d := range request.ExcludeForDomain {
 		if domain == d {
 			return false
 		}
 	}
-
-	protocol := result.Protocol()
+	var fakeDNSEngine dns.FakeDNSEngine
+	core.RequireFeatures(ctx, func(fdns dns.FakeDNSEngine) {
+		fakeDNSEngine = fdns
+	})
+	protocolString := result.Protocol()
+	if resComp, ok := result.(SnifferResultComposite); ok {
+		protocolString = resComp.ProtocolForDomainResult()
+	}
 	for _, p := range request.OverrideDestinationForProtocol {
-		if strings.HasPrefix(protocol, p) {
+		if strings.HasPrefix(protocolString, p) {
+			return true
+		}
+		if fakeDNSEngine != nil && protocolString != "bittorrent" && p == "fakedns" &&
+			fakeDNSEngine.GetFakeIPRange().Contains(destination.Address.IP()) {
+			newError("Using sniffer ", protocolString, " since the fake DNS missed").WriteToLog(session.ExportIDToError(ctx))
 			return true
 		}
 	}
@ -210,19 +222,33 @@ func (d *DefaultDispatcher) Dispatch(ctx context.Context, destination net.Destin
 		ctx = session.ContextWithContent(ctx, content)
 	}
 	sniffingRequest := content.SniffingRequest
-	if destination.Network != net.Network_TCP || !sniffingRequest.Enabled {
+	switch {
+	case !sniffingRequest.Enabled:
 		go d.routedDispatch(ctx, outbound, destination)
-	} else {
+	case destination.Network != net.Network_TCP:
+		// Only metadata sniff will be used for non tcp connection
+		result, err := sniffer(ctx, nil, true)
+		if err == nil {
+			content.Protocol = result.Protocol()
+			if shouldOverride(ctx, result, sniffingRequest, destination) {
+				domain := result.Domain()
+				newError("sniffed domain: ", domain).WriteToLog(session.ExportIDToError(ctx))
+				destination.Address = net.ParseAddress(domain)
+				ob.Target = destination
+			}
+		}
+		go d.routedDispatch(ctx, outbound, destination)
+	default:
 		go func() {
 			cReader := &cachedReader{
 				reader: outbound.Reader.(*pipe.Reader),
 			}
 			outbound.Reader = cReader
-			result, err := sniffer(ctx, cReader)
+			result, err := sniffer(ctx, cReader, sniffingRequest.MetadataOnly)
 			if err == nil {
 				content.Protocol = result.Protocol()
 			}
-			if err == nil && shouldOverride(result, sniffingRequest) {
+			if err == nil && shouldOverride(ctx, result, sniffingRequest, destination) {
 				domain := result.Domain()
 				newError("sniffed domain: ", domain).WriteToLog(session.ExportIDToError(ctx))
 				destination.Address = net.ParseAddress(domain)
@ -234,34 +260,50 @@ func (d *DefaultDispatcher) Dispatch(ctx context.Context, destination net.Destin
 	return inbound, nil
 }

-func sniffer(ctx context.Context, cReader *cachedReader) (SniffResult, error) {
+func sniffer(ctx context.Context, cReader *cachedReader, metadataOnly bool) (SniffResult, error) {
 	payload := buf.New()
 	defer payload.Release()

-	sniffer := NewSniffer()
-	totalAttempt := 0
-	for {
-		select {
-		case <-ctx.Done():
-			return nil, ctx.Err()
-		default:
-			totalAttempt++
-			if totalAttempt > 2 {
-				return nil, errSniffingTimeout
-			}
+	sniffer := NewSniffer(ctx)

-			cReader.Cache(payload)
-			if !payload.IsEmpty() {
-				result, err := sniffer.Sniff(payload.Bytes())
-				if err != common.ErrNoClue {
-					return result, err
+	metaresult, metadataErr := sniffer.SniffMetadata(ctx)
+
+	if metadataOnly {
+		return metaresult, metadataErr
+	}
+
+	contentResult, contentErr := func() (SniffResult, error) {
+		totalAttempt := 0
+		for {
+			select {
+			case <-ctx.Done():
+				return nil, ctx.Err()
+			default:
+				totalAttempt++
+				if totalAttempt > 2 {
+					return nil, errSniffingTimeout
+				}
+
+				cReader.Cache(payload)
+				if !payload.IsEmpty() {
+					result, err := sniffer.Sniff(ctx, payload.Bytes())
+					if err != common.ErrNoClue {
+						return result, err
+					}
+				}
+				if payload.IsFull() {
+					return nil, errUnknownContent
 				}
 			}
-			if payload.IsFull() {
-				return nil, errUnknownContent
-			}
 		}
+	}()
+	if contentErr != nil && metadataErr == nil {
+		return metaresult, nil
 	}
+	if contentErr == nil && metadataErr == nil {
+		return CompositeResult(metaresult, contentResult), nil
+	}
+	return contentResult, contentErr
 }

 func (d *DefaultDispatcher) routedDispatch(ctx context.Context, link *transport.Link, destination net.Destination) {
--- a/app/dispatcher/fakednssniffer.go
+++ b/app/dispatcher/fakednssniffer.go
@ -0,0 +1,51 @@
+// +build !confonly
+
+package dispatcher
+
+import (
+	"context"
+
+	"github.com/xtls/xray-core/core"
+	"github.com/xtls/xray-core/common"
+	"github.com/xtls/xray-core/common/net"
+	"github.com/xtls/xray-core/common/session"
+	"github.com/xtls/xray-core/features/dns"
+)
+
+// newFakeDNSSniffer Create a Fake DNS metadata sniffer
+func newFakeDNSSniffer(ctx context.Context) (protocolSnifferWithMetadata, error) {
+	var fakeDNSEngine dns.FakeDNSEngine
+	err := core.RequireFeatures(ctx, func(fdns dns.FakeDNSEngine) {
+		fakeDNSEngine = fdns
+	})
+	if err != nil {
+		return protocolSnifferWithMetadata{}, err
+	}
+	if fakeDNSEngine == nil {
+		errNotInit := newError("FakeDNSEngine is not initialized, but such a sniffer is used").AtError()
+		return protocolSnifferWithMetadata{}, errNotInit
+	}
+	return protocolSnifferWithMetadata{protocolSniffer: func(ctx context.Context, bytes []byte) (SniffResult, error) {
+		Target := session.OutboundFromContext(ctx).Target
+		if Target.Network == net.Network_TCP || Target.Network == net.Network_UDP {
+			domainFromFakeDNS := fakeDNSEngine.GetDomainFromFakeDNS(Target.Address)
+			if domainFromFakeDNS != "" {
+				newError("fake dns got domain: ", domainFromFakeDNS, " for ip: ", Target.Address.String()).WriteToLog(session.ExportIDToError(ctx))
+				return &fakeDNSSniffResult{domainName: domainFromFakeDNS}, nil
+			}
+		}
+		return nil, common.ErrNoClue
+	}, metadataSniffer: true}, nil
+}
+
+type fakeDNSSniffResult struct {
+	domainName string
+}
+
+func (fakeDNSSniffResult) Protocol() string {
+	return "fakedns"
+}
+
+func (f fakeDNSSniffResult) Domain() string {
+	return f.domainName
+}
--- a/app/dispatcher/sniffer.go
+++ b/app/dispatcher/sniffer.go
@ -1,6 +1,8 @@
 package dispatcher

 import (
+	"context"
+
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/protocol/bittorrent"
 	"github.com/xtls/xray-core/common/protocol/http"
@ -12,30 +14,46 @@ type SniffResult interface {
 	Domain() string
 }

-type protocolSniffer func([]byte) (SniffResult, error)
+type protocolSniffer func(context.Context, []byte) (SniffResult, error)

-type Sniffer struct {
-	sniffer []protocolSniffer
+type protocolSnifferWithMetadata struct {
+	protocolSniffer protocolSniffer
+	// A Metadata sniffer will be invoked on connection establishment only, with nil body,
+	// for both TCP and UDP connections
+	// It will not be shown as a traffic type for routing unless there is no other successful sniffing.
+	metadataSniffer bool
 }

-func NewSniffer() *Sniffer {
-	return &Sniffer{
-		sniffer: []protocolSniffer{
-			func(b []byte) (SniffResult, error) { return http.SniffHTTP(b) },
-			func(b []byte) (SniffResult, error) { return tls.SniffTLS(b) },
-			func(b []byte) (SniffResult, error) { return bittorrent.SniffBittorrent(b) },
+type Sniffer struct {
+	sniffer []protocolSnifferWithMetadata
+}
+
+func NewSniffer(ctx context.Context) *Sniffer {
+	ret := &Sniffer{
+		sniffer: []protocolSnifferWithMetadata{
+			{func(c context.Context, b []byte) (SniffResult, error) { return http.SniffHTTP(b) }, false},
+			{func(c context.Context, b []byte) (SniffResult, error) { return tls.SniffTLS(b) }, false},
+			{func(c context.Context, b []byte) (SniffResult, error) { return bittorrent.SniffBittorrent(b) }, false},
 		},
 	}
+	if sniffer, err := newFakeDNSSniffer(ctx); err == nil {
+		ret.sniffer = append(ret.sniffer, sniffer)
+	}
+	return ret
 }

 var errUnknownContent = newError("unknown content")

-func (s *Sniffer) Sniff(payload []byte) (SniffResult, error) {
-	var pendingSniffer []protocolSniffer
-	for _, s := range s.sniffer {
-		result, err := s(payload)
+func (s *Sniffer) Sniff(c context.Context, payload []byte) (SniffResult, error) {
+	var pendingSniffer []protocolSnifferWithMetadata
+	for _, si := range s.sniffer {
+		s := si.protocolSniffer
+		if si.metadataSniffer {
+			continue
+		}
+		result, err := s(c, payload)
 		if err == common.ErrNoClue {
-			pendingSniffer = append(pendingSniffer, s)
+			pendingSniffer = append(pendingSniffer, si)
 			continue
 		}

@ -51,3 +69,55 @@ func (s *Sniffer) Sniff(payload []byte) (SniffResult, error) {

 	return nil, errUnknownContent
 }
+
+func (s *Sniffer) SniffMetadata(c context.Context) (SniffResult, error) {
+	var pendingSniffer []protocolSnifferWithMetadata
+	for _, si := range s.sniffer {
+		s := si.protocolSniffer
+		if !si.metadataSniffer {
+			pendingSniffer = append(pendingSniffer, si)
+			continue
+		}
+		result, err := s(c, nil)
+		if err == common.ErrNoClue {
+			pendingSniffer = append(pendingSniffer, si)
+			continue
+		}
+
+		if err == nil && result != nil {
+			return result, nil
+		}
+	}
+
+	if len(pendingSniffer) > 0 {
+		s.sniffer = pendingSniffer
+		return nil, common.ErrNoClue
+	}
+
+	return nil, errUnknownContent
+}
+
+func CompositeResult(domainResult SniffResult, protocolResult SniffResult) SniffResult {
+	return &compositeResult{domainResult: domainResult, protocolResult: protocolResult}
+}
+
+type compositeResult struct {
+	domainResult   SniffResult
+	protocolResult SniffResult
+}
+
+func (c compositeResult) Protocol() string {
+	return c.protocolResult.Protocol()
+}
+
+func (c compositeResult) Domain() string {
+	return c.domainResult.Domain()
+}
+
+func (c compositeResult) ProtocolForDomainResult() string {
+	return c.domainResult.Protocol()
+}
+
+type SnifferResultComposite interface {
+	ProtocolForDomainResult() string
+}