fix/docs: fix the first check failure and possible dns leaking (#418)

Co-authored-by: Sumire (菫) <[email protected]>
daeuniverse · Jan 11, 2024 · 18931ac · 18931ac
1 parent 0f8277b
commit 18931ac
Show file tree

Hide file tree

Showing 8 changed files with 41 additions and 28 deletions.
diff --git a/component/outbound/dialer/connectivity_check.go b/component/outbound/dialer/connectivity_check.go
@@ -272,10 +272,10 @@ type CheckOption struct {
 func (d *Dialer) ActivateCheck() {
 	d.tickerMu.Lock()
 	defer d.tickerMu.Unlock()
-	if d.InstanceOption.CheckEnabled {
+	if d.InstanceOption.DisableCheck || d.checkActivated {
 		return
 	}
-	d.InstanceOption.CheckEnabled = true
+	d.checkActivated = true
 	go d.aliveBackground()
 }
 

diff --git a/component/outbound/dialer/dialer.go b/component/outbound/dialer/dialer.go
@@ -35,6 +35,8 @@ type Dialer struct {
 	checkCh  chan time.Time
 	ctx      context.Context
 	cancel   context.CancelFunc
+
+	checkActivated bool
 }
 
 type GlobalOption struct {
@@ -48,7 +50,7 @@ type GlobalOption struct {
 }
 
 type InstanceOption struct {
-	CheckEnabled bool
+	DisableCheck bool
 }
 
 type Property struct {
@@ -78,9 +80,6 @@ func NewDialer(dialer netproxy.Dialer, option *GlobalOption, iOption InstanceOpt
 		ctx:              ctx,
 		cancel:           cancel,
 	}
-	if iOption.CheckEnabled {
-		go d.aliveBackground()
-	}
 	return d
 }
 

diff --git a/component/outbound/dialer_group_test.go b/component/outbound/dialer_group_test.go
@@ -30,7 +30,7 @@ var log = logger.NewLogger("trace", false, nil)
 
 func newDirectDialer(option *dialer.GlobalOption, fullcone bool) *dialer.Dialer {
 	_d, p := dialer.NewDirectDialer(option, true)
-	d := dialer.NewDialer(_d, option, dialer.InstanceOption{CheckEnabled: false}, p)
+	d := dialer.NewDialer(_d, option, dialer.InstanceOption{DisableCheck: false}, p)
 	return d
 }
 

diff --git a/component/outbound/filter.go b/component/outbound/filter.go
@@ -39,7 +39,7 @@ func NewDialerSetFromLinks(option *dialer.GlobalOption, tagToNodeList map[string
 	}
 	for subscriptionTag, nodes := range tagToNodeList {
 		for _, node := range nodes {
-			d, err := dialer.NewFromLink(option, dialer.InstanceOption{CheckEnabled: false}, node, subscriptionTag)
+			d, err := dialer.NewFromLink(option, dialer.InstanceOption{DisableCheck: false}, node, subscriptionTag)
 			if err != nil {
 				option.Log.Infof("failed to parse node: %v", err)
 				continue

diff --git a/control/control_plane.go b/control/control_plane.go
@@ -261,9 +261,9 @@ func NewControlPlane(
 	}
 	disableKernelAliveCallback := dialMode != consts.DialMode_Ip
 	_direct, directProperty := dialer.NewDirectDialer(option, true)
-	direct := dialer.NewDialer(_direct, option, dialer.InstanceOption{CheckEnabled: false}, directProperty)
+	direct := dialer.NewDialer(_direct, option, dialer.InstanceOption{DisableCheck: true}, directProperty)
 	_block, blockProperty := dialer.NewBlockDialer(option, func() { /*Dialer Outbound*/ })
-	block := dialer.NewDialer(_block, option, dialer.InstanceOption{CheckEnabled: false}, blockProperty)
+	block := dialer.NewDialer(_block, option, dialer.InstanceOption{DisableCheck: true}, blockProperty)
 	outbounds := []*outbound.DialerGroup{
 		outbound.NewDialerGroup(option, consts.OutboundDirect.String(),
 			[]*dialer.Dialer{direct}, []*dialer.Annotation{{}},
@@ -300,8 +300,6 @@ func NewControlPlane(
 		log.Infof(`Group "%v" node list:`, group.Name)
 		for _, d := range dialers {
 			log.Infoln("\t" + d.Property().Name)
-			// We only activate check of nodes that have a group.
-			d.ActivateCheck()
 		}
 		if len(dialers) == 0 {
 			log.Infoln("\t<Empty>")
@@ -563,6 +561,14 @@ func (c *ControlPlane) dnsUpstreamReadyCallback(dnsUpstream *dns.Upstream) (err
 	return nil
 }
 
+func (c *ControlPlane) ActivateCheck() {
+	for _, g := range c.outbounds {
+		for _, d := range g.Dialers {
+			// We only activate check of nodes that have a group.
+			d.ActivateCheck()
+		}
+	}
+}
 func (c *ControlPlane) ChooseDialTarget(outbound consts.OutboundIndex, dst netip.AddrPort, domain string) (dialTarget string, shouldReroute bool, dialIp bool) {
 	dialMode := consts.DialMode_Ip
 
@@ -759,6 +765,7 @@ func (c *ControlPlane) Serve(readyChan chan<- bool, listener *Listener) (err err
 			}(newBuf, newOob, src)
 		}
 	}()
+	c.ActivateCheck()
 	<-c.ctx.Done()
 	return nil
 }

diff --git a/docs/en/README.md b/docs/en/README.md
@@ -196,7 +196,7 @@ group {
 
 # See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples.
 routing {
-  pname(NetworkManager, systemd-resolved, dnsmasq) -> must_direct
+  pname(NetworkManager) -> direct
   dip(224.0.0.0/3, 'ff00::/8') -> direct
 
   ### Write your rules below.

diff --git a/docs/zh/README.md b/docs/zh/README.md
@@ -190,7 +190,7 @@ group {
 
 # 更多的 Routing 样例见 https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md
 routing {
-  pname(NetworkManager, systemd-resolved, dnsmasq) -> must_direct
+  pname(NetworkManager) -> direct
   dip(224.0.0.0/3, 'ff00::/8') -> direct
 
   ### 以下为自定义规则

diff --git a/example.dae b/example.dae
@@ -147,20 +147,30 @@ dns {
         # According to the request of dns query, decide to use which DNS upstream.
         # Match rules from top to bottom.
         request {
+            # Lookup China mainland domains using alidns, otherwise googledns.
+            qname(geosite:cn) -> alidns
             # fallback is also called default.
-            fallback: alidns
-        }
-        # According to the response of dns query, decide to accept or re-lookup using another DNS upstream.
-        # Match rules from top to bottom.
-        response {
-            # Trusted upstream. Always accept its result.
-            upstream(googledns) -> accept
-            # Possibly polluted, re-lookup using googledns.
-            ip(geoip:private) && !qname(geosite:cn) -> googledns
-            # fallback is also called default.
-            fallback: accept
+            fallback: googledns
         }
     }
+#    routing {
+#        # According to the request of dns query, decide to use which DNS upstream.
+#        # Match rules from top to bottom.
+#        request {
+#            # fallback is also called default.
+#            fallback: alidns
+#        }
+#        # According to the response of dns query, decide to accept or re-lookup using another DNS upstream.
+#        # Match rules from top to bottom.
+#        response {
+#            # Trusted upstream. Always accept its result.
+#            upstream(googledns) -> accept
+#            # Possibly polluted, re-lookup using googledns.
+#            ip(geoip:private) && !qname(geosite:cn) -> googledns
+#            # fallback is also called default.
+#            fallback: accept
+#        }
+#    }
 }
 
 # Node group (outbound).
@@ -206,9 +216,6 @@ routing {
     # WAN.
     pname(NetworkManager) -> direct
 
-    # Bypass DNS stubs. We want to bypass their DNS requests, thus use 'must'.
-    pname(systemd-resolved, dnsmasq) -> must_direct
-
     # Put it in the front to prevent broadcast, multicast and other packets that should be sent to the LAN from being
     # forwarded by the proxy.
     # "dip" means destination IP.