From 18931ac4771754882b455da8141a227a8e2414b8 Mon Sep 17 00:00:00 2001 From: mzz <2017@duck.com> Date: Thu, 11 Jan 2024 21:47:05 +0800 Subject: [PATCH] fix/docs: fix the first check failure and possible dns leaking (#418) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> --- .../outbound/dialer/connectivity_check.go | 4 +-- component/outbound/dialer/dialer.go | 7 ++-- component/outbound/dialer_group_test.go | 2 +- component/outbound/filter.go | 2 +- control/control_plane.go | 15 +++++--- docs/en/README.md | 2 +- docs/zh/README.md | 2 +- example.dae | 35 +++++++++++-------- 8 files changed, 41 insertions(+), 28 deletions(-) diff --git a/component/outbound/dialer/connectivity_check.go b/component/outbound/dialer/connectivity_check.go index 14b6f2b6b..f06212ca2 100644 --- a/component/outbound/dialer/connectivity_check.go +++ b/component/outbound/dialer/connectivity_check.go @@ -272,10 +272,10 @@ type CheckOption struct { func (d *Dialer) ActivateCheck() { d.tickerMu.Lock() defer d.tickerMu.Unlock() - if d.InstanceOption.CheckEnabled { + if d.InstanceOption.DisableCheck || d.checkActivated { return } - d.InstanceOption.CheckEnabled = true + d.checkActivated = true go d.aliveBackground() } diff --git a/component/outbound/dialer/dialer.go b/component/outbound/dialer/dialer.go index 1a8486940..64ef0699c 100644 --- a/component/outbound/dialer/dialer.go +++ b/component/outbound/dialer/dialer.go @@ -35,6 +35,8 @@ type Dialer struct { checkCh chan time.Time ctx context.Context cancel context.CancelFunc + + checkActivated bool } type GlobalOption struct { @@ -48,7 +50,7 @@ type GlobalOption struct { } type InstanceOption struct { - CheckEnabled bool + DisableCheck bool } type Property struct { @@ -78,9 +80,6 @@ func NewDialer(dialer netproxy.Dialer, option *GlobalOption, iOption InstanceOpt ctx: ctx, cancel: cancel, } - if iOption.CheckEnabled { - go d.aliveBackground() - } return d } diff --git a/component/outbound/dialer_group_test.go b/component/outbound/dialer_group_test.go index 4268cc236..65a918dfb 100644 --- a/component/outbound/dialer_group_test.go +++ b/component/outbound/dialer_group_test.go @@ -30,7 +30,7 @@ var log = logger.NewLogger("trace", false, nil) func newDirectDialer(option *dialer.GlobalOption, fullcone bool) *dialer.Dialer { _d, p := dialer.NewDirectDialer(option, true) - d := dialer.NewDialer(_d, option, dialer.InstanceOption{CheckEnabled: false}, p) + d := dialer.NewDialer(_d, option, dialer.InstanceOption{DisableCheck: false}, p) return d } diff --git a/component/outbound/filter.go b/component/outbound/filter.go index 0decc2beb..c87d91970 100644 --- a/component/outbound/filter.go +++ b/component/outbound/filter.go @@ -39,7 +39,7 @@ func NewDialerSetFromLinks(option *dialer.GlobalOption, tagToNodeList map[string } for subscriptionTag, nodes := range tagToNodeList { for _, node := range nodes { - d, err := dialer.NewFromLink(option, dialer.InstanceOption{CheckEnabled: false}, node, subscriptionTag) + d, err := dialer.NewFromLink(option, dialer.InstanceOption{DisableCheck: false}, node, subscriptionTag) if err != nil { option.Log.Infof("failed to parse node: %v", err) continue diff --git a/control/control_plane.go b/control/control_plane.go index ed94a8da7..0f8f66930 100644 --- a/control/control_plane.go +++ b/control/control_plane.go @@ -261,9 +261,9 @@ func NewControlPlane( } disableKernelAliveCallback := dialMode != consts.DialMode_Ip _direct, directProperty := dialer.NewDirectDialer(option, true) - direct := dialer.NewDialer(_direct, option, dialer.InstanceOption{CheckEnabled: false}, directProperty) + direct := dialer.NewDialer(_direct, option, dialer.InstanceOption{DisableCheck: true}, directProperty) _block, blockProperty := dialer.NewBlockDialer(option, func() { /*Dialer Outbound*/ }) - block := dialer.NewDialer(_block, option, dialer.InstanceOption{CheckEnabled: false}, blockProperty) + block := dialer.NewDialer(_block, option, dialer.InstanceOption{DisableCheck: true}, blockProperty) outbounds := []*outbound.DialerGroup{ outbound.NewDialerGroup(option, consts.OutboundDirect.String(), []*dialer.Dialer{direct}, []*dialer.Annotation{{}}, @@ -300,8 +300,6 @@ func NewControlPlane( log.Infof(`Group "%v" node list:`, group.Name) for _, d := range dialers { log.Infoln("\t" + d.Property().Name) - // We only activate check of nodes that have a group. - d.ActivateCheck() } if len(dialers) == 0 { log.Infoln("\t") @@ -563,6 +561,14 @@ func (c *ControlPlane) dnsUpstreamReadyCallback(dnsUpstream *dns.Upstream) (err return nil } +func (c *ControlPlane) ActivateCheck() { + for _, g := range c.outbounds { + for _, d := range g.Dialers { + // We only activate check of nodes that have a group. + d.ActivateCheck() + } + } +} func (c *ControlPlane) ChooseDialTarget(outbound consts.OutboundIndex, dst netip.AddrPort, domain string) (dialTarget string, shouldReroute bool, dialIp bool) { dialMode := consts.DialMode_Ip @@ -759,6 +765,7 @@ func (c *ControlPlane) Serve(readyChan chan<- bool, listener *Listener) (err err }(newBuf, newOob, src) } }() + c.ActivateCheck() <-c.ctx.Done() return nil } diff --git a/docs/en/README.md b/docs/en/README.md index aedfa1267..d6c63e104 100644 --- a/docs/en/README.md +++ b/docs/en/README.md @@ -196,7 +196,7 @@ group { # See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples. routing { - pname(NetworkManager, systemd-resolved, dnsmasq) -> must_direct + pname(NetworkManager) -> direct dip(224.0.0.0/3, 'ff00::/8') -> direct ### Write your rules below. diff --git a/docs/zh/README.md b/docs/zh/README.md index 777f3d702..ebd475b12 100644 --- a/docs/zh/README.md +++ b/docs/zh/README.md @@ -190,7 +190,7 @@ group { # 更多的 Routing 样例见 https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md routing { - pname(NetworkManager, systemd-resolved, dnsmasq) -> must_direct + pname(NetworkManager) -> direct dip(224.0.0.0/3, 'ff00::/8') -> direct ### 以下为自定义规则 diff --git a/example.dae b/example.dae index 8a4670cdf..791e1cf31 100644 --- a/example.dae +++ b/example.dae @@ -147,20 +147,30 @@ dns { # According to the request of dns query, decide to use which DNS upstream. # Match rules from top to bottom. request { + # Lookup China mainland domains using alidns, otherwise googledns. + qname(geosite:cn) -> alidns # fallback is also called default. - fallback: alidns - } - # According to the response of dns query, decide to accept or re-lookup using another DNS upstream. - # Match rules from top to bottom. - response { - # Trusted upstream. Always accept its result. - upstream(googledns) -> accept - # Possibly polluted, re-lookup using googledns. - ip(geoip:private) && !qname(geosite:cn) -> googledns - # fallback is also called default. - fallback: accept + fallback: googledns } } +# routing { +# # According to the request of dns query, decide to use which DNS upstream. +# # Match rules from top to bottom. +# request { +# # fallback is also called default. +# fallback: alidns +# } +# # According to the response of dns query, decide to accept or re-lookup using another DNS upstream. +# # Match rules from top to bottom. +# response { +# # Trusted upstream. Always accept its result. +# upstream(googledns) -> accept +# # Possibly polluted, re-lookup using googledns. +# ip(geoip:private) && !qname(geosite:cn) -> googledns +# # fallback is also called default. +# fallback: accept +# } +# } } # Node group (outbound). @@ -206,9 +216,6 @@ routing { # WAN. pname(NetworkManager) -> direct - # Bypass DNS stubs. We want to bypass their DNS requests, thus use 'must'. - pname(systemd-resolved, dnsmasq) -> must_direct - # Put it in the front to prevent broadcast, multicast and other packets that should be sent to the LAN from being # forwarded by the proxy. # "dip" means destination IP.