mirror of
https://github.com/daeuniverse/dae.git
synced 2025-07-14 09:48:47 +07:00
fix: should intercept dns traffic even if no dns upstreams
This commit is contained in:
mzz2017
@ -7,11 +7,11 @@ package dns
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/sirupsen/logrus"
|
|
||||||
"github.com/daeuniverse/dae/common"
|
"github.com/daeuniverse/dae/common"
|
||||||
"github.com/daeuniverse/dae/common/consts"
|
"github.com/daeuniverse/dae/common/consts"
|
||||||
"github.com/daeuniverse/dae/component/routing"
|
"github.com/daeuniverse/dae/component/routing"
|
||||||
"github.com/daeuniverse/dae/config"
|
"github.com/daeuniverse/dae/config"
|
||||||
|
"github.com/sirupsen/logrus"
|
||||||
"golang.org/x/net/dns/dnsmessage"
|
"golang.org/x/net/dns/dnsmessage"
|
||||||
"net/netip"
|
"net/netip"
|
||||||
"net/url"
|
"net/url"
|
||||||
@ -29,7 +29,7 @@ type Dns struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type NewOption struct {
|
type NewOption struct {
|
||||||
UpstreamReadyCallback func(raw *url.URL, upstream *Upstream) (err error)
|
UpstreamReadyCallback func(dnsUpstream *Upstream) (err error)
|
||||||
}
|
}
|
||||||
|
|
||||||
func New(log *logrus.Logger, dns *config.Dns, opt *NewOption) (s *Dns, err error) {
|
func New(log *logrus.Logger, dns *config.Dns, opt *NewOption) (s *Dns, err error) {
|
||||||
@ -60,7 +60,7 @@ func New(log *logrus.Logger, dns *config.Dns, opt *NewOption) (s *Dns, err error
|
|||||||
FinishInitCallback: func(i int) func(raw *url.URL, upstream *Upstream) (err error) {
|
FinishInitCallback: func(i int) func(raw *url.URL, upstream *Upstream) (err error) {
|
||||||
return func(raw *url.URL, upstream *Upstream) (err error) {
|
return func(raw *url.URL, upstream *Upstream) (err error) {
|
||||||
if opt != nil && opt.UpstreamReadyCallback != nil {
|
if opt != nil && opt.UpstreamReadyCallback != nil {
|
||||||
if err = opt.UpstreamReadyCallback(raw, upstream); err != nil {
|
if err = opt.UpstreamReadyCallback(upstream); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -110,7 +110,7 @@ func New(log *logrus.Logger, dns *config.Dns, opt *NewOption) (s *Dns, err error
|
|||||||
}
|
}
|
||||||
if len(dns.Upstream) == 0 {
|
if len(dns.Upstream) == 0 {
|
||||||
// Immediately ready.
|
// Immediately ready.
|
||||||
go opt.UpstreamReadyCallback(nil, nil)
|
go opt.UpstreamReadyCallback(nil)
|
||||||
}
|
}
|
||||||
return s, nil
|
return s, nil
|
||||||
}
|
}
|
||||||
|
|||||||
@ -28,7 +28,6 @@ import (
|
|||||||
"golang.org/x/sys/unix"
|
"golang.org/x/sys/unix"
|
||||||
"net"
|
"net"
|
||||||
"net/netip"
|
"net/netip"
|
||||||
"net/url"
|
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strconv"
|
"strconv"
|
||||||
@ -373,7 +372,7 @@ func (c *ControlPlane) InjectBpf(bpf *bpfObjects) {
|
|||||||
c.core.InjectBpf(bpf)
|
c.core.InjectBpf(bpf)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *ControlPlane) dnsUpstreamReadyCallback(raw *url.URL, dnsUpstream *dns.Upstream) (err error) {
|
func (c *ControlPlane) dnsUpstreamReadyCallback(dnsUpstream *dns.Upstream) (err error) {
|
||||||
// Waiting for ready.
|
// Waiting for ready.
|
||||||
select {
|
select {
|
||||||
case <-c.closed:
|
case <-c.closed:
|
||||||
@ -388,21 +387,7 @@ func (c *ControlPlane) dnsUpstreamReadyCallback(raw *url.URL, dnsUpstream *dns.U
|
|||||||
d.NotifyCheck()
|
d.NotifyCheck()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if dnsUpstream != nil {
|
|
||||||
// Control plane DNS routing.
|
|
||||||
if err = c.core.bpf.ParamMap.Update(consts.ControlPlaneDnsRoutingKey, uint32(1), ebpf.UpdateAny); err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
// As-is.
|
|
||||||
if err = c.core.bpf.ParamMap.Update(consts.ControlPlaneDnsRoutingKey, uint32(0), ebpf.UpdateAny); err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
|
||||||
})
|
})
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if dnsUpstream == nil {
|
if dnsUpstream == nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
@ -93,7 +93,8 @@ static const __u32 disable_l4_rx_checksum_key
|
|||||||
static const __u32 control_plane_pid_key = 4;
|
static const __u32 control_plane_pid_key = 4;
|
||||||
static const __u32 control_plane_nat_direct_key
|
static const __u32 control_plane_nat_direct_key
|
||||||
__attribute__((unused, deprecated)) = 5;
|
__attribute__((unused, deprecated)) = 5;
|
||||||
static const __u32 control_plane_dns_routing_key = 6;
|
static const __u32 control_plane_dns_routing_key
|
||||||
|
__attribute__((unused, deprecated))= 6;
|
||||||
|
|
||||||
// Outbound Connectivity Map:
|
// Outbound Connectivity Map:
|
||||||
|
|
||||||
@ -1137,12 +1138,8 @@ routing(const __u32 flag[6], const void *l4hdr, const __be32 saddr[4],
|
|||||||
// must_direct.
|
// must_direct.
|
||||||
if (match_set->outbound != OUTBOUND_MUST_DIRECT && h_dport == 53 &&
|
if (match_set->outbound != OUTBOUND_MUST_DIRECT && h_dport == 53 &&
|
||||||
_l4proto_type == L4ProtoType_UDP) {
|
_l4proto_type == L4ProtoType_UDP) {
|
||||||
__u32 *control_plane_dns_routing =
|
|
||||||
bpf_map_lookup_elem(¶m_map, &control_plane_dns_routing_key);
|
|
||||||
if (control_plane_dns_routing && *control_plane_dns_routing) {
|
|
||||||
return OUTBOUND_CONTROL_PLANE_ROUTING | (match_set->mark << 8);
|
return OUTBOUND_CONTROL_PLANE_ROUTING | (match_set->mark << 8);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
return match_set->outbound | (match_set->mark << 8);
|
return match_set->outbound | (match_set->mark << 8);
|
||||||
}
|
}
|
||||||
bad_rule = false;
|
bad_rule = false;
|
||||||
|
|||||||
28
docs/dns.md
28
docs/dns.md
@ -52,6 +52,20 @@ dns {
|
|||||||
|
|
||||||
## Templates
|
## Templates
|
||||||
|
|
||||||
|
```shell
|
||||||
|
# Use alidns for China mainland domains and googledns for others.
|
||||||
|
dns {
|
||||||
|
upstream {
|
||||||
|
googledns: 'tcp+udp://dns.google:53'
|
||||||
|
alidns: 'udp://dns.alidns.com:53'
|
||||||
|
}
|
||||||
|
request {
|
||||||
|
qname(geosite:cn) -> alidns
|
||||||
|
fallback: googledns
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
# Use alidns for all DNS queries and fallback to googledns if pollution result detected.
|
# Use alidns for all DNS queries and fallback to googledns if pollution result detected.
|
||||||
dns {
|
dns {
|
||||||
@ -69,17 +83,3 @@ dns {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
```shell
|
|
||||||
# Use alidns for China mainland domains and googledns for others.
|
|
||||||
dns {
|
|
||||||
upstream {
|
|
||||||
googledns: 'tcp+udp://dns.google:53'
|
|
||||||
alidns: 'udp://dns.alidns.com:53'
|
|
||||||
}
|
|
||||||
request {
|
|
||||||
qname(geosite:cn) -> alidns
|
|
||||||
fallback: googledns
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|||||||
@ -133,6 +133,7 @@ subscription {
|
|||||||
# Fill in your subscription links here.
|
# Fill in your subscription links here.
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# See https://github.com/daeuniverse/dae/blob/main/docs/dns.md for full examples.
|
||||||
dns {
|
dns {
|
||||||
upstream {
|
upstream {
|
||||||
googledns: 'tcp+udp://dns.google:53'
|
googledns: 'tcp+udp://dns.google:53'
|
||||||
@ -155,6 +156,7 @@ group {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# See https://github.com/daeuniverse/dae/blob/main/docs/routing.md for full examples.
|
||||||
routing {
|
routing {
|
||||||
pname(NetworkManager, systemd-resolved) -> direct
|
pname(NetworkManager, systemd-resolved) -> direct
|
||||||
dip(224.0.0.0/3, 'ff00::/8') -> direct
|
dip(224.0.0.0/3, 'ff00::/8') -> direct
|
||||||
|
|||||||
Reference in New Issue
Block a user