fix: should intercept dns traffic even if no dns upstreams

2025-07-14 01:40:32 +07:00 · 2023-03-16 14:42:08 +08:00
parent c2d2b0d58f
commit 160e17f6e7
5 changed files with 25 additions and 41 deletions
--- a/component/dns/dns.go
+++ b/component/dns/dns.go
@ -7,11 +7,11 @@ package dns

 import (
 	"fmt"
-	"github.com/sirupsen/logrus"
 	"github.com/daeuniverse/dae/common"
 	"github.com/daeuniverse/dae/common/consts"
 	"github.com/daeuniverse/dae/component/routing"
 	"github.com/daeuniverse/dae/config"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/net/dns/dnsmessage"
 	"net/netip"
 	"net/url"
@ -29,7 +29,7 @@ type Dns struct {
 }

 type NewOption struct {
-	UpstreamReadyCallback func(raw *url.URL, upstream *Upstream) (err error)
+	UpstreamReadyCallback func(dnsUpstream *Upstream) (err error)
 }

 func New(log *logrus.Logger, dns *config.Dns, opt *NewOption) (s *Dns, err error) {
@ -60,7 +60,7 @@ func New(log *logrus.Logger, dns *config.Dns, opt *NewOption) (s *Dns, err error
 			FinishInitCallback: func(i int) func(raw *url.URL, upstream *Upstream) (err error) {
 				return func(raw *url.URL, upstream *Upstream) (err error) {
 					if opt != nil && opt.UpstreamReadyCallback != nil {
-						if err = opt.UpstreamReadyCallback(raw, upstream); err != nil {
+						if err = opt.UpstreamReadyCallback(upstream); err != nil {
 							return err
 						}
 					}
@ -110,7 +110,7 @@ func New(log *logrus.Logger, dns *config.Dns, opt *NewOption) (s *Dns, err error
 	}
 	if len(dns.Upstream) == 0 {
 		// Immediately ready.
-		go opt.UpstreamReadyCallback(nil, nil)
+		go opt.UpstreamReadyCallback(nil)
 	}
 	return s, nil
 }
--- a/control/control_plane.go
+++ b/control/control_plane.go
@ -28,7 +28,6 @@ import (
 	"golang.org/x/sys/unix"
 	"net"
 	"net/netip"
-	"net/url"
 	"os"
 	"path/filepath"
 	"strconv"
@ -51,7 +50,7 @@ type ControlPlane struct {
 	dnsController    *DnsController
 	onceNetworkReady sync.Once

-	dialMode            consts.DialMode
+	dialMode consts.DialMode

 	routingMatcher *RoutingMatcher

@ -373,7 +372,7 @@ func (c *ControlPlane) InjectBpf(bpf *bpfObjects) {
 	c.core.InjectBpf(bpf)
 }

-func (c *ControlPlane) dnsUpstreamReadyCallback(raw *url.URL, dnsUpstream *dns.Upstream) (err error) {
+func (c *ControlPlane) dnsUpstreamReadyCallback(dnsUpstream *dns.Upstream) (err error) {
 	// Waiting for ready.
 	select {
 	case <-c.closed:
@ -388,21 +387,7 @@ func (c *ControlPlane) dnsUpstreamReadyCallback(raw *url.URL, dnsUpstream *dns.U
 				d.NotifyCheck()
 			}
 		}
-		if dnsUpstream != nil {
-			// Control plane DNS routing.
-			if err = c.core.bpf.ParamMap.Update(consts.ControlPlaneDnsRoutingKey, uint32(1), ebpf.UpdateAny); err != nil {
-				return
-			}
-		} else {
-			// As-is.
-			if err = c.core.bpf.ParamMap.Update(consts.ControlPlaneDnsRoutingKey, uint32(0), ebpf.UpdateAny); err != nil {
-				return
-			}
-		}
 	})
-	if err != nil {
-		return err
-	}
 	if dnsUpstream == nil {
 		return nil
 	}
--- a/control/kern/tproxy.c
+++ b/control/kern/tproxy.c
@ -93,7 +93,8 @@ static const __u32 disable_l4_rx_checksum_key
 static const __u32 control_plane_pid_key = 4;
 static const __u32 control_plane_nat_direct_key
    __attribute__((unused, deprecated)) = 5;
-static const __u32 control_plane_dns_routing_key = 6;
+static const __u32 control_plane_dns_routing_key
+    __attribute__((unused, deprecated))= 6;

 // Outbound Connectivity Map:

@ -1137,11 +1138,7 @@ routing(const __u32 flag[6], const void *l4hdr, const __be32 saddr[4],
        // must_direct.
        if (match_set->outbound != OUTBOUND_MUST_DIRECT && h_dport == 53 &&
            _l4proto_type == L4ProtoType_UDP) {
-          __u32 *control_plane_dns_routing =
-              bpf_map_lookup_elem(&param_map, &control_plane_dns_routing_key);
-          if (control_plane_dns_routing && *control_plane_dns_routing) {
-            return OUTBOUND_CONTROL_PLANE_ROUTING | (match_set->mark << 8);
-          }
+          return OUTBOUND_CONTROL_PLANE_ROUTING | (match_set->mark << 8);
        }
        return match_set->outbound | (match_set->mark << 8);
      }
--- a/docs/dns.md
+++ b/docs/dns.md
@ -52,6 +52,20 @@ dns {

 ## Templates

+```shell
+# Use alidns for China mainland domains and googledns for others.
+dns {
+  upstream {
+    googledns: 'tcp+udp://dns.google:53'
+    alidns: 'udp://dns.alidns.com:53'
+  }
+  request {
+    qname(geosite:cn) -> alidns
+    fallback: googledns
+  }
+}
+```
+
 ```shell
 # Use alidns for all DNS queries and fallback to googledns if pollution result detected.
 dns {
@ -69,17 +83,3 @@ dns {
  }
 }
 ```
-
-```shell
-# Use alidns for China mainland domains and googledns for others.
-dns {
-  upstream {
-    googledns: 'tcp+udp://dns.google:53'
-    alidns: 'udp://dns.alidns.com:53'
-  }
-  request {
-    qname(geosite:cn) -> alidns
-    fallback: googledns
-  }
-}
-```
--- a/docs/getting-started/README.md
+++ b/docs/getting-started/README.md
@ -133,6 +133,7 @@ subscription {
  # Fill in your subscription links here.
 }

+# See https://github.com/daeuniverse/dae/blob/main/docs/dns.md for full examples.
 dns {
  upstream {
    googledns: 'tcp+udp://dns.google:53'
@ -155,6 +156,7 @@ group {
  }
 }

+# See https://github.com/daeuniverse/dae/blob/main/docs/routing.md for full examples.
 routing {
  pname(NetworkManager, systemd-resolved) -> direct
  dip(224.0.0.0/3, 'ff00::/8') -> direct