fix/docs: fix the first check failure and possible dns leaking (#418)

Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com>
2025-07-21 05:09:55 +07:00 · 2024-01-11 21:47:05 +08:00
parent 0f8277b5a4
commit 18931ac477
8 changed files with 41 additions and 28 deletions
--- a/component/outbound/dialer/connectivity_check.go
+++ b/component/outbound/dialer/connectivity_check.go
@ -272,10 +272,10 @@ type CheckOption struct {
 func (d *Dialer) ActivateCheck() {
 	d.tickerMu.Lock()
 	defer d.tickerMu.Unlock()
-	if d.InstanceOption.CheckEnabled {
+	if d.InstanceOption.DisableCheck || d.checkActivated {
 		return
 	}
-	d.InstanceOption.CheckEnabled = true
+	d.checkActivated = true
 	go d.aliveBackground()
 }

--- a/component/outbound/dialer/dialer.go
+++ b/component/outbound/dialer/dialer.go
@ -35,6 +35,8 @@ type Dialer struct {
 	checkCh  chan time.Time
 	ctx      context.Context
 	cancel   context.CancelFunc
+
+	checkActivated bool
 }

 type GlobalOption struct {
@ -48,7 +50,7 @@ type GlobalOption struct {
 }

 type InstanceOption struct {
-	CheckEnabled bool
+	DisableCheck bool
 }

 type Property struct {
@ -78,9 +80,6 @@ func NewDialer(dialer netproxy.Dialer, option *GlobalOption, iOption InstanceOpt
 		ctx:              ctx,
 		cancel:           cancel,
 	}
-	if iOption.CheckEnabled {
-		go d.aliveBackground()
-	}
 	return d
 }

--- a/component/outbound/dialer_group_test.go
+++ b/component/outbound/dialer_group_test.go
@ -30,7 +30,7 @@ var log = logger.NewLogger("trace", false, nil)

 func newDirectDialer(option *dialer.GlobalOption, fullcone bool) *dialer.Dialer {
 	_d, p := dialer.NewDirectDialer(option, true)
-	d := dialer.NewDialer(_d, option, dialer.InstanceOption{CheckEnabled: false}, p)
+	d := dialer.NewDialer(_d, option, dialer.InstanceOption{DisableCheck: false}, p)
 	return d
 }

--- a/component/outbound/filter.go
+++ b/component/outbound/filter.go
@ -39,7 +39,7 @@ func NewDialerSetFromLinks(option *dialer.GlobalOption, tagToNodeList map[string
 	}
 	for subscriptionTag, nodes := range tagToNodeList {
 		for _, node := range nodes {
-			d, err := dialer.NewFromLink(option, dialer.InstanceOption{CheckEnabled: false}, node, subscriptionTag)
+			d, err := dialer.NewFromLink(option, dialer.InstanceOption{DisableCheck: false}, node, subscriptionTag)
 			if err != nil {
 				option.Log.Infof("failed to parse node: %v", err)
 				continue
--- a/control/control_plane.go
+++ b/control/control_plane.go
@ -261,9 +261,9 @@ func NewControlPlane(
 	}
 	disableKernelAliveCallback := dialMode != consts.DialMode_Ip
 	_direct, directProperty := dialer.NewDirectDialer(option, true)
-	direct := dialer.NewDialer(_direct, option, dialer.InstanceOption{CheckEnabled: false}, directProperty)
+	direct := dialer.NewDialer(_direct, option, dialer.InstanceOption{DisableCheck: true}, directProperty)
 	_block, blockProperty := dialer.NewBlockDialer(option, func() { /*Dialer Outbound*/ })
-	block := dialer.NewDialer(_block, option, dialer.InstanceOption{CheckEnabled: false}, blockProperty)
+	block := dialer.NewDialer(_block, option, dialer.InstanceOption{DisableCheck: true}, blockProperty)
 	outbounds := []*outbound.DialerGroup{
 		outbound.NewDialerGroup(option, consts.OutboundDirect.String(),
 			[]*dialer.Dialer{direct}, []*dialer.Annotation{{}},
@ -300,8 +300,6 @@ func NewControlPlane(
 		log.Infof(`Group "%v" node list:`, group.Name)
 		for _, d := range dialers {
 			log.Infoln("\t" + d.Property().Name)
-			// We only activate check of nodes that have a group.
-			d.ActivateCheck()
 		}
 		if len(dialers) == 0 {
 			log.Infoln("\t<Empty>")
@ -563,6 +561,14 @@ func (c *ControlPlane) dnsUpstreamReadyCallback(dnsUpstream *dns.Upstream) (err
 	return nil
 }

+func (c *ControlPlane) ActivateCheck() {
+	for _, g := range c.outbounds {
+		for _, d := range g.Dialers {
+			// We only activate check of nodes that have a group.
+			d.ActivateCheck()
+		}
+	}
+}
 func (c *ControlPlane) ChooseDialTarget(outbound consts.OutboundIndex, dst netip.AddrPort, domain string) (dialTarget string, shouldReroute bool, dialIp bool) {
 	dialMode := consts.DialMode_Ip

@ -759,6 +765,7 @@ func (c *ControlPlane) Serve(readyChan chan<- bool, listener *Listener) (err err
 			}(newBuf, newOob, src)
 		}
 	}()
+	c.ActivateCheck()
 	<-c.ctx.Done()
 	return nil
 }
--- a/docs/en/README.md
+++ b/docs/en/README.md
@ -196,7 +196,7 @@ group {

 # See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples.
 routing {
-  pname(NetworkManager, systemd-resolved, dnsmasq) -> must_direct
+  pname(NetworkManager) -> direct
  dip(224.0.0.0/3, 'ff00::/8') -> direct

  ### Write your rules below.
--- a/docs/zh/README.md
+++ b/docs/zh/README.md
@ -190,7 +190,7 @@ group {

 # 更多的 Routing 样例见 https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md
 routing {
-  pname(NetworkManager, systemd-resolved, dnsmasq) -> must_direct
+  pname(NetworkManager) -> direct
  dip(224.0.0.0/3, 'ff00::/8') -> direct

  ### 以下为自定义规则
--- a/example.dae
+++ b/example.dae
@ -147,20 +147,30 @@ dns {
        # According to the request of dns query, decide to use which DNS upstream.
        # Match rules from top to bottom.
        request {
+            # Lookup China mainland domains using alidns, otherwise googledns.
+            qname(geosite:cn) -> alidns
            # fallback is also called default.
-            fallback: alidns
-        }
-        # According to the response of dns query, decide to accept or re-lookup using another DNS upstream.
-        # Match rules from top to bottom.
-        response {
-            # Trusted upstream. Always accept its result.
-            upstream(googledns) -> accept
-            # Possibly polluted, re-lookup using googledns.
-            ip(geoip:private) && !qname(geosite:cn) -> googledns
-            # fallback is also called default.
-            fallback: accept
+            fallback: googledns
        }
    }
+#    routing {
+#        # According to the request of dns query, decide to use which DNS upstream.
+#        # Match rules from top to bottom.
+#        request {
+#            # fallback is also called default.
+#            fallback: alidns
+#        }
+#        # According to the response of dns query, decide to accept or re-lookup using another DNS upstream.
+#        # Match rules from top to bottom.
+#        response {
+#            # Trusted upstream. Always accept its result.
+#            upstream(googledns) -> accept
+#            # Possibly polluted, re-lookup using googledns.
+#            ip(geoip:private) && !qname(geosite:cn) -> googledns
+#            # fallback is also called default.
+#            fallback: accept
+#        }
+#    }
 }

 # Node group (outbound).
@ -206,9 +216,6 @@ routing {
    # WAN.
    pname(NetworkManager) -> direct

-    # Bypass DNS stubs. We want to bypass their DNS requests, thus use 'must'.
-    pname(systemd-resolved, dnsmasq) -> must_direct
-
    # Put it in the front to prevent broadcast, multicast and other packets that should be sent to the LAN from being
    # forwarded by the proxy.
    # "dip" means destination IP.