feat: add must_direct outbound

common/consts/ebpf.go

@@ -60,12 +60,13 @@ type OutboundIndex uint8
 const (
 	OutboundDirect             OutboundIndex = 0
 	OutboundBlock              OutboundIndex = 1
+	OutboundMustDirect         OutboundIndex = 0xFC
 	OutboundControlPlaneDirect OutboundIndex = 0xFD
 	OutboundLogicalOr          OutboundIndex = 0xFE
 	OutboundLogicalAnd         OutboundIndex = 0xFF
 
 	OutboundMax            = OutboundLogicalAnd
-	OutboundUserDefinedMax = OutboundControlPlaneDirect - 1
+	OutboundUserDefinedMax = OutboundMustDirect - 1
 )
 
 func (i OutboundIndex) String() string {
@@ -74,6 +75,8 @@ func (i OutboundIndex) String() string {
 		return "direct"
 	case OutboundBlock:
 		return "block"
+	case OutboundMustDirect:
+		return "must_direct"
 	case OutboundControlPlaneDirect:
 		return "<Control Plane Direct>"
 	case OutboundLogicalOr:

component/routing/matcher_builder.go

@@ -15,6 +15,7 @@ import (
 	"strings"
 )
 
+var FakeOutbound_MUST_DIRECT = consts.OutboundMustDirect.String()
 var FakeOutbound_AND = consts.OutboundLogicalAnd.String()
 var FakeOutbound_OR = consts.OutboundLogicalOr.String()
 

control/kern/tproxy.c

@@ -56,6 +56,7 @@
 
 #define OUTBOUND_DIRECT 0
 #define OUTBOUND_BLOCK 1
+#define OUTBOUND_MUST_DIRECT 0xFC
 #define OUTBOUND_CONTROL_PLANE_DIRECT 0xFD
 #define OUTBOUND_LOGICAL_OR 0xFE
 #define OUTBOUND_LOGICAL_AND 0xFF
@@ -1331,7 +1332,7 @@ new_connection:
                tuples.dst.ip, bpf_ntohs(tuples.dst.port));
   }
 #endif
-  if (outbound == OUTBOUND_DIRECT) {
+  if (outbound == OUTBOUND_DIRECT || outbound == OUTBOUND_MUST_DIRECT) {
     __u32 *nat;
     if ((nat =
              bpf_map_lookup_elem(&param_map, &control_plane_nat_direct_key)) &&

control/routing_matcher_builder.go

@@ -42,6 +42,8 @@ func NewRoutingMatcherBuilder(outboundName2Id map[string]uint8, bpf *bpfObjects)
 func (b *RoutingMatcherBuilder) OutboundToId(outbound string) uint8 {
 	var outboundId uint8
 	switch outbound {
+	case routing.FakeOutbound_MUST_DIRECT:
+		outboundId = uint8(consts.OutboundMustDirect)
 	case routing.FakeOutbound_AND:
 		outboundId = uint8(consts.OutboundLogicalAnd)
 	case routing.FakeOutbound_OR:

control/tcp.go

@@ -46,12 +46,14 @@ func (c *ControlPlane) handleConn(lConn net.Conn) (err error) {
 
 	switch outboundIndex {
 	case consts.OutboundDirect:
+	case consts.OutboundMustDirect:
+		fallthrough
 	case consts.OutboundControlPlaneDirect:
-		outboundIndex = consts.OutboundDirect
 		c.log.Tracef("outbound: %v => %v",
-			consts.OutboundControlPlaneDirect.String(),
-			consts.OutboundIndex(outboundIndex).String(),
+			outboundIndex.String(),
+			consts.OutboundDirect.String(),
 		)
+		outboundIndex = consts.OutboundDirect
 	default:
 	}
 	outbound := c.outbounds[outboundIndex]

control/udp.go

@@ -148,15 +148,18 @@ func (c *ControlPlane) handlePkt(lConn *net.UDPConn, data []byte, src, pktDst, r
 		realSrc = netip.AddrPortFrom(pktDst.Addr(), src.Port())
 	}
 
+	mustDirect := false
 	switch outboundIndex {
 	case consts.OutboundDirect:
+	case consts.OutboundMustDirect:
+		mustDirect = true
+		fallthrough
 	case consts.OutboundControlPlaneDirect:
-		outboundIndex = consts.OutboundDirect
-
 		c.log.Tracef("outbound: %v => %v",
-			consts.OutboundControlPlaneDirect.String(),
 			outboundIndex.String(),
+			consts.OutboundDirect.String(),
 		)
+		outboundIndex = consts.OutboundDirect
 	default:
 	}
 	if int(outboundIndex) >= len(c.outbounds) {
@@ -206,11 +209,11 @@ func (c *ControlPlane) handlePkt(lConn *net.UDPConn, data []byte, src, pktDst, r
 	if err != nil {
 		return err
 	}
-	if isDns && dnsUpstream != nil {
+	if isDns && dnsUpstream != nil && !mustDirect {
 		// Modify dns target to upstream.
 		// NOTICE: Routing was calculated in advance by the eBPF program.
 
-		/// Choose the best l4proto and ipversion.
+		/// Choose the best l4proto+ipversion dialer, and change taregt DNS to the best ipversion DNS upstream for DNS request.
 		// Get available ipversions and l4protos for DNS upstream.
 		ipversions, l4protos := dnsUpstream.SupportedNetworks()
 		var (