mirror of https://github.com/XTLS/Xray-core
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
437 lines
13 KiB
437 lines
13 KiB
package dns |
|
|
|
//go:generate go run github.com/xtls/xray-core/common/errors/errorgen |
|
|
|
import ( |
|
"context" |
|
"fmt" |
|
"log" |
|
"net/url" |
|
"strings" |
|
"sync" |
|
"time" |
|
|
|
"github.com/xtls/xray-core/app/router" |
|
"github.com/xtls/xray-core/common" |
|
"github.com/xtls/xray-core/common/errors" |
|
"github.com/xtls/xray-core/common/net" |
|
"github.com/xtls/xray-core/common/session" |
|
"github.com/xtls/xray-core/common/strmatcher" |
|
"github.com/xtls/xray-core/common/uuid" |
|
core "github.com/xtls/xray-core/core" |
|
"github.com/xtls/xray-core/features" |
|
"github.com/xtls/xray-core/features/dns" |
|
"github.com/xtls/xray-core/features/routing" |
|
) |
|
|
|
// Server is a DNS rely server. |
|
type Server struct { |
|
sync.Mutex |
|
hosts *StaticHosts |
|
clientIP net.IP |
|
clients []Client // clientIdx -> Client |
|
ctx context.Context |
|
ipIndexMap []*MultiGeoIPMatcher // clientIdx -> *MultiGeoIPMatcher |
|
domainRules [][]string // clientIdx -> domainRuleIdx -> DomainRule |
|
domainMatcher strmatcher.IndexMatcher |
|
matcherInfos []DomainMatcherInfo // matcherIdx -> DomainMatcherInfo |
|
tag string |
|
} |
|
|
|
// DomainMatcherInfo contains information attached to index returned by Server.domainMatcher |
|
type DomainMatcherInfo struct { |
|
clientIdx uint16 |
|
domainRuleIdx uint16 |
|
} |
|
|
|
// MultiGeoIPMatcher for match |
|
type MultiGeoIPMatcher struct { |
|
matchers []*router.GeoIPMatcher |
|
} |
|
|
|
var errExpectedIPNonMatch = errors.New("expectIPs not match") |
|
|
|
// Match check ip match |
|
func (c *MultiGeoIPMatcher) Match(ip net.IP) bool { |
|
for _, matcher := range c.matchers { |
|
if matcher.Match(ip) { |
|
return true |
|
} |
|
} |
|
return false |
|
} |
|
|
|
// HasMatcher check has matcher |
|
func (c *MultiGeoIPMatcher) HasMatcher() bool { |
|
return len(c.matchers) > 0 |
|
} |
|
|
|
func generateRandomTag() string { |
|
id := uuid.New() |
|
return "xray.system." + id.String() |
|
} |
|
|
|
// New creates a new DNS server with given configuration. |
|
func New(ctx context.Context, config *Config) (*Server, error) { |
|
server := &Server{ |
|
clients: make([]Client, 0, len(config.NameServers)+len(config.NameServer)), |
|
ctx: ctx, |
|
tag: config.Tag, |
|
} |
|
if server.tag == "" { |
|
server.tag = generateRandomTag() |
|
} |
|
if len(config.ClientIp) > 0 { |
|
if len(config.ClientIp) != net.IPv4len && len(config.ClientIp) != net.IPv6len { |
|
return nil, newError("unexpected IP length", len(config.ClientIp)) |
|
} |
|
server.clientIP = net.IP(config.ClientIp) |
|
} |
|
|
|
hosts, err := NewStaticHosts(config.StaticHosts, config.Hosts) |
|
if err != nil { |
|
return nil, newError("failed to create hosts").Base(err) |
|
} |
|
server.hosts = hosts |
|
|
|
addNameServer := func(ns *NameServer) int { |
|
endpoint := ns.Address |
|
address := endpoint.Address.AsAddress() |
|
|
|
switch { |
|
case address.Family().IsDomain() && address.Domain() == "localhost": |
|
server.clients = append(server.clients, NewLocalNameServer()) |
|
// Priotize local domains with specific TLDs or without any dot to local DNS |
|
// References: |
|
// https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml |
|
// https://unix.stackexchange.com/questions/92441/whats-the-difference-between-local-home-and-lan |
|
localTLDsAndDotlessDomains := []*NameServer_PriorityDomain{ |
|
{Type: DomainMatchingType_Regex, Domain: "^[^.]+$"}, // This will only match domains without any dot |
|
{Type: DomainMatchingType_Subdomain, Domain: "local"}, |
|
{Type: DomainMatchingType_Subdomain, Domain: "localdomain"}, |
|
{Type: DomainMatchingType_Subdomain, Domain: "localhost"}, |
|
{Type: DomainMatchingType_Subdomain, Domain: "lan"}, |
|
{Type: DomainMatchingType_Subdomain, Domain: "home.arpa"}, |
|
{Type: DomainMatchingType_Subdomain, Domain: "example"}, |
|
{Type: DomainMatchingType_Subdomain, Domain: "invalid"}, |
|
{Type: DomainMatchingType_Subdomain, Domain: "test"}, |
|
} |
|
ns.PrioritizedDomain = append(ns.PrioritizedDomain, localTLDsAndDotlessDomains...) |
|
|
|
case address.Family().IsDomain() && strings.HasPrefix(address.Domain(), "https+local://"): |
|
// URI schemed string treated as domain |
|
// DOH Local mode |
|
u, err := url.Parse(address.Domain()) |
|
if err != nil { |
|
log.Fatalln(newError("DNS config error").Base(err)) |
|
} |
|
server.clients = append(server.clients, NewDoHLocalNameServer(u, server.clientIP)) |
|
|
|
case address.Family().IsDomain() && strings.HasPrefix(address.Domain(), "https://"): |
|
// DOH Remote mode |
|
u, err := url.Parse(address.Domain()) |
|
if err != nil { |
|
log.Fatalln(newError("DNS config error").Base(err)) |
|
} |
|
idx := len(server.clients) |
|
server.clients = append(server.clients, nil) |
|
|
|
// need the core dispatcher, register DOHClient at callback |
|
common.Must(core.RequireFeatures(ctx, func(d routing.Dispatcher) { |
|
c, err := NewDoHNameServer(u, d, server.clientIP) |
|
if err != nil { |
|
log.Fatalln(newError("DNS config error").Base(err)) |
|
} |
|
server.clients[idx] = c |
|
})) |
|
|
|
case address.Family().IsDomain() && address.Domain() == "fakedns": |
|
server.clients = append(server.clients, NewFakeDNSServer()) |
|
|
|
default: |
|
// UDP classic DNS mode |
|
dest := endpoint.AsDestination() |
|
if dest.Network == net.Network_Unknown { |
|
dest.Network = net.Network_UDP |
|
} |
|
if dest.Network == net.Network_UDP { |
|
idx := len(server.clients) |
|
server.clients = append(server.clients, nil) |
|
|
|
common.Must(core.RequireFeatures(ctx, func(d routing.Dispatcher) { |
|
server.clients[idx] = NewClassicNameServer(dest, d, server.clientIP) |
|
})) |
|
} |
|
} |
|
server.ipIndexMap = append(server.ipIndexMap, nil) |
|
return len(server.clients) - 1 |
|
} |
|
|
|
if len(config.NameServers) > 0 { |
|
features.PrintDeprecatedFeatureWarning("simple DNS server") |
|
for _, destPB := range config.NameServers { |
|
addNameServer(&NameServer{Address: destPB}) |
|
} |
|
} |
|
|
|
if len(config.NameServer) > 0 { |
|
clientIndices := []int{} |
|
domainRuleCount := 0 |
|
for _, ns := range config.NameServer { |
|
idx := addNameServer(ns) |
|
clientIndices = append(clientIndices, idx) |
|
domainRuleCount += len(ns.PrioritizedDomain) |
|
} |
|
|
|
domainRules := make([][]string, len(server.clients)) |
|
domainMatcher := &strmatcher.MatcherGroup{} |
|
matcherInfos := make([]DomainMatcherInfo, domainRuleCount+1) // matcher index starts from 1 |
|
var geoIPMatcherContainer router.GeoIPMatcherContainer |
|
for nidx, ns := range config.NameServer { |
|
idx := clientIndices[nidx] |
|
|
|
// Establish domain rule matcher |
|
rules := []string{} |
|
ruleCurr := 0 |
|
ruleIter := 0 |
|
for _, domain := range ns.PrioritizedDomain { |
|
matcher, err := toStrMatcher(domain.Type, domain.Domain) |
|
if err != nil { |
|
return nil, newError("failed to create prioritized domain").Base(err).AtWarning() |
|
} |
|
midx := domainMatcher.Add(matcher) |
|
if midx >= uint32(len(matcherInfos)) { // This rarely happens according to current matcher's implementation |
|
newError("expanding domain matcher info array to size ", midx, " when adding ", matcher).AtDebug().WriteToLog() |
|
matcherInfos = append(matcherInfos, make([]DomainMatcherInfo, midx-uint32(len(matcherInfos))+1)...) |
|
} |
|
info := &matcherInfos[midx] |
|
info.clientIdx = uint16(idx) |
|
if ruleCurr < len(ns.OriginalRules) { |
|
info.domainRuleIdx = uint16(ruleCurr) |
|
rule := ns.OriginalRules[ruleCurr] |
|
if ruleCurr >= len(rules) { |
|
rules = append(rules, rule.Rule) |
|
} |
|
ruleIter++ |
|
if ruleIter >= int(rule.Size) { |
|
ruleIter = 0 |
|
ruleCurr++ |
|
} |
|
} else { // No original rule, generate one according to current domain matcher (majorly for compatibility with tests) |
|
info.domainRuleIdx = uint16(len(rules)) |
|
rules = append(rules, matcher.String()) |
|
} |
|
} |
|
domainRules[idx] = rules |
|
|
|
// only add to ipIndexMap if GeoIP is configured |
|
if len(ns.Geoip) > 0 { |
|
var matchers []*router.GeoIPMatcher |
|
for _, geoip := range ns.Geoip { |
|
matcher, err := geoIPMatcherContainer.Add(geoip) |
|
if err != nil { |
|
return nil, newError("failed to create ip matcher").Base(err).AtWarning() |
|
} |
|
matchers = append(matchers, matcher) |
|
} |
|
matcher := &MultiGeoIPMatcher{matchers: matchers} |
|
server.ipIndexMap[idx] = matcher |
|
} |
|
} |
|
server.domainRules = domainRules |
|
server.domainMatcher = domainMatcher |
|
server.matcherInfos = matcherInfos |
|
} |
|
|
|
if len(server.clients) == 0 { |
|
server.clients = append(server.clients, NewLocalNameServer()) |
|
server.ipIndexMap = append(server.ipIndexMap, nil) |
|
} |
|
|
|
return server, nil |
|
} |
|
|
|
// Type implements common.HasType. |
|
func (*Server) Type() interface{} { |
|
return dns.ClientType() |
|
} |
|
|
|
// Start implements common.Runnable. |
|
func (s *Server) Start() error { |
|
return nil |
|
} |
|
|
|
// Close implements common.Closable. |
|
func (s *Server) Close() error { |
|
return nil |
|
} |
|
|
|
func (s *Server) IsOwnLink(ctx context.Context) bool { |
|
inbound := session.InboundFromContext(ctx) |
|
return inbound != nil && inbound.Tag == s.tag |
|
} |
|
|
|
// Match check dns ip match geoip |
|
func (s *Server) Match(idx int, client Client, domain string, ips []net.IP) ([]net.IP, error) { |
|
var matcher *MultiGeoIPMatcher |
|
if idx < len(s.ipIndexMap) { |
|
matcher = s.ipIndexMap[idx] |
|
} |
|
if matcher == nil { |
|
return ips, nil |
|
} |
|
|
|
if !matcher.HasMatcher() { |
|
newError("domain ", domain, " server has no valid matcher: ", client.Name(), " idx:", idx).AtDebug().WriteToLog() |
|
return ips, nil |
|
} |
|
|
|
newIps := []net.IP{} |
|
for _, ip := range ips { |
|
if matcher.Match(ip) { |
|
newIps = append(newIps, ip) |
|
} |
|
} |
|
if len(newIps) == 0 { |
|
return nil, errExpectedIPNonMatch |
|
} |
|
newError("domain ", domain, " expectIPs ", newIps, " matched at server ", client.Name(), " idx:", idx).AtDebug().WriteToLog() |
|
return newIps, nil |
|
} |
|
|
|
func (s *Server) queryIPTimeout(idx int, client Client, domain string, option dns.IPOption) ([]net.IP, error) { |
|
ctx, cancel := context.WithTimeout(s.ctx, time.Second*4) |
|
if len(s.tag) > 0 { |
|
ctx = session.ContextWithInbound(ctx, &session.Inbound{ |
|
Tag: s.tag, |
|
}) |
|
} |
|
|
|
ips, err := client.QueryIP(ctx, domain, option) |
|
cancel() |
|
|
|
if err != nil { |
|
return ips, err |
|
} |
|
|
|
ips, err = s.Match(idx, client, domain, ips) |
|
return ips, err |
|
} |
|
|
|
func (s *Server) lookupStatic(domain string, option dns.IPOption, depth int32) []net.Address { |
|
ips := s.hosts.LookupIP(domain, option) |
|
if ips == nil { |
|
return nil |
|
} |
|
if ips[0].Family().IsDomain() && depth < 5 { |
|
if newIPs := s.lookupStatic(ips[0].Domain(), option, depth+1); newIPs != nil { |
|
return newIPs |
|
} |
|
} |
|
return ips |
|
} |
|
|
|
func toNetIP(ips []net.Address) []net.IP { |
|
if len(ips) == 0 { |
|
return nil |
|
} |
|
netips := make([]net.IP, 0, len(ips)) |
|
for _, ip := range ips { |
|
netips = append(netips, ip.IP()) |
|
} |
|
return netips |
|
} |
|
|
|
// LookupIP implements dns.Client. |
|
func (s *Server) LookupIP(domain string, option dns.IPOption) ([]net.IP, error) { |
|
if domain == "" { |
|
return nil, newError("empty domain name") |
|
} |
|
|
|
// normalize the FQDN form query |
|
if strings.HasSuffix(domain, ".") { |
|
domain = domain[:len(domain)-1] |
|
} |
|
|
|
ips := s.lookupStatic(domain, option, 0) |
|
if ips != nil && ips[0].Family().IsIP() { |
|
newError("returning ", len(ips), " IPs for domain ", domain).WriteToLog() |
|
return toNetIP(ips), nil |
|
} |
|
|
|
if ips != nil && ips[0].Family().IsDomain() { |
|
newdomain := ips[0].Domain() |
|
newError("domain replaced: ", domain, " -> ", newdomain).WriteToLog() |
|
domain = newdomain |
|
} |
|
|
|
var lastErr error |
|
var matchedClient Client |
|
if s.domainMatcher != nil { |
|
indices := s.domainMatcher.Match(domain) |
|
domainRules := []string{} |
|
matchingDNS := []string{} |
|
for _, idx := range indices { |
|
info := s.matcherInfos[idx] |
|
rule := s.domainRules[info.clientIdx][info.domainRuleIdx] |
|
domainRules = append(domainRules, fmt.Sprintf("%s(DNS idx:%d)", rule, info.clientIdx)) |
|
matchingDNS = append(matchingDNS, s.clients[info.clientIdx].Name()) |
|
} |
|
if len(domainRules) > 0 { |
|
newError("domain ", domain, " matches following rules: ", domainRules).AtDebug().WriteToLog() |
|
} |
|
if len(matchingDNS) > 0 { |
|
newError("domain ", domain, " uses following DNS first: ", matchingDNS).AtDebug().WriteToLog() |
|
} |
|
for _, idx := range indices { |
|
clientIdx := int(s.matcherInfos[idx].clientIdx) |
|
matchedClient = s.clients[clientIdx] |
|
if !option.FakeEnable && strings.EqualFold(matchedClient.Name(), "FakeDNS") { |
|
newError("skip DNS resolution for domain ", domain, " at server ", matchedClient.Name()).AtDebug().WriteToLog() |
|
continue |
|
} |
|
ips, err := s.queryIPTimeout(clientIdx, matchedClient, domain, option) |
|
if len(ips) > 0 { |
|
return ips, nil |
|
} |
|
if err == dns.ErrEmptyResponse { |
|
return nil, err |
|
} |
|
if err != nil { |
|
newError("failed to lookup ip for domain ", domain, " at server ", matchedClient.Name()).Base(err).WriteToLog() |
|
lastErr = err |
|
} |
|
} |
|
} |
|
|
|
for idx, client := range s.clients { |
|
if client == matchedClient { |
|
newError("domain ", domain, " at server ", client.Name(), " idx:", idx, " already lookup failed, just ignore").AtDebug().WriteToLog() |
|
continue |
|
} |
|
if !option.FakeEnable && strings.EqualFold(client.Name(), "FakeDNS") { |
|
newError("skip DNS resolution for domain ", domain, " at server ", client.Name()).AtDebug().WriteToLog() |
|
continue |
|
} |
|
ips, err := s.queryIPTimeout(idx, client, domain, option) |
|
if len(ips) > 0 { |
|
return ips, nil |
|
} |
|
|
|
if err != nil { |
|
newError("failed to lookup ip for domain ", domain, " at server ", client.Name()).Base(err).WriteToLog() |
|
lastErr = err |
|
} |
|
if err != context.Canceled && err != context.DeadlineExceeded && err != errExpectedIPNonMatch { |
|
return nil, err |
|
} |
|
} |
|
|
|
return nil, newError("returning nil for domain ", domain).Base(lastErr) |
|
} |
|
|
|
func init() { |
|
common.Must(common.RegisterConfig((*Config)(nil), func(ctx context.Context, config interface{}) (interface{}, error) { |
|
return New(ctx, config.(*Config)) |
|
})) |
|
}
|
|
|