From 622207bb96a1804adebbba592708fe64301d979e Mon Sep 17 00:00:00 2001
From: Meo597 <197331664+Meo597@users.noreply.github.com>
Date: Wed, 20 May 2026 05:30:45 +0800
Subject: [PATCH] refine

---
 infra/conf/xray.go       |  2 +-
 proxy/freedom/freedom.go | 28 +++++++++++++---------------
 2 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/infra/conf/xray.go b/infra/conf/xray.go
index efb9aa28..8b978e96 100644
--- a/infra/conf/xray.go
+++ b/infra/conf/xray.go
@@ -381,7 +381,7 @@ func (c *OutboundDetourConfig) Build() (*core.OutboundHandlerConfig, error) {
 					senderSettings.StreamSettings.SocketSettings.DomainStrategy != internet.DomainStrategy_FORCE_IP4 &&
 					senderSettings.StreamSettings.SocketSettings.DomainStrategy != internet.DomainStrategy_FORCE_IP46 {
 					if senderSettings.StreamSettings.SocketSettings.DomainStrategy != internet.DomainStrategy_AS_IS {
-						errors.LogWarning(context.Background(), `The "freedom" outbound "privacyGuard" overrides the existing "streamSettings.sockopt.domainStrategy". Please update your config(s) if this is unintended.`)
+						errors.LogWarning(context.Background(), `The "freedom" outbound "privacyGuard" overrides the existing "sockopt.domainStrategy". Please update your config(s) if this is unintended.`)
 					}
 					senderSettings.StreamSettings.SocketSettings.DomainStrategy = internet.DomainStrategy_USE_IP46
 				}
diff --git a/proxy/freedom/freedom.go b/proxy/freedom/freedom.go
index 52b75bfe..dddde6da 100644
--- a/proxy/freedom/freedom.go
+++ b/proxy/freedom/freedom.go
@@ -301,22 +301,20 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 	var blockedDest *net.Destination
 	var blockedRule *FinalRule
 	err := retry.ExponentialBackoff(5, 100).On(func() error {
-		dialDest := destination
-
-		if dialDest.Address.Family().IsDomain() {
+		if destination.Address.Family().IsDomain() {
 			if defaultRule != nil || len(h.finalRules) > 0 {
 				if strategy := h.resolveStrategy; strategy.HasStrategy() {
-					ips, err := internet.LookupForIP(dialDest.Address.Domain(), strategy, outGateway)
+					ips, err := internet.LookupForIP(destination.Address.Domain(), strategy, outGateway)
 					if err != nil { // SRV/TXT
-						errors.LogInfoInner(ctx, err, "failed to get IP address for domain ", dialDest.Address.Domain())
+						errors.LogInfoInner(ctx, err, "failed to get IP address for domain ", destination.Address.Domain())
 						if strategy.ForceIP() {
 							return err // retry
 						}
 					}
 					for _, ip := range ips {
 						if addr := net.IPAddress(ip); addr != nil {
-							if rule := h.matchFinalRule(dialDest.Network, addr, dialDest.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
-								blockedDest = &dialDest
+							if rule := h.matchFinalRule(destination.Network, addr, destination.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
+								blockedDest = &destination
 								blockedDest.Address = addr
 								blockedRule = rule
 								return nil
@@ -324,14 +322,14 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 						}
 					}
 				} else {
-					addrs, err := net.DefaultResolver.LookupIPAddr(ctx, dialDest.Address.Domain())
+					addrs, err := net.DefaultResolver.LookupIPAddr(ctx, destination.Address.Domain())
 					if err != nil { // SRV/TXT
-						errors.LogInfoInner(ctx, err, "failed to get IP address for domain ", dialDest.Address.Domain())
+						errors.LogInfoInner(ctx, err, "failed to get IP address for domain ", destination.Address.Domain())
 					}
 					for _, addr := range addrs {
 						if ipAddr := net.IPAddress(addr.IP); ipAddr != nil {
-							if rule := h.matchFinalRule(dialDest.Network, ipAddr, dialDest.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
-								blockedDest = &dialDest
+							if rule := h.matchFinalRule(destination.Network, ipAddr, destination.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
+								blockedDest = &destination
 								blockedDest.Address = ipAddr
 								blockedRule = rule
 								return nil
@@ -341,14 +339,14 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 				}
 			}
 		} else {
-			if rule := h.matchFinalRule(dialDest.Network, dialDest.Address, dialDest.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
-				blockedDest = &dialDest
+			if rule := h.matchFinalRule(destination.Network, destination.Address, destination.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
+				blockedDest = &destination
 				blockedRule = rule
 				return nil
 			}
 		}
 
-		rawConn, err := dialer.Dial(ctx, dialDest)
+		rawConn, err := dialer.Dial(ctx, destination)
 		if err != nil {
 			return err
 		}
@@ -362,7 +360,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 	if blockedDest != nil {
 		return h.blackhole(ctx, input, output, blockedRule, blockedDest)
 	}
-	if defaultRule != nil || len(h.finalRules) > 0 {
+	if destination.Address.Family().IsDomain() && (defaultRule != nil || len(h.finalRules) > 0) {
 		if h.usesProxySettings {
 			errors.LogInfo(ctx, "skipping final rule check for proxied remote endpoint, original target: ", destination)
 		} else {