mirror of
https://github.com/XTLS/Xray-core.git
synced 2026-07-03 02:08:45 +00:00
refine
This commit is contained in:
+1
-1
@@ -381,7 +381,7 @@ func (c *OutboundDetourConfig) Build() (*core.OutboundHandlerConfig, error) {
|
|||||||
senderSettings.StreamSettings.SocketSettings.DomainStrategy != internet.DomainStrategy_FORCE_IP4 &&
|
senderSettings.StreamSettings.SocketSettings.DomainStrategy != internet.DomainStrategy_FORCE_IP4 &&
|
||||||
senderSettings.StreamSettings.SocketSettings.DomainStrategy != internet.DomainStrategy_FORCE_IP46 {
|
senderSettings.StreamSettings.SocketSettings.DomainStrategy != internet.DomainStrategy_FORCE_IP46 {
|
||||||
if senderSettings.StreamSettings.SocketSettings.DomainStrategy != internet.DomainStrategy_AS_IS {
|
if senderSettings.StreamSettings.SocketSettings.DomainStrategy != internet.DomainStrategy_AS_IS {
|
||||||
errors.LogWarning(context.Background(), `The "freedom" outbound "privacyGuard" overrides the existing "streamSettings.sockopt.domainStrategy". Please update your config(s) if this is unintended.`)
|
errors.LogWarning(context.Background(), `The "freedom" outbound "privacyGuard" overrides the existing "sockopt.domainStrategy". Please update your config(s) if this is unintended.`)
|
||||||
}
|
}
|
||||||
senderSettings.StreamSettings.SocketSettings.DomainStrategy = internet.DomainStrategy_USE_IP46
|
senderSettings.StreamSettings.SocketSettings.DomainStrategy = internet.DomainStrategy_USE_IP46
|
||||||
}
|
}
|
||||||
|
|||||||
+13
-15
@@ -301,22 +301,20 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
|
|||||||
var blockedDest *net.Destination
|
var blockedDest *net.Destination
|
||||||
var blockedRule *FinalRule
|
var blockedRule *FinalRule
|
||||||
err := retry.ExponentialBackoff(5, 100).On(func() error {
|
err := retry.ExponentialBackoff(5, 100).On(func() error {
|
||||||
dialDest := destination
|
if destination.Address.Family().IsDomain() {
|
||||||
|
|
||||||
if dialDest.Address.Family().IsDomain() {
|
|
||||||
if defaultRule != nil || len(h.finalRules) > 0 {
|
if defaultRule != nil || len(h.finalRules) > 0 {
|
||||||
if strategy := h.resolveStrategy; strategy.HasStrategy() {
|
if strategy := h.resolveStrategy; strategy.HasStrategy() {
|
||||||
ips, err := internet.LookupForIP(dialDest.Address.Domain(), strategy, outGateway)
|
ips, err := internet.LookupForIP(destination.Address.Domain(), strategy, outGateway)
|
||||||
if err != nil { // SRV/TXT
|
if err != nil { // SRV/TXT
|
||||||
errors.LogInfoInner(ctx, err, "failed to get IP address for domain ", dialDest.Address.Domain())
|
errors.LogInfoInner(ctx, err, "failed to get IP address for domain ", destination.Address.Domain())
|
||||||
if strategy.ForceIP() {
|
if strategy.ForceIP() {
|
||||||
return err // retry
|
return err // retry
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for _, ip := range ips {
|
for _, ip := range ips {
|
||||||
if addr := net.IPAddress(ip); addr != nil {
|
if addr := net.IPAddress(ip); addr != nil {
|
||||||
if rule := h.matchFinalRule(dialDest.Network, addr, dialDest.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
|
if rule := h.matchFinalRule(destination.Network, addr, destination.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
|
||||||
blockedDest = &dialDest
|
blockedDest = &destination
|
||||||
blockedDest.Address = addr
|
blockedDest.Address = addr
|
||||||
blockedRule = rule
|
blockedRule = rule
|
||||||
return nil
|
return nil
|
||||||
@@ -324,14 +322,14 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
addrs, err := net.DefaultResolver.LookupIPAddr(ctx, dialDest.Address.Domain())
|
addrs, err := net.DefaultResolver.LookupIPAddr(ctx, destination.Address.Domain())
|
||||||
if err != nil { // SRV/TXT
|
if err != nil { // SRV/TXT
|
||||||
errors.LogInfoInner(ctx, err, "failed to get IP address for domain ", dialDest.Address.Domain())
|
errors.LogInfoInner(ctx, err, "failed to get IP address for domain ", destination.Address.Domain())
|
||||||
}
|
}
|
||||||
for _, addr := range addrs {
|
for _, addr := range addrs {
|
||||||
if ipAddr := net.IPAddress(addr.IP); ipAddr != nil {
|
if ipAddr := net.IPAddress(addr.IP); ipAddr != nil {
|
||||||
if rule := h.matchFinalRule(dialDest.Network, ipAddr, dialDest.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
|
if rule := h.matchFinalRule(destination.Network, ipAddr, destination.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
|
||||||
blockedDest = &dialDest
|
blockedDest = &destination
|
||||||
blockedDest.Address = ipAddr
|
blockedDest.Address = ipAddr
|
||||||
blockedRule = rule
|
blockedRule = rule
|
||||||
return nil
|
return nil
|
||||||
@@ -341,14 +339,14 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if rule := h.matchFinalRule(dialDest.Network, dialDest.Address, dialDest.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
|
if rule := h.matchFinalRule(destination.Network, destination.Address, destination.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
|
||||||
blockedDest = &dialDest
|
blockedDest = &destination
|
||||||
blockedRule = rule
|
blockedRule = rule
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
rawConn, err := dialer.Dial(ctx, dialDest)
|
rawConn, err := dialer.Dial(ctx, destination)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@@ -362,7 +360,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
|
|||||||
if blockedDest != nil {
|
if blockedDest != nil {
|
||||||
return h.blackhole(ctx, input, output, blockedRule, blockedDest)
|
return h.blackhole(ctx, input, output, blockedRule, blockedDest)
|
||||||
}
|
}
|
||||||
if defaultRule != nil || len(h.finalRules) > 0 {
|
if destination.Address.Family().IsDomain() && (defaultRule != nil || len(h.finalRules) > 0) {
|
||||||
if h.usesProxySettings {
|
if h.usesProxySettings {
|
||||||
errors.LogInfo(ctx, "skipping final rule check for proxied remote endpoint, original target: ", destination)
|
errors.LogInfo(ctx, "skipping final rule check for proxied remote endpoint, original target: ", destination)
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Reference in New Issue
Block a user