This commit is contained in:
Meo597
2026-05-20 05:30:45 +08:00
parent 6bc4d4a3e8
commit 622207bb96
2 changed files with 14 additions and 16 deletions
+1 -1
View File
@@ -381,7 +381,7 @@ func (c *OutboundDetourConfig) Build() (*core.OutboundHandlerConfig, error) {
senderSettings.StreamSettings.SocketSettings.DomainStrategy != internet.DomainStrategy_FORCE_IP4 && senderSettings.StreamSettings.SocketSettings.DomainStrategy != internet.DomainStrategy_FORCE_IP4 &&
senderSettings.StreamSettings.SocketSettings.DomainStrategy != internet.DomainStrategy_FORCE_IP46 { senderSettings.StreamSettings.SocketSettings.DomainStrategy != internet.DomainStrategy_FORCE_IP46 {
if senderSettings.StreamSettings.SocketSettings.DomainStrategy != internet.DomainStrategy_AS_IS { if senderSettings.StreamSettings.SocketSettings.DomainStrategy != internet.DomainStrategy_AS_IS {
errors.LogWarning(context.Background(), `The "freedom" outbound "privacyGuard" overrides the existing "streamSettings.sockopt.domainStrategy". Please update your config(s) if this is unintended.`) errors.LogWarning(context.Background(), `The "freedom" outbound "privacyGuard" overrides the existing "sockopt.domainStrategy". Please update your config(s) if this is unintended.`)
} }
senderSettings.StreamSettings.SocketSettings.DomainStrategy = internet.DomainStrategy_USE_IP46 senderSettings.StreamSettings.SocketSettings.DomainStrategy = internet.DomainStrategy_USE_IP46
} }
+13 -15
View File
@@ -301,22 +301,20 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
var blockedDest *net.Destination var blockedDest *net.Destination
var blockedRule *FinalRule var blockedRule *FinalRule
err := retry.ExponentialBackoff(5, 100).On(func() error { err := retry.ExponentialBackoff(5, 100).On(func() error {
dialDest := destination if destination.Address.Family().IsDomain() {
if dialDest.Address.Family().IsDomain() {
if defaultRule != nil || len(h.finalRules) > 0 { if defaultRule != nil || len(h.finalRules) > 0 {
if strategy := h.resolveStrategy; strategy.HasStrategy() { if strategy := h.resolveStrategy; strategy.HasStrategy() {
ips, err := internet.LookupForIP(dialDest.Address.Domain(), strategy, outGateway) ips, err := internet.LookupForIP(destination.Address.Domain(), strategy, outGateway)
if err != nil { // SRV/TXT if err != nil { // SRV/TXT
errors.LogInfoInner(ctx, err, "failed to get IP address for domain ", dialDest.Address.Domain()) errors.LogInfoInner(ctx, err, "failed to get IP address for domain ", destination.Address.Domain())
if strategy.ForceIP() { if strategy.ForceIP() {
return err // retry return err // retry
} }
} }
for _, ip := range ips { for _, ip := range ips {
if addr := net.IPAddress(ip); addr != nil { if addr := net.IPAddress(ip); addr != nil {
if rule := h.matchFinalRule(dialDest.Network, addr, dialDest.Port, defaultRule); rule != nil && rule.action == RuleAction_Block { if rule := h.matchFinalRule(destination.Network, addr, destination.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
blockedDest = &dialDest blockedDest = &destination
blockedDest.Address = addr blockedDest.Address = addr
blockedRule = rule blockedRule = rule
return nil return nil
@@ -324,14 +322,14 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
} }
} }
} else { } else {
addrs, err := net.DefaultResolver.LookupIPAddr(ctx, dialDest.Address.Domain()) addrs, err := net.DefaultResolver.LookupIPAddr(ctx, destination.Address.Domain())
if err != nil { // SRV/TXT if err != nil { // SRV/TXT
errors.LogInfoInner(ctx, err, "failed to get IP address for domain ", dialDest.Address.Domain()) errors.LogInfoInner(ctx, err, "failed to get IP address for domain ", destination.Address.Domain())
} }
for _, addr := range addrs { for _, addr := range addrs {
if ipAddr := net.IPAddress(addr.IP); ipAddr != nil { if ipAddr := net.IPAddress(addr.IP); ipAddr != nil {
if rule := h.matchFinalRule(dialDest.Network, ipAddr, dialDest.Port, defaultRule); rule != nil && rule.action == RuleAction_Block { if rule := h.matchFinalRule(destination.Network, ipAddr, destination.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
blockedDest = &dialDest blockedDest = &destination
blockedDest.Address = ipAddr blockedDest.Address = ipAddr
blockedRule = rule blockedRule = rule
return nil return nil
@@ -341,14 +339,14 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
} }
} }
} else { } else {
if rule := h.matchFinalRule(dialDest.Network, dialDest.Address, dialDest.Port, defaultRule); rule != nil && rule.action == RuleAction_Block { if rule := h.matchFinalRule(destination.Network, destination.Address, destination.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
blockedDest = &dialDest blockedDest = &destination
blockedRule = rule blockedRule = rule
return nil return nil
} }
} }
rawConn, err := dialer.Dial(ctx, dialDest) rawConn, err := dialer.Dial(ctx, destination)
if err != nil { if err != nil {
return err return err
} }
@@ -362,7 +360,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
if blockedDest != nil { if blockedDest != nil {
return h.blackhole(ctx, input, output, blockedRule, blockedDest) return h.blackhole(ctx, input, output, blockedRule, blockedDest)
} }
if defaultRule != nil || len(h.finalRules) > 0 { if destination.Address.Family().IsDomain() && (defaultRule != nil || len(h.finalRules) > 0) {
if h.usesProxySettings { if h.usesProxySettings {
errors.LogInfo(ctx, "skipping final rule check for proxied remote endpoint, original target: ", destination) errors.LogInfo(ctx, "skipping final rule check for proxied remote endpoint, original target: ", destination)
} else { } else {