Direct/Freedom outbound: Prefer IPv4 for finalRules' "AsIs" (#6075)

https://github.com/XTLS/Xray-core/pull/6075#issuecomment-4391684629 https://github.com/XTLS/Xray-core/pull/6075#issuecomment-4392629645 https://github.com/XTLS/Xray-core/pull/6075#issuecomment-4395258425
2026-05-14 10:00:34 +00:00 · 2026-05-07 18:59:23 +08:00
parent 4192ca0827
commit 906d49a271
4 changed files with 104 additions and 85 deletions
@@ -239,11 +239,11 @@ func (h *Handler) blockDelay(rule *FinalRule) time.Duration {
 		min = rule.blockDelay.Min
 		max = rule.blockDelay.Max
 	}
-	abs := max - min
+	span := max - min
 	if max < min {
-		abs = min - max
+		span = min - max
 	}
-	return time.Duration(min+uint64(dice.Roll(int(abs+1)))) * time.Second
+	return time.Duration(min+uint64(dice.Roll(int(span+1)))) * time.Second
 }

 func isValidAddress(addr *net.IPOrDomain) bool {
@@ -293,6 +293,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 	var conn stat.Connection
 	var blockedDest *net.Destination
 	var blockedRule *FinalRule
+	firstResolve := true
 	err := retry.ExponentialBackoff(5, 100).On(func() error {
 		dialDest := destination
 		if h.config.DomainStrategy.HasStrategy() && dialDest.Address.Family().IsDomain() {
@@ -303,7 +304,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 			ips, err := internet.LookupForIP(dialDest.Address.Domain(), strategy, outGateway)
 			if err != nil {
 				errors.LogInfoInner(ctx, err, "failed to get IP address for domain ", dialDest.Address.Domain())
-				if h.config.DomainStrategy.ForceIP() {
+				if h.config.DomainStrategy.ForceIP() || h.shouldResolveDomainBeforeFinalRules(dialDest, defaultRule) {
 					return err
 				}
 			} else {
@@ -315,14 +316,29 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 				errors.LogInfo(ctx, "dialing to ", dialDest)
 			}
 		} else if h.shouldResolveDomainBeforeFinalRules(dialDest, defaultRule) { // asis + domain + hasrules
-			addrs, err := net.DefaultResolver.LookupIPAddr(ctx, dialDest.Address.Domain())
-			if err != nil {
-				errors.LogInfoInner(ctx, err, "failed to get IP address for domain ", dialDest.Address.Domain())
-			} else if len(addrs) > 0 {
-				if addr := net.IPAddress(addrs[dice.Roll(len(addrs))].IP); addr != nil {
-					dialDest.Address = addr
-					errors.LogInfo(ctx, "dialing to ", dialDest)
+			domain := dialDest.Address.Domain()
+			var ips []net.IP
+			if firstResolve {
+				firstResolve = false
+				supportIPv4, supportIPv6 := utils.CheckRoutes()
+				if supportIPv4 {
+					ips, _ = net.DefaultResolver.LookupIP(ctx, "ip4", domain)
 				}
+				if len(ips) == 0 && supportIPv6 {
+					ips, _ = net.DefaultResolver.LookupIP(ctx, "ip6", domain)
+				}
+				if len(ips) == 0 {
+					return errors.New("failed to get IP address for domain ", domain)
+				}
+			} else {
+				ips, _ = net.DefaultResolver.LookupIP(ctx, "ip", domain)
+			}
+			if len(ips) == 0 { // SRV/TXT, lookup failed
+				return errors.New("failed to get IP address for domain ", domain)
+			}
+			if addr := net.IPAddress(ips[dice.Roll(len(ips))]); addr != nil {
+				dialDest.Address = addr
+				errors.LogInfo(ctx, "dialing to ", dialDest)
 			}
 		}
 		if rule := h.matchFinalRule(dialDest.Network, dialDest.Address, dialDest.Port, defaultRule); rule != nil && rule.action == RuleAction_Block {
@@ -357,11 +373,6 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 		}
 		return nil
 	}
-	// TODO: SRV/TXT
-	// if remoteDest := net.DestinationFromAddr(conn.RemoteAddr()); h.applyFinalRules(remoteDest.Network, remoteDest.Address, remoteDest.Port, defaultRule) == RuleAction_Block {
-	// 	conn.Close()
-	// 	return blackhole(remoteDest)
-	// }
 	if h.config.ProxyProtocol > 0 && h.config.ProxyProtocol <= 2 {
 		version := byte(h.config.ProxyProtocol)
 		srcAddr := inbound.Source.RawNetAddr()