DNS outbound: Replace "reject" with "return" (rCode is 0 by default) (#6214)

https://github.com/XTLS/Xray-core/pull/6214#issuecomment-4587988752

Example: https://github.com/XTLS/Xray-core/pull/6214#issue-4553786283

---------

Co-authored-by: Meo597 <197331664+Meo597@users.noreply.github.com>
This commit is contained in:
j2rong4cn
2026-06-01 09:25:47 +08:00
committed by GitHub
parent 455f6bc2d5
commit cb8cd048c1
7 changed files with 116 additions and 99 deletions
+2 -1
View File
@@ -3,6 +3,7 @@ package conf
import (
"encoding/json"
"fmt"
"math"
"strconv"
"strings"
@@ -199,7 +200,7 @@ func (v *PortRange) UnmarshalJSON(data []byte) error {
if err == nil {
v.From = uint32(from)
v.To = uint32(to)
if v.From > v.To {
if v.From > v.To || v.To > math.MaxUint16 {
return errors.New("invalid port range ", v.From, " -> ", v.To)
}
return nil
+22 -20
View File
@@ -12,8 +12,9 @@ import (
type DNSOutboundRuleConfig struct {
Action string `json:"action"`
QType *PortList `json:"qtype"`
QType *PortList `json:"qType"`
Domain *StringList `json:"domain"`
RCode uint32 `json:"rCode"`
}
func (c *DNSOutboundRuleConfig) Build() (*dns.DNSRuleConfig, error) {
@@ -24,8 +25,8 @@ func (c *DNSOutboundRuleConfig) Build() (*dns.DNSRuleConfig, error) {
rule.Action = dns.RuleAction_Direct
case "drop":
rule.Action = dns.RuleAction_Drop
case "reject":
rule.Action = dns.RuleAction_Reject
case "return":
rule.Action = dns.RuleAction_Return
case "hijack":
rule.Action = dns.RuleAction_Hijack
default:
@@ -34,14 +35,8 @@ func (c *DNSOutboundRuleConfig) Build() (*dns.DNSRuleConfig, error) {
if c.QType != nil {
for _, r := range c.QType.Range {
if r.From > r.To {
return nil, errors.New("invalid qtype range: ", r.String())
}
if r.To > 65535 {
return nil, errors.New("dns rule qtype out of range: ", r.String())
}
for qtype := r.From; qtype <= r.To; qtype++ {
rule.Qtype = append(rule.Qtype, int32(qtype))
for qType := r.From; qType <= r.To; qType++ {
rule.QType = append(rule.QType, int32(qType))
}
}
}
@@ -54,6 +49,11 @@ func (c *DNSOutboundRuleConfig) Build() (*dns.DNSRuleConfig, error) {
rule.Domain = rules
}
if c.RCode > 65535 {
return nil, errors.New("rCode out of range: ", c.RCode)
}
rule.RCode = c.RCode
return rule, nil
}
@@ -133,28 +133,30 @@ func (c *DNSOutboundConfig) buildLegacyDNSPolicy() ([]*dns.DNSRuleConfig, error)
if c.BlockTypes != nil && len(*c.BlockTypes) > 0 {
rule := &dns.DNSRuleConfig{Action: dns.RuleAction_Drop}
if mode == "reject" {
rule.Action = dns.RuleAction_Reject
rule.Action = dns.RuleAction_Return
rule.RCode = 5
}
for _, qtype := range *c.BlockTypes {
if qtype < 0 || qtype > 65535 {
return nil, errors.New("legacy blockTypes qtype out of range: ", qtype)
for _, qType := range *c.BlockTypes {
if qType < 0 || qType > 65535 {
return nil, errors.New("legacy blockTypes qType out of range: ", qType)
}
rule.Qtype = append(rule.Qtype, qtype)
rule.QType = append(rule.QType, qType)
}
rules = append(rules, rule)
}
{
rule := &dns.DNSRuleConfig{Action: dns.RuleAction_Hijack}
rule.Qtype = append(rule.Qtype, 1)
rule.Qtype = append(rule.Qtype, 28)
rule.QType = append(rule.QType, 1)
rule.QType = append(rule.QType, 28)
rules = append(rules, rule)
}
{
rule := &dns.DNSRuleConfig{Action: dns.RuleAction_Reject}
rule := &dns.DNSRuleConfig{Action: dns.RuleAction_Return}
if mode == "reject" {
rule.Action = dns.RuleAction_Reject
rule.Action = dns.RuleAction_Return
rule.RCode = 5
} else if mode == "drop" {
rule.Action = dns.RuleAction_Drop
} else if mode == "skip" {
+24 -19
View File
@@ -35,10 +35,10 @@ func TestDnsProxyConfig(t *testing.T) {
Input: `{
"rules": [{
"action": "direct",
"qtype": "1,3,23-24"
"qType": "1,3,23-24"
}, {
"action": "drop",
"qtype": 28,
"qType": 28,
"domain": ["domain:example.com", "full:example.com"]
}]
}`,
@@ -48,11 +48,11 @@ func TestDnsProxyConfig(t *testing.T) {
Rule: []*dns.DNSRuleConfig{
{
Action: dns.RuleAction_Direct,
Qtype: []int32{1, 3, 23, 24},
QType: []int32{1, 3, 23, 24},
},
{
Action: dns.RuleAction_Drop,
Qtype: []int32{28},
QType: []int32{28},
Domain: []*geodata.DomainRule{
{
Value: &geodata.DomainRule_Custom{
@@ -78,7 +78,8 @@ func TestDnsProxyConfig(t *testing.T) {
{
Input: `{
"rules": [{
"action": "reject",
"action": "return",
"rCode": 5,
"domain": "keyword:example"
}]
}`,
@@ -87,7 +88,8 @@ func TestDnsProxyConfig(t *testing.T) {
RewriteServer: &net.Endpoint{},
Rule: []*dns.DNSRuleConfig{
{
Action: dns.RuleAction_Reject,
Action: dns.RuleAction_Return,
RCode: 5,
Domain: []*geodata.DomainRule{
{
Value: &geodata.DomainRule_Custom{
@@ -106,7 +108,7 @@ func TestDnsProxyConfig(t *testing.T) {
Input: `{
"rules": [{
"action": "drop",
"qtype": 257
"qType": 257
}]
}`,
Parser: loadJSON(creator),
@@ -115,7 +117,7 @@ func TestDnsProxyConfig(t *testing.T) {
Rule: []*dns.DNSRuleConfig{
{
Action: dns.RuleAction_Drop,
Qtype: []int32{257},
QType: []int32{257},
},
},
},
@@ -140,10 +142,11 @@ func TestDnsProxyConfigLegacyCompatibility(t *testing.T) {
Rule: []*dns.DNSRuleConfig{
{
Action: dns.RuleAction_Hijack,
Qtype: []int32{1, 28},
QType: []int32{1, 28},
},
{
Action: dns.RuleAction_Reject,
Action: dns.RuleAction_Return,
RCode: 5,
},
},
},
@@ -157,15 +160,17 @@ func TestDnsProxyConfigLegacyCompatibility(t *testing.T) {
RewriteServer: &net.Endpoint{},
Rule: []*dns.DNSRuleConfig{
{
Action: dns.RuleAction_Reject,
Qtype: []int32{1, 65},
Action: dns.RuleAction_Return,
QType: []int32{1, 65},
RCode: 5,
},
{
Action: dns.RuleAction_Hijack,
Qtype: []int32{1, 28},
QType: []int32{1, 28},
},
{
Action: dns.RuleAction_Reject,
Action: dns.RuleAction_Return,
RCode: 5,
},
},
},
@@ -181,11 +186,11 @@ func TestDnsProxyConfigLegacyCompatibility(t *testing.T) {
Rule: []*dns.DNSRuleConfig{
{
Action: dns.RuleAction_Drop,
Qtype: []int32{1},
QType: []int32{1},
},
{
Action: dns.RuleAction_Hijack,
Qtype: []int32{1, 28},
QType: []int32{1, 28},
},
{
Action: dns.RuleAction_Drop,
@@ -204,11 +209,11 @@ func TestDnsProxyConfigLegacyCompatibility(t *testing.T) {
Rule: []*dns.DNSRuleConfig{
{
Action: dns.RuleAction_Drop,
Qtype: []int32{65, 28},
QType: []int32{65, 28},
},
{
Action: dns.RuleAction_Hijack,
Qtype: []int32{1, 28},
QType: []int32{1, 28},
},
{
Action: dns.RuleAction_Direct,
@@ -228,7 +233,7 @@ func TestDnsProxyConfigRejectsMixedLegacyAndNewFields(t *testing.T) {
_, err := loadJSON(creator)(`{
"rules": [{
"action": "direct",
"qtype": 65
"qType": 65
}],
"blockTypes": [65]
}`)