DNS outbound: Add blockTypes (XTLS#3812)

Fangliding · dragonbreath2000 · commit aaa12a80301b · 2024-12-11T21:25:29.000+03:30
diff --git a/infra/conf/dns_proxy.go b/infra/conf/dns_proxy.go
@@ -13,6 +13,7 @@ type DNSOutboundConfig struct {
 	Port       uint16   `json:"port"`
 	UserLevel  uint32   `json:"userLevel"`
 	NonIPQuery string   `json:"nonIPQuery"`
+	BlockTypes  []int32  `json:"blockTypes"`
 }
 
 func (c *DNSOutboundConfig) Build() (proto.Message, error) {
@@ -34,5 +35,6 @@ func (c *DNSOutboundConfig) Build() (proto.Message, error) {
 		return nil, errors.New(`unknown "nonIPQuery": `, c.NonIPQuery)
 	}
 	config.Non_IPQuery = c.NonIPQuery
+	config.BlockTypes = c.BlockTypes
 	return config, nil
 }
diff --git a/proxy/dns/config.pb.go b/proxy/dns/config.pb.go
diff --git a/proxy/dns/config.proto b/proxy/dns/config.proto
@@ -14,4 +14,5 @@ message Config {
   xray.common.net.Endpoint server = 1;
   uint32 user_level = 2;
   string non_IP_query = 3;
+  repeated int32 block_types = 4;
 }
diff --git a/proxy/dns/dns.go b/proxy/dns/dns.go
@@ -49,6 +49,7 @@ type Handler struct {
 	server          net.Destination
 	timeout         time.Duration
 	nonIPQuery      string
+	blockTypes       []int32
 }
 
 func (h *Handler) Init(config *Config, dnsClient dns.Client, policyManager policy.Manager) error {
@@ -63,6 +64,7 @@ func (h *Handler) Init(config *Config, dnsClient dns.Client, policyManager polic
 		h.server = config.Server.AsDestination()
 	}
 	h.nonIPQuery = config.Non_IPQuery
+	h.blockTypes = config.BlockTypes
 	return nil
 }
 
@@ -84,12 +86,12 @@ func parseIPQuery(b []byte) (r bool, domain string, id uint16, qType dnsmessage.
 		errors.LogInfoInner(context.Background(), err, "question")
 		return
 	}
+	domain = q.Name.String()
 	qType = q.Type
 	if qType != dnsmessage.TypeA && qType != dnsmessage.TypeAAAA {
 		return
 	}
 
-	domain = q.Name.String()
 	r = true
 	return
 }
@@ -181,10 +183,18 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
 
 			if !h.isOwnLink(ctx) {
 				isIPQuery, domain, id, qType := parseIPQuery(b.Bytes())
+				if len(h.blockTypes) > 0 {
+					for _, blocktype := range h.blockTypes {
+						if blocktype == int32(qType) {
+							errors.LogInfo(ctx, "blocked type ", qType, " query for domain ", domain)
+							return nil
+						}
+					}
+				}
 				if isIPQuery {
 					go h.handleIPQuery(id, qType, domain, writer)
 				}
-				if isIPQuery || h.nonIPQuery == "drop" || qType == 65 {
+				if isIPQuery || h.nonIPQuery == "drop" {
 					b.Release()
 					continue
 				}

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@ type DNSOutboundConfig struct {`
`13`	`13`	Port uint16 `json:"port"`
`14`	`14`	UserLevel uint32 `json:"userLevel"`
`15`	`15`	NonIPQuery string `json:"nonIPQuery"`
	`16`	+ BlockTypes []int32 `json:"blockTypes"`
`16`	`17`	`}`
`17`	`18`
`18`	`19`	`func (c *DNSOutboundConfig) Build() (proto.Message, error) {`
`@@ -34,5 +35,6 @@ func (c *DNSOutboundConfig) Build() (proto.Message, error) {`
`34`	`35`	return nil, errors.New(`unknown "nonIPQuery": `, c.NonIPQuery)
`35`	`36`	`}`
`36`	`37`	`config.Non_IPQuery = c.NonIPQuery`
	`38`	`+ config.BlockTypes = c.BlockTypes`
`37`	`39`	`return config, nil`
`38`	`40`	`}`
Original file line number	Diff line number	Diff line change
`@@ -14,4 +14,5 @@ message Config {`
`14`	`14`	`xray.common.net.Endpoint server = 1;`
`15`	`15`	`uint32 user_level = 2;`
`16`	`16`	`string non_IP_query = 3;`
	`17`	`+ repeated int32 block_types = 4;`
`17`	`18`	`}`
Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,7 @@ type Handler struct {`
`49`	`49`	`server net.Destination`
`50`	`50`	`timeout time.Duration`
`51`	`51`	`nonIPQuery string`
	`52`	`+ blockTypes []int32`
`52`	`53`	`}`
`53`	`54`
`54`	`55`	`func (h Handler) Init(config Config, dnsClient dns.Client, policyManager policy.Manager) error {`
`@@ -63,6 +64,7 @@ func (h Handler) Init(config Config, dnsClient dns.Client, policyManager polic`
`63`	`64`	`h.server = config.Server.AsDestination()`
`64`	`65`	`}`
`65`	`66`	`h.nonIPQuery = config.Non_IPQuery`
	`67`	`+ h.blockTypes = config.BlockTypes`
`66`	`68`	`return nil`
`67`	`69`	`}`
`68`	`70`
`@@ -84,12 +86,12 @@ func parseIPQuery(b []byte) (r bool, domain string, id uint16, qType dnsmessage.`
`84`	`86`	`errors.LogInfoInner(context.Background(), err, "question")`
`85`	`87`	`return`
`86`	`88`	`}`
	`89`	`+ domain = q.Name.String()`
`87`	`90`	`qType = q.Type`
`88`	`91`	`if qType != dnsmessage.TypeA && qType != dnsmessage.TypeAAAA {`
`89`	`92`	`return`
`90`	`93`	`}`
`91`	`94`
`92`		`- domain = q.Name.String()`
`93`	`95`	`r = true`
`94`	`96`	`return`
`95`	`97`	`}`
`@@ -181,10 +183,18 @@ func (h Handler) Process(ctx context.Context, link transport.Link, d internet.`
`181`	`183`
`182`	`184`	`if !h.isOwnLink(ctx) {`
`183`	`185`	`isIPQuery, domain, id, qType := parseIPQuery(b.Bytes())`
	`186`	`+ if len(h.blockTypes) > 0 {`
	`187`	`+ for _, blocktype := range h.blockTypes {`
	`188`	`+ if blocktype == int32(qType) {`
	`189`	`+ errors.LogInfo(ctx, "blocked type ", qType, " query for domain ", domain)`
	`190`	`+ return nil`
	`191`	`+ }`
	`192`	`+ }`
	`193`	`+ }`
`184`	`194`	`if isIPQuery {`
`185`	`195`	`go h.handleIPQuery(id, qType, domain, writer)`
`186`	`196`	`}`
`187`		`- if isIPQuery \|\| h.nonIPQuery == "drop" \|\| qType == 65 {`
	`197`	`+ if isIPQuery \|\| h.nonIPQuery == "drop" {`
`188`	`198`	`b.Release()`
`189`	`199`	`continue`
`190`	`200`	`}`