mirror of
https://github.com/SagerNet/sing-box.git
synced 2024-11-09 18:43:14 +00:00
Fix non-IP queries accepted by address filter rules
This commit is contained in:
世界
parent
996fbbf0c3
commit
06fa5abf63
|
|
@ -37,7 +37,7 @@ func (m *DNSReverseMapping) Query(address netip.Addr) (string, bool) {
|
||||||
return domain, loaded
|
return domain, loaded
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *Router) matchDNS(ctx context.Context, allowFakeIP bool, index int) (context.Context, dns.Transport, dns.DomainStrategy, adapter.DNSRule, int) {
|
func (r *Router) matchDNS(ctx context.Context, allowFakeIP bool, index int, isAddressQuery bool) (context.Context, dns.Transport, dns.DomainStrategy, adapter.DNSRule, int) {
|
||||||
metadata := adapter.ContextFrom(ctx)
|
metadata := adapter.ContextFrom(ctx)
|
||||||
if metadata == nil {
|
if metadata == nil {
|
||||||
panic("no context")
|
panic("no context")
|
||||||
|
|
@ -48,6 +48,9 @@ func (r *Router) matchDNS(ctx context.Context, allowFakeIP bool, index int) (con
|
||||||
dnsRules = dnsRules[index+1:]
|
dnsRules = dnsRules[index+1:]
|
||||||
}
|
}
|
||||||
for currentRuleIndex, rule := range dnsRules {
|
for currentRuleIndex, rule := range dnsRules {
|
||||||
|
if rule.WithAddressLimit() && !isAddressQuery {
|
||||||
|
continue
|
||||||
|
}
|
||||||
metadata.ResetRuleCache()
|
metadata.ResetRuleCache()
|
||||||
if rule.Match(metadata) {
|
if rule.Match(metadata) {
|
||||||
detour := rule.Outbound()
|
detour := rule.Outbound()
|
||||||
|
|
@ -126,9 +129,9 @@ func (r *Router) Exchange(ctx context.Context, message *mDNS.Msg) (*mDNS.Msg, er
|
||||||
addressLimit bool
|
addressLimit bool
|
||||||
)
|
)
|
||||||
|
|
||||||
dnsCtx, transport, strategy, rule, ruleIndex = r.matchDNS(ctx, true, ruleIndex)
|
dnsCtx, transport, strategy, rule, ruleIndex = r.matchDNS(ctx, true, ruleIndex, isAddressQuery(message))
|
||||||
dnsCtx, cancel = context.WithTimeout(dnsCtx, C.DNSTimeout)
|
dnsCtx, cancel = context.WithTimeout(dnsCtx, C.DNSTimeout)
|
||||||
if rule != nil && rule.WithAddressLimit() && isAddressQuery(message) {
|
if rule != nil && rule.WithAddressLimit() {
|
||||||
addressLimit = true
|
addressLimit = true
|
||||||
response, err = r.dnsClient.ExchangeWithResponseCheck(dnsCtx, transport, message, strategy, func(response *mDNS.Msg) bool {
|
response, err = r.dnsClient.ExchangeWithResponseCheck(dnsCtx, transport, message, strategy, func(response *mDNS.Msg) bool {
|
||||||
metadata.DestinationAddresses, _ = dns.MessageToAddresses(response)
|
metadata.DestinationAddresses, _ = dns.MessageToAddresses(response)
|
||||||
|
|
@ -205,7 +208,7 @@ func (r *Router) Lookup(ctx context.Context, domain string, strategy dns.DomainS
|
||||||
)
|
)
|
||||||
metadata.ResetRuleCache()
|
metadata.ResetRuleCache()
|
||||||
metadata.DestinationAddresses = nil
|
metadata.DestinationAddresses = nil
|
||||||
dnsCtx, transport, transportStrategy, rule, ruleIndex = r.matchDNS(ctx, false, ruleIndex)
|
dnsCtx, transport, transportStrategy, rule, ruleIndex = r.matchDNS(ctx, false, ruleIndex, true)
|
||||||
if strategy == dns.DomainStrategyAsIS {
|
if strategy == dns.DomainStrategyAsIS {
|
||||||
strategy = transportStrategy
|
strategy = transportStrategy
|
||||||
}
|
}
|
||||||
|
|
@ -256,7 +259,7 @@ func (r *Router) ClearDNSCache() {
|
||||||
|
|
||||||
func isAddressQuery(message *mDNS.Msg) bool {
|
func isAddressQuery(message *mDNS.Msg) bool {
|
||||||
for _, question := range message.Question {
|
for _, question := range message.Question {
|
||||||
if question.Qtype == mDNS.TypeA || question.Qtype == mDNS.TypeAAAA {
|
if question.Qtype == mDNS.TypeA || question.Qtype == mDNS.TypeAAAA || question.Qtype == mDNS.TypeHTTPS {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue