Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

为 wireguard 出站添加解析偏好设置 #2014

Closed
wants to merge 5 commits into from

Conversation

rui0572
Copy link
Contributor

@rui0572 rui0572 commented May 1, 2023

        {
            "tag": "outbound-wireguard",
            "protocol": "wireguard",
            "settings": {
                "mtu": 1280,
                "secretKey": "OMpOkugnsUGxa+JnUAoN2DIpnmwCS3kgVZTEmpXcYGE=",
                "reserved":[67,145,173],
                "peers": [
                    {
                        "endpoint": "162.159.192.2:2408",
                        "publicKey": "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=",
                        "allowedIPs": [
                            "0.0.0.0/0",
                            "::/0"
                        ]
                    }
                ],
                "address": [
                    "172.16.0.2/32",
                    "2606:4700:110:8301:cd13:e428:aaca:478d/128"
                ],
                "domainStrategy": "ForceIP"  // 添加此项配置,可填 "ForceIP", "ForceIPv6", "ForceIPv4", "ForceIPv6v4", "ForceIPv4v6"
            }
        }

@rui0572
Copy link
Contributor Author

rui0572 commented May 1, 2023

#1842

@Fangliding
Copy link
Member

@rui0572 所以什么时候xray可以给每个出站都单独配置strategy()

@chika0801
Copy link
Contributor

大佬太爱你了

@yuhan6665
Copy link
Member

感谢大佬 这个功能非常实用 我的建议是跟 freedom 出站的配置统一一下:
domainStrategy: "AsIs" | "UseIP" | "UseIPv4" | "UseIPv6"

@rui0572
Copy link
Contributor Author

rui0572 commented May 1, 2023

感谢大佬 这个功能非常实用 我的建议是跟 freedom 出站的配置统一一下: domainStrategy: "AsIs" | "UseIP" | "UseIPv4" | "UseIPv6"

我看过 freedom 的代码,它 "UseIPv6" 的逻辑是使用内置 DNS 仅 IPv6Enable 进行解析,如果解析失败就用域名直接 dial 了. 此时解析由系统进行,偏好受 gai.conf 控制,无法保证一定会 fallback 到 IPv4. (内置 DNS 解析不出 IPv6 可能是有意为之)

该选项的行为和 domainStrategy 并不一致,是完全由内置 DNS 解析的真 IPv6 优先,所以使用了新的名称.

一定要改的话也可以

@yuhan6665
Copy link
Member

what do you think @RPRX?

@rui0572
Copy link
Contributor Author

rui0572 commented May 1, 2023

备注:

默认值 "resolveStrategy": "None" 与此前的 wireguard 出站行为并不一致。

现在的默认行为与 freedom 出站配置 "domainStrategy": "UseIP" 时相同。即使用内置 DNS 解析后随机选择 IP 发起连接。

即使改名 domainStrategy 它也没有 AsIs 可以填

@RPRX
Copy link
Member

RPRX commented May 2, 2023

what do you think @RPRX?

现在 freedom 设置了 UseIPv6 但行为是 prefer 的话是反直觉的,所以,或许把它们的行为都改成解析不出 IPv6 就 block?

@RPRX
Copy link
Member

RPRX commented May 3, 2023

感谢大佬 这个功能非常实用 我的建议是跟 freedom 出站的配置统一一下: domainStrategy: "AsIs" | "UseIP" | "UseIPv4" | "UseIPv6"

就是说统一配置,统一行为(比如解析不出 IPv6 就 block)

@RPRX
Copy link
Member

RPRX commented May 3, 2023

换句话说,现在 freedom 的 UseIPv6 改名叫 PreferIPv6 更合适

@RPRX
Copy link
Member

RPRX commented May 3, 2023

不过改 freedom 现有的名称定义不太实际,此外,这个 PR 的解析行为不应该叫 Prefer,应该叫 Force,正好与 freedom 的 Use 有区分。所以我们可以给 freedom 的 domainStrategy 加三项:ForceIPForceIPv4ForceIPv6,内置 DNS 解析失败就 block。

然后这个 PR 也叫 domainStrategy,但只支持上述三项,默认 ForceIP

@RPRX
Copy link
Member

RPRX commented May 3, 2023

@rui0572 看代码这个 PR 设置了 v6 的话,如果没 v6 就 block?我觉得需要加两项真的 Prefer,可能更有用一些,比如 PreferIPv6 为先使用内置 DNS 解析 v6,若失败就尝试 v4,再失败就 block。freedom 也可以加这两项,行为一致。

@rui0572
Copy link
Contributor Author

rui0572 commented May 3, 2023

@RPRX

目前 resolveStrategy 的行为是

  • None: 使用内置 DNS 解析一次,然后随机选择 IP 连接
  • PreferIPv6: 使用内置 DNS 解析 v6 一次,失败则尝试解析 v4,然后随机选择 IP 连接
  • PreferIPv4: 同上,但是顺序颠倒

我想它正是

我觉得需要加两项真的 Prefer,可能更有用一些,比如 PreferIPv6 为先使用内置 DNS 解析 v6,若失败就尝试 v4,再失败就 block。


PS.

该选项的行为和 domainStrategy 并不一致,是完全由内置 DNS 解析的真 IPv6 优先,所以使用了新的名称.

这里就是想说 resolveStrategy 是真的 Prefer,而 domainStrategy 只是“形如” Prefer.

PPS.

发现 freedom 的 UseIPv6 仍然能够连接 v4Only 域名时也很意外.

期望它是 ForceIPv6

@chika0801

This comment was marked as outdated.

@RPRX
Copy link
Member

RPRX commented May 3, 2023

@rui0572 好的,我们改为给 domainStrategy 加这五项吧:ForceIPForceIPv4ForceIPv6ForceIPv4v6ForceIPv6v4

这样命名比较直观,看名字应该就能知道是啥意思,解析失败就 block,wireguard 出站仅支持这五项,freedom 支持全部十一项

(freedom 再加 UseIPv4v6UseIPv6v4

@RPRX
Copy link
Member

RPRX commented May 3, 2023

UseForce 的区别是,前者解析失败了会走 AsIs,后者解析失败了会被 block。这样整个 domainStrategy 都更加灵活了。

@chika0801
Copy link
Contributor

好耶

@rui0572
Copy link
Contributor Author

rui0572 commented May 3, 2023

@RPRX

名字改了,freedom 的 全部十一项 也许得把这个功能放到 v1.9.0

@RPRX
Copy link
Member

RPRX commented May 3, 2023

@rui0572 应该不需要那么多 alias。。。此外麻烦也改一下 freedom(另开一个 PR)

@RPRX
Copy link
Member

RPRX commented May 4, 2023

#2026 (comment)

@rui0572 rui0572 force-pushed the wireguard-resolveStrategy branch from d046cb2 to 0a5ded5 Compare May 4, 2023 07:14
@yuhan6665
Copy link
Member

感谢 rui0572 和大家 先合了 #2717

@yuhan6665 yuhan6665 closed this Nov 12, 2023
chika0801 referenced this pull request Nov 12, 2023
* 增加 wireguard 出站选项 `resolveStrategy`.

* They become a part of you.

* 移除不必要的选项别名.

* aliases NG.

* 微调.

---------

Co-authored-by: rui0572 <[email protected]>
@Fangliding
Copy link
Member

Fangliding commented Nov 13, 2023

提一嘴
在SockoptObject中已经有了出站统一的 "domainStrategy" 本来freedom的出站设置里已经有了domainStrategy freedom出站里的已经木已成舟没办法了 这个pr之后 变成了wg的出站又要有自己的resolveStrategy了 然后DNS模块那边还有个queryStrategy 会不会有点太乱了

@chika0801

This comment was marked as outdated.

@chika0801

This comment was marked as outdated.

@chika0801

This comment was marked as outdated.

@yuhan6665
Copy link
Member

提一嘴 在SockoptObject中已经有了出站统一的 "domainStrategy" 本来freedom的出站设置里已经有了domainStrategy freedom出站里的已经木已成舟没办法了 这个pr之后 变成了wg的出站又要有自己的resolveStrategy了 然后DNS模块那边还有个queryStrategy 会不会有点太乱了

每个需要强制解析域名的地方都可以分别配置 domainStrategy 应该没有问题 主要是统一并简化语法。。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants