Add dialer options for remote ruleset #2702
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fix typo Signed-off-by: libtry486 <[email protected]>
Co-authored-by: anytls <anytls>
Signed-off-by: Estel <[email protected]>
Co-authored-by: anytls <anytls>
nekohasekai
force-pushed
the
dev-next
branch
from
c7ddfec to
5dd4358
Compare
nekohasekai
force-pushed
the
dev-next
branch
4 times, most recently
from
af0df73 to
ba496ae
Compare
nekohasekai
force-pushed
the
dev-next
branch
10 times, most recently
from
ab7df4d to
609bd63
Compare
nekohasekai
force-pushed
the
dev-next
branch
12 times, most recently
from
6b82890 to
c689437
Compare
nekohasekai
force-pushed
the
dev-next
branch
from
87eb193 to
877e7a8
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Remote Ruleset新增Dialer支持,允许Remote Ruleset像outbound一样覆盖default_domain_resolver的设置
起因:
一般情况下default_domain_resolver可以满足ruleset的解析,但是当使用一些内部私有地址时,在公共服务器上无法正确解析
下面是个例子,此时private-ruleset无法正确下载,因为
https://example.com并不能被dns_ali正确解析{ "dns": { "servers": [ "dns_ali" ] }, "route": { "default_domain_resolver": { "server": "dns_ali" }, ... "rule_set": [ { "tag": "private-ruleset", "type": "remote", "format": "source", "url": "https://example.com/something.json", "download_detour": "DIRECT-OUT" } ] }解决方案:
给Remote Ruleset添加dialer支持,在进行下载Ruleset文件时,如果设置了domain_resolver将覆盖default_domain_resolver,以用户设置进行解析。行为上与outbound在配置domain_resolver时一致。
下面是个例子,此时private-ruleset将使用dns_private进行解析,而public-ruleset则继续走原有规则使用dns_ali进行解析
{ "dns": { "servers": [ "dns_ali", "dns_private" ] }, "route": { "default_domain_resolver": { "server": "dns_ali" }, ... "rule_set": [ { "tag": "private-ruleset", "type": "remote", "format": "source", "url": "https://example.com/something.json", "detour": "PRIVATE-OUT", "domain_resolver": "dns_private" }, { "tag": "public-ruleset", "type": "remote", "format": "source", "url": "A valid public URL", } ] }受影响的现有逻辑:
保留了download_detour字段,在detour字段为空,download_detour字段内容有效时,使用download_detour的值
在detour字段和download_detour字段内容都有效时,优先使用detour的值
为什么不直接设置default_domain_resolver为私有dns?
因为私有dns使用了sing-box作为上游解析代理的情况下,有可能形成回环