Skip to content

Commit

Permalink
intra: do not reroute dns meant for ipn.Exit
Browse files Browse the repository at this point in the history
when firestack sees its own traffic routed back in, the proxy-id is set
to ipn.Exit. In such cases, simply dial out to the address rather than
override DNS to be sent to user-set upstream.
  • Loading branch information
ignoramous committed Nov 3, 2023
1 parent 6b342c8 commit 9b04323
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 27 deletions.
23 changes: 2 additions & 21 deletions intra/tcp.go
Original file line number Diff line number Diff line change
Expand Up @@ -155,26 +155,6 @@ func (h *tcpHandler) forward(local net.Conn, remote net.Conn, summary *SocketSum
go h.sendNotif(summary)
}

func filteredPort(addr net.Addr) int16 {
_, port, err := net.SplitHostPort(addr.String())
if err != nil {
return -1
}
if port == "80" {
return 80
}
if port == "443" {
return 443
}
if port == "0" {
return 0
}
if port == "53" {
return 53
}
return -1
}

// must always be called from a goroutine
func (h *tcpHandler) sendNotif(summary *SocketSummary) {
// sleep a bit to avoid scenario where kotlin-land
Expand Down Expand Up @@ -320,7 +300,7 @@ func (h *tcpHandler) Handle(conn net.Conn, target *net.TCPAddr, summary *SocketS

pid := summary.PID

if h.dnsOverride(conn, target) {
if pid != ipn.Exit && h.dnsOverride(conn, target) {
return nil
}

Expand Down Expand Up @@ -420,6 +400,7 @@ func undoAlg(r dnsx.Resolver, algip net.IP) (realips, domains, blocklists string
return
}

// returns proxy-id, conn-id, user-id
func splitPidCidUid(decision *Mark) (pid, cid, uid string) {
if decision == nil {
return
Expand Down
12 changes: 6 additions & 6 deletions intra/udp.go
Original file line number Diff line number Diff line change
Expand Up @@ -391,7 +391,7 @@ func (h *udpHandler) Connect(conn core.UDPConn, target *net.UDPAddr) (res *Mark,
return res, errUdpFirewalled // disconnect
}

if h.isDns(target) {
if pid != ipn.Exit && h.isDns(target) {
return res, nil // connect
}

Expand Down Expand Up @@ -462,11 +462,6 @@ func (h *udpHandler) ReceiveTo(conn core.UDPConn, data []byte, addr *net.UDPAddr
nsraddr := conn.RemoteAddr()
raddr := addr

if h.dnsOverride(conn, addr, data) {
log.D("udp: egress: dns-override for dstaddr(%v) <- src(l:%v r:%v)", raddr, nsladdr, nsraddr)
return nil
}

h.RLock()
nat, ok1 := h.udpConns[conn]
h.RUnlock()
Expand All @@ -476,6 +471,11 @@ func (h *udpHandler) ReceiveTo(conn core.UDPConn, data []byte, addr *net.UDPAddr
return fmt.Errorf("conn %v -> %v [%v] does not exist", nsladdr, raddr, nsraddr)
}

if nat.pid != ipn.Exit && h.dnsOverride(conn, addr, data) {
log.D("udp: egress: dns-override for dstaddr(%v) <- src(l:%v r:%v)", raddr, nsladdr, nsraddr)
return nil
}

// unused in netstack as it only supports connected udp
// that is, udpconn.writeFrom(data, addr) isn't supported
nat.ip = &net.UDPAddr{
Expand Down

0 comments on commit 9b04323

Please sign in to comment.