Wireguard resolve strategy (#2717)

* 增加 wireguard 出站选项 `resolveStrategy`. * They become a part of you. * 移除不必要的选项别名. * aliases NG. * 微调. --------- Co-authored-by: rui0572 <125641819+rui0572@users.noreply.github.com>
XTLS · Nov 12, 2023 · a109389 · a109389 · chika0801 · Nov 12, 2023
1 parent cc4b28b
commit a109389
Show file tree

Hide file tree

Showing 6 changed files with 175 additions and 35 deletions.
diff --git a/infra/conf/wireguard.go b/infra/conf/wireguard.go
@@ -3,6 +3,7 @@ package conf
 import (
 	"encoding/base64"
 	"encoding/hex"
+	"strings"
 
 	"github.com/xtls/xray-core/proxy/wireguard"
 	"google.golang.org/protobuf/proto"
@@ -47,12 +48,13 @@ func (c *WireGuardPeerConfig) Build() (proto.Message, error) {
 }
 
 type WireGuardConfig struct {
-	SecretKey  string                 `json:"secretKey"`
-	Address    []string               `json:"address"`
-	Peers      []*WireGuardPeerConfig `json:"peers"`
-	MTU        int                    `json:"mtu"`
-	NumWorkers int                    `json:"workers"`
-	Reserved   []byte                 `json:"reserved"`
+	SecretKey      string                 `json:"secretKey"`
+	Address        []string               `json:"address"`
+	Peers          []*WireGuardPeerConfig `json:"peers"`
+	MTU            int                    `json:"mtu"`
+	NumWorkers     int                    `json:"workers"`
+	Reserved       []byte                 `json:"reserved"`
+	DomainStrategy string                 `json:"domainStrategy"`
 }
 
 func (c *WireGuardConfig) Build() (proto.Message, error) {
@@ -96,6 +98,21 @@ func (c *WireGuardConfig) Build() (proto.Message, error) {
 	}
 	config.Reserved = c.Reserved
 
+	switch strings.ToLower(c.DomainStrategy) {
+	case "forceip", "":
+		config.DomainStrategy = wireguard.DeviceConfig_FORCE_IP
+	case "forceipv4":
+		config.DomainStrategy = wireguard.DeviceConfig_FORCE_IP4
+	case "forceipv6":
+		config.DomainStrategy = wireguard.DeviceConfig_FORCE_IP6
+	case "forceipv4v6":
+		config.DomainStrategy = wireguard.DeviceConfig_FORCE_IP46
+	case "forceipv6v4":
+		config.DomainStrategy = wireguard.DeviceConfig_FORCE_IP64
+	default:
+		return nil, newError("unsupported domain strategy: ", c.DomainStrategy)
+	}
+
 	return config, nil
 }
 

diff --git a/infra/conf/wireguard_test.go b/infra/conf/wireguard_test.go
@@ -24,7 +24,8 @@ func TestWireGuardOutbound(t *testing.T) {
 					}
 				],
 				"mtu": 1300,
-				"workers": 2
+				"workers": 2,
+				"domainStrategy": "ForceIPv6v4"
 			}`,
 			Parser: loadJSON(creator),
 			Output: &wireguard.DeviceConfig{
@@ -41,8 +42,9 @@ func TestWireGuardOutbound(t *testing.T) {
 						AllowedIps:   []string{"0.0.0.0/0", "::0/0"},
 					},
 				},
-				Mtu:        1300,
-				NumWorkers: 2,
+				Mtu:            1300,
+				NumWorkers:     2,
+				DomainStrategy: wireguard.DeviceConfig_FORCE_IP64,
 			},
 		},
 	})

diff --git a/proxy/wireguard/config.go b/proxy/wireguard/config.go
@@ -0,0 +1,25 @@
+package wireguard
+
+func (c *DeviceConfig) preferIP4() bool {
+	return c.DomainStrategy == DeviceConfig_FORCE_IP ||
+		c.DomainStrategy == DeviceConfig_FORCE_IP4 ||
+		c.DomainStrategy == DeviceConfig_FORCE_IP46
+}
+
+func (c *DeviceConfig) preferIP6() bool {
+	return c.DomainStrategy == DeviceConfig_FORCE_IP ||
+		c.DomainStrategy == DeviceConfig_FORCE_IP6 ||
+		c.DomainStrategy == DeviceConfig_FORCE_IP64
+}
+
+func (c *DeviceConfig) hasFallback() bool {
+	return c.DomainStrategy == DeviceConfig_FORCE_IP46 || c.DomainStrategy == DeviceConfig_FORCE_IP64
+}
+
+func (c *DeviceConfig) fallbackIP4() bool {
+	return c.DomainStrategy == DeviceConfig_FORCE_IP64
+}
+
+func (c *DeviceConfig) fallbackIP6() bool {
+	return c.DomainStrategy == DeviceConfig_FORCE_IP46
+}
diff --git a/proxy/wireguard/config.pb.go b/proxy/wireguard/config.pb.go
diff --git a/proxy/wireguard/config.proto b/proxy/wireguard/config.proto
@@ -15,10 +15,18 @@ message PeerConfig {
 }
 
 message DeviceConfig {
+    enum DomainStrategy {
+        FORCE_IP = 0;
+        FORCE_IP4 = 1;
+        FORCE_IP6 = 2;
+        FORCE_IP46 = 3;
+        FORCE_IP64 = 4;
+    }
     string secret_key = 1;
     repeated string endpoint = 2;
     repeated PeerConfig peers = 3;
     int32 mtu = 4;
     int32 num_workers = 5;
     bytes reserved = 6;
+    DomainStrategy domain_strategy = 7;
 }
diff --git a/proxy/wireguard/wireguard.go b/proxy/wireguard/wireguard.go
@@ -31,6 +31,7 @@ import (
 
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
+	"github.com/xtls/xray-core/common/dice"
 	"github.com/xtls/xray-core/common/log"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/protocol"
@@ -159,15 +160,23 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, dialer inte
 	addr := destination.Address
 	if addr.Family().IsDomain() {
 		ips, err := h.dns.LookupIP(addr.Domain(), dns.IPOption{
-			IPv4Enable: h.hasIPv4,
-			IPv6Enable: h.hasIPv6,
+			IPv4Enable: h.hasIPv4 && h.conf.preferIP4(),
+			IPv6Enable: h.hasIPv6 && h.conf.preferIP6(),
 		})
+		{ // Resolve fallback
+			if (len(ips) == 0 || err != nil) && h.conf.hasFallback() {
+				ips, err = h.dns.LookupIP(addr.Domain(), dns.IPOption{
+					IPv4Enable: h.hasIPv4 && h.conf.fallbackIP4(),
+					IPv6Enable: h.hasIPv6 && h.conf.fallbackIP6(),
+				})
+			}
+		}
 		if err != nil {
 			return newError("failed to lookup DNS").Base(err)
 		} else if len(ips) == 0 {
 			return dns.ErrEmptyResponse
 		}
-		addr = net.IPAddress(ips[0])
+		addr = net.IPAddress(ips[dice.Roll(len(ips))])
 	}
 
 	var newCtx context.Context