Add sniffer enhancement related to Fake DNS

[yuhan6665]

I have been thinking of for the cache/mapping loss when core is rebooted. Also got some idea from the initial user of the current fake DNS.
Basically the idea is to use the existing sniffers (HTTP, TLS) when the domain name cannot be recovered. When it works, logs will be like:

31872-31976/com.v2ray.ang I/GoLog: [Info] v2ray.com/core/app/dns: returning fake IP 240.0.0.2 for domain baidu.com
...reboot...
2020-11-29 22:55:56.300 31872-31976/com.v2ray.ang I/GoLog: [Info] [1895565757] v2ray.com/core/proxy/socks: TCP Connect request to tcp:240.0.0.2:80
2020-11-29 22:55:56.300 31872-31976/com.v2ray.ang I/GoLog: [Info] v2ray.com/core/app/dns/fakedns: A fake ip request to 240.0.0.2, however there is no matching domain name in fake DNS
2020-11-29 22:55:56.300 31872-31976/com.v2ray.ang I/GoLog: [Info] [1895565757] v2ray.com/core/app/dispatcher: Using sniffer http1 since the fake DNS missed
2020-11-29 22:55:56.300 31872-31976/com.v2ray.ang I/GoLog: [Info] [1895565757] v2ray.com/core/app/dispatcher: sniffed domain: baidu.com
2020-11-29 22:55:56.300 31872-31976/com.v2ray.ang I/GoLog: [Info] [1895565757] v2ray.com/core/app/dispatcher: taking detour [direct] for [tcp:baidu.com:80]

[Loyalsoldier]

Maybe this behavior should be the default one in FakeDNS instead of adding a new DNS convention fakedns+others?

[yuhan6665]

Maybe be this behavior should be the default one in FakeDNS instead of adding a new DNS convention fakedns+others?

I can make change this way. Commit will be simpler even.
The reason to add a new sniffer "fakedns+others" was to give user a way to opt out. But opt out will fail connection anyway..

[rurirei]

but v2ray-sniffing enabled also on my side, as FakeDns not used anywhere.

{ "destOverride": [ "http", "tls", "fakedns" ] },
{ "dns": { "servers": [ "fakedns", "8.8.8.8" ] }

[v2ray] [Debug] v2ray.com/core/app/dns: domain dns.google will use DNS in order: [FakeDNS UDP:8.8.8.8:53]
[v2ray] [Info] [348177452] v2ray.com/core/app/dispatcher: fake dns got domain: dns.google for ip: 198.18.0.3
[v2ray] [Info] [348177452] v2ray.com/core/app/dispatcher: sniffed domain: dns.google

// not FakeDNS!
[v2ray] [Info] [2213317628] v2ray.com/core/app/dispatcher: sniffed domain: api.github.com

[Loyalsoldier]

but v2ray-sniffing enabled also on my side, as FakeDns not used anywhere.

{ "destOverride": [ "http", "tls", "fakedns" ] },
{ "dns": { "servers": [ "fakedns", "8.8.8.8" ] }

[v2ray] [Debug] v2ray.com/core/app/dns: domain dns.google will use DNS in order: [FakeDNS UDP:8.8.8.8:53]
[v2ray] [Info] [348177452] v2ray.com/core/app/dispatcher: fake dns got domain: dns.google for ip: 198.18.0.3
[v2ray] [Info] [348177452] v2ray.com/core/app/dispatcher: sniffed domain: dns.google

// not FakeDNS!
[v2ray] [Info] [2213317628] v2ray.com/core/app/dispatcher: sniffed domain: api.github.com

There is an option metadataOnly for FakeDNS. Set it true, then v2ray can't sniff domains. But I don't know what this option for.

[yuhan6665]

@rurirei
without b17dbd5, user need to turn on sniffer "http", "tls" for all IP range. Which might not be desirable in some cases.
c88d124 is just a small enhancement to make new fake IP unique.

[Loyalsoldier]

Maybe add a boolean option fallback to SniffingObject. Set it true, then fallback to other sniffers?

(But as you can see for now, if the metadataOnly option in fakeDNS is set to false, other sniffers still work. Is it necessary to keep both fallback and metadataOnly options?)

@xiaokangwang

[rurirei]

@yuhan6665 @Loyalsoldier what about defaults to fallback (if when metadataOnly: false), unless there are no "http and/or tls" sniffers appears in specified configs.

[Loyalsoldier]

@yuhan6665 @Loyalsoldier what about defaults to fallback (if when metadataOnly: false), unless there are no "http and/or tls" sniffers appears in specified configs.

IMO, I like the word fallback more. The metadataOnly word to me is hard to understand. 😂

[rurirei]

@Loyalsoldier metadataOnly is not option for fallback seems.

v2ray-core/app/proxyman/config.proto

Lines 60 to 63 in 38da831

	// Whether should only try to sniff metadata without waiting for client input.
	// Can be used to support SMTP like protocol where server send the first message.
	bool metadata_only = 3;
	}

[yuhan6665]

From what I can tell, metadataOnly = ture will turn off any fallback behavior, so I think we are good. Let's keep the existing configs as is.

[klzgrad]

This will stop working with TLS 1.3 ESNI and HTTP/3, no?

[rurirei]

@klzgrad FakeDNS will not work with Encrypted DNS query. It may work with ESNI.

[kslr]

Looks good, but if we plan to add TUN Inbound, "fakedns+other" is better

[kslr]

@xiaokangwang Don't forget

[xiaokangwang]

The reason I added a metadata only only is that without that, some protocol that require server to initiate the talk will not work(notably SMTP).

I have to say that the change in shouldOverride have break the abstraction of the sniffer. I will look more into how to incorporate this change into V2Ray.
https://github.com/v2fly/v2ray-core/pull/697/files#diff-c3820ebfbe4f1eb7e9d13008e995e0fa8912cad9f058c9f7767aed1df10533d8R181

[xiaokangwang]

but v2ray-sniffing enabled also on my side, as FakeDns not used anywhere.

{ "destOverride": [ "http", "tls", "fakedns" ] },
{ "dns": { "servers": [ "fakedns", "8.8.8.8" ] }

[v2ray] [Debug] v2ray.com/core/app/dns: domain dns.google will use DNS in order: [FakeDNS UDP:8.8.8.8:53]
[v2ray] [Info] [348177452] v2ray.com/core/app/dispatcher: fake dns got domain: dns.google for ip: 198.18.0.3
[v2ray] [Info] [348177452] v2ray.com/core/app/dispatcher: sniffed domain: dns.google

// not FakeDNS!
[v2ray] [Info] [2213317628] v2ray.com/core/app/dispatcher: sniffed domain: api.github.com

Sorry my English is very bad and I cannot understand your meaning, but, when FakeDNS is not getting result, and metadataonly is false which allow V2Ray to prevent client from dialing connection before sending content, other sniffer's result will work.

[xiaokangwang]

If agreed, I can rework the internal code of this PR so that:
A composite sniffer will sniff the domain name with tls and http if the ip address in the fake dns's ip pool but no result is given from fake dns.

[Loyalsoldier]

If agreed, I can rework the internal code of this PR so that:
A composite sniffer will sniff the domain name with tls and http if the ip address in the fake dns's ip pool but no result is given from fake dns.

It's great to also implement this #806

[xiaokangwang]

If agreed, I can rework the internal code of this PR so that:
A composite sniffer will sniff the domain name with tls and http if the ip address in the fake dns's ip pool but no result is given from fake dns.

It's great to also implement this #806

There are also domains like .internal that shouldn't be solved with fake dns. I think this should be something we require user to configure to suit their environment instead of hard code such logic. This issue is similar to some app don't respect fake dns's response and refuse to work when fake dns is enabled. We already have setting to solve all these problems, we shouldn't use hard coded logic then.

[Loyalsoldier]

If agreed, I can rework the internal code of this PR so that:
A composite sniffer will sniff the domain name with tls and http if the ip address in the fake dns's ip pool but no result is given from fake dns.

It's great to also implement this #806

There are also domains like .internal that shouldn't be solved with fake dns. I think this should be something we require user to configure to suit their environment instead of hard code such logic. This issue is similar to some app don't respect fake dns's response and refuse to work when fake dns is enabled. We already have setting to solve all these problems, we shouldn't use hard coded logic then.

But V2Ray cannot deal with invalid domains with space now.

[yuhan6665]

Close as work is done in #915