fix: when host's ip in fakeip's range, don't send to remote server

xishang0128 · Nov 10, 2022 · 64552fb · 64552fb
1 parent 7c8d8f5
commit 64552fb
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 11 deletions.
diff --git a/config/config.go b/config/config.go
@@ -495,7 +495,7 @@ func ParseRawConfig(rawCfg *RawConfig) (*Config, error) {
 	}
 	config.DNS = dnsCfg
 
-	err = parseTun(rawCfg.Tun, config.General, dnsCfg)
+	err = parseTun(rawCfg.Tun, config.General)
 	if err != nil {
 		return nil, err
 	}
@@ -1053,8 +1053,9 @@ func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie[netip.Addr], rules []C.R
 		}
 	}
 
+	fakeIPRange, err := netip.ParsePrefix(cfg.FakeIPRange)
+	T.SetFakeIPRange(fakeIPRange)
 	if cfg.EnhancedMode == C.DNSFakeIP {
-		ipnet, err := netip.ParsePrefix(cfg.FakeIPRange)
 		if err != nil {
 			return nil, err
 		}
@@ -1081,7 +1082,7 @@ func parseDNS(rawCfg *RawConfig, hosts *trie.DomainTrie[netip.Addr], rules []C.R
 		}
 
 		pool, err := fakeip.New(fakeip.Options{
-			IPNet:       &ipnet,
+			IPNet:       &fakeIPRange,
 			Size:        1000,
 			Host:        host,
 			Persistence: rawCfg.Profile.StoreFakeIP,
@@ -1124,7 +1125,7 @@ func parseAuthentication(rawRecords []string) []auth.AuthUser {
 	return users
 }
 
-func parseTun(rawTun RawTun, general *General, dnsCfg *DNS) error {
+func parseTun(rawTun RawTun, general *General) error {
 	var dnsHijack []netip.AddrPort
 
 	for _, d := range rawTun.DNSHijack {
@@ -1140,10 +1141,8 @@ func parseTun(rawTun RawTun, general *General, dnsCfg *DNS) error {
 		dnsHijack = append(dnsHijack, addrPort)
 	}
 
-	var tunAddressPrefix netip.Prefix
-	if dnsCfg.FakeIPRange != nil {
-		tunAddressPrefix = *dnsCfg.FakeIPRange.IPNet()
-	} else {
+	tunAddressPrefix := T.FakeIPRange()
+	if !tunAddressPrefix.IsValid() {
 		tunAddressPrefix = netip.MustParsePrefix("198.18.0.1/16")
 	}
 	tunAddressPrefix = netip.PrefixFrom(tunAddressPrefix.Addr(), 30)

diff --git a/tunnel/tunnel.go b/tunnel/tunnel.go
@@ -41,8 +41,18 @@ var (
 	udpTimeout = 60 * time.Second
 
 	alwaysFindProcess = false
+
+	fakeIPRange netip.Prefix
 )
 
+func SetFakeIPRange(p netip.Prefix) {
+	fakeIPRange = p
+}
+
+func FakeIPRange() netip.Prefix {
+	return fakeIPRange
+}
+
 func SetSniffing(b bool) {
 	if sniffer.Dispatcher.Enable() {
 		configMux.Lock()
@@ -334,9 +344,11 @@ func handleTCPConn(connCtx C.ConnContext) {
 	dialMetadata := metadata
 	if len(metadata.Host) > 0 {
 		if node := resolver.DefaultHosts.Search(metadata.Host); node != nil {
-			dialMetadata.DstIP = node.Data()
-			dialMetadata.DNSMode = C.DNSHosts
-			dialMetadata = dialMetadata.Pure()
+			if dstIp := node.Data(); !FakeIPRange().Contains(dstIp) {
+				dialMetadata.DstIP = dstIp
+				dialMetadata.DNSMode = C.DNSHosts
+				dialMetadata = dialMetadata.Pure()
+			}
 		}
 	}