search

daeuniverse / dae

eBPF-based Linux high-performance transparent proxy solution.
GNU Affero General Public License v3.0
3.1k stars 192 forks source link

[Support Request] A question about the DNS requests #322

Open 9bingyin opened 1 year ago

9bingyin commented 1 year ago

Checks

Support Request

I have some ip rules in dae rules, but dae will also request dns once when accessing these ip, is this a bug caused by domain name sniffing, or is this a feature?

Current Behavior

Sep 07 06:32:47 dae dae[425]: level=info msg="192.168.5.107:10931 <-> 149.154.165.120:443" dialer="node name1" dscp=0 ip="149.154.165.120:443" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed=
Sep 07 06:32:47 dae dae[425]: level=info msg="192.168.5.107:10932 <-> 149.154.165.120:80" dialer="node name1" dscp=0 ip="149.154.165.120:80" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed="149.154.165.120:80"
Sep 07 06:32:48 dae dae[425]: level=info msg="192.168.5.107:10934 <-> 149.154.175.53:443" dialer="node name1" dscp=0 ip="149.154.175.53:443" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed=
Sep 07 06:32:48 dae dae[425]: level=info msg="192.168.5.107:10935 <-> 149.154.175.53:80" dialer="node name1" dscp=0 ip="149.154.175.53:80" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed="149.154.175.53:80"
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10943 <-> 91.108.56.183:443" dialer="node name1" dscp=0 ip="91.108.56.183:443" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed=
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10940 <-> 91.108.56.183:443" dialer="node name1" dscp=0 ip="91.108.56.183:443" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed=
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10941 <-> 91.108.56.183:443" dialer="node name1" dscp=0 ip="91.108.56.183:443" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed=
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10942 <-> 91.108.56.183:443" dialer="node name1" dscp=0 ip="91.108.56.183:443" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed=
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10938 <-> 91.108.56.183:443" dialer="node name1" dscp=0 ip="91.108.56.183:443" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed=
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10939 <-> 91.108.56.183:443" dialer="node name1" dscp=0 ip="91.108.56.183:443" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed=
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10936 <-> 91.108.56.183:443" dialer="node name1" dscp=0 ip="91.108.56.183:443" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed=
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10937 <-> 91.108.56.183:443" dialer="node name1" dscp=0 ip="91.108.56.183:443" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed=
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10946 <-> 91.108.56.183:80" dialer="node name1" dscp=0 ip="91.108.56.183:80" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed="91.108.56.183:80"
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10945 <-> 91.108.56.183:80" dialer="node name1" dscp=0 ip="91.108.56.183:80" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed="91.108.56.183:80"
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10949 <-> 91.108.56.183:80" dialer="node name1" dscp=0 ip="91.108.56.183:80" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed="91.108.56.183:80"
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10944 <-> 91.108.56.183:80" dialer="node name1" dscp=0 ip="91.108.56.183:80" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed="91.108.56.183:80"
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10947 <-> 91.108.56.183:80" dialer="node name1" dscp=0 ip="91.108.56.183:80" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed="91.108.56.183:80"
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10948 <-> 91.108.56.183:80" dialer="node name1" dscp=0 ip="91.108.56.183:80" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed="91.108.56.183:80"
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10951 <-> 91.108.56.183:80" dialer="node name1" dscp=0 ip="91.108.56.183:80" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed="91.108.56.183:80"
Sep 07 06:32:50 dae dae[425]: level=info msg="192.168.5.107:10950 <-> 91.108.56.183:80" dialer="node name1" dscp=0 ip="91.108.56.183:80" mac="mac address" network=tcp4 outbound=proxy pid=0 pname= policy=min_moving_avg sniffed="91.108.56.183:80"

image

Expected Behavior

I think these connections should not request dns

Steps to Reproduce

My dns uses the local adguardhome, and these requests occur when connecting to telegram The following is my configuration file, I removed some privacy content

global {
  lan_interface: eth0
  wan_interface: eth0
  tcp_check_url: 'http://cp.cloudflare.com'
  tcp_check_http_method: HEAD
  udp_check_dns: 'dns.google:53'
  log_level: info
  allow_insecure: false
  auto_config_kernel_parameter: true
}

node {
    'ss node use aes-256-gcm'
}

# 更多的 DNS 样例见 https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/dns.md
dns {
  upstream {
    localdns: 'udp://192.168.5.53:53'
  }
  routing {
    request {
      fallback: localdns
    }
  }
}

group {
  proxy {
    #filter: name(keyword: HK, keyword: SG)
    policy: min_moving_avg
  }
}

# 更多的 Routing 样例见 https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md
routing {
# main
  pname(NetworkManager) -> must_direct
  sip(192.168.5.53) && l4proto(udp) && dport(53) -> must_direct
  dip(224.0.0.0/3, 'ff00::/8') -> direct
  dip(geoip:private) -> direct
  dip(geoip:cn) -> direct
  domain(geosite:gfw) -> proxy
  domain(geosite:netflix) -> proxy
  domain(suffix: cm.steampowered.com) -> direct
  domain(suffix: steamserver.net) -> direct
  domain(geosite:steam@cn) -> direct
  domain(geosite:steam) -> proxy
  domain(geosite:microsoft@cn) -> direct
  domain(geosite:microsoft) -> proxy
  dip(geoip:telegram) -> proxy
# fallback
  fallback: direct
}

Environment

Anything else?

No response

dae-prow[bot] commented 1 year ago

Thanks for opening this issue!

mzz2017 commented 1 year ago

It should be a bug. Good capture.