zonyitoo
commented
3 years ago Currently sslocal passes the host name directly as SS_REMOTE_HOST.
Closed Mygod closed 3 years ago
zonyitoo
commented
3 years ago Currently sslocal passes the host name directly as SS_REMOTE_HOST.
Mygod
commented
3 years ago Yes but the plugins do not have the custom DNS passed to it. I think handling them in sslocal is the best option.
zonyitoo
commented
3 years ago Hmm. Is it possible to have a solution that could hooks all traffics sending to UDP port 53?
Mygod
commented
3 years ago That is what shadowsocks-android used to do a few years ago and I fixed it. :rofl:
zonyitoo
commented
3 years ago It would be a lot nicer for plugins, which are hard to make modifications on DNS resolver.
Mygod
commented
3 years ago Yes but I do not think system-wide traffic hijacking is a good idea.
madeye
commented
3 years ago Hmm. Is it possible to have a solution that could hooks all traffics sending to UDP port 53?
Currently, we already hijack all the UDP DNS queries to the DNS gateway (local DNS resolver provided by shadowsocks-rust): https://github.com/shadowsocks/badvpn/blob/fb01eb983915c9a09a690ad44c6028dd87500ec7/tun2socks/SocksUdpGwClient.c#L286
So, if we can bypass the queries of the server's hostname, it's possible to solve the plugin's issue as described here https://github.com/shadowsocks/shadowsocks-android/issues/2301#issuecomment-757596516
For example, assuming the hostname of shadowsocks server is ss.example.com, shadowsocks-rust's local DNS resolver should always send it to Android system resolver through unix://local_dns_path.
Mygod
commented
3 years ago First it's not hijacking since no other DNS is running at that address. Second you're right that would be a better solution lol.
zonyitoo
commented
3 years ago If I understand correctly, sslocal should try to parse UDP packets and guess if it is a DNS query, and then bypass it to the local DNS client.
madeye
commented
3 years ago tun2socks already did this for sslocal. It only bypass DNS packets to the local resolver of sslocal.
zonyitoo
commented
3 years ago Ah. Then it should be considered as already solved?
madeye
commented
3 years ago But in the current local resolver of sslocal, the queries will be forwarded to the remote server (through the plugin). Then the plugin will send another DNS query to sslocal. That's the root cause...
We just need to add one more logic into sslocal that it bypasses all the queries for ss.example.com to unix://local_dns_path
Now that we have DDNS from #2301, we should support it when it is used along with a plugin as well. One thing to do is to start a second plugin when IP is changed, and release the first one when all existing connections have been closed.
CC @zonyitoo @madeye