search

zhuhaow / NEKit

A toolkit for Network Extension Framework
https://zhuhaow.github.io/NEKit
BSD 3-Clause "New" or "Revised" License
2.84k stars 670 forks source link

关于dns转发的疑问 #272

Closed chenfengfeng closed 5 years ago

chenfengfeng commented 5 years ago

先说下我目前的配置情况:

proxySettings,没有配置,不走http代理 NEDNSSettings(servers: ["8.8.8.8"])设置了dns配置 TUNInterface只配置了udp和tcp,没有配置DNSServer udp类是改的一个类,这个类可以发送udp数据到代理服务器,然后代理服务器返回数据写入在iOS

目前的情况:

打开网页的时候,需要解析域名,那么就需要通过dns,dns会发送udp包,这个时候,udp类会收到包并且做了代理服务器的握手协议,转发到代理服务器,代理服务器再发送udp给APP,写入到iOS中 按照情况来说dns解析了域名拿到IP,开始走tcp包来访问,但是目前的情况是没有走。

ps:在进行udp的普通转发,比如游戏使用了udp,是正常的,能够正常转发接收并且应用也能解析。 目前不清楚问题出在哪里,希望大佬能够给点思路或者探讨下,我不清楚是否我的这个流程有没有问题

zhuhaow commented 5 years ago

你的路由表什么配置

On 30 Sep 2019, at 18:47, iOS还有人要吗? notifications@github.com wrote:

 先说下我目前的配置情况:

proxySettings,没有配置,不走http代理 NEDNSSettings(servers: ["8.8.8.8"])设置了dns配置 TUNInterface只配置了udp和tcp,没有配置DNSServer udp类是改的一个类,这个类可以发送udp数据到代理服务器,然后代理服务器返回数据写入在iOS

目前的情况:

打开网页的时候,需要解析域名,那么就需要通过dns,dns会发送udp包,这个时候,udp类会收到包并且做了代理服务器的握手协议,转发到代理服务器,代理服务器再发送udp给APP,写入到iOS中 按照情况来说dns解析了域名拿到IP,开始走tcp包来访问,但是目前的情况是没有走。

ps:在进行udp的普通转发,比如游戏使用了udp,是正常的,能够正常转发接收并且应用也能解析。 目前不清楚问题出在哪里,希望大佬能够给点思路或者探讨下,我不清楚是否我的这个流程有没有问题

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

chenfengfeng commented 5 years ago

抱歉没看到,我目前的路由配置如下:

let ipv4Settings = NEIPv4Settings(addresses: ["192.169.89.1"], subnetMasks: ["255.255.255.0"]) ipv4Settings.includedRoutes = [NEIPv4Route.default()] ipv4Settings.excludedRoutes = [ NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"), NEIPv4Route(destinationAddress: "100.64.0.0", subnetMask: "255.192.0.0"), NEIPv4Route(destinationAddress: "127.0.0.0", subnetMask: "255.0.0.0"), NEIPv4Route(destinationAddress: "169.254.0.0", subnetMask: "255.255.0.0"), NEIPv4Route(destinationAddress: "172.16.0.0", subnetMask: "255.240.0.0"), NEIPv4Route(destinationAddress: "192.168.0.0", subnetMask: "255.255.0.0"), NEIPv4Route(destinationAddress: "17.0.0.0", subnetMask: "255.0.0.0"), ] networkSettings.ipv4Settings = ipv4Settings

zhuhaow commented 5 years ago

你的整个表述我根本搞不清你做了什么。DNS能够成功代理么,你如果dig一下能返回结果么?

On Oct 1, 2019, at 10:12 PM, iOS还有人要吗? notifications@github.com wrote:

抱歉没看到,我目前的路由配置如下:

let ipv4Settings = NEIPv4Settings(addresses: ["192.169.89.1"], subnetMasks: ["255.255.255.0"]) ipv4Settings.includedRoutes = [NEIPv4Route.default()] ipv4Settings.excludedRoutes = [ NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"), NEIPv4Route(destinationAddress: "100.64.0.0", subnetMask: "255.192.0.0"), NEIPv4Route(destinationAddress: "127.0.0.0", subnetMask: "255.0.0.0"), NEIPv4Route(destinationAddress: "169.254.0.0", subnetMask: "255.255.0.0"), NEIPv4Route(destinationAddress: "172.16.0.0", subnetMask: "255.240.0.0"), NEIPv4Route(destinationAddress: "192.168.0.0", subnetMask: "255.255.0.0"), NEIPv4Route(destinationAddress: "17.0.0.0", subnetMask: "255.0.0.0"), ] networkSettings.ipv4Settings = ipv4Settings

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/zhuhaow/NEKit/issues/272?email_source=notifications&email_token=AAJ2MLDHHB2DXQ3WYZRS7HLQMNLDRA5CNFSM4I3ZG6IKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEABNCUQ#issuecomment-537055570, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJ2MLFULC5YTGHFFXUSCBLQMNLDRANCNFSM4I3ZG6IA.

chenfengfeng commented 5 years ago

这是我startTunnel方法的实现代码:

override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) {

        let s5AdapterFactory = SOCKS5AdapterFactory(serverHost: "192.168.1.111", serverPort: 9287)
        let allRule = AllRule(adapterFactory: s5AdapterFactory)
        RuleManager.currentManager = RuleManager(fromRules: [allRule], appendDirect: false)

        let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "8.8.8.8")
        networkSettings.mtu = 1500

        let ipv4Settings = NEIPv4Settings(addresses: ["192.169.89.1"], subnetMasks: ["255.255.255.0"])
        ipv4Settings.includedRoutes = [NEIPv4Route.default()]
        ipv4Settings.excludedRoutes = [
            NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"),
            NEIPv4Route(destinationAddress: "100.64.0.0", subnetMask: "255.192.0.0"),
            NEIPv4Route(destinationAddress: "127.0.0.0", subnetMask: "255.0.0.0"),
            NEIPv4Route(destinationAddress: "169.254.0.0", subnetMask: "255.255.0.0"),
            NEIPv4Route(destinationAddress: "172.16.0.0", subnetMask: "255.240.0.0"),
            NEIPv4Route(destinationAddress: "192.168.0.0", subnetMask: "255.255.0.0"),
            NEIPv4Route(destinationAddress: "17.0.0.0", subnetMask: "255.0.0.0"),
        ]
        networkSettings.ipv4Settings = ipv4Settings

        if enablePacketProcessing {
            let DNSSettings = NEDNSSettings(servers: ["8.8.8.8"])
            DNSSettings.matchDomains = [""]
            DNSSettings.matchDomainsNoSearch = false
            networkSettings.dnsSettings = DNSSettings

            RawSocketFactory.TunnelProvider = self
        }

        setTunnelNetworkSettings(networkSettings) { error in
            guard error == nil else {
                completionHandler(error)
                return
            }

            if !self.started {
                // 下面的观察者要检查网络变化并重启服务
//                self.addObserver(self, forKeyPath: "defaultPath", options: .initial, context: nil)
                if #available(iOSApplicationExtension 10.0, *) {
                    DDLog.add(DDOSLogger.sharedInstance, with: DDLogLevel.verbose)
                    DDOSLogger.sharedInstance.logFormatter = LogFormatter()
                }
                Opt.MAXNWTCPSocketReadDataSize = 60 * 1024 - 1
            }

            if self.started {
                self.httpProxy.stop()
                try! self.httpProxy.start()
            } else {
                self.httpProxy = GCDHTTPProxyServer(address: IPAddress(fromString: "127.0.0.1"), port: 6152)
                try! self.httpProxy.start()
            }

            completionHandler(nil)

            if self.enablePacketProcessing {
                if self.started {
                    self.interface.stop()
                }
                if !self.started {
                    self.interface = TUNInterface(packetFlow: self.packetFlow)

                    let udpStack = UDPAssociateStack(serverHost: "192.168.1.111", serverPort: 9287)
                    self.interface.register(stack: udpStack)

                    let tcpStack = TCPStack.stack
                    tcpStack.proxyServer = self.httpProxy
                    self.interface.register(stack:tcpStack)

                    self.interface.start()
                }
            }
            self.started = true
        }
    }

我能够在udp的input方法,收到dns要发送的udp包,我把包转发到代理服务器,代理服务器也返回udp包了。

zhuhaow commented 5 years ago

你能dig么?

On Oct 1, 2019, at 11:31 PM, iOS还有人要吗? notifications@github.com wrote:

这是我startTunnel方法的实现代码:

override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) {

    let s5AdapterFactory = SOCKS5AdapterFactory(serverHost: "192.168.1.111", serverPort: 9287)
    let allRule = AllRule(adapterFactory: s5AdapterFactory)
    RuleManager.currentManager = RuleManager(fromRules: [allRule], appendDirect: false)

    let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "8.8.8.8")
    networkSettings.mtu = 1500

    let ipv4Settings = NEIPv4Settings(addresses: ["192.169.89.1"], subnetMasks: ["255.255.255.0"])
    ipv4Settings.includedRoutes = [NEIPv4Route.default()]
    ipv4Settings.excludedRoutes = [
        NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"),
        NEIPv4Route(destinationAddress: "100.64.0.0", subnetMask: "255.192.0.0"),
        NEIPv4Route(destinationAddress: "127.0.0.0", subnetMask: "255.0.0.0"),
        NEIPv4Route(destinationAddress: "169.254.0.0", subnetMask: "255.255.0.0"),
        NEIPv4Route(destinationAddress: "172.16.0.0", subnetMask: "255.240.0.0"),
        NEIPv4Route(destinationAddress: "192.168.0.0", subnetMask: "255.255.0.0"),
        NEIPv4Route(destinationAddress: "17.0.0.0", subnetMask: "255.0.0.0"),
    ]
    networkSettings.ipv4Settings = ipv4Settings

    if enablePacketProcessing {
        let DNSSettings = NEDNSSettings(servers: ["8.8.8.8"])
        DNSSettings.matchDomains = [""]
        DNSSettings.matchDomainsNoSearch = false
        networkSettings.dnsSettings = DNSSettings

        RawSocketFactory.TunnelProvider = self
    }

    setTunnelNetworkSettings(networkSettings) { error in
        guard error == nil else {
            completionHandler(error)
            return
        }

        if !self.started {
            // 下面的观察者要检查网络变化并重启服务

// self.addObserver(self, forKeyPath: "defaultPath", options: .initial, context: nil) if #available(iOSApplicationExtension 10.0, ) { DDLog.add(DDOSLogger.sharedInstance, with: DDLogLevel.verbose) DDOSLogger.sharedInstance.logFormatter = LogFormatter() } Opt.MAXNWTCPSocketReadDataSize = 60 1024 - 1 }

        if self.started {
            self.httpProxy.stop()
            try! self.httpProxy.start()
        } else {
            self.httpProxy = GCDHTTPProxyServer(address: IPAddress(fromString: "127.0.0.1"), port: 6152)
            try! self.httpProxy.start()
        }

        completionHandler(nil)

        if self.enablePacketProcessing {
            if self.started {
                self.interface.stop()
            }
            if !self.started {
                self.interface = TUNInterface(packetFlow: self.packetFlow)

                let udpStack = UDPAssociateStack(serverHost: "192.168.1.111", serverPort: 9287)
                self.interface.register(stack: udpStack)

                let tcpStack = TCPStack.stack
                tcpStack.proxyServer = self.httpProxy
                self.interface.register(stack:tcpStack)

                self.interface.start()
            }
        }
        self.started = true
    }
}

我能够在udp的input方法,收到dns要发送的udp包,我把包转发到代理服务器,代理服务器也返回udp包了。

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/zhuhaow/NEKit/issues/272?email_source=notifications&email_token=AAJ2MLFZLWK46RN4ZR5UPSTQMNUMLA5CNFSM4I3ZG6IKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEABWEXA#issuecomment-537092700, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJ2MLEX375XQ27C27YXV2LQMNUMLANCNFSM4I3ZG6IA.

chenfengfeng commented 5 years ago

你是说用电脑的dig命令吗?

fengMacmini:~ feng$ dig @8.8.8.8 www.google.com A

; <<>> DiG 9.10.6 <<>> @8.8.8.8 www.google.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12285
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.            IN  A

;; ANSWER SECTION:
www.google.com.     145 IN  A   31.13.85.16

;; Query time: 62 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Oct 03 14:07:35 CST 2019
;; MSG SIZE  rcvd: 48
zhuhaow commented 5 years ago

你的代理会返回污染过的结果?

On Oct 3, 2019, at 2:11 PM, iOS还有人要吗? notifications@github.com wrote:

你是说用电脑的dig命令吗?

fengMacmini:~ feng$ dig @8.8.8.8 www.google.com A

; <<>> DiG 9.10.6 <<>> @8.8.8.8 www.google.com A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12285 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION: ;www.google.com. IN A

;; ANSWER SECTION: www.google.com. 145 IN A 31.13.85.16

;; Query time: 62 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu Oct 03 14:07:35 CST 2019 ;; MSG SIZE rcvd: 48 — You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/zhuhaow/NEKit/issues/272?email_source=notifications&email_token=AAJ2MLHV62FW5XGDQBE3Q3DQMWEHPA5CNFSM4I3ZG6IKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAHDP2A#issuecomment-537802728, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJ2MLD6UM34GLOPPCF7FWDQMWEHPANCNFSM4I3ZG6IA.

zhuhaow commented 5 years ago

你手机上下个网络调试的软件,有很多,或者命令行的软

On 3 Oct 2019, at 14:11, iOS还有人要吗? notifications@github.com wrote:

 你是说用电脑的dig命令吗?

fengMacmini:~ feng$ dig @8.8.8.8 www.google.com A

; <<>> DiG 9.10.6 <<>> @8.8.8.8 www.google.com A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12285 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION: ;www.google.com. IN A

;; ANSWER SECTION: www.google.com. 145 IN A 31.13.85.16

;; Query time: 62 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Thu Oct 03 14:07:35 CST 2019 ;; MSG SIZE rcvd: 48 — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

chenfengfeng commented 5 years ago

好~我先试试

chenfengfeng commented 5 years ago

zhuhaow commented 5 years ago

不要指定8.8.8.8

chenfengfeng commented 5 years ago

dig没有指定8.8.8.8,但是NEDNSSettings有设定

chenfengfeng commented 5 years ago

大佬,我有几个关于dns的疑问,先抛开之前说的,希望能够解惑。

1.NEDNSSettings的作用是不是起到了把系统的dns更改为我设定的dns?如果不是的话,是用来干嘛?

2.如果我设置了NEProxySettings,也就是http代理,并且TUNInterface里面注册了DNSServer,那么我访问网页连接请求的时候,域名解析的dns会走系统的dns还是会被TUNInterface劫持,用DNSServer的设定去解析呢?

3.如果我用了DNSServer但是不用ip池,会有什么影响吗?文档上说的是为了进行反向查找,但是我想知道如果不用的话会有什么影响。 代码是这样的:

self.interface = TUNInterface(packetFlow: self.packetFlow)
let dnsServer = DNSServer(address: IPAddress(fromString: "198.18.0.1")!, port: NEKit.Port(port: 53))
let resolver = UDPDNSResolver(address: IPAddress(fromString: "8.8.8.8")!, port: NEKit.Port(port: 53))
dnsServer.registerResolver(resolver)
self.interface.register(stack: dnsServer)
qyb commented 5 years ago

请参考 https://forums.developer.apple.com/thread/35027 ,这里是最权威的回答了

stale[bot] commented 5 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.