Fake DNS with full V2 intergration

[xiaokangwang]

This is a more integrated version of #395 by @yuhan6665 .
Fake DNS Pool will be represented as a Instance Service, and the match and replace process will be considered a sniffer.

Following new project interface have been added:
Metadata sniffer, which is used to sniff connection data from metadata, instead of content.
Configure file post processing stage, which is used to add candy or lint to configure file.

[yuhan6665]

@xiaokangwang 👍 I can do some test on Android device, today or tomorrow.
I briefly looked through the commits. I'll need to add "sniffing" : "destOverride": [ "fakedns" ] in the inbound. And you added a config object at the root level? In that case we can remove the "fake" object in "dns" right?

[xiaokangwang]

@xiaokangwang +1 I can do some test on Android device, today or tomorrow.
I briefly looked through the commits. I'll need to add "sniffing" : "destOverride": [ "fakedns" ] in the inbound. And you added a config object at the root level? In that case we can remove the "fake" object in "dns" right?

Here is a working configure file
https://gist.github.com/xiaokangwang/17fd100bca6bbb22b9ca110919bfed0d

No, you still need to add a fake boolean value in the DNS, and the FakeDNS top level setting is optional.

[xiaokangwang]

There are some report that sometimes Fake IP cannot be picked up by Fake DNS and will be allocated a new IP or unable to rewrite domain. I am still investigating.

[yuhan6665]

Did some test. I found no issue on my side except the "fakeDns" top level setting is not taking effect.

[xiaokangwang]

I have fixed a issue prevent UDP socket with fake DNS IP from restored to original domain name.

[xiaokangwang]

Did some test. I found no issue on my side except the "fakeDns" top level setting is not taking effect.

I think I have fixed this in the 0a94cfd . Please let me know if it is not fixed for you.

[rurirei]

sorry for simple suggestion of final configuration without code review

  // remove
  "dns": {
      "fake": true
  },

  // remove
      {
        "type": "field",
        "ip": [
          "240.0.0.0/8"
        ],
        "outboundTag": "discard"
      }

  // remove
      {
        "type": "field",
        "port": "53",
        "outboundTag": "fakedns"
      },

  // remove
    {
      "protocol": "dns",
      "settings": {
      },
      "tag": "fakedns"
    },

  // makes the similar experience of v2ray-sniffing
      "sniffing": {
        "enabled": true,
        "destOverride": [
       // "http, tls",
          "fakedns"  // specify fakeDns and routing-dns
        ],
        "range": "240.0.0.0/8",  // specify fake-range and routing-discard
        "metadataOnly": true
      }

[kslr]

any update?

[xiaokangwang]

No, I am waiting for merge

[xiaokangwang]

Is this pr clear for merge?

[Loyalsoldier]

Could the fakeDNS configuration be simplified?

[kslr]

Now Don't merge

[xiaokangwang]

I have rebased the code so that it do not have any merge conflict with master branch.

[kslr]

"fakedns": {
    "ipPool": "240.0.0.0/8",
    "poolSize": 65535
}

...

"sniffing": {
        "enabled": true,
        "destOverride": [
            "http",
            "tls",
            "fakedns"
        ],
        "metadataOnly": true
},

[yuhan6665]

"fakedns": {
    "ipPool": "240.0.0.0/8",
    "poolSize": 65535
}

...

"sniffing": {
        "enabled": true,
        "destOverride": [
            "http",
            "tls",
            "fakedns"
        ],
        "metadataOnly": true
},

I haven't test the latest version. From look of this commit a1a4ab1
It is also needed to add fakedns in the DNS server list?

[kslr]

"fakedns": {
    "ipPool": "240.0.0.0/8",
    "poolSize": 65535
}

...

"sniffing": {
        "enabled": true,
        "destOverride": [
            "http",
            "tls",
            "fakedns"
        ],
        "metadataOnly": true
},

I haven't test the latest version. From look of this commit a1a4ab1
It is also needed to add fakedns in the DNS server list?

"dns": {
        "servers": [
            "fakedns"
            "8.8.8.8",
            "https://1.1.1.1/dns-query"
        ]
    },

p.s I am still looking for a more suitable config structure, Don't forget to express your opinion :)

[yuhan6665]

The current config is good in general.
For fake ip -> domain, I'd like to add a small change for sniffer enhancement.
For domain -> fake ip, in the future if we want to add a whitelist or blacklist, I think the best structure is to create a "fakedns outbound". Then user can leverage the existing routing to configure any rule. Something like:

"fakedns": {
"ipPool": "240.0.0.0/8",
"poolSize": 65535
}
"dns": {} //normal dns
"outbounds": [
{
"protocol": "dns",
"tag": "dns"
},
{
"protocol": "fakedns",
"tag": "fakedns"
}
]
"routing": {
"rules": [
{
"outboundTag": "dns" // a black list that don't want to use fake dns
},
{
"outboundTag": "fakedns" // a white list that can use fake dns
},
{
"outboundTag": "dns" // send normal dns request
}
]
}

[yuhan6665]

@xiaokangwang @kslr sorry for the late reply. I did test on Android and found some issue in the latest version. In 38e4107, the interface LookupFakeIP(domain string) is removed and fakedns become a standard client. This might be ok in some cases, but in Android, when a request is sent out from "Freedom", it will get the fake IP and fail. This is because VPN service take over all system DNS traffic and pass it to core.
I'm thinking of two possible fix: one is to add a new interface similar to LookupFakeIP(domain string) which makes the query from freedom outbound and routing ignore "fakedns". The second is add a new "fakedns" outbound. Thoughts?

[rurirei]

@xiaokangwang @kslr sorry for the late reply. I did test on Android and found some issue in the latest version. In 38e4107, the interface LookupFakeIP(domain string) is removed and fakedns become a standard client. This might be ok in some cases, but in Android, when a request is sent out from "Freedom", it will get the fake IP and fail. This is because VPN service take over all system DNS traffic and pass it to core.
I'm thinking of two possible fix: one is to add a new interface similar to LookupFakeIP(domain string) which makes the query from freedom outbound and routing ignore "fakedns". The second is add a new "fakedns" outbound. Thoughts?

former agreed.

[Loyalsoldier]

@xiaokangwang @kslr sorry for the late reply. I did test on Android and found some issue in the latest version. In 38e4107, the interface LookupFakeIP(domain string) is removed and fakedns become a standard client. This might be ok in some cases, but in Android, when a request is sent out from "Freedom", it will get the fake IP and fail. This is because VPN service take over all system DNS traffic and pass it to core.
I'm thinking of two possible fix: one is to add a new interface similar to LookupFakeIP(domain string) which makes the query from freedom outbound and routing ignore "fakedns". The second is add a new "fakedns" outbound. Thoughts?

Is this related to #572 and #692 ?

[yuhan6665]

@Loyalsoldier these are different issues. #696 is to fix direct traffic send out from freedom outbound, when fake DNS is enabled.