Sniffing: domainsExcluded supports "geosite:" (#5927)

#5927 (comment)

#5927 (comment)

Author: Meo597

app/dispatcher/default.go

@@ -2,7 +2,6 @@ package dispatcher
 
 import (
 	"context"
-	"regexp"
 	"strings"
 	"sync"
 	"time"
@@ -235,22 +234,8 @@ func (d *DefaultDispatcher) shouldOverride(ctx context.Context, result SniffResu
 	if domain == "" {
 		return false
 	}
-	for _, d := range request.ExcludeForDomain {
-		if strings.HasPrefix(d, "regexp:") {
-			pattern := d[7:]
-			re, err := regexp.Compile(pattern)
-			if err != nil {
-				errors.LogInfo(ctx, "Unable to compile regex")
-				continue
-			}
-			if re.MatchString(domain) {
-				return false
-			}
-		} else {
-			if strings.ToLower(domain) == d {
-				return false
-			}
-		}
+	if request.ExcludeForDomain != nil && request.ExcludeForDomain.MatchAny(strings.ToLower(domain)) {
+		return false
 	}
 	protocolString := result.Protocol()
 	if resComp, ok := result.(SnifferResultComposite); ok {

app/proxyman/config.go

@@ -1 +1,27 @@
 package proxyman
+
+import (
+	"github.com/xtls/xray-core/common/geodata"
+	"github.com/xtls/xray-core/common/session"
+)
+
+func BuildSniffingRequest(config *SniffingConfig) (session.SniffingRequest, error) {
+	if config == nil {
+		return session.SniffingRequest{}, nil
+	}
+
+	request := session.SniffingRequest{
+		Enabled:                        config.Enabled,
+		OverrideDestinationForProtocol: config.DestinationOverride,
+		MetadataOnly:                   config.MetadataOnly,
+		RouteOnly:                      config.RouteOnly,
+	}
+	if len(config.DomainsExcluded) > 0 {
+		excludeForDomain, err := geodata.DomainReg.BuildDomainMatcher(config.DomainsExcluded)
+		if err != nil {
+			return session.SniffingRequest{}, err
+		}
+		request.ExcludeForDomain = excludeForDomain
+	}
+	return request, nil
+}

app/proxyman/config.pb.go

@@ -10,6 +10,7 @@ import "common/net/address.proto";
 import "common/net/port.proto";
 import "transport/internet/config.proto";
 import "common/serial/typed_message.proto";
+import "common/geodata/geodat.proto";
 
 message InboundConfig {}
 
@@ -20,7 +21,8 @@ message SniffingConfig {
   // Override target destination if sniff'ed protocol is in the given list.
   // Supported values are "http", "tls", "fakedns".
   repeated string destination_override = 2;
-  repeated string domains_excluded = 3;
+
+  repeated xray.common.geodata.DomainRule domains_excluded = 3;
 
   // Whether should only try to sniff metadata without waiting for client input.
   // Can be used to support SMTP like protocol where server send the first

app/proxyman/config.proto

@@ -53,18 +53,17 @@ type AlwaysOnInboundHandler struct {
 }
 
 func NewAlwaysOnInboundHandler(ctx context.Context, tag string, receiverConfig *proxyman.ReceiverConfig, proxyConfig interface{}) (*AlwaysOnInboundHandler, error) {
+	sniffingRequest, err := proxyman.BuildSniffingRequest(receiverConfig.SniffingSettings)
+	if err != nil {
+		return nil, err
+	}
+
 	// Set tag and sniffing config in context before creating proxy
 	// This allows proxies like TUN to access these settings
 	ctx = session.ContextWithInbound(ctx, &session.Inbound{Tag: tag})
 	if receiverConfig.SniffingSettings != nil {
 		ctx = session.ContextWithContent(ctx, &session.Content{
-			SniffingRequest: session.SniffingRequest{
-				Enabled:                        receiverConfig.SniffingSettings.Enabled,
-				OverrideDestinationForProtocol: receiverConfig.SniffingSettings.DestinationOverride,
-				ExcludeForDomain:               receiverConfig.SniffingSettings.DomainsExcluded,
-				MetadataOnly:                   receiverConfig.SniffingSettings.MetadataOnly,
-				RouteOnly:                      receiverConfig.SniffingSettings.RouteOnly,
-			},
+			SniffingRequest: sniffingRequest,
 		})
 	}
 	rawProxy, err := common.CreateObject(ctx, proxyConfig)
@@ -117,7 +116,7 @@ func NewAlwaysOnInboundHandler(ctx context.Context, tag string, receiverConfig *
 				stream:          mss,
 				tag:             tag,
 				dispatcher:      h.mux,
-				sniffingConfig:  receiverConfig.SniffingSettings,
+				sniffingRequest: sniffingRequest,
 				uplinkCounter:   uplinkCounter,
 				downlinkCounter: downlinkCounter,
 				ctx:             ctx,
@@ -139,7 +138,7 @@ func NewAlwaysOnInboundHandler(ctx context.Context, tag string, receiverConfig *
 						recvOrigDest:    receiverConfig.ReceiveOriginalDestination,
 						tag:             tag,
 						dispatcher:      h.mux,
-						sniffingConfig:  receiverConfig.SniffingSettings,
+						sniffingRequest: sniffingRequest,
 						uplinkCounter:   uplinkCounter,
 						downlinkCounter: downlinkCounter,
 						ctx:             ctx,
@@ -154,7 +153,7 @@ func NewAlwaysOnInboundHandler(ctx context.Context, tag string, receiverConfig *
 						address:         address,
 						port:            net.Port(port),
 						dispatcher:      h.mux,
-						sniffingConfig:  receiverConfig.SniffingSettings,
+						sniffingRequest: sniffingRequest,
 						uplinkCounter:   uplinkCounter,
 						downlinkCounter: downlinkCounter,
 						stream:          mss,

app/proxyman/inbound/always.go

@@ -6,7 +6,6 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/xtls/xray-core/app/proxyman"
 	"github.com/xtls/xray-core/common"
 	"github.com/xtls/xray-core/common/buf"
 	c "github.com/xtls/xray-core/common/ctx"
@@ -43,7 +42,7 @@ type tcpWorker struct {
 	recvOrigDest    bool
 	tag             string
 	dispatcher      routing.Dispatcher
-	sniffingConfig  *proxyman.SniffingConfig
+	sniffingRequest session.SniffingRequest
 	uplinkCounter   stats.Counter
 	downlinkCounter stats.Counter
 
@@ -118,13 +117,7 @@ func (w *tcpWorker) callback(conn stat.Connection) {
 	})
 
 	content := new(session.Content)
-	if w.sniffingConfig != nil {
-		content.SniffingRequest.Enabled = w.sniffingConfig.Enabled
-		content.SniffingRequest.OverrideDestinationForProtocol = w.sniffingConfig.DestinationOverride
-		content.SniffingRequest.ExcludeForDomain = w.sniffingConfig.DomainsExcluded
-		content.SniffingRequest.MetadataOnly = w.sniffingConfig.MetadataOnly
-		content.SniffingRequest.RouteOnly = w.sniffingConfig.RouteOnly
-	}
+	content.SniffingRequest = w.sniffingRequest
 	ctx = session.ContextWithContent(ctx, content)
 
 	if err := w.proxy.Process(ctx, net.Network_TCP, conn, w.dispatcher); err != nil {
@@ -275,7 +268,7 @@ type udpWorker struct {
 	tag             string
 	stream          *internet.MemoryStreamConfig
 	dispatcher      routing.Dispatcher
-	sniffingConfig  *proxyman.SniffingConfig
+	sniffingRequest session.SniffingRequest
 	uplinkCounter   stats.Counter
 	downlinkCounter stats.Counter
 
@@ -365,13 +358,7 @@ func (w *udpWorker) callback(b *buf.Buffer, source net.Destination, originalDest
 				Tag:     w.tag,
 			})
 			content := new(session.Content)
-			if w.sniffingConfig != nil {
-				content.SniffingRequest.Enabled = w.sniffingConfig.Enabled
-				content.SniffingRequest.OverrideDestinationForProtocol = w.sniffingConfig.DestinationOverride
-				content.SniffingRequest.ExcludeForDomain = w.sniffingConfig.DomainsExcluded
-				content.SniffingRequest.MetadataOnly = w.sniffingConfig.MetadataOnly
-				content.SniffingRequest.RouteOnly = w.sniffingConfig.RouteOnly
-			}
+			content.SniffingRequest = w.sniffingRequest
 			ctx = session.ContextWithContent(ctx, content)
 			if err := w.proxy.Process(ctx, net.Network_UDP, conn, w.dispatcher); err != nil {
 				errors.LogInfoInner(ctx, err, "connection ends")
@@ -487,7 +474,7 @@ type dsWorker struct {
 	stream          *internet.MemoryStreamConfig
 	tag             string
 	dispatcher      routing.Dispatcher
-	sniffingConfig  *proxyman.SniffingConfig
+	sniffingRequest session.SniffingRequest
 	uplinkCounter   stats.Counter
 	downlinkCounter stats.Counter
 
@@ -517,13 +504,7 @@ func (w *dsWorker) callback(conn stat.Connection) {
 	})
 
 	content := new(session.Content)
-	if w.sniffingConfig != nil {
-		content.SniffingRequest.Enabled = w.sniffingConfig.Enabled
-		content.SniffingRequest.OverrideDestinationForProtocol = w.sniffingConfig.DestinationOverride
-		content.SniffingRequest.ExcludeForDomain = w.sniffingConfig.DomainsExcluded
-		content.SniffingRequest.MetadataOnly = w.sniffingConfig.MetadataOnly
-		content.SniffingRequest.RouteOnly = w.sniffingConfig.RouteOnly
-	}
+	content.SniffingRequest = w.sniffingRequest
 	ctx = session.ContextWithContent(ctx, content)
 
 	if err := w.proxy.Process(ctx, net.Network_UNIX, conn, w.dispatcher); err != nil {

app/proxyman/inbound/worker.go

@@ -7,6 +7,7 @@ import (
 
 	c "github.com/xtls/xray-core/common/ctx"
 	"github.com/xtls/xray-core/common/errors"
+	"github.com/xtls/xray-core/common/geodata"
 	"github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/protocol"
 	"github.com/xtls/xray-core/common/signal"
@@ -78,7 +79,7 @@ type Outbound struct {
 
 // SniffingRequest controls the behavior of content sniffing. They are from inbound config. Read-only
 type SniffingRequest struct {
-	ExcludeForDomain               []string
+	ExcludeForDomain               geodata.DomainMatcher
 	OverrideDestinationForProtocol []string
 	Enabled                        bool
 	MetadataOnly                   bool

common/session/session.go

@@ -118,26 +118,17 @@ func (FakeDNSPostProcessingStage) Process(config *Config) error {
 			}
 		}
 
-		found := false
-		// Check if there is a Outbound with necessary sniffer on
-		var inbounds []InboundDetourConfig
-
-		if len(config.InboundConfigs) > 0 {
-			inbounds = append(inbounds, config.InboundConfigs...)
-		}
-		for _, v := range inbounds {
-			if v.SniffingConfig != nil && v.SniffingConfig.Enabled && v.SniffingConfig.DestOverride != nil {
-				for _, dov := range *v.SniffingConfig.DestOverride {
-					if strings.EqualFold(dov, "fakedns") || strings.EqualFold(dov, "fakedns+others") {
-						found = true
-						break
+		// Check if there is a Inbound with necessary sniffer on
+		for _, v := range config.InboundConfigs {
+			if v.SniffingConfig != nil && v.SniffingConfig.Enabled {
+				for _, d := range v.SniffingConfig.DestOverride {
+					if strings.EqualFold(d, "fakedns") || strings.EqualFold(d, "fakedns+others") {
+						return nil
 					}
 				}
 			}
 		}
-		if !found {
-			errors.LogWarning(context.Background(), "Defined FakeDNS but haven't enabled FakeDNS destOverride at any inbound.")
-		}
+		errors.LogWarning(context.Background(), "Defined FakeDNS but haven't enabled FakeDNS destOverride at any inbound.")
 	}
 
 	return nil