[Bug Report] <title>How do routing rules work with domains?

Question

[Bug Report] <title>How do routing rules work with domains?

Closed this issue a month ago · 6 comments

Checks

I have searched the existing issues
I have read the documentation
Is it your first time sumbitting an issue

Current Behavior

"dialMode": "domain++",
"tcpCheckHttpMethod": "HEAD",
"disableWaitingNetwork": true,
"autoConfigKernelParameter": true,
"sniffingTimeout": "100ms",
"tlsImplementation": "tls",
"utlsImitate": "chrome_auto",
"tproxyPortProtect": true,
"soMarkFromDae": 0

pname(NetworkManager, systemd-resolved, dnsmasq) -> must_direct
dip(geoip:private) -> direct
domain(keyword: facebook) -> proxy
domain(keyword: fb) -> proxy
fallback: proxy

time="Dec 03 13:56:01" level=info msg="192.168.15.142:63124 <-> 8.8.8.8:53" _qname=www.facebook.com. dialer=direct dscp=0 mac="00:e0:4c:68:00:46" network="tcp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=A

Even though the domain matches, it's still direct?

Expected Behavior

No response

Steps to Reproduce

..

Environment

Dae version (use dae --version):
OS (e.g cat /etc/os-release):
Kernel (e.g. uname -a):
Others:
daed-b44c472_wing-c4c7159_core-aea92a0
kernel 6.12.1

Anything else?

No response

Answer 1 · 2024-12-03T07:01:58.000Z

Thanks for opening this issue!

Answer 2 · 2024-12-03T09:05:48.000Z

@Roxy09099 notice 8.8.8.8:53, this is a dns lookup

Answer 3 · 2024-12-03T12:41:20.000Z

@Roxy09099 notice 8.8.8.8:53, this is a dns lookup

time="Dec 03 19:35:29" level=info msg="192.168.15.142:62699 <-> 162.159.200.1:123" dialer=GC dscp=0 ip="162.159.200.1:123" mac="00:e0:4c:68:00:46" network=udp4 outbound=gamming pid=0 pname= policy=min_moving_avg sniffed=
time="Dec 03 19:35:38" level=info msg="192.168.15.176:49517 <-> 34.102.164.249:443" dialer=direct dscp=0 ip="34.102.164.249:443" mac="fa:f1:7b:38:36:c0" network=udp4 outbound=direct pid=0 pname= policy=fixed sniffed=api22-normal-c-alisg.tiktokv.com
time="Dec 03 19:35:39" level=info msg="192.168.15.176:60277 <-> 34.36.65.236:443" dialer=GC dscp=0 ip="34.36.65.236:443" mac="fa:f1:7b:38:36:c0" network=udp4 outbound=gamming pid=0 pname= policy=min_moving_avg sniffed=
time="Dec 03 19:35:40" level=info msg="192.168.15.142:49224 <-> 127.0.0.1:53" _qname=android.clients.google.com. dialer=direct dscp=0 mac="00:e0:4c:68:00:46" network="udp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=HTTPS
time="Dec 03 19:35:40" level=info msg="192.168.15.142:61871 <-> 127.0.0.1:53" _qname=android.clients.google.com. dialer=direct dscp=0 mac="00:e0:4c:68:00:46" network="udp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=A
time="Dec 03 19:35:53" level=info msg="192.168.15.176:45766 <-> 34.36.71.42:443" dialer=direct dscp=0 ip="34.36.71.42:443" mac="fa:f1:7b:38:36:c0" network=udp4 outbound=direct pid=0 pname= policy=fixed sniffed=webcast22-normal-c-alisg.tiktokv.com
time="Dec 03 19:36:30" level=info msg="192.168.15.142:62877 <-> 8.8.8.8:53" _qname=spc4.s3.ap-east-1.amazonaws.com. dialer=direct dscp=0 mac="00:e0:4c:68:00:46" network="tcp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=HTTPS
time="Dec 03 19:36:31" level=info msg="192.168.15.142:54579 <-> 8.8.8.8:53" _qname=spc4.s3.ap-east-1.amazonaws.com. dialer=direct dscp=0 mac="00:e0:4c:68:00:46" network="tcp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=A
time="Dec 03 19:36:32" level=info msg="192.168.15.142:55867 <-> 8.8.8.8:53" _qname=github.com. dialer=direct dscp=0 mac="00:e0:4c:68:00:46" network="tcp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=HTTPS
time="Dec 03 19:36:32" level=info msg="192.168.15.142:62751 <-> 8.8.8.8:53" _qname=github.com. dialer=direct dscp=0 mac="00:e0:4c:68:00:46" network="tcp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=A
time="Dec 03 19:36:33" level=info msg="192.168.15.142:51657 <-> 8.8.8.8:53" _qname=avatars.githubusercontent.com. dialer=direct dscp=0 mac="00:e0:4c:68:00:46" network="tcp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=A
time="Dec 03 19:36:33" level=info msg="192.168.15.142:64513 <-> 8.8.8.8:53" _qname=avatars.githubusercontent.com. dialer=direct dscp=0 mac="00:e0:4c:68:00:46" network="tcp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=HTTPS
time="Dec 03 19:36:33" level=info msg="192.168.15.142:59997 <-> 8.8.8.8:53" _qname=github.githubassets.com. dialer=direct dscp=0 mac="00:e0:4c:68:00:46" network="tcp4(DNS)" outbound=direct pid=0 pname= policy=fixed qtype=HTTPS

@mzz2017 except for IP address requests, all domain requests are recorded as qname in the log. Incoming IP requests can be sniffed and routing rules applied to it. but domain requests are only recorded as qname and routing rules are not applied to it. see my log above

Answer 4 · 2024-12-03T13:19:22.000Z

time="Dec 03 19:35:53" level=info msg="192.168.15.176:45766 <-> 34.36.71.42:443" dialer=direct dscp=0 ip="34.36.71.42:443" mac="fa:f1:7b:38:36:c0" network=udp4 outbound=direct pid=0 pname= policy=fixed sniffed=webcast22-normal-c-alisg.tiktokv.com

Answer 5 · 2024-12-03T13:22:23.000Z

34.36.71.42:443

it is a request ip and sniffed domain

Answer 6 · 2024-12-03T14:45:16.000Z

@Roxy09099 yes because dialer is direct