Merge branch 'master' into fix-clippy

Author: ibigbug

clash-lib/src/app/dns/config.rs

@@ -3,9 +3,9 @@ use crate::{
     Error,
     app::net::{OutboundInterface, get_interface_by_name, get_outbound_interface},
     common::trie,
-    config::def::{DNSListen, DNSMode},
+    config::def::{DNSListen, DNSMode, EdnsClientSubnet as DefEdnsClientSubnet},
 };
-use ipnet::AddrParseError;
+use ipnet::{AddrParseError, Ipv4Net, Ipv6Net};
 use regex::Regex;
 use serde::Deserialize;
 use std::{
@@ -38,6 +38,12 @@ pub struct FallbackFilter {
     pub domain: Vec<String>,
 }
 
+#[derive(Clone, Debug, Default, PartialEq)]
+pub struct EdnsClientSubnet {
+    pub ipv4: Option<Ipv4Net>,
+    pub ipv6: Option<Ipv6Net>,
+}
+
 #[derive(Default)]
 pub struct Config {
     pub enable: bool,
@@ -54,6 +60,7 @@ pub struct Config {
     pub store_smart_stats: bool,
     pub hosts: Option<trie::StringTrie<IpAddr>>,
     pub nameserver_policy: HashMap<String, NameServer>,
+    pub edns_client_subnet: Option<EdnsClientSubnet>,
 }
 
 impl Config {
@@ -265,6 +272,12 @@ impl TryFrom<&crate::config::def::Config> for Config {
             })?;
         }
 
+        let edns_client_subnet = dc
+            .edns_client_subnet
+            .as_ref()
+            .map(parse_edns_client_subnet)
+            .transpose()?;
+
         Ok(Self {
             enable: dc.enable,
             ipv6: c.ipv6 && dc.ipv6,
@@ -395,10 +408,47 @@ impl TryFrom<&crate::config::def::Config> for Config {
                 Some(tree)
             },
             nameserver_policy,
+            edns_client_subnet,
         })
     }
 }
 
+fn parse_edns_client_subnet(
+    ecs: &DefEdnsClientSubnet,
+) -> Result<EdnsClientSubnet, Error> {
+    let ipv4 = ecs
+        .ipv4
+        .as_ref()
+        .map(|value| {
+            value.parse::<Ipv4Net>().map_err(|_| {
+                Error::InvalidConfig(format!(
+                    "invalid edns-client-subnet ipv4 network: {value}"
+                ))
+            })
+        })
+        .transpose()?;
+
+    let ipv6 = ecs
+        .ipv6
+        .as_ref()
+        .map(|value| {
+            value.parse::<Ipv6Net>().map_err(|_| {
+                Error::InvalidConfig(format!(
+                    "invalid edns-client-subnet ipv6 network: {value}"
+                ))
+            })
+        })
+        .transpose()?;
+
+    if ipv4.is_none() && ipv6.is_none() {
+        return Err(Error::InvalidConfig(
+            "edns-client-subnet requires at least one of ipv4/ipv6".into(),
+        ));
+    }
+
+    Ok(EdnsClientSubnet { ipv4, ipv6 })
+}
+
 impl From<crate::config::def::FallbackFilter> for FallbackFilter {
     fn from(c: crate::config::def::FallbackFilter) -> Self {
         let ipcidr = Config::parse_fallback_ip_cidr(&c.ip_cidr);

clash-lib/src/app/dns/dhcp.rs

@@ -103,6 +103,7 @@ impl DhcpClient {
                     .collect(),
                 None,
                 HashMap::new(),
+                None,
             )
             .await;
         }

clash-lib/src/app/dns/dns_client.rs

@@ -1,4 +1,4 @@
-use super::{ClashResolver, Client, runtime::DnsRuntimeProvider};
+use super::{ClashResolver, Client, EdnsClientSubnet, runtime::DnsRuntimeProvider};
 use std::{
     fmt::{Debug, Display, Formatter},
     net,
@@ -11,7 +11,13 @@ use async_trait::async_trait;
 
 use hickory_client::client;
 use hickory_proto::{
-    ProtoError, rustls::tls_client_connect, tcp::TcpClientStream,
+    ProtoError,
+    rr::{
+        RecordType,
+        rdata::opt::{ClientSubnet, EdnsCode, EdnsOption},
+    },
+    rustls::tls_client_connect,
+    tcp::TcpClientStream,
     udp::UdpClientStream,
 };
 use rustls::ClientConfig;
@@ -57,6 +63,133 @@ impl Display for DNSNetMode {
     }
 }
 
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::proxy;
+    use hickory_proto::{
+        op,
+        rr::{Name, rdata::opt::EdnsOption},
+    };
+    use std::str::FromStr;
+
+    fn client_with_ecs(ecs: Option<EdnsClientSubnet>) -> DnsClient {
+        let proxy = Arc::new(proxy::direct::Handler::new("test-proxy"));
+        let addr = net::SocketAddr::new(net::IpAddr::from([127, 0, 0, 1]), 53);
+        DnsClient {
+            inner: Arc::new(RwLock::new(Inner {
+                c: None,
+                bg_handle: None,
+            })),
+            cfg: DnsConfig::Udp(addr, None, proxy.clone()),
+            proxy,
+            host: "example.org".to_string(),
+            port: 53,
+            net: DNSNetMode::Udp,
+            iface: None,
+            ecs,
+        }
+    }
+
+    fn build_message(record_type: RecordType) -> Message {
+        let mut msg = Message::new();
+        let mut query = op::Query::new();
+        query.set_name(Name::from_ascii("example.org").expect("valid name"));
+        query.set_query_type(record_type);
+        msg.add_query(query);
+        msg
+    }
+
+    #[test]
+    fn apply_edns_client_subnet_adds_ipv4_option() {
+        let ecs = EdnsClientSubnet {
+            ipv4: Some("1.2.3.4/24".parse().unwrap()),
+            ipv6: None,
+        };
+        let client = client_with_ecs(Some(ecs));
+        let mut msg = build_message(RecordType::A);
+
+        client.apply_edns_client_subnet(&mut msg);
+
+        let edns = msg.extensions().as_ref().expect("edns should exist");
+        let option = edns
+            .option(EdnsCode::Subnet)
+            .expect("subnet option missing");
+        match option {
+            EdnsOption::Subnet(subnet) => {
+                assert_eq!(subnet.addr(), net::IpAddr::from([1, 2, 3, 0]));
+                assert_eq!(subnet.source_prefix(), 24);
+                assert_eq!(subnet.scope_prefix(), 24);
+            }
+            _ => panic!("unexpected edns option"),
+        }
+    }
+
+    #[test]
+    fn apply_edns_client_subnet_prefers_ipv6_for_aaaa() {
+        let ecs = EdnsClientSubnet {
+            ipv4: Some("1.2.3.4/24".parse().unwrap()),
+            ipv6: Some("2001:db8::/48".parse().unwrap()),
+        };
+        let client = client_with_ecs(Some(ecs));
+        let mut msg = build_message(RecordType::AAAA);
+
+        client.apply_edns_client_subnet(&mut msg);
+
+        let edns = msg.extensions().as_ref().expect("edns should exist");
+        let option = edns
+            .option(EdnsCode::Subnet)
+            .expect("subnet option missing");
+        match option {
+            EdnsOption::Subnet(subnet) => {
+                assert_eq!(
+                    subnet.addr(),
+                    net::IpAddr::from_str("2001:db8::").unwrap()
+                );
+                assert_eq!(subnet.source_prefix(), 48);
+                assert_eq!(subnet.scope_prefix(), 48);
+            }
+            _ => panic!("unexpected edns option"),
+        }
+    }
+
+    #[test]
+    fn apply_edns_client_subnet_respects_existing_option() {
+        let ecs = EdnsClientSubnet {
+            ipv4: Some("1.2.3.4/24".parse().unwrap()),
+            ipv6: None,
+        };
+        let client = client_with_ecs(Some(ecs));
+        let mut msg = build_message(RecordType::A);
+
+        let mut edns = hickory_proto::op::Edns::new();
+        {
+            let opts = edns.options_mut();
+            opts.insert(EdnsOption::Subnet(ClientSubnet::new(
+                net::IpAddr::from([9, 8, 7, 0]),
+                24,
+                24,
+            )));
+        }
+        msg.set_edns(edns);
+
+        client.apply_edns_client_subnet(&mut msg);
+
+        let edns = msg.extensions().as_ref().expect("edns should remain");
+        let option = edns
+            .option(EdnsCode::Subnet)
+            .expect("subnet option missing");
+        match option {
+            EdnsOption::Subnet(subnet) => {
+                assert_eq!(subnet.addr(), net::IpAddr::from([9, 8, 7, 0]));
+                assert_eq!(subnet.source_prefix(), 24);
+                assert_eq!(subnet.scope_prefix(), 24);
+            }
+            _ => panic!("unexpected edns option"),
+        }
+    }
+}
+
 impl FromStr for DNSNetMode {
     type Err = Error;
 
@@ -80,6 +213,7 @@ pub struct Opts {
     pub net: DNSNetMode,
     pub iface: Option<OutboundInterface>,
     pub proxy: Arc<dyn OutboundHandler>,
+    pub ecs: Option<EdnsClientSubnet>,
 }
 
 enum DnsConfig {
@@ -163,6 +297,7 @@ pub struct DnsClient {
     port: u16,
     net: DNSNetMode,
     iface: Option<OutboundInterface>,
+    ecs: Option<EdnsClientSubnet>,
 }
 
 impl DnsClient {
@@ -216,6 +351,7 @@ impl DnsClient {
                             port: opts.port,
                             net: opts.net,
                             iface: opts.iface,
+                            ecs: opts.ecs.clone(),
                         }))
                     }
                     DNSNetMode::Tcp => {
@@ -237,6 +373,7 @@ impl DnsClient {
                             port: opts.port,
                             net: opts.net,
                             iface: opts.iface,
+                            ecs: opts.ecs.clone(),
                         }))
                     }
                     DNSNetMode::DoT => {
@@ -259,6 +396,7 @@ impl DnsClient {
                             port: opts.port,
                             net: opts.net,
                             iface: opts.iface,
+                            ecs: opts.ecs.clone(),
                         }))
                     }
                     DNSNetMode::DoH => {
@@ -281,13 +419,67 @@ impl DnsClient {
                             port: opts.port,
                             net: opts.net,
                             iface: opts.iface,
+                            ecs: opts.ecs.clone(),
                         }))
                     }
                     _ => unreachable!("."),
                 }
             }
         }
     }
+
+    fn apply_edns_client_subnet(&self, message: &mut Message) {
+        let Some(ecs) = &self.ecs else {
+            return;
+        };
+
+        if ecs.ipv4.is_none() && ecs.ipv6.is_none() {
+            return;
+        }
+
+        if message
+            .extensions()
+            .as_ref()
+            .is_some_and(|edns| edns.option(EdnsCode::Subnet).is_some())
+        {
+            return;
+        }
+
+        let prefer_ipv6 = matches!(
+            message.query().map(|q| q.query_type()),
+            Some(RecordType::AAAA)
+        );
+
+        let candidate = if prefer_ipv6 {
+            ecs.ipv6
+                .map(|ipv6| (net::IpAddr::from(ipv6.network()), ipv6.prefix_len()))
+                .or_else(|| {
+                    ecs.ipv4.map(|ipv4| {
+                        (net::IpAddr::from(ipv4.network()), ipv4.prefix_len())
+                    })
+                })
+        } else {
+            ecs.ipv4
+                .map(|ipv4| (net::IpAddr::from(ipv4.network()), ipv4.prefix_len()))
+                .or_else(|| {
+                    ecs.ipv6.map(|ipv6| {
+                        (net::IpAddr::from(ipv6.network()), ipv6.prefix_len())
+                    })
+                })
+        };
+
+        let Some((addr, prefix)) = candidate else {
+            return;
+        };
+
+        let edns = message
+            .extensions_mut()
+            .get_or_insert_with(hickory_proto::op::Edns::new);
+
+        let options = edns.options_mut();
+        options.remove(EdnsCode::Subnet);
+        options.insert(EdnsOption::Subnet(ClientSubnet::new(addr, prefix, prefix)));
+    }
 }
 
 impl Debug for DnsClient {
@@ -345,7 +537,10 @@ impl Client for DnsClient {
             }
         }
 
-        let mut req = DnsRequest::new(msg.clone(), DnsRequestOptions::default());
+        let mut outbound = msg.clone();
+        self.apply_edns_client_subnet(&mut outbound);
+
+        let mut req = DnsRequest::new(outbound, DnsRequestOptions::default());
         if req.id() == 0 {
             req.set_id(rand::random::<u16>());
         }