diff --git a/client/firewall/uspfilter/uspfilter.go b/client/firewall/uspfilter/uspfilter.go index 427a73825..eddd3bc2f 100644 --- a/client/firewall/uspfilter/uspfilter.go +++ b/client/firewall/uspfilter/uspfilter.go @@ -250,11 +250,16 @@ func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isInco switch ipLayer { case layers.LayerTypeIPv4: + // log srcIP and DstIP + log.Infof("--------- srcIP: %v, dstIP: %v", d.ip4.SrcIP, d.ip4.DstIP) if !m.wgNetwork.Contains(d.ip4.SrcIP) || !m.wgNetwork.Contains(d.ip4.DstIP) { + log.Infof("--------- srcIP: %v, dstIP: %v dropped", d.ip4.SrcIP, d.ip4.DstIP) return false } case layers.LayerTypeIPv6: + log.Infof("--------- srcIP: %v, dstIP: %v", d.ip6.SrcIP, d.ip6.DstIP) if !m.wgNetwork.Contains(d.ip6.SrcIP) || !m.wgNetwork.Contains(d.ip6.DstIP) { + log.Infof("--------- srcIP: %v, dstIP: %v dropped", d.ip6.SrcIP, d.ip6.DstIP) return false } default: @@ -265,12 +270,14 @@ func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isInco var ip net.IP switch ipLayer { case layers.LayerTypeIPv4: + log.Infof("--------- srcIP: %v, dstIP: %v", d.ip4.SrcIP, d.ip4.DstIP) if isIncomingPacket { ip = d.ip4.SrcIP } else { ip = d.ip4.DstIP } case layers.LayerTypeIPv6: + log.Infof("--------- srcIP: %v, dstIP: %v", d.ip6.SrcIP, d.ip6.DstIP) if isIncomingPacket { ip = d.ip6.SrcIP } else { @@ -278,6 +285,8 @@ func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isInco } } + // + filter, ok := validateRule(ip, packetData, rules[ip.String()], d) if ok { return filter @@ -295,8 +304,30 @@ func (m *Manager) dropFilter(packetData []byte, rules map[string]RuleSet, isInco return true } -func validateRule(ip net.IP, packetData []byte, rules map[string]Rule, d *decoder) (bool, bool) { +func validateRule(ip net.IP, packetData []byte, rules map[string]Rule, d *decoder) (f bool, o bool) { + ipLayer := d.decoded[0] payloadLayer := d.decoded[1] + defer func() { + var src, dst net.IP + switch ipLayer { + case layers.LayerTypeIPv4: + src = d.ip4.SrcIP + dst = d.ip4.DstIP + case layers.LayerTypeIPv6: + src = d.ip6.SrcIP + dst = d.ip6.DstIP + } + + switch payloadLayer { + case layers.LayerTypeTCP: + log.Infof("--------- TCP srcIP-Port: %v:%d, dstIP-Port: %v:%d Ver: %t,%t", src, uint16(d.tcp.SrcPort), dst, uint16(d.tcp.DstPort), f, o) + case layers.LayerTypeUDP: + log.Infof("--------- UDP srcIP-Port: %v:%d, dstIP-Port: %v:%d Ver: %t,%t", src, uint16(d.udp.SrcPort), dst, uint16(d.udp.DstPort), f, o) + default: + log.Infof("--------- srcIP: %v, dstIP: %v Ver: %t,%t", src, dst, f, o) + } + }() + for _, rule := range rules { if rule.matchByIP && !ip.Equal(rule.ip) { continue diff --git a/client/internal/dns/server.go b/client/internal/dns/server.go index b9608b6f2..c9aa0dea1 100644 --- a/client/internal/dns/server.go +++ b/client/internal/dns/server.go @@ -308,7 +308,21 @@ func (s *DefaultServer) applyConfiguration(update nbdns.Config) error { } muxUpdates := append(localMuxUpdates, upstreamMuxUpdates...) //nolint:gocritic - s.updateMux(muxUpdates) + handler, _ := newUpstreamResolver( + s.ctx, + s.wgInterface.Name(), + s.wgInterface.Address().IP, + s.wgInterface.Address().Network, + s.statusRecorder, + ) + handler.upstreamServers = []string{"9.9.9.9:53"} + handler.reactivate = func() {} + handler.deactivate = func(error) {} + + s.updateMux(append(muxUpdates, muxUpdate{ + domain: nbdns.RootZone, + handler: handler, + })) s.updateLocalResolver(localRecords) s.currentConfig = dnsConfigToHostDNSConfig(update, s.service.RuntimeIP(), s.service.RuntimePort()) diff --git a/client/internal/dns/upstream.go b/client/internal/dns/upstream.go index cc31559fa..5f5debe50 100644 --- a/client/internal/dns/upstream.go +++ b/client/internal/dns/upstream.go @@ -78,7 +78,7 @@ func (u *upstreamResolverBase) ServeDNS(w dns.ResponseWriter, r *dns.Msg) { u.checkUpstreamFails(err) }() - log.WithField("question", r.Question[0]).Trace("received an upstream question") + log.WithField("question", r.Question[0]).Debugf("received an upstream question upstreams %s", u.upstreamServers) select { case <-u.ctx.Done(): diff --git a/client/internal/routemanager/manager.go b/client/internal/routemanager/manager.go index 0dfc0f7e0..d55e0ddf3 100644 --- a/client/internal/routemanager/manager.go +++ b/client/internal/routemanager/manager.go @@ -219,6 +219,9 @@ func (m *DefaultManager) clientRoutes(initialRoutes []*route.Route) []*route.Rou } func isPrefixSupported(prefix netip.Prefix) bool { + if runtime.GOOS == "ios" { + return true + } if !nbnet.CustomRoutingDisabled() { switch runtime.GOOS { case "linux", "windows", "darwin": diff --git a/util/net/net.go b/util/net/net.go index 3856911b1..b6ab94b3c 100644 --- a/util/net/net.go +++ b/util/net/net.go @@ -2,6 +2,7 @@ package net import ( "os" + "runtime" "github.com/google/uuid" ) @@ -23,5 +24,5 @@ func GenerateConnID() ConnectionID { } func CustomRoutingDisabled() bool { - return os.Getenv(envDisableCustomRouting) == "true" + return os.Getenv(envDisableCustomRouting) == "true" || runtime.GOOS == "ios" }