是否有嗅探后域名不再解析IP的配置, 直接拿原destination ip 去匹配geoip rule,如果有的话? #3279
castielllllll
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
今天遇到android telegram的流量嗅探出来的SNI竟然是www.google.com, 然后www.google.com这个域名没有规则,于是进行域名解析后得到IP进行匹配。但是此时的IP是www.google.com的。我想问下是否有选项可以不做域名解析? 因为本来就是有destination ip的。如下面日志中, 直接拿这个IP: 95.161.76.101
日志如下:
2025/01/12 16:31:46 [Debug] [2319817544] proxy/dokodemo: processing connection from: 10.88.1.68:34700
2025/01/12 16:31:46 [Info] [2319817544] proxy/dokodemo: received request for 10.88.1.68:34700
2025/01/12 16:31:46 [Info] [2319817544] app/dispatcher: sniffed domain: www.google.com for tcp:95.161.76.101:443
2025/01/12 16:31:46 [Debug] app/dns: domain www.google.com will use DNS in order: [localhost] [TypeA TypeAAAA]
2025/01/12 16:31:46 [Info] app/dns: Localhost got answer: www.google.com -> [172.253.62.99 172.253.62.147 172.253.62.104 172.253.62.103 172.253.62.106 172.253.62.105 2404:6800:4005:815::2004]
2025/01/12 16:31:46 [Info] [2319817544] app/dispatcher: taking detour [proxyHK] for [tcp:www.google.com:443]
2025/01/12 16:31:46 [Info] [2319817544] transport/internet/tcp: dialing TCP to tcp:127.0.0.1:51194
Beta Was this translation helpful? Give feedback.
All reactions