[Feature Request] Intercept specifc dns request in tun UDP packet handler

[zhangsan946]

If sslocal supports to handle the specific DNS requests(e.g. specific (ip:port) UDP packets) separately(may leverage the built-in DNS capability) on TUN interface, Shadowsocks-android can get rid of tun2socks lib totally.

The whole ideas is:

sequenceDiagram
    participant A as Browser
    box Grey Shadowsock-Android
    participant J as Java Code
    participant R as Rust Lib
    end
    participant I as Internet
    J->>+R: VpnService, AddDnsServer(e.g.10.10.10.2), build and getFd and send it out
    R->>+J: Create Tun with FD, Notify when ready to serve
    A-->>R: DNS request(system should use 10.10.10.2 as DNS Server)
    R->>R: Intercept the DNS packet(UDP packet to 10.10.10.2:53) and process with built-in DNS handler
    R->>J: Protect Socket
    R-->>+I: DNS Request(RAW or encrypted)
    I-->>+R: DNS Response(RAW or encrypted)
    R-->>A: Relay DNS Response
    A-->>+R: Http request
    R->>R: Routing
    R->>J: Protect Socket
    R-->>+I: Http Request(RAW or encrypted)
    I-->>+R: Http Response(RAW or encrypted)
    R-->>A: Relay HTTP Response

Loading

[zonyitoo]

I always wanted to build something like this. If you are interested, PRs are welcome.

[zhangsan946]

I've implemented this idea in my project of https://github.com/zhangsan946/jets/blob/8480757f9afa09a04519e2bd71f343b1071fc762/src/proxy/tun/udp.rs#L59-L80, and it proves it works perfectly.
I may make a PR later when I understand better about how shawsocks-android call this lib.

[mklnz]

I just built something similar, which transparently intercepts DNS queries through the TUN interface, and uses existing DnsClient which then saves the resolved IPs in the context for ACL purposes.

https://github.com/mklnz/shadowsocks-rust/tree/tundns%2Bios

Seems to work with initial testing, only UDP on port 53 is implemented.