Skip to content

feat: implement Clash-like Fake IP feature for DNS optimization#146

Open
darkSuperman wants to merge 7 commits into
cfal:masterfrom
darkSuperman:fake-ip
Open

feat: implement Clash-like Fake IP feature for DNS optimization#146
darkSuperman wants to merge 7 commits into
cfal:masterfrom
darkSuperman:fake-ip

Conversation

@darkSuperman

Copy link
Copy Markdown
Contributor

Description

This PR introduces a Fake IP feature (similar to the implementation in Clash) to optimize DNS resolution and connection latency, as well as to prevent local DNS leaks.

How it works & Motivation

Normally, a client resolves a domain name first and then initiates a connection to the returned IP, costing an extra DNS RTT.
With this Fake IP implementation:

  1. DNS Interception: A local DNS server is spun up (using hickory-dns). When the client queries a domain, it immediately returns an unused pseudo-IP (e.g., 198.18.0.x from a configured pool) and records the mapping in an LRU cache.
  2. Zero Round-Trip: The client saves the real DNS resolution time and connects mapped Fake IP directly.
  3. Domain Restoration: During the proxy connection phase (in src/address.rs), the proxy detects the Fake IP, retrieves the original FQDN mapped in the cache, and routes the proxy request using the actual domain name.

Implementation Details

  • FakeIpManager: A thread-safe LRU cache (exposed globally via std::sync::OnceLock) to store #Domain -> Fake IP and #Fake IP -> Domain mappings.
  • DNS Server: Integrated a lightweight UDP DNS server to parse DNS queries and return Fake IP binary records.
  • Connection Interception: Injected restore_fake_ip() globally into the address parsing phase so any outbound connection utilizing a Fake IP seamlessly recovers its target FQDN before leaving shoes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant