Use implicit name resolution for TCP destinations#101
Merged
Conversation
When connecting to a TCP destination by name, go's implicit resolution behavior tries all available addresses until it finds one that works (fallback), with a preference for IPv6 if possible (happy eyeballs). This is better than our current behavior (pick one IPv4 address). The Outline client doesn't rely on named destinations, but other Shadowsocks clients do. This is an alternative to #100. This change has one key difference from the previous behavior: IP validation is enforced after the connection is established, not before. A hostile user cannot use this to send data to a private service, but they might be able to detect the existence of that service based on how long the server waits before closing the connection.
fortuna
reviewed
Jan 27, 2021
fortuna
left a comment
There was a problem hiding this comment.
I'm worried about leaking private information.
Could you instead use the Dialer.Control() function instead, testing the address there and cancelling as needed?
Also, shouldn't we do that for UDP too?
Author
Good idea. Done!
No, this doesn't apply to UDP. |
fortuna
reviewed
Jan 28, 2021
|
|
||
| buf := make([]byte, 10) | ||
|
|
||
| addresses := []string{ |
There was a problem hiding this comment.
Can you put the errors next to the IPs for readability?
|
Thank you for the effort! |
62w71st
added a commit
to 62w71st/outline-ss-server-v2
that referenced
this pull request
Dec 20, 2024
ha-D
pushed a commit
to JinaVPN/outline-ss-server-v2
that referenced
this pull request
Jun 23, 2025
* source_file * Add file source * Supporting adding keys from a source. * Add unit testing for cipher entry CRUD. * Pass sources through to runConfig. * Add a cipher entry from the source to per port cipherList * Make tests pass and add a test for a (deprecated) config example. * Change runConfig to runSource * Add feature to dynamically add configs to outline server. * Changing approach to minimal changes to runConfig * Reverting changes in main.go * Adds loadsource function. * Add cipher updater skeleton. * Add TODO for starting the SS service. * Implement loadSource() -- Create an initial config object from the first key. * server_test.go passes but with the deprecated config example yml file. * Remove shadowsocks.AddKey() and RemoveKey(). * Pass in an empty config to runConfig. We will need synchronization for CipherList though. * Use the new service config objects with listeners rather than the deprecated config. * Create AddCipher in CipherUpdater for a cleaner interface. * Implement key removal. Next: Make key removal faster by not traversing the whole linked list. * Implement key removal. Next: Make key removal faster by not traversing the whole linked list. * Cleanup * Refactor source handling * Added config_example_source.yml and updated source.go to use it. * feat: enable `fwmark` (`SO_MARK`) for outgoing sockets (OutlineFoundation#202) * feat: enable fwmark (SO_MARK) for outgoing sockets * fix: make fwmark linux-specific functionality * fix: minor improvements over handling fwmark * Use `transport.PacketListener` as interface. * Take the `syscall.RawConn` as input to `SetFwdmark()`. * Some cleanup. * Fix copyright dates for new files. * Fix the error types. * Revert changes to integration test. * Optimize removing a cipher entry when a key is removed. (OutlineFoundation#101) * Add fastAuth to tcp service
ha-D
referenced
this pull request
in JinaVPN/outline-ss-server-v2
Jun 24, 2025
* source_file * Add file source * Supporting adding keys from a source. * Add unit testing for cipher entry CRUD. * Pass sources through to runConfig. * Add a cipher entry from the source to per port cipherList * Make tests pass and add a test for a (deprecated) config example. * Change runConfig to runSource * Add feature to dynamically add configs to outline server. * Changing approach to minimal changes to runConfig * Reverting changes in main.go * Adds loadsource function. * Add cipher updater skeleton. * Add TODO for starting the SS service. * Implement loadSource() -- Create an initial config object from the first key. * server_test.go passes but with the deprecated config example yml file. * Remove shadowsocks.AddKey() and RemoveKey(). * Pass in an empty config to runConfig. We will need synchronization for CipherList though. * Use the new service config objects with listeners rather than the deprecated config. * Create AddCipher in CipherUpdater for a cleaner interface. * Implement key removal. Next: Make key removal faster by not traversing the whole linked list. * Implement key removal. Next: Make key removal faster by not traversing the whole linked list. * Cleanup * Refactor source handling * Added config_example_source.yml and updated source.go to use it. * feat: enable `fwmark` (`SO_MARK`) for outgoing sockets (Jigsaw-Code#202) * feat: enable fwmark (SO_MARK) for outgoing sockets * fix: make fwmark linux-specific functionality * fix: minor improvements over handling fwmark * Use `transport.PacketListener` as interface. * Take the `syscall.RawConn` as input to `SetFwdmark()`. * Some cleanup. * Fix copyright dates for new files. * Fix the error types. * Revert changes to integration test. * Optimize removing a cipher entry when a key is removed. (Jigsaw-Code#101) * Add fastAuth to tcp service
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When connecting to a TCP destination by name, go's implicit resolution
behavior tries all available addresses until it finds one that works
(fallback), with a preference for IPv6 if possible (happy eyeballs).
This is better than our current behavior (pick one IPv4 address).
The Outline client doesn't rely on named destinations, but other
Shadowsocks clients do.
This is an alternative to #100.