From 7f64980ea38df7bb0e330b7433124f2a297a7a4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Thu, 26 Mar 2026 18:58:53 +0800 Subject: [PATCH] Fix DNS record parser file inclusion and rule match log index Remove SetIncludeAllowed(true) from the DNS record zone parser. The $INCLUDE directive allows opening arbitrary files via os.Open, which is unnecessary and dangerous when parsing a single record string from configuration (especially remote profiles). Fix displayRuleIndex arithmetic in dns/router.go that computed 2*index+1 instead of the correct 0-based index. This was a reintroduction of a bug previously fixed in be8ee370a. Both matchDNS and logRuleMatch now use the index directly, matching the pattern in route/route.go. --- dns/router.go | 19 +++++-------------- option/dns_record.go | 1 - 2 files changed, 5 insertions(+), 15 deletions(-) diff --git a/dns/router.go b/dns/router.go index 870498a84..778ad84c0 100644 --- a/dns/router.go +++ b/dns/router.go @@ -296,15 +296,10 @@ func (r *Router) matchDNS(ctx context.Context, allowFakeIP bool, ruleIndex int, metadata.ResetRuleCache() metadata.DestinationAddressMatchFromResponse = false if currentRule.LegacyPreMatch(metadata) { - displayRuleIndex := currentRuleIndex - if displayRuleIndex != -1 { - displayRuleIndex += displayRuleIndex + 1 - } - ruleDescription := currentRule.String() - if ruleDescription != "" { - r.logger.DebugContext(ctx, "match[", displayRuleIndex, "] ", currentRule, " => ", currentRule.Action()) + if ruleDescription := currentRule.String(); ruleDescription != "" { + r.logger.DebugContext(ctx, "match[", currentRuleIndex, "] ", currentRule, " => ", currentRule.Action()) } else { - r.logger.DebugContext(ctx, "match[", displayRuleIndex, "] => ", currentRule.Action()) + r.logger.DebugContext(ctx, "match[", currentRuleIndex, "] => ", currentRule.Action()) } switch action := currentRule.Action().(type) { case *R.RuleActionDNSRoute: @@ -397,14 +392,10 @@ func (r *Router) resolveDNSRoute(action *R.RuleActionDNSRoute, allowFakeIP bool, } func (r *Router) logRuleMatch(ctx context.Context, ruleIndex int, currentRule adapter.DNSRule) { - displayRuleIndex := ruleIndex - if displayRuleIndex != -1 { - displayRuleIndex += displayRuleIndex + 1 - } if ruleDescription := currentRule.String(); ruleDescription != "" { - r.logger.DebugContext(ctx, "match[", displayRuleIndex, "] ", currentRule, " => ", currentRule.Action()) + r.logger.DebugContext(ctx, "match[", ruleIndex, "] ", currentRule, " => ", currentRule.Action()) } else { - r.logger.DebugContext(ctx, "match[", displayRuleIndex, "] => ", currentRule.Action()) + r.logger.DebugContext(ctx, "match[", ruleIndex, "] => ", currentRule.Action()) } } diff --git a/option/dns_record.go b/option/dns_record.go index 2d4fb7888..f10e03d9b 100644 --- a/option/dns_record.go +++ b/option/dns_record.go @@ -99,7 +99,6 @@ func parseDNSRecord(stringValue string) (dns.RR, error) { } parser := dns.NewZoneParser(strings.NewReader(stringValue), "", "") parser.SetDefaultTTL(defaultDNSRecordTTL) - parser.SetIncludeAllowed(true) record, _ := parser.Next() return record, parser.Err() }