do not perform sampling if access is made by directly specifying an I…

…P address.

xray/sampling/centralized_strategy.go

@@ -10,6 +10,7 @@ import (
 	"math/rand"
 	"net"
 	"net/http"
+	"net/netip"
 	"sort"
 	"sync"
 	"time"
@@ -299,6 +300,12 @@ func (s *CentralizedStrategy) Close() {
 
 // ShouldTrace implements Strategy.
 func (s *CentralizedStrategy) ShouldTrace(req *Request) *Decision {
+	if isDirectIPAccess(req) {
+		return &Decision{
+			Sample: false,
+		}
+	}
+
 	s.startOnce.Do(s.start)
 	manifest := s.getManifest()
 	if manifest == nil {
@@ -317,6 +324,21 @@ func (s *CentralizedStrategy) ShouldTrace(req *Request) *Decision {
 	return s.fallback.ShouldTrace(req)
 }
 
+// Nowadays, access using virtual host functionality is mostly used,
+// and there are few cases where access is made by directly specifying an IP address.
+// Therefore, if access is made by directly specifying an IP address,
+// we do not perform sampling.
+func isDirectIPAccess(req *Request) bool {
+	hostport := req.Host
+	host, _, err := net.SplitHostPort(hostport)
+	if err != nil {
+		host = hostport
+	}
+
+	_, err = netip.ParseAddr(host)
+	return err == nil
+}
+
 func (s *CentralizedStrategy) getManifest() *centralizedManifest {
 	s.mu.RLock()
 	defer s.mu.RUnlock()

xray/sampling/centralized_strategy_test.go

@@ -218,3 +218,28 @@ func TestCentralizedStrategy_refreshQuota(t *testing.T) {
 		t.Errorf("unexpected ttl: want %d, got %d", 1000000000, quota.ttl.Unix())
 	}
 }
+
+func TestIsDirectIPAccess(t *testing.T) {
+	tests := []struct {
+		input string
+		want  bool
+	}{
+		{"example.com", false},
+		{"example.com:80", false},
+		{"192.0.2.1", true},
+		{"192.0.2.1:80", true},
+		{"198.51.100.1", true},
+		{"198.51.100.1:80", true},
+		{"2001:db8::1", true},
+		{"[2001:db8::1]:80", true},
+	}
+
+	for _, tt := range tests {
+		req := &Request{
+			Host: tt.input,
+		}
+		if got := isDirectIPAccess(req); got != tt.want {
+			t.Errorf("unexpected result: want %t, got %t", tt.want, got)
+		}
+	}
+}