-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Discuss] Enable user access to detailed routing information #105
Comments
Provide routing stats as subscribable serviceDue to 1) inherent privacy problem; 2) inconvenience of parsing plain-text to in-memory data structure, attaching more information to access log may not be a good idea. If a custom client could directly get in-memory context object and process it using an advanced language (e.g. Go), it would be much more powerful. So personally, I propose using "stats": {
"routing": { "enabled": true }
} A new gRPC stream service then could be registered: service StatsService {
rpc SubscribeRoutingStats(RoutingStatsRequest) returns (stream RoutingStatsResponse) {}
}
message RoutingStatsRequest {
repeated string fields = 1;
}
message RoutingStatsResponse {
string InboundTag = 1;
v2ray.core.common.net.Network Network = 2;
repeated bytes SourceIPs = 3;
repeated bytes TargetIPs = 4;
uint32 SourcePort = 5;
uint32 TargetPort = 6;
string TargetDomain = 7;
string Protocol = 8;
string UserEmail = 9;
repeated AttributeStat Attributes = 10;
repeated string DetourTags = 11;
string OutboundTag = 12;
} Now a custom client can subscribe to this stream channel, continuously receving routing contexts and process them at its will. To reduce transport burden, client could manually specify the fields it wants to retrieve:
Benefit
Privacy problemAs @klzgrad stated in Fake DNS's discussion (v2ray/v2ray-core#2233), being able to record browsing history and keep it is a problematic behavior. Providing such records through stats service is powerful yet somewhat risky and should be carefully regulated. To regulate the usage of routing stats service, I propose:
With above two measures stats service may be a more secure way to retrieve routing information compared to access log. I would like to receive some ideas on these proposals and other measures (like authentication?) that may potentially help improve the security of such service, or any idea that is against this feature for a rational reason. |
Just finished reading the context. I was going to propose a modification to access log when we talked about DNS days ago yet hesitated. But your proposal is much more refine. As far as I'm concerned, it could be a great help with comprehending network traffic. My questions are mainly on user side:
P.S.
|
I must say that the idea of expelling routing stats by a stream-service rather than a disk log is formidable. But I still have a concern, how would this step compromise the traditional way of V2ray users to debug their configuration? IMO, the |
Personally I think it should be left untouched, for following reasons:
I am personally using a modified version of gamesofts/v2ray-custom-geo, which imports v2ray and protobuf package to build custom list. Currently I cannot come up with some good ideas on how to bake geofile generation into core. Since the demand of geofile generation varies and seems not formalized into some well-accepted standard (as far as I know), it may be appropriate to leave it to community for now, until when a consensus on what interface the core should provide is reached. Or do you already have some good proposals ready?
This demand is accomplishable considering what I've implemented for now: an interface for routing context. type Context interface {
GetInboundTag() string
GetSourceIPs() []net.IP
GetSourcePort() net.Port
GetTargetIPs() []net.IP
GetTargetPort() net.Port
GetTargetDomain() string
GetNetwork() net.Network
GetProtocol() string
GetUser() *protocol.MemoryUser
GetAttributes() map[string]interface{}
} So one could manually setup a Context object and pass it to router to get the result. This feature could be implemented independently, whether stats service will be adopted or not. |
I think the log can be modified. There will be many destructive changes in the next 4.28. For "airports", they use a specific modified version |
我觉得 @Vigilans 的想法很好,我目前在使用透明代理的方式,确实遇到一些使用 geosite 无法满足需求的场景,客制化 geosite 是比较好的。我早先有做过一项工作,写了个脚本处理 error.log 内容,再将之追加至 dns 和 routing 配置中,可能是脚本写得不好,会出现一些期望之外的情况。我倾向于通过 gRPC 获取详细的路由信息。 |
我感觉你好像误会了我的意思…… |
I'm all for your concern about the compromising of access log, where I also wrote my last comment before yours got published to reckon that More specifically, the usage of routing stats service should be divided into two parts and discussed separately: LoggingThe usage I mentioned:
is an actual threat to the circumstances of Geofile generationThe usage of routing context in logging and geofile generation differs in such ways:
So, regarding the option of retrieving routing information from access log only, some issues should be pointed out and discussed: One is during serialization: complex structures like One is during deserialization. This brings up an important question: have you expected the geofile generation to be supported as basic service in most clients, or to be supported in a github repo which will be widely accepted as standard? If so, then a stable retrievement of routing context should be a concern. Currently, routing-based geofile generation is only done by self-written scripts, personally I think one of the reasons is that format of access log isn't guaranteed stable yet. It is not something like json that could safely deserialize. This prevents a standard implementation of geofile generation from invention. If v2ray-core were to add a new routing context field to Arguments above is just for reference to be taken into consideration, not for mere advocation of stream service... |
我觉得最终实现一个像 cow 一样自动判定域名/IP 是否被屏蔽的机制对于把 V2Ray 当作透明代理是比较好的解决方案。但是对于 Netflix 这样没被屏蔽但是必须走代理的情况,还是得人工操作。 (但使用像 cow 一样的机制,必然会导致第一次访问某些域名/IP 会在某种意义上算是冲塔,也许这对于某些人而言是个问题。) 关于日志涉及隐私这个问题我觉得站不住脚,其余没啥意见和建议。 |
In that case, I agree with deploying routing stats service while keeping Personally, I haven't tried any of these autonomous geofile generation. But whether to make it official or not, utilizing routing stats service is more elegant than processing |
对于现在,加入到 API 中是一个比较合理的选择。 |
Can't agree more. I vote to retrieve routing information during deserialization. And for the question:
My answer is No. But it is still worth considering a mechanism for keeping deserialization safely and compatibly in advance. gRPC seems to be a good option. |
Currently, two APIs related to routing are proposed:
Regarding how to expose these services to user, two styles of config are proposed: Reuse StatsServiceJSON config: "stats": {
"routing": {
"enabled": true
}
},
"api": {
"services": ["StatsService"]
}, All the service code is implemented in Similarly, other stats like DNS would also reuse StatsService. Use new RoutingServiceJSON config: "stats": {},
"api": {
"services": ["RoutingService"] // Or "RouterService"?
}, All the service code is implemented in a new package Similarly, other stats like DNS, health check may also create their own service. Which one do you prefer? |
I think it's better to use it as a new Service. |
I'm not sure if I have a say in this since I've never used statistics information nor understood potential influence between different implementations. Currently, there's no parameter in But I'll agree with anyone who has a different thought. And as always, appreciate your work. |
Considering reusing StatsService, there're some perspectives to be discussed. Code OrganizationFor now, there are two routing APIs to be put in StatsService:
If we were to support new APIs for DNS, there are also two I could come up:
Grouping all these APIs altogether results in StatsService's inflation. Apart from inflation, If one could accept
The latter API then cannot be recognized as stats API from my perspective. |
Code ImplementationIt should be noted that
And from "stats": {
"routing": {
"enabled": true
}
}, , By adopting "RoutingService", API division is more fine-grained, user can use this service to control whether to open API for manual route test. |
@Loyalsoldier @Robot-DaneelOlivaw After writing above discussion, I come up with a new proposal to utilize both of your ideas. To achieve finer granularity, we may use the new "RoutingService", but also keep the semantic of stats config:
Here, two routing APIs belongs to "RoutingService", but in order to subscribe to routing stats, user need to explicitly register the channel in "stats" config, so v2ray-core will allocate resources for listening to routing statistics. Other services like DNS could also follow this pattern, by grouping them in "stats" config user can make sure v2ray-core will not take extra overhead in recording these statistics if user did not explicitly set them. |
This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days |
This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days |
What version of V2Ray are you using?
4.27.0
What's your scenario of using V2Ray?
Build a custom geosite/geoip file.
What did you see?
The demand is brought up in following issues (and more):
v2ray/discussion/issues/770
v2ray/discussion/issues/592
v2ray/discussion/issues/804
In a word, there are demands and practices to build a custom geosite/geoip file according to the routing information of V2Ray.
In referenced issues, outbound tag is used to classify domestic and oversea sites and to augment a custom geosite file when not included in standard ones.With routing context, there's much more that could also be done:
... and many of these information could be finally contributed to v2fly/domain-list-community.
What's your expectation?
Currently, usage of routing information goes around
access.log
, which provides following information:But there are some problems with access log:
Considering above arguments, I expect to provide users a proper way of access to complete routing context, as well as keeping such access to restricted usage.
The text was updated successfully, but these errors were encountered: