Add DNS resolver interception for NaiveClient

Add DNSResolverFunc callback support to NaiveClient that allows custom
DNS resolution. When configured, DNS queries are intercepted via
socketpair and handled by the user-provided resolver.

Features:
- DNSResolverFunc type using github.com/miekg/dns
- EngineParams helpers: SetAsyncDNS(), SetDNSServerOverride()
- Cross-platform socketpair implementation (Unix DGRAM, Windows framed)
- Support for both UDP and TCP DNS protocols

Author: nekohasekai

dialer_test.go

@@ -32,6 +32,32 @@ func TestDialerMapCleanup(t *testing.T) {
 	}
 }
 
+func TestUDPDialerMapCleanup(t *testing.T) {
+	engine := NewEngine()
+
+	engine.SetUDPDialer(func(address string, port uint16) (int, string, uint16) {
+		return -104, "", 0 // ERR_CONNECTION_FAILED
+	})
+
+	udpDialerAccess.RLock()
+	_, exists := udpDialerMap[engine.ptr]
+	udpDialerAccess.RUnlock()
+
+	if !exists {
+		t.Error("dialer not registered in udpDialerMap")
+	}
+
+	engine.Destroy()
+
+	udpDialerAccess.RLock()
+	_, exists = udpDialerMap[engine.ptr]
+	udpDialerAccess.RUnlock()
+
+	if exists {
+		t.Error("dialer not cleaned up after Engine.Destroy()")
+	}
+}
+
 func TestSetDialerNil(t *testing.T) {
 	engine := NewEngine()
 	defer engine.Destroy()
@@ -61,6 +87,33 @@ func TestSetDialerNil(t *testing.T) {
 	}
 }
 
+func TestSetUDPDialerNil(t *testing.T) {
+	engine := NewEngine()
+	defer engine.Destroy()
+
+	engine.SetUDPDialer(func(address string, port uint16) (int, string, uint16) {
+		return -104, "", 0
+	})
+
+	udpDialerAccess.RLock()
+	_, exists := udpDialerMap[engine.ptr]
+	udpDialerAccess.RUnlock()
+
+	if !exists {
+		t.Error("dialer not registered")
+	}
+
+	engine.SetUDPDialer(nil)
+
+	udpDialerAccess.RLock()
+	_, exists = udpDialerMap[engine.ptr]
+	udpDialerAccess.RUnlock()
+
+	if exists {
+		t.Error("dialer not removed after SetUDPDialer(nil)")
+	}
+}
+
 func TestSetDialerOverwrite(t *testing.T) {
 	engine := NewEngine()
 	defer engine.Destroy()

dns_intercept.go

@@ -0,0 +1,155 @@
+package cronet
+
+import (
+	"context"
+	"encoding/binary"
+	"errors"
+	"io"
+	"net"
+	"time"
+
+	mDNS "github.com/miekg/dns"
+)
+
+const chromiumDNSUDPMaxSize = 512
+
+func serveDNSPacketConn(ctx context.Context, conn net.PacketConn, resolver DNSResolverFunc) error {
+	defer conn.Close()
+
+	// For Unix socketpair, use Write() instead of WriteTo()
+	// because socketpair is connected and WriteTo() with address doesn't work
+	var unixConn *net.UnixConn
+	if uc, ok := conn.(*net.UnixConn); ok {
+		unixConn = uc
+	}
+	buffer := make([]byte, 64*1024)
+	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
+		if deadlineConn, ok := conn.(interface{ SetReadDeadline(time.Time) error }); ok {
+			_ = deadlineConn.SetReadDeadline(time.Now().Add(time.Second))
+		}
+
+		n, remoteAddress, err := conn.ReadFrom(buffer)
+		if err != nil {
+			if errors.Is(err, net.ErrClosed) {
+				return nil
+			}
+			if netError := (*net.OpError)(nil); errors.As(err, &netError) && netError.Timeout() {
+				continue
+			}
+			continue
+		}
+
+		var request mDNS.Msg
+		if err := request.Unpack(buffer[:n]); err != nil {
+			continue
+		}
+
+		response := resolver(ctx, &request)
+		response = normalizeDNSResponse(&request, response)
+
+		packed, err := response.Pack()
+		if err != nil {
+			continue
+		}
+		if len(packed) > chromiumDNSUDPMaxSize {
+			truncated := truncatedDNSResponse(&request, response.Rcode)
+			packed, err = truncated.Pack()
+			if err != nil {
+				continue
+			}
+		}
+
+		// For Unix socketpair, use Write(); for regular UDP, use WriteTo()
+		if unixConn != nil {
+			_, _ = unixConn.Write(packed)
+		} else if remoteAddress != nil {
+			_, _ = conn.WriteTo(packed, remoteAddress)
+		}
+	}
+}
+
+func serveDNSStreamConn(ctx context.Context, conn net.Conn, resolver DNSResolverFunc) error {
+	defer conn.Close()
+
+	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+		}
+
+		_ = conn.SetReadDeadline(time.Now().Add(30 * time.Second))
+		var queryLength uint16
+		if err := binary.Read(conn, binary.BigEndian, &queryLength); err != nil {
+			if errors.Is(err, io.EOF) || errors.Is(err, net.ErrClosed) {
+				return nil
+			}
+			return err
+		}
+		if queryLength == 0 {
+			return nil
+		}
+
+		query := make([]byte, int(queryLength))
+		_, err := io.ReadFull(conn, query)
+		if err != nil {
+			if errors.Is(err, net.ErrClosed) {
+				return nil
+			}
+			return err
+		}
+
+		var request mDNS.Msg
+		if err := request.Unpack(query); err != nil {
+			continue
+		}
+
+		response := resolver(ctx, &request)
+		response = normalizeDNSResponse(&request, response)
+
+		packed, err := response.Pack()
+		if err != nil {
+			continue
+		}
+
+		_ = conn.SetWriteDeadline(time.Now().Add(30 * time.Second))
+		var lengthPrefix [2]byte
+		binary.BigEndian.PutUint16(lengthPrefix[:], uint16(len(packed)))
+		if _, err := conn.Write(lengthPrefix[:]); err != nil {
+			return err
+		}
+		if _, err := conn.Write(packed); err != nil {
+			return err
+		}
+	}
+}
+
+func normalizeDNSResponse(request *mDNS.Msg, response *mDNS.Msg) *mDNS.Msg {
+	if response == nil {
+		fallback := new(mDNS.Msg)
+		fallback.SetReply(request)
+		fallback.Rcode = mDNS.RcodeServerFailure
+		return fallback
+	}
+
+	response.Id = request.Id
+	response.Response = true
+	if len(response.Question) == 0 {
+		response.Question = request.Question
+	}
+	return response
+}
+
+func truncatedDNSResponse(request *mDNS.Msg, rcode int) *mDNS.Msg {
+	response := new(mDNS.Msg)
+	response.SetReply(request)
+	response.Truncated = true
+	response.Rcode = rcode
+	return response
+}

dns_socketpair_unix.go

@@ -0,0 +1,31 @@
+//go:build unix
+
+package cronet
+
+import (
+	"net"
+	"os"
+	"syscall"
+
+	E "github.com/sagernet/sing/common/exceptions"
+)
+
+func createPacketSocketPair() (cronetFD int, proxyConn net.PacketConn, err error) {
+	fds, err := syscall.Socketpair(syscall.AF_UNIX, syscall.SOCK_DGRAM, 0)
+	if err != nil {
+		return -1, nil, E.Cause(err, "create dgram socketpair")
+	}
+
+	syscall.CloseOnExec(fds[0])
+
+	file := os.NewFile(uintptr(fds[1]), "cronet-dgram-socketpair")
+	conn, err := net.FilePacketConn(file)
+	_ = file.Close()
+	if err != nil {
+		syscall.Close(fds[0])
+		return -1, nil, E.Cause(err, "create packet conn from socketpair")
+	}
+
+	return fds[0], conn, nil
+}
+

dns_socketpair_unix_test.go

@@ -0,0 +1,111 @@
+//go:build unix
+
+package cronet
+
+import (
+	"syscall"
+	"testing"
+)
+
+func TestCreatePacketSocketPair(t *testing.T) {
+	fd, conn, err := createPacketSocketPair()
+	if err != nil {
+		t.Fatalf("createPacketSocketPair failed: %v", err)
+	}
+	defer syscall.Close(fd)
+	defer conn.Close()
+
+	if fd <= 0 {
+		t.Errorf("expected valid fd, got %d", fd)
+	}
+}
+
+func TestCreatePacketSocketPair_BidirectionalCommunication(t *testing.T) {
+	fd, conn, err := createPacketSocketPair()
+	if err != nil {
+		t.Fatalf("createPacketSocketPair failed: %v", err)
+	}
+	defer syscall.Close(fd)
+	defer conn.Close()
+
+	// fd → conn (datagram boundary preserved)
+	testData := []byte("hello from fd")
+	_, err = syscall.Write(fd, testData)
+	if err != nil {
+		t.Fatalf("write to fd failed: %v", err)
+	}
+
+	buf := make([]byte, 1024)
+	n, _, err := conn.ReadFrom(buf)
+	if err != nil {
+		t.Fatalf("read from conn failed: %v", err)
+	}
+	if string(buf[:n]) != string(testData) {
+		t.Errorf("expected %q, got %q", testData, buf[:n])
+	}
+
+	// conn → fd: For Unix socketpairs, use Write() via net.Conn interface
+	// (same as serveDNSPacketConn does when remoteAddress is nil)
+	streamConn, ok := conn.(interface{ Write([]byte) (int, error) })
+	if !ok {
+		t.Fatal("PacketConn should implement Write for socketpair")
+	}
+	testData2 := []byte("hello from conn")
+	_, err = streamConn.Write(testData2)
+	if err != nil {
+		t.Fatalf("write to conn failed: %v", err)
+	}
+
+	n, err = syscall.Read(fd, buf)
+	if err != nil {
+		t.Fatalf("read from fd failed: %v", err)
+	}
+	if string(buf[:n]) != string(testData2) {
+		t.Errorf("expected %q, got %q", testData2, buf[:n])
+	}
+}
+
+func TestCreatePacketSocketPair_MessageBoundary(t *testing.T) {
+	fd, conn, err := createPacketSocketPair()
+	if err != nil {
+		t.Fatalf("createPacketSocketPair failed: %v", err)
+	}
+	defer syscall.Close(fd)
+	defer conn.Close()
+
+	// Send multiple different-sized messages
+	messages := [][]byte{
+		[]byte("short"),
+		make([]byte, 512),
+		make([]byte, 1400),
+	}
+	// Fill with recognizable patterns
+	for i := range messages[1] {
+		messages[1][i] = byte(i % 256)
+	}
+	for i := range messages[2] {
+		messages[2][i] = byte((i * 7) % 256)
+	}
+
+	for _, msg := range messages {
+		_, err = syscall.Write(fd, msg)
+		if err != nil {
+			t.Fatalf("write failed: %v", err)
+		}
+	}
+
+	// Verify each message boundary is preserved
+	for i, expected := range messages {
+		buf := make([]byte, 2048)
+		n, _, err := conn.ReadFrom(buf)
+		if err != nil {
+			t.Fatalf("read %d failed: %v", i, err)
+		}
+		if n != len(expected) {
+			t.Errorf("message %d: expected length %d, got %d", i, len(expected), n)
+		}
+		if string(buf[:n]) != string(expected) {
+			t.Errorf("message %d: content mismatch", i)
+		}
+	}
+}