Modify config

example.config.toml

@@ -51,40 +51,26 @@ cloak-port = 443
 # Pass filepath here or '-' if you want to dump into stdout.
 access-file = "-"
 
-# FakeTLS can compare timestamps to prevent probes. Each message has
-# encrypted timestamp. So, mtg can compare this timestamp and decide if
-# we need to proceed with connection or not.
+# network defines different network-related settings
+[network]
+# please be aware that mtg needs to do some external requests. For
+# example, if you do not pass public ips, it will request your public ip
+# address from some external service.
 #
-# Please ensure that you have some ntp active on this host. Otherwise,
-# you can endup with badly performing proxy.
-[probes.time]
-# You can enable/disable that. A good idea is always enable.
-enabled = true
-# Time can be skewed by many reasons. So, this is a time interval
-# when message is cosidered as a good one.
-allow-skewness = "5s"
-
-# Some countries do active probing on Telegram connections. This technique
-# allows to protect from such effort.
+# As for 2.0, if you set a public-ip on your own, mtg won't issue any
+# network requests except of those required for Telegram.
 #
-# mtg has a cache of some connection fingerprints. Actually, first bytes
-# of each connection. So, it stores them in some in-memory LRU+TTL cache.
-# You can configure this cache here.
-[probes.anti-replay]
-# You can enable/disable this feature.
-enabled = true
-# max size of such a cache. Please be aware that this number is
-# approximate we try hard to store data quite dense but it is possible
-# that we can go over this limit for 10-20% under some conditions and
-# architectures.
-max-size = "16mb"
-# TTL for each cache record.
-ttl = "8h"
+# so, in order of doing them, it needs to do DNS lookup. mtg ignores DNS
+# resolver of the operating system and uses DOH instead. This is a host
+# it has to access.
+#
+# By default we use Quad9.
+doh-hostname = "9.9.9.9"
 
 # public ip addresses of the server. Actually, it is required only to
 # generate a correct access file. if you use default values here, mtg
 # will try to resolve these IPs on its own.
-[public-ip]
+[network.public-ip]
 ipv4 = ""
 ipv6 = ""
 
@@ -109,10 +95,40 @@ ipv6 = ""
 # ignored.
 #
 # If telegram dialer is not defined, a default one is going to be used.
-[dialers]
+[network.dialers]
 telegram = ""
 default = ""
 
+# FakeTLS can compare timestamps to prevent probes. Each message has
+# encrypted timestamp. So, mtg can compare this timestamp and decide if
+# we need to proceed with connection or not.
+#
+# Please ensure that you have some ntp active on this host. Otherwise,
+# you can endup with badly performing proxy.
+[probes.time]
+# You can enable/disable that. A good idea is always enable.
+enabled = true
+# Time can be skewed by many reasons. So, this is a time interval
+# when message is cosidered as a good one.
+allow-skewness = "5s"
+
+# Some countries do active probing on Telegram connections. This technique
+# allows to protect from such effort.
+#
+# mtg has a cache of some connection fingerprints. Actually, first bytes
+# of each connection. So, it stores them in some in-memory LRU+TTL cache.
+# You can configure this cache here.
+[probes.anti-replay]
+# You can enable/disable this feature.
+enabled = true
+# max size of such a cache. Please be aware that this number is
+# approximate we try hard to store data quite dense but it is possible
+# that we can go over this limit for 10-20% under some conditions and
+# architectures.
+max-size = "16mb"
+# TTL for each cache record.
+ttl = "8h"
+
 # statsd statistics integration.
 [stats.statsd]
 # enabled/disabled

go.sum

@@ -9,12 +9,14 @@ github.com/pelletier/go-toml v1.8.1 h1:1Nf83orprkJyknT6h7zbuEGUEjcyVlCxSUGTENmNC
 github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr8meMVVGxhp+QBTqY91tM8HjEuMjGg=
 github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s=
 github.com/shadowsocks/go-shadowsocks2 v0.1.4 h1:4VzajPL7RwwmImysBSvI+lm/UaegDGQq3hr42dYo3gs=
 github.com/shadowsocks/go-shadowsocks2 v0.1.4/go.mod h1:AGGpIoek4HRno4xzyFiAtLHkOpcoznZEkAccaI/rplM=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 h1:/ZScEX8SfEmUGRHs0gxpqteO5nfNW6axyZbBdw9A12g=
@@ -33,4 +35,5 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

mtglib/network/network.go

@@ -30,9 +30,11 @@ func (d *Network) DialContext(ctx context.Context, network, address string) (net
 		return nil, fmt.Errorf("cannot resolve dns names: %w", err)
 	}
 
-	rand.Shuffle(len(ips), func(i, j int) {
-		ips[i], ips[j] = ips[j], ips[i]
-	})
+	if len(ips) > 1 {
+		rand.Shuffle(len(ips), func(i, j int) {
+			ips[i], ips[j] = ips[j], ips[i]
+		})
+	}
 
 	for _, v := range ips {
 		if conn, err := d.dialer.DialContext(ctx, network, net.JoinHostPort(v, port)); err == nil {

raw_config.go

@@ -26,14 +26,17 @@ type rawConfig struct {
 			TTL     string `toml:"ttl"`
 		} `toml:"anti-replay"`
 	} `toml:"probes"`
-	PublicIP struct {
-		IPv4 string `toml:"ipv4"`
-		IPv6 string `toml:"ipv6"`
-	} `toml:"public-ip"`
-	Dialers struct {
-		Telegram string `toml:"telegram"`
-		Default  string `toml:"default"`
-	} `toml:"dialers"`
+	Network struct {
+		PublicIP struct {
+			IPv4 string `toml:"ipv4"`
+			IPv6 string `toml:"ipv6"`
+		} `toml:"public-ip"`
+		Dialers struct {
+			Telegram string `toml:"telegram"`
+			Default  string `toml:"default"`
+		} `toml:"dialers"`
+		DOHHostname string `toml:"doh-hostname"`
+	} `toml:"network"`
 	Stats struct {
 		StatsD struct {
 			Enabled      bool   `toml:"enabled"`