Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tproxy quic sniffer 不通 #476

Closed
4 tasks done
heygo1345678 opened this issue Mar 26, 2023 · 1 comment
Closed
4 tasks done

tproxy quic sniffer 不通 #476

heygo1345678 opened this issue Mar 26, 2023 · 1 comment
Labels
enhancement New feature or request Stale

Comments

@heygo1345678
Copy link

Welcome

  • Yes, I'm using the latest major release. Only such installations are supported.
  • Yes, I'm using the latest Golang release. Only such installations are supported.
  • Yes, I've searched similar issues on GitHub and didn't find any.
  • Yes, I've included all information below (version, FULL config, FULL log, etc).

Description of the problem

我之前测试了 xray和v2ray5.4的quic sniffing, v2ray的是正常的,xray的是坏的,刚刚测试sing box,默认 tproxy的quic sniff不通: XTLS/Xray-core#1804

image

iptables部分我都注释掉了
iptables -t mangle -A V2RAY -p udp --dport 443 -j DROP
iptables -t mangle -A V2RAY_MASK -p udp --dport 443 -j DROP

Version of sing-box

$ sing-box version
sing-box version
sing-box version unknown

Environment: go1.20.1 linux/amd64
Tags: with_quic,with_wireguard,with_grpc,with_utls,with_reality_server
CGO: disabled

Server and client configuration file

配置文件:

{
  "dns": {
    "servers": [
      {
        "tag": "google",
        "address": "https://1.1.1.1/dns-query",
     "detour": "direct"
      },
      {
        "tag": "local",
        "address": "114.114.114.114",
        "detour": "direct"
      },
      {
        "tag": "block",
        "address": "rcode://success"
      }
    ],
    "rules": [
      {
        "geosite": "category-ads-all",
        "server": "block",
        "disable_cache": true
      },
      {
        //"domain": "p",
        "geosite": "cn",
        "server": "local"
      }
    ]
   // "strategy": "ipv4_only"
  },
  "inbounds": [
    {
  "type": "tproxy",
  "tag": "tproxy-in",

 "listen": "::",
  "listen_port": 12346,
  "tcp_fast_open": false,
  "udp_fragment": false,
  "sniff": true,
  "sniff_override_destination": true,
  "sniff_timeout": "300ms",
  "domain_strategy": "prefer_ipv6",
  "udp_timeout": 300,
  "proxy_protocol": false,
  "proxy_protocol_accept_no_header": false
 // "detour": "another-in"

  
},

{
  "type": "socks",
  "tag": "socks-in",
  "listen": "::",
  "listen_port": 15353

 
},


{
  "type": "direct",
   "listen": "::",
   "listen_port": 53,
   "network": "udp",
   "sniff": true
}


  ],
  "outbounds": [
  
  {
      "tag": "proxy",
    "packet_encoding": "xudp",
      "type": "vless",
      "server": "2600:",
      "server_port": 443,
      "uuid": "adf7b8e",
      "flow": "xtls-rprx-vision",
      "tls": {
        "enabled": true,
        "server_name": "www.microsoft.com",
        "utls": {
          "enabled": true,
          "fingerprint": "safari"
        },
        "reality": {
          "enabled": true,
          "public_key": "qKcUq229xl4",
          "short_id": ""
        }
      }
   },
  
  {
    
    
  "type": "socks",
  "tag": "proxy2",

  "server": "127.0.0.1",
  "server_port": 10801,
  "version": "5",
  
  "network": "tcp",
  "udp_over_tcp": true

  //... // 拨号字段

},


    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
    {
        "port": 53,
        "outbound": "dns-out"
      },
    
    
    {
        "domain": [
          "nginx.org"
        ],
        
        "outbound": "proxy"
      },
    
    
    
      {
        "geosite": "cn",
        "geoip": [
          "private",
          "cn"
        ],
        "outbound": "direct"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      }
    ]
    //"auto_detect_interface": true
  }
}

Server and client log file

日志:
DEBUG[0030] [1161532165] dns: exchange quic.nginx.org. IN AAAA
DEBUG[0031] [1161532165] dns: exchanged quic.nginx.org NOERROR 600
INFO[0031] [1161532165] dns: exchanged quic.nginx.org SOA nginx.org. 86400 IN SOA ns.nginx.org. hostmaster.nginx.com. 201304644 28800 7200 604800 86400
DEBUG[0035] [3273627549] router: sniffed protocol: tls, domain: quic.nginx.org
DEBUG[0035] [3273627549] dns: lookup domain quic.nginx.org
DEBUG[0035] [3273627549] dns: exchanged quic.nginx.org NOERROR 600
INFO[0035] [3273627549] dns: exchanged quic.nginx.org A quic.nginx.org. 86400 IN A 35.214.218.230
INFO[0035] [3273627549] dns: lookup succeed for quic.nginx.org: 35.214.218.230


INFO[0035] [3273627549] inbound/tproxy[tproxy-in]: inbound connection to 35.214.218.230:443
INFO[0035] [3273627549] dns: exchanged quic.nginx.org A quic.nginx.org. 86400 IN A 35.214.218.230
INFO[0035] [3273627549] dns: lookup succeed for quic.nginx.org: 35.214.218.230
DEBUG[0035] [3273627549] dns: resolved [35.214.218.230]
INFO[0036] [3273627549] outbound/vless[proxy]: outbound connection to 35.214.218.230:443
@nekohasekai nekohasekai added the enhancement New feature or request label Apr 4, 2023
@github-actions
Copy link

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

@github-actions github-actions bot added the Stale label Jun 29, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jul 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nekohasekai @heygo1345678