mihomo
mihomo copied to clipboard
Published
20 hours ago •
MetaCubeX
MetaCubeX
[Bug] 访问 GitHub 出现 Fastly error: unknown domain: github.com.
Verify steps
- [X] 确保你使用的是本仓库最新的的 mihomo 或 mihomo Alpha 版本 Ensure you are using the latest version of Mihomo or Mihomo Alpha from this repository.
- [ ] 如果你可以自己 debug 并解决的话,提交 PR 吧 Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.
- [X] 我已经在 Issue Tracker 中找过我要提出的问题 I have searched on the issue tracker for a related issue.
- [X] 我已经使用 Alpha 分支版本测试过,问题依旧存在 I have tested using the dev branch, and the issue still exists.
- [X] 我已经仔细看过 Documentation 并无法自行解决问题 I have read the documentation and was unable to solve the issue.
- [X] 这是 Mihomo 核心的问题,并非我所使用的 Mihomo 衍生版本(如 OpenMihomo、KoolMihomo 等)的特定问题 This is an issue of the Mihomo core per se, not to the derivatives of Mihomo, like OpenMihomo or KoolMihomo.
Mihomo version
Mihomo Meta alpha-e601130 darwin amd64 with go1.21.6 Tue Jan 30 11:42:09 UTC 2024 Use tags: with_gvisor
What OS are you seeing the problem on?
macOS
Mihomo config
mode: rule
mixed-port: 7897
allow-lan: false
log-level: debug
ipv6: false
secret: ''
external-controller: 127.0.0.1:9097
dns:
enable: true
default-nameserver:
- 119.29.29.29
- 223.5.5.5
nameserver:
- https://dot.pub/dns-query
- https://dns.alidns.com/dns-query
- tls://dot.pub
- tls://dns.alidns.com
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
fallback: []
tun:
enable: true
stack: gvisor
dns-hijack:
- any:53
auto-route: true
auto-detect-interface: true
script:
shortcuts:
quic: network == 'udp' and dst_port == 443 and (geoip(resolve_ip(host)) != 'CN' or geoip(dst_ip) != 'CN')
redir-port: 7892
proxy-groups:
- type: select
name: 默认出口
proxies:
- 自动回落
- 自动选择
- 手动选择1
- name: 自动回落
type: fallback
proxies:
- 手动选择1
- 手动选择2
- 自动选择
url: http://www.gstatic.com/generate_204
interval: 10
- type: select
name: 手动选择1
proxies:
- dler-hk-to-sg
- dler-sg-to-sg
- 🇺🇸 美国 IEPL [01] [Air]
- 🇺🇸 美国 IEPL [02] [Air]
- 🇭🇰 香港 IEPL [01] [Air]
- 🇭🇰 香港 IEPL [02] [Air]
- 🇭🇰 香港 IEPL [03] [Std]
- 🇭🇰 香港 IEPL [04] [Std]
- 备用-🇭🇰 Hong Kong 01
- 备用-🇭🇰 Hong Kong 02
- 备用-🇭🇰 Hong Kong 03
- 备用-🇭🇰 Hong Kong 04
- 备用-🇯🇵 Japan 01
- 备用-🇯🇵 Japan 02
- 备用-🇯🇵 Japan 03
- 备用-🇯🇵 Japan 04
- 备用-🇺🇸 United States 01
- 备用-🇺🇸 United States 02
- 备用-🇺🇸 United States 03
- 备用-🇺🇸 United States 04
- 备用-🇯🇵 Japan[Home] 3.0x
- 备用-🇺🇸 United States[Home] 3.0x
- 备用2-CU|美国1|x1
- 备用2-IEPL|美国1|x3
- 备用2-IEPL|美国2|家庭宽带|x3
- 备用2-IEPL|香港1|x3
- 备用2-IEPL|香港2|NF|x3
- 备用2-IPV6|美国1|x0.1
- ekko-hostdare-direct-trojan
- ekko-oracle-direct-trojan
- ekko-s1-trojan-ipv6
- ekko-s1-direct-trojan
- home-trojan-v6
- work
use:
- gohome
- type: select
name: OpenAI
proxies:
- dler-hk-to-sg
- dler-sg-to-sg
- 🇺🇸 美国 IEPL [01] [Air]
- 🇺🇸 美国 IEPL [02] [Air]
- 🇭🇰 香港 IEPL [01] [Air]
- 🇭🇰 香港 IEPL [02] [Air]
- 🇭🇰 香港 IEPL [03] [Std]
- 🇭🇰 香港 IEPL [04] [Std]
- 备用-🇭🇰 Hong Kong 01
- 备用-🇭🇰 Hong Kong 02
- 备用-🇭🇰 Hong Kong 03
- 备用-🇭🇰 Hong Kong 04
- 备用-🇯🇵 Japan 01
- 备用-🇯🇵 Japan 02
- 备用-🇯🇵 Japan 03
- 备用-🇯🇵 Japan 04
- 备用-🇺🇸 United States 01
- 备用-🇺🇸 United States 02
- 备用-🇺🇸 United States 03
- 备用-🇺🇸 United States 04
- 备用-🇯🇵 Japan[Home] 3.0x
- 备用-🇺🇸 United States[Home] 3.0x
- 备用2-CU|美国1|x1
- 备用2-IEPL|美国1|x3
- 备用2-IEPL|美国2|家庭宽带|x3
- 备用2-IEPL|香港1|x3
- 备用2-IEPL|香港2|NF|x3
- 备用2-IPV6|美国1|x0.1
- ekko-hostdare-direct-trojan
- ekko-oracle-direct-trojan
- ekko-s1-trojan-ipv6
- ekko-s1-direct-trojan
- home-trojan-v6
- work
- type: select
name: Claude
proxies:
- dler-hk-to-sg
- dler-sg-to-sg
- 🇺🇸 美国 IEPL [01] [Air]
- 🇺🇸 美国 IEPL [02] [Air]
- 🇭🇰 香港 IEPL [01] [Air]
- 🇭🇰 香港 IEPL [02] [Air]
- 🇭🇰 香港 IEPL [03] [Std]
- 🇭🇰 香港 IEPL [04] [Std]
- 备用-🇭🇰 Hong Kong 01
- 备用-🇭🇰 Hong Kong 02
- 备用-🇭🇰 Hong Kong 03
- 备用-🇭🇰 Hong Kong 04
- 备用-🇯🇵 Japan 01
- 备用-🇯🇵 Japan 02
- 备用-🇯🇵 Japan 03
- 备用-🇯🇵 Japan 04
- 备用-🇺🇸 United States 01
- 备用-🇺🇸 United States 02
- 备用-🇺🇸 United States 03
- 备用-🇺🇸 United States 04
- 备用-🇯🇵 Japan[Home] 3.0x
- 备用-🇺🇸 United States[Home] 3.0x
- 备用2-CU|美国1|x1
- 备用2-IEPL|美国1|x3
- 备用2-IEPL|美国2|家庭宽带|x3
- 备用2-IEPL|香港1|x3
- 备用2-IEPL|香港2|NF|x3
- 备用2-IPV6|美国1|x0.1
- ekko-hostdare-direct-trojan
- ekko-oracle-direct-trojan
- ekko-s1-trojan-ipv6
- ekko-s1-direct-trojan
- home-trojan-v6
- work
- type: select
name: 手动选择2
proxies:
- dler-hk-to-sg
- dler-sg-to-sg
- 🇺🇸 美国 IEPL [01] [Air]
- 🇺🇸 美国 IEPL [02] [Air]
- 🇭🇰 香港 IEPL [01] [Air]
- 🇭🇰 香港 IEPL [02] [Air]
- 🇭🇰 香港 IEPL [03] [Std]
- 🇭🇰 香港 IEPL [04] [Std]
- 备用-🇭🇰 Hong Kong 01
- 备用-🇭🇰 Hong Kong 02
- 备用-🇭🇰 Hong Kong 03
- 备用-🇭🇰 Hong Kong 04
- 备用-🇯🇵 Japan 01
- 备用-🇯🇵 Japan 02
- 备用-🇯🇵 Japan 03
- 备用-🇯🇵 Japan 04
- 备用-🇺🇸 United States 01
- 备用-🇺🇸 United States 02
- 备用-🇺🇸 United States 03
- 备用-🇺🇸 United States 04
- 备用-🇯🇵 Japan[Home] 3.0x
- 备用-🇺🇸 United States[Home] 3.0x
- 备用2-CU|美国1|x1
- 备用2-IEPL|美国1|x3
- 备用2-IEPL|美国2|家庭宽带|x3
- 备用2-IEPL|香港1|x3
- 备用2-IEPL|香港2|NF|x3
- 备用2-IPV6|美国1|x0.1
- ekko-hostdare-direct-trojan
- ekko-oracle-direct-trojan
- ekko-s1-trojan-ipv6
- ekko-s1-direct-trojan
- home-trojan-v6
- work
- type: url-test
name: 自动选择
proxies:
- dler-hk-to-sg
- dler-sg-to-sg
- 🇺🇸 美国 IEPL [01] [Air]
- 🇺🇸 美国 IEPL [02] [Air]
- 🇭🇰 香港 IEPL [01] [Air]
- 🇭🇰 香港 IEPL [02] [Air]
- 🇭🇰 香港 IEPL [03] [Std]
- 🇭🇰 香港 IEPL [04] [Std]
- 备用-🇭🇰 Hong Kong 01
- 备用-🇭🇰 Hong Kong 02
- 备用-🇭🇰 Hong Kong 03
- 备用-🇭🇰 Hong Kong 04
- 备用-🇯🇵 Japan 01
- 备用-🇯🇵 Japan 02
- 备用-🇯🇵 Japan 03
- 备用-🇯🇵 Japan 04
- 备用-🇺🇸 United States 01
- 备用-🇺🇸 United States 02
- 备用-🇺🇸 United States 03
- 备用-🇺🇸 United States 04
- 备用-🇯🇵 Japan[Home] 3.0x
- 备用-🇺🇸 United States[Home] 3.0x
- 备用2-CU|美国1|x1
- 备用2-IEPL|美国1|x3
- 备用2-IEPL|美国2|家庭宽带|x3
- 备用2-IEPL|香港1|x3
- 备用2-IEPL|香港2|NF|x3
- 备用2-IPV6|美国1|x0.1
- ekko-hostdare-direct-trojan
- ekko-oracle-direct-trojan
- ekko-s1-trojan-ipv6
- ekko-s1-direct-trojan
- home-trojan-v6
- work
url: http://www.gstatic.com/generate_204
interval: 120
- type: select
name: 回家跳板手动选择
proxies:
- dler-hk-to-sg
- dler-sg-to-sg
- 🇺🇸 美国 IEPL [01] [Air]
- 🇺🇸 美国 IEPL [02] [Air]
- 🇭🇰 香港 IEPL [01] [Air]
- 🇭🇰 香港 IEPL [02] [Air]
- 🇭🇰 香港 IEPL [03] [Std]
- 🇭🇰 香港 IEPL [04] [Std]
- 备用-🇭🇰 Hong Kong 01
- 备用-🇭🇰 Hong Kong 02
- 备用-🇭🇰 Hong Kong 03
- 备用-🇭🇰 Hong Kong 04
- 备用-🇯🇵 Japan 01
- 备用-🇯🇵 Japan 02
- 备用-🇯🇵 Japan 03
- 备用-🇯🇵 Japan 04
- 备用-🇺🇸 United States 01
- 备用-🇺🇸 United States 02
- 备用-🇺🇸 United States 03
- 备用-🇺🇸 United States 04
- 备用-🇯🇵 Japan[Home] 3.0x
- 备用-🇺🇸 United States[Home] 3.0x
- 备用2-CU|美国1|x1
- 备用2-IEPL|美国1|x3
- 备用2-IEPL|美国2|家庭宽带|x3
- 备用2-IEPL|香港1|x3
- 备用2-IEPL|香港2|NF|x3
- 备用2-IPV6|美国1|x0.1
- ekko-hostdare-direct-trojan
- ekko-oracle-direct-trojan
- ekko-s1-trojan-ipv6
- ekko-s1-direct-trojan
- home-trojan-v6
- work
- name: Home-Relay
type: select
use:
- gohome
proxies:
- Home-Relay-By-Self-Proxy
- Home-Relay-By-Proxy
- name: Home-Relay-By-Self-Proxy
type: relay
proxies:
- 回家跳板手动选择
- ekko-s1-direct-trojan
- home-trojan-v6
- name: Home-Relay-By-Proxy
type: relay
proxies:
- 回家跳板手动选择
- home-trojan-v6
- type: url-test
name: HK
proxies:
- dler-hk-to-sg
- 🇭🇰 香港 IEPL [01] [Air]
- 🇭🇰 香港 IEPL [02] [Air]
- 🇭🇰 香港 IEPL [03] [Std]
- 🇭🇰 香港 IEPL [04] [Std]
- 备用2-IEPL|香港1|x3
- 备用2-IEPL|香港2|NF|x3
url: http://www.gstatic.com/generate_204
interval: 120
rules:
- AND, ((NETWORK,UDP), (DST-PORT,443),(NOT,((GEOIP,CN)))),REJECT
- DOMAIN-SUFFIX,audiences.me,HK
- DOMAIN-SUFFIX,hhanclub.top,HK
- DOMAIN-SUFFIX,52pt.site,HK
- DOMAIN-SUFFIX,btschool.club,HK
- DOMAIN-SUFFIX,m-team.cc,HK
- DOMAIN-SUFFIX,m-team.io,HK
- DOMAIN-SUFFIX,hdchina.org,HK
- DOMAIN-SUFFIX,hdfans.org,HK
- DOMAIN-KEYWORD,google,默认出口
- DOMAIN-KEYWORD,bing,OpenAI
- DOMAIN-SUFFIX,copilot.microsoft.com,OpenAI
- DOMAIN-SUFFIX,openai.com,OpenAI
- DOMAIN-SUFFIX,anthropic.com,Claude
- IP-CIDR,10.10.106.201/32,DIRECT
- IP-CIDR,192.168.33.1/24,Home-Relay
- DOMAIN-SUFFIX,dash.applovin.com,DIRECT
- DOMAIN-SUFFIX,hq1.appsflyer.com,DIRECT
- DOMAIN-SUFFIX,cli.im,DIRECT
- IP-CIDR,159.138.42.223/32,DIRECT
- IP-CIDR,47.243.120.211/32,DIRECT
- DOMAIN-SUFFIX,apple.com.cn,DIRECT
- DOMAIN-SUFFIX,apple.com,DIRECT
- IP-CIDR,192.168.214.1/24,work
- IP-CIDR,192.168.215.1/24,work
- IP-CIDR,192.168.18.123/32,work
- IP-CIDR,172.16.31.1/24,work
- IP-CIDR,192.168.0.252/24,work
- IP-CIDR,10.10.0.0/24,work
- DOMAIN-SUFFIX,local,DIRECT
- IP-CIDR,127.0.0.0/8,DIRECT
- IP-CIDR,172.16.0.0/12,DIRECT
- IP-CIDR,192.168.0.0/16,DIRECT
- IP-CIDR,10.0.0.0/8,DIRECT
- IP-CIDR,100.64.0.0/10,DIRECT
- GEOIP,CN,DIRECT
- MATCH,默认出口
Mihomo log
No response
Description
用的 Clash-Verge+1.18 内核,TUN 模式,Edge 浏览器,ss 代理节点,开了自动关闭连接,订阅 1 分钟刷新一次,刷新后访问 GitHub 就很容易遇到
Fastly error: unknown domain: github.com. Please check that this domain has been added to a service.
Details: cache-qpg1255-QPG
遇到这个错误后,在连接列表中查不到 github.com 的连接,刷新网页也不会有
出错信息
请求 URL:
https://github.com/
请求方法:
GET
状态代码:
500 Internal Server Error
远程地址:
198.18.0.5:443
引用者策略:
strict-origin-when-cross-origin
在出错时刷新网页,会一直对 198.18.0.5 这个 IP 进行请求
此时 dig github.com 会返回
❯ dig github.com
; <<>> DiG 9.10.6 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41388
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0x0001, udp: 4096
;; QUESTION SECTION:
;github.com. IN A
;; ANSWER SECTION:
github.com. 1 IN A 198.18.0.7
;; Query time: 0 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Jan 31 14:15:15 CST 2024
;; MSG SIZE rcvd: 55
在 edge://net-internals/#sockets 中 close idle sockets 后再刷新就能正常访问,并且连接列表中会正常出现 github.com,此时请求 IP 会变成一个新的 IP
在浏览器控制台中将出错的请求复制成 curl 命令并在终端执行,能得到 200 的结果,但是请求的不是在浏览器中请求的 IP,下面的例子中就是请求的 198.18.0.7,而在浏览器中持续报错的是 198.18.0.5
❯ curl -v https://github.com/ > /dev/null
* processing: https://github.com/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 198.18.0.7:443...
* Connected to github.com (198.18.0.7) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2459 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [80 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
* start date: Feb 14 00:00:00 2023 GMT
* expire date: Mar 14 23:59:59 2024 GMT
* subjectAltName: host "github.com" matched cert's "github.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
* SSL certificate verify ok.
} [5 bytes data]
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: github.com]
* h2 [:path: /]
* h2 [user-agent: curl/8.2.1]
* h2 [accept: */*]
* Using Stream ID: 1
} [5 bytes data]
> GET / HTTP/2
> Host: github.com
> User-Agent: curl/8.2.1
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/2 200
< server: GitHub.com
< date: Wed, 31 Jan 2024 06:17:21 GMT
< content-type: text/html; charset=utf-8
< vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Language, Accept-Encoding, Accept, X-Requested-With
< content-language: en-US
< etag: W/"e39b3134ff83a049d554090a34d3b39e"
< cache-control: max-age=0, private, must-revalidate
< strict-transport-security: max-age=31536000; includeSubdomains; preload
< x-frame-options: deny
< x-content-type-options: nosniff
< x-xss-protection: 0
< referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
< content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com github.githubassets.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
< set-cookie: _gh_sess=H20beDRl6owJYmV53BWrOJ%2BtKCn8bFa7JuxLvGND9mF7oJMuVbfyr5Y1TQIBF3%2F8pEwp1zrAYAEBWR3giCEOPitjYTMNfnyjEHY5CCVspDUgSYs8aPi%2BnFD01uMuzTwoEC3F4i55XZ8N75SN%2BjHVEBAeyOIeZGkSzfX274ku5wnlxOqYjDl3bkI1027G%2Fwd2e2CmvncR0w7DkTrZ2vWxWwpP5nuog7a2yy7F4%2F4yIX9qirE9E%2BohQASx355cUkNTL4%2BY6ZKjb%2BkY9Jpd4O03Lg%3D%3D--yEbDMOmnn%2BG5%2BGbW--JnLNLo3t2Bmq0mxZodbR6g%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
< set-cookie: _octo=GH1.1.745130108.1706681848; Path=/; Domain=github.com; Expires=Fri, 31 Jan 2025 06:17:28 GMT; Secure; SameSite=Lax
< set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 31 Jan 2025 06:17:28 GMT; HttpOnly; Secure; SameSite=Lax
< accept-ranges: bytes
< x-github-request-id: 9C44:1DE793:766D09:84FCDA:65B9E5F8
<
{ [5 bytes data]
100 203k 0 203k 0 0 645k 0 --:--:-- --:--:-- --:--:-- 646k
* Connection #0 to host github.com left intact
出错期间,可以用 lsof 看到一条始终存在的连接
❯ sudo lsof -n -i | grep -e LISTEN -e ESTABLISHED | grep Microsoft | grep 198.18.0.5: Microsoft 59325 ciel 43u IPv4 0x562c64df5e52fe51 0t0 TCP 198.18.0.1:62715->198.18.0.5:https (ESTABLISHED)
close idle sockets 后这条就不见了
再之后刷新网页,返回 200,但是 IP 已经变成了 198.18.0.7
请求 URL:
https://github.com/
请求方法:
GET
状态代码:
200 OK
远程地址:
198.18.0.7:443
引用者策略:
strict-origin-when-cross-origin
在出错时,用 curl 请求,将 github.com 强制解析到有问题的 IP,也能正常访问
❯ curl --resolve 'github.com:443:192.18.0.5' 'https://github.com/' \
--compressed -v > /dev/null
* processing: https://github.com/
* Added github.com:443:192.18.0.5 to DNS cache
* Hostname github.com was found in DNS cache
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 192.18.0.5:443...
* Connected to github.com (192.18.0.5) port 443
* ALPN: offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2459 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [78 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
* start date: Feb 14 00:00:00 2023 GMT
* expire date: Mar 14 23:59:59 2024 GMT
* subjectAltName: host "github.com" matched cert's "github.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
* SSL certificate verify ok.
} [5 bytes data]
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: github.com]
* h2 [:path: /]
* h2 [user-agent: curl/8.2.1]
* h2 [accept: */*]
* h2 [accept-encoding: deflate, gzip, br, zstd]
* Using Stream ID: 1
} [5 bytes data]
> GET / HTTP/2
> Host: github.com
> User-Agent: curl/8.2.1
> Accept: */*
> Accept-Encoding: deflate, gzip, br, zstd
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/2 200
< server: GitHub.com
< date: Wed, 31 Jan 2024 09:48:39 GMT
< content-type: text/html; charset=utf-8
< vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Language, Accept-Encoding, Accept, X-Requested-With
< content-language: en-US
< etag: W/"c2a0d479322e0a1068d245f2ab0cf218"
< cache-control: max-age=0, private, must-revalidate
< strict-transport-security: max-age=31536000; includeSubdomains; preload
< x-frame-options: deny
< x-content-type-options: nosniff
< x-xss-protection: 0
< referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
< content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com github.githubassets.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
< content-encoding: gzip
< set-cookie: _gh_sess=1XQRlonrk%2BDACI%2FjAz4okIRHf38Vqq8tKq7e9N8LYzmkRvPJB1wUqXT2dbdXMCdnRaRkWZdgIJw3m7I46fOMP3wNU4tAmMwGQPIxFjptC44wOA0ZzPDHglqrj6IB3Yy55jQpcciIXoxHudgOFmJUnVLehj7Uhp6wxxDp8NplYUiewm0i5q%2Bk%2BRo9g5Nfp3L1iU23Z%2FNDt3TvrIhy2UjC%2FLaYen85sj3WImuHjaN2oaRLzYtMy09akA92Uqs9E7FhirW2IZMirr3bsE12xG2vmg%3D%3D--ElRnYpuFFrjTqn3m--Zj%2BqfsBVh0UqMkzQYI7CyQ%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
< set-cookie: _octo=GH1.1.291426682.1706694524; Path=/; Domain=github.com; Expires=Fri, 31 Jan 2025 09:48:44 GMT; Secure; SameSite=Lax
< set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 31 Jan 2025 09:48:44 GMT; HttpOnly; Secure; SameSite=Lax
< accept-ranges: bytes
< x-github-request-id: B5DA:1F2CBB:7FEB79:8E58E0:65BA177C
<
{ [5 bytes data]
100 37865 0 37865 0 0 134k 0 --:--:-- --:--:-- --:--:-- 134k
* Connection #0 to host github.com left intact
似乎是某种状态下会导致 fake-ip DNS 不失效,导致 Edge 一直对旧 IP 进行请求 或者连接没有正常关闭导致 Edge 不会请求新的 DNS
另外观察连接列表后发现在订阅刷新后并不会导致所有连接都断开
附上一点浏览器的日志 edge-net-export-log 2.json.zip
1.16.0 正常 1.17.0 正常 1.18.0 有问题
c5d1db7905245f5947d3f6134617dd6123d6a054 有问题 f63acc02026c727ab40932a90a7231b26eb65577 有问题 f572e7fba8eeb13b448c4d01f4b6a2ed9944bd00 没有问题 2d73bcb951d82765cdce03da972a2a9d0e4c887f 没有问题
所以是由于 https://github.com/MetaCubeX/mihomo/commit/f63acc02026c727ab40932a90a7231b26eb65577 引入的问题
https://github.com/MetaCubeX/mihomo/commit/f572e7fba8eeb13b448c4d01f4b6a2ed9944bd00 也遇到过出错了,所以上面结论不准确,继续观察了