mihomo
mihomo copied to clipboard
Published
20 hours ago •
MetaCubeX
MetaCubeX
[Bug] SUB-RULE 括号内的进程匹配规则无效
Verify steps
- [X] 确保你使用的是本仓库最新的的 mihomo 或 mihomo Alpha 版本 Ensure you are using the latest version of Mihomo or Mihomo Alpha from this repository.
- [X] 如果你可以自己 debug 并解决的话,提交 PR 吧 Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.
- [X] 我已经在 Issue Tracker 中找过我要提出的问题 I have searched on the issue tracker for a related issue.
- [X] 我已经使用 Alpha 分支版本测试过,问题依旧存在 I have tested using the dev branch, and the issue still exists.
- [X] 我已经仔细看过 Documentation 并无法自行解决问题 I have read the documentation and was unable to solve the issue.
- [X] 这是 Mihomo 核心的问题,并非我所使用的 Mihomo 衍生版本(如 OpenMihomo、KoolMihomo 等)的特定问题 This is an issue of the Mihomo core per se, not to the derivatives of Mihomo, like OpenMihomo or KoolMihomo.
Mihomo version
alpha-92129b3
What OS are you seeing the problem on?
Windows
Mihomo config
log-level: debug
profile:
store-selected: true
store-fake-ip: false
#██████████████████████
#███ █████ ████ ███
#███ █████ ███ ███
#███ █████ █ ██ ███
#███ █████ ██ █ ███
#███ █████ ███ ███
#██████████████████████
allow-lan: true
bind-address: "*"
ipv6: false
port: 21101
socks-port: 21102
mixed-port: 21103
tun:
enable: true
stack: system
auto-route: true
auto-detect-interface: true
mtu: 1480
dns-hijack:
- any:53
dns:
enable: true
listen: 0.0.0.0:53
ipv6: false
enhanced-mode: redir-host
use-hosts: true
prefer-h3: true
nameserver-policy:
proxy-server-nameserver:
- https://1.1.1.1/dns-query#h3=true&DIRECT
- https://1.0.0.1/dns-query#h3=true&DIRECT
- https://9.9.9.9/dns-query#h3=true&DIRECT
- https://208.67.222.222/dns-query#h3=true&DIRECT&DIRECT
default-nameserver:
- https://1.1.1.1/dns-query#h3=true&DIRECT
- https://1.0.0.1/dns-query#h3=true&DIRECT
- https://9.9.9.9/dns-query#h3=true&DIRECT
- https://208.67.222.222/dns-query#h3=true&DIRECT
nameserver:
- https://1.1.1.1/dns-query#h3=true&DIRECT
- https://1.0.0.1/dns-query#h3=true&DIRECT
- https://9.9.9.9/dns-query#h3=true&DIRECT
- https://208.67.222.222/dns-query#h3=true&DIRECT&DIRECT
#██████████████████████████████████████████████████
#███ ██████ ████ █████ ██████████ ███
#███ ███ █████ ████ █████ ██████████ ████████
#███ ██████ ████ █████ ██████████ █████
#███ ███ █████ ████ █████ ██████████ ████████
#███ ███ ██████ ██████ █████ ███
#██████████████████████████████████████████████████
mode: rule
find-process-mode: strict
geodata-mode: false
geox-url:
mmdb: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.metadb"
geoip: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat"
geosite: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat"
geodata-loader: standard
rule-providers:
RPT:
type: http
behavior: classical
url: "http://192.168.1.14/Rule/RPT.yaml"
path: ./Provider/Rule/RPT.yaml
interval: 3600
rules:
# - PROCESS-NAME,xxx.exe,REJECT
- SUB-RULE,(RULE-SET,RPT),SR1
- MATCH,REJECT
sub-rules:
SR1:
- DOMAIN-SUFFIX,browserleaks.com,DIRECT
- MATCH,DIRECT
#████████████████████████████████████████
#████ ██████ ████ █████ ███
#███ ████ █████ ████ ████████ ██████
#███ ████ █████ ████ ████████ ██████
#███ ████ █████ ████ ████████ ██████
#████ ███████ █████████ ██████
#████████████████████████████████████████
unified-delay: false
tcp-concurrent: false
keep-alive-interval: 10
global-client-fingerprint: chrome
sniffer:
enable: true
force-dns-mapping: true
parse-pure-ip: true
override-destination: true
sniff:
HTTP:
ports: [80, 8080-8880]
override-destination: true
TLS:
ports: [443, 8443]
override-destination: true
QUIC:
ports: [443, 8443]
override-destination: true
force-domain:
skip-domain:
proxies:
Mihomo log
C:\Users\username\Desktop\Mihomo>cd /d C:\Users\username\Desktop\Mihomo\
C:\Users\username\Desktop\Mihomo>title Mihomo TEST
C:\Users\username\Desktop\Mihomo>Mihomo.exe -d \ -ext-ui \MetaCubeXD -ext-ctl 0.0.0.0:21100 -f "C:\Users\username\Desktop\TEST.yaml"
INFO[2023-12-06T11:14:59.5212426+08:00] Start initial configuration in progress
INFO[2023-12-06T11:14:59.5223978+08:00] Geodata Loader mode: standard
INFO[2023-12-06T11:14:59.5223978+08:00] Initial configuration complete, total time: 0ms
INFO[2023-12-06T11:14:59.5230192+08:00] Sniffer is loaded and working
INFO[2023-12-06T11:14:59.5241689+08:00] DNS server listening at: [::]:53
INFO[2023-12-06T11:14:59.5241689+08:00] RESTful API listening at: [::]:21100
INFO[2023-12-06T11:14:59.5247277+08:00] HTTP proxy listening at: [::]:21101
INFO[2023-12-06T11:14:59.5252448+08:00] SOCKS proxy listening at: [::]:21102
INFO[2023-12-06T11:14:59.5252448+08:00] Mixed(http+socks) proxy listening at: [::]:21103
WARN[2023-12-06T11:14:59.5275362+08:00] [TUN] default interface changed by monitor, => Ethernet
INFO[2023-12-06T11:14:59.7726186+08:00] [TUN] Tun adapter listening at: Meta([198.18.0.1/30],[]), mtu: 1480, auto route: true, ip stack: System
INFO[2023-12-06T11:14:59.7726186+08:00] Start initial compatible provider default
INFO[2023-12-06T11:14:59.7731664+08:00] Start initial provider RPT
DEBU[2023-12-06T11:14:59.7805107+08:00] [https://9.9.9.9:443/dns-query] using HTTP/3 for this upstream: QUIC was faster
DEBU[2023-12-06T11:14:59.7805107+08:00] [https://208.67.222.222:443/dns-query] using HTTP/3 for this upstream: QUIC was faster
DEBU[2023-12-06T11:14:59.7805107+08:00] [https://1.1.1.1:443/dns-query] using HTTP/3 for this upstream: QUIC was faster
DEBU[2023-12-06T11:14:59.7805107+08:00] [https://1.0.0.1:443/dns-query] using HTTP/3 for this upstream: QUIC was faster
DEBU[2023-12-06T11:14:59.830062+08:00] [Rule] use default rules
INFO[2023-12-06T11:14:59.8330451+08:00] [UDP] 198.18.0.1:137 --> 198.18.0.3:137 match using REJECT
DEBU[2023-12-06T11:15:00.2550483+08:00] [DNS] hijack udp:198.18.0.2:53 from 198.18.0.1:54278
DEBU[2023-12-06T11:15:00.2550483+08:00] [DNS] resolve www.msftconnecttest.com from https://208.67.222.222:443/dns-query
DEBU[2023-12-06T11:15:00.2550483+08:00] [DNS] resolve www.msftconnecttest.com from https://9.9.9.9:443/dns-query
DEBU[2023-12-06T11:15:00.2550483+08:00] [DNS] resolve www.msftconnecttest.com from https://1.1.1.1:443/dns-query
DEBU[2023-12-06T11:15:00.2550483+08:00] [DNS] resolve www.msftconnecttest.com from https://1.0.0.1:443/dns-query
DEBU[2023-12-06T11:15:00.4565528+08:00] [DNS] www.msftconnecttest.com --> [96.7.128.82 96.7.128.50 96.7.128.53 96.7.128.55 96.7.128.73 96.7.128.46 96.7.128.47 96.7.128.80 96.7.128.69] A from https://1.0.0.1:443/dns-query
DEBU[2023-12-06T11:15:00.6104859+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:00.6172312+08:00] [UDP] 198.18.0.1:137 --> 198.18.0.3:137 match using REJECT
DEBU[2023-12-06T11:15:00.702465+08:00] [DNS] cp.cloudflare.com --> [104.16.132.229 104.16.133.229] A from https://1.0.0.1:443/dns-query
DEBU[2023-12-06T11:15:00.7365256+08:00] re-creating the http client due to requesting https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA3d3dw9tc2Z0Y29ubmVjdHRlc3QDY29tAAABAAE: Get_0rtt "https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAAmNwCmNsb3VkZmxhcmUDY29tAAABAAE": H3_REQUEST_CANCELLED (local)
DEBU[2023-12-06T11:15:00.773188+08:00] [https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA3d3dw9tc2Z0Y29ubmVjdHRlc3QDY29tAAABAAE] using HTTP/3 for this upstream: QUIC was faster
DEBU[2023-12-06T11:15:00.8172665+08:00] [Sniffer] Sniff tcp [198.18.0.1:3542]-->[www.msftconnecttest.com:80] success, replace domain [www.msftconnecttest.com]-->[www.msftconnecttest.com]
DEBU[2023-12-06T11:15:00.8190754+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:00.8267013+08:00] [TCP] 198.18.0.1:3542 --> www.msftconnecttest.com:80 match Match using REJECT
DEBU[2023-12-06T11:15:01.3586848+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:01.3586848+08:00] [UDP] 198.18.0.1:137 --> 198.18.0.3:137 match using REJECT
DEBU[2023-12-06T11:15:01.3982894+08:00] Health Checked, proxy: DIRECT, url: https://cp.cloudflare.com/generate_204, alive: true, delay: 1625 ms uid: {6b796a45-a1b9-41c7-a0d5-747847605402}
DEBU[2023-12-06T11:15:01.3987966+08:00] Finish A Health Checking {6b796a45-a1b9-41c7-a0d5-747847605402}
DEBU[2023-12-06T11:15:02.1241048+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:02.1241048+08:00] [UDP] 198.18.0.1:137 --> 198.18.0.3:137 match using REJECT
DEBU[2023-12-06T11:15:04.8324558+08:00] [DNS] hijack udp:198.18.0.2:53 from 198.18.0.1:54807
DEBU[2023-12-06T11:15:04.8329966+08:00] [DNS] resolve browserleaks.com from https://208.67.222.222:443/dns-query
DEBU[2023-12-06T11:15:04.833061+08:00] [DNS] resolve browserleaks.com from https://9.9.9.9:443/dns-query
DEBU[2023-12-06T11:15:04.833061+08:00] [DNS] resolve browserleaks.com from https://1.1.1.1:443/dns-query
DEBU[2023-12-06T11:15:04.833061+08:00] [DNS] resolve browserleaks.com from https://1.0.0.1:443/dns-query
DEBU[2023-12-06T11:15:05.2336085+08:00] [DNS] browserleaks.com --> [104.236.69.55] A from https://1.1.1.1:443/dns-query
DEBU[2023-12-06T11:15:05.2336085+08:00] re-creating the http client due to requesting https://1.0.0.1:443/dns-query?dns=AAABAAABAAAAAAAADGJyb3dzZXJsZWFrcwNjb20AAAEAAQ: Get_0rtt "https://1.0.0.1:443/dns-query?dns=AAABAAABAAAAAAAADGJyb3dzZXJsZWFrcwNjb20AAAEAAQ": H3_REQUEST_CANCELLED (local)
DEBU[2023-12-06T11:15:05.2351171+08:00] [https://1.0.0.1:443/dns-query?dns=AAABAAABAAAAAAAADGJyb3dzZXJsZWFrcwNjb20AAAEAAQ] using HTTP/3 for this upstream: QUIC was faster
DEBU[2023-12-06T11:15:05.2386165+08:00] [Sniffer] Sniff tcp [198.18.0.1:3543]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:05.2386165+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:05.2391551+08:00] [TCP] 198.18.0.1:3543 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:05.2402732+08:00] [Sniffer] Sniff tcp [198.18.0.1:3544]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:05.240827+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:05.240827+08:00] [TCP] 198.18.0.1:3544 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:06.5003504+08:00] [Sniffer] Sniff tcp [198.18.0.1:3545]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:06.5008577+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:06.5020756+08:00] [TCP] 198.18.0.1:3545 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:06.5036385+08:00] [Sniffer] Sniff tcp [198.18.0.1:3546]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:06.5036385+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:06.504292+08:00] [TCP] 198.18.0.1:3546 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:06.8726277+08:00] [Sniffer] Sniff tcp [198.18.0.1:3547]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:06.8726277+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:06.8737647+08:00] [TCP] 198.18.0.1:3547 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:06.8775349+08:00] [Sniffer] Sniff tcp [198.18.0.1:3548]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:06.8783782+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:06.8783782+08:00] [TCP] 198.18.0.1:3548 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:07.895815+08:00] [Sniffer] Sniff tcp [198.18.0.1:3549]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:07.8958324+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:07.896954+08:00] [TCP] 198.18.0.1:3549 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:07.8986113+08:00] [Sniffer] Sniff tcp [198.18.0.1:3550]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:07.89914+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:07.8992022+08:00] [TCP] 198.18.0.1:3550 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:08.6803978+08:00] [Sniffer] Sniff tcp [198.18.0.1:3551]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:08.6809359+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:08.6822239+08:00] [TCP] 198.18.0.1:3551 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:08.6839796+08:00] [Sniffer] Sniff tcp [198.18.0.1:3552]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:08.6839796+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:08.6845233+08:00] [TCP] 198.18.0.1:3552 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:08.8168341+08:00] [Sniffer] Sniff tcp [198.18.0.1:3553]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:08.8168341+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:08.8185079+08:00] [TCP] 198.18.0.1:3553 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:08.8200944+08:00] [Sniffer] Sniff tcp [198.18.0.1:3554]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:08.8200944+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:08.8206401+08:00] [TCP] 198.18.0.1:3554 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.1502117+08:00] [Sniffer] Sniff tcp [198.18.0.1:3555]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.1507406+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.1518671+08:00] [TCP] 198.18.0.1:3555 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.153497+08:00] [Sniffer] Sniff tcp [198.18.0.1:3556]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.153497+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.154041+08:00] [TCP] 198.18.0.1:3556 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.3015819+08:00] [Sniffer] Sniff tcp [198.18.0.1:3557]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.3015819+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.3030973+08:00] [TCP] 198.18.0.1:3557 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.3043855+08:00] [Sniffer] Sniff tcp [198.18.0.1:3558]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.3049206+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.3049854+08:00] [TCP] 198.18.0.1:3558 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.4698032+08:00] [Sniffer] Sniff tcp [198.18.0.1:3559]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.4698032+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.4715106+08:00] [TCP] 198.18.0.1:3559 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.4727862+08:00] [Sniffer] Sniff tcp [198.18.0.1:3560]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.4732931+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.4739558+08:00] [TCP] 198.18.0.1:3560 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.6207452+08:00] [Sniffer] Sniff tcp [198.18.0.1:3561]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.6207836+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.6219046+08:00] [TCP] 198.18.0.1:3561 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.6235+08:00] [Sniffer] Sniff tcp [198.18.0.1:3562]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.6240252+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.6256665+08:00] [TCP] 198.18.0.1:3562 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.7801695+08:00] [Sniffer] Sniff tcp [198.18.0.1:3563]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.7810057+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.7826628+08:00] [TCP] 198.18.0.1:3563 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.7838879+08:00] [Sniffer] Sniff tcp [198.18.0.1:3564]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.7838879+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.7849754+08:00] [TCP] 198.18.0.1:3564 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.9352034+08:00] [Sniffer] Sniff tcp [198.18.0.1:3565]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.9352034+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.9389717+08:00] [TCP] 198.18.0.1:3565 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.9401122+08:00] [Sniffer] Sniff tcp [198.18.0.1:3566]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.940691+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.9417843+08:00] [TCP] 198.18.0.1:3566 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:10.0759332+08:00] [Sniffer] Sniff tcp [198.18.0.1:3567]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:10.0759332+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:10.0771066+08:00] [TCP] 198.18.0.1:3567 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:10.0788112+08:00] [Sniffer] Sniff tcp [198.18.0.1:3568]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:10.0793513+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:10.0793513+08:00] [TCP] 198.18.0.1:3568 --> browserleaks.com:443 match Match using REJECT
Description
疑似 rule provider 里的进程规则没有触发 find process rule 第一行如果不注释掉的话提前触发的话就会正常走direct 反之会被reject
应该是sub-rule的问题,如下配置也不能匹配
rules:
# - PROCESS-NAME,xxx.exe,REJECT
- SUB-RULE,(PROCESS-NAME,chrome.exe),SR1
- MATCH,REJECT
除非提前触发find process,或者 find-process-mode: always
我怎么试都是不行,
这是在rules第一行触发
INFO[2023-12-06T15:23:39.9822432+08:00] [TCP] 198.18.0.1:5079(chrome.exe) --> tls.browserleaks.com:443 match SubRules((PROCESS-NAME,chrome.exe)) using DIRECT
这是把第一行注释掉
INFO[2023-12-06T15:24:41.612551+08:00] [TCP] 198.18.0.1:1832 --> browserleaks.com:443 match Match using REJECT
就删了一个#
发现了同样的问题,SUB-RULE 括号内的使用进程匹配规则无效,NETWORK规则没有问题。
比如下面的规则会匹配到第二行(- PROCESS-NAME,curl.exe,REJECT)而不是第一行(- SUB-RULE,(PROCESS-NAME,curl.exe),test)。
sub-rules:
test:
- MATCH,DIRECT
rules:
- SUB-RULE,(PROCESS-NAME,curl.exe),test
- PROCESS-NAME,curl.exe,REJECT
- MATCH,REJECT
版本: mihomo-linux-amd64-v1.18.4.gz 配置:
find-process-mode: strict
...
rules:
- SUB-RULE,(PROCESS-NAME,aria2c),test
sub-rules:
test:
- GEOIP,cn,DIRECT
可以匹配到进程, 没有问题。
顺便一提, 如果要匹配 RULE-SET 中的 PROCESS-NAME, 比如:
rules:
- SUB-RULE,(RULE-SET,download_process),test
sub-rules:
test:
- GEOIP,cn,DIRECT
find-process-mode 需要为 always 而不是 strict。
