UDP 端口转发，中间通过 socks 协议传输数据失败

[nebulabox]

Operating system

Linux

System version

Debian 11.8

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

`--# sing-box version
sing-box version 1.7.6

Environment: go1.21.5 linux/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: aeb7308e81263bd1a4671710a1027dfc8fc6174b
CGO: disabled

Description

我希望转发UDP数据从 A 机器(sing-box client) 经过 B (sing-box server) 转发到 C (google dns) 为了简单测试，以下实验是在同一台设备上进行的。

Reproduction

使用描述中的配置文件，UDP 转发测试无法成功。 我测试了TCP转发，配置对应改动为TCP之后，以上流程是没有问题的。

1. Server 配置，转发 outbound 到 google dns， 输入接受 sing-box socks5 client 连接 （也测试了shadowsocks也失败） cat > /etc/sing-box-relay.json << EOF { "log": { "disabled": false, "level": "debug", "timestamp": false }, "outbounds": [ { "type": "direct", "override_address": "8.8.8.8", "override_port": 53, "proxy_protocol": 0 } ], "inbounds": [ { "type": "socks", "listen": "0.0.0.0", "listen_port": 2008, "udp_fragment": true, "udp_timeout": "5s" } ] } EOF

2. Client 配置，为了简化测试，Client位于同一台机器上，希望使用 tcp sock5 连接服务器，同时开启 udp over tcp。监听 2006 端口 udp直接进入的数据。 cat > /etc/sing-box-relay-client.json << EOF { "log": { "disabled": false, "level": "debug", "timestamp": false }, "outbounds": [ { "type": "socks", "server": "127.0.0.1", "server_port": 2008, "network": "tcp", "udp_over_tcp": true } ], "inbounds": [ { "type": "direct", "tag": "direct-in", "listen": "0.0.0.0", "listen_port": 2006, "network": "udp" } ] } EOF

3. UDP数据传输测试，失败。不能返回信息。中间client部分出现报错，服务端似乎没有接到数据，详见 logs 部分 dig @localhost -p 2006 www.google.com

Logs

# 服务端 log
`--# sing-box run --config /etc/sing-box-relay.json
INFO[0000] router: updated default interface eth0, index 2
INFO[0000] inbound/socks[0]: tcp server started at 0.0.0.0:2008
INFO[0000] sing-box started (0.00s)

# 客户端 log
`--# sing-box run --config /etc/sing-box-relay-client.json
INFO[0000] router: using socks[0] as default outbound for connection
INFO[0000] router: using direct[direct] as default outbound for packet connection
INFO[0000] router: updated default interface eth0, index 2
INFO[0000] inbound/direct[direct-in]: udp server started at 0.0.0.0:2006
INFO[0000] sing-box started (0.00s)
INFO[0002] [4012064642 0ms] inbound/direct[direct-in]: inbound packet connection from 127.0.0.1:60545
INFO[0002] [4012064642 0ms] outbound/direct: outbound packet connection
DEBUG[0002] [139682174 0ms] inbound/direct[direct-in]: connection closed: upload: write udp [::]:48268->:0: sendto: invalid argument | download: raw-read udp [::]:48268: use of closed network connection
INFO[0008] [985469997 0ms] inbound/direct[direct-in]: inbound packet connection from 127.0.0.1:60545
INFO[0008] [985469997 0ms] outbound/direct: outbound packet connection
DEBUG[0008] [962262140 0ms] inbound/direct[direct-in]: connection closed: upload: write udp [::]:40099->:0: sendto: invalid argument | download: raw-read udp [::]:40099: use of closed network connection
INFO[0014] [261511394 0ms] inbound/direct[direct-in]: inbound packet connection from 127.0.0.1:60545
INFO[0014] [261511394 0ms] outbound/direct: outbound packet connection
DEBUG[0014] [3209591839 0ms] inbound/direct[direct-in]: connection closed: upload: write udp [::]:41592->:0: sendto: invalid argument | download: raw-read udp [::]:41592: use of closed network connection

Integrity requirements

• [X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• [X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
• [X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
• [X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.