sing-box
sing-box copied to clipboard
Published
20 hours ago •
SagerNet
SagerNet
sing-box作为tuic客户端时,和mihomo(clash-meta)服务器端配合则无法代理quic
操作系统
Linux
系统版本
Ubuntu 22.04
安装类型
sing-box 原始命令行程序
如果您使用图形客户端程序,请提供该程序版本。
No response
版本
sing-box version 1.8.0
Environment: go1.21.5 linux/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 11bec79a06268f00e7c5a7d5509245855d6dd522
CGO: disabled
描述
sing-box作为tuic客户端时,和mihomo(clash-meta)服务器端配合则无法代理quic
重现方式
为了排除没必要的干扰,使用Linux作为测试环境,以便tun使用include_uid限定生效范围。
quic连接由支持http3的curl发起。
日志
No response
完整性要求
- [X] 我保证阅读了文档,了解所有我编写的配置文件项的含义,而不是大量堆砌看似有用的选项或默认值。
- [X] 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程,而不是一个脱敏的复杂客户端配置文件。
- [X] 我保证提供了可用于重现我报告的错误的最简配置,而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
- [X] 我保证提供了完整的配置文件与日志,而不是出于对自身智力的自信而仅提供了部分认为有用的部分。
客户端发送域名的情况
协议:tuic 客户端:sing-box 服务器端:mihomo(clash-meta)
使用curl强制以http3访问 https://cloudflare.com/cdn-cgi/trace
sing-box复现最小配置
{
"log": {
"disabled": false,
"level": "trace",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "dns-remote",
"address": "https://8.8.8.8/dns-query",
"detour": "proxy"
},
{
"tag": "fake-dns",
"address": "fakeip"
}
],
"fakeip": {
"enabled": true,
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18"
},
"rules": [
{
"inbound": "tun-in",
"query_type": [
"A",
"AAAA"
],
"server": "fake-dns",
"rewrite_ttl": 1
}
],
"independent_cache": true,
"strategy": "prefer_ipv6"
},
"inbounds": [
{
"type": "tun",
"tag": "tun-in",
"interface_name": "tun0",
"inet4_address": "172.19.0.1/30",
"inet6_address": "fdfe:dcba:9876::1/126",
"auto_route": true,
"strict_route": false,
"include_uid": [
1002
],
"sniff": true
}
],
"outbounds": [
{
"type": "tuic",
"tag": "proxy",
"server": "",
"server_port": 443,
"uuid": "",
"password": "",
"congestion_control": "bbr",
"udp_relay_mode": "native",
"tls": {
"alpn": "h3",
"enabled": true,
"server_name": ""
}
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
}
],
"auto_detect_interface": true
}
}
sing-box日志
+0800 2024-01-08 23:36:09 INFO router: updated default interface eth0, index 2
+0800 2024-01-08 23:36:09 TRACE inbound/tun[tun-in]: creating stack
+0800 2024-01-08 23:36:09 INFO inbound/tun[tun-in]: started at tun0
+0800 2024-01-08 23:36:09 INFO sing-box started (0.66s)
+0800 2024-01-08 23:36:12 INFO [1552864670 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:32374
+0800 2024-01-08 23:36:12 INFO [1552864670 0ms] inbound/tun[tun-in]: inbound packet connection to 1.1.1.1:53
+0800 2024-01-08 23:36:12 INFO [3102023756 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:48741
+0800 2024-01-08 23:36:12 INFO [3102023756 0ms] inbound/tun[tun-in]: inbound packet connection to 172.19.0.2:53
+0800 2024-01-08 23:36:12 DEBUG [3102023756 0ms] router: sniffed packet protocol: dns
+0800 2024-01-08 23:36:12 INFO [1448869276 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:11298
+0800 2024-01-08 23:36:12 INFO [1448869276 0ms] inbound/tun[tun-in]: inbound packet connection to 172.19.0.2:53
+0800 2024-01-08 23:36:12 DEBUG [3102023756 1ms] router: match[0] protocol=dns => dns-out
+0800 2024-01-08 23:36:12 DEBUG [1448869276 0ms] router: sniffed packet protocol: dns
+0800 2024-01-08 23:36:12 DEBUG [1448869276 1ms] router: match[0] protocol=dns => dns-out
+0800 2024-01-08 23:36:12 DEBUG dns: exchange cloudflare.com. IN A
+0800 2024-01-08 23:36:12 DEBUG dns: match[0] inbound=tun-in query_type=[A AAAA] => fake-dns
+0800 2024-01-08 23:36:12 INFO [2084494797 0ms] inbound/tun[tun-in]: inbound packet connection from [fdfe:dcba:9876::1]:32374
+0800 2024-01-08 23:36:12 INFO [2084494797 2ms] inbound/tun[tun-in]: inbound packet connection to [2606:4700:4700::1111]:53
+0800 2024-01-08 23:36:12 DEBUG [2084494797 2ms] router: sniffed packet protocol: dns
+0800 2024-01-08 23:36:12 DEBUG [2084494797 2ms] router: match[0] protocol=dns => dns-out
+0800 2024-01-08 23:36:12 DEBUG dns: exchange cloudflare.com. IN AAAA
+0800 2024-01-08 23:36:12 DEBUG dns: match[0] inbound=tun-in query_type=[A AAAA] => fake-dns
+0800 2024-01-08 23:36:12 INFO dns: exchanged cloudflare.com. AAAA cloudflare.com. 1 IN AAAA fc00::3
+0800 2024-01-08 23:36:12 INFO dns: exchanged cloudflare.com. A cloudflare.com. 1 IN A 198.18.0.3
+0800 2024-01-08 23:36:12 DEBUG dns: exchange cloudflare.com. IN AAAA
+0800 2024-01-08 23:36:12 DEBUG dns: match[0] inbound=tun-in query_type=[A AAAA] => fake-dns
+0800 2024-01-08 23:36:12 DEBUG [1552864670 0ms] router: sniffed packet protocol: dns
+0800 2024-01-08 23:36:12 DEBUG [1552864670 3ms] router: match[0] protocol=dns => dns-out
+0800 2024-01-08 23:36:12 DEBUG dns: cached cloudflare.com NOERROR 0
+0800 2024-01-08 23:36:12 INFO dns: cached cloudflare.com AAAA cloudflare.com. 0 IN AAAA fc00::3
+0800 2024-01-08 23:36:12 DEBUG dns: exchange cloudflare.com. IN AAAA
+0800 2024-01-08 23:36:12 DEBUG dns: match[0] inbound=tun-in query_type=[A AAAA] => fake-dns
+0800 2024-01-08 23:36:12 INFO dns: exchanged cloudflare.com. AAAA cloudflare.com. 0 IN AAAA fc00::3
+0800 2024-01-08 23:36:12 DEBUG dns: cached cloudflare.com NOERROR 0
+0800 2024-01-08 23:36:12 INFO dns: cached cloudflare.com AAAA cloudflare.com. 0 IN AAAA fc00::3
+0800 2024-01-08 23:36:12 INFO dns: exchanged cloudflare.com. AAAA cloudflare.com. 0 IN AAAA fc00::3
+0800 2024-01-08 23:36:12 DEBUG dns: exchange cloudflare.com. IN A
+0800 2024-01-08 23:36:12 DEBUG dns: match[0] inbound=tun-in query_type=[A AAAA] => fake-dns
+0800 2024-01-08 23:36:12 DEBUG dns: cached cloudflare.com NOERROR 0
+0800 2024-01-08 23:36:12 INFO dns: cached cloudflare.com A cloudflare.com. 0 IN A 198.18.0.3
+0800 2024-01-08 23:36:12 INFO dns: exchanged cloudflare.com. A cloudflare.com. 0 IN A 198.18.0.3
+0800 2024-01-08 23:36:12 DEBUG dns: exchange cloudflare.com. IN A
+0800 2024-01-08 23:36:12 DEBUG dns: match[0] inbound=tun-in query_type=[A AAAA] => fake-dns
+0800 2024-01-08 23:36:12 DEBUG dns: cached cloudflare.com NOERROR 0
+0800 2024-01-08 23:36:12 INFO dns: cached cloudflare.com A cloudflare.com. 0 IN A 198.18.0.3
+0800 2024-01-08 23:36:12 INFO dns: exchanged cloudflare.com. A cloudflare.com. 0 IN A 198.18.0.3
+0800 2024-01-08 23:36:12 DEBUG dns: exchange cloudflare.com. IN A
+0800 2024-01-08 23:36:12 DEBUG dns: match[0] inbound=tun-in query_type=[A AAAA] => fake-dns
+0800 2024-01-08 23:36:12 DEBUG dns: cached cloudflare.com NOERROR 0
+0800 2024-01-08 23:36:12 INFO dns: cached cloudflare.com A cloudflare.com. 0 IN A 198.18.0.3
+0800 2024-01-08 23:36:12 INFO dns: exchanged cloudflare.com. A cloudflare.com. 0 IN A 198.18.0.3
+0800 2024-01-08 23:36:12 DEBUG dns: exchange cloudflare.com. IN AAAA
+0800 2024-01-08 23:36:12 DEBUG dns: match[0] inbound=tun-in query_type=[A AAAA] => fake-dns
+0800 2024-01-08 23:36:12 DEBUG dns: cached cloudflare.com NOERROR 0
+0800 2024-01-08 23:36:12 INFO dns: cached cloudflare.com AAAA cloudflare.com. 0 IN AAAA fc00::3
+0800 2024-01-08 23:36:12 INFO dns: exchanged cloudflare.com. AAAA cloudflare.com. 0 IN AAAA fc00::3
+0800 2024-01-08 23:36:12 INFO [2389859315 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:23953
+0800 2024-01-08 23:36:12 INFO [2389859315 0ms] inbound/tun[tun-in]: inbound packet connection to 198.18.0.3:443
+0800 2024-01-08 23:36:12 DEBUG [2389859315 0ms] router: found fakeip domain: cloudflare.com
+0800 2024-01-08 23:36:12 DEBUG [2389859315 1ms] router: sniffed packet protocol: quic, domain: cloudflare.com
+0800 2024-01-08 23:36:12 INFO [2389859315 1ms] outbound/tuic[proxy]: outbound packet connection to cloudflare.com:443
+0800 2024-01-08 23:36:12 INFO [4262820336 0ms] inbound/tun[tun-in]: inbound packet connection from [fdfe:dcba:9876::1]:57785
+0800 2024-01-08 23:36:12 INFO [4262820336 0ms] inbound/tun[tun-in]: inbound packet connection to [fc00::3]:443
+0800 2024-01-08 23:36:12 DEBUG [4262820336 0ms] router: found fakeip domain: cloudflare.com
+0800 2024-01-08 23:36:12 DEBUG [4262820336 0ms] router: sniffed packet protocol: quic, domain: cloudflare.com
+0800 2024-01-08 23:36:12 INFO [4262820336 0ms] outbound/tuic[proxy]: outbound packet connection to cloudflare.com:443
+0800 2024-01-08 23:36:22 DEBUG [1552864670 10.0s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled
+0800 2024-01-08 23:36:22 DEBUG [2084494797 10.0s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled
+0800 2024-01-08 23:36:22 DEBUG [1448869276 10.0s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled
+0800 2024-01-08 23:36:22 DEBUG [3102023756 10.0s] inbound/tun[tun-in]: connection closed: EOF | upstream: context canceled
+0800 2024-01-08 23:36:49 DEBUG [4262820336 37.0s] inbound/tun[tun-in]: connection closed: upload: read udp [fc00::3]:443: i/o timeout | download: io: read/write on closed pipe | upstream: context canceled
+0800 2024-01-08 23:36:49 DEBUG [2389859315 37.19s] inbound/tun[tun-in]: connection closed: upload: read udp 198.18.0.3:443: i/o timeout | download: io: read/write on closed pipe | upstream: context canceled
curl返回 curl: (55) ngtcp2_conn_handle_expiry returned error: ERR_HANDSHAKE_TIMEOUT
mihomo(clash-meta)服务器端日志
1月 08 23:36:06 WZWWEB clash[50054]: time="2024-01-08T23:36:06.593102591+08:00" level=info msg="Start initial configuration in progress"
1月 08 23:36:06 WZWWEB clash[50054]: time="2024-01-08T23:36:06.593293984+08:00" level=info msg="Geodata Loader mode: memconservative"
1月 08 23:36:06 WZWWEB clash[50054]: time="2024-01-08T23:36:06.593306828+08:00" level=info msg="Geosite Matcher implementation: succinct"
1月 08 23:36:06 WZWWEB clash[50054]: time="2024-01-08T23:36:06.59355039+08:00" level=info msg="Initial configuration complete, total time: 0ms"
1月 08 23:36:06 WZWWEB clash[50054]: time="2024-01-08T23:36:06.614210581+08:00" level=info msg="Sniffer is closed"
1月 08 23:36:06 WZWWEB clash[50054]: time="2024-01-08T23:36:06.618799569+08:00" level=info msg="Tuic[tuic-in] proxy listening at: [::]:444"
1月 08 23:36:06 WZWWEB clash[50054]: time="2024-01-08T23:36:06.620744516+08:00" level=info msg="Start initial Compatible provider default"
1月 08 23:36:13 WZWWEB clash[50054]: time="2024-01-08T23:36:13.534501988+08:00" level=info msg="[UDP] 客户端IP:63386 --> 198.18.0.3:443 doesn't match any rule using DIRECT"
1月 08 23:36:13 WZWWEB clash[50054]: time="2024-01-08T23:36:13.534768252+08:00" level=info msg="[UDP] 客户端IP:63386 --> [fc00::3]:443 doesn't match any rule using DIRECT"
看起来似乎sing-box直接将fakeip发送至服务器端了?
再测一次客户端直接发送IP的情况
协议:tuic 客户端:sing-box 服务器端:mihomo(clash-meta)
使用curl强制以http3访问 https://1.1.1.1/cdn-cgi/trace
sing-box复现最小配置
{
"log": {
"disabled": false,
"level": "trace",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "dns-remote",
"address": "https://8.8.8.8/dns-query",
"detour": "proxy"
},
{
"tag": "fake-dns",
"address": "fakeip"
}
],
"fakeip": {
"enabled": true,
"inet4_range": "198.18.0.0/15",
"inet6_range": "fc00::/18"
},
"rules": [
{
"inbound": "tun-in",
"query_type": [
"A",
"AAAA"
],
"server": "fake-dns",
"rewrite_ttl": 1
}
],
"independent_cache": true,
"strategy": "prefer_ipv6"
},
"inbounds": [
{
"type": "tun",
"tag": "tun-in",
"interface_name": "tun0",
"inet4_address": "172.19.0.1/30",
"inet6_address": "fdfe:dcba:9876::1/126",
"auto_route": true,
"strict_route": false,
"include_uid": [
1002
],
"sniff": true
}
],
"outbounds": [
{
"type": "tuic",
"tag": "proxy",
"server": "",
"server_port": 443,
"uuid": "",
"password": "",
"congestion_control": "bbr",
"udp_relay_mode": "native",
"tls": {
"alpn": "h3",
"enabled": true,
"server_name": ""
}
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
}
],
"auto_detect_interface": true
}
}
sing-box日志
+0800 2024-01-08 23:43:44 INFO router: updated default interface eth0, index 2
+0800 2024-01-08 23:43:44 TRACE inbound/tun[tun-in]: creating stack
+0800 2024-01-08 23:43:44 INFO inbound/tun[tun-in]: started at tun0
+0800 2024-01-08 23:43:44 INFO sing-box started (0.100s)
+0800 2024-01-08 23:43:57 INFO [1624277812 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:52385
+0800 2024-01-08 23:43:57 INFO [1624277812 1ms] inbound/tun[tun-in]: inbound packet connection to 1.1.1.1:443
+0800 2024-01-08 23:43:57 DEBUG [1624277812 5ms] router: sniffed packet protocol: quic, domain: 1.1.1.1
+0800 2024-01-08 23:43:57 INFO [1624277812 5ms] outbound/tuic[proxy]: outbound packet connection to 1.1.1.1:443
+0800 2024-01-08 23:43:58 INFO [994261243 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:52385
+0800 2024-01-08 23:43:58 INFO [994261243 0ms] inbound/tun[tun-in]: inbound packet connection to 1.1.1.1:443
+0800 2024-01-08 23:43:58 INFO [994261243 1ms] outbound/tuic[proxy]: outbound packet connection to 1.1.1.1:443
+0800 2024-01-08 23:43:58 DEBUG [1624277812 1.31s] inbound/tun[tun-in]: connection closed: upload: message too large (maximum: 1197 bytes) | download: io: read/write on closed pipe
+0800 2024-01-08 23:43:59 DEBUG [994261243 415ms] inbound/tun[tun-in]: connection closed: upload: message too large (maximum: 1197 bytes) | download: io: read/write on closed pipe
+0800 2024-01-08 23:43:59 INFO [1007685115 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:52385
+0800 2024-01-08 23:43:59 INFO [1007685115 0ms] inbound/tun[tun-in]: inbound packet connection to 1.1.1.1:443
+0800 2024-01-08 23:43:59 INFO [1007685115 0ms] outbound/tuic[proxy]: outbound packet connection to 1.1.1.1:443
+0800 2024-01-08 23:43:59 DEBUG [1007685115 1ms] inbound/tun[tun-in]: connection closed: upload: message too large (maximum: 1197 bytes) | download: io: read/write on closed pipe
+0800 2024-01-08 23:44:00 INFO [1100047879 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:52385
+0800 2024-01-08 23:44:00 INFO [1100047879 0ms] inbound/tun[tun-in]: inbound packet connection to 1.1.1.1:443
+0800 2024-01-08 23:44:00 INFO [1100047879 0ms] outbound/tuic[proxy]: outbound packet connection to 1.1.1.1:443
curl经过很长一段时间后返回 curl: (55) sendmsg() returned -1 (errno 5); disable GSO
mihomo(clash-meta)服务器端日志
1月 08 23:43:37 WZWWEB clash[50088]: time="2024-01-08T23:43:37.519417578+08:00" level=info msg="Start initial configuration in progress"
1月 08 23:43:37 WZWWEB clash[50088]: time="2024-01-08T23:43:37.519937125+08:00" level=info msg="Geodata Loader mode: memconservative"
1月 08 23:43:37 WZWWEB clash[50088]: time="2024-01-08T23:43:37.520016125+08:00" level=info msg="Geosite Matcher implementation: succinct"
1月 08 23:43:37 WZWWEB clash[50088]: time="2024-01-08T23:43:37.520318681+08:00" level=info msg="Initial configuration complete, total time: 0ms"
1月 08 23:43:37 WZWWEB clash[50088]: time="2024-01-08T23:43:37.537093566+08:00" level=info msg="Sniffer is closed"
1月 08 23:43:37 WZWWEB clash[50088]: time="2024-01-08T23:43:37.540101382+08:00" level=info msg="Tuic[tuic-in] proxy listening at: [::]:444"
1月 08 23:43:37 WZWWEB clash[50088]: time="2024-01-08T23:43:37.541802236+08:00" level=info msg="Start initial Compatible provider default"
1月 08 23:43:58 WZWWEB clash[50088]: time="2024-01-08T23:43:58.66302562+08:00" level=info msg="[UDP] 客户端IP:38001 --> 1.1.1.1:443 doesn't match any rule using DIRECT"
1月 08 23:43:58 WZWWEB clash[50088]: time="2024-01-08T23:43:58.987814878+08:00" level=info msg="[UDP] 客户端IP:38001 --> 1.1.1.1:443 doesn't match any rule using DIRECT"
1月 08 23:44:00 WZWWEB clash[50088]: time="2024-01-08T23:44:00.161353977+08:00" level=info msg="[UDP] 客户端IP:38001 --> 1.1.1.1:443 doesn't match any rule using DIRECT"
嗨,我最近在代理游戏时遇到了可能有关的问题
它使用udp,但在使用 tun->direct 时,游戏无法接受到任何返回的数据包(抓包显示确实如此),tun->proxy (服务端为 sing-box )情况也一样,观察 clash api 面板,能看到 udp 入站
但使用 tproxy 入站时,一切都很正常
我怀疑是 tun 对 udp 数据包异常处理引起的问题
我使用的版本是
sing-box version 1.8.0
Environment: go1.21.5 linux/arm64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 11bec79a06268f00e7c5a7d5509245855d6dd522
CGO: disabled
系统是 openwrt arm64
你是否能在 tun->direct 时,测试使用curl强制以http3访问https://1.1.1.1/cdn-cgi/trace以进一步排除干扰?
嗨,我最近在代理游戏时遇到了可能有关的问题
它使用udp,但在使用 tun->direct 时,游戏无法接受到任何返回的数据包(抓包显示确实如此),tun->proxy (服务端为 sing-box )情况也一样,观察 clash api 面板,能看到 udp 入站
但使用 tproxy 入站时,一切都很正常
我怀疑是 tun 对 udp 数据包异常处理引起的问题
我使用的版本是
sing-box version 1.8.0 Environment: go1.21.5 linux/arm64 Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api Revision: 11bec79a06268f00e7c5a7d5509245855d6dd522 CGO: disabled系统是 openwrt arm64
你是否能在 tun->direct 时,测试使用
curl强制以http3访问https://1.1.1.1/cdn-cgi/trace以进一步排除干扰?
how to build v1.8.x for openwrt2023?
它使用udp,但在使用 tun->direct 时,游戏无法接受到任何返回的数据包(抓包显示确实如此),tun->proxy (服务端为 sing-box )情况也一样,观察 clash api 面板,能看到 udp 入站
tun 的 udp 入站问题在 1.8.2 版本已得到修复
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}