sing-box icon indicating copy to clipboard operation
sing-box copied to clipboard

Published 20 hours ago verified publisher icon SagerNet

source_ip_cidr 与 ip_cidr 共存的规则不生效

Open doveccl opened this issue 1 year ago • 1 comments

操作系统

Linux

系统版本

Debian 12

安装类型

sing-box 原始命令行程序

版本

sing-box version 1.8.1

Environment: go1.21.6 linux/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: f91a90cad8bc331f9ad7c943dd083c77c3ebfc7f
CGO: disabled

描述

source_ip_cidr 与 ip_cidr 共存的规则不生效 按照官网文档说法,source_ip_cidr ip_cidr 同时存在为 && 关系 实际使用并非如此

重现方式

分别准备两个配置文件 1.json 2.json

{
  "log": {
    "level": "trace"
  },
  "inbounds": [{ "type": "http", "listen": "::", "listen_port": 8080 }],
  "outbounds": [
    { "tag": "direct", "type": "direct" },
    { "tag": "block", "type": "block" }
  ],
  "route": {
    "rules": [
      { "source_ip_cidr": "127.0.0.1/24", "ip_cidr": "1.0.0.0/8", "outbound": "block" },
      { "source_ip_cidr": "127.0.0.1/24", "outbound": "direct" }
    ]
  }
}

{
  "log": {
    "level": "trace"
  },
  "inbounds": [{ "type": "http", "listen": "::", "listen_port": 8080 }],
  "outbounds": [
    { "tag": "direct", "type": "direct" },
    { "tag": "block", "type": "block" }
  ],
  "route": {
    "rules": [
      { "source_ip_cidr": "127.0.0.1/24", "ip_cidr": "1.0.0.0/8", "outbound": "block" },
      { "ip_cidr": "1.0.0.0/8", "outbound": "direct" }
    ]
  }
}

分别在 sing-box run -c 1.jsonsing-box run -c 2.json 运行过程中使用如下命令

ALL_PROXY=http://127.0.0.1:8080 curl https://1.1.1.1

预期表现是都被 block,实际上都匹配到了 direct 规则

日志

1.log

INFO[0031] [3857153405 0ms] inbound/http[0]: inbound connection from 127.0.0.1:61044
INFO[0031] [3857153405 0ms] inbound/http[0]: inbound connection to 1.1.1.1:443
DEBUG[0031] [3857153405 0ms] router: match[1] source_ipcidr=127.0.0.1/24 => direct
INFO[0031] [3857153405 0ms] outbound/direct[direct]: outbound connection to 1.1.1.1:443

2.log

INFO[0005] [3489940369 0ms] inbound/http[0]: inbound connection from 127.0.0.1:61069
INFO[0005] [3489940369 0ms] inbound/http[0]: inbound connection to 1.1.1.1:443
DEBUG[0005] [3489940369 0ms] router: match[1] ipcidr=1.0.0.0/8 => direct
INFO[0005] [3489940369 0ms] outbound/direct[direct]: outbound connection to 1.1.1.1:443

完整性要求

  • [X] 我保证阅读了文档,了解所有我编写的配置文件项的含义,而不是大量堆砌看似有用的选项或默认值。
  • [X] 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程,而不是一个脱敏的复杂客户端配置文件。
  • [X] 我保证提供了可用于重现我报告的错误的最简配置,而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
  • [X] 我保证提供了完整的配置文件与日志,而不是出于对自身智力的自信而仅提供了部分认为有用的部分。

doveccl avatar Jan 13 '24 09:01 doveccl

@nekohasekai 已更新最小化完整复现流程与日志

doveccl avatar Jan 15 '24 09:01 doveccl

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

github-actions[bot] avatar Mar 16 '24 01:03 github-actions[bot]