sing-box
sing-box copied to clipboard
Published
20 hours ago •
SagerNet
SagerNet
High cpu usage by "DNS Client" in tun mode
Operating system
Windows
System version
Windows10 22H2
Installation type
Original sing-box Command Line
If you are using a graphical client, please provide the version of the client.
No response
Version
sing-box version 1.9.3
Environment: go1.22.4 windows/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 085f60337799afc906069b540a38368968c123e4
CGO: disabled
Description
After run sing-box in tun mode, CPU usage of DNS Client process gradually increase causing the system to freeze eventually. Packet capture reveals massive amount of packets in STUN protocol.
Reproduction
The problem should occur very soon after running sing-box with tun inbound, but some times it do not occur immediately. The homepage of Bilibili live(bilibili直播) almost always trigger this phenomenon.
The config I'm using:
{
"log": {
"level": "info",
"timestamp": true
},
"experimental": {
"cache_file": {
"enabled": true,
"store_fakeip": false,
"store_rdrc": false
}
},
"inbounds": [
{
"type": "tun",
"interface_name": "singbox-tun",
"inet4_address": "172.19.0.1/30",
"inet6_address": "4569:3291:3551::1/126",
"mtu": 9000,
"auto_route": true,
"strict_route": true,
"endpoint_independent_nat": true,
"stack": "gvisor",
"sniff": true,
"sniff_override_destination": false,
"domain_strategy": "prefer_ipv4"
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
},
{
"type": "dns",
"tag": "dns-out"
}
],
"route": {
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
}
],
"final":"direct",
"auto_detect_interface": true
},
"dns": {
"servers": [
{
"tag": "dns-server",
"address": "https://223.5.5.5/dns-query",
"detour": "direct"
}
],
"disable_cache": false,
"disable_expire": false,
"independent_cache": false,
"rules": [
{
"outbound": "any",
"server": "dns-server"
}
],
"final": "dns-server",
"strategy": "prefer_ipv4"
}
}
Logs
Sing-box log:
+0800 2024-07-06 23:25:16 INFO [2010800207 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:54784
+0800 2024-07-06 23:25:16 INFO [2010800207 0ms] inbound/tun[3]: inbound packet connection to [2402:f000:4:1008:809:ffff:fffe:eec9]:52520
+0800 2024-07-06 23:25:16 INFO [2010800207 0ms] outbound/direct[direct]: outbound packet connection
+0800 2024-07-06 23:25:16 INFO [782018462 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:54785
+0800 2024-07-06 23:25:16 INFO [782018462 0ms] inbound/tun[3]: inbound packet connection to [2409:8a28:986d:d1f0:3099:44d3:fb3:afe8]:57116
+0800 2024-07-06 23:25:16 INFO [782018462 0ms] outbound/direct[direct]: outbound packet connection
+0800 2024-07-06 23:25:16 INFO [632222511 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:54786
+0800 2024-07-06 23:25:16 INFO [632222511 0ms] inbound/tun[3]: inbound packet connection to [2409:8a28:6278:9c31:b46e:2e7:76d4:58eb]:58137
+0800 2024-07-06 23:25:16 INFO [632222511 0ms] outbound/direct[direct]: outbound packet connection
+0800 2024-07-06 23:25:16 INFO [3059023179 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:51290
+0800 2024-07-06 23:25:16 INFO [3059023179 0ms] inbound/tun[3]: inbound packet connection to [2402:f000:4:1008:809:ffff:fffe:eec9]:52520
+0800 2024-07-06 23:25:16 INFO [3059023179 0ms] outbound/direct[direct]: outbound packet connection
+0800 2024-07-06 23:25:16 INFO [2794596030 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:51291
+0800 2024-07-06 23:25:16 INFO [2794596030 0ms] inbound/tun[3]: inbound packet connection to [2409:8a28:986d:d1f0:3099:44d3:fb3:afe8]:57116
+0800 2024-07-06 23:25:16 INFO [2794596030 0ms] outbound/direct[direct]: outbound packet connection
+0800 2024-07-06 23:25:16 INFO [1446049926 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:51292
+0800 2024-07-06 23:25:16 INFO [1446049926 0ms] inbound/tun[3]: inbound packet connection to [2409:8a28:6278:9c31:b46e:2e7:76d4:58eb]:58137
+0800 2024-07-06 23:25:16 INFO [1446049926 0ms] outbound/direct[direct]: outbound packet connection
+0800 2024-07-06 23:25:16 INFO [103640086 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:51293
+0800 2024-07-06 23:25:16 INFO [103640086 0ms] inbound/tun[3]: inbound packet connection to [2402:f000:4:1008:809:ffff:fffe:eec9]:52520
+0800 2024-07-06 23:25:16 INFO [103640086 0ms] outbound/direct[direct]: outbound packet connection
+0800 2024-07-06 23:25:16 INFO [3783054023 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:51294
+0800 2024-07-06 23:25:16 INFO [3783054023 0ms] inbound/tun[3]: inbound packet connection to [2409:8a28:986d:d1f0:3099:44d3:fb3:afe8]:57116
+0800 2024-07-06 23:25:16 INFO [3783054023 0ms] outbound/direct[direct]: outbound packet connection
The majority of the rest are repetition of above pattern.
Wireshark packet capture:
1. destination with prefix 2408
2.223944 fdfe:dcba:9876::1 295 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c STUN 156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.224024 fdfe:dcba:9876::1 296 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c STUN 156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.224051 fdfe:dcba:9876::1 297 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c STUN 156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.224074 fdfe:dcba:9876::1 298 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c STUN 156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.224093 fdfe:dcba:9876::1 299 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c STUN 156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.692300 fdfe:dcba:9876::1 361 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c STUN 156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.692365 fdfe:dcba:9876::1 362 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c STUN 156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.692392 fdfe:dcba:9876::1 363 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c STUN 156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.692419 fdfe:dcba:9876::1 364 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c STUN 156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.692439 fdfe:dcba:9876::1 365 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c STUN 156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
3.028764 fdfe:dcba:9876::1 410 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c ICMPv6 66 Neighbor Solicitation for 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c
2. destination with prefix fd9e:
9.510255 fdfe:dcba:9876::1 1310 fd9e:6b9c:f5bf:0:32a6:12ff:fe09:c6b2 STUN 156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
9.510327 fdfe:dcba:9876::1 1311 fd9e:6b9c:f5bf:0:32a6:12ff:fe09:c6b2 STUN 156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
9.510354 fdfe:dcba:9876::1 1312 fd9e:6b9c:f5bf:0:32a6:12ff:fe09:c6b2 STUN 156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
9.510374 fdfe:dcba:9876::1 1313 fd9e:6b9c:f5bf:0:32a6:12ff:fe09:c6b2 STUN 156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
9.510392 fdfe:dcba:9876::1 1314 fd9e:6b9c:f5bf:0:32a6:12ff:fe09:c6b2 STUN 156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
10.024868 fdfe:dcba:9876::1 1368 fd9e:6b9c:f5bf:0:32a6:12ff:fe09:c6b2 ICMPv6 66 Neighbor Solicitation for fd9e:6b9c:f5bf:0:32a6:12ff:fe09:c6b2
The packet in ICMPv6 always has an invalid option length:
ICMPv6 Option (Source link-layer address
Type: Source link-layer address (1)
Length: 0 (0 bytes)
[Expert Info (Error/Malformed): Invalid option length (Zero)]
[Invalid option length (Zero)]
[Severity level: Error]
[Group: Malformed]
Supporter
- [ ] I am a sponsor
Integrity requirements
- [X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
- [X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
- [X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
- [X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.
