ShellCrash
ShellCrash copied to clipboard
Published
20 hours ago •
juewuy
juewuy
[Bug] 小米设备开启Tun无法使用本地局域网的代理集
Verify steps
- [X] 我已经在 Issue Tracker 中找过我要提出的问题 I have searched on the issue tracker for a related issue.
- [X] 我已经使用公测版本测试过,问题依旧存在 I have tested using the test mod, and the issue still exists.
- [X] 我已经仔细看过 常见问题 并无法自行解决问题
Description
用Redir模式就正常,只要开启混合模式和Tun模式,内核本身无法更新搭建的本地局域网订阅http://192.168.10.2:3001
[warning] [TCP] dial 🎯 全球直连 (match GeoIP/lan) mihomo --> 192.168.10.2:3001 error: connect failed: dial tcp 192.168.10.2:3001: i/o timeout
同时入站的代理端口也无法连接到局域网,均timeout 本机用curl和wget是能正常获取文件的,确定两者通信肯定没问题的,仅仅内核本身无法连接。
已尝试: 1.将ShellCrash安装在其他设备,在小米ax3600和小米ax5400上均不行,唯一在旁路由的N1上是正常的。 2.更换其他版本meta v1.18.5和 meta v1.18.1均不行。 3.更换其他版本ShellCrash稳定版和开发版均不行。 4.尝试裸核运行貌似也是不行(不依靠ShellCrash尝试手动运行/tmp/ShellCrash/CrashCore -d /overlay/ShellCrash -f /tmp/ShellCrash/config.yaml)
我不清楚这是小米Tun问题还是内核配置问题?希望大佬能看看。
Debug日志(去除了部分DNS和健康检查日志):
time="2024-06-16T07:29:49.75474294Z" level=info msg="Start initial configuration in progress"
time="2024-06-16T07:29:49.757636084Z" level=info msg="Geodata Loader mode: memconservative"
time="2024-06-16T07:29:49.757779145Z" level=info msg="Geosite Matcher implementation: succinct"
time="2024-06-16T07:29:49.761363272Z" level=info msg="Initial configuration complete, total time: 6ms"
time="2024-06-16T07:29:49.762482033Z" level=info msg="RESTful API listening at: [::]:9999"
time="2024-06-16T07:29:49.802598994Z" level=info msg="Authentication of local server updated"
time="2024-06-16T07:29:49.802766897Z" level=info msg="Sniffer is loaded and working"
time="2024-06-16T07:29:49.80297589Z" level=info msg="Use routing mark: 0x1ed6"
time="2024-06-16T07:29:49.803674217Z" level=info msg="DNS server listening at: [::]:1053"
time="2024-06-16T07:29:49.80414475Z" level=info msg="Redirect proxy listening at: [::]:7892"
time="2024-06-16T07:29:49.804435507Z" level=info msg="TProxy server listening at: [::]:7893"
time="2024-06-16T07:29:49.804618252Z" level=info msg="Mixed(http+socks) proxy listening at: [::]:1002"
time="2024-06-16T07:29:49.812717315Z" level=warning msg="[TUN] default interface changed by monitor, => pppoe-wan"
time="2024-06-16T07:29:49.834856091Z" level=info msg="[TUN] Tun adapter listening at: utun([198.18.0.1/30],[]), mtu: 9000, auto route: false, ip stack: System"
time="2024-06-16T07:29:49.83522632Z" level=info msg="Start initial provider test"
time="2024-06-16T07:29:49.868686545Z" level=info msg="Start initial Compatible provider 🚀 节点选择"
time="2024-06-16T07:29:49.868932879Z" level=info msg="Start initial Compatible provider 🎯 全球直连"
time="2024-06-16T07:29:49.869524913Z" level=info msg="Start initial Compatible provider 🐟 漏网之鱼"
time="2024-06-16T07:29:49.869638497Z" level=info msg="Start initial Compatible provider default"
time="2024-06-16T07:29:49.870086428Z" level=debug msg="[DNS] doh.pub --> [120.53.53.53 1.12.12.12] A from udp://223.5.5.5:53"
time="2024-06-16T07:29:49.875326511Z" level=debug msg="[DNS] doh.pub --> [] AAAA from udp://223.5.5.5:53"
time="2024-06-16T07:29:49.875919535Z" level=debug msg="[DNS] dns.rubyfish.cn --> [] AAAA from udp://223.5.5.5:53"
time="2024-06-16T07:29:49.894300916Z" level=debug msg="[DNS] doh.pub --> [] AAAA from udp://114.114.114.114:53"
time="2024-06-16T07:29:49.895724755Z" level=debug msg="[DNS] dns.rubyfish.cn --> [] AAAA from udp://114.114.114.114:53"
time="2024-06-16T07:29:49.937935499Z" level=info msg="Load MMDB file: /overlay/ShellCrash/Country.mmdb"
time="2024-06-16T07:29:50.228304936Z" level=debug msg="Health Checked, proxy: 香港3|淘气兔, url: https://www.gstatic.com/generate_204, alive: true, delay: 368 ms uid: {450ce0ce-8384-44da-af9e-4de50734f0dd}"
time="2024-06-16T07:29:50.228563717Z" level=debug msg="Health Checking, proxy: 香港 10|淘气兔, url: https://www.gstatic.com/generate_204, id: {450ce0ce-8384-44da-af9e-4de50734f0dd}"
time="2024-06-16T07:29:54.863868987Z" level=debug msg="re-creating the http client due to requesting https://doh.opendns.com:443/dns-query?dns=AAABAAABAAAAAAAABGhrMDMHNTFmZWl0dQNjb20AABwAAQ: Get \"https://doh.opendns.com:443/dns-query?dns=AAABAAABAAAAAAAABGhrMDMHNTFmZWl0dQNjb20AABwAAQ\": context deadline exceeded"
time="2024-06-16T07:29:54.864259371Z" level=debug msg="[https://doh.opendns.com:443/dns-query?dns=AAABAAABAAAAAAAABHR0MDMHNTFmZWl0dQNjb20AABwAAQ] using HTTP/2 for this upstream: <nil>"
time="2024-06-16T07:29:54.865027173Z" level=debug msg="re-creating the http client due to requesting https://doh.opendns.com:443/dns-query?dns=AAABAAABAAAAAAAABGhrMDUHNTFmZWl0dQNjb20AABwAAQ: Get \"https://doh.opendns.com:443/dns-query?dns=AAABAAABAAAAAAAABGhrMDUHNTFmZWl0dQNjb20AABwAAQ\": context deadline exceeded"
time="2024-06-16T07:29:54.866019539Z" level=warning msg="[TCP] dial 🎯 全球直连 (match GeoIP/lan) mihomo --> 192.168.10.2:3001 error: connect failed: dial tcp 192.168.10.2:3001: i/o timeout"
time="2024-06-16T07:29:54.866205982Z" level=debug msg="[DNS] resolve hk08.51feitu.com from https://doh.opendns.com:443/dns-query"
time="2024-06-16T07:29:54.866254207Z" level=debug msg="[https://doh.opendns.com:443/dns-query?dns=AAABAAABAAAAAAAABGhrMDUHNTFmZWl0dQNjb20AABwAAQ] using HTTP/2 for this upstream: <nil>"
time="2024-06-16T07:29:54.863527817Z" level=debug msg="re-creating the http client due to requesting https://1.0.0.1:443/dns-query?dns=AAABAAABAAAAAAAABGhrMDUHNTFmZWl0dQNjb20AABwAAQ: Get \"https://1.0.0.1:443/dns-query?dns=AAABAAABAAAAAAAABGhrMDUHNTFmZWl0dQNjb20AABwAAQ\": context deadline exceeded"
time="2024-06-16T07:29:54.864483311Z" level=debug msg="[DNS] resolve hk09.51feitu.com from https://doh.opendns.com:443/dns-query"
time="2024-06-16T07:29:54.866265248Z" level=warning msg="[TCP] dial 🎯 全球直连 (match GeoIP/lan) mihomo --> 192.168.10.2:3001 error: connect failed: dial tcp 192.168.10.2:3001: i/o timeout"
config.yaml:
mixed-port: 1002
redir-port: 7892
tproxy-port: 7893
authentication: ["root:admin"]
allow-lan: true
mode: Rule
log-level: info
ipv6: true
external-controller: :9999
external-ui: ui
secret: admin
tun: {enable: true, stack: system, device: utun, auto-route: false}
experimental: {ignore-resolve-fail: true, interface-name: en0}
sniffer: {enable: true, parse-pure-ip: true, skip-domain: [Mijia Cloud], sniff: {tls: {ports: [443, 8443]}, http: {ports: [80, 8080-8880]}}}
find-process-mode: "off"
routing-mark: 7894
dns:
enable: true
listen: :1053
use-hosts: true
ipv6: false
default-nameserver:
- 114.114.114.114
- 223.5.5.5
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
fake-ip-filter:
- '+.*'
nameserver: [https://223.5.5.5/dns-query, https://doh.pub/dns-query, tls://dns.rubyfish.cn:853]
fallback: [https://1.0.0.1/dns-query, https://8.8.4.4/dns-query, https://doh.opendns.com/dns-query]
fallback-filter:
geoip: true
domain:
- '+.bing.com'
- '+.linkedin.com'
hosts:
'time.android.com': 203.107.6.88
'time.facebook.com': 203.107.6.88
proxy-groups:
- {name: 🚀 节点选择, type: select, proxies: [test, 📺 省流节点, 👍 高级节点], use: [test]}
- {name: 🐟 漏网之鱼, type: select, proxies: [🚀 节点选择, DIRECT]}
- {name: 🎯 全球直连, type: select, proxies: [DIRECT, 🚀 节点选择]}
- {name: 📺 省流节点, type: url-test, tolerance: 100, lazy: true, use: [test], filter: "(0.[1-5]|低倍率|省流|大流量)"}
- {name: 👍 高级节点, type: url-test, tolerance: 100, lazy: true, use: [test], filter: "(专线|专用|高级|直连|急速|高倍率|游戏|game|Game|GAME|IEPL|IPLC|AIA|CTM|CC|iepl|iplc|aia|ctm|cc|AC)"}
- {name: test, type: url-test, tolerance: 100, lazy: true, use: [test]}
proxy-providers:
test:
type: http
url: "http://192.168.10.2:3001/download/tqt?target=ClashMeta"
path: "./providers/test.yaml"
interval: 43200
health-check:
enable: true
lazy: true
url: "https://www.gstatic.com/generate_204"
interval: 600
override:
udp: true
skip-cert-verify: true
rules:
- GEOIP,lan,🎯 全球直连,no-resolve
- GEOIP,cn,🎯 全球直连
- MATCH,🐟 漏网之鱼
ShellCrash相关路由规则:
----------------Redir+DNS---------------------
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 shellcrash tcp -- anywhere anywhere multiport dports ssh,domain,www,ntp,imap2,194,https,ssmtp,submission,853,imaps,pop3s,xmpp-client,8080,8443
2 prerouting_rule all -- anywhere anywhere /* !fw3: Custom prerouting rule chain */
3 zone_lan_prerouting all -- anywhere anywhere /* !fw3 */
4 zone_wan_prerouting all -- anywhere anywhere /* !fw3 */
iptables: No chain/target/match by that name.
Chain shellcrash (1 references)
num target prot opt source destination
1 RETURN all -- anywhere anywhere mark match 0x1ed6
2 RETURN all -- anywhere 192.168.10.0/24
3 RETURN all -- anywhere 0.0.0.0/8
4 RETURN all -- anywhere 10.0.0.0/8
5 RETURN all -- anywhere 127.0.0.0/8
6 RETURN all -- anywhere 100.64.0.0/10
7 RETURN all -- anywhere 169.254.0.0/16
8 RETURN all -- anywhere 172.16.0.0/12
9 RETURN all -- anywhere 192.168.0.0/16
10 RETURN all -- anywhere base-address.mcast.net/4
11 RETURN all -- anywhere 240.0.0.0/4
12 RETURN all -- anywhere anywhere match-set cn_ip dst
13 RETURN all -- anywhere anywhere MAC 78:11:DC:51:1E:D3
14 RETURN all -- anywhere anywhere MAC CC:B5:D1:07:A1:70
15 RETURN all -- anywhere anywhere MAC 34:CE:00:8A:9D:7E
16 RETURN all -- anywhere anywhere MAC 28:6C:07:70:7C:94
17 RETURN all -- anywhere anywhere MAC 78:11:DC:B6:90:1F
18 RETURN all -- anywhere anywhere MAC B0:D5:9D:E7:95:78
19 RETURN all -- anywhere anywhere MAC B0:D5:9D:D6:E2:21
20 RETURN all -- anywhere anywhere MAC C0:E7:3E:CF:3F:3B
21 RETURN all -- anywhere anywhere MAC C0:E7:3E:CF:4E:4F
22 RETURN all -- anywhere anywhere MAC 10:9E:3A:E1:73:DB
23 RETURN all -- anywhere anywhere MAC B2:F2:1E:51:C1:BB
24 RETURN all -- anywhere anywhere MAC 66:D8:60:C6:1A:0B
25 RETURN all -- anywhere anywhere MAC 02:42:C0:A8:01:02
26 RETURN all -- anywhere anywhere MAC 28:6C:07:17:13:B9
27 RETURN all -- anywhere anywhere MAC 7C:49:EB:C4:87:BA
28 RETURN all -- anywhere anywhere MAC 34:CE:00:E9:8D:1B
29 RETURN all -- anywhere anywhere MAC C0:E7:3E:A4:CF:4D
30 REDIRECT tcp -- 192.168.10.0/24 anywhere redir ports 7892
----------------Tun/Tproxy-------------------
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 shellcrash_mark udp -- anywhere anywhere multiport dports ssh,domain,80,ntp,imap2,194,https,465,submission,853,imaps,pop3s,xmpp-client,8080,8443
Chain shellcrash_mark (1 references)
num target prot opt source destination
1 RETURN all -- anywhere anywhere mark match 0x1ed6
2 RETURN all -- anywhere 192.168.10.0/24
3 RETURN all -- anywhere 0.0.0.0/8
4 RETURN all -- anywhere 10.0.0.0/8
5 RETURN all -- anywhere 127.0.0.0/8
6 RETURN all -- anywhere 100.64.0.0/10
7 RETURN all -- anywhere 169.254.0.0/16
8 RETURN all -- anywhere 172.16.0.0/12
9 RETURN all -- anywhere 192.168.0.0/16
10 RETURN all -- anywhere base-address.mcast.net/4
11 RETURN all -- anywhere 240.0.0.0/4
12 RETURN all -- anywhere anywhere match-set cn_ip dst
13 RETURN all -- anywhere anywhere MAC 78:11:DC:51:1E:D3
14 RETURN all -- anywhere anywhere MAC CC:B5:D1:07:A1:70
15 RETURN all -- anywhere anywhere MAC 34:CE:00:8A:9D:7E
16 RETURN all -- anywhere anywhere MAC 28:6C:07:70:7C:94
17 RETURN all -- anywhere anywhere MAC 78:11:DC:B6:90:1F
18 RETURN all -- anywhere anywhere MAC B0:D5:9D:E7:95:78
19 RETURN all -- anywhere anywhere MAC B0:D5:9D:D6:E2:21
20 RETURN all -- anywhere anywhere MAC C0:E7:3E:CF:3F:3B
21 RETURN all -- anywhere anywhere MAC C0:E7:3E:CF:4E:4F
22 RETURN all -- anywhere anywhere MAC 10:9E:3A:E1:73:DB
23 RETURN all -- anywhere anywhere MAC B2:F2:1E:51:C1:BB
24 RETURN all -- anywhere anywhere MAC 66:D8:60:C6:1A:0B
25 RETURN all -- anywhere anywhere MAC 02:42:C0:A8:01:02
26 RETURN all -- anywhere anywhere MAC 28:6C:07:17:13:B9
27 RETURN all -- anywhere anywhere MAC 7C:49:EB:C4:87:BA
28 RETURN all -- anywhere anywhere MAC 34:CE:00:E9:8D:1B
29 RETURN all -- anywhere anywhere MAC C0:E7:3E:A4:CF:4D
30 MARK udp -- 192.168.10.0/24 anywhere MARK set 0x1ed4
ip route:
root@XiaoQiang:~# ip route
default via 14.155.xxx.x dev pppoe-wan proto static
default via 14.155.xxx.x dev pppoe-wan metric 50
14.155.xxx.x dev pppoe-wan proto kernel scope link src 14.155.xxx.xxx
172.31.1.0/24 via 192.168.10.2 dev br-lan
192.168.2.0/24 via 192.168.10.2 dev br-lan
192.168.10.0/24 dev br-lan proto kernel scope link src 192.168.10.1
192.168.32.0/24 dev br-miot proto kernel scope link src 192.168.32.1
198.18.0.0/30 dev utun proto kernel scope link src 198.18.0.1
