openwrt-Pcap_DNSProxy
openwrt-Pcap_DNSProxy copied to clipboard
wongsyrone
程序老是突然去世
编译给OpenWrt [版本号为OpenWrt SNAPSHOT r8917-ae622c9 / LuCI Master (git-18.363.34501-1d3a873)]的本程序[版本号为0.4.9.12-cd1249b]在openwrt上的错误日志:
[2018-12-29 23:39:58] -> [Notice] Pcap_DNSProxy started. [2018-12-29 23:40:14] -> [Pcap Error] sit0: That device is not up
[2018-12-29 23:40:14] -> [Pcap Error] wlan1: That device is not up
讲道理sit0就是在用的IPv6隧道,wlan1是无线桥接的client;端口1053倒都是开着的,tcping命令能通,但是dig查询的时候就挂掉了,而且还是两个端口(ipv4/6)一起挂掉的
绑定报错也有分很多情况,直接说绑不了什么都不提供就都不知道怎么解决……
1.绑定IPv6 ULA的那个lan ipv6会直接说udp无法绑定; 2.然后如果用来超过阈值的多线程查询会导致TCP/UDP端口不可用(Outgoing Protocol 区域我只选了TCP), 3.而且该软件对CPU及运行内存的要求还是有点的,例如典型的K2:MTK的7620A(580~620Mhz)配上64M的RAM进行 8线程是没事的,但一旦上64线程就暴毙
- 无法绑定应该有报错记录吧?
- 多线程的问题难说,不清楚是系统的限制还是程序的问题,可以试试调整
Thread Pool开头的和Multiple Request Times参数 - 线程多暂时无解,之前就有说过 https://github.com/wongsyrone/openwrt-Pcap_DNSProxy/issues/5 多半是多线程支持库实现不太行,多了系统撑不住,这种嵌入式设备强上并行没什么比较好的办法解决
无法绑定的记录没留存就删了
- 无法绑定应该有报错记录吧?
- 多线程的问题难说,不清楚是系统的限制还是程序的问题,可以试试调整
Thread Pool开头的和Multiple Request Times参数- 线程多暂时无解,之前就有说过 #5 多半是多线程支持库实现不太行,多了系统撑不住,这种嵌入式设备强上并行没什么比较好的办法解决
1.记录没存,重启程序自动删的...不好意思 2.阈值没算出来,每次宕机都是一次挑战... 3.线程多会出错这个我有一个想法:设置一下阈值,超过阈值部分的请求和接着的请求的算到下一回,虽然这可能会导致多设备请求时部分设备超时....但这或许是在嵌入式设备的最好的方法了
请求阈值其实可以通过 Thread Pool 开头的那些参数控制,请根据实际情况作调整。至于使用类似缓存池的方法暂存请求是不好的,正是因为来不及处理才需要直接丢弃或拒绝请求,既然已经在协议的层面出现这种情况,继续缓存只会继续加剧系统的负载导致崩溃,要量力而为。
发现了新bug: 条件如下: 客户端(装有nginx,并使用nginx的反代服务 不使用upstream而使用resolver指向其上级路由器) ----其上级路由器A(装了pcap-dnsproxy并将local dns指向其上级路由器B) ----路由器B(使用了HiXNS 的dns服务,国内解析没问题) 此时客户端开始浏览反代的页面,nginx会出现错误502 bad gateway,然而pcap-dnsproxy没有提示出错 但是如果将resolver指向路由器B则没有此问题 所以这是什么bug呢?
又双发现一个新bug:网易云音乐的IP总是不尊守routing.txt到香港去了 我还特意从ip.cn扒了一份差不多完整的中国大陆路由表,但是就是去了香港...程序也没报错 HiXNS解析出来有59.111.160.195,然后路由表里存在 59.107.0.0/13 ,但程序就像没看见一样直奔香港; B站在路由表更改后解析已正常
又双发现一个新bug:网易云音乐的IP总是不尊守routing.txt到香港去了 我还特意从ip.cn扒了一份差不多完整的中国大陆路由表,但是就是去了香港...程序也没报错 HiXNS解析出来有59.111.160.195,然后路由表里存在 59.107.0.0/13 ,但程序就像没看见一样直奔香港; B站在路由表更改后解析已正常
即使我把路由表的 59.107.0.0/13 展开 /16 ,网易云音乐的解析结果也还是在香港...所以这是什么问题?
- Nginx 那个看不懂是做的什么配置
- 经测试路由表工作似乎是正常的,如果程序不接受,有可能是解析结果中有不在路由表里的地址
如果对任何行为有怀疑,可以抓个包看看。
- Nginx 那个看不懂是做的什么配置
- 经测试路由表工作似乎是正常的,如果程序不接受,有可能是解析结果中有不在路由表里的地址
如果对任何行为有怀疑,可以抓个包看看。
1.Nginx是用来本地反代P站的2333,有两种方式设定上游服务器: 1 老老实实的在upstream写完所有IP,但nginx不会为其优选, 2 设定需要反代的网站为一个元素,在reslover 后面加上解析这个元素的DNS,有缓存时间,过期重新获取,如果dns能帮忙优选结果则效果比前者要好 2.测试多次之后发现写不写主DNS都是会从国外dns来获取结果,而本地dns经常被不明力量所无视 == ,我确定获取网易云音乐的结果是在路由表里的... 目前出了一个新的问题,在默认配置的第62行,默认值是0,可是总有错误日志....说xxx format error,然后把那行注释掉之后没有异常...
不走路由表原因大概知道了: Routing.txt文件少了这样的开头: [Local Routing] 这个原因可还行2333打扰了 能不能不要读这个头就能用呢(
[Base] Version = 0.45 File Refresh Time = 15 Large Buffer Size = 4096 Additional Path = Hosts File Name = Hosts.ini|Hosts.conf|Hosts|Hosts.txt|WhiteList.txt|White_List.txt IPFilter File Name = IPFilter.ini|IPFilter.conf|IPFilter.dat|Routing.txt|chnrouting.txt|chnroute.txt
[Log] Print Log Level = 3 Log Maximum Size = 8MB
[Listen] Process Unique = 1 Pcap Capture = 1 Pcap Devices Blacklist = AnyConnect|Host|Hyper|ISATAP|IKE|L2TP|Only|Oracle|PPTP|Pseudo|Teredo|Tunnel|Virtual|VMNet|VMware|VPN|any|gif|lo|stf|tunl|utun|sit|wlan1 #添加sit和wlan1到黑名单 Pcap Reading Timeout = 200 #降低数值 Listen Protocol = IPv6 + IPv4 + TCP + UDP Listen Port = 5053 Operation Mode = Server IPFilter Type = Deny IPFilter Level < 0 Accept Type =
[DNS] Outgoing Protocol = TCP + Type #防大多数污染 Direct Request = 0 Cache Type = Timer + Queue Cache Parameter = 4096 Cache Single IPv4 Address Prefix = 0 Cache Single IPv6 Address Prefix = 0 Default TTL = 900
[Local DNS] Local Protocol = IPv4 + TCP #国内ipv4就够了 Local Hosts = 0 Local Routing = 1 Local Force Request = 0
[Addresses] IPv4 Listen Address = 192.168.123.1:5053 IPv4 EDNS Client Subnet Address = 本地ISP的DNS IP/24 IPv4 Main DNS Address = 66.220.18.42:53 #6in4隧道的DNS IPv4 Alternate DNS Address = #留空,防止抢解析 IPv4 Local Main DNS Address = 40.73.101.101:5353 #HiXNS DNS IPv4 Local Alternate DNS Address = 202.141.162.123:5353 #中科大防污染DNS IPv6 Listen Address = [隧道给的客户端IPv6前缀::1]:5053 IPv6 EDNS Client Subnet Address = 隧道给的客户端IPv6前缀/64 IPv6 Main DNS Address = [2620:119:35::35]:443|[2606:4700:4700::1001]:53|[2001:4860:4860::8844]:53 IPv6 Alternate DNS Address = [2620:119:53::53]:443|[2606:4700:4700::1111]:53|[2001:4860:4860::8888]:53 IPv6 Local Main DNS Address = IPv6 Local Alternate DNS Address =
[Values] Thread Pool Base Number = 8 Thread Pool Maximum Number = 31 #限制最多数量防止溢出 Thread Pool Reset Time = 120 Queue Limits Reset Time = 0 EDNS Payload Size = 1220 IPv4 Packet TTL = 0 IPv4 Main DNS TTL = 0 #IPv4 Alternate DNS TTL = 0 #因不明错误先注释掉 IPv6 Packet Hop Limits = 0 IPv6 Main DNS Hop Limits = 0 IPv6 Alternate DNS Hop Limits = 0 Hop Limits Fluctuation = 2 Reliable Once Socket Timeout = 2000 #降低数值 Reliable Serial Socket Timeout = 2000 #降低数值 Unreliable Once Socket Timeout = 2000 #降低数值 Unreliable Serial Socket Timeout = 1000 #降低数值 TCP Fast Open = 0 #关闭 Receive Waiting = 0 ICMP Test = 900 Domain Test = 900 Alternate Times = 10 Alternate Time Range = 60 Alternate Reset Time = 300 Multiple Request Times = 0
[Switches] Domain Case Conversion = 1 Compression Pointer Mutation = 0 EDNS Label = 1 #开启ECS EDNS Client Subnet Relay = 0 DNSSEC Request = 0 DNSSEC Validation = 0 DNSSEC Force Validation = 0 Alternate Multiple Request = 0 IPv4 Do Not Fragment = 0 IPv4 Data Filter = 0 TCP Data Filter = 1 DNS Data Filter = 1 Blacklist Filter = 1 Strict Resource Record TTL Filter = 0
[Data] ICMP ID = ICMP Sequence = ICMP PaddingData = Domain Test Protocol = TCP #httping或许比ping好? Domain Test ID = Domain Test Data = Local Machine Server Name = Pcap-dnsproxy
其客户端使用dig +tcp正常 报错日志 dig +tcp ipv4 dig +tcp ipv6
[Base] Version = 0.45 File Refresh Time = 15 Large Buffer Size = 4096 Additional Path = Hosts File Name = Hosts.ini|Hosts.conf|Hosts|Hosts.txt|WhiteList.txt|White_List.txt IPFilter File Name = IPFilter.ini|IPFilter.conf|IPFilter.dat|Routing.txt|chnrouting.txt|chnroute.txt
[Log] Print Log Level = 3 Log Maximum Size = 8MB
[Listen] Process Unique = 1 Pcap Capture = 1 Pcap Devices Blacklist = AnyConnect|Host|Hyper|ISATAP|IKE|L2TP|Only|Oracle|PPTP|Pseudo|Teredo|Tunnel|Virtual|VMNet|VMware|VPN|any|gif|lo|stf|tunl|utun|sit|wlan1 #添加sit和wlan1到黑名单 Pcap Reading Timeout = 200 #降低数值 Listen Protocol = IPv6 + IPv4 + TCP + UDP Listen Port = 5053 Operation Mode = Server IPFilter Type = Deny IPFilter Level < 0 Accept Type =
[DNS] Outgoing Protocol = TCP + Type #防大多数污染 Direct Request = 0 Cache Type = Timer + Queue Cache Parameter = 4096 Cache Single IPv4 Address Prefix = 0 Cache Single IPv6 Address Prefix = 0 Default TTL = 900
[Local DNS] Local Protocol = IPv4 + TCP #国内ipv4就够了 Local Hosts = 0 Local Routing = 1 Local Force Request = 0
[Addresses] IPv4 Listen Address = 192.168.123.1:5053 IPv4 EDNS Client Subnet Address = 本地ISP的DNS IP/24 IPv4 Main DNS Address = 66.220.18.42:53 #6in4隧道的DNS IPv4 Alternate DNS Address = #留空,防止抢解析 IPv4 Local Main DNS Address = 40.73.101.101:5353 #HiXNS DNS IPv4 Local Alternate DNS Address = 202.141.162.123:5353 #中科大防污染DNS IPv6 Listen Address = [隧道给的客户端IPv6前缀::1]:5053 IPv6 EDNS Client Subnet Address = 隧道给的客户端IPv6前缀/64 IPv6 Main DNS Address = [2620:119:35::35]:443|[2606:4700:4700::1001]:53|[2001:4860:4860::8844]:53 IPv6 Alternate DNS Address = [2620:119:53::53]:443|[2606:4700:4700::1111]:53|[2001:4860:4860::8888]:53 IPv6 Local Main DNS Address = IPv6 Local Alternate DNS Address =
[Values] Thread Pool Base Number = 8 Thread Pool Maximum Number = 31 #限制最多数量防止溢出 Thread Pool Reset Time = 120 Queue Limits Reset Time = 0 EDNS Payload Size = 1220 IPv4 Packet TTL = 0 IPv4 Main DNS TTL = 0 #IPv4 Alternate DNS TTL = 0 #因不明错误先注释掉 IPv6 Packet Hop Limits = 0 IPv6 Main DNS Hop Limits = 0 IPv6 Alternate DNS Hop Limits = 0 Hop Limits Fluctuation = 2 Reliable Once Socket Timeout = 2000 #降低数值 Reliable Serial Socket Timeout = 2000 #降低数值 Unreliable Once Socket Timeout = 2000 #降低数值 Unreliable Serial Socket Timeout = 1000 #降低数值 TCP Fast Open = 0 #关闭 Receive Waiting = 0 ICMP Test = 900 Domain Test = 900 Alternate Times = 10 Alternate Time Range = 60 Alternate Reset Time = 300 Multiple Request Times = 0
[Switches] Domain Case Conversion = 1 Compression Pointer Mutation = 0 EDNS Label = 1 #开启ECS EDNS Client Subnet Relay = 0 DNSSEC Request = 0 DNSSEC Validation = 0 DNSSEC Force Validation = 0 Alternate Multiple Request = 0 IPv4 Do Not Fragment = 0 IPv4 Data Filter = 0 TCP Data Filter = 1 DNS Data Filter = 1 Blacklist Filter = 1 Strict Resource Record TTL Filter = 0
[Data] ICMP ID = ICMP Sequence = ICMP PaddingData = Domain Test Protocol = TCP #httping或许比ping好? Domain Test ID = Domain Test Data = Local Machine Server Name = Pcap-dnsproxy
其客户端使用dig +tcp正常 报错日志 dig +tcp ipv4 dig +tcp ipv6
该配置在openwrt snapshot没有任何问题,但是由于openwrt使用的是mtk开源驱动,于是斟酌几日换成PanguBox(原PandoraBox)
[Base] Version = 0.45 File Refresh Time = 15 Large Buffer Size = 4096 Additional Path = Hosts File Name = Hosts.ini|Hosts.conf|Hosts|Hosts.txt|WhiteList.txt|White_List.txt IPFilter File Name = IPFilter.ini|IPFilter.conf|IPFilter.dat|Routing.txt|chnrouting.txt|chnroute.txt [Log] Print Log Level = 3 Log Maximum Size = 8MB [Listen] Process Unique = 1 Pcap Capture = 1 Pcap Devices Blacklist = AnyConnect|Host|Hyper|ISATAP|IKE|L2TP|Only|Oracle|PPTP|Pseudo|Teredo|Tunnel|Virtual|VMNet|VMware|VPN|any|gif|lo|stf|tunl|utun|sit|wlan1 #添加sit和wlan1到黑名单 Pcap Reading Timeout = 200 #降低数值 Listen Protocol = IPv6 + IPv4 + TCP + UDP Listen Port = 5053 Operation Mode = Server IPFilter Type = Deny IPFilter Level < 0 Accept Type = [DNS] Outgoing Protocol = TCP + Type #防大多数污染 Direct Request = 0 Cache Type = Timer + Queue Cache Parameter = 4096 Cache Single IPv4 Address Prefix = 0 Cache Single IPv6 Address Prefix = 0 Default TTL = 900 [Local DNS] Local Protocol = IPv4 + TCP #国内ipv4就够了 Local Hosts = 0 Local Routing = 1 Local Force Request = 0 [Addresses] IPv4 Listen Address = 192.168.123.1:5053 IPv4 EDNS Client Subnet Address = 本地ISP的DNS IP/24 IPv4 Main DNS Address = 66.220.18.42:53 #6in4隧道的DNS IPv4 Alternate DNS Address = #留空,防止抢解析 IPv4 Local Main DNS Address = 40.73.101.101:5353 #HiXNS DNS IPv4 Local Alternate DNS Address = 202.141.162.123:5353 #中科大防污染DNS IPv6 Listen Address = [隧道给的客户端IPv6前缀::1]:5053 IPv6 EDNS Client Subnet Address = 隧道给的客户端IPv6前缀/64 IPv6 Main DNS Address = [2620:119:35::35]:443|[2606:4700:4700::1001]:53|[2001:4860:4860::8844]:53 IPv6 Alternate DNS Address = [2620:119:53::53]:443|[2606:4700:4700::1111]:53|[2001:4860:4860::8888]:53 IPv6 Local Main DNS Address = IPv6 Local Alternate DNS Address = [Values] Thread Pool Base Number = 8 Thread Pool Maximum Number = 31 #限制最多数量防止溢出 Thread Pool Reset Time = 120 Queue Limits Reset Time = 0 EDNS Payload Size = 1220 IPv4 Packet TTL = 0 IPv4 Main DNS TTL = 0 #IPv4 Alternate DNS TTL = 0 #因不明错误先注释掉 IPv6 Packet Hop Limits = 0 IPv6 Main DNS Hop Limits = 0 IPv6 Alternate DNS Hop Limits = 0 Hop Limits Fluctuation = 2 Reliable Once Socket Timeout = 2000 #降低数值 Reliable Serial Socket Timeout = 2000 #降低数值 Unreliable Once Socket Timeout = 2000 #降低数值 Unreliable Serial Socket Timeout = 1000 #降低数值 TCP Fast Open = 0 #关闭 Receive Waiting = 0 ICMP Test = 900 Domain Test = 900 Alternate Times = 10 Alternate Time Range = 60 Alternate Reset Time = 300 Multiple Request Times = 0 [Switches] Domain Case Conversion = 1 Compression Pointer Mutation = 0 EDNS Label = 1 #开启ECS EDNS Client Subnet Relay = 0 DNSSEC Request = 0 DNSSEC Validation = 0 DNSSEC Force Validation = 0 Alternate Multiple Request = 0 IPv4 Do Not Fragment = 0 IPv4 Data Filter = 0 TCP Data Filter = 1 DNS Data Filter = 1 Blacklist Filter = 1 Strict Resource Record TTL Filter = 0 [Data] ICMP ID = ICMP Sequence = ICMP PaddingData = Domain Test Protocol = TCP #httping或许比ping好? Domain Test ID = Domain Test Data = Local Machine Server Name = Pcap-dnsproxy 其客户端使用dig +tcp正常 报错日志 dig +tcp ipv4 dig +tcp ipv6
该配置在openwrt snapshot没有任何问题,但是由于openwrt使用的是mtk开源驱动,于是斟酌几日换成PanguBox(原PandoraBox)
经过不断地更改配置文件之后发现:只有将ipv6的dns设置删掉之后,才没有错误日志,由此可见是ipv6部分出了问题; 但是 dig +tcp @公共dns A/AAAA 域名 都没有问题, 而 dig +tcp @路由器监听的ipv6端口 -p 5053 AAAA 相同域名则不能得到结果 dig +tcp @路由器监听的ipv6端口 -p 5053 A 相同域名能得到结果 所以问题是出在哪呢?
