search

Mahdi-zarei / nekoray

Qt based cross-platform GUI proxy configuration manager (backend: sing-box)
GNU General Public License v3.0
255 stars 17 forks source link

BUG: protocol error: received *http2.MetaHeadersFrame before a SETTINGS frame #11

Closed AkramiPro closed 1 month ago

AkramiPro commented 1 month ago

version

4.0.5

log

2024/05/22 21:59:50 protocol error: received *http2.WindowUpdateFrame before a SETTINGS frame
2024/05/22 21:59:50 protocol error: received *http2.WindowUpdateFrame before a SETTINGS frame
2024/05/22 21:59:50 protocol error: received *http2.MetaHeadersFrame before a SETTINGS frame
2024/05/22 21:59:51 protocol error: received *http2.MetaHeadersFrame before a SETTINGS frame
2024/05/22 21:59:51 protocol error: received *http2.MetaHeadersFrame before a SETTINGS frame
Mahdi-zarei commented 1 month ago

Please provide more information. What were you doing when this happened? If this happened due to a certain configuration share it, and provide more context on your use case that lead to this. I am not able to understand anything based on what you have provided.

AkramiPro commented 1 month ago

sorry my bad. i was thinking maybe this is a common issue and you can help me just by seeing the error log. base on my checks this error only happens for Trojan configs. also i try to set log level on Trace but no more information is provided.

Server

Linux s02 6.8.10-x64v4-xanmod1 #0~20240517.g2e7da9e SMP PREEMPT_DYNAMIC Fri May 17 18:22:26 UTC x86_64 GNU/Linux
sing-box version 1.9.0-rc.21

Environment: go1.22.3 linux/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 996c1730c6bc547f2bcc1730d69a5254aae79654
CGO: disabled

Client

Edition Windows 11 Enterprise
Version 23H2
OS build    22631.3593
Nekoray 4.0.5-2024-05-16

Server Config

Note: i use haproxy ssl termination in server side so there is no ssl config in sing-box server

{
  "log": {
    "disabled": false
  },
  "dns": {
    "strategy": "ipv4_only",
    "disable_cache": false,
    "independent_cache": true,
    "servers": [
      {
        "address": "tcp://127.0.0.1:53",
        "detour": "direct",
        "tag": "dns-local"
      },
      {
        "address": "rcode://success",
        "tag": "dns-block"
      }
    ]
  },
  "inbounds": [
    {
      "type": "trojan",
      "listen": "::",
      "listen_port": 1001,
      "sniff": true,
      "sniff_override_destination": false,
      "udp_fragment": false,
      "tcp_fast_open": false,
      "transport": {
        "type": "ws",
        "path": "/****",
        "headers": {
          "host": "****"
        },
        "max_early_data": 2048,
        "early_data_header_name": "Sec-WebSocket-Protocol"
      },
      "multiplex": {
        "enabled": true,
        "padding": false,
        "brutal": {
          "enabled": true,
          "up_mbps": 50,
          "down_mbps": 50
        }
      },
      "users": [
        {
          "name": "user1",
          "password": "****"
        }
      ]
    },
    {
      "type": "vless",
      "listen": "::",
      "listen_port": 2001,
      "sniff": true,
      "sniff_override_destination": false,
      "udp_fragment": false,
      "tcp_fast_open": false,
      "transport": {
        "type": "ws",
        "path": "/****",
        "headers": {
          "host": "****"
        },
        "max_early_data": 2048,
        "early_data_header_name": "Sec-WebSocket-Protocol"
      },
      "multiplex": {
        "enabled": true,
        "padding": false,
        "brutal": {
          "enabled": true,
          "up_mbps": 50,
          "down_mbps": 50
        }
      },
      "users": [
        {
          "name": "user1",
          "uuid": "****"
        }
      ]
    },
    {
      "type": "vmess",
      "listen": "::",
      "listen_port": 3001,
      "sniff": true,
      "sniff_override_destination": false,
      "udp_fragment": false,
      "tcp_fast_open": false,
      "transport": {
        "type": "ws",
        "path": "/****",
        "headers": {
          "host": "****"
        },
        "max_early_data": 2048,
        "early_data_header_name": "Sec-WebSocket-Protocol"
      },
      "multiplex": {
        "enabled": true,
        "padding": false,
        "brutal": {
          "enabled": true,
          "up_mbps": 50,
          "down_mbps": 50
        }
      },
      "users": [
        {
          "name": "user-1",
          "uuid": "****",
          "alterId": 0
        }
      ]
    },
    {
      "type": "shadowsocks",
      "listen": "::",
      "listen_port": 4001,
      "sniff": true,
      "sniff_override_destination": false,
      "udp_fragment": false,
      "tcp_fast_open": false,
      "multiplex": {
        "enabled": true,
        "padding": false,
        "brutal": {
          "enabled": true,
          "up_mbps": 50,
          "down_mbps": 50
        }
      },
      "method": "2022-blake3-aes-128-gcm",
      "password": "****"
    },
    {
      "type": "socks",
      "tag": "socks-in",
      "listen": "127.0.0.1",
      "listen_port": 9001,
      "tcp_fast_open": false,
      "udp_fragment": false
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "proxy",
      "bind_interface": "wg01",
      "tcp_fast_open": false
    },
    {
      "type": "direct",
      "tag": "direct",
      "tcp_fast_open": false
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "tag": "dns-out",
      "type": "dns"
    }
  ],
  "experimental": {
    "cache_file": {
      "enabled": true,
      "path": "/root/sing-box-cache.db"
    }
  },
  "route": {
    "auto_detect_interface": true,
    "rule_set": [
      {
        "tag": "geosite-private",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-private.srs",
        "download_detour": "direct"
      }
    ],
    "rules": [
      {
        "type": "logical",
        "mode": "or",
        "rules": [
          {
            "protocol": "dns"
          },
          {
            "port": 53
          }
        ],
        "outbound": "dns-out"
      },
      {
        "ip_is_private": true,
        "outbound": "direct"
      },
      {
        "protocol": "quic",
        "outbound": "block"
      },
      {
        "type": "logical",
        "mode": "or",
        "rules": [
          {
            "domain_suffix": [
              "soundcloud.com"
            ]
          },
          {
            "rule_set": "geosite-private"
          }
        ],
        "outbound": "direct"
      }
    ]
  }
}

Client Config

{
  "dns": {
    "disable_cache": true,
    "independent_cache": true,
    "rules": [
      {
        "domain_suffix": ["msftconnecttest.com", "msftncsi.com", "windows.com"],
        "server": "dns-remote"
      },
      {
        "domain_suffix": ["****"],
        "server": "dns-direct"
      },
      {
        "geosite": ["private"],
        "server": "dns-local"
      }
    ],
    "servers": [
      {
        "address": "udp://127.0.0.1",
        "address_resolver": "dns-local",
        "detour": "proxy",
        "tag": "dns-remote"
      },
      {
        "address": "tcp://1.0.0.1",
        "address_resolver": "dns-local",
        "detour": "direct",
        "tag": "dns-direct"
      },
      {
        "address": "local",
        "detour": "direct",
        "tag": "dns-local"
      },
      {
        "address": "rcode://success",
        "tag": "dns-block"
      }
    ],
    "strategy": "ipv4_only"
  },
  "inbounds": [],
  "log": {
    "level": "warn"
  },
  "ntp": {
    "detour": "direct",
    "enabled": false,
    "interval": "480m",
    "server": "40.119.148.38",
    "server_port": 123
  },
  "outbounds": [
    {
      "domain_strategy": "ipv4_only",
      "multiplex": {
        "enabled": true,
        "max_streams": 8,
        "padding": false,
        "protocol": "h2mux"
      },
      "password": "****",
      "server": "****",
      "server_port": 443,
      "tag": "proxy",
      "tcp_fast_open": false,
      "tcp_multi_path": false,
      "tls": {
        "alpn": ["h3"],
        "certificate": "****",
        "enabled": true,
        "server_name": "****",
        "utls": {
          "enabled": true,
          "fingerprint": "firefox"
        }
      },
      "transport": {
        "early_data_header_name": "Sec-WebSocket-Protocol",
        "headers": {
          "Host": "****"
        },
        "max_early_data": 2048,
        "path": "/****",
        "type": "ws"
      },
      "type": "trojan"
    },
    {
      "tag": "direct",
      "type": "direct"
    },
    {
      "tag": "bypass",
      "type": "direct"
    },
    {
      "tag": "block",
      "type": "block"
    }
  ],
  "route": {
    "auto_detect_interface": true,
    "geoip": {
      "path": "****/geoip.db"
    },
    "geosite": {
      "path": "****/geosite.db"
    },
    "rules": [
      {
        "outbound": "dns-out",
        "port": 53
      },
      {
        "outbound": "dns-out",
        "protocol": "dns"
      },
      {
        "domain_suffix": ["msftconnecttest.com", "msftncsi.com", "windows.com"],
        "outbound": "proxy"
      },
      {
        "domain_suffix": ["****"],
        "geoip": ["private", "ir"],
        "geosite": ["private", "category-ir"],
        "outbound": "direct"
      }
    ]
  }
}

image

Mahdi-zarei commented 1 month ago

The problem seems to be related to sing-box, I can suggest that you change some stuff on the client side and see if it helps: change the mux protocol to smux try removing the early data try removing the h3 alpn If none helps, I'm afraid there is nothing that I can do on my end, Nekoray is merely a GUI and this issue is related to sing-box, so you need to open an issue in that repo to report this bug.

AkramiPro commented 1 month ago

the problem fixed by disabling mux option. I will open an issue for sing-box team. thanks for your help.