规则- AND,((NETWORK,UDP),(DST-PORT,443),(GEOSITE,youtube)),REJECT无效[Bug]

lkxlzx commented 2 weeks ago

Verify steps

[X] 我已经阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
[X] 我未仔细看过文档并解决问题
[X] 我未在 Issue Tracker 中寻找过我要提出的问题
[X] 我已经使用最新的 Alpha 分支版本测试过，问题依旧存在
[X] 我提供了可以在本地重现该问题的服务器、客户端配置文件与流程，而不是一个脱敏的复杂客户端配置文件。
[X] 我提供了可用于重现我报告的错误的最简配置，而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
[X] 我提供了完整的配置文件与日志，而不是出于对自身智力的自信而仅提供了部分认为有用的部分。

操作系统

Linux

系统版本

d11

Mihomo 版本

v1.18.6

配置文件

rules:
#  - AND,((NETWORK,UDP),(DST-PORT,443),(DOMAIN-SUFFIX,googlevideo.com)),REJECT # quic
#  - AND,((NETWORK,UDP),(AND,(DST-PORT,443),(GEOSITE,youtube))),REJECT # quic
  - AND,((NETWORK,UDP),(DST-PORT,443),(GEOSITE,youtube)),REJECT
#  - AND,(GEOSITE,youtube),(DST-PORT,443),(NETWORK,UDP),REJECT # quic
#  - AND,(AND,(DST-PORT,443),(NETWORK,UDP)),REJECT # quic
#  - AND,(AND,(DST-PORT,443),(NETWORK,UDP),(GEOSITE,youtube)),REJECT # quic
#  - AND,(GEOSITE,youtube),(DST-PORT,443),(NETWORK,UDP),REJECT # quic
#  - AND,((RULE-SET,YouTube_classical),(DST-PORT,443),(NETWORK,UDP)),REJECT # quic
#  - AND,(AND,(DST-PORT,443),(NETWORK,UDP)),(AND,((GEOSITE,youtube),(RULE-SET,Google_classical))),REJECT # quic
  - DST-PORT,53/853,DNS服务
  - RULE-SET,DNS_classical,DNS服务
#  - DST-PORT,16881,PT站点
#  - IP-CIDR6,2607:f8b0::/32,YouTube
#  - IP-CIDR6,2404:6800::/32,YouTube
#  - IP-CIDR,74.125.0.0/16,YouTube
#  - DOMAIN-SUFFIX,1e100.net,YouTube
#  - DOMAIN-KEYWORD,youtube-ui,YouTube
#  - IP-ASN,1026,YouTube,no-resolve
#  - IP-ASN,11344,YouTube,no-resolve
#  - IP-ASN,36040,YouTube,no-resolve
#  - IP-ASN,36561,YouTube,no-resolve
#  - IP-ASN,43515,YouTube,no-resolve
#  - IP-ASN,3462,港台,no-resolve
#  - DOMAIN-SUFFIX,youtubei.googleapis.com,Google&Google TV
#  - DOMAIN-SUFFIX,androidtvlauncherxfe-pa.googleapis.com,Google&Google TV
#  - DOMAIN,tv.google.com,Google&Google TV
#  - DOMAIN-SUFFIX,tv.google,Google&Google TV
#  - DOMAIN-KEYWORD,tv.google,Google&Google TV
  - RULE-SET,Synology_classical,群晖服务
#  - RULE-SET,Telegram_classical,Telegram
#  - RULE-SET,telegram_ip,Telegram
  - RULE-SET,GitHub_classical,Github&Docker
  - RULE-SET,Docker_classical,Github&Docker
  - RULE-SET,Twitter_classical,Twitter&Facebook
  - RULE-SET,Facebook_classical,Twitter&Facebook
  - RULE-SET,Netflix_classical,NETFLIX&Disney+
#  - GEOSITE,youtube,YouTube
  - RULE-SET,YouTube_classical,YouTube
  - RULE-SET,Disney_classical,NETFLIX&Disney+
#  - RULE-SET,TikTok_classical,TikTok
  - RULE-SET,Viki_classical,美区流媒体
  - RULE-SET,USMedia_classical,美区流媒体
  - DOMAIN-SUFFIX,tubitv.com,美区流媒体
  - DOMAIN-SUFFIX,tubi.video,美区流媒体
  - DOMAIN-SUFFIX,tubi.io,美区流媒体
  - RULE-SET,ViuTV_classical,港台
  - RULE-SET,HiNet_classical,港台
  - DOMAIN-KEYWORD,4gtv,港台
  - RULE-SET,PrivateTracker_classical,PT站点
#  - GEOSITE,plutotv,PlutoTV
#  - DOMAIN-KEYWORD,pthome,PT站点
#  - DOMAIN-KEYWORD,haidan,PT站点
#  - DOMAIN-KEYWORD,m-team,PT站点
#  - DOMAIN-KEYWORD,1ptba,PT站点
#  - DOMAIN-KEYWORD,hdatmos,PT站点
#  - DOMAIN-KEYWORD,tracker,PT站点
#  - DOMAIN,tracker.m-team.io,PT站点
#  - DOMAIN-KEYWORD,hinet,港台
#  - DOMAIN-KEYWORD,hdfans,PT站点
#  - DOMAIN-KEYWORD,hdtime,PT站点
#  - DOMAIN,tracker.hdtime.org,PT站点
  - RULE-SET,Cloudflare_classical,Cloudflare
  - RULE-SET,Google_classical,Google&Google TV
#  - DOMAIN-SUFFIX,viki.io,Viki
#  - DOMAIN-SUFFIX,viki.net,Viki
#  - DOMAIN-SUFFIX,viki.com,Viki
#  - DOMAIN-SUFFIX,akamaized.net,Viki
#  - DOMAIN-SUFFIX,llnwi.net,Viki
#  - DOMAIN-SUFFIX,vikiplatform.com,Viki
#  - DOMAIN-SUFFIX,quickconnect.to,群晖服务
#  - DOMAIN-SUFFIX,synology.com,群晖服务
#  - DOMAIN-KEYWORD,quickconnect,群晖服务
#  - DOMAIN-KEYWORD,synology,群晖服务
#  - GEOSITE,github,Github
#  - GEOSITE,docker,Docker
#  - GEOSITE,twitter,Twitter
#  - GEOSITE,disney,Disney+
#  - GEOSITE,tiktok,TikTok
#  - GEOSITE,telegram,Telegram
#  - GEOSITE,netflix,NETFLIX
#  - GEOSITE,viu,ViuTV
#  - GEOSITE,google,Google&Google TV
#  - GEOSITE,hulu,Hulu
#  - GEOSITE,bilibili,哔哩哔哩
#  - GEOSITE,bahamut,巴哈姆特
#  - GEOSITE,spotify,Spotify
#  - GEOSITE,microsoft,微软服务
#  - DOMAIN,mikrotik.com,MikroTik服务
#  - DOMAIN,cloud2.mikrotik.com,MikroTik服务
#  - DOMAIN,whatismyipaddress.com,IP地址检测
#  - GEOSITE,geolocation-!cn,默认出口
#  - DOMAIN,tv.google.com,Google TV
#  - DOMAIN-SUFFIX,tv.google,Google TV
#  - DOMAIN-KEYWORD,tv.google,Google TV
#  - DOMAIN-SUFFIX,ebates.com,Viki
#  - DOMAIN-SUFFIX,infoseek.co.jp,Viki
#  - DOMAIN-SUFFIX,o50.jp,Viki
#  - DOMAIN-SUFFIX,r10.to,Viki
#  - DOMAIN-SUFFIX,r10s.com,Viki
#  - DOMAIN-SUFFIX,r10s.jp,Viki
#  - DOMAIN-SUFFIX,rakuten-static.com,Viki
#  - DOMAIN-SUFFIX,rakuten.ca,Viki
#  - DOMAIN-SUFFIX,rakuten.co.jp,Viki
#  - DOMAIN-SUFFIX,rakuten.com,Viki
#  - DOMAIN-SUFFIX,rakuten.com.tw,Viki
#  - DOMAIN-SUFFIX,rakuten.ne.jp,Viki
#  - DOMAIN-SUFFIX,rakuten.tw,Viki
#  - DOMAIN-SUFFIX,rclon.com,Viki
#  - DOMAIN-SUFFIX,rebates.jp,Viki
#  - DOMAIN-SUFFIX,showtime.co.jp,Viki
#  - DOMAIN-SUFFIX,viber.co.jp,Viki
#  - DOMAIN-SUFFIX,viber.com,Viki
#  - DOMAIN-KEYWORD,pandoranext,PandoraNext
#  - GEOSITE,!cn,默认出口
# - AND,(AND,(DST-PORT,443),(NETWORK,UDP)),(NOT,((GEOIP,CN))),REJECT # quic
#  - IP-CIDR,216.73.80.0/20,YouTube
#  - IP-CIDR6,2620:120:e000::/40,YouTube
#  - IP-ASN,43515,YouTube,no-resolve
#  - GEOIP,netflix,NETFLIX
#  - GEOIP,tiktok,TikTok
#  - GEOIP,telegram,Telegram
#  - GEOIP,twitter,Twitter
#  - GEOSITE,cloudflare,港台
#  - GEOIP,google,Google&Google TV
#  - GEOIP,cn,direct
#  - IP-CIDR,103.255.208.164/32,direct
  - RULE-SET,Netflix_ip,NETFLIX&Disney+
  - RULE-SET,Facebook_ip,Twitter&Facebook
  - RULE-SET,twitter_ip,Twitter&Facebook
  - RULE-SET,google_ip,Google&Google TV
#  - AND,(AND,(DST-PORT,443),(NETWORK,UDP)),REJECT # quic
#  - AND,(DST-PORT,443),(NETWORK,UDP),(GEOSITE,youtube),REJECT # quic
  - GEOIP,us,欧美
  - GEOIP,th,亚太
  - GEOIP,id,亚太
  - GEOIP,ph,亚太
  - GEOIP,my,亚太
  - GEOIP,sg,亚太
  - GEOIP,kh,亚太
  - GEOIP,la,亚太
  - GEOIP,vn,亚太
  - GEOIP,jp,日韩
  - GEOIP,kr,日韩
  - GEOIP,mo,港台
  - GEOIP,hk,港台
  - GEOIP,tw,港台
  - MATCH,默认出口
rule-anchor:
  ip: &ip {type: http, interval: 86400, behavior: ipcidr, format: yaml}
  domain: &domain {type: http, interval: 86400, behavior: domain, format: yaml}
  classical: &classical {type: http, interval: 86400, behavior: classical, format: yaml}
rule-providers:
  TikTok_classical:
    <<: *classical
    url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/TikTok/TikTok.yaml"
  Synology_classical:
    <<: *classical
    url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Synology/Synology.yaml"
  Viki_classical:
    <<: *classical
    url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Viki/Viki.yaml"
  GitHub_classical:
    <<: *classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/GitHub/GitHub.yaml"
  Docker_classical:
    <<: *classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Docker/Docker.yaml"
  Twitter_classical:
    <<: *classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Twitter/Twitter.yaml"
  Facebook_classical:
    <<: *classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Facebook/Facebook.yaml"
  YouTube_classical:
    <<: *classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/YouTube/YouTube.yaml"
  Disney_classical:
    <<: *classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Disney/Disney.yaml"
  Telegram_classical:
    <<: *classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Telegram/Telegram.yaml"
  Netflix_classical:
    <<: *classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Netflix/Netflix.yaml"
  Netflix_ip:
    <<: *ip
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Netflix/Netflix_IP.yaml"
  Cloudflare_classical:
    <<: *classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Cloudflare/Cloudflare.yaml"
  ViuTV_classical:
    <<: *classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/ViuTV/ViuTV.yaml"
  USMedia_classical:
    <<: *classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/USMedia/USMedia.yaml"
  Google_classical:
    <<: *classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Google/Google.yaml"
  PrivateTracker_classical:
    <<: *classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/PrivateTracker/PrivateTracker.yaml"
  google_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/google.yaml"
  twitter_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/twitter.yaml"
  Facebook_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/facebook.yaml"
  telegram_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/telegram.yaml"
  HiNet_classical:
    <<: *classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Cloud/HiNet/HiNet.yaml"
  DNS_classical:
    <<: *classical
    url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/DNS/DNS.yaml"

描述

本意是拦截油管的quic，这样就不用关闭浏览器的quic开关了，但是我设置了上面的规则，测试没有任何效果，使用规则油管3W左右，关闭浏览器的quic后速度有30W左右，说明相应规则没有生效。

重现方式

1.打开浏览器：chrome://flags/#enable-quic，然后打开quic ，设置上面的规则的，重启mihomo，重启浏览器，打开油管显示速度大概3w左右 1.打开浏览器：chrome://flags/#enable-quic，然后关闭quic ，重启浏览器，打开油管显示速度大概30w左右.

日志

No response

xishang0128 commented 2 weeks ago

no log no issue

sleepm commented 2 weeks ago

写法是 AND(A, B) 你写的是 AND(A, B, C) 试试写成子规则

- SUB-RULE,(GEOSITE,youtube)), udp443
sub-rules:
  udp443:
    - AND,((NETWORK,UDP),(DST-PORT,443)),REJECT

xiandu999-yu commented 2 weeks ago

AND,(AND,(DST-PORT,443),(NETWORK,UDP)),(NOT,((GEOSITE,cn))),(NOT,((GEOIP,cn))),(NOT,((SRC-GEOIP,cn))),UDP443

直接点，把外面的全ban了不是更省事[doge]

Lovefish commented 2 weeks ago

AND,(AND,(DST-PORT,443),(NETWORK,UDP)),(NOT,((GEOSITE,cn))),(NOT,((GEOIP,cn))),(NOT,((SRC-GEOIP,cn))),UDP443

直接点，把外面的全ban了不是更省事[doge]

你这个写的有问题吧，括号少了两个

Lovefish commented 2 weeks ago

你写的这个逻辑匹配应该是没问题的，我也是这么写的，而且后台看日志是有拦截的。你的问题应该是拦截的不够全面。你把geosite的youtube换成google看看

Lovefish commented 2 weeks ago

写法是 AND(A, B) 你写的是 AND(A, B, C) 试试写成子规则
- SUB-RULE,(GEOSITE,youtube)), udp443
sub-rules:
  udp443:
    - AND,((NETWORK,UDP),(DST-PORT,443)),REJECT

逻辑规则的这个AND(A, B, C) 应该是没问题的吧？甚至可以AND(A, B, C, D, E) 吧

xiandu999-yu commented 2 weeks ago

AND,(AND,(DST-PORT,443),(NETWORK,UDP)),(NOT,((GEOSITE,cn))),(NOT,((GEOIP,cn))),(NOT,((SRC-GEOIP,cn))),UDP443

直接点，把外面的全ban了不是更省事[doge]

你这个写的有问题吧，括号少了两个

我这格式是从github上找到的

lkxlzx commented 2 weeks ago

语法有问题应该不能正常启动，我现写了很多方式都不行

lkxlzx commented 2 weeks ago

@lkxlzx 8cm的服务器风扇还是比4cm的得劲啊

大风扇高转速（如果不介意噪音）

NevadaCities commented 2 weeks ago

@lkxlzx 8cm的服务器风扇还是比4cm的得劲啊

大风扇高转速（如果不介意噪音）

在Telegram回复错了，回复到Issue消息了

xiandu999-yu commented 2 weeks ago

语法有问题应该不能正常启动，我现写了很多方式都不行

程序不就是这样的吗，莫名其妙的能用又莫名其妙的报错...

Skyxim commented 2 weeks ago

确保 and 中规则都能匹配

MetaCubeX / mihomo