Closed Xarth-Mai closed 1 month ago
版本号不对,请使用官方构建
@Xarth-Mai I have tested with the latest Alpha branch version, and the issue still persists.
没做到就不要勾选
@Xarth-Mai I have tested with the latest Alpha branch version, and the issue still persists.
没做到就不要勾选
Sry, when I opened the issue, I was using an alpha branch I built a few hours ago. I just tried the version from https://github.com/MetaCubeX/mihomo/actions/runs/11007562649/artifacts/1969795331 and got the same result.
➜ bin clash-meta -v
Mihomo Meta alpha-6c03830 linux amd64 with go1.23.1 Tue Sep 24 05:26:45 UTC 2024
Use tags: with_gvisor
@Xarth-Mai 尝试使用本地规则集合,写两个测试ip
@Xarth-Mai 尝试使用本地规则集合,写两个测试ip
It doesnt work,
➜ ruleset sudo nft list ruleset
table inet mihomo {
set inet4_route_exclude_address_set {
type ipv4_addr
flags interval
elements = { 1.0.32.0/19 }
}
set inet6_route_exclude_address_set {
type ipv6_addr
flags interval
}
set inet4_local_address_set {
type ipv4_addr
flags interval
elements = { 127.0.0.0/8, 192.168.23.0/24,
192.168.240.0/24, 198.18.0.0/30 }
}
set inet6_local_address_set {
type ipv6_addr
flags interval
elements = { ::1,
240e:822a:4c30:9a40::/64,
240e:822a:4c38:9420::/64,
240e:823b:4c30:e950::/64 }
}
chain output {
type nat hook output priority mangle; policy accept;
meta mark 0x00002024 counter packets 0 bytes 0 return
meta nfproto ipv4 oifname != "lo" meta l4proto { tcp, udp } th dport 53 dnat ip to 198.18.0.2 counter packets 0 bytes 0
meta nfproto ipv6 oifname != "lo" meta l4proto { tcp, udp } th dport 53 dnat ip6 to fdfe:dcba:9876::2 counter packets 0 bytes 0
ip daddr @inet4_local_address_set counter packets 0 bytes 0 return
ip6 daddr @inet6_local_address_set counter packets 0 bytes 0 return
ip daddr @inet4_route_exclude_address_set counter packets 0 bytes 0 return
ip6 daddr @inet6_route_exclude_address_set counter packets 0 bytes 0 return
meta l4proto tcp counter packets 0 bytes 0 redirect to :38777 return
}
chain output_udp {
type route hook output priority mangle; policy accept;
meta mark 0x00002024 counter packets 0 bytes 0 return
meta l4proto != udp return
ip daddr @inet4_local_address_set counter packets 40 bytes 2624 return
ip6 daddr @inet6_local_address_set counter packets 0 bytes 0 return
ip daddr @inet4_route_exclude_address_set counter packets 0 bytes 0 return
ip6 daddr @inet6_route_exclude_address_set counter packets 0 bytes 0 return
meta mark set 0x00002023 ct mark set meta mark counter packets 0 bytes 0
}
chain prerouting {
type nat hook prerouting priority mangle; policy accept;
meta nfproto ipv4 meta l4proto { tcp, udp } th dport 53 dnat ip to 198.18.0.2 counter packets 0 bytes 0
meta nfproto ipv6 meta l4proto { tcp, udp } th dport 53 dnat ip6 to fdfe:dcba:9876::2 counter packets 0 bytes 0
ip daddr @inet4_local_address_set counter packets 0 bytes 0 return
ip6 daddr @inet6_local_address_set counter packets 0 bytes 0 return
ip daddr @inet4_route_exclude_address_set counter packets 0 bytes 0 return
ip6 daddr @inet6_route_exclude_address_set counter packets 0 bytes 0 return
meta l4proto tcp counter packets 0 bytes 0 redirect to :38777 return
meta mark set 0x00002023 ct mark set meta mark counter packets 0 bytes 0
}
chain prerouting_udp {
type filter hook prerouting priority mangle + 1; policy accept;
ip daddr @inet4_local_address_set counter packets 41 bytes 2664 return
ip6 daddr @inet6_local_address_set counter packets 0 bytes 0 return
meta l4proto udp ct mark 0x00002023 meta mark set ct mark counter packets 0 bytes 0
}
}
The config.yaml:
mode: rule
mixed-port: 7897
allow-lan: false
log-level: debug
ipv6: true
external-controller: 127.0.0.1:9097
secret: ""
global-client-fingerprint: random
profile:
store-selected: true
unified-delay: true
geo-update-interval: 72
tcp-concurrent: true
tun:
enable: true
stack: system
auto-route: true
auto-redirect: true
auto-detect-interface: true
device: utun0
strict-route: true
gso: true
dns-hijack:
- any:53
route-exclude-address-set:
- test
mtu: 1500
rule-providers:
test:
type: file
behavior: ipcidr
path: ./ruleset/test.yaml
interval: 86400
rules:
- RULE-SET,test,DIRECT
- MATCH,DIRECT
The test.yaml:
payload:
- '2001:470:d:32f::/64'
- '2001:470:d:330::/64'
- '2001:470:d:333::/64'
- '2001:470:d:334::/63'
- '2001:470:d:33b::/64'
- '2001:470:d:33c::/63'
- '2001:470:d:341::/64'
- '2001:470:d:344::/64'
- '2001:470:d:349::/64'
- '2001:470:d:34b::/64'
- 'fc00::/7'
- 'fe80::/10'
- 'ff00::/8'
- '1.0.32.0/19'
Log:
➜ ~ sudo clash-meta -d ~/Desktop
INFO[2024-09-24T16:14:59.935185704+08:00] Start initial configuration in progress
INFO[2024-09-24T16:14:59.935270585+08:00] Geodata Loader mode: memconservative
INFO[2024-09-24T16:14:59.935274673+08:00] Geosite Matcher implementation: succinct
INFO[2024-09-24T16:14:59.935455764+08:00] Initial configuration complete, total time: 0ms
INFO[2024-09-24T16:14:59.935665381+08:00] RESTful API listening at: 127.0.0.1:9097
INFO[2024-09-24T16:14:59.947944855+08:00] Sniffer is closed
INFO[2024-09-24T16:14:59.947959731+08:00] Use tcp concurrent
INFO[2024-09-24T16:14:59.948015305+08:00] Mixed(http+socks) proxy listening at: 127.0.0.1:7897
WARN[2024-09-24T16:14:59.948328717+08:00] [TUN] default interface changed by monitor, => enp4s0
DEBU[2024-09-24T16:14:59.952020688+08:00] batch write packet: invalid offset
INFO[2024-09-24T16:14:59.963490461+08:00] [TUN] Tun adapter listening at: utun0([198.18.0.1/30],[fdfe:dcba:9876::1/126]), mtu: 1500, auto route: true, auto redir: true, ip stack: System
INFO[2024-09-24T16:14:59.963558689+08:00] Start initial provider test
INFO[2024-09-24T16:14:59.964385008+08:00] Start initial Compatible provider default
ERRO[2024-09-24T16:14:59.969387969+08:00] update route address set: conn.Receive: netlink receive: file exists
DEBU[2024-09-24T16:14:59.973668623+08:00] [DNS] hijack udp:198.18.0.2:53 from 192.168.23.270:45826
DEBU[2024-09-24T16:14:59.97371819+08:00] [DNS] hijack udp:198.18.0.2:53 from 192.168.23.270:33925
^CWARN[2024-09-24T16:15:06.767392039+08:00] Mihomo shutting down
➜ ~ sudo clash-meta -v
Mihomo Meta alpha-6c03830 linux amd64 with go1.23.1 Tue Sep 24 05:26:45 UTC 2024
Use tags: with_gvisor
➜ ~
The rule itself should be correct and can be properly processed after the traffic enters the Clash core.
Host: www.bilibili.com:443
Downloaded: 9.50 KB
Uploaded: 1.41 KB
DL Speed: 0 B/s
UL Speed: 0 B/s
Chains: DIRECT
Rule: RuleSet(cncidr)
Process:
Time: a few seconds ago
Source: fdfe:dcba:9876::1:49104
Destination IP: 2408:873c:6810:3::11
Type: Tun(tcp)
@Xarth-Mai 去除fe80等地址,私有地址不应使用在route-exclude-address-set
Verify steps
Operating System
Linux
System Version
ArchLinux 6.10.10-zen1-1-zen #1 ZEN SMP PREEMPT_DYNAMIC Thu, 12 Sep 2024 17:17:51 +0000 x86_64 GNU/Linux
Mihomo Version
Configuration File
Description
使用此配置文件运行Mihomo 通过
sudo nft list ruleset
查看防火墙规则 发现route-exclude-address-set
指定规则集中的目标IPv6 CIDR未被添加进防火墙Reproduction Steps
sudo mihomo -d /opt/mihomo
sudo nft list ruleset
Logs