search

MetaCubeX / mihomo

A simple Python Pydantic model for Honkai: Star Rail parsed data from the Mihomo API.
https://wiki.metacubex.one
MIT License
16.02k stars 2.6k forks source link

dns-hijack无法截获系统dns #63

Closed csy19960309 closed 2 years ago

csy19960309 commented 2 years ago

IMG_20220521_224846_062 如图,dns以明文方式直接和路由器交互,未经过clash core转为doh. 平台为Android12,kernel是4.19.157-perf+,clash版本是v1.11.1,私人DNS功能未开启。开启clash-core的方式是Clash for Magisk魔改版。

tun: enable: false device: Meta stack: gvisor # system dns-hijack:

  • 'any:53' auto-route: false auto-detect-interface: false
csy19960309 commented 2 years ago

才发现发的配置没有enable. 我在测试时是enable:true的,特此说明下。

csy19960309 commented 2 years ago

@Skyxim 升级到版本Clash Meta alpha-1af39cb android arm64 with go1.18.2 Wed Jun 1 04:41:35 UTC 2022, 使用5G则正常,切换到WiFi还是无法截取DNS,启停核心依旧。用回tproxy后正常(可以截取)。 之前应该也是这样的现象,由于一直在家所以没有试验过5G... WiFi的网卡名称是wlan0.

Skyxim commented 2 years ago

@csy19960309 提供完整配置 日志 网卡 dns IP 以及是否开启例如adg之类 影响dns的软件

Skyxim commented 2 years ago

@csy19960309 还有 你确定你tun用的这个配置

Skyxim commented 2 years ago

@csy19960309 如果是 你的路由怎么把流量给clash的 iptable 规则记录

csy19960309 commented 2 years ago

@csy19960309 如果是 你的路由怎么把流量给clash的 iptable 规则记录

等我做了全面的测试再发。 话说通过面板看连接,只有IP没有域名,从而判断内置DNS模块没有生效,这样的判断准确么?

csy19960309 commented 2 years ago

@csy19960309 如果是 你的路由怎么把流量给clash的 iptable 规则记录

配置:

tproxy-port: 7893 allow-lan: true geodata-mode: false unified-delay: true mode: rule log-level: debug ipv6: false tcp-concurrent: false sniffer: enable: false profile: store-fake-ip: false external-controller: 127.0.0.1:9090 external-ui: clash-dashboard/dist tun: enable: true device: Meta stack: gvisor # system dns-hijack:

  • 'any:53' auto-route: false auto-detect-interface: false dns: enable: true listen: 0.0.0.0:1053 default-nameserver:
  • 223.5.5.5
  • 1.0.0.1 ipv6: false enhanced-mode: fake-ip fake-ip-filter:
  • ".oray."
  • "*.lan"
  • stun...*
  • stun..
  • time.windows.com
  • time.nist.gov
  • time.apple.com
  • time.asia.apple.com
  • "*.ntp.org.cn"
  • "*.openwrt.pool.ntp.org"
  • time1.cloud.tencent.com
  • time.ustc.edu.cn
  • pool.ntp.org
  • ntp.ubuntu.com
  • ntp.aliyun.com
  • ntp1.aliyun.com
  • ntp2.aliyun.com
  • ntp3.aliyun.com
  • ntp4.aliyun.com
  • ntp5.aliyun.com
  • ntp6.aliyun.com
  • ntp7.aliyun.com
  • time1.aliyun.com
  • time2.aliyun.com
  • time3.aliyun.com
  • time4.aliyun.com
  • time5.aliyun.com
  • time6.aliyun.com
  • time7.aliyun.com
  • "*.time.edu.cn"
  • time1.apple.com
  • time2.apple.com
  • time3.apple.com
  • time4.apple.com
  • time5.apple.com
  • time6.apple.com
  • time7.apple.com
  • time1.google.com
  • time2.google.com
  • time3.google.com
  • time4.google.com
  • music.163.com
  • "*.music.163.com"
  • "*.126.net"
  • musicapi.taihe.com
  • music.taihe.com
  • songsearch.kugou.com
  • trackercdn.kugou.com
  • "*.kuwo.cn"
  • api-jooxtt.sanook.com
  • api.joox.com
  • joox.com
  • y.qq.com
  • "*.y.qq.com"
  • streamoc.music.tc.qq.com
  • mobileoc.music.tc.qq.com
  • isure.stream.qqmusic.qq.com
  • dl.stream.qqmusic.qq.com
  • aqqmusic.tc.qq.com
  • amobile.music.tc.qq.com
  • "*.xiami.com"
  • "*.music.migu.cn"
  • music.migu.cn
  • "*.msftconnecttest.com"
  • "*.msftncsi.com"
  • localhost.ptlogin2.qq.com
  • "..*.srv.nintendo.net"
  • "..stun.playstation.net"
  • xbox...microsoft.com
  • "*.ipv6.microsoft.com"
  • "..xboxlive.com"
  • speedtest.cros.wr.pvp.net
  • shark2.douyucdn.cn nameserver:
  • https://223.6.6.6/dns-query
  • https://rubyfish.cn/dns-query
  • https://doh.pub/dns-query fallback:
  • 'https://e25acb7d.d.adguard-dns.com/dns-query#DNS'
  • 'https://jp-nrt.doh.sb/dns-query#DNS' fallback-filter: geoip: true ipcidr:
  • 240.0.0.0/4
  • 0.0.0.0/32
  • 127.0.0.1/32 domain:
  • +.gstatic.com
  • +.google.com
  • +.facebook.com
  • +.twitter.com
  • +.youtube.com
  • +.xn--ngstr-lra8j.com
  • +.google.cn
  • +.googleapis.cn
  • +.googleapis.com
  • +.gvt1.com

iptables:

Chain PREROUTING (policy ACCEPT 4174 packets, 3091K bytes) pkts bytes target prot opt in out source destination
5079 4255K CLASH_PRE all -- 0.0.0.0/0 0.0.0.0/0

Chain INPUT (policy ACCEPT 4174 packets, 3091K bytes) pkts bytes target prot opt in out source destination
1076K 1909M wakeupctrl_mangle_INPUT all -- 0.0.0.0/0 0.0.0.0/0
1076K 1909M routectrl_mangle_INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
0 0 tetherctrl_mangle_FORWARD all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 3444 packets, 973K bytes) pkts bytes target prot opt in out source destination
4426 2085K CLASH_OUT all -- 0.0.0.0/0 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 3451 packets, 973K bytes) pkts bytes target prot opt in out source destination
1957K 882M qcom_htimer_POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0
1957K 882M oem_mangle_post all -- 0.0.0.0/0 0.0.0.0/0
1957K 882M bw_mangle_POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0
1957K 882M idletimer_mangle_POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0
1957K 882M qcom_qos_reset_POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0
1957K 882M qcom_qos_filter_POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0

Chain CLASH_OUT (1 references) pkts bytes target prot opt in out source destination
2155 1803K RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 0 owner GID match 3005 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/8
0 0 RETURN all -- 0.0.0.0/0 10.0.0.0/8
0 0 RETURN all -- 0.0.0.0/0 100.64.0.0/10
476 45050 RETURN all -- 0.0.0.0/0 127.0.0.0/8
0 0 RETURN all -- 0.0.0.0/0 169.254.0.0/16
0 0 RETURN all -- 0.0.0.0/0 172.16.0.0/12
0 0 RETURN all -- 0.0.0.0/0 192.0.0.0/24
0 0 RETURN all -- 0.0.0.0/0 192.0.2.0/24
37 2433 RETURN all -- 0.0.0.0/0 192.168.0.0/16
0 0 RETURN all -- 0.0.0.0/0 198.51.100.0/24
0 0 RETURN all -- 0.0.0.0/0 203.0.113.0/24
12 1374 RETURN all -- 0.0.0.0/0 224.0.0.0/4
0 0 RETURN all -- 0.0.0.0/0 255.255.255.255
0 0 RETURN all -- 0.0.0.0/0 240.0.0.0/4
1746 233K MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x7e5

Chain CLASH_PRE (1 references) pkts bytes target prot opt in out source destination
0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/8
243 96744 RETURN all -- 0.0.0.0/0 10.0.0.0/8
0 0 RETURN all -- 0.0.0.0/0 100.64.0.0/10
930 1467K RETURN all -- 0.0.0.0/0 127.0.0.0/8
0 0 RETURN all -- 0.0.0.0/0 169.254.0.0/16
0 0 RETURN all -- 0.0.0.0/0 172.16.0.0/12
0 0 RETURN all -- 0.0.0.0/0 192.0.0.0/24
0 0 RETURN all -- 0.0.0.0/0 192.0.2.0/24
3697 2619K RETURN all -- 0.0.0.0/0 192.168.0.0/16
0 0 RETURN all -- 0.0.0.0/0 198.51.100.0/24
0 0 RETURN all -- 0.0.0.0/0 203.0.113.0/24
21 4494 RETURN all -- 0.0.0.0/0 224.0.0.0/4
188 66946 RETURN all -- 0.0.0.0/0 255.255.255.255
0 0 RETURN all -- 0.0.0.0/0 240.0.0.0/4
0 0 MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x7e5

Chain bw_mangle_POSTROUTING (1 references) pkts bytes target prot opt in out source destination
0 0 RETURN all -- ipsec+ 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 policy match dir out pol ipsec 1957K 882M MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK and 0xffefffff 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 1029 1957K 882M all -- * 0.0.0.0/0 0.0.0.0/0 match bpf pinned /sys/fs/bpf/prog_netd_skfilter_egress_xtbpf

Chain idletimer_mangle_POSTROUTING (1 references) pkts bytes target prot opt in out source destination
1659 375K IDLETIMER all -- * wlan0 0.0.0.0/0 0.0.0.0/0 timeout:15 label:1 send_nl_msg

Chain nm_mdmprxy_icmp_pkt_marker (0 references) pkts bytes target prot opt in out source destination

Chain nm_mdmprxy_mark_prov_chain (1 references) pkts bytes target prot opt in out source destination
0 0 nm_mdmprxy_pkt_skmark udp -- 0.0.0.0/0 0.0.0.0/0 socket --transparent --nowildcard --restore-skmark 0 0 nm_mdmprxy_pkt_skmark tcp -- 0.0.0.0/0 0.0.0.0/0 socket --transparent --nowildcard --restore-skmark

Chain nm_mdmprxy_mngl_post (0 references) pkts bytes target prot opt in out source destination
0 0 MARK all -- 0.0.0.0/0 0.0.0.0/0 mark match 0xf0002 MARK and 0x0

Chain nm_mdmprxy_mngl_pre (1 references) pkts bytes target prot opt in out source destination

Chain nm_mdmprxy_mngl_pre_ex (1 references) pkts bytes target prot opt in out source destination

Chain nm_mdmprxy_mngl_pre_spi (1 references) pkts bytes target prot opt in out source destination

Chain nm_mdmprxy_mngl_pre_tee (0 references) pkts bytes target prot opt in out source destination

Chain nm_mdmprxy_pkt_forwarder (1 references) pkts bytes target prot opt in out source destination

Chain nm_mdmprxy_pkt_marker (0 references) pkts bytes target prot opt in out source destination
0 0 CONNMARK all -- 0.0.0.0/0 0.0.0.0/0 CONNMARK restore 0 0 nm_mdmprxy_mngl_pre all -- 0.0.0.0/0 0.0.0.0/0
0 0 nm_mdmprxy_mark_prov_chain all -- 0.0.0.0/0 0.0.0.0/0
0 0 nm_mdmprxy_mngl_pre_spi all -- 0.0.0.0/0 0.0.0.0/0
0 0 nm_mdmprxy_mngl_pre_ex all -- 0.0.0.0/0 0.0.0.0/0
0 0 MARK udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:7275 MARK set 0xf0002 0 0 MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5060 MARK set 0xf0002 0 0 MARK udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 MARK set 0xf0002 0 0 nm_mdmprxy_pkt_forwarder all -- 0.0.0.0/0 0.0.0.0/0 mark match 0xf0002 0 0 DROP !icmp -- 0.0.0.0/0 0.0.0.0/0 mark match 0xf0002

Chain nm_mdmprxy_pkt_skmark (2 references) pkts bytes target prot opt in out source destination
0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain oem_mangle_post (1 references) pkts bytes target prot opt in out source destination

Chain qcom_htimer_POSTROUTING (1 references) pkts bytes target prot opt in out source destination

Chain qcom_qos_filter_POSTROUTING (1 references) pkts bytes target prot opt in out source destination

Chain qcom_qos_reset_POSTROUTING (1 references) pkts bytes target prot opt in out source destination
70060 17M MARK all -- * rmnet_data+ 0.0.0.0/0 0.0.0.0/0 MARK and 0x0

Chain routectrl_mangle_INPUT (1 references) pkts bytes target prot opt in out source destination
0 0 MARK all -- rmnet_data0 0.0.0.0/0 0.0.0.0/0 MARK xset 0xf0001/0xffefffff 539K 772M MARK all -- wlan0 0.0.0.0/0 0.0.0.0/0 MARK xset 0x30068/0xffefffff 0 0 MARK all -- rmnet_data1 0.0.0.0/0 0.0.0.0/0 MARK xset 0xf006a/0xffefffff 34 11500 MARK all -- rmnet_data2 0.0.0.0/0 0.0.0.0/0 MARK xset 0x7006b/0xffefffff

Chain tetherctrl_mangle_FORWARD (1 references) pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x02/0x02 TCPMSS clamp to PMTU

Chain wakeupctrl_mangle_INPUT (1 references) pkts bytes target prot opt in out source destination

ifconfig:

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope: Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:568049 errors:0 dropped:0 overruns:0 frame:0 TX packets:568049 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1085853492 TX bytes:1085853492

rmnet_data0 Link encap:UNSPEC
inet6 addr: fe80::b9c6:72f1:43d8:fd59/64 Scope: Link UP RUNNING MTU:1500 Metric:1 RX packets:58 errors:0 dropped:0 overruns:0 frame:0 TX packets:43 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4012 TX bytes:3230

dummy0 Link encap:Ethernet HWaddr ca:bc:30:df:34:ee inet6 addr: fe80::c8bc:30ff:fedf:34ee/64 Scope: Link UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:17 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 TX bytes:1190

rmnet_data1 Link encap:UNSPEC
inet addr:10.166.76.187 Mask:255.255.255.248 inet6 addr: fe80::9e7f:7db8:6784:b862/64 Scope: Link UP RUNNING MTU:1436 Metric:1 RX packets:116799 errors:0 dropped:0 overruns:0 frame:0 TX packets:52165 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:158513419 TX bytes:10752843

rmnet_data2 Link encap:UNSPEC
inet6 addr: fe80::6b8f:739b:1ad:47cf/64 Scope: Link inet6 addr: 2408:850c:133f:9254:6b8f:739b:1ad:47cf/64 Scope: Global UP RUNNING MTU:1400 Metric:1 RX packets:87615 errors:0 dropped:0 overruns:0 frame:0 TX packets:44593 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:105374863 TX bytes:9241107

rmnet_mhi0 Link encap:UNSPEC Driver mhi_netdev UP RUNNING MTU:65535 Metric:1 RX packets:289552 errors:0 dropped:0 overruns:0 frame:0 TX packets:90540 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:350901750 TX bytes:29749607

wlan0 Link encap:Ethernet HWaddr 0e:30:9d:15:f6:47 Driver cnss_pci inet addr:192.168.0.60 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::c30:9dff:fe15:f647/64 Scope: Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1004928 errors:0 dropped:1 overruns:0 frame:0 TX packets:506742 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3000 RX bytes:1043447284 TX bytes:77837905

PS 这个ifconfig是我今天到公司记录的,在家时的网段是192.168.2.xxx

Skyxim commented 2 years ago

根本没启动tun,无tun网卡,查看日志,是否以root启动 还有既然没有使用auto-route那需要你自己处理路由否则不会接管网络,看使用说明

Adlyq commented 2 years ago

@csy19960309 你的DNS地址是内网地址,不会进入clash内核。

csy19960309 commented 2 years ago

根本没启动tun,无tun网卡,查看日志,是否以root启动 还有既然没有使用auto-route那需要你自己处理路由否则不会接管网络,看使用说明

tun网卡是这样

Meta: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 9000 inet 198.18.0.1 netmask 255.255.0.0 destination 198.18.0.1 unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)

我以为你只看wlan0的配置,所以记录的时候用的tproxy. 关闭auto-route,内核自己会用iptables拉起来。 我觉得原因应该就是Adlyq说的。

csy19960309 commented 2 years ago

@csy19960309 你的DNS地址是内网地址,不会进入clash内核。

明白了,可以让内网地址进入tun,然后clash内核来分流么?一般来说用WiFi时默认DNS地址都是网关地址...

Adlyq commented 2 years ago

@csy19960309 可以,自己改clash.config最后面,把自己内网网段删掉

csy19960309 commented 2 years ago

@csy19960309 可以,自己改clash.config最后面,把自己内网网段删掉

明白了,谢谢。