Closed csy19960309 closed 2 years ago
才发现发的配置没有enable. 我在测试时是enable:true的,特此说明下。
@Skyxim 升级到版本Clash Meta alpha-1af39cb android arm64 with go1.18.2 Wed Jun 1 04:41:35 UTC 2022, 使用5G则正常,切换到WiFi还是无法截取DNS,启停核心依旧。用回tproxy后正常(可以截取)。 之前应该也是这样的现象,由于一直在家所以没有试验过5G... WiFi的网卡名称是wlan0.
@csy19960309 提供完整配置 日志 网卡 dns IP 以及是否开启例如adg之类 影响dns的软件
@csy19960309 还有 你确定你tun用的这个配置
@csy19960309 如果是 你的路由怎么把流量给clash的 iptable 规则记录
@csy19960309 如果是 你的路由怎么把流量给clash的 iptable 规则记录
等我做了全面的测试再发。 话说通过面板看连接,只有IP没有域名,从而判断内置DNS模块没有生效,这样的判断准确么?
@csy19960309 如果是 你的路由怎么把流量给clash的 iptable 规则记录
配置:
tproxy-port: 7893 allow-lan: true geodata-mode: false unified-delay: true mode: rule log-level: debug ipv6: false tcp-concurrent: false sniffer: enable: false profile: store-fake-ip: false external-controller: 127.0.0.1:9090 external-ui: clash-dashboard/dist tun: enable: true device: Meta stack: gvisor # system dns-hijack:
- 'any:53' auto-route: false auto-detect-interface: false dns: enable: true listen: 0.0.0.0:1053 default-nameserver:
- 223.5.5.5
- 1.0.0.1 ipv6: false enhanced-mode: fake-ip fake-ip-filter:
- ".oray."
- "*.lan"
- stun...*
- stun..
- time.windows.com
- time.nist.gov
- time.apple.com
- time.asia.apple.com
- "*.ntp.org.cn"
- "*.openwrt.pool.ntp.org"
- time1.cloud.tencent.com
- time.ustc.edu.cn
- pool.ntp.org
- ntp.ubuntu.com
- ntp.aliyun.com
- ntp1.aliyun.com
- ntp2.aliyun.com
- ntp3.aliyun.com
- ntp4.aliyun.com
- ntp5.aliyun.com
- ntp6.aliyun.com
- ntp7.aliyun.com
- time1.aliyun.com
- time2.aliyun.com
- time3.aliyun.com
- time4.aliyun.com
- time5.aliyun.com
- time6.aliyun.com
- time7.aliyun.com
- "*.time.edu.cn"
- time1.apple.com
- time2.apple.com
- time3.apple.com
- time4.apple.com
- time5.apple.com
- time6.apple.com
- time7.apple.com
- time1.google.com
- time2.google.com
- time3.google.com
- time4.google.com
- music.163.com
- "*.music.163.com"
- "*.126.net"
- musicapi.taihe.com
- music.taihe.com
- songsearch.kugou.com
- trackercdn.kugou.com
- "*.kuwo.cn"
- api-jooxtt.sanook.com
- api.joox.com
- joox.com
- y.qq.com
- "*.y.qq.com"
- streamoc.music.tc.qq.com
- mobileoc.music.tc.qq.com
- isure.stream.qqmusic.qq.com
- dl.stream.qqmusic.qq.com
- aqqmusic.tc.qq.com
- amobile.music.tc.qq.com
- "*.xiami.com"
- "*.music.migu.cn"
- music.migu.cn
- "*.msftconnecttest.com"
- "*.msftncsi.com"
- localhost.ptlogin2.qq.com
- "..*.srv.nintendo.net"
- "..stun.playstation.net"
- xbox...microsoft.com
- "*.ipv6.microsoft.com"
- "..xboxlive.com"
- speedtest.cros.wr.pvp.net
- shark2.douyucdn.cn nameserver:
- https://223.6.6.6/dns-query
- https://rubyfish.cn/dns-query
- https://doh.pub/dns-query fallback:
- 'https://e25acb7d.d.adguard-dns.com/dns-query#DNS'
- 'https://jp-nrt.doh.sb/dns-query#DNS' fallback-filter: geoip: true ipcidr:
- 240.0.0.0/4
- 0.0.0.0/32
- 127.0.0.1/32 domain:
- +.gstatic.com
- +.google.com
- +.facebook.com
- +.twitter.com
- +.youtube.com
- +.xn--ngstr-lra8j.com
- +.google.cn
- +.googleapis.cn
- +.googleapis.com
- +.gvt1.com
iptables:
Chain PREROUTING (policy ACCEPT 4174 packets, 3091K bytes) pkts bytes target prot opt in out source destination
5079 4255K CLASH_PRE all -- 0.0.0.0/0 0.0.0.0/0Chain INPUT (policy ACCEPT 4174 packets, 3091K bytes) pkts bytes target prot opt in out source destination
1076K 1909M wakeupctrl_mangle_INPUT all -- 0.0.0.0/0 0.0.0.0/0
1076K 1909M routectrl_mangle_INPUT all -- 0.0.0.0/0 0.0.0.0/0Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
0 0 tetherctrl_mangle_FORWARD all -- 0.0.0.0/0 0.0.0.0/0Chain OUTPUT (policy ACCEPT 3444 packets, 973K bytes) pkts bytes target prot opt in out source destination
4426 2085K CLASH_OUT all -- 0.0.0.0/0 0.0.0.0/0Chain POSTROUTING (policy ACCEPT 3451 packets, 973K bytes) pkts bytes target prot opt in out source destination
1957K 882M qcom_htimer_POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0
1957K 882M oem_mangle_post all -- 0.0.0.0/0 0.0.0.0/0
1957K 882M bw_mangle_POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0
1957K 882M idletimer_mangle_POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0
1957K 882M qcom_qos_reset_POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0
1957K 882M qcom_qos_filter_POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0Chain CLASH_OUT (1 references) pkts bytes target prot opt in out source destination
2155 1803K RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 0 owner GID match 3005 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/8
0 0 RETURN all -- 0.0.0.0/0 10.0.0.0/8
0 0 RETURN all -- 0.0.0.0/0 100.64.0.0/10
476 45050 RETURN all -- 0.0.0.0/0 127.0.0.0/8
0 0 RETURN all -- 0.0.0.0/0 169.254.0.0/16
0 0 RETURN all -- 0.0.0.0/0 172.16.0.0/12
0 0 RETURN all -- 0.0.0.0/0 192.0.0.0/24
0 0 RETURN all -- 0.0.0.0/0 192.0.2.0/24
37 2433 RETURN all -- 0.0.0.0/0 192.168.0.0/16
0 0 RETURN all -- 0.0.0.0/0 198.51.100.0/24
0 0 RETURN all -- 0.0.0.0/0 203.0.113.0/24
12 1374 RETURN all -- 0.0.0.0/0 224.0.0.0/4
0 0 RETURN all -- 0.0.0.0/0 255.255.255.255
0 0 RETURN all -- 0.0.0.0/0 240.0.0.0/4
1746 233K MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x7e5Chain CLASH_PRE (1 references) pkts bytes target prot opt in out source destination
0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/8
243 96744 RETURN all -- 0.0.0.0/0 10.0.0.0/8
0 0 RETURN all -- 0.0.0.0/0 100.64.0.0/10
930 1467K RETURN all -- 0.0.0.0/0 127.0.0.0/8
0 0 RETURN all -- 0.0.0.0/0 169.254.0.0/16
0 0 RETURN all -- 0.0.0.0/0 172.16.0.0/12
0 0 RETURN all -- 0.0.0.0/0 192.0.0.0/24
0 0 RETURN all -- 0.0.0.0/0 192.0.2.0/24
3697 2619K RETURN all -- 0.0.0.0/0 192.168.0.0/16
0 0 RETURN all -- 0.0.0.0/0 198.51.100.0/24
0 0 RETURN all -- 0.0.0.0/0 203.0.113.0/24
21 4494 RETURN all -- 0.0.0.0/0 224.0.0.0/4
188 66946 RETURN all -- 0.0.0.0/0 255.255.255.255
0 0 RETURN all -- 0.0.0.0/0 240.0.0.0/4
0 0 MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x7e5Chain bw_mangle_POSTROUTING (1 references) pkts bytes target prot opt in out source destination
0 0 RETURN all -- ipsec+ 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 policy match dir out pol ipsec 1957K 882M MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK and 0xffefffff 0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 owner UID match 1029 1957K 882M all -- * 0.0.0.0/0 0.0.0.0/0 match bpf pinned /sys/fs/bpf/prog_netd_skfilter_egress_xtbpfChain idletimer_mangle_POSTROUTING (1 references) pkts bytes target prot opt in out source destination
1659 375K IDLETIMER all -- * wlan0 0.0.0.0/0 0.0.0.0/0 timeout:15 label:1 send_nl_msgChain nm_mdmprxy_icmp_pkt_marker (0 references) pkts bytes target prot opt in out source destination
Chain nm_mdmprxy_mark_prov_chain (1 references) pkts bytes target prot opt in out source destination
0 0 nm_mdmprxy_pkt_skmark udp -- 0.0.0.0/0 0.0.0.0/0 socket --transparent --nowildcard --restore-skmark 0 0 nm_mdmprxy_pkt_skmark tcp -- 0.0.0.0/0 0.0.0.0/0 socket --transparent --nowildcard --restore-skmarkChain nm_mdmprxy_mngl_post (0 references) pkts bytes target prot opt in out source destination
0 0 MARK all -- 0.0.0.0/0 0.0.0.0/0 mark match 0xf0002 MARK and 0x0Chain nm_mdmprxy_mngl_pre (1 references) pkts bytes target prot opt in out source destination
Chain nm_mdmprxy_mngl_pre_ex (1 references) pkts bytes target prot opt in out source destination
Chain nm_mdmprxy_mngl_pre_spi (1 references) pkts bytes target prot opt in out source destination
Chain nm_mdmprxy_mngl_pre_tee (0 references) pkts bytes target prot opt in out source destination
Chain nm_mdmprxy_pkt_forwarder (1 references) pkts bytes target prot opt in out source destination
Chain nm_mdmprxy_pkt_marker (0 references) pkts bytes target prot opt in out source destination
0 0 CONNMARK all -- 0.0.0.0/0 0.0.0.0/0 CONNMARK restore 0 0 nm_mdmprxy_mngl_pre all -- 0.0.0.0/0 0.0.0.0/0
0 0 nm_mdmprxy_mark_prov_chain all -- 0.0.0.0/0 0.0.0.0/0
0 0 nm_mdmprxy_mngl_pre_spi all -- 0.0.0.0/0 0.0.0.0/0
0 0 nm_mdmprxy_mngl_pre_ex all -- 0.0.0.0/0 0.0.0.0/0
0 0 MARK udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:7275 MARK set 0xf0002 0 0 MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5060 MARK set 0xf0002 0 0 MARK udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 MARK set 0xf0002 0 0 nm_mdmprxy_pkt_forwarder all -- 0.0.0.0/0 0.0.0.0/0 mark match 0xf0002 0 0 DROP !icmp -- 0.0.0.0/0 0.0.0.0/0 mark match 0xf0002Chain nm_mdmprxy_pkt_skmark (2 references) pkts bytes target prot opt in out source destination
0 0 RETURN all -- 0.0.0.0/0 0.0.0.0/0Chain oem_mangle_post (1 references) pkts bytes target prot opt in out source destination
Chain qcom_htimer_POSTROUTING (1 references) pkts bytes target prot opt in out source destination
Chain qcom_qos_filter_POSTROUTING (1 references) pkts bytes target prot opt in out source destination
Chain qcom_qos_reset_POSTROUTING (1 references) pkts bytes target prot opt in out source destination
70060 17M MARK all -- * rmnet_data+ 0.0.0.0/0 0.0.0.0/0 MARK and 0x0Chain routectrl_mangle_INPUT (1 references) pkts bytes target prot opt in out source destination
0 0 MARK all -- rmnet_data0 0.0.0.0/0 0.0.0.0/0 MARK xset 0xf0001/0xffefffff 539K 772M MARK all -- wlan0 0.0.0.0/0 0.0.0.0/0 MARK xset 0x30068/0xffefffff 0 0 MARK all -- rmnet_data1 0.0.0.0/0 0.0.0.0/0 MARK xset 0xf006a/0xffefffff 34 11500 MARK all -- rmnet_data2 0.0.0.0/0 0.0.0.0/0 MARK xset 0x7006b/0xffefffffChain tetherctrl_mangle_FORWARD (1 references) pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x02/0x02 TCPMSS clamp to PMTUChain wakeupctrl_mangle_INPUT (1 references) pkts bytes target prot opt in out source destination
ifconfig:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope: Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:568049 errors:0 dropped:0 overruns:0 frame:0 TX packets:568049 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1085853492 TX bytes:1085853492rmnet_data0 Link encap:UNSPEC
inet6 addr: fe80::b9c6:72f1:43d8:fd59/64 Scope: Link UP RUNNING MTU:1500 Metric:1 RX packets:58 errors:0 dropped:0 overruns:0 frame:0 TX packets:43 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4012 TX bytes:3230dummy0 Link encap:Ethernet HWaddr ca:bc:30:df:34:ee inet6 addr: fe80::c8bc:30ff:fedf:34ee/64 Scope: Link UP BROADCAST RUNNING NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:17 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 TX bytes:1190
rmnet_data1 Link encap:UNSPEC
inet addr:10.166.76.187 Mask:255.255.255.248 inet6 addr: fe80::9e7f:7db8:6784:b862/64 Scope: Link UP RUNNING MTU:1436 Metric:1 RX packets:116799 errors:0 dropped:0 overruns:0 frame:0 TX packets:52165 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:158513419 TX bytes:10752843rmnet_data2 Link encap:UNSPEC
inet6 addr: fe80::6b8f:739b:1ad:47cf/64 Scope: Link inet6 addr: 2408:850c:133f:9254:6b8f:739b:1ad:47cf/64 Scope: Global UP RUNNING MTU:1400 Metric:1 RX packets:87615 errors:0 dropped:0 overruns:0 frame:0 TX packets:44593 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:105374863 TX bytes:9241107rmnet_mhi0 Link encap:UNSPEC Driver mhi_netdev UP RUNNING MTU:65535 Metric:1 RX packets:289552 errors:0 dropped:0 overruns:0 frame:0 TX packets:90540 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:350901750 TX bytes:29749607
wlan0 Link encap:Ethernet HWaddr 0e:30:9d:15:f6:47 Driver cnss_pci inet addr:192.168.0.60 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::c30:9dff:fe15:f647/64 Scope: Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1004928 errors:0 dropped:1 overruns:0 frame:0 TX packets:506742 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3000 RX bytes:1043447284 TX bytes:77837905
PS 这个ifconfig是我今天到公司记录的,在家时的网段是192.168.2.xxx
根本没启动tun,无tun网卡,查看日志,是否以root启动 还有既然没有使用auto-route那需要你自己处理路由否则不会接管网络,看使用说明
@csy19960309 你的DNS地址是内网地址,不会进入clash内核。
根本没启动tun,无tun网卡,查看日志,是否以root启动 还有既然没有使用auto-route那需要你自己处理路由否则不会接管网络,看使用说明
tun网卡是这样
Meta: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 9000 inet 198.18.0.1 netmask 255.255.0.0 destination 198.18.0.1 unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
我以为你只看wlan0的配置,所以记录的时候用的tproxy. 关闭auto-route,内核自己会用iptables拉起来。 我觉得原因应该就是Adlyq说的。
@csy19960309 你的DNS地址是内网地址,不会进入clash内核。
明白了,可以让内网地址进入tun,然后clash内核来分流么?一般来说用WiFi时默认DNS地址都是网关地址...
@csy19960309 可以,自己改clash.config最后面,把自己内网网段删掉
@csy19960309 可以,自己改clash.config最后面,把自己内网网段删掉
明白了,谢谢。
如图,dns以明文方式直接和路由器交互,未经过clash core转为doh. 平台为Android12,kernel是4.19.157-perf+,clash版本是v1.11.1,私人DNS功能未开启。开启clash-core的方式是Clash for Magisk魔改版。