[Bug] ruleset的 ip 规则ipv6 会漏

Felix-Koh commented 8 months ago

Verify steps

[X] 确保你使用的是本仓库最新的的 mihomo 或 mihomo Alpha 版本 Ensure you are using the latest version of Mihomo or Mihomo Alpha from this repository.
[X] 如果你可以自己 debug 并解决的话，提交 PR 吧 Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.
[X] 我已经在 Issue Tracker 中找过我要提出的问题 I have searched on the issue tracker for a related issue.
[X] 我已经使用 Alpha 分支版本测试过，问题依旧存在 I have tested using the dev branch, and the issue still exists.
[X] 我已经仔细看过 Documentation 并无法自行解决问题 I have read the documentation and was unable to solve the issue.
[X] 这是 Mihomo 核心的问题，并非我所使用的 Mihomo 衍生版本（如 OpenMihomo、KoolMihomo 等）的特定问题 This is an issue of the Mihomo core per se, not to the derivatives of Mihomo, like OpenMihomo or KoolMihomo.

Mihomo version

2e12cee

What OS are you seeing the problem on?

No response

Mihomo config

######### 锚点 start #######
# 策略组相关
pr: &pr {type: select, proxies: [PROXY,HK,TW,JP,SG,US,📍 WARP,🇺🇳,🌏,Auto,DIRECT]}

#这里是订阅更新和延迟测试相关的
p: &p {type: http, interval: 3600, health-check: {enable: true, url: http://1.1.1.1/generate_204, interval: 300}}

######### 锚点 end #######

# url 里填写自己的订阅,名称不能重复
proxy-providers:
  provider1:
    <<: *p
    url: "xxx"

  provider2:
    <<: *p
    url: "xxx"

log-level: warning
ipv6: true
allow-lan: true
mixed-port: 7890
unified-delay: false
tcp-concurrent: true

external-controller: 127.0.0.1:9090
external-ui: ui
external-ui-url: "https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip"

find-process-mode: 'off'
global-client-fingerprint: chrome

#keep-alive-interval: 3600

geodata-mode: true
geodata-loader: standard
geox-url:
  geoip: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat"
  geosite: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat"
  mmdb: "xxx"

geo-auto-update: true # 是否自动更新 geodata
geo-update-interval: 24 # 更新间隔，单位：小时

profile:
  store-selected: true
  store-fake-ip: true

sniffer:
  enable: true
  sniff:
    HTTP:
      ports: [80, 8080-8880]
      override-destination: true
    TLS:
      ports: [443, 8443]
    QUIC:
      ports: [443, 8443]
  skip-domain:
    - "Mijia Cloud"

dns:
  enable: true
  ipv6: true
  prefer-h3: true
  listen: 0.0.0.0:7874
  enhanced-mode: redir-host
  fake-ip-range: 28.0.0.1/8
  default-nameserver:
  - 223.5.5.5
  nameserver:
    - 'https://1.1.1.2/dns-query#PROXY'
    #- 'https://dns.google/dns-query#dns'
  proxy-server-nameserver:
  - https://1.12.12.12/dns-query
  nameserver-policy:
    "rule-set:dns-cn":
      - 223.5.5.5
    "rule-set:cn_domain,private,apple-cn":
      - https://223.5.5.5/dns-query
      - https://1.12.12.12/dns-query
proxies:

 proxy-groups:

  - {name: PROXY, type: select, proxies: [HK, TW, JP, SG, US, 📍 WARP, Us_Hy2, 🇺🇳, 🌏, Auto, DIRECT]}
  #- {name: Apple, type: select, proxies: [DIRECT, PROXY, Auto, HK, TW, JP, SG, US, 🇺🇳, 🌏]}
  - {name: Google, <<: *pr}
  - {name: Emby, type: select , include-all-providers: true, filter: "(?i)^(?!.*(?:重置)).*"}
  - {name: Telegram, <<: *pr}
  #- {name: Twitter, <<: *pr}
  #- {name: pixiv, <<: *pr}
  #- {name: 哔哩哔哩, type: select, proxies: [DIRECT, HK, TW, JP, SG, US, 🇺🇳, 🌏, Auto]}
  #- {name: 巴哈姆特, <<: *pr}
  - {name: YouTube, <<: *pr}
  - {name: NETFLIX, <<: *pr}
  #- {name: Steam, <<: *pr}
  #- {name: Spotify, <<: *pr}
  #- {name: github, <<: *pr}
  #- {name: 国内, type: select, proxies: [DIRECT, PROXY, HK, TW, JP, SG, US, 🇺🇳, 🌏, Auto]}

  - {name: FINAL, <<: *pr}

#分隔,下面是地区分组
  - {name: 📍 WARP, type: select, proxies: [☁️ HK-WARP, ☁️ TW-WARP, ☁️ JP-WARP, ☁️ SG-WARP, ☁️ US-WARP]}
  - {name: HK, type: fallback , include-all-providers: true, filter: "^(?=.*HK)(?=.*BBGP).*$"}
  - {name: TW, type: fallback , include-all-providers: true, filter: "(?i)台|tw|tp|taiwan"}
  - {name: JP, type: fallback , include-all-providers: true, filter: "(?i)日|jp|japan"}
  - {name: US, type: fallback , include-all-providers: true, filter: "(?i)美|us|unitedstates|united states"}
  - {name: SG, type: fallback , include-all-providers: true, filter: "(?i)(新|sg|singapore)"}
  - {name: 🇺🇳, type: select , include-all-providers: true, filter: "(?i)^(?!.*(?:HK|JP|US|SG|🇨🇳|港|hk|🇭🇰|hongkong|台|tw|tp|taiwan|日|jp|japan|新|sg|singapore|美|us|🇺🇸|unitedstates|重置)).*"}
  - {name: 🌏, type: select , include-all-providers: true, filter: "(?i)^(?!.*(?:重置)).*"}
  - {name: Auto, type: url-test, include-all-providers: true, tolerance: 10, filter: "(?i)^(?!.*(?:重置)).*"}

rules:
  - GEOIP,lan,DIRECT,no-resolve
  - RULE-SET,Reject+,REJECT
  - RULE-SET,Unbreak+,DIRECT
  - RULE-SET,private,DIRECT
  - RULE-SET,Emby,Emby
  #- RULE-SET,ehentai_domain,ehentai
  #- RULE-SET,github_domain,Github
  #- RULE-SET,twitter_domain,Twitter
  - RULE-SET,youtube_domain,YouTube
  - RULE-SET,google,Google
  - RULE-SET,telegram_domain,Telegram
  - RULE-SET,netflix_domain,NETFLIX
  - RULE-SET,apple-cn,DIRECT
  - RULE-SET,steam-cn,DIRECT
  - RULE-SET,game-cn,DIRECT
  - RULE-SET,cn_domain,DIRECT
  - RULE-SET,proxy_domain,PROXY

  #- RULE-SET,google_ip,Google
  - RULE-SET,netflix_ip,NETFLIX
  - RULE-SET,telegram_ip,Telegram
  #- RULE-SET,twitter_ip,Twitter
  - RULE-SET,cn_ip,DIRECT
  - MATCH,FINAL

rule-anchor:
  ip: &ip {type: http, interval: 86400, behavior: ipcidr, format: text}
  domain: &domain {type: http, interval: 86400, behavior: domain, format: text}
  classical: &classical {type: http, interval: 86400, behavior: classical, format: text}
rule-providers:
  game-cn:
    <<: *classical
    url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Game/GameDownloadCN/GameDownloadCN.list"
  steam-cn:
    <<: *classical
    url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/SteamCN/SteamCN.list"
  google:
    <<: *classical
    url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Google/Google.list"
  Unbreak+:
    <<: *classical
    url: "xxx"
  Reject+:
    <<: *classical
    url: "xxx"
  Emby:
    <<: *classical
    url: "xxx"

  private:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/private.list"
  dns-cn:
    <<: *domain
    url: "xxx"
  cn_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/cn.list"
  biliintl_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/biliintl.list"
  ehentai_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/ehentai.list"
  github_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/github.list"
  twitter_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/twitter.list"
  youtube_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/youtube.list"
  google_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/google.list"
  telegram_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/telegram.list"
  netflix_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/netflix.list"
  bilibili_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/bilibili.list"
  bahamut_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/bahamut.list"
  spotify_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/spotify.list"
  pixiv_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/pixiv.list"
  proxy_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Proxy/Proxy_Domain_For_Clash.txt"
  gfw_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/gfw.list"
  geolocation-!cn:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/geolocation-!cn.list"
  apple-cn:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/apple-cn.list"

  cn_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/cn.list"
  google_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/google.list"
  netflix_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/netflix.list"
  twitter_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/twitter.list"
  telegram_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/telegram.list"

Mihomo log

No response

Description

例如这个[240e:964:ea02:100:1800::71] ip，同一个 ip 规则使用 geoip 会命中CN，用 ruleset 则会流到 MATCH

Paulgudring commented 8 months ago

我觉得这个问题应该反应在MetaCubeX/meta-rules-dat，按理来说这个rule-set是用工具（可能是MetaCubeX/geo）从geoip转换来的，内容上应该一致。

Felix-Koh commented 8 months ago

我觉得这个问题应该反应在MetaCubeX/meta-rules-dat，按理来说这个rule-set是用工具（可能是MetaCubeX/geo）从geoip转换来的，内容上应该一致。

我对比过两个规则内容是一致的，但是 ruleset 就是会漏（好像漏的都是 v6 的）

xishang0128 commented 8 months ago

非8整倍的cidr匹配会失败，还未修复，可以先等等

Felix-Koh commented 8 months ago

今天发现还是有漏（2409:8087:1e03:21::27)

Larvan2 commented 8 months ago

再试试

Felix-Koh commented 8 months ago

再试试

好了，谢谢大佬(^🙏^)

MetaCubeX / mihomo