search

SagerNet / sing-box

The universal proxy platform
https://sing-box.sagernet.org/
Other
18.82k stars 2.25k forks source link

SFA TCP Brutal Not Working as Expected #1071

Closed WoadZS closed 10 months ago

WoadZS commented 10 months ago

Operating system

Android

System version

Android 14

Installation type

sing-box for Android Graphical Client

If you are using a graphical client, please provide the version of the client.

1.7.0-alpha9

Version

```console # Replace this line with the output ```

Description

The outbound of vless with TCP Brutal is not working in SFA 1.7.0-alpha.9 and older versions.

Here is the error code: 

outbound vless brutal unavailable: brutal exchange: remote error: enable TCP Brutal: cannot convert from *mux.vectorisedPaddingConn to syscall.Conn

The client can work properly without brutal enabled.

Reproduction

Here is the outbound part of client's configuration: Client configuration:

```json { "type": "vless", "tag": "vless brutal", "server": "xxxx", "server_port": 443, "tcp_fast_open": true, "tcp_multi_path": true, "uuid": "xxxxx", "flow": "", "tls": { "enabled": true, "server_name": "xxxxxxxxxxxxxxx", "utls": { "enabled": true, "fingerprint": "chrome" }, "reality": { "enabled": true, "public_key": "xxxxxxxxxxxxxxx" } }, "packet_encoding": "xudp", "multiplex": { "enabled": true, "protocol": "h2mux", "max_streams": 10, "padding": true, "brutal":{ "enabled": true, "up_mbps": 50, "down_mbps": 350 } } } ```

The server is running sing-box version 1.7.0-alpha.6.
And here is the inbound of server's configuration: Server Configuration:

```json { "type": "vless", "listen": "::", "listen_port": 443, "tcp_fast_open": true, "tcp_multi_path": true, "sniff": true, "sniff_override_destination": true, "domain_strategy": "prefer_ipv4", "users": [ { "uuid": "xxxxxxxxxxxxxxx", "flow": "" } ], "tls": { "enabled": true, "server_name": "xxxxxxxxxxxxxxx", "reality": { "enabled": true, "handshake": { "server": "xxxxxxxxxxxxxxx", "server_port": 443 }, "private_key": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "short_id": [""] } }, "multiplex": { "enabled": true, "padding": true, "brutal": { "enabled": true, "up_mbps": 360, "down_mbps": 360 } } } ```

Disabling Brutal in the client configuration file allows for normal usage. Enabling Brutal can cause connection errors:

outbound vless brutal unavailable: brutal exchange: remote error: enable TCP Brutal: cannot convert from *mux.vectorisedPaddingConn to syscall.Conn

Logs

```console +0000 2023-11-07 09:47:50 INFO router: loaded geoip database: 259 codes +0000 2023-11-07 09:47:50 INFO router: loaded geosite database: 1454 codes +0000 2023-11-07 09:47:50 INFO router: updated default interface wlan0, index 25 +0000 2023-11-07 09:47:50 INFO outbound/vless[vless brutal]: outbound multiplex connection to www.google.com:443 +0000 2023-11-07 09:47:50 INFO outbound/vless[vless brutal]: outbound multiplex connection to www.google.com:443 +0000 2023-11-07 09:47:50 INFO outbound/vless[vless brutal]: outbound connection to sp.mux.sing-box.arpa:444 +0000 2023-11-07 09:47:50 INFO outbound/vless[vless brutal]: outbound connection to sp.mux.sing-box.arpa:444 +0000 2023-11-07 09:47:50 DEBUG outbound/urltest[⚡AUTO]: outbound vless brutal unavailable: brutal exchange: remote error: enable TCP Brutal: cannot convert from *mux.vectorisedPaddingConn to syscall.Conn +0000 2023-11-07 09:47:51 INFO clash-api: restful api listening at 127.0.0.1:9090 +0000 2023-11-07 09:47:51 WARN inbound/tun[0]: bind forwarder to interface: route ip+net: netlinkrib: permission denied +0000 2023-11-07 09:47:51 WARN inbound/tun[0]: bind forwarder to interface: route ip+net: netlinkrib: permission denied +0000 2023-11-07 09:47:51 INFO inbound/tun[0]: started at tun0 +0000 2023-11-07 09:47:51 INFO sing-box started (0.799s) +0000 2023-11-07 09:47:51 INFO [2012035833 0ms] inbound/tun[0]: inbound packet connection from 172.19.0.1:51872 +0000 2023-11-07 09:47:51 INFO [2012035833 0ms] inbound/tun[0]: inbound packet connection to 172.19.0.2:53 +0000 2023-11-07 09:47:51 DEBUG [2012035833 1ms] router: sniffed packet protocol: dns +0000 2023-11-07 09:47:51 INFO [3300603654 0ms] inbound/tun[0]: inbound packet connection from 172.19.0.1:44882 +0000 2023-11-07 09:47:51 INFO [3300603654 0ms] inbound/tun[0]: inbound packet connection to 172.19.0.2:53 +0000 2023-11-07 09:47:51 DEBUG [3300603654 0ms] router: sniffed packet protocol: dns +0000 2023-11-07 09:47:51 INFO [3300603654 2ms] router: found package name: com.google.android.gsf +0000 2023-11-07 09:47:51 DEBUG [3300603654 2ms] router: match[0] protocol=dns => dns-out ```
WoadZS commented 10 months ago

I have installed TCP Brutal on the server by following the instructions at tcp-brutal. The console output confirms the successful installation.

root@vps~ # dkms status
tcp-brutal/1.0.0, 6.5.10-x64v3-xanmod1, x86_64: installed
nekohasekai commented 10 months ago

Can you update the server to the latest version and retry again?

WoadZS commented 10 months ago

Can you update the server to the latest version and retry again?

Got the same error with both client and server of 1.7.0-alpha9

nekohasekai commented 10 months ago

Please try turning the padding parameter off to suppress the problem

WoadZS commented 10 months ago

When both server and client have disabled padding, the error message on the client side changes and still not working:

inbound/tun[0]: brutal exchange: remote error: enable TCP Brutal: cannot convert from *vless.serverConn to syscall.Conn
nekohasekai commented 10 months ago

Ok now you can try switch to trojan or shadowsocks

WoadZS commented 10 months ago

Ok now you can try switch to trojan or shadowsocks

The combination of Trojan and Reality with h2mux and padding will cause a connection error:

inbound/tun[0]: brutal exchange: http2: client connection force closed via ClientConn.Close

However, ShadowTLSv3 and Shadowsocks 2022, along with padding and h2mux, work well for TCP Brutal.

WoadZS commented 10 months ago

This issue was solved in 1.7.0-alpha.10, both for vless and trojan reality.