开启多路复用后，服务端日志中 `auth_user` 所在行连接地址为 `sp.mux.sing-box.arpa:444` ，而非真实的请求地址

[tstusr114514]

操作系统

macOS

系统版本

14.2.1 (23C71)

安装类型

sing-box 原始命令行程序

如果您使用图形客户端程序，请提供该程序版本。

No response

版本

sing-box version unknown

Environment: go1.21.5 darwin/amd64
Tags: with_clash_api,with_quic,with_utls,with_gvisor,with_ech
Revision: a0ed8d0179746ae6132ebf776fff6349539e52c4
CGO: disabled

描述

使用 shadowsocks 协议，在客户端与服务端启用 multiplex 后，sing-box 服务端日志在 auth_user 出现行所打印的连接为 sp.mux.sing-box.arpa:444，而非用户请求的地址。日志后续虽然也打印了请求地址，但是被作为新连接，在服务端多用户、多连接的环境下难以区分此连接与彼连接。

重现方式

使用 dev-next 分支编译 sing-box，编译参数如上述版本。在本地启动 shadowsocks 客户端和服务端两个进程，配置如下：

client.json

{
  "log": {
    "level": "debug",
    "timestamp": true
  },
  "inbounds": [
    {
      "type": "mixed",
      "listen": "127.0.0.1",
      "listen_port": 40000,
      "sniff": true
    }
  ],
  "outbounds": [
    {
      "type": "shadowsocks",
      "server": "127.0.0.1",
      "server_port": 50000,
      "method": "2022-blake3-aes-256-gcm",
      "password": "S04h1JEXqhdPQADgbnKamYnB6/t/4XSfX1t6a33YdWs=:fabHcARi22wXsMKf/G7tZSupTU/8O0wWM27+a4Oor90=",
      "multiplex": {
        "enabled": false
      }
    }
  ]
}

server.json

{
  "log": {
    "level": "debug",
    "timestamp": true
  },
  "inbounds": [
    {
      "type": "shadowsocks",
      "listen": "127.0.0.1",
      "listen_port": 50000,
      "sniff": true,
      "method": "2022-blake3-aes-256-gcm",
      "password": "S04h1JEXqhdPQADgbnKamYnB6/t/4XSfX1t6a33YdWs=",
      "users": [
        {
          "name": "testuser",
          "password": "fabHcARi22wXsMKf/G7tZSupTU/8O0wWM27+a4Oor90="
        }
      ],
      "multiplex": {
        "enabled": true
      }
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    }
  ]
}

1. 执行 curl -x http://127.0.0.1:40000 https://dns.alidns.com/dns-query，观察到服务端日志正常地将 auth_user 与所请求地址一起打印。
2. 关闭 shadowsocks 客户端，修改配置，启用 multiplex。
3. 再次执行 curl -x http://127.0.0.1:40000 https://doh.pub/dns-query，观察到服务端日志将 auth_user 与多路复用地址 sp.mux.sing-box.arpa:444 一起打印。

日志

client.log

# 关闭 multiplex
+0800 2023-12-26 19:28:06 INFO router: updated default interface en0, index 6
+0800 2023-12-26 19:28:06 INFO inbound/mixed[0]: tcp server started at 127.0.0.1:40000
+0800 2023-12-26 19:28:06 INFO sing-box started (0.00s)
+0800 2023-12-26 19:28:14 INFO [2208278208 0ms] inbound/mixed[0]: inbound connection from 127.0.0.1:59658
+0800 2023-12-26 19:28:14 INFO [2208278208 0ms] inbound/mixed[0]: inbound connection to dns.alidns.com:443
+0800 2023-12-26 19:28:14 DEBUG [2208278208 3ms] router: sniffed protocol: tls, domain: dns.alidns.com
+0800 2023-12-26 19:28:14 INFO [2208278208 3ms] outbound/shadowsocks[0]: outbound connection to dns.alidns.com:443

# 启用 multiplex
+0800 2023-12-26 19:28:26 INFO router: updated default interface en0, index 6
+0800 2023-12-26 19:28:26 INFO inbound/mixed[0]: tcp server started at 127.0.0.1:40000
+0800 2023-12-26 19:28:26 INFO sing-box started (0.00s)
+0800 2023-12-26 19:28:34 INFO [132769919 0ms] inbound/mixed[0]: inbound connection from 127.0.0.1:59679
+0800 2023-12-26 19:28:34 INFO [132769919 0ms] inbound/mixed[0]: inbound connection to doh.pub:443
+0800 2023-12-26 19:28:34 DEBUG [132769919 2ms] router: sniffed protocol: tls, domain: doh.pub
+0800 2023-12-26 19:28:34 INFO [132769919 2ms] outbound/shadowsocks[0]: outbound multiplex connection to doh.pub:443
+0800 2023-12-26 19:28:35 DEBUG [132769919 55ms] inbound/mixed[0]: connection closed: process connection from 127.0.0.1:59679: download: use of closed network connection

server.log

+0800 2023-12-26 19:28:03 INFO router: updated default interface en0, index 6
+0800 2023-12-26 19:28:03 INFO inbound/shadowsocks[0]: tcp server started at 127.0.0.1:50000
+0800 2023-12-26 19:28:03 INFO inbound/shadowsocks[0]: udp server started at 127.0.0.1:50000
+0800 2023-12-26 19:28:03 INFO sing-box started (0.00s)

# 关闭 multiplex
+0800 2023-12-26 19:28:14 INFO [1322702956 0ms] inbound/shadowsocks[0]: inbound connection from 127.0.0.1:59659
+0800 2023-12-26 19:28:14 INFO [2027858776 0ms] inbound/shadowsocks[0]: [testuser] inbound connection to dns.alidns.com:443
+0800 2023-12-26 19:28:14 DEBUG [2027858776 0ms] router: sniffed protocol: tls, domain: dns.alidns.com
+0800 2023-12-26 19:28:14 INFO [2027858776 0ms] outbound/direct[direct]: outbound connection to dns.alidns.com:443
+0800 2023-12-26 19:28:14 DEBUG [2027858776 0ms] dns: lookup domain dns.alidns.com
+0800 2023-12-26 19:28:14 DEBUG [2027858776 3ms] dns: lookup succeed for dns.alidns.com: 2400:3200::1 2400:3200:baba::1 223.5.5.5 223.6.6.6

# 启用 multiplex
+0800 2023-12-26 19:28:34 INFO [4293567006 0ms] inbound/shadowsocks[0]: inbound connection from 127.0.0.1:59680
+0800 2023-12-26 19:28:34 INFO [440257249 0ms] inbound/shadowsocks[0]: [testuser] inbound connection to sp.mux.sing-box.arpa:444
+0800 2023-12-26 19:28:34 INFO [1501523589 0ms] inbound/shadowsocks[0]: inbound multiplex connection to doh.pub:443
+0800 2023-12-26 19:28:34 DEBUG [1501523589 0ms] router: sniffed protocol: tls, domain: doh.pub
+0800 2023-12-26 19:28:34 INFO [1501523589 0ms] outbound/direct[direct]: outbound connection to doh.pub:443
+0800 2023-12-26 19:28:34 DEBUG [1501523589 0ms] dns: lookup domain doh.pub
+0800 2023-12-26 19:28:34 DEBUG [1501523589 3ms] dns: lookup succeed for doh.pub: 1.12.12.12 120.53.53.53
+0800 2023-12-26 19:29:05 DEBUG [4293567006 30.5s] inbound/shadowsocks[0]: connection closed: process connection from 127.0.0.1:59680: shadowsocks: serve TCP from 127.0.0.1:59680: file already closed

完整性要求

• [X] 我保证阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
• [X] 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程，而不是一个脱敏的复杂客户端配置文件。
• [X] 我保证提供了可用于重现我报告的错误的最简配置，而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
• [X] 我保证提供了完整的配置文件与日志，而不是出于对自身智力的自信而仅提供了部分认为有用的部分。

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days