mixed inbound 在处理 ipv6 http proxy时存在 bug

plusls commented 7 months ago

操作系统

Linux

系统版本

debian

安装类型

sing-box 原始命令行程序

如果您使用图形客户端程序，请提供该程序版本。

No response

版本

No response

描述

mixed inbound 在处理 ipv6 http proxy时存在 bug

对于如下的输入A

GET http://[2409:8087:7000:20::11]:80/index.m3u8 HTTP/1.1
Host: [2409:8087:7000:20::11]:80
User-Agent: curl/7.88.1
Accept: */*
Proxy-Connection: Keep-Alive

sing-box 会产生如下日志A:

sing-box  | +0000 2024-02-20 12:28:42 INFO [3004484465 14.44s] inbound/mixed[selector-mixed-in]: inbound connection to 172.24.0.253:1089
sing-box  | +0000 2024-02-20 12:28:42 DEBUG [3004484465 14.44s] router: sniffed protocol: http, domain: 2409:8087:7000:20::11
sing-box  | +0000 2024-02-20 12:28:42 DEBUG [3004484465 14.44s] router: match[5] ip_is_private=true => direct-out
sing-box  | +0000 2024-02-20 12:28:42 INFO [3004484465 14.44s] outbound/direct[direct-out]: outbound connection to 172.24.0.253:1089
sing-box  | +0000 2024-02-20 12:28:42 INFO [826816990 0ms] inbound/mixed[selector-mixed-in]: inbound connection from 172.24.0.253:37644

并返回响应A:

HTTP/1.1 400 Bad Request
Connection: keep-alive
Keep-Alive: timeout=4
Proxy-Connection: keep-alive
Content-Length: 0

对于如下的输入B

GET http://[2409:8087:7000:20::11]/index.m3u8 HTTP/1.1
Host: [2409:8087:7000:20::11]:80
User-Agent: curl/7.88.1
Accept: */*
Proxy-Connection: Keep-Alive

sing-box 会产生如下日志B:

sing-box  | +0000 2024-02-20 12:27:13 INFO [4242758196 0ms] inbound/mixed[selector-mixed-in]: inbound connection from 172.24.0.1:56412
sing-box  | +0000 2024-02-20 12:27:13 INFO [4242758196 0ms] inbound/mixed[selector-mixed-in]: inbound connection to [2409:8087:7000:20::11]:80
sing-box  | +0000 2024-02-20 12:27:13 DEBUG [4242758196 0ms] router: sniffed protocol: http, domain: 2409:8087:7000:20::11
sing-box  | +0000 2024-02-20 12:27:13 DEBUG [4242758196 0ms] router: match[6] rule_set=[geoip-cn geosite-private] => direct-out
sing-box  | +0000 2024-02-20 12:27:13 INFO [4242758196 0ms] outbound/direct[direct-out]: outbound connection to [2409:8087:7000:20::11]:80
sing-box  | +0000 2024-02-20 12:27:13 DEBUG [4242758196 94ms] inbound/mixed[selector-mixed-in]: connection closed: process connection from 172.24.0.1:56412: read http request: EOF

对应的响应B为

HTTP/1.1 404 Not Found
Connection: keep-alive
Date: Tue, 20 Feb 2024 12:29:59 GMT
Keep-Alive: timeout=4
Last-Modified: Tue, 20 Feb 2024 12:29:59 GMT
Proxy-Connection: keep-alive
Server: HMS Download Service
Content-Length: 0

对于A请求，根据日志A中的 inbound connection to 172.24.0.253:1089 可以发现 sing-box 在处理 http://[2409:8087:7000:20::11]:80/index.m3u8 时会认为它将要连接 172.24.0.253:1089，因此返回了 400，并未正确的发出代理请求

对于B请求，根据日志B中的 inbound connection to [2409:8087:7000:20::11]:80 可以得知 sing-box 在处理 http://[2409:8087:7000:20::11]/index.m3u8 时能正确的识别目标地址，因此返回正确的结果 404 Not Found

重现方式

需要本地有 ipv6

配置文件:

{
    "log":{
        "level": "debug"
    },
    "inbounds":[
    {
        "listen": "::",
        "listen_port": 8888,
        "sniff": true,
        "tag": "mixed-in",
        "type": "mixed",
        "users": []
    }],
    "outbounds": [
        {
            "tag": "direct-out",
            "type": "direct"
        }
    ]
}

nc -C 127.0.0.1 8888 输入

GET http://[2409:8087:7000:20::11]:80/index.m3u8 HTTP/1.1
Host: [2409:8087:7000:20::11]:80
User-Agent: curl/7.88.1
Accept: */*
Proxy-Connection: Keep-Alive

日志

No response

完整性要求

[X] 我保证阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
[X] 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程，而不是一个脱敏的复杂客户端配置文件。
[X] 我保证提供了可用于重现我报告的错误的最简配置，而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
[X] 我保证提供了完整的配置文件与日志，而不是出于对自身智力的自信而仅提供了部分认为有用的部分。

dyhkwong commented 7 months ago

maybe https://github.com/SagerNet/sing/blob/ceb1a680eee757517e46805cbc1f32249f63e80d/protocol/http/handshake.go#L182-L184

plusls commented 7 months ago

@nekohasekai 已补充配置文件，本地可复现

ssydb commented 7 months ago

借楼问一下 TCP Brutal+TUN+REALITY+ipv6 应该怎么写配置

{ "log": { "level": "info", "timestamp": true }, "dns": { "servers": [ { "tag": "cloudflare", "address": "2606:4700:4700::1111" }, { "tag": "dnspod", "address": "2402:4e00::", "detour": "direct" }, { "tag": "block", "address": "rcode://success" } ], "rules": [ { "geosite": "category-ads-all", "server": "block", "disable_cache": true }, { "outbound": "any", "server": "dnspod" }, { "geosite": "cn", "server": "dnspod" } ], "strategy": "ipv6_only" }, "inbounds": [ { "type": "tun", "tag": "tun-in", "interface_name": "tun0", "inet6_address": "fdfe:dcba:9876::1/126", "auto_route": true, "strict_route": true, "stack": "system", "sniff": true } ], "outbounds": [ { "type": "vless", "tag": "vless-out", "server": "ipv6", "server_port": 443, "uuid": "uuid", "flow": "", "tls": { "enabled": true, "server_name": "www.docker.com", "utls": { "enabled": true, "fingerprint": "chrome" }, "reality": { "enabled": true, "public_key": "public_key", "short_id": "short_id" } }, "packet_encoding": "xudp", "multiplex": { "enabled": true, "protocol": "h2mux", "max_streams": 10, "padding": true, "brutal":{ "enabled": true, "up_mbps": 30, "down_mbps": 1000 } } }, { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" }, { "type": "dns", "tag": "dns" } ], "route": { "geoip": { "download_url": "https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db", "download_detour": "vless-out" }, "geosite": { "download_url": "https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db", "download_detour": "vless-out" }, "rules": [ { "protocol": "dns", "outbound": "dns" }, { "geosite": "cn", "geoip": [ "cn", "private" ], "outbound": "direct" }, { "geosite": "category-ads-all", "outbound": "block" } ], "auto_detect_interface": true } } 这配置是抄荒岛博客的作业进行的修改但一直报错无法接连

nekohasekai commented 7 months ago

应已在最新版本中修复。

SagerNet / sing-box