search

SagerNet / sing-box

The universal proxy platform
https://sing-box.sagernet.org/
Other
17.87k stars 2.15k forks source link

High cpu usage by "DNS Client" in tun mode #1925

Open Entoryvekum opened 1 month ago

Entoryvekum commented 1 month ago

Operating system

Windows

System version

Windows10 22H2

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

No response

Version

sing-box version 1.9.3

Environment: go1.22.4 windows/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 085f60337799afc906069b540a38368968c123e4
CGO: disabled

Description

After run sing-box in tun mode, CPU usage of DNS Client process gradually increase causing the system to freeze eventually. Packet capture reveals massive amount of packets in STUN protocol.

Reproduction

The problem should occur very soon after running sing-box with tun inbound, but some times it do not occur immediately. The homepage of Bilibili live(bilibili直播) almost always trigger this phenomenon.

The config I'm using:

{
  "log": {
    "level": "info",
    "timestamp": true
  },
  "experimental": {
    "cache_file": {
      "enabled": true,
      "store_fakeip": false,
      "store_rdrc": false
    }
  },
  "inbounds": [
    {
      "type": "tun",
      "interface_name": "singbox-tun",
      "inet4_address": "172.19.0.1/30",
      "inet6_address": "4569:3291:3551::1/126",
      "mtu": 9000,
      "auto_route": true,
      "strict_route": true,
      "endpoint_independent_nat": true,
      "stack": "gvisor",
      "sniff": true,
      "sniff_override_destination": false,
      "domain_strategy": "prefer_ipv4"
    }
  ],
  "outbounds": [
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      }
    ],
    "final":"direct",
    "auto_detect_interface": true
  },
  "dns": {
    "servers": [
      {
        "tag": "dns-server",
        "address": "https://223.5.5.5/dns-query",
        "detour": "direct"
      }
    ],
    "disable_cache": false,
    "disable_expire": false,
    "independent_cache": false,
    "rules": [
      {
        "outbound": "any",
        "server": "dns-server"
      }
    ],
    "final": "dns-server",
    "strategy": "prefer_ipv4"
  }
}

Logs

Sing-box log:
+0800 2024-07-06 23:25:16 INFO [2010800207 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:54784
+0800 2024-07-06 23:25:16 INFO [2010800207 0ms] inbound/tun[3]: inbound packet connection to [2402:f000:4:1008:809:ffff:fffe:eec9]:52520
+0800 2024-07-06 23:25:16 INFO [2010800207 0ms] outbound/direct[direct]: outbound packet connection
+0800 2024-07-06 23:25:16 INFO [782018462 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:54785
+0800 2024-07-06 23:25:16 INFO [782018462 0ms] inbound/tun[3]: inbound packet connection to [2409:8a28:986d:d1f0:3099:44d3:fb3:afe8]:57116
+0800 2024-07-06 23:25:16 INFO [782018462 0ms] outbound/direct[direct]: outbound packet connection
+0800 2024-07-06 23:25:16 INFO [632222511 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:54786
+0800 2024-07-06 23:25:16 INFO [632222511 0ms] inbound/tun[3]: inbound packet connection to [2409:8a28:6278:9c31:b46e:2e7:76d4:58eb]:58137
+0800 2024-07-06 23:25:16 INFO [632222511 0ms] outbound/direct[direct]: outbound packet connection
+0800 2024-07-06 23:25:16 INFO [3059023179 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:51290
+0800 2024-07-06 23:25:16 INFO [3059023179 0ms] inbound/tun[3]: inbound packet connection to [2402:f000:4:1008:809:ffff:fffe:eec9]:52520
+0800 2024-07-06 23:25:16 INFO [3059023179 0ms] outbound/direct[direct]: outbound packet connection
+0800 2024-07-06 23:25:16 INFO [2794596030 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:51291
+0800 2024-07-06 23:25:16 INFO [2794596030 0ms] inbound/tun[3]: inbound packet connection to [2409:8a28:986d:d1f0:3099:44d3:fb3:afe8]:57116
+0800 2024-07-06 23:25:16 INFO [2794596030 0ms] outbound/direct[direct]: outbound packet connection
+0800 2024-07-06 23:25:16 INFO [1446049926 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:51292
+0800 2024-07-06 23:25:16 INFO [1446049926 0ms] inbound/tun[3]: inbound packet connection to [2409:8a28:6278:9c31:b46e:2e7:76d4:58eb]:58137
+0800 2024-07-06 23:25:16 INFO [1446049926 0ms] outbound/direct[direct]: outbound packet connection
+0800 2024-07-06 23:25:16 INFO [103640086 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:51293
+0800 2024-07-06 23:25:16 INFO [103640086 0ms] inbound/tun[3]: inbound packet connection to [2402:f000:4:1008:809:ffff:fffe:eec9]:52520
+0800 2024-07-06 23:25:16 INFO [103640086 0ms] outbound/direct[direct]: outbound packet connection
+0800 2024-07-06 23:25:16 INFO [3783054023 0ms] inbound/tun[3]: inbound packet connection from [4569:3291:3551::1]:51294
+0800 2024-07-06 23:25:16 INFO [3783054023 0ms] inbound/tun[3]: inbound packet connection to [2409:8a28:986d:d1f0:3099:44d3:fb3:afe8]:57116
+0800 2024-07-06 23:25:16 INFO [3783054023 0ms] outbound/direct[direct]: outbound packet connection

The majority of the rest are repetition of above pattern.

Wireshark packet capture:
1. destination with prefix 2408
2.223944    fdfe:dcba:9876::1   295 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c  STUN    156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.224024    fdfe:dcba:9876::1   296 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c  STUN    156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.224051    fdfe:dcba:9876::1   297 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c  STUN    156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.224074    fdfe:dcba:9876::1   298 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c  STUN    156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.224093    fdfe:dcba:9876::1   299 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c  STUN    156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.692300    fdfe:dcba:9876::1   361 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c  STUN    156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.692365    fdfe:dcba:9876::1   362 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c  STUN    156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.692392    fdfe:dcba:9876::1   363 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c  STUN    156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.692419    fdfe:dcba:9876::1   364 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c  STUN    156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
2.692439    fdfe:dcba:9876::1   365 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c  STUN    156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
3.028764    fdfe:dcba:9876::1   410 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c  ICMPv6  66  Neighbor Solicitation for 2409:8a55:50b4:d5a0:b820:5ff:fe4a:528c

2. destination with prefix fd9e:
9.510255    fdfe:dcba:9876::1   1310    fd9e:6b9c:f5bf:0:32a6:12ff:fe09:c6b2    STUN    156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
9.510327    fdfe:dcba:9876::1   1311    fd9e:6b9c:f5bf:0:32a6:12ff:fe09:c6b2    STUN    156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
9.510354    fdfe:dcba:9876::1   1312    fd9e:6b9c:f5bf:0:32a6:12ff:fe09:c6b2    STUN    156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
9.510374    fdfe:dcba:9876::1   1313    fd9e:6b9c:f5bf:0:32a6:12ff:fe09:c6b2    STUN    156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
9.510392    fdfe:dcba:9876::1   1314    fd9e:6b9c:f5bf:0:32a6:12ff:fe09:c6b2    STUN    156 Binding Request user: EFeAMLvoOpBQBEAg:274272ae
10.024868   fdfe:dcba:9876::1   1368    fd9e:6b9c:f5bf:0:32a6:12ff:fe09:c6b2    ICMPv6  66  Neighbor Solicitation for fd9e:6b9c:f5bf:0:32a6:12ff:fe09:c6b2

The packet in ICMPv6 always has an invalid option length:
ICMPv6 Option (Source link-layer address
    Type: Source link-layer address (1)
    Length: 0 (0 bytes)
        [Expert Info (Error/Malformed): Invalid option length (Zero)]
            [Invalid option length (Zero)]
            [Severity level: Error]
            [Group: Malformed]

Supporter

Integrity requirements

nekohasekai commented 1 month ago

Bilibili seems to use STUN for WebRTC to transmit its videos, and I don't see any connection between it and Windows' "DNS Client".

I don't have the conditions to debug this issue yet, if someone is willing to provide more information, it would be great.

Entoryvekum commented 1 month ago

Bilibili seems to use STUN for WebRTC to transmit its videos, and I don't see any connection between it and Windows' "DNS Client".

I don't have the conditions to debug this issue yet, if someone is willing to provide more information, it would be great.

I don't understand the relationship between DNS Client and those STUN packets either, but it's the only anomaly I observed. As to the Bilibili live, it seems that only the homepage can almost always trigger such phenomenon, the live page for any specific streamer can't or at least not that efficient to trigger it.

wanzhiyu commented 6 days ago

I recently encountered this problem as well. When I turned on "disable_cache": True and ran a large number of web accesses or started websites like qbittorrent that need to access a large number of trackers simultaneously, I found that the DNS client CPU usage was extremely high. When I turned off this option, the situation improved. For example, the maximum CPU usage would drop from 100% to about 60%, and then return to a normal state of around 1%