sniff dns协议工作异常

[unicser]

Welcome

• [X] Yes, I'm using the latest major release. Only such installations are supported.
• [X] Yes, I'm using the latest Golang release. Only such installations are supported.
• [X] Yes, I've searched similar issues on GitHub and didn't find any.
• [X] Yes, I've included all information below (version, config, log, etc).

Description of the problem

tun + sniff配置是，dns解析异常，客户端使用dig命令输出如下：

$ dig a g.cn @1.1.1.1 ;; Warning: ID mismatch: expected ID 10644, got 0 ;; Warning: query response not set ;; Warning: ID mismatch: expected ID 10644, got 0 ;; Warning: query response not set ;; Warning: ID mismatch: expected ID 10644, got 0 ;; Warning: query response not set

; <<>> DiG 9.17.19 <<>> a g.cn @1.1.1.1 ;; global options: +cmd ;; connection timed out; no servers could be reached

Version of sing-box

```console Server: sing-box version 1.1-beta12 Environment: go1.19.2 linux/arm64 Tags: with_gvisor,with_quic,with_wireguard,with_clash_api Revision: 6e8c4f6576c508c8dfea472aacd2922961274ba6 CGO: disabled Client: sing-box version 1.1-beta12 Environment: go1.19.2 linux/arm64 Tags: with_gvisor,with_quic,with_wireguard,with_clash_api Revision: 6e8c4f6576c508c8dfea472aacd2922961274ba6 CGO: disabled ```

Server and client configuration file

```console Server: { "log": { "timestamp": true }, "dns": {}, "inbounds": [ { "type": "vmess", "tag": "vmess-in", "listen": "::", "listen_port": 2096, "users": [ { "name": "user-01", "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" } ], "tls": { "enabled": true, "certificate_path": "server.crt", "key_path": "server.key" }, "transport": { "type": "ws", "path": "/ws-test" } } ], "outbounds": [ { "type": "direct", "tag": "direct-out" }, { "type": "block", "tag": "block" } ], "route": { "final": "direct-out" }, "experimental": {} } Client: { "log": { "level": "debug", "timestamp": true }, "dns": {}, "inbounds": [ { "type": "tun", "tag": "tun-in", "interface_name": "tun0", "mtu": 1500, "inet4_address": "172.19.0.1/30", "auto_route": true, "inet4_route_address": "1.1.1.1/32", "sniff": true, "sniff_override_destination": true } ], "outbounds": [ { "type": "direct", "tag": "direct-out" }, { "type": "vmess", "tag": "vmess-out", "routing_mark": 255, "connect_timeout": "3s", "domain_strategy": "prefer_ipv4", "server": "172.67.134.136", "server_port": 2096, "uuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "security": "zero", "authenticated_length": true, "tls": { "enabled": true, "server_name": "xxx.xxx.xx" }, "multiplex": { "enabled": true, "protocol": "smux", "max_connections": 4, "min_streams": 4 }, "transport": { "type": "ws", "path": "/ws-test", "headers": { "Host": "xxx.xxx.xx" } } } ], "route": { "geoip": { "download_detour": "vmess-out" }, "geosite": { "download_detour": "vmess-out" }, "rules": [ { "geosite": "cn", "geoip": [ "cn", "private" ], "outbound": "direct-out" } ], "final": "vmess-out" }, "experimental": {} } ```

Server and client log file

```console Server: +0800 2022-11-01 13:26:45 INFO [1653964299] inbound/vmess[vmess-in]: [user-01] inbound connection to sp.mux.sing-box.arpa:444 +0800 2022-11-01 13:26:45 INFO [1653964299] router: inbound multiplex connection +0800 2022-11-01 13:26:45 INFO [1653964299] router: inbound multiplex packet connection to 1.1.1.1:53 +0800 2022-11-01 13:26:45 INFO [1653964299] outbound/direct[direct-out]: outbound packet connection +0800 2022-11-01 13:26:50 INFO [1653964299] router: inbound multiplex packet connection to 1.1.1.1:53 +0800 2022-11-01 13:26:50 INFO [1653964299] outbound/direct[direct-out]: outbound packet connection +0800 2022-11-01 13:26:55 DEBUG [1653964299] router: connection closed: upload: EOF | download: read udp [::]:49254: use of closed network connection +0800 2022-11-01 13:26:56 INFO [1653964299] router: inbound multiplex packet connection to 1.1.1.1:53 +0800 2022-11-01 13:26:56 INFO [1653964299] outbound/direct[direct-out]: outbound packet connection +0800 2022-11-01 13:27:01 DEBUG [1653964299] router: connection closed: upload: EOF | download: read udp [::]:58935: use of closed network connection Client: +0000 2022-11-01 05:26:24 INFO router: loaded geoip database: 250 codes +0000 2022-11-01 05:26:25 INFO router: loaded geosite database: 1302 codes +0000 2022-11-01 05:26:35 INFO router: updated default interface mac0, index 3 +0000 2022-11-01 05:26:35 INFO inbound/tun[tun-in]: started at tun0 +0000 2022-11-01 05:26:35 INFO sing-box started (10.644s) +0000 2022-11-01 05:26:44 INFO [2674130016] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:38518 +0000 2022-11-01 05:26:44 INFO [2674130016] inbound/tun[tun-in]: inbound packet connection to 1.1.1.1:53 +0000 2022-11-01 05:26:44 DEBUG [2674130016] router: sniffed packet protocol: dns +0000 2022-11-01 05:26:44 INFO [2674130016] outbound/vmess[vmess-out]: outbound multiplex packet connection to 1.1.1.1:53 +0000 2022-11-01 05:26:50 INFO [4279767204] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:59186 +0000 2022-11-01 05:26:50 INFO [4279767204] inbound/tun[tun-in]: inbound packet connection to 1.1.1.1:53 +0000 2022-11-01 05:26:50 DEBUG [4279767204] router: sniffed packet protocol: dns +0000 2022-11-01 05:26:50 INFO [4279767204] outbound/vmess[vmess-out]: outbound multiplex packet connection to 1.1.1.1:53 +0000 2022-11-01 05:26:55 DEBUG [2674130016] inbound/tun[tun-in]: connection closed: upload: io: read/write on closed pipe | download: io: read/write on closed pipe | upstream: context canceled +0000 2022-11-01 05:26:55 INFO [3170223623] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:46233 +0000 2022-11-01 05:26:55 INFO [3170223623] inbound/tun[tun-in]: inbound packet connection to 1.1.1.1:53 +0000 2022-11-01 05:26:55 DEBUG [3170223623] router: sniffed packet protocol: dns +0000 2022-11-01 05:26:55 INFO [3170223623] outbound/vmess[vmess-out]: outbound multiplex packet connection to 1.1.1.1:53 +0000 2022-11-01 05:27:00 DEBUG [4279767204] inbound/tun[tun-in]: connection closed: upload: io: read/write on closed pipe | download: io: read/write on closed pipe | upstream: context canceled ```

[nekohasekai]

你的描述与配置不符。要了解关于如何在 sing-box 中处理 DNS，请查看 https://sing-box.sagernet.org/zh/examples/dns-hijack/ 。

[unicser]

看来与我想象的功能有偏差，我只是想实现与http sniff类似的行为，或者说有什么办法tun配置时只sniff http和https，忽略dns sniff

[nekohasekai]

该错误与 sniff 无关。

[unicser]

如果client端tun部分改成下面的配置，即"sniff": false，则dig查询dns可以正常返回 { "type": "tun", "tag": "tun-in", "interface_name": "tun0", "mtu": 1500, "inet4_address": "172.19.0.1/30", "auto_route": true, "inet4_route_address": "1.1.1.1/32", "sniff": false }