tun inbound 下 "action": "resolve" 导致错误路由

[SimonTLS]

操作系统

Windows

系统版本

Windows 11 LTSC

安装类型

sing-box 原始命令行程序

如果您使用图形客户端程序，请提供该程序版本。

No response

版本

sing-box version 1.11.0-alpha.11

Environment: go1.23.3 windows/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: e3ffffc645a05f619af9ff84187f771e25698be6
CGO: disabled

描述

tun inbound 下 "action": "resolve" 导致 one.one.one.one 解析后匹配到 "ip_cidr": "2.2.2.2/32"

重现方式

curl https://one.one.one.one/ curl: (35) Recv failure: Connection was reset

{ "log": { "level": "debug", "timestamp": true }, "dns": { "servers": [ { "tag": "local", "address": "udp://223.5.5.5", "detour": "direct" } ], "strategy": "ipv4_only" }, "inbounds": [ { "type": "tun", "tag": "tun-in", "mtu": 9000, "address": [ "172.18.0.1/30" ], "auto_route": true, "stack": "system" } ], "outbounds": [ { "type": "direct", "tag": "direct" } ], "route": { "rules": [ { "port": 53, "action": "hijack-dns" }, { "inbound": "tun-in", "action": "sniff" }, { "ip_cidr": [ "2.2.2.2/32" ], "action": "reject" }, { "domain_suffix": [ "one.one.one.one" ], "action": "resolve" }, { "ip_cidr": [ "1.1.1.1/32", "1.0.0.1/32" ], "outbound": "direct" } ], "auto_detect_interface": true } }

日志

+0800 2024-11-10 19:09:07 DEBUG [4139876345 2.69s] dns: exchange one.one.one.one. IN A
+0800 2024-11-10 19:09:07 DEBUG [4139876345 2.69s] dns: exchanged one.one.one.one NOERROR 1295
+0800 2024-11-10 19:09:07 INFO [4139876345 2.69s] dns: exchanged one.one.one.one A one.one.one.one. 1295 IN A 1.1.1.1
+0800 2024-11-10 19:09:07 INFO [4139876345 2.69s] dns: exchanged one.one.one.one A one.one.one.one. 1295 IN A 1.0.0.1
+0800 2024-11-10 19:09:07 INFO [1842829533 0ms] inbound/tun[tun-in]: inbound connection from 172.18.0.1:12224
+0800 2024-11-10 19:09:07 INFO [1842829533 0ms] inbound/tun[tun-in]: inbound connection to 1.1.1.1:443
+0800 2024-11-10 19:09:07 DEBUG [1842829533 0ms] router: match[1] inbound=tun-in => sniff
+0800 2024-11-10 19:09:07 DEBUG [1842829533 2ms] router: sniffed protocol: tls, domain: one.one.one.one
+0800 2024-11-10 19:09:07 DEBUG [1842829533 2ms] router: match[1] domain_suffix=one.one.one.one => resolve
+0800 2024-11-10 19:09:07 DEBUG [1842829533 2ms] router: match[0] ip_cidr=2.2.2.2/32 => reject

支持我们

• [ ] 我已经 赞助

完整性要求

• [X] 我保证阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
• [X] 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程，而不是一个脱敏的复杂客户端配置文件。
• [X] 我保证提供了可用于重现我报告的错误的最简配置，而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
• [X] 我保证提供了完整的配置文件与日志，而不是出于对自身智力的自信而仅提供了部分认为有用的部分。

[SimonTLS]

1.11.0-alpha.12Fixed Thanks!