route工作不符合预期

[eldoradoel]

Operating system

Linux

System version

Debian 11

Installation type

Others

If you are using a graphical client, please provide the version of the client.

No response

Version

1.11.0-alpha.15

Description

route工作不符合预期

Reproduction

{
    "log": {
        "disabled": false,
        "level": "debug",
        "timestamp": true
    },
    "inbounds": [
        {
            "type": "mixed",
            "tag": "mixed-in",
            "listen": "::",
            "listen_port": 7002,
            "tcp_fast_open": false,
            "tcp_multi_path": false,
            "udp_fragment": false,
            "udp_timeout": "5m",
            "users": [
                {
                    "username": "eldorado",
                    "password": ""
                }
            ],
            "set_system_proxy": false
        },
        {
            "type": "shadowsocks",
            "tag": "ss-in",
            "listen": "::",
            "listen_port": 7003,
            "tcp_fast_open": false,
            "tcp_multi_path": false,
            "udp_fragment": false,
            "udp_timeout": "5m",
            "method": "aes-128-gcm",
            "password": ""
        }
    ],
    "outbounds": [
        {
            "type": "socks",
            "tag": "socks-out",
            "server": "socks",
            "server_port": 1080,
            "version": "5",
            "connect_timeout": "5m"
        },
        {
            "type": "ssh",
            "tag": "ssh-out",
            "server": "",
            "server_port": 22,
            "user": "",
            "password": "",
            "client_version": "SSH-2.0-OpenSSH_7.4p1",
            "connect_timeout": "5m"
        },
        {
            "type": "direct",
            "tag": "direct-out"
        }
    ],
    "route": {
        "rules": [
            {
                "inbound": [
                    "mixed-in",
                    "ss-in"
                ],
                "action": "sniff",
                "timeout": "1s"
            },
            {
                "ip_cidr": [
                    "18.112.0.0/13"
                ],
                "action": "route",
                "outbound": "ssh-out"
            },
            {
                "ip_cidr": [
                    "10.0.0.0/13",
                    "10.251.53.79/32"
                ],
                "action": "route",
                "outbound": "socks-out"
            },
            {
                "domain_suffix": [
                    "xxx.com",
                    "aaa.cn"
                ],
                "action": "route",
                "outbound": "socks-out"
            }
        ],
        "final": "direct-out",
        "auto_detect_interface": true
    }
}

Logs

1.当通过ss访问一个ssh主机时，路由工作不符合预期，依据配置应走ssh-out，实际走direct-out。

+0800 2024-11-14 18:21:01 INFO [2492264735 0ms] inbound/shadowsocks[ss-in]: inbound connection to 18.112.4.160:22
+0800 2024-11-14 18:21:01 DEBUG [2492264735 0ms] router: match[0] inbound=[mixed-in ss-in] => sniff(1s)
+0800 2024-11-14 18:21:01 DEBUG [2492264735 0ms] router: sniffed protocol: ssh
+0800 2024-11-14 18:21:01 INFO [2492264735 0ms] outbound/direct[direct-out]: outbound connection to 18.112.4.160:22

2.在设置auto_detect_interface为true时，direct-out出站工作异常

+0800 2024-11-14 18:23:17 INFO [121708867 0ms] inbound/mixed[mixed-in]: inbound connection from 172.20.0.7:56360
+0800 2024-11-14 18:23:17 INFO [121708867 0ms] inbound/mixed[mixed-in]: [eldorado] inbound connection to wpa.mango.qidian.qq.com:443
+0800 2024-11-14 18:23:17 INFO [121708867 0ms] outbound/direct[direct-out]: outbound connection to wpa.mango.qidian.qq.com:443
+0800 2024-11-14 18:23:17 ERROR [121708867 0ms] router: outbound/direct[direct-out]: dial tcp 175.27.2.207:443: no route to internet | dial tcp 175.27.45.49:443: no route to internet | dial tcp 175.27.2.58:443: no route to internet | dial tcp 175.27.45.233:443: no route to internet

Supporter

• [ ] I am a sponsor

Integrity requirements

• [X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• [X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
• [X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
• [X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.