Route work does not meet expectations

[eldoradoel]

Operating system

Linux

System version

Debian 11

Installation type

Others

If you are using a graphical client, please provide the version of the client.

No response

Version

1.11.0-alpha.15

Description

Route work does not meet expectations

Reproduction

{
    "log": {
        "disabled": false,
        "level": "debug",
        "timestamp": true
    },
    "inbounds": [
        {
            "type": "mixed",
            "tag": "mixed-in",
            "listen": "::",
            "listen_port": 7002,
            "tcp_fast_open": false,
            "tcp_multi_path": false,
            "udp_fragment": false,
            "udp_timeout": "5m",
            "users": [
                {
                    "username": "eldorado",
                    "password": ""
                }
            ],
            "set_system_proxy": false
        },
        {
            "type": "shadowsocks",
            "tag": "ss-in",
            "listen": "::",
            "listen_port": 7003,
            "tcp_fast_open": false,
            "tcp_multi_path": false,
            "udp_fragment": false,
            "udp_timeout": "5m",
            "method": "aes-128-gcm",
            "password": ""
        }
    ],
    "outbounds": [
        {
            "type": "socks",
            "tag": "socks-out",
            "server": "socks",
            "server_port": 1080,
            "version": "5",
            "connect_timeout": "5m"
        },
        {
            "type": "ssh",
            "tag": "ssh-out",
            "server": "",
            "server_port": 22,
            "user": "",
            "password": "",
            "client_version": "SSH-2.0-OpenSSH_7.4p1",
            "connect_timeout": "5m"
        },
        {
            "type": "direct",
            "tag": "direct-out"
        }
    ],
    "route": {
        "rules": [
            {
                "inbound": [
                    "mixed-in",
                    "ss-in"
                ],
                "action": "sniff",
                "timeout": "1s"
            },
            {
                "ip_cidr": [
                    "18.112.0.0/13"
                ],
                "action": "route",
                "outbound": "ssh-out"
            },
            {
                "ip_cidr": [
                    "10.0.0.0/13",
                    "10.251.53.79/32"
                ],
                "action": "route",
                "outbound": "socks-out"
            },
            {
                "domain_suffix": [
                    "xxx.com",
                    "aaa.cn"
                ],
                "action": "route",
                "outbound": "socks-out"
            }
        ],
        "final": "direct-out",
        "auto_detect_interface": true
    }
}

Logs

1.When accessing an SSH host through SS or SOCKS5, the routing does not work as expected. According to the configuration, ssh-out should be used, but in reality, direct out is used.

+0800 2024-11-14 18:21:01 INFO [2492264735 0ms] inbound/shadowsocks[ss-in]: inbound connection to 18.112.4.160:22
+0800 2024-11-14 18:21:01 DEBUG [2492264735 0ms] router: match[0] inbound=[mixed-in ss-in] => sniff(1s)
+0800 2024-11-14 18:21:01 DEBUG [2492264735 0ms] router: sniffed protocol: ssh
+0800 2024-11-14 18:21:01 INFO [2492264735 0ms] outbound/direct[direct-out]: outbound connection to 18.112.4.160:22

2. When setting auto_detect_interface to true, direct out outbound operation is abnormal

   +0800 2024-11-14 18:23:17 INFO [121708867 0ms] inbound/mixed[mixed-in]: inbound connection from 172.20.0.7:56360
   +0800 2024-11-14 18:23:17 INFO [121708867 0ms] inbound/mixed[mixed-in]: [eldorado] inbound connection to wpa.mango.qidian.qq.com:443
   +0800 2024-11-14 18:23:17 INFO [121708867 0ms] outbound/direct[direct-out]: outbound connection to wpa.mango.qidian.qq.com:443
   +0800 2024-11-14 18:23:17 ERROR [121708867 0ms] router: outbound/direct[direct-out]: dial tcp 175.27.2.207:443: no route to internet | dial tcp 175.27.45.49:443: no route to internet | dial tcp 175.27.2.58:443: no route to internet | dial tcp 175.27.45.233:443: no route to internet

Supporter

• [ ] I am a sponsor

Integrity requirements

• [X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• [X] I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
• [X] I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
• [X] I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

[eldoradoel]

thanks，fixed in 1.11.0-alpha.16

[ghost]

it seems that mixed-in tag still doesn't work @eldoradoel

[eldoradoel]

Indeed, during testing, I removed the inbound from the route rules. After adding the inbound test in route rules, the sniff action did not match the inbound

[eldoradoel]

In sniff actions, add inbound rule restrictions that do not match inbound tags. sing-box version 1.11.0-alpha.17

[eldoradoel]

fixed in 1.11.0-alpha.18, thanks.