客户端使用TUN模式，服务端使用"sniff" "sniff_override_destination" 没有执行动作

[chika0801]

Welcome

• [X] Yes, I'm using the latest major release. Only such installations are supported.
• [X] Yes, I'm using the latest Golang release. Only such installations are supported.
• [X] Yes, I've searched similar issues on GitHub and didn't find any.
• [X] Yes, I've included all information below (version, FULL config, FULL log, etc).

Description of the problem

两端都使用sing-box，客户端使用TUN模式，配置参数

"sniff": true,
"sniff_override_destination": false

服务端入站用域名嗅探参数，观察日志嗅探动作未执行

"sniff": true,
"sniff_override_destination": true

Version of sing-box

```console 1.2.3版本 ```

Server and client configuration file

服务端

```console { "log": { "level": "trace", "timestamp": true }, "route": { "rules": [ { "network": "udp", "port": [ 443 ], "outbound": "block" }, { "domain_keyword": [ "ip.sb" ], "geosite": [ "openai" ], "geoip": [ "cn" ], "outbound": "wireguard-out" } ] }, "inbounds": [ { "type": "vless", "tag": "vless-in", "listen": "::", "listen_port": 443, "sniff": true, "sniff_override_destination": true, "domain_strategy": "ipv4_only", "users": [ { "uuid": "ee48f7be-6ae9-5654-9b61-8466aa8e16bc", // 执行 ./sing-box generate uuid 生成 "flow": "" // 留空 } ], "tls": { "enabled": true, "server_name": "www.lovelive-anime.jp", // 客户端可用的 serverName 列表，暂不支持 * 通配符 "reality": { "enabled": true, "handshake": { "server": "www.lovelive-anime.jp", // 目标网站最低标准：国外网站，支持 TLSv1.3、X25519 与 H2，域名非跳转用（主域名可能被用于跳转到 www） "server_port": 443 }, "private_key": "2KZ4uouMKgI8nR-LDJNP1_MHisCJOmKGj9jUjZLncVU", // 执行 ./sing-box generate reality-keypair 生成，填 "Privatekey" 的值 "short_id": [ // 客户端可用的 shortId 列表，可用于区分不同的客户端 "6ba85179e30d4fc2" // 0 到 f，长度为 2 的倍数，长度上限为 16，可留空，或执行 openssl rand -hex 8 生成 ] } }, "transport": { "type": "grpc", "service_name": "grpc" // 指定服务名称 } } ], "outbounds": [ { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" }, { "type": "wireguard", "tag": "wireguard-out", "server": "engage.cloudflareclient.com", "server_port": 2408, "local_address": [ "172.16.0.2/32" ], "private_key": "CHXOQoau1UECV9vxgBHtJoamyTvMA2Nja4kzq/kqxmY=", "peer_public_key": "bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=", "reserved":[143, 212, 92], "mtu": 1280 } ] } ```

客户端

```console { "log": { "level": "trace", "timestamp": true }, "dns": { "servers": [ { "tag": "global", "address": "tcp://1.1.1.1", "address_resolver": "local", "strategy": "ipv4_only", // 若服务端准备好了IPv6，可改为 prefer_ipv6，个人不推荐用，可能遇到莫名现象 "detour": "proxy" }, { "tag": "local", "address": "223.5.5.5", "strategy": "prefer_ipv6", // 若客户端准备好了IPv6，可改为 prefer_ipv6，个人不推荐用，可能遇到莫名现象 "detour": "direct" }, { "tag": "block", "address": "rcode://success" } ], "rules": [ { "geosite": [ "category-ads-all" ], "server": "block", "disable_cache": true }, { "geosite": [ "category-games@cn", "cn", "private" ], "server": "local" } ] }, "route": { "geoip": { "download_url": "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db" }, "geosite": { "download_url": "https://github.com/soffchen/sing-geosite/releases/latest/download/geosite.db" }, "rules": [ { "protocol": "dns", "outbound": "dns-out" }, { "geosite": [ "category-ads-all" ], "outbound": "block" }, { "geosite": [ "category-games@cn" ], "outbound": "direct" }, { "geosite": [ "geolocation-!cn" ], "outbound": "proxy" }, { "geosite": [ "cn", "private" ], "outbound": "direct" }, { "geoip": [ "cn", "private" ], "outbound": "direct" }, { "network": "udp", "geoip": [ "cn" ], "outbound": "direct" }, { "port": 53, "process_name": [ "xray.exe", "hysteria.exe", "IDMan.exe", "Xshell.exe", "XshellCore.exe", "WinSCP.exe" ], "outbound": "dns-out" }, { "process_name": [ "xray.exe", "hysteria.exe", "IDMan.exe", "Xshell.exe", "XshellCore.exe", "WinSCP.exe" ], "outbound": "direct" } ], "auto_detect_interface": true }, "inbounds": [ { "type": "tun", "tag": "tun-in", "interface_name": "tun0", "inet4_address": "172.19.0.1/30", "inet6_address": "fdfe:dcba:9876::1/126", "mtu": 9000, "auto_route": true, "strict_route": true, "endpoint_independent_nat": true, "stack": "system", "sniff": true, "sniff_override_destination": false } ], "outbounds": [ { "type": "vless", "tag": "proxy", "server": "服务端IP", "server_port": 443, "uuid": "ee48f7be-6ae9-5654-9b61-8466aa8e16bc", "flow": "", "tls": { "enabled": true, "server_name": "www.lovelive-anime.jp", "utls": { "enabled": true, "fingerprint": "chrome" }, "reality": { "enabled": true, "public_key": "Z84J2IelR9ch3k8VtlVhhs5ycBUlXA7wHBWcBrjqnAw", "short_id": "6ba85179e30d4fc2" } }, "packet_encoding": "xudp", "transport": { "type": "grpc", "service_name": "grpc", "idle_timeout": "15s", "ping_timeout": "15s" } }, { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" }, { "type": "dns", "tag": "dns-out" } ] } ```

Server and client log file

服务端

```console +0800 2023-04-07 22:10:09 INFO [1975735696 0ms] inbound/vless[vless-in]: [0] inbound connection to 104.18.3.161:443 +0800 2023-04-07 22:10:09 INFO [1975735696 0ms] outbound/direct[direct]: outbound connection to 104.18.3.161:443 ```

客户端 访问 chat.openai.com 进行测试

```console +0800 2023-04-07 22:10:09 INFO [2581111243 0ms] inbound/tun[tun-in]: inbound packet connection from [fdfe:dcba:9876::1]:59737 +0800 2023-04-07 22:10:09 INFO [3224734755 0ms] inbound/tun[tun-in]: inbound packet connection from [fdfe:dcba:9876::1]:55568 +0800 2023-04-07 22:10:09 INFO [3224734755 0ms] inbound/tun[tun-in]: inbound packet connection to [fdfe:dcba:9876::2]:53 +0800 2023-04-07 22:10:09 INFO [2581111243 0ms] inbound/tun[tun-in]: inbound packet connection to [fdfe:dcba:9876::2]:53 +0800 2023-04-07 22:10:09 DEBUG [3224734755 0ms] router: sniffed packet protocol: dns +0800 2023-04-07 22:10:09 DEBUG [2581111243 0ms] router: sniffed packet protocol: dns +0800 2023-04-07 22:10:09 INFO [3224734755 0ms] router: found process path: \Device\HarddiskVolume3\Windows\System32\svchost.exe +0800 2023-04-07 22:10:09 INFO [2581111243 0ms] router: found process path: \Device\HarddiskVolume3\Windows\System32\svchost.exe +0800 2023-04-07 22:10:09 DEBUG [3224734755 0ms] router: match[0] protocol=dns => dns-out +0800 2023-04-07 22:10:09 DEBUG [2581111243 0ms] router: match[0] protocol=dns => dns-out +0800 2023-04-07 22:10:09 DEBUG [3224734755 0ms] dns: exchange chat.openai.com. IN AAAA +0800 2023-04-07 22:10:09 DEBUG [2581111243 1ms] dns: exchange chat.openai.com. IN A +0800 2023-04-07 22:10:09 DEBUG [3224734755 1ms] dns: strategy rejected +0800 2023-04-07 22:10:09 INFO [875199377 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:55568 +0800 2023-04-07 22:10:09 INFO [875199377 0ms] inbound/tun[tun-in]: inbound packet connection to 172.19.0.2:53 +0800 2023-04-07 22:10:09 DEBUG [875199377 0ms] router: sniffed packet protocol: dns +0800 2023-04-07 22:10:09 INFO [875199377 0ms] router: found process path: \Device\HarddiskVolume3\Windows\System32\svchost.exe +0800 2023-04-07 22:10:09 DEBUG [875199377 0ms] router: match[0] protocol=dns => dns-out +0800 2023-04-07 22:10:09 DEBUG [875199377 1ms] dns: exchange chat.openai.com. IN AAAA +0800 2023-04-07 22:10:09 DEBUG [875199377 1ms] dns: strategy rejected +0800 2023-04-07 22:10:09 INFO outbound/vless[proxy]: outbound connection to 1.1.1.1:53 +0800 2023-04-07 22:10:10 DEBUG [2581111243 336ms] dns: exchanged chat.openai.com NOERROR 176 +0800 2023-04-07 22:10:10 INFO [2581111243 336ms] dns: exchanged chat.openai.com CNAME chat.openai.com. 176 IN CNAME chat.openai.com.cdn.cloudflare.net. +0800 2023-04-07 22:10:10 INFO [2581111243 336ms] dns: exchanged chat.openai.com A chat.openai.com.cdn.cloudflare.net. 176 IN A 104.18.3.161 +0800 2023-04-07 22:10:10 INFO [2581111243 336ms] dns: exchanged chat.openai.com A chat.openai.com.cdn.cloudflare.net. 176 IN A 104.18.2.161 +0800 2023-04-07 22:10:10 INFO [2581111243 336ms] dns: exchanged chat.openai.com. CNAME chat.openai.com. 176 IN CNAME chat.openai.com.cdn.cloudflare.net. +0800 2023-04-07 22:10:10 INFO [2581111243 336ms] dns: exchanged chat.openai.com. A chat.openai.com.cdn.cloudflare.net. 176 IN A 104.18.3.161 +0800 2023-04-07 22:10:10 INFO [2581111243 336ms] dns: exchanged chat.openai.com. A chat.openai.com.cdn.cloudflare.net. 176 IN A 104.18.2.161 +0800 2023-04-07 22:10:10 INFO [1098294485 0ms] inbound/tun[tun-in]: inbound connection from 172.19.0.1:11043 +0800 2023-04-07 22:10:10 INFO [1098294485 0ms] inbound/tun[tun-in]: inbound connection to 104.18.3.161:443 +0800 2023-04-07 22:10:10 DEBUG [1098294485 0ms] router: sniffed protocol: tls, domain: chat.openai.com +0800 2023-04-07 22:10:10 INFO [1098294485 0ms] router: found process path: \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe +0800 2023-04-07 22:10:10 DEBUG [1098294485 0ms] router: match[3] geosite=geolocation-!cn => proxy +0800 2023-04-07 22:10:10 INFO [1098294485 0ms] outbound/vless[proxy]: outbound connection to 104.18.3.161:443 ```

[chika0801]

如果只将客户端配置中的 "sniff_override_destination": true ，观察客户端日志，发给服务端的请求内容是域名。服务端能正常分流。

"sniff": true,
"sniff_override_destination": true

日志

服务端

```console +0800 2023-04-07 22:13:20 INFO [1188064214 0ms] inbound/vless[vless-in]: inbound connection from [::ffff:27.10.98.38]:11551 +0800 2023-04-07 22:13:20 INFO [2458871400 0ms] inbound/vless[vless-in]: [0] inbound connection to chat.openai.com:443 +0800 2023-04-07 22:13:20 DEBUG [2458871400 0ms] dns: lookup domain chat.openai.com +0800 2023-04-07 22:13:20 INFO [2458871400 0ms] dns: lookup succeed for chat.openai.com: 104.18.3.161 104.18.2.161 +0800 2023-04-07 22:13:20 DEBUG [2458871400 1ms] dns: resolved [104.18.3.161 104.18.2.161] +0800 2023-04-07 22:13:20 DEBUG [2458871400 1ms] router: match[1] domain_keyword=ip.sb geosite=openai geoip=cn => wireguard-out +0800 2023-04-07 22:13:20 INFO [2458871400 2ms] outbound/wireguard[wireguard-out]: outbound connection to 104.18.3.161:443 ```

客户端

```console +0800 2023-04-07 22:13:20 DEBUG [4202770575 649ms] dns: exchange chat.openai.com. IN A +0800 2023-04-07 22:13:20 INFO [1565575267 0ms] inbound/tun[tun-in]: inbound packet connection from [fdfe:dcba:9876::1]:59060 +0800 2023-04-07 22:13:20 INFO [1565575267 0ms] inbound/tun[tun-in]: inbound packet connection to [fdfe:dcba:9876::2]:53 +0800 2023-04-07 22:13:20 DEBUG [1565575267 0ms] router: sniffed packet protocol: dns +0800 2023-04-07 22:13:20 INFO [1565575267 0ms] router: found process path: \Device\HarddiskVolume3\Windows\System32\svchost.exe +0800 2023-04-07 22:13:20 DEBUG [1565575267 0ms] router: match[0] protocol=dns => dns-out +0800 2023-04-07 22:13:20 DEBUG [1565575267 0ms] dns: exchange chat.openai.com. IN AAAA +0800 2023-04-07 22:13:20 DEBUG [1565575267 0ms] dns: strategy rejected +0800 2023-04-07 22:13:20 INFO [2222844635 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:59060 +0800 2023-04-07 22:13:20 INFO [2222844635 0ms] inbound/tun[tun-in]: inbound packet connection to 172.19.0.2:53 +0800 2023-04-07 22:13:20 DEBUG [2222844635 0ms] router: sniffed packet protocol: dns +0800 2023-04-07 22:13:20 INFO [2222844635 0ms] router: found process path: \Device\HarddiskVolume3\Windows\System32\svchost.exe +0800 2023-04-07 22:13:20 DEBUG [2222844635 0ms] router: match[0] protocol=dns => dns-out +0800 2023-04-07 22:13:20 DEBUG [2222844635 0ms] dns: exchange chat.openai.com. IN AAAA +0800 2023-04-07 22:13:20 DEBUG [2222844635 0ms] dns: strategy rejected +0800 2023-04-07 22:13:20 DEBUG [4202770575 727ms] dns: exchanged chat.openai.com NOERROR 148 +0800 2023-04-07 22:13:20 INFO [4202770575 727ms] dns: exchanged chat.openai.com CNAME chat.openai.com. 148 IN CNAME chat.openai.com.cdn.cloudflare.net. +0800 2023-04-07 22:13:20 INFO [4202770575 727ms] dns: exchanged chat.openai.com A chat.openai.com.cdn.cloudflare.net. 148 IN A 104.18.3.161 +0800 2023-04-07 22:13:20 INFO [4202770575 727ms] dns: exchanged chat.openai.com A chat.openai.com.cdn.cloudflare.net. 148 IN A 104.18.2.161 +0800 2023-04-07 22:13:20 INFO [4202770575 727ms] dns: exchanged chat.openai.com. CNAME chat.openai.com. 148 IN CNAME chat.openai.com.cdn.cloudflare.net. +0800 2023-04-07 22:13:20 INFO [4202770575 727ms] dns: exchanged chat.openai.com. A chat.openai.com.cdn.cloudflare.net. 148 IN A 104.18.3.161 +0800 2023-04-07 22:13:20 INFO [4202770575 727ms] dns: exchanged chat.openai.com. A chat.openai.com.cdn.cloudflare.net. 148 IN A 104.18.2.161 +0800 2023-04-07 22:13:20 INFO [192294296 0ms] inbound/tun[tun-in]: inbound connection from 172.19.0.1:11553 +0800 2023-04-07 22:13:20 INFO [192294296 0ms] inbound/tun[tun-in]: inbound connection to 104.18.3.161:443 +0800 2023-04-07 22:13:20 DEBUG [192294296 0ms] router: sniffed protocol: tls, domain: chat.openai.com +0800 2023-04-07 22:13:20 INFO [192294296 0ms] router: found process path: \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe +0800 2023-04-07 22:13:20 DEBUG [192294296 0ms] router: match[3] geosite=geolocation-!cn => proxy +0800 2023-04-07 22:13:20 INFO [192294296 0ms] outbound/vless[proxy]: outbound connection to chat.openai.com:443 ```

[dyhkwong]

Expected behavior. sniff by default use sniffed domains for routing only. If you want the destination to be overridden, enable sniff_override_destination as well.

[chika0801]

我的问题是

服务端入站用了

"sniff": true, "sniff_override_destination": true

sniff 参数并没正确生效

[nekohasekai]

https://sing-box.sagernet.org/configuration/shared/listen/#sniff_timeout

[chika0801]

在服务端配置中添加了

        "sniff_timeout": "500ms",

还是没有嗅探动作。这参数不写也是300ms默认值，应该不是这个原因。

[chika0801]

服务端入站用域名嗅探参数

"sniff": true,
"sniff_override_destination": true

客户端使用v2rayNG，并使用 "routeOnly": true，发送IP到服务端。

此时服务端的 "sniff" 正常工作，嗅探到域名。

证明当客户端使用sing-box时，将IP发到服务端，服务端对sing-box发来的IP，"sniff"参数没能正常工作。

v2rayNG配置

``` { "log": { "loglevel": "warning" }, "dns": { "hosts": { "geosite:category-ads-all": [ "127.0.0.1" ] }, "servers": [ "tcp://1.1.1.1", { "address": "https+local://223.5.5.5/dns-query", "domains": [ "geosite:category-games@cn", "geosite:cn", "geosite:private" ], "expectIPs": [ "geoip:cn", "geoip:private" ], "skipFallback": true } ] }, "routing": { "domainStrategy": "AsIs", "rules": [ { "type": "field", "inboundTag": [ "dns-in" ], "outboundTag": "dns-out" }, { "type": "field", "domain": [ "geosite:category-ads-all" ], "outboundTag": "block" }, { "type": "field", "domain": [ "geosite:category-games@cn" ], "outboundTag": "direct" }, { "type": "field", "domain": [ "geosite:geolocation-!cn" ], "outboundTag": "proxy" }, { "type": "field", "domain": [ "geosite:cn", "geosite:private" ], "outboundTag": "direct" }, { "type": "field", "ip": [ "geoip:cn", "geoip:private" ], "outboundTag": "direct" } ] }, "inbounds": [ { "listen": "127.0.0.1", "port": 10808, "protocol": "socks", "settings": { "udp": true }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ], "routeOnly": true } }, { "listen": "127.0.0.1", "port": 10809, "protocol": "http", "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ], "routeOnly": true } }, { "listen": "127.0.0.1", "port": 10853, "protocol": "dokodemo-door", "settings": { "address": "1.1.1.1", "port": 53, "network": "udp" }, "tag": "dns-in" } ], "outbounds": [ { "protocol": "vless", "settings": { "vnext": [ { "address": "", "port": 443, "users": [ { "id": "chika", "encryption": "none", "flow": "" } ] } ] }, "streamSettings": { "network": "grpc", "security": "reality", "realitySettings": { "show": false, "fingerprint": "chrome", "serverName": "numazu-mirai.com", "publicKey": "I4rlDl4Ks9Ci8behRdTZvRplpx_3yJtQHjkLb8OT9Q4", "shortId": "3b4d463175cd2f6b", "spiderX": "" }, "grpcSettings": { "serviceName": "grpc", "multiMode": false, "idle_timeout": 60, "health_check_timeout": 20 } }, "tag": "proxy" }, { "protocol": "freedom", "tag": "direct" }, { "protocol": "blackhole", "tag": "block" }, { "protocol": "dns", "tag": "dns-out" } ] } ```

[chika0801]

https://sing-box.sagernet.org/configuration/shared/listen/#sniff_timeout

非这参数问题。刚使用 1.3-beta5 测试，修复了

https://github.com/SagerNet/sing-box/releases/tag/v1.3-beta5