search

SagerNet / sing-box

The universal proxy platform
https://sing-box.sagernet.org/
Other
18.28k stars 2.19k forks source link

Enabling sniff won't let me connect to apps #575

Closed malikshi closed 1 year ago

malikshi commented 1 year ago

Welcome

Description of the problem

Hi, i had installed server and client with 1364273, i testing when sniff enable i can't connected to apps like Genshin impacts, CODM, Honkai: star rail but disabling sniff will work normally. I didn't found any weird log except this router: sniffed no protocol: read payload: EOF whenever trying to connect game servers.

i been trying all other setting in DNS (reversed map,fakeip) with sniff enabled still failed to connect the games.

Version of sing-box

```console $ sing-box version sing-box version 1364273 Environment: go1.20.3 linux/arm64 Tags: with_clash_api,with_grpc,with_wireguard,with_utls,with_gvisor,with_quic,with_dhcp,with_ech,with_reality_server,with_v2ray_api CGO: enabled ```

Server and client configuration file

```console { "log": { "level": "trace", "output": "/var/log/box.log", "timestamp": true }, "dns": { "servers": [ { "tag": "remote-dns", "address": "1.1.1.1", "strategy": "ipv4_only" }, { "tag": "direct-dns", "address": "dhcp://wan", "strategy": "ipv4_only", "detour": "direct" }, { "tag": "wlan0-dns", "address": "https://1.0.0.1/dns-query", "strategy": "prefer_ipv4", "detour": "wlan0" }, { "tag": "dns-block", "address": "rcode://success" } ], "rules": [ { "disable_cache": true, "domain_suffix": [ ".arpa.", ".arpa" ], "server": "dns-block" }, { "geosite": "rule-malicious", "server": "dns-block", "rewrite_ttl": 10 }, { "protocol": "quic", "server": "dns-block", "rewrite_ttl": 10 }, { "outbound": "direct", "clash_mode": "direct", "server": "direct-dns", "disable_cache": false, "rewrite_ttl": 20 }, { "outbound": "wlan0", "server": "wlan0-dns", "disable_cache": false, "rewrite_ttl": 20 } ], "final": "remote-dns", "strategy": "ipv4_only", "disable_cache": false, "disable_expire": false, "reverse_mapping": false, "fakeip": { "enabled": false, "inet4_range": "198.18.0.0/15", "inet6_range": "fc00::/18" } }, "ntp": { "enabled": false, "interval": "30m0s", "server": "time.bmkg.go.id", "server_port": 123, "detour": "Best Latency" }, "inbounds": [ { "listen": "0.0.0.0", "listen_port": 53, "override_address": "1.1.1.1", "override_port": 53, "tag": "dns-in", "type": "direct" }, { "type": "tun", "tag": "tun-in", "interface_name": "vpn0", "mtu": 9000, "inet4_address": "172.19.0.1/30", "auto_route": true, "strict_route": true, "udp_timeout": 300, "stack": "system", "sniff": true } ], "outbounds": [ { "type": "selector", "tag": "Internet", "outbounds": [ "Best Latency", "wlan0", "BGN Trojan WS" ] }, { "type": "urltest", "tag": "Best Latency", "outbounds": [ "BGN Trojan WS" ], "url": "https://www.gstatic.com/generate_204", "interval": "1m0s" }, { "type": "selector", "tag": "Lock Region ID", "outbounds": [ "wlan0", "BGN Trojan WS" ] }, { "type": "selector", "tag": "WhatsApp", "outbounds": [ "direct", "wlan0", "Internet", "Best Latency", "Lock Region ID" ] }, { "type": "selector", "tag": "GAMESMAX", "outbounds": [ "direct", "wlan0", "Internet", "Best Latency", "Lock Region ID" ] }, { "type": "selector", "tag": "Route Port Game", "outbounds": [ "Best Latency", "Internet", "Lock Region ID", "direct", "wlan0" ] }, { "type": "selector", "tag": "Option ADs", "outbounds": [ "block", "Internet" ] }, { "type": "selector", "tag": "Option P0rn", "outbounds": [ "block", "Internet" ] }, { "type": "trojan", "tag": "BGN Trojan WS", "server": "IP", "server_port": 443, "password": "pass", "tls": { "enabled": true, "server_name": "open.spotify.com", "insecure": true, "utls": { "enabled": false, "fingerprint": "chrome" } }, "multiplex": { "enabled": false, "protocol": "yamux", "max_connections": 36, "min_streams": 4, "padding": false }, "transport": { "type": "ws", "path": "/browse/featured", "headers": { "Host": "open.spotify.com" } } }, { "type": "direct", "tag": "direct" }, { "type": "direct", "tag": "wlan0", "bind_interface": "wlan0" }, { "type": "block", "tag": "block" }, { "type": "dns", "tag": "dns-out" } ], "route": { "geoip": { "path": "/etc/sing-box/geoip.db", "download_url": "https://github.com/malikshi/sing-box-geo/releases/latest/download/geoip.db", "download_detour": "Internet" }, "geosite": { "path": "/etc/sing-box/geosite.db", "download_url": "https://github.com/malikshi/sing-box-geo/releases/latest/download/geosite.db", "download_detour": "Internet" }, "rules": [ { "port": 53, "outbound": "dns-out" }, { "inbound": [ "dns-in" ], "outbound": "dns-out" }, { "network": "udp", "port": 443, "outbound": "block" }, { "port": [ 22, 9090 ], "outbound": "Lock Region ID" }, { "domain_suffix": "googlesyndication.com", "outbound": "Internet" }, { "geosite": [ "rule-ads", "oisd-full" ], "outbound": "Option ADs" }, { "geosite": [ "oisd-nsfw", "category-porn" ], "outbound": "Option P0rn" }, { "geoip": "facebook", "port": [ 3478, 4244, 5222, 5223, 5242, 45395, 50318, 59234 ], "outbound": "WhatsApp" }, { "port": 3478, "outbound": "Internet" }, { "geosite": "rule-indo", "outbound": "Lock Region ID" }, { "network": "udp", "port": [ 2702, 3702, 8443, 9120, 9992, 10003, 6006, 6008, 6674, 7889, 8008, 8130, 8443, 9008, 9120, 10100, 12008, 13008, 8011, 9030, 10491, 10612, 12235, 13004, 13748, 17000, 17500, 10039, 10096, 11455, 13894, 13972 ], "outbound": "GAMESMAX" }, { "network": "udp", "port_range": [ "4001:4009", "5000:5221", "5224:5241", "5243:5287", "5289:5352", "5354:5509", "5517:5529", "5551:5559", "5601:5700", "9000:9010", "30000:30300", "7006:7008", "8001:8012", "10000:10015", "11000:11019", "10101:10201", "10080:10110", "17000:18000" ], "outbound": "GAMESMAX" }, { "network": "tcp", "port": [ 5517, 8443, 9443, 10003, 6006, 6008, 6674, 7889, 9006, 9137, 12006, 12008, 13006, 15006, 20561, 39003, 39006, 39698, 39779, 39800, 10012, 14000, 15692, 17000, 17500, 18081, 20371, 8013, 8085, 18082, 20000, 50000, 65010, 65050, 8013, 18082, 20166, 31003, 33445, 50000, 42472, 14422, 16999, 8013, 8888, 30031, 14009, 40005, 9339, 2099, 8088, 5692, 8085, 8500, 10000, 10082, 20000, 25000, 29134, 31003 ], "outbound": "Route Port Game" }, { "network": "tcp", "port_range": [ "5000:5221", "5224:5227", "5229:5241", "5243:5287", "5289:5352", "5354:5509", "5520:5529", "5551:5559", "5601:5700", "9000:9010", "30000:30300", "7006:7008", "8001:8012", "10000:10012", "11000:11019", "8085:8088", "10000:10019", "20000:20002", "10000:10001", "20000:20001", "9330:9340", "2080:2099", "9100:9200", "8230:8250", "8110:8120", "27000:28998", "7770:7790", "44590:44610", "10500:10515", "27015:27030", "27036:27037", "39190:39200", "49001:49190", "8393:8400" ], "outbound": "Route Port Game" }, { "network": "udp", "port": [ 2702, 3702, 8443, 9120, 9992, 10003, 6006, 6008, 6674, 7889, 8008, 8130, 8443, 9008, 9120, 10100, 12008, 13008, 8700, 10013, 10019, 10039, 10096, 10491, 10612, 11455, 12235, 13748, 13894, 13972, 17000, 17500, 8700, 9030, 8011, 9030, 10491, 10612, 12235, 13004, 13748, 17000, 17500, 10039, 10096, 11455, 13894, 13972, 42472, 5100, 39000, 4380, 27036, 14422, 16999, 8013, 8888, 8000, 30104, 14009, 40005, 8088, 5010, 6650, 8011, 8700, 20000, 25000, 29134, 30000 ], "outbound": "Route Port Game" }, { "network": "udp", "port_range": [ "4001:4009", "5000:5221", "5224:5241", "5243:5287", "5289:5352", "5354:5509", "5517:5529", "5551:5559", "5601:5700", "9000:9010", "30000:30300", "7006:7008", "8001:8012", "10000:10015", "11000:11019", "7086:7995", "8011:8013", "9030:9031", "20000:20002", "12070:12460", "41182:41192", "7500:7995", "10010:10019", "20000:20001", "10101:10201", "10080:10110", "17000:18000", "5055:5058", "22101:22102", "9330:9340", "27000:28998", "16300:16350", "40000:40010", "60970:60980", "27000:27031", "40000:40010", "7000:8000", "8180:8181", "27016:27024", "54000:54012" ], "outbound": "Route Port Game" }, { "geoip": "id", "port": [ 21, 22, 23, 80, 81, 123, 143, 182, 183, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8000, 8080, 8081, 8088, 8443, 8880, 8883, 8888, 8889 ], "outbound": "Lock Region ID" }, { "port": [ 21, 22, 23, 80, 81, 123, 143, 182, 183, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8000, 8080, 8081, 8088, 8443, 8880, 8883, 8888, 8889 ], "outbound": "Internet" }, { "port_range": [ "1023:42068", "42070:65535" ], "outbound": "Route Port Game" }, { "ip_cidr": [ "224.0.0.0/3", "ff00::/8" ], "outbound": "block", "source_ip_cidr": [ "224.0.0.0/3", "ff00::/8" ] } ], "final": "Internet", "auto_detect_interface": true }, "experimental": { "clash_api": { "external_controller": "0.0.0.0:9090", "external_ui": "/etc/sing-box/yacd", "external_ui_download_url": "https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip", "external_ui_download_detour": "Best Latency", "secret": "password", "default_mode": "rule", "store_selected": true, "cache_file": "clash.db" } } } ```

Server and client log file

```console +0700 2023-04-29 06:14:07 INFO [1906812147 0ms] inbound/tun[tun-in]: inbound connection from 192.168.100.6:48518 +0700 2023-04-29 06:14:07 INFO [1906812147 0ms] inbound/tun[tun-in]: inbound connection to 8.211.159.223:80 +0700 2023-04-29 06:14:07 TRACE [1906812147 0ms] router: sniffed no protocol: read payload: EOF +0700 2023-04-29 06:14:07 DEBUG [1906812147 0ms] router: match[17] port=[21 22 23 80 81 123 143 182 183 194 443 465 587 853 993 995 998 2052 2053 2082 2083 2086 2095 2096 5222 5228 5229 5230 8000 8080 8081 8088 8443 8880 8883 8888 8889] => Internet +0700 2023-04-29 06:14:07 INFO [1906812147 0ms] outbound/trojan[BGN Trojan WS]: outbound connection to 8.211.159.223:80 +0700 2023-04-29 06:14:07 DEBUG [1657707141 128ms] inbound/tun[tun-in]: connection closed: read payload: EOF +0700 2023-04-29 06:14:07 DEBUG [2608198107 133ms] inbound/tun[tun-in]: connection closed: read payload: EOF +0700 2023-04-29 06:14:07 DEBUG [1118318443 165ms] inbound/tun[tun-in]: connection closed: read payload: EOF +0700 2023-04-29 06:14:07 DEBUG [1906812147 159ms] inbound/tun[tun-in]: connection closed: read payload: EOF +0700 2023-04-29 06:14:07 DEBUG [1959785312 165ms] inbound/tun[tun-in]: connection closed: read payload: EOF +0700 2023-04-29 06:14:07 DEBUG [3989016914 224ms] inbound/tun[tun-in]: connection closed: download: read destination: EOF | upload: io: read/write on closed pipe +0700 2023-04-29 06:14:08 DEBUG [2580618261 10.0s] inbound/tun[tun-in]: connection closed: upstream: context canceled | io: read/write on closed pipe +0700 2023-04-29 06:14:08 INFO [39704032 0ms] inbound/tun[tun-in]: inbound packet connection from 192.168.100.6:44049 +0700 2023-04-29 06:14:08 INFO [39704032 0ms] inbound/tun[tun-in]: inbound packet connection to 8.211.159.223:22102 +0700 2023-04-29 06:14:08 DEBUG [39704032 0ms] router: match[15] network=udp port_range=[4001:4009 5000:5221 5224:5241 5243:5287 5289:5352 5354:5509 5517:5529 5551:5559 5601:5700 9000:9010 30000:30300 7006:7008 8001:8012 10000:10015 11000:11019 7086:7995 8011:8013 9030:9031 20000:20002 12070:12460 41182:41192 7500:7995 10010:10019 20000:20001 10101:10201 10080:10110 17000:18000 5055:5058 22101:22102 9330:9340 27000:28998 16300:16350 40000:40010 60970:60980 27000:27031 40000:40010 7000:8000 8180:8181 27016:27024 54000:54012] => Route Port Game +0700 2023-04-29 06:14:08 INFO [39704032 0ms] outbound/trojan[BGN Trojan WS]: outbound packet connection to 8.211.159.223:22102 +0700 2023-04-29 06:14:08 DEBUG [39704032 165ms] inbound/tun[tun-in]: connection closed: download: read destination: EOF | upload: io: read/write on closed pipe ```
malikshi commented 1 year ago

seem sniffing commons port but UDP makes it failed establishing connections when sniffer enabled

To ensure it's UDP port I tests this without sing-box running, nc -vz -u 8.211.159.223 80 Connection to 8.211.159.223 80 port [udp/*] succeeded!

nekohasekai commented 1 year ago

Try https://github.com/SagerNet/sing-box/commit/b0a978d4b6dc012d1656a8b652357da80a1a999d

malikshi commented 1 year ago

Try b0a978d

Sing-box is already up to date with commit b0a978d. thank you, it's solved