VLESS 协议使用 xtls-rprx-vision 流控时默认没屏蔽UDP443端口

[chika0801]

Welcome

• [X] Yes, I'm using the latest major release. Only such installations are supported.
• [X] Yes, I'm using the latest Golang release. Only such installations are supported.
• [X] Yes, I've searched similar issues on GitHub and didn't find any.
• [X] Yes, I've included all information below (version, FULL config, FULL log, etc).

Description of the problem

Xray的xtls-rprx-vision 流控是默认屏蔽了UDP443端口的(文档)。测试发现sing-box的xtls-rprx-vision 流控没有。

QUIC被正常激活

Version of sing-box

```console 1.3-beta11 ```

Server and client configuration file

服务端

```console { "log": { "level": "debug", "timestamp": true }, "inbounds": [ { "type": "vless", "tag": "vless-in", "listen": "::", "listen_port": 443, "users": [ { "uuid": "chika", "flow": "xtls-rprx-vision" } ], "tls": { "enabled": true, "server_name": "www.123abc.com", "reality": { "enabled": true, "handshake": { "server": "www.123abc.com", "server_port": 443 }, "private_key": "", "short_id": [ "" ] } } } ], "outbounds": [ { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" } ] } ```

客户端

```console { "log": { "level": "info", "timestamp": true }, "dns": { "servers": [ { "tag": "dns_proxy", "address": "fakeip", "strategy": "ipv4_only", "detour": "proxy" }, { "tag": "dns_direct", "address": "https://223.5.5.5/dns-query", "strategy": "prefer_ipv6", "detour": "direct" }, { "tag": "dns_block", "address": "rcode://success" } ], "rules": [ { "geosite": [ "category-ads-all" ], "server": "dns_block", "disable_cache": true }, { "geosite": [ "category-games@cn" ], "server": "dns_direct" }, { "geosite": [ "geolocation-!cn" ], "rewrite_ttl": 300, "server": "dns_proxy" }, { "geosite": [ "cn", "private" ], "server": "dns_direct" }, { "source_ip_cidr": [ "172.19.0.1/30", "fdfe:dcba:9876::1/126" ], "rewrite_ttl": 300, "server": "dns_proxy" } ], "fakeip": { "enabled": true, "inet4_range": "198.18.0.0/15", "inet6_range": "fc00::/18" } }, "route": { "geoip": { "download_url": "https://github.com/soffchen/sing-geoip/releases/latest/download/geoip.db" }, "geosite": { "download_url": "https://github.com/soffchen/sing-geosite/releases/latest/download/geosite.db" }, "rules": [ { "protocol": "dns", "outbound": "dns-out" }, { "geosite": [ "category-ads-all" ], "outbound": "block" }, { "geosite": [ "category-porn", "openai" ], "outbound": "tokyo" }, { "type": "logical", "mode": "and", "rules": [ { "geosite": [ "category-games@cn" ] }, { "geoip": [ "cn" ] } ], "outbound": "direct" }, { "geosite": [ "geolocation-!cn" ], "outbound": "proxy" }, { "type": "logical", "mode": "and", "rules": [ { "geosite": [ "cn" ] }, { "geoip": [ "cn" ] } ], "outbound": "direct" }, { "geosite": [ "private" ], "outbound": "direct" }, { "geoip": [ "private" ], "outbound": "direct" }, { "port": 53, "process_name": [ "xray.exe", "IDMan.exe", "Xshell.exe", "XshellCore.exe", "WinSCP.exe" ], "outbound": "dns-out" }, { "process_name": [ "xray.exe", "IDMan.exe", "Xshell.exe", "XshellCore.exe", "WinSCP.exe" ], "outbound": "direct" } ], "auto_detect_interface": true }, "inbounds": [ { "type": "tun", "tag": "tun-in", "interface_name": "tun0", "inet4_address": "172.19.0.1/30", "inet6_address": "fdfe:dcba:9876::1/126", "mtu": 9000, "auto_route": true, "strict_route": true, "endpoint_independent_nat": false, "stack": "system", "sniff": true, "sniff_override_destination": false } ], "outbounds": [ { "type": "vless", "tag": "proxy", "server": "", "server_port": 443, "uuid": "chika", "flow": "xtls-rprx-vision", "tls": { "enabled": true, "server_name": "www.123abc.com", "utls": { "enabled": true, "fingerprint": "chrome" }, "reality": { "enabled": true, "public_key": "", "short_id": "" } }, "packet_encoding": "xudp" }, { "type": "vless", "tag": "tokyo", // 此处省略 }, { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" }, { "type": "dns", "tag": "dns-out" } ] } ```

Server and client log file

服务端

```console +0800 2023-05-03 23:02:40 INFO [804588698 0ms] inbound/vless[vless-in]: [0] inbound packet connection to quic.nginx.org:443 +0800 2023-05-03 23:02:40 INFO [804588698 1ms] outbound/direct[direct]: outbound packet connection +0800 2023-05-03 23:02:40 DEBUG [804588698 1ms] dns: lookup domain quic.nginx.org +0800 2023-05-03 23:02:40 DEBUG [804588698 1ms] dns: lookup succeed for quic.nginx.org: 35.214.218.230 +0800 2023-05-03 23:02:40 INFO [3210268490 0ms] inbound/vless[vless-in]: inbound connection from 客户端IP:3793 +0800 2023-05-03 23:02:40 DEBUG [3210268490 0ms] dns: lookup domain www.discoverhongkong.com +0800 2023-05-03 23:02:40 DEBUG [3210268490 0ms] dns: lookup succeed for www.discoverhongkong.com: 23.200.145.138 184.51.102.217 2600:1417:a000::1737:2f41 2600:1417:a000::1737:2f5a +0800 2023-05-03 23:02:40 INFO [1963703208 0ms] inbound/vless[vless-in]: [0] inbound connection to quic.nginx.org:443 +0800 2023-05-03 23:02:40 INFO [1963703208 0ms] outbound/direct[direct]: outbound connection to quic.nginx.org:443 +0800 2023-05-03 23:02:40 DEBUG [1963703208 1ms] dns: lookup domain quic.nginx.org +0800 2023-05-03 23:02:40 DEBUG [1963703208 1ms] dns: lookup succeed for quic.nginx.org: 35.214.218.230 ```

客户端

```console +0800 2023-05-03 23:02:39 INFO [1884496555 0ms] inbound/tun[tun-in]: inbound packet connection from [fdfe:dcba:9876::1]:65410 +0800 2023-05-03 23:02:39 INFO [1884496555 0ms] inbound/tun[tun-in]: inbound packet connection to [fdfe:dcba:9876::2]:53 +0800 2023-05-03 23:02:39 INFO [2627245599 0ms] inbound/tun[tun-in]: inbound packet connection from [fdfe:dcba:9876::1]:58656 +0800 2023-05-03 23:02:39 INFO [1884496555 0ms] router: found process path: \Device\HarddiskVolume3\Windows\System32\svchost.exe +0800 2023-05-03 23:02:39 INFO [2627245599 0ms] inbound/tun[tun-in]: inbound packet connection to [fdfe:dcba:9876::2]:53 +0800 2023-05-03 23:02:39 INFO dns: cached quic.nginx.org A quic.nginx.org. 294 IN A 198.18.0.39 +0800 2023-05-03 23:02:39 INFO dns: exchanged quic.nginx.org. A quic.nginx.org. 294 IN A 198.18.0.39 +0800 2023-05-03 23:02:39 INFO [2627245599 0ms] router: found process path: \Device\HarddiskVolume3\Windows\System32\svchost.exe +0800 2023-05-03 23:02:39 INFO [1379652424 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:58656 +0800 2023-05-03 23:02:39 INFO [1379652424 0ms] inbound/tun[tun-in]: inbound packet connection to 172.19.0.2:53 +0800 2023-05-03 23:02:39 INFO [1379652424 0ms] router: found process path: \Device\HarddiskVolume3\Windows\System32\svchost.exe +0800 2023-05-03 23:02:39 INFO [1125666321 0ms] inbound/tun[tun-in]: inbound packet connection from 172.19.0.1:61058 +0800 2023-05-03 23:02:39 INFO [1125666321 0ms] inbound/tun[tun-in]: inbound packet connection to 198.18.0.39:443 +0800 2023-05-03 23:02:39 INFO [1125666321 0ms] router: found process path: \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe +0800 2023-05-03 23:02:39 INFO [1125666321 0ms] outbound/vless[proxy]: outbound packet connection to quic.nginx.org:443 +0800 2023-05-03 23:02:39 INFO [1125666321 0ms] outbound/vless[proxy]: outbound packet connection to quic.nginx.org:443 +0800 2023-05-03 23:02:40 INFO [814275103 0ms] inbound/tun[tun-in]: inbound connection from 172.19.0.1:3792 +0800 2023-05-03 23:02:40 INFO [814275103 0ms] inbound/tun[tun-in]: inbound connection to 198.18.0.39:443 +0800 2023-05-03 23:02:40 INFO [814275103 0ms] router: found process path: \Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe +0800 2023-05-03 23:02:40 INFO [814275103 0ms] outbound/vless[proxy]: outbound connection to quic.nginx.org:443 +0800 2023-05-03 23:02:40 INFO [814275103 184ms] outbound/vless[proxy]: outbound connection to quic.nginx.org:443 ```

[nekohasekai]

协议规范没有规定需要禁止。

[chika0801]

确认是故意这样设计的，感谢解答。