specifying non existent interface with sockopt leaks data to default gateway

its0ka commented 6 days ago

Integrity requirements

[X] I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
[X] I provided the complete config and logs, rather than just providing the truncated parts based on my own judgment.
[X] I searched issues and did not find any similar issues.
[X] The problem can be successfully reproduced in the latest Release

Description

i have 2 network interfaces on the server, first is for inbound connections (eth0) and second (tun0) for outbound, but the second interface can sometimes fail to appear and then xray leaks all data to the first interface (i think it's better to fail the connection, hysteria2 works this way and fails the connection).

Reproduction Method

run the config and use curl -v --socks5 127.0.0.1 1.1.1.1, it should fail but it passes

Client config

-

Server config


{
    "inbounds": [
        {
            "listen": "127.0.0.1",
            "port": "1080",
            "protocol": "socks"
        }
    ],
    "log": {
        "loglevel": "debug"
    },
    "outbounds": [
        {
            "protocol": "freedom",
            "streamSettings": {
                "sockopt": {
                    "interface": "NON_EXISTENT_IFACE"
                }
            },
            "tag": "user1"
        }
    ],
    "routing": {
        "rules": [
            {
                "outboundTag": "user1",
                "user": "user1"
            }
        ]
    }
}

Client log

-

Server log


2024/11/19 05:56:20 [Info] [862734131] proxy/socks: TCP Connect request to tcp:1.1.1.1:80
2024/11/19 05:56:20 [Info] [862734131] app/dispatcher: default route for tcp:1.1.1.1:80
2024/11/19 05:56:20 [Info] [862734131] transport/internet/tcp: dialing TCP to tcp:1.1.1.1:80
2024/11/19 05:56:20 [Debug] [862734131] transport/internet: dialing to tcp:1.1.1.1:80
2024/11/19 05:56:20 [Info] [862734131] transport/internet: failed to apply socket options > transport/internet: failed to set Interface > no such device
2024/11/19 05:56:20 from tcp:127.0.0.1:4206 accepted tcp:1.1.1.1:80 [user1]
2024/11/19 05:56:20 [Info] [862734131] proxy/freedom: connection opened to tcp:1.1.1.1:80, local endpoint 192.168.1.2:47256, remote endpoint 1.1.1.1:80

Fangliding commented 6 days ago

Because choosing an interface is actually 'attaching' to a request, if the attachment fails, the connection will continue. As far as I know, some people actually rely on this' fallback ', and I tend not to make any changes when It's unsure which option is better Perhaps you can also set sendthrough, it should fail when tun0 is offline

its0ka commented 6 days ago

@Fangliding what about an option? the ip address on the interface is dynamic

Fangliding commented 6 days ago

Sockopt already has too many options. If there are more people who need it, I think we can consider adding it

Fangliding commented 6 days ago

I think you can use policy based routing instead of xray's sockopt

XTLS / Xray-core