[Bug] Panic from Tun DNS server

comzyh commented 3 years ago

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x950d92]

goroutine 835 [running]:
github.com/Dreamacro/clash/proxy/tun.(*dnsEndpoint).HandleError(0xc000a92b40, 0xbcf8d8, 0xf64c98, 0xc0007c2280)
        <autogenerated>:1 +0x32
gvisor.dev/gvisor/pkg/tcpip/stack.(*endpointsByNIC).handleError(0xc000a92ba0, 0xc000ad8000, 0x36, 0xc0003140c4, 0x4, 0x3039, 0xc0003140c8, 0x4, 0xbcf8d8, 0xf64c98, ...)
        /home/comzyh/go/pkg/mod/github.com/comzyh/gvisor@v0.0.0-20210301140817-31d323141418/pkg/tcpip/stack/transport_demuxer.go:202 +0x122
gvisor.dev/gvisor/pkg/tcpip/stack.(*transportDemuxer).deliverError(0xc000302fc0, 0xc000ad8000, 0x1100000800, 0xbcf8d8, 0xf64c98, 0xc0007c2280, 0x36, 0xc0003140c4, 0x4, 0x3039, ...)
        /home/comzyh/go/pkg/mod/github.com/comzyh/gvisor@v0.0.0-20210301140817-31d323141418/pkg/tcpip/stack/transport_demuxer.go:621 +0x13f
gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).DeliverTransportError(0xc000ad8000, 0xc0003140c4, 0x4, 0xc0003140c8, 0x4, 0x1100000800, 0xbcf8d8, 0xf64c98, 0xc0007c2280)
        /home/comzyh/go/pkg/mod/github.com/comzyh/gvisor@v0.0.0-20210301140817-31d323141418/pkg/tcpip/stack/nic.go:895 +0x1dc
gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).handleControl(0xc0002b0c00, 0xbcf8d8, 0xf64c98, 0xc0007c2280)
        /home/comzyh/go/pkg/mod/github.com/comzyh/gvisor@v0.0.0-20210301140817-31d323141418/pkg/tcpip/network/ipv4/icmp.go:169 +0x30a
gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).handleICMP(0xc0002b0c00, 0xc0007c2280)
        /home/comzyh/go/pkg/mod/github.com/comzyh/gvisor@v0.0.0-20210301140817-31d323141418/pkg/tcpip/network/ipv4/icmp.go:342 +0x4d0
gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).handlePacket(0xc0002b0c00, 0xc0007c2280)
        /home/comzyh/go/pkg/mod/github.com/comzyh/gvisor@v0.0.0-20210301140817-31d323141418/pkg/tcpip/network/ipv4/ipv4.go:845 +0xbe5
gvisor.dev/gvisor/pkg/tcpip/network/ipv4.(*endpoint).HandlePacket(0xc0002b0c00, 0xc0007c2280)
        /home/comzyh/go/pkg/mod/github.com/comzyh/gvisor@v0.0.0-20210301140817-31d323141418/pkg/tcpip/network/ipv4/ipv4.go:665 +0x117
gvisor.dev/gvisor/pkg/tcpip/stack.(*nic).DeliverNetworkPacket(0xc000ad8000, 0x0, 0x0, 0x0, 0x0, 0x800, 0xc0007c2280)
        /home/comzyh/go/pkg/mod/github.com/comzyh/gvisor@v0.0.0-20210301140817-31d323141418/pkg/tcpip/stack/nic.go:768 +0x268
gvisor.dev/gvisor/pkg/tcpip/link/channel.(*Endpoint).InjectLinkAddr(...)
        /home/comzyh/go/pkg/mod/github.com/comzyh/gvisor@v0.0.0-20210301140817-31d323141418/pkg/tcpip/link/channel/channel.go:190
gvisor.dev/gvisor/pkg/tcpip/link/channel.(*Endpoint).InjectInbound(...)
        /home/comzyh/go/pkg/mod/github.com/comzyh/gvisor@v0.0.0-20210301140817-31d323141418/pkg/tcpip/link/channel/channel.go:185
github.com/Dreamacro/clash/proxy/tun/dev.(*tunLinux).AsLinkEndpoint.func1(0x2328, 0xc0002f8900, 0xc000392340)
        /home/comzyh/Project/clash/proxy/tun/dev/dev_linux.go:106 +0x16e
created by github.com/Dreamacro/clash/proxy/tun/dev.(*tunLinux).AsLinkEndpoint
        /home/comzyh/Project/clash/proxy/tun/dev/dev_linux.go:88 +0x145
exit status 2

For some reason, when a client send a UDP DNS request to tun-dns, the response can not reach the client and tun-dns will get an icmp reply indicate an error has occured.

But HandleError is not implimented by dnsEndpoint.

comzyh commented 3 years ago

This issue can be reproduced by using nping and let OS replay a ICMP dst unreachable back to TUN

sudo nping --udp  -S 1.1.1.1 -g 54 -p 12345 172.18.217.118

1.1.1.1:54 is Tun dns endpoint, and 172.18.217.118:12345 is a radom unreachable endpoint. OS will replay unreachable to 1.1.1.1:54 which will be handled by clash tun

comzyh commented 3 years ago

Fixed in https://github.com/comzyh/clash/commit/f0dcb4a461998af57cc0ce4478ba168078e481e8

comzyh / clash

[Bug] Panic from Tun DNS server #12