search

juewuy / ShellCrash

Run sing-box/mihomo as client in shell
8.62k stars 1.44k forks source link

[Bug] 小米设备开启Tun无法使用本地局域网的代理集 #667

Closed mphin closed 3 months ago

mphin commented 3 months ago

Verify steps

Description

用Redir模式就正常,只要开启混合模式和Tun模式,内核本身无法更新搭建的本地局域网订阅http://192.168.10.2:3001

[warning]   [TCP] dial 🎯 全球直连 (match GeoIP/lan) mihomo --> 192.168.10.2:3001 error: connect failed: dial tcp 192.168.10.2:3001: i/o timeout

同时入站的代理端口也无法连接到局域网,均timeout 本机用curl和wget是能正常获取文件的,确定两者通信肯定没问题的,仅仅内核本身无法连接。

已尝试: 1.将ShellCrash安装在其他设备,在小米ax3600和小米ax5400上均不行,唯一在旁路由的N1上是正常的。 2.更换其他版本meta v1.18.5和 meta v1.18.1均不行。 3.更换其他版本ShellCrash稳定版和开发版均不行。 4.尝试裸核运行貌似也是不行(不依靠ShellCrash尝试手动运行/tmp/ShellCrash/CrashCore -d /overlay/ShellCrash -f /tmp/ShellCrash/config.yaml)

我不清楚这是小米Tun问题还是内核配置问题?希望大佬能看看。

Debug日志(去除了部分DNS和健康检查日志):

time="2024-06-16T07:29:49.75474294Z" level=info msg="Start initial configuration in progress"
time="2024-06-16T07:29:49.757636084Z" level=info msg="Geodata Loader mode: memconservative"
time="2024-06-16T07:29:49.757779145Z" level=info msg="Geosite Matcher implementation: succinct"
time="2024-06-16T07:29:49.761363272Z" level=info msg="Initial configuration complete, total time: 6ms"
time="2024-06-16T07:29:49.762482033Z" level=info msg="RESTful API listening at: [::]:9999"
time="2024-06-16T07:29:49.802598994Z" level=info msg="Authentication of local server updated"
time="2024-06-16T07:29:49.802766897Z" level=info msg="Sniffer is loaded and working"
time="2024-06-16T07:29:49.80297589Z" level=info msg="Use routing mark: 0x1ed6"
time="2024-06-16T07:29:49.803674217Z" level=info msg="DNS server listening at: [::]:1053"
time="2024-06-16T07:29:49.80414475Z" level=info msg="Redirect proxy listening at: [::]:7892"
time="2024-06-16T07:29:49.804435507Z" level=info msg="TProxy server listening at: [::]:7893"
time="2024-06-16T07:29:49.804618252Z" level=info msg="Mixed(http+socks) proxy listening at: [::]:1002"
time="2024-06-16T07:29:49.812717315Z" level=warning msg="[TUN] default interface changed by monitor,  => pppoe-wan"
time="2024-06-16T07:29:49.834856091Z" level=info msg="[TUN] Tun adapter listening at: utun([198.18.0.1/30],[]), mtu: 9000, auto route: false, ip stack: System"
time="2024-06-16T07:29:49.83522632Z" level=info msg="Start initial provider test"
time="2024-06-16T07:29:49.868686545Z" level=info msg="Start initial Compatible provider 🚀 节点选择"
time="2024-06-16T07:29:49.868932879Z" level=info msg="Start initial Compatible provider 🎯 全球直连"
time="2024-06-16T07:29:49.869524913Z" level=info msg="Start initial Compatible provider 🐟 漏网之鱼"
time="2024-06-16T07:29:49.869638497Z" level=info msg="Start initial Compatible provider default"
time="2024-06-16T07:29:49.870086428Z" level=debug msg="[DNS] doh.pub --> [120.53.53.53 1.12.12.12] A from udp://223.5.5.5:53"
time="2024-06-16T07:29:49.875326511Z" level=debug msg="[DNS] doh.pub --> [] AAAA from udp://223.5.5.5:53"
time="2024-06-16T07:29:49.875919535Z" level=debug msg="[DNS] dns.rubyfish.cn --> [] AAAA from udp://223.5.5.5:53"
time="2024-06-16T07:29:49.894300916Z" level=debug msg="[DNS] doh.pub --> [] AAAA from udp://114.114.114.114:53"
time="2024-06-16T07:29:49.895724755Z" level=debug msg="[DNS] dns.rubyfish.cn --> [] AAAA from udp://114.114.114.114:53"
time="2024-06-16T07:29:49.937935499Z" level=info msg="Load MMDB file: /overlay/ShellCrash/Country.mmdb"
time="2024-06-16T07:29:50.228304936Z" level=debug msg="Health Checked, proxy: 香港3|淘气兔, url: https://www.gstatic.com/generate_204, alive: true, delay: 368 ms uid: {450ce0ce-8384-44da-af9e-4de50734f0dd}"
time="2024-06-16T07:29:50.228563717Z" level=debug msg="Health Checking, proxy: 香港 10|淘气兔, url: https://www.gstatic.com/generate_204, id: {450ce0ce-8384-44da-af9e-4de50734f0dd}"
time="2024-06-16T07:29:54.863868987Z" level=debug msg="re-creating the http client due to requesting https://doh.opendns.com:443/dns-query?dns=AAABAAABAAAAAAAABGhrMDMHNTFmZWl0dQNjb20AABwAAQ: Get \"https://doh.opendns.com:443/dns-query?dns=AAABAAABAAAAAAAABGhrMDMHNTFmZWl0dQNjb20AABwAAQ\": context deadline exceeded"
time="2024-06-16T07:29:54.864259371Z" level=debug msg="[https://doh.opendns.com:443/dns-query?dns=AAABAAABAAAAAAAABHR0MDMHNTFmZWl0dQNjb20AABwAAQ] using HTTP/2 for this upstream: <nil>"
time="2024-06-16T07:29:54.865027173Z" level=debug msg="re-creating the http client due to requesting https://doh.opendns.com:443/dns-query?dns=AAABAAABAAAAAAAABGhrMDUHNTFmZWl0dQNjb20AABwAAQ: Get \"https://doh.opendns.com:443/dns-query?dns=AAABAAABAAAAAAAABGhrMDUHNTFmZWl0dQNjb20AABwAAQ\": context deadline exceeded"
time="2024-06-16T07:29:54.866019539Z" level=warning msg="[TCP] dial 🎯 全球直连 (match GeoIP/lan) mihomo --> 192.168.10.2:3001 error: connect failed: dial tcp 192.168.10.2:3001: i/o timeout"
time="2024-06-16T07:29:54.866205982Z" level=debug msg="[DNS] resolve hk08.51feitu.com from https://doh.opendns.com:443/dns-query"
time="2024-06-16T07:29:54.866254207Z" level=debug msg="[https://doh.opendns.com:443/dns-query?dns=AAABAAABAAAAAAAABGhrMDUHNTFmZWl0dQNjb20AABwAAQ] using HTTP/2 for this upstream: <nil>"
time="2024-06-16T07:29:54.863527817Z" level=debug msg="re-creating the http client due to requesting https://1.0.0.1:443/dns-query?dns=AAABAAABAAAAAAAABGhrMDUHNTFmZWl0dQNjb20AABwAAQ: Get \"https://1.0.0.1:443/dns-query?dns=AAABAAABAAAAAAAABGhrMDUHNTFmZWl0dQNjb20AABwAAQ\": context deadline exceeded"
time="2024-06-16T07:29:54.864483311Z" level=debug msg="[DNS] resolve hk09.51feitu.com from https://doh.opendns.com:443/dns-query"
time="2024-06-16T07:29:54.866265248Z" level=warning msg="[TCP] dial 🎯 全球直连 (match GeoIP/lan) mihomo --> 192.168.10.2:3001 error: connect failed: dial tcp 192.168.10.2:3001: i/o timeout"

config.yaml:

mixed-port: 1002
redir-port: 7892
tproxy-port: 7893
authentication: ["root:admin"]
allow-lan: true
mode: Rule
log-level: info
ipv6: true
external-controller: :9999
external-ui: ui
secret: admin
tun: {enable: true, stack: system, device: utun, auto-route: false}
experimental: {ignore-resolve-fail: true, interface-name: en0}
sniffer: {enable: true, parse-pure-ip: true, skip-domain: [Mijia Cloud], sniff: {tls: {ports: [443, 8443]}, http: {ports: [80, 8080-8880]}}}
find-process-mode: "off"
routing-mark: 7894
dns:
  enable: true
  listen: :1053
  use-hosts: true
  ipv6: false
  default-nameserver:
    - 114.114.114.114
    - 223.5.5.5
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  fake-ip-filter:
    - '+.*'
  nameserver: [https://223.5.5.5/dns-query, https://doh.pub/dns-query, tls://dns.rubyfish.cn:853]
  fallback: [https://1.0.0.1/dns-query, https://8.8.4.4/dns-query, https://doh.opendns.com/dns-query]
  fallback-filter:
    geoip: true
    domain:
      - '+.bing.com'
      - '+.linkedin.com'
hosts:
   'time.android.com': 203.107.6.88
   'time.facebook.com': 203.107.6.88  
proxy-groups:
  - {name: 🚀 节点选择, type: select, proxies: [test, 📺 省流节点, 👍 高级节点], use: [test]}
  - {name: 🐟 漏网之鱼, type: select, proxies: [🚀 节点选择, DIRECT]}
  - {name: 🎯 全球直连, type: select, proxies: [DIRECT, 🚀 节点选择]}
  - {name: 📺 省流节点, type: url-test, tolerance: 100, lazy: true, use: [test], filter: "(0.[1-5]|低倍率|省流|大流量)"}
  - {name: 👍 高级节点, type: url-test, tolerance: 100, lazy: true, use: [test], filter: "(专线|专用|高级|直连|急速|高倍率|游戏|game|Game|GAME|IEPL|IPLC|AIA|CTM|CC|iepl|iplc|aia|ctm|cc|AC)"}
  - {name: test, type: url-test, tolerance: 100, lazy: true, use: [test]}
proxy-providers:
  test:
    type: http
    url: "http://192.168.10.2:3001/download/tqt?target=ClashMeta"
    path: "./providers/test.yaml"
    interval: 43200
    health-check:
      enable: true
      lazy: true
      url: "https://www.gstatic.com/generate_204"
      interval: 600
    override:
      udp: true
      skip-cert-verify: true
rules:
 - GEOIP,lan,🎯 全球直连,no-resolve
 - GEOIP,cn,🎯 全球直连
 - MATCH,🐟 漏网之鱼

ShellCrash相关路由规则:

----------------Redir+DNS---------------------
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    shellcrash  tcp  --  anywhere             anywhere             multiport dports ssh,domain,www,ntp,imap2,194,https,ssmtp,submission,853,imaps,pop3s,xmpp-client,8080,8443
2    prerouting_rule  all  --  anywhere             anywhere             /* !fw3: Custom prerouting rule chain */
3    zone_lan_prerouting  all  --  anywhere             anywhere             /* !fw3 */
4    zone_wan_prerouting  all  --  anywhere             anywhere             /* !fw3 */
iptables: No chain/target/match by that name.
Chain shellcrash (1 references)
num  target     prot opt source               destination
1    RETURN     all  --  anywhere             anywhere             mark match 0x1ed6
2    RETURN     all  --  anywhere             192.168.10.0/24
3    RETURN     all  --  anywhere             0.0.0.0/8
4    RETURN     all  --  anywhere             10.0.0.0/8
5    RETURN     all  --  anywhere             127.0.0.0/8
6    RETURN     all  --  anywhere             100.64.0.0/10
7    RETURN     all  --  anywhere             169.254.0.0/16
8    RETURN     all  --  anywhere             172.16.0.0/12
9    RETURN     all  --  anywhere             192.168.0.0/16
10   RETURN     all  --  anywhere             base-address.mcast.net/4
11   RETURN     all  --  anywhere             240.0.0.0/4
12   RETURN     all  --  anywhere             anywhere             match-set cn_ip dst
13   RETURN     all  --  anywhere             anywhere             MAC 78:11:DC:51:1E:D3
14   RETURN     all  --  anywhere             anywhere             MAC CC:B5:D1:07:A1:70
15   RETURN     all  --  anywhere             anywhere             MAC 34:CE:00:8A:9D:7E
16   RETURN     all  --  anywhere             anywhere             MAC 28:6C:07:70:7C:94
17   RETURN     all  --  anywhere             anywhere             MAC 78:11:DC:B6:90:1F
18   RETURN     all  --  anywhere             anywhere             MAC B0:D5:9D:E7:95:78
19   RETURN     all  --  anywhere             anywhere             MAC B0:D5:9D:D6:E2:21
20   RETURN     all  --  anywhere             anywhere             MAC C0:E7:3E:CF:3F:3B
21   RETURN     all  --  anywhere             anywhere             MAC C0:E7:3E:CF:4E:4F
22   RETURN     all  --  anywhere             anywhere             MAC 10:9E:3A:E1:73:DB
23   RETURN     all  --  anywhere             anywhere             MAC B2:F2:1E:51:C1:BB
24   RETURN     all  --  anywhere             anywhere             MAC 66:D8:60:C6:1A:0B
25   RETURN     all  --  anywhere             anywhere             MAC 02:42:C0:A8:01:02
26   RETURN     all  --  anywhere             anywhere             MAC 28:6C:07:17:13:B9
27   RETURN     all  --  anywhere             anywhere             MAC 7C:49:EB:C4:87:BA
28   RETURN     all  --  anywhere             anywhere             MAC 34:CE:00:E9:8D:1B
29   RETURN     all  --  anywhere             anywhere             MAC C0:E7:3E:A4:CF:4D
30   REDIRECT   tcp  --  192.168.10.0/24      anywhere             redir ports 7892
----------------Tun/Tproxy-------------------
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    shellcrash_mark  udp  --  anywhere             anywhere             multiport dports ssh,domain,80,ntp,imap2,194,https,465,submission,853,imaps,pop3s,xmpp-client,8080,8443
Chain shellcrash_mark (1 references)
num  target     prot opt source               destination
1    RETURN     all  --  anywhere             anywhere             mark match 0x1ed6
2    RETURN     all  --  anywhere             192.168.10.0/24
3    RETURN     all  --  anywhere             0.0.0.0/8
4    RETURN     all  --  anywhere             10.0.0.0/8
5    RETURN     all  --  anywhere             127.0.0.0/8
6    RETURN     all  --  anywhere             100.64.0.0/10
7    RETURN     all  --  anywhere             169.254.0.0/16
8    RETURN     all  --  anywhere             172.16.0.0/12
9    RETURN     all  --  anywhere             192.168.0.0/16
10   RETURN     all  --  anywhere             base-address.mcast.net/4
11   RETURN     all  --  anywhere             240.0.0.0/4
12   RETURN     all  --  anywhere             anywhere             match-set cn_ip dst
13   RETURN     all  --  anywhere             anywhere             MAC 78:11:DC:51:1E:D3
14   RETURN     all  --  anywhere             anywhere             MAC CC:B5:D1:07:A1:70
15   RETURN     all  --  anywhere             anywhere             MAC 34:CE:00:8A:9D:7E
16   RETURN     all  --  anywhere             anywhere             MAC 28:6C:07:70:7C:94
17   RETURN     all  --  anywhere             anywhere             MAC 78:11:DC:B6:90:1F
18   RETURN     all  --  anywhere             anywhere             MAC B0:D5:9D:E7:95:78
19   RETURN     all  --  anywhere             anywhere             MAC B0:D5:9D:D6:E2:21
20   RETURN     all  --  anywhere             anywhere             MAC C0:E7:3E:CF:3F:3B
21   RETURN     all  --  anywhere             anywhere             MAC C0:E7:3E:CF:4E:4F
22   RETURN     all  --  anywhere             anywhere             MAC 10:9E:3A:E1:73:DB
23   RETURN     all  --  anywhere             anywhere             MAC B2:F2:1E:51:C1:BB
24   RETURN     all  --  anywhere             anywhere             MAC 66:D8:60:C6:1A:0B
25   RETURN     all  --  anywhere             anywhere             MAC 02:42:C0:A8:01:02
26   RETURN     all  --  anywhere             anywhere             MAC 28:6C:07:17:13:B9
27   RETURN     all  --  anywhere             anywhere             MAC 7C:49:EB:C4:87:BA
28   RETURN     all  --  anywhere             anywhere             MAC 34:CE:00:E9:8D:1B
29   RETURN     all  --  anywhere             anywhere             MAC C0:E7:3E:A4:CF:4D
30   MARK       udp  --  192.168.10.0/24      anywhere             MARK set 0x1ed4

ip route:

root@XiaoQiang:~# ip route
default via 14.155.xxx.x dev pppoe-wan proto static
default via 14.155.xxx.x dev pppoe-wan metric 50
14.155.xxx.x dev pppoe-wan proto kernel scope link src 14.155.xxx.xxx
172.31.1.0/24 via 192.168.10.2 dev br-lan
192.168.2.0/24 via 192.168.10.2 dev br-lan
192.168.10.0/24 dev br-lan proto kernel scope link src 192.168.10.1
192.168.32.0/24 dev br-miot proto kernel scope link src 192.168.32.1
198.18.0.0/30 dev utun proto kernel scope link src 198.18.0.1
juewuy commented 3 months ago

不确定,疑似内核方面存在bug

mphin commented 3 months ago

不确定,疑似内核方面存在bug

解决了,在mihomo提了个issues,得到答复使用的接口是否可以访问这个地址?,发现小米路由下开启tun后,日志有这一条: warning msg="[TUN] default interface changed by monitor, => pppoe-wan" 后来翻阅mihomo文档发现有个参数auto-detect-interface: true自动选择流量出口接口,所以这下解释的通了,接口pppoe-wan无法访问局域网,默认参数应该是开启的,导致自动选择了pppoe-wan出口接口不对,导致连不上内网。 auto-detect-interface: false 然后我把这个参数改为'false',日志也没有这个warning错误了,测试现在ax3600和ax5400公网socks5可以正常访问局域网了,并且也可以正常使用本地局域网的代理集了。

希望大佬在ShellCrash上开启Tun后增加针对小米路由(不清楚其他品牌的路由是否有这情况)的meta内核配置文件额外处理

小米路由开启Tun后原配置文件的Tun项: tun: {enable: true, stack: system, device: utun, auto-route: false} 增加'auto-detect-interface: false' 即: tun: {enable: true, stack: system, device: utun, auto-route: false, auto-detect-interface: false}

juewuy commented 3 months ago

https://github.com/juewuy/ShellCrash/commit/792edb67a46c59a43dd8a73603a6520c37e39e60