search

nadoo / glider

glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).
GNU General Public License v3.0
3.07k stars 418 forks source link

[BUG] TPROXY fails with IPv6 and REDIR takes a long time to connect when binding to an interface #410

Closed przemyslaw0 closed 3 weeks ago

przemyslaw0 commented 3 months ago

Somewhat easy to test.

First I assure a additional table for interface with IPv6 with a default route:

ip -6 route show table unspec dev tun0 | while read line; do
  ip -6 route add ${line} dev tun0 table 11
done
ip -6 route add default dev tun0 table 11

When binding to an interface with IPv6 connectivity, UDP IPv6 address doesn't connect:

$ time dig @2606:4700:4700::1111 goo.gl
;; communications error to 2606:4700:4700::1111#53: timed out
;; communications error to 2606:4700:4700::1111#53: timed out
;; communications error to 2606:4700:4700::1111#53: timed out

; <<>> DiG 9.19.21-1+b1-Debian <<>> @2606:4700:4700::1111 goo.gl
; (1 server found)
;; global options: +cmd
;; no servers could be reached

real    0m15.034s
user    0m0.005s
sys 0m0.005s

TCP connect, but takes a long time with IPv6:

$ time dig +tcp @2606:4700:4700::1111 goo.gl
;; Connection to 2606:4700:4700::1111#53(2606:4700:4700::1111) for goo.gl failed: timed out.
;; no servers could be reached

; <<>> DiG 9.19.21-1+b1-Debian <<>> +tcp @2606:4700:4700::1111 goo.gl
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29346
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;goo.gl.                IN  A

;; ANSWER SECTION:
goo.gl.         83  IN  A   172.217.0.174

;; Query time: 307 msec
;; SERVER: 2606:4700:4700::1111#53(2606:4700:4700::1111) (TCP)
;; WHEN: Wed Jun 05 14:56:10 EDT 2024
;; MSG SIZE  rcvd: 51

real    0m10.341s
user    0m0.008s
sys 0m0.005s

After TCP connects, even taking a hell long, UDP and TCP IPv6 works normally:

$ time dig @2606:4700:4700::1111 goo.gl

; <<>> DiG 9.19.21-1+b1-Debian <<>> @2606:4700:4700::1111 goo.gl
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16675
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;goo.gl.                IN  A

;; ANSWER SECTION:
goo.gl.         39  IN  A   142.250.190.110

;; Query time: 155 msec
;; SERVER: 2606:4700:4700::1111#53(2606:4700:4700::1111) (UDP)
;; WHEN: Wed Jun 05 14:56:22 EDT 2024
;; MSG SIZE  rcvd: 51

real    0m0.170s
user    0m0.009s
sys 0m0.003s
$ time dig +tcp @2606:4700:4700::1111 goo.gl

; <<>> DiG 9.19.21-1+b1-Debian <<>> +tcp @2606:4700:4700::1111 goo.gl
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18023
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;goo.gl.                IN  A

;; ANSWER SECTION:
goo.gl.         100 IN  A   142.250.191.238

;; Query time: 315 msec
;; SERVER: 2606:4700:4700::1111#53(2606:4700:4700::1111) (TCP)
;; WHEN: Wed Jun 05 14:56:25 EDT 2024
;; MSG SIZE  rcvd: 51

real    0m0.328s
user    0m0.007s
sys 0m0.004s

Here, Glider log:

# ip vrf exec vrf-Q1KRU6d1hA /usr/local/bn/glider -dialtimeout 999999 -relaytimeout 999999 -listen http://[10.0.0.1]:13128 -listen socks5://[10.0.0.1]:11080 -listen http://[fd00:1::1]:13128 -listen socks5://[fd00:1::1]:11080 -listen redir://[10.0.0.1]:10000 -listen redir6://[fd00:1::1]:10000 -listen tproxy://[10.0.0.1]:10001 -listen tproxy://[fd00:1::1]:10001 -interface=tun0 -verbose
2024/06/05 14:55:19 group.go:191: [group] main: only 1 forwarder found, disable health checking
2024/06/05 14:55:19 server.go:42: [socks5] listening TCP on [10.0.0.1]:11080
2024/06/05 14:55:19 server.go:78: [tproxyu] listening UDP on [10.0.0.1]:10001
2024/06/05 14:55:19 server.go:30: [http] listening TCP on [10.0.0.1]:13128
2024/06/05 14:55:19 server.go:111: [socks5] listening UDP on [10.0.0.1]:11080
2024/06/05 14:55:19 redir_linux.go:63: [redir] listening TCP on [10.0.0.1]:10000
2024/06/05 14:55:19 server.go:42: [socks5] listening TCP on [fd00:1::1]:11080
2024/06/05 14:55:19 server.go:78: [tproxyu] listening UDP on [fd00:1::1]:10001
2024/06/05 14:55:19 server.go:30: [http] listening TCP on [fd00:1::1]:13128
2024/06/05 14:55:19 server.go:111: [socks5] listening UDP on [fd00:1::1]:11080
2024/06/05 14:55:19 redir_linux.go:63: [redir] listening TCP on [fd00:1::1]:10000
2024/06/05 14:55:28 server.go:155: [tproxyu] [fd00:1::2289:2341:5a9:4c8b]:47551 <-> [2606:4700:4700::1111]:53 via DIRECT
2024/06/05 14:55:28 server.go:162: [tproxyu] writeTo [2606:4700:4700::1111]:53 error: write udp [::]:40644->[2606:4700:4700::1111]:53: sendto: network is unreachable
2024/06/05 14:55:33 server.go:155: [tproxyu] [fd00:1::2289:2341:5a9:4c8b]:41625 <-> [2606:4700:4700::1111]:53 via DIRECT
2024/06/05 14:55:33 server.go:162: [tproxyu] writeTo [2606:4700:4700::1111]:53 error: write udp [::]:58302->[2606:4700:4700::1111]:53: sendto: network is unreachable
2024/06/05 14:55:38 server.go:155: [tproxyu] [fd00:1::2289:2341:5a9:4c8b]:46485 <-> [2606:4700:4700::1111]:53 via DIRECT
2024/06/05 14:55:38 server.go:162: [tproxyu] writeTo [2606:4700:4700::1111]:53 error: write udp [::]:34722->[2606:4700:4700::1111]:53: sendto: network is unreachable
2024/06/05 14:56:09 redir_linux.go:107: [redir] [fd00:1::2289:2341:5a9:4c8b]:40279 <-> [2606:4700:4700::1111]:53 via DIRECT
2024/06/05 14:56:22 server.go:155: [tproxyu] [fd00:1::2289:2341:5a9:4c8b]:55512 <-> [2606:4700:4700::1111]:53 via DIRECT
2024/06/05 14:56:25 redir_linux.go:107: [redir] [fd00:1::2289:2341:5a9:4c8b]:43499 <-> [2606:4700:4700::1111]:53 via DIRECT
github-actions[bot] commented 3 weeks ago

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.