rampageX
commented
9 years ago 又试了下在Ubuntu上交叉编译,无需修改什么直接编译成功,但是放路由上运行后,还是一查询就退出,退出信息和上面一样。
Closed rampageX closed 9 years ago
rampageX
commented
9 years ago 又试了下在Ubuntu上交叉编译,无需修改什么直接编译成功,但是放路由上运行后,还是一查询就退出,退出信息和上面一样。
rampageX
commented
9 years ago 上面是 mipsel 芯片的,toolchian 比较老,,我又试了下在比较新的 arm 下编译,现在是这么个提示了: [tomatoware][netgear:/tmp/mnt/data/compile/sans]$ ./src/sans -c ./src/sans.conf -v [15-05-14 09:29:15] starting sans at 192.168.1.1:5300 [15-05-14 09:29:24] query www.163.com [15-05-14 09:29:31] query 163.com ./src/sans: dname.c: 134: dname_dup: Assertion `p->magic == 0x616e6f72' failed. Aborted
带 www 前缀的“干净”域名可以解析,比如 www.163.com ,但是一旦改成查询 163.com,就出错了; 查询被污染域名则直接退出,提示同上。
puxxustc
commented
9 years ago 前一段时间实习很忙,一直没进展,计划过几天进行大的修改,欢迎月底再试试。
rampageX
commented
9 years ago 好的,期待!
puxxustc
commented
9 years ago @rampageX refactor 分支是目前重构后的代码,不再需要 libev,后续会继续改进,目前应该可用。
rampageX
commented
9 years ago @XiaoxiaoPu 我去试试先!
rampageX
commented
9 years ago 没有被wall的站点查询正常,被wall的站点可以识别出来,但是查询失败,失败后之后的查询都失效:
[tomatoware][asus:/tmp/mnt/data/compile/sans/src]$ ./sans -c ./sans.conf -v [15-05-30 22:03:46] starting sans at 192.168.2.1:5300 [15-05-30 22:03:59] query [46526] [A] [qq.com] [15-05-30 22:03:59] detect [qq.com] [15-05-30 22:03:59] [qq.com] is not blocked [15-05-30 22:03:59] reply [12263] [A] [qq.com] [15-05-30 22:04:08] query [409] [A] [163.com] [15-05-30 22:04:08] detect [163.com] [15-05-30 22:04:09] [163.com] is not blocked [15-05-30 22:04:09] reply [12269] [A] [163.com] [15-05-30 22:04:18] query [37305] [A] [www.163.com] [15-05-30 22:04:18] detect [www.163.com] [15-05-30 22:04:19] [www.163.com] is not blocked [15-05-30 22:04:19] reply [21190] [CNAME] [www.163.com] [15-05-30 22:04:34] query [6822] [A] [google.com] [15-05-30 22:04:34] detect [google.com] [15-05-30 22:04:34] [google.com] is not blocked [15-05-30 22:04:34] reply [23679] [A] [google.com] [15-05-30 22:04:40] query [6188] [A] [twitter.com] [15-05-30 22:04:40] detect [twitter.com] [15-05-30 22:04:40] [twitter.com] is blocked [15-05-30 22:04:40] recv: Resource temporarily unavailable
测试了不少域名,发现程序对是否 blocked 的判断还是很准也快的,目前就是转发给 socks5 服务器有点问题? 能否先提供一个备用功能,就是发现被 block 后能转向一个可配置的 dns 服务器查询(目前非标端口的 dns 服务器还没被污染,比如:208.67.222.222:5353,比如本地建立的 dnscrypt-proxy 加密服务器等) 我觉得如果你的这个判定域名是否被 blocked 的功能如果不依靠任何列表的话,实用价值已经很大了,至于之后是转什么方式查询并不重要。
puxxustc
commented
9 years ago @rampageX 配置中共有三个 server。test_server 用于判断域名是否 blocked,可以是任意国外 dns 服务器,但必须是 53 端口,不然会影响判断。cn_server 用于查询未被 block 的域名,查询方式是 UDP。server 用于查询被 block 的域名,如果配置了 socks5 代理,那么会通过 socks5 查询,如果不配置 socks5 代理,那么会通过 TCP 查询。 socks5 还没进行测试,可能有 bug,暂时可以先不配置 socks5 代理。
rampageX
commented
9 years ago @XiaoxiaoPu 嗯,我去掉 socks5 代理,已经用起来了!前端有个 dnsmasq 做缓存,用一阵子看看效果!
puxxustc
commented
9 years ago @rampageX 已修复 socks5 的 bug
rampageX
commented
9 years ago @XiaoxiaoPu 在公司测试新版:
./src/sans -c ./src/sans.conf -v [15-06-01 11:41:38] starting sans at 0.0.0.0:5300 [15-06-01 11:41:59] query [44704] [A] [qq.com] [15-06-01 11:41:59] detect [qq.com] [15-06-01 11:41:59] [qq.com] is not blocked [15-06-01 11:41:59] reply [46669] [A] [qq.com] [15-06-01 11:42:09] query [58910] [A] [twitter.com] [15-06-01 11:42:09] detect [twitter.com] [15-06-01 11:42:09] [twitter.com] is not blocked [15-06-01 11:42:09] reply [34632] [A] [twitter.com] [15-06-01 11:42:40] query [51399] [A] [twitter.com] [15-06-01 11:42:40] reply [62964] [A] [twitter.com] [15-06-01 11:42:48] query [10787] [A] [www.twitter.com] [15-06-01 11:42:48] detect [www.twitter.com] [15-06-01 11:42:48] [www.twitter.com] is not blocked [15-06-01 11:42:48] reply [6820] [A] [www.twitter.com] [15-06-01 11:43:03] query [36420] [A] [dropbox.com] [15-06-01 11:43:03] detect [dropbox.com] [15-06-01 11:43:03] [dropbox.com] is not blocked [15-06-01 11:43:03] reply [5305] [A] [dropbox.com] [15-06-01 11:43:30] query [65034] [A] [googlevideo.com] [15-06-01 11:43:30] detect [googlevideo.com] [15-06-01 11:43:30] [googlevideo.com] is not blocked [15-06-01 11:43:30] reply [41756] [A] [googlevideo.com] [15-06-01 11:43:45] query [36850] [A] [googlevideo.com] [15-06-01 11:43:45] reply [44225] [A] [googlevideo.com] [15-06-01 11:44:23] query [40175] [A] [facebook.com] [15-06-01 11:44:23] detect [facebook.com] [15-06-01 11:44:23] [facebook.com] is not blocked [15-06-01 11:44:23] reply [56850] [A] [facebook.com]
我在公司的移动线路上发现和家里的电信线路表现不一样,在家里时:
[optware][asus:/opt/sbin]$ dig @8.8.8.8 twitter.com soa +short 78.16.49.15
[optware][asus:/opt/sbin]$ dig @8.8.8.8 qq.com soa +short ns1.qq.com. webmaster.qq.com. 1330914143 3600 300 86400 300
这个是符合你程序判断逻辑的;
而在公司线路: C:\Users\WareZ λ dig @8.8.8.8 twitter.com soa +short
C:\Users\WareZ λ dig @8.8.8.8 qq.com soa +short ns1.qq.com. webmaster.qq.com. 1330914143 3600 300 86400 300
被污染的域名只是返回空值;完整的信息是:
dig @8.8.8.8 twitter.com soa
; <<>> DiG 9.7.3 <<>> @8.8.8.8 twitter.com soa ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57954 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 6
;; QUESTION SECTION: ;twitter.com. IN SOA
;; ANSWER SECTION: twitter.com. 30 IN SOA ns1.p26.dynect.net. zone-admin.dyndns.com. 2007121341 3600 600 604800 60
;; AUTHORITY SECTION: twitter.com. 86400 IN NS ns2.p34.dynect.net. twitter.com. 86400 IN NS ns3.p34.dynect.net. twitter.com. 86400 IN NS ns4.p34.dynect.net. twitter.com. 86400 IN NS ns1.p34.dynect.net.
;; ADDITIONAL SECTION: ns1.p34.dynect.net. 57324 IN A 208.78.70.34 ns1.p34.dynect.net. 220 IN AAAA 2001:500:90:1::34 ns2.p34.dynect.net. 57324 IN A 204.13.250.34 ns3.p34.dynect.net. 57324 IN A 208.78.71.34 ns3.p34.dynect.net. 220 IN AAAA 2001:500:94:1::34 ns4.p34.dynect.net. 57324 IN A 204.13.251.34
;; Query time: 37 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Jun 01 12:02:31 2015 ;; MSG SIZE rcvd: 297
dig @208.67.222.222 -p 5353 twitter.com soa
; <<>> DiG 9.7.3 <<>> @208.67.222.222 -p 5353 twitter.com soa ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26270 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;twitter.com. IN SOA
;; ANSWER SECTION: twitter.com. 24 IN SOA ns1.p26.dynect.net. zone-admin.dyndns.com. 2007121341 3600 600 604800 60
;; Query time: 16 msec ;; SERVER: 208.67.222.222#5353(208.67.222.222) ;; WHEN: Mon Jun 01 12:03:22 2015 ;; MSG SIZE rcvd: 101
puxxustc
commented
9 years ago @rampageX 你公司网络中是否配置了自动翻墙或者对 8.8.8.8 配置了代理?
rampageX
commented
9 years ago 出问题的线路前面有个防火墙,应该是海蜘蛛什么的,自动翻墙肯定没有配备;我又用单独的一条移动光纤(路由直连,没有任何前置设备)试了下是没问题的,难道海蜘蛛里面有什么设置?!
不正常的线路:(为了证实不是8.8.8.8的问题我换了个台湾的DNS) $ nslookup -querytype=SOA twitter.com 168.95.1.1 服务器: dns.hinet.net Address: 168.95.1.1
非权威应答: twitter.com primary name server = ns1.p26.dynect.net responsible mail addr = zone-admin.dyndns.com serial = 2007121341 refresh = 3600 (1 hour) retry = 600 (10 mins) expire = 604800 (7 days) default TTL = 60 (1 min)
twitter.com nameserver = ns4.p34.dynect.net twitter.com nameserver = ns1.p34.dynect.net twitter.com nameserver = ns2.p34.dynect.net twitter.com nameserver = ns3.p34.dynect.net ns1.p34.dynect.net internet address = 208.78.70.34 ns2.p34.dynect.net internet address = 204.13.250.34 ns3.p34.dynect.net internet address = 208.78.71.34 ns4.p34.dynect.net internet address = 204.13.251.34
正常的线路: $ nslookup -querytype=SOA twitter.com 168.95.1.1 服务器: dns.hinet.net Address: 168.95.1.1
非权威应答: twitter.com internet address = 78.16.49.15
puxxustc
commented
9 years ago @rampageX 看样子似乎你公司的线路对 DNS 做了代理,这应该不是 sans 的问题。
rampageX
commented
9 years ago @XiaoxiaoPu 嗯,家里用很正常,先不管了!
puxxustc
commented
9 years ago @rampageX 那我就关闭 issue 了,再有问题就重新打开。另外 refactor 分支变为新的 master 分支,原 master 分支丢弃。
可以建立监听,但是一查询就退出: [tomatoware][asus:/tmp/mnt/data/compile/sans]$ ./src/sans -c ./src/sans.conf -v [15-05-14 01:40:25] starting sans at 192.168.2.1:5300 ./src/sans: dnsmsg.c: 108: query_udp_recv_cb: Assertion 'ctx->data != 0' failed. Aborted
编译过程中出现过 ev.c 相关错误: undefined reference to 'epoll_create1' undefined reference to 'epoll_create1'
这个错误在我编译shadowsocks的时候也出现过,我就用相同的方法修改了 config.h 里面的:
define HAVE_EPOLL_CTL 0
define HAVE_INOTIFY_INIT 0
这样能成功编译,也能运行,就是一查询就退出。