ACL 功能确实不管用，希望能解决一下，谢谢

crazy-william commented 8 years ago

为了能够访问路由器的网页，我把本地路由器的ip（192.168.3.1）加入了acl，但完全不管用。 acl文件是chnroute，借用了chinadns的，并在文件末尾加入了

172.16.0.0/16
192.168.0.0/16
127.0.0.0/16

对应代码：（最新的master）

 484                 if (verbose) {
 485                     LOGI("connect to %s:%s", host, port);
 486                 }             
 487 
 488                 if ((acl && (request->atyp == 1 || request->atyp == 4) && acl_match_ip(host))) {
 489                     if (verbose) {
 490                         LOGI("bypass %s:%s", host, port);   
 491                     }

命令行：（MAC OS上执行，通过homebrew安装） ss-local -c /Users/david/.shadowsocks/ss.json -l 1080 --acl /usr/local/share/chnroute.txt -v 结果如下：(bypass那句话没打印，并连接超时。而且很奇怪，为什么host是域名，那acl_match_ip必须匹配不上啊)

 2016-03-20 11:59:08 INFO: connect to www.googleapis.com:443
 2016-03-20 11:59:12 INFO: connect to www.google.com:443
 2016-03-20 11:59:12 INFO: connect to www.google.com:443
 2016-03-20 11:59:17 INFO: connect to safebrowsing.google.com:443
 2016-03-20 11:59:17 INFO: connect to ssl.gstatic.com:443
 2016-03-20 11:59:17 INFO: connect to lh3.googleusercontent.com:443
 2016-03-20 11:59:17 INFO: connect to safebrowsing-cache.google.com:443
 2016-03-20 11:59:17 INFO: connect to www.gstatic.com:443
 2016-03-20 11:59:18 INFO: connect to aqicn.org:80
 2016-03-20 11:59:18 INFO: connect to id.google.com:443
 2016-03-20 11:59:18 INFO: connect to clients5.google.com:443
 2016-03-20 11:59:18 INFO: connect to apis.google.com:443
 2016-03-20 11:59:18 INFO: connect to plus.google.com:443
 2016-03-20 11:59:23 INFO: connect to avatars2.githubusercontent.com:443
 2016-03-20 11:59:23 INFO: connect to avatars3.githubusercontent.com:443
 2016-03-20 11:59:23 INFO: connect to avatars2.githubusercontent.com:443
 2016-03-20 11:59:23 INFO: connect to avatars2.githubusercontent.com:443
 2016-03-20 11:59:23 INFO: connect to avatars0.githubusercontent.com:443
 2016-03-20 11:59:23 INFO: connect to avatars2.githubusercontent.com:443
 2016-03-20 11:59:23 INFO: connect to avatars2.githubusercontent.com:443
 2016-03-20 11:59:23 INFO: connect to avatars1.githubusercontent.com:443
 2016-03-20 11:59:23 INFO: connect to avatars2.githubusercontent.com:443
 2016-03-20 11:59:23 INFO: connect to avatars1.githubusercontent.com:443
 2016-03-20 11:59:23 INFO: connect to avatars1.githubusercontent.com:443
 2016-03-20 11:59:23 INFO: connect to avatars1.githubusercontent.com:443
 2016-03-20 11:59:23 INFO: connect to avatars0.githubusercontent.com:443
 2016-03-20 11:59:23 INFO: connect to collector.githubapp.com:443
 2016-03-20 11:59:23 INFO: connect to 192.168.3.1:80
 2016-03-20 11:59:23 INFO: connect to 192.168.3.1:80
 2016-03-20 11:59:23 INFO: connect to 192.168.3.1:80
 2016-03-20 11:59:23 INFO: connect to 192.168.3.1:80
 2016-03-20 11:59:25 INFO: connect to clients4.google.com:443
 2016-03-20 11:59:30 INFO: connect to i1.sinaimg.cn:80
 2016-03-20 11:59:30 INFO: connect to i1.sinaimg.cn:80
 2016-03-20 11:59:30 INFO: connect to i0.sinaimg.cn:80
 2016-03-20 11:59:30 INFO: connect to i0.sinaimg.cn:80
 2016-03-20 11:59:30 INFO: connect to i0.sinaimg.cn:80
 2016-03-20 11:59:30 INFO: connect to i1.sinaimg.cn:80
 2016-03-20 11:59:30 INFO: connect to news.sina.com.cn:80
 2016-03-20 11:59:30 INFO: connect to i2.sinaimg.cn:80
 2016-03-20 11:59:30 INFO: connect to i3.sinaimg.cn:80
 2016-03-20 11:59:30 INFO: connect to i2.sinaimg.cn:80
 2016-03-20 11:59:30 INFO: connect to i2.sinaimg.cn:80
 2016-03-20 11:59:30 INFO: connect to i3.sinaimg.cn:80
 2016-03-20 11:59:30 INFO: connect to i3.sinaimg.cn:80
 2016-03-20 11:59:31 INFO: connect to news.sina.com.cn:80
 2016-03-20 11:59:31 INFO: connect to news.sina.com.cn:80
 2016-03-20 11:59:31 INFO: connect to news.sina.com.cn:80
 2016-03-20 11:59:31 INFO: connect to int.dpool.sina.com.cn:80
 2016-03-20 11:59:31 INFO: connect to news.sina.com.cn:80
 2016-03-20 11:59:31 INFO: connect to ent.sina.com.cn:80
 2016-03-20 11:59:31 INFO: connect to news.sina.com.cn:80
 2016-03-20 11:59:31 INFO: connect to n.sinaimg.cn:80
 2016-03-20 11:59:33 INFO: connect to i.sso.sina.com.cn:80
 2016-03-20 11:59:33 INFO: connect to n.sinaimg.cn:80
 2016-03-20 11:59:33 INFO: connect to beacon.sina.com.cn:80
 2016-03-20 11:59:33 INFO: connect to beacon.sina.com.cn:80
 2016-03-20 11:59:33 INFO: connect to n.sinaimg.cn:80
 2016-03-20 11:59:33 INFO: connect to n.sinaimg.cn:80
 2016-03-20 11:59:33 INFO: connect to n.sinaimg.cn:80
 2016-03-20 11:59:33 INFO: connect to n.sinaimg.cn:80
 2016-03-20 11:59:33 INFO: connect to beacon.sina.com.cn:80
 2016-03-20 11:59:33 INFO: TCP connection timeout
 2016-03-20 11:59:33 INFO: connect to 192.168.3.1:80
 2016-03-20 11:59:33 INFO: connect to s.weibo.com:80
 2016-03-20 11:59:33 INFO: connect to bj.house.sina.com.cn:80
 2016-03-20 11:59:34 INFO: connect to top.book.sina.com.cn:80
 2016-03-20 11:59:34 INFO: connect to top.book.sina.com.cn:80
 2016-03-20 11:59:34 INFO: connect to open.weather.sina.com.cn:80
 2016-03-20 11:59:34 INFO: connect to top.news.sina.com.cn:80
 2016-03-20 11:59:34 INFO: connect to top.news.sina.com.cn:80
 2016-03-20 11:59:34 INFO: connect to top.news.sina.com.cn:80
 2016-03-20 11:59:34 INFO: connect to top.news.sina.com.cn:80
 2016-03-20 11:59:34 INFO: connect to top.news.sina.com.cn:80
 2016-03-20 11:59:34 INFO: connect to top.news.sina.com.cn:80
 2016-03-20 11:59:35 INFO: connect to hq.sinajs.cn:80
 2016-03-20 11:59:35 INFO: connect to top.news.sina.com.cn:80
 2016-03-20 11:59:35 INFO: connect to top.news.sina.com.cn:80
 2016-03-20 11:59:35 INFO: connect to top.news.sina.com.cn:80
 2016-03-20 11:59:35 INFO: connect to top.news.sina.com.cn:80
 2016-03-20 11:59:35 INFO: connect to top.news.sina.com.cn:80
 2016-03-20 11:59:35 INFO: connect to top.news.sina.com.cn:80
 2016-03-20 11:59:35 INFO: connect to top.finance.sina.com.cn:80
 2016-03-20 11:59:35 INFO: connect to image.sinajs.cn:80
 2016-03-20 11:59:35 INFO: connect to top.news.sina.com.cn:80
 2016-03-20 11:59:35 INFO: connect to top.edu.sina.com.cn:80
 2016-03-20 11:59:35 INFO: connect to image.sinajs.cn:80
 2016-03-20 11:59:35 INFO: connect to top.news.sina.com.cn:80
 2016-03-20 11:59:35 INFO: connect to top.news.sina.com.cn:80
 2016-03-20 11:59:35 INFO: connect to news.sina.com.cn:80
 2016-03-20 11:59:35 INFO: connect to sina.wrating.com:80
 2016-03-20 11:59:36 INFO: connect to i.sso.sina.com.cn:80
 2016-03-20 11:59:36 INFO: connect to clients1.google.com:443
 2016-03-20 11:59:36 INFO: connect to open.weather.sina.com.cn:80
 2016-03-20 11:59:36 INFO: connect to woocall.sina.com.cn:80
 2016-03-20 11:59:36 INFO: connect to woocall.sina.com.cn:80
 2016-03-20 11:59:38 INFO: connect to newspush.sinajs.cn:80
 2016-03-20 11:59:40 INFO: connect to n.sinaimg.cn:80
 2016-03-20 11:59:40 INFO: connect to www.sinaimg.cn:80
 2016-03-20 11:59:40 INFO: connect to www.sinaimg.cn:80
 2016-03-20 11:59:40 INFO: connect to www.sinaimg.cn:80
 2016-03-20 11:59:40 INFO: connect to www.sinaimg.cn:80
 2016-03-20 11:59:40 INFO: connect to n.sinaimg.cn:80
 2016-03-20 11:59:40 INFO: connect to www.sinaimg.cn:80
 2016-03-20 11:59:40 INFO: connect to www.sinaimg.cn:80
 2016-03-20 11:59:43 INFO: TCP connection timeout
 2016-03-20 11:59:43 INFO: TCP connection timeout
 2016-03-20 11:59:47 INFO: connect to i.sso.sina.com.cn:80
 2016-03-20 11:59:47 INFO: connect to i.sso.sina.com.cn:80
 2016-03-20 11:59:47 INFO: connect to i.sso.sina.com.cn:80
 2016-03-20 11:59:47 INFO: connect to i.sso.sina.com.cn:80
 2016-03-20 11:59:47 INFO: connect to i.sso.sina.com.cn:80
 2016-03-20 11:59:49 INFO: connect to login.sina.com.cn:80
 2016-03-20 11:59:50 INFO: connect to passport.weibo.com:443
 2016-03-20 11:59:51 INFO: connect to rm.api.weibo.com:443
 2016-03-20 11:59:51 INFO: connect to api.sina.com.cn:80
 2016-03-20 11:59:51 INFO: connect to i3.sinaimg.cn:80
 2016-03-20 12:00:05 INFO: connect to 192.168.3.1:80
 2016-03-20 12:00:16 INFO: TCP connection timeout

madeye commented 8 years ago

ACL in ss-local is a white list, which means bypass specific networks.

crazy-william commented 8 years ago

local ip subnet is not whitelist? Why close issue before I verified?

madeye commented 8 years ago

It's an issue of your browser, which connects IP address as hostname.

crazy-william commented 8 years ago

I'm using chrome.

madeye commented 8 years ago

So, please report this issue to Chrome team.

shadowsocks / shadowsocks-libev

ACL 功能确实不管用，希望能解决一下，谢谢 #564