jongkhurunn
commented
4 years ago `OpenClash 调试日志
生成时间: 2020-11-27 20:25:11 插件版本: v0.41.05-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: Phicomm N1
固件版本: OpenWrt SNAPSHOT r2943-78cff4a63
LuCI版本: git-20.256.12360-1a54222-1
内核版本: 5.9.8-flippy-49+
处理器架构: aarch64_generic
#此项在使用Tun模式时应为ACCEPT
防火墙转发: ACCEPT
#此项有值时建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
jsonfilter: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
iptables-mod-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装
#===================== 内核检查 =====================#
运行状态: 运行中
进程pid: 30463
运行权限: 30463: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-armv8
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2020.11.23.g4474306
Tun内核文件: 存在
Tun内核运行权限: 正常
Game内核版本: v0.17.0-232-ge389e33
Game内核文件: 存在
Game内核运行权限: 正常
Dev内核版本: v1.3.0-2-g994cbff
Dev内核文件: 存在
Dev内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/surgio.yaml
启动配置文件: /etc/openclash/surgio.yaml
运行模式: fake-ip-mix
默认代理模式: rule
UDP流量转发: 停用
DNS劫持: 启用
自定义DNS: 启用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 停用
绕过中国大陆IP: 停用
#启动异常时建议关闭此项后重试
保留配置: 停用
第三方规则: 停用
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
redir-port: 7892
interface-name: eth0
allow-lan: true
bind-address: "*"
ipv6: false
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
external-ui: "/usr/share/openclash/dashboard"
tun:
enable: true
stack: system
dns-hijack:
- tcp://8.8.8.8:53
- tcp://8.8.4.4:53
dns:
listen: 127.0.0.1:7874
enable: true
ipv6: false
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
fake-ip-filter:
- "*.lan"
- time.windows.com
- time.nist.gov
- time.apple.com
- time.asia.apple.com
- "*.ntp.org.cn"
- "*.openwrt.pool.ntp.org"
- time1.cloud.tencent.com
- time.ustc.edu.cn
- pool.ntp.org
- ntp.ubuntu.com
- ntp.aliyun.com
- ntp1.aliyun.com
- ntp2.aliyun.com
- ntp3.aliyun.com
- ntp4.aliyun.com
- ntp5.aliyun.com
- ntp6.aliyun.com
- ntp7.aliyun.com
- time1.aliyun.com
- time2.aliyun.com
- time3.aliyun.com
- time4.aliyun.com
- time5.aliyun.com
- time6.aliyun.com
- time7.aliyun.com
- "*.time.edu.cn"
- time1.apple.com
- time2.apple.com
- time3.apple.com
- time4.apple.com
- time5.apple.com
- time6.apple.com
- time7.apple.com
- time1.google.com
- time2.google.com
- time3.google.com
- time4.google.com
- music.163.com
- "*.music.163.com"
- "*.126.net"
- musicapi.taihe.com
- music.taihe.com
- songsearch.kugou.com
- trackercdn.kugou.com
- "*.kuwo.cn"
- api-jooxtt.sanook.com
- api.joox.com
- joox.com
- y.qq.com
- "*.y.qq.com"
- streamoc.music.tc.qq.com
- mobileoc.music.tc.qq.com
- isure.stream.qqmusic.qq.com
- dl.stream.qqmusic.qq.com
- aqqmusic.tc.qq.com
- amobile.music.tc.qq.com
- "*.xiami.com"
- "*.music.migu.cn"
- music.migu.cn
- "*.msftconnecttest.com"
- "*.msftncsi.com"
- localhost.ptlogin2.qq.com
- "*.*.*.srv.nintendo.net"
- "*.*.stun.playstation.net"
- xbox.*.*.microsoft.com
- "*.*.xboxlive.com"
nameserver:
- 114.114.114.114
- 119.29.29.29
- 223.5.5.5
- 172.16.23.168
- 172.16.23.131
fallback:
- tls://1.1.1.1:853
- tls://8.8.8.8:853
fallback-filter:
geoip: true
ipcidr:
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- 255.255.255.255/32
proxy-groups:
- type: select
name: PROXY
proxies:
rules:
- IP-CIDR,1.255.62.0/24,DIRECT,no-resolve
- DOMAIN-SUFFIX,cn,DIRECT
- IP-CIDR,10.0.0.0/8,DIRECT
- IP-CIDR,100.64.0.0/10,DIRECT
- IP-CIDR,127.0.0.0/8,DIRECT
- IP-CIDR,172.16.0.0/12,DIRECT
- IP-CIDR,192.168.0.0/16,DIRECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- GEOIP,CN,DIRECT
- MATCH,PROXY
#===================== 防火墙设置 =====================#
#NAT chain
# Generated by iptables-save v1.8.4 on Fri Nov 27 20:25:15 2020
*nat
:PREROUTING ACCEPT [286:61485]
:INPUT ACCEPT [1990:152624]
:OUTPUT ACCEPT [1905:140429]
:POSTROUTING ACCEPT [0:0]
:ADBYBY - [0:0]
:CLOUD_MUSIC - [0:0]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_vpn_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_vpn_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_vpn_postrouting - [0:0]
:zone_vpn_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -j ACCEPT
-A PREROUTING -d 8.8.8.8/32 -p tcp -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 80 -j ADBYBY
-A PREROUTING -p tcp -m set --match-set music dst -j CLOUD_MUSIC
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_vpn_prerouting
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -j MASQUERADE
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_vpn_postrouting
-A ADBYBY -d 0.0.0.0/8 -j RETURN
-A ADBYBY -d 10.0.0.0/8 -j RETURN
-A ADBYBY -d 127.0.0.0/8 -j RETURN
-A ADBYBY -d 169.254.0.0/16 -j RETURN
-A ADBYBY -d 172.16.0.0/12 -j RETURN
-A ADBYBY -d 192.168.0.0/16 -j RETURN
-A ADBYBY -d 224.0.0.0/4 -j RETURN
-A ADBYBY -d 240.0.0.0/4 -j RETURN
-A ADBYBY -m set --match-set adbyby_esc dst -j RETURN
-A ADBYBY -m set ! --match-set adbyby_wan dst -j RETURN
-A ADBYBY -m set --match-set music dst -j RETURN
-A ADBYBY -p tcp -j REDIRECT --to-ports 8118
-A CLOUD_MUSIC -d 0.0.0.0/8 -j RETURN
-A CLOUD_MUSIC -d 10.0.0.0/8 -j RETURN
-A CLOUD_MUSIC -d 127.0.0.0/8 -j RETURN
-A CLOUD_MUSIC -d 169.254.0.0/16 -j RETURN
-A CLOUD_MUSIC -d 172.16.0.0/12 -j RETURN
-A CLOUD_MUSIC -d 192.168.0.0/16 -j RETURN
-A CLOUD_MUSIC -d 224.0.0.0/4 -j RETURN
-A CLOUD_MUSIC -d 240.0.0.0/4 -j RETURN
-A CLOUD_MUSIC -p tcp -m set ! --match-set music_http src -m tcp --dport 80 -j REDIRECT --to-ports 5200
-A CLOUD_MUSIC -p tcp -m set ! --match-set music_https src -m tcp --dport 443 -j REDIRECT --to-ports 5201
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m tcp --sport 1194 -j RETURN
-A openclash_output -p tcp -m tcp --sport 1688 -j RETURN
-A openclash_output -p tcp -m tcp --sport 10240 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -m multiport --dports 80,443 -j REDIRECT --to-ports 7892
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_vpn_postrouting -m comment --comment "!fw3: Custom vpn postrouting rule chain" -j postrouting_vpn_rule
-A zone_vpn_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_vpn_prerouting -m comment --comment "!fw3: Custom vpn prerouting rule chain" -j prerouting_vpn_rule
-A zone_vpn_prerouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Fri Nov 27 20:25:15 2020
#Mangle chain
# Generated by iptables-save v1.8.4 on Fri Nov 27 20:25:15 2020
*mangle
:PREROUTING ACCEPT [51286:25780531]
:INPUT ACCEPT [50028:25237695]
:FORWARD ACCEPT [1253:542676]
:OUTPUT ACCEPT [43912:31449940]
:POSTROUTING ACCEPT [45150:31989379]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
:openclash_output - [0:0]
-A PREROUTING -p udp -j openclash
-A PREROUTING -p tcp -m tcp --dport 53 -j openclash_dns_hijack
-A OUTPUT -j openclash_output
-A openclash -p udp -m udp --dport 1194 -j RETURN
-A openclash -p udp -m udp --dport 4500 -j RETURN
-A openclash -p udp -m udp --dport 500 -j RETURN
-A openclash -p udp -m udp --dport 500 -j RETURN
-A openclash -p udp -m udp --dport 546 -j RETURN
-A openclash -p udp -m udp --dport 68 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -j MARK --set-xmark 0x162/0xffffffff
-A openclash_dns_hijack -d 8.8.8.8/32 -j MARK --set-xmark 0x162/0xffffffff
-A openclash_dns_hijack -d 8.8.4.4/32 -j MARK --set-xmark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 1194 -j RETURN
-A openclash_output -p udp -m udp --sport 4500 -j RETURN
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 546 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Fri Nov 27 20:25:15 2020
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.31.1 0.0.0.0 UG 0 0 0 eth0
172.31.0.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
198.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 utun
#ip route list
default via 192.168.31.1 dev eth0 proto static
172.31.0.0/24 dev docker0 proto kernel scope link src 172.31.0.1 linkdown
192.168.31.0/24 dev eth0 proto kernel scope link src 192.168.31.2
198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#===================== Tun设备状态 =====================#
utun: tun pi filter
#===================== 端口占用状态 =====================#
tcp 0 0 198.18.0.1:7777 0.0.0.0:* LISTEN 30463/clash
tcp 0 0 :::9090 :::* LISTEN 30463/clash
tcp 0 0 :::7890 :::* LISTEN 30463/clash
tcp 0 0 :::7891 :::* LISTEN 30463/clash
tcp 0 0 :::7892 :::* LISTEN 30463/clash
udp 0 0 198.18.0.1:7777 0.0.0.0:* 30463/clash
udp 0 0 127.0.0.1:7874 0.0.0.0:* 30463/clash
udp 0 0 :::41462 :::* 30463/clash
udp 0 0 :::7891 :::* 30463/clash
udp 0 0 :::7892 :::* 30463/clash
udp 0 0 :::55547 :::* 30463/clash
#===================== 测试本机DNS查询 =====================#
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: www.baidu.com
Address 1: 198.18.0.13
*** Can't find www.baidu.com: No answer
#===================== resolv.conf.d =====================#
# Interface lan
nameserver 192.168.31.1
#===================== 测试本机网络连接 =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Fri, 27 Nov 2020 12:25:15 GMT
Etag: "575e1f60-115"
Last-Modified: Mon, 13 Jun 2016 02:50:08 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载 =====================#
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 80
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: text/plain; charset=utf-8
ETag: "ef2862d6c7360ec9deb7df18f067f33178e9f94f44efd4181cf7a18505f87660"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
Via: 1.1 varnish (Varnish/6.0), 1.1 varnish
X-GitHub-Request-Id: 9DF6:2206:3082A3:39E43B:5FC0B812
Accept-Ranges: bytes
Date: Fri, 27 Nov 2020 12:25:16 GMT
X-Served-By: cache-sin18046-SIN
X-Cache: MISS, HIT
X-Cache-Hits: 0, 25
X-Timer: S1606479916.020666,VS0,VE0
Vary: Authorization,Accept-Encoding
Access-Control-Allow-Origin: *
X-Fastly-Request-ID: 915e49bc701d3e9798de400c30d8e2be857765ed
Expires: Fri, 27 Nov 2020 12:30:16 GMT
Source-Age: 20
#===================== 最近运行日志 =====================#
2020-11-27 20:16:32 Warning: OpenClash Now Disabled, Need Start From Luci Page, Exit...
2020-11-27 20:16:20 OpenClash Update Successful
time="2020-11-27T20:16:58+08:00" level=info msg="Start initial compatible provider Maying"
time="2020-11-27T20:16:58+08:00" level=info msg="Start initial compatible provider PROXY"
time="2020-11-27T20:16:58+08:00" level=info msg="Start initial compatible provider P2P"
time="2020-11-27T20:16:58+08:00" level=info msg="Start initial compatible provider Netflix"
time="2020-11-27T20:16:58+08:00" level=info msg="Start initial compatible provider Bilibili"
time="2020-11-27T20:16:58+08:00" level=info msg="Start initial compatible provider NeteaseMusic"
time="2020-11-27T20:16:58+08:00" level=info msg="Start initial compatible provider Youtube"
time="2020-11-27T20:16:58+08:00" level=info msg="Start initial compatible provider OVO"
time="2020-11-27T20:16:58+08:00" level=info msg="DNS server listening at: 127.0.0.1:7874"
2020-11-27 20:17:03 History:【surgio.yaml】 Restore Successful
2020-11-27 20:16:35 OpenClash Start Successful
`
wogong
vernesong
icucuio
wdubaiyu
zcvxcv
tcp流量可以命中keyword,但是udp就找不到规则走了direct,但是我final设置的也是proxy,有些迷惑 (instagram啥时候开始走udp了,害人不浅)