[Bug] R2S istoreos v0.45.109beta版本 clash经常崩溃 cpu占用过高 换回v0.45.103beta版本正常

[lam2888]

Verify Steps

• [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
• [X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
• [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求

OpenClash Version

v0.45.109beta

Bug on Environment

Other

Bug on Platform

Linux-arm64

To Reproduce

NanoPi R2S 刷istoreos,通过https://github.com/AUK9527/Are-u-ok/tree/main/apps 安装openclash,机场可用，配置正常，版本更新到v0.45.109beta,clash dev内核崩溃卡顿，cpu占用70到98%之间，有过死机重启，clash meta内核也一样，配置管理一保存就会死机。 删除v0.45.109beta,通过https://github.com/AUK9527/Are-u-ok/tree/main/apps 安装并手动更新到v0.45.103beta恢复正常。

Describe the Bug

nanopi r2s ,istoreos ,v0.45.109beta版本,内核崩溃，cpu占用过高，配置管理保存死机。

OpenClash Log

现在换回v0.45.103beta版本正常，没找到v0.45.109beta的日志。

OpenClash Config

No response

Expected Behavior

只是想先行告知而己，现在103beta版本用着还行。

Screenshots

No response

[kousyoukun]

树莓派4也是这样

[zzz6839]

一样，我这边是X86，从108升到109的，看了下面板我在“黑白名单”里设置了绕过MAC地址，但是109版本黑名单失效所有的BT流量都涌进来导致的，希望修复，目前回滚版本了

[Angynond]

斐讯N1，从 103 更新到 109 后，CPU 占用率也很高，经常 80% 以上

[cnfanhua]

最新版（0.45.109beta）一样出现此问题。“clash内核崩溃”，内存CPU占用高。x86（openwrt）; 退回103后正常。

[zzz6839]

一样，我这边是X86，从108升到109的，看了下面板我在“黑白名单”里设置了绕过MAC地址，但是109版本黑名单失效所有的BT流量都涌进来导致的，希望修复，目前回滚版本了

刚更新110，我的问题还在

[xianren78]

单臂主路由上，没有br-lan，只有eth0和pppoe-wan。会导致接口排除故障。110上会导致远程无法接入docker版vpn等。@vernesong

[vernesong]

lan接口是根据防火墙input动态截取的，不是固定的，你这个应该获取的是eth0，你看看防火墙的localnetwork是不是根据eth0写的

[adminidor]

103版本稳定，暂时退回了

[zzz6839]

刚更新110，我的问题还在

一样，我这边是X86，从108升到109的，看了下面板我在“黑白名单”里设置了绕过MAC地址，但是109版本黑名单失效所有的BT流量都涌进来导致的，希望修复，目前回滚版本了

刚更新110，我的问题还在

刚更新111，我的问题还在

[wenxingxing]

我也有问题，不定时冒出来几万个连接到192.168.1.255:13x，把我家光猫都搞挂了

[deuteros-gex]

x86的机器，最新的112也是一样 刚刚经历了夺命10连重启，关掉openclash临时用ssr plus顶上了。 倒是愿意帮助改进，但日志都来不及看机器就又重启了。

[vernesong]

x86的机器，最新的112也是一样 刚刚经历了夺命10连重启，关掉openclash临时用ssr plus顶上了。 倒是愿意帮助改进，但日志都来不及看机器就又重启了。

kill -9 "$(pidof clash |sed 's/$//g')" && /usr/share/openclash/openclash_debug.sh

[deuteros-gex]

x86的机器，最新的112也是一样 刚刚经历了夺命10连重启，关掉openclash临时用ssr plus顶上了。 倒是愿意帮助改进，但日志都来不及看机器就又重启了。

kill -9 "$(pidof clash |sed 's/$//g')" && /usr/share/openclash/openclash_debug.sh

这个命令是要在什么时机跑才能输出有效内容呢？ 是在观察到cpu占用率飙升后，在机器重启之前抢时间连上ssh跑？ 还是说死机重启、关掉openclash后，再跑这个也能输出有效内容？

我看了一下 https://github.com/vernesong/OpenClash/blob/master/luci-app-openclash/root/usr/share/openclash/openclash_debug.sh 的内容，输出的日志应该是在/tmp/openclash_debug.log对吧？

[vernesong]

插件启动以后就行

[deuteros-gex]

删掉了不影响理解的rules和proxy字段。 但这个调试日志里好像没有openclash自己的日志，只有clash内核的日志。。

`OpenClash 调试日志

生成时间: 2023-04-20 19:04:27 插件版本: v0.45.112-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: Giada            Giada H61 
固件版本: OpenWrt 22.03.0 r19685-512e76967f
LuCI版本: git-23.093.42303-d58cd69
内核版本: 5.10.138
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

DNS劫持: Firewall 转发
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 已安装
kmod-nft-tproxy: 已安装

#===================== 内核检查 =====================#

运行状态: 未运行
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.03.04-5-g4a8cefb
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.13.0-7-g4ffc999
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-g2f992e9
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/sockboom-cpx.yaml
启动配置文件: /etc/openclash/sockboom-cpx.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 启用
IPV6代理: 启用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 停用
自定义规则: 启用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 自定义规则 一 =====================#
##script:
##  shortcuts:
##    Notice: The core timezone is UTC
##    CST 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
##    内核时区为UTC,故以下time.now()函数的取值需要根据本地时区进行转换
##    北京时间(CST) 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
##    quic: network == 'udp' and dst_port == 443 and (geoip(resolve_ip(host)) != 'CN' or geoip(dst_ip) != 'CN')
##    time-limit: in_cidr(src_ip,'192.168.1.2/32') and time.now().hour < 20 or time.now().hour > 21
##    time-limit: src_ip == '192.168.1.2' and time.now().hour < 20 or time.now().hour > 21

##  code: |
##    def main(ctx, metadata):
##        directkeywordlist = ["baidu"]
##        for directkeyword in directkeywordlist:
##          if directkeyword in metadata["host"]:
##            ctx.log('[Script] matched keyword %s use direct' % directkeyword)
##            return "DIRECT"
rules:
- DOMAIN-SUFFIX,xn--ngstr-lra8j.com,DIRECT
- DOMAIN-SUFFIX,services.googleapis.cn,DIRECT
- DOMAIN-KEYWORD,github,节点选择
- DOMAIN-SUFFIX,rfa.org,节点选择
- DOMAIN-KEYWORD,youtube,节点选择
- DOMAIN-SUFFIX,miobt.com,节点选择
- DOMAIN-SUFFIX,nyaa.si,节点选择
##- SCRIPT,quic,REJECT #shortcuts rule
##- SCRIPT,time-limit,REJECT #shortcuts rule

##- PROCESS-NAME,curl,DIRECT #匹配路由自身进程(curl直连)
##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)

##排序在上的规则优先生效,如添加（去除规则前的#号）：
##IP段：192.168.1.2-192.168.1.200 直连
##- SRC-IP-CIDR,192.168.1.2/31,DIRECT
##- SRC-IP-CIDR,192.168.1.4/30,DIRECT
##- SRC-IP-CIDR,192.168.1.8/29,DIRECT
##- SRC-IP-CIDR,192.168.1.16/28,DIRECT
##- SRC-IP-CIDR,192.168.1.32/27,DIRECT
##- SRC-IP-CIDR,192.168.1.64/26,DIRECT
##- SRC-IP-CIDR,192.168.1.128/26,DIRECT
##- SRC-IP-CIDR,192.168.1.192/29,DIRECT
##- SRC-IP-CIDR,192.168.1.200/32,DIRECT

##IP段：192.168.1.202-192.168.1.255 直连
##- SRC-IP-CIDR,192.168.1.202/31,DIRECT
##- SRC-IP-CIDR,192.168.1.204/30,DIRECT
##- SRC-IP-CIDR,192.168.1.208/28,DIRECT
##- SRC-IP-CIDR,192.168.1.224/27,DIRECT

##此时IP为192.168.1.1和192.168.1.201的客户端流量走代理（策略），其余客户端不走代理
##因为Fake-IP模式下，IP地址为192.168.1.1的路由器自身流量可走代理（策略），所以需要排除

##仅设置路由器自身直连：
##- SRC-IP-CIDR,192.168.1.1/32,DIRECT
##- SRC-IP-CIDR,198.18.0.1/32,DIRECT

##DDNS
##- DOMAIN-SUFFIX,checkip.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkipv6.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkip.synology.com,DIRECT
##- DOMAIN-SUFFIX,ifconfig.co,DIRECT
##- DOMAIN-SUFFIX,api.myip.com,DIRECT
##- DOMAIN-SUFFIX,ip-api.com,DIRECT
##- DOMAIN-SUFFIX,ipapi.co,DIRECT
##- DOMAIN-SUFFIX,ip6.seeip.org,DIRECT
##- DOMAIN-SUFFIX,members.3322.org,DIRECT

##在线IP段转CIDR地址：http://ip2cidr.com
#===================== 自定义规则 二 =====================#
script:
##  shortcuts:
##    common_port: dst_port not in [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]

##  code: |
##    def main(ctx, metadata):
##        directkeywordlist = ["baidu"]
##        for directkeyword in directkeywordlist:
##          if directkeyword in metadata["host"]:
##            ctx.log('[Script] matched keyword %s use direct' % directkeyword)
##            return "DIRECT"

rules:
##- SCRIPT,common_port,DIRECT #shortcuts rule

##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: info
external-controller: 0.0.0.0:9090
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: true
dns:
  enable: true
  ipv6: true
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  listen: 0.0.0.0:7874
  nameserver:
  - 112.4.0.55
  - 221.131.143.69
  - "[2409:8020:2000::88]:53"
  - "[2409:8020:2000::8]:53"
profile:
  store-selected: true
authentication:
- Clash:Wit08xCl

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Thu Apr 20 19:04:29 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Thu Apr 20 19:04:29 2023

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Thu Apr 20 19:04:29 2023
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Thu Apr 20 19:04:29 2023

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Thu Apr 20 19:04:29 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-MAN - [0:0]
:DOCKER-USER - [0:0]
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-MAN -i br-lan -o docker0 -j RETURN
-A DOCKER-MAN -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j RETURN
-A DOCKER-MAN -o docker0 -m conntrack --ctstate INVALID,NEW -j DROP
-A DOCKER-MAN -j RETURN
-A DOCKER-USER -j DOCKER-MAN
-A DOCKER-USER -j RETURN
COMMIT
# Completed on Thu Apr 20 19:04:29 2023

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Thu Apr 20 19:04:29 2023
*nat
:PREROUTING ACCEPT [4904:446145]
:INPUT ACCEPT [1622:143140]
:OUTPUT ACCEPT [4103:342284]
:POSTROUTING ACCEPT [6975:615694]
COMMIT
# Completed on Thu Apr 20 19:04:29 2023

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Thu Apr 20 19:04:29 2023
*mangle
:PREROUTING ACCEPT [252740:185302675]
:INPUT ACCEPT [9262:1331007]
:FORWARD ACCEPT [242884:183927419]
:OUTPUT ACCEPT [35534:14052756]
:POSTROUTING ACCEPT [278890:198020910]
COMMIT
# Completed on Thu Apr 20 19:04:29 2023

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Thu Apr 20 19:04:29 2023
*filter
:INPUT ACCEPT [9247:1327496]
:FORWARD ACCEPT [242840:183924488]
:OUTPUT ACCEPT [35534:14052756]
COMMIT
# Completed on Thu Apr 20 19:04:29 2023

#===================== NFTABLES 防火墙设置 =====================#

table inet fw4 {
    chain input {
        type filter hook input priority filter; policy accept;
        iifname "pppoe-wan" ip6 saddr != @localnetwork6 counter packets 644 bytes 153413 jump openclash_wan6_input
        udp dport 443 ip6 daddr != @china_ip6_route counter packets 0 bytes 0 reject with icmpv6 port-unreachable comment "OpenClash QUIC REJECT"
        udp dport 443 ip daddr != @china_ip_route counter packets 0 bytes 0 reject with icmp port-unreachable comment "OpenClash QUIC REJECT"
        iifname "pppoe-wan" ip saddr != @localnetwork counter packets 3467 bytes 453693 jump openclash_wan_input
        iifname "lo" accept comment "!fw4: Accept traffic from loopback"
        ct state established,related accept comment "!fw4: Allow inbound established and related flows"
        tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
        iifname "eth0" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
        iifname "pppoe-wan" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
        iifname "docker0" jump input_docker comment "!fw4: Handle docker IPv4/IPv6 input traffic"
        iifname "WG0" jump input_forWG comment "!fw4: Handle forWG IPv4/IPv6 input traffic"
    }
}
table inet fw4 {
    chain forward {
        type filter hook forward priority filter; policy drop;
        ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
        iifname "eth0" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
        iifname "pppoe-wan" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
        iifname "docker0" jump forward_docker comment "!fw4: Handle docker IPv4/IPv6 forward traffic"
        iifname "WG0" jump forward_forWG comment "!fw4: Handle forWG IPv4/IPv6 forward traffic"
        jump upnp_forward comment "Hook into miniupnpd forwarding chain"
        jump handle_reject
    }
}
table inet fw4 {
    chain dstnat {
        type nat hook prerouting priority dstnat; policy accept;
        ip6 daddr { 2001:4860:4860::8844, 2001:4860:4860::8888 } tcp dport 53 counter packets 0 bytes 0 accept comment "OpenClash Google DNS Hijack"
        meta nfproto ipv6 udp dport 53 counter packets 32 bytes 2689 jump openclash_dns_redirect
        meta nfproto ipv6 tcp dport 53 counter packets 0 bytes 0 jump openclash_dns_redirect
        ip daddr { 8.8.4.4, 8.8.8.8 } tcp dport 53 counter packets 0 bytes 0 redirect to :7892 comment "OpenClash Google DNS Hijack"
        udp dport 53 counter packets 37 bytes 3007 jump openclash_dns_redirect
        tcp dport 53 counter packets 0 bytes 0 jump openclash_dns_redirect
        jump upnp_prerouting comment "Hook into miniupnpd prerouting chain"
        ip protocol tcp counter packets 24 bytes 1264 jump openclash
    }
}
table inet fw4 {
    chain srcnat {
        type nat hook postrouting priority srcnat; policy accept;
        oifname "pppoe-wan" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
        oifname "WG0" jump srcnat_forWG comment "!fw4: Handle forWG IPv4/IPv6 srcnat traffic"
        jump upnp_postrouting comment "Hook into miniupnpd postrouting chain"
    }
}
table inet fw4 {
    chain nat_output {
        type nat hook output priority filter - 1; policy accept;
        udp dport 53 ip6 daddr ::/0 meta skuid != 65534 counter packets 45 bytes 3672 redirect to :7874 comment "OpenClash DNS Hijack"
        tcp dport 53 ip6 daddr ::/0 meta skuid != 65534 counter packets 0 bytes 0 redirect to :7874 comment "OpenClash DNS Hijack"
        udp dport 53 ip daddr 127.0.0.1 meta skuid != 65534 counter packets 28 bytes 1828 redirect to :7874 comment "OpenClash DNS Hijack"
        tcp dport 53 ip daddr 127.0.0.1 meta skuid != 65534 counter packets 0 bytes 0 redirect to :7874 comment "OpenClash DNS Hijack"
        ip protocol tcp counter packets 348 bytes 20880 jump openclash_output
    }
}
table inet fw4 {
    chain mangle_prerouting {
        type filter hook prerouting priority mangle; policy accept;
        ip protocol udp counter packets 1128 bytes 122535 jump openclash_mangle
        meta nfproto ipv6 counter packets 1133 bytes 229850 jump openclash_mangle_v6
    }
}
table inet fw4 {
    chain mangle_output {
        type route hook output priority mangle; policy accept;
        meta nfproto ipv6 counter packets 1361 bytes 286997 jump openclash_mangle_output_v6
    }
}
table inet fw4 {
    chain openclash {
        ip daddr @localnetwork counter packets 5 bytes 260 return
        ip protocol tcp ip daddr 198.18.0.0/16 counter packets 15 bytes 788 redirect to :7892
        ip saddr @lan_ac_black_ips counter packets 0 bytes 0 return
        ip protocol tcp counter packets 5 bytes 268 redirect to :7892
    }
}
table inet fw4 {
    chain openclash_mangle {
        meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv4 udp sport 68 counter packets 0 bytes 0 return
        ip daddr @localnetwork counter packets 1107 bytes 121479 return
        udp dport 53 counter packets 0 bytes 0 return
        meta l4proto udp ip daddr 198.18.0.0/16 meta mark set 0x00000162 tproxy ip to 127.0.0.1:7895 counter packets 0 bytes 0 accept
        ip saddr @lan_ac_black_ips counter packets 15 bytes 810 return
        ip protocol udp counter packets 9 bytes 432 jump openclash_upnp
        meta l4proto udp meta mark set 0x00000162 tproxy ip to 127.0.0.1:7895 counter packets 9 bytes 432 accept
    }
}
table inet fw4 {
    chain openclash_output {
        ip daddr @localnetwork counter packets 9 bytes 540 return
        ip protocol tcp ip daddr 198.18.0.0/16 meta skuid != 65534 counter packets 0 bytes 0 redirect to :7892
        ip protocol tcp meta skuid != 65534 counter packets 0 bytes 0 redirect to :7892
    }
}
table inet fw4 {
    chain openclash_wan_input {
        udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
        tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
    }
}
table inet fw4 {
    chain openclash_mangle_v6 {
        meta nfproto ipv6 udp sport 50723 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 546 counter packets 0 bytes 0 return
        ip6 daddr @localnetwork6 counter packets 794 bytes 170088 return
        meta nfproto ipv6 udp dport 53 counter packets 0 bytes 0 return
        ip6 saddr @lan_ac_black_ipv6s counter packets 0 bytes 0 return
        meta nfproto ipv6 tcp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 333 bytes 58782 accept comment "OpenClash TCP Tproxy"
    }
}
table inet fw4 {
    chain openclash_mangle_output_v6 {
        meta nfproto ipv6 udp sport 50723 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 546 counter packets 0 bytes 0 return
        ip6 daddr @localnetwork6 counter packets 432 bytes 167897 return
        meta nfproto ipv6 meta skuid != 65534 tcp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 0 bytes 0 accept comment "OpenClash TCP Tproxy"
    }
}
table inet fw4 {
    chain openclash_wan6_input {
        udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
        tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
    }
}

#===================== IPSET状态 =====================#

Name: china
Name: ss_spec_wan_ac

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         100.73.64.1     0.0.0.0         UG    0      0        0 pppoe-wan
10.10.0.2       0.0.0.0         255.255.255.255 UH    0      0        0 WG0
10.10.0.3       0.0.0.0         255.255.255.255 UH    0      0        0 WG0
10.10.0.4       0.0.0.0         255.255.255.255 UH    0      0        0 WG0
100.73.64.1     0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.123.0   192.168.0.154   255.255.255.0   UG    5      0        0 eth0
#ip route list
default via 100.73.64.1 dev pppoe-wan 
10.10.0.2 dev WG0 scope link 
10.10.0.3 dev WG0 scope link 
10.10.0.4 dev WG0 scope link 
100.73.64.1 dev pppoe-wan scope link  src *WAN IP*.48 
172.17.0.0/16 dev docker0 scope link  src 172.17.0.1 
192.168.0.0/24 dev eth0 scope link  src 192.168.0.1 
192.168.123.0/24 via 192.168.0.154 dev eth0  metric 5 
#ip rule show
0:  from all lookup local 
5209:   from all fwmark 0x162 lookup 354 
5210:   from all fwmark 0x80000 lookup main 
5230:   from all fwmark 0x80000 lookup default 
5250:   from all fwmark 0x80000 lookup unspec unreachable
5270:   from all lookup 52 
32766:  from all lookup main 
32767:  from all lookup default 

#===================== 端口占用状态 =====================#

#===================== 测试本机DNS查询(www.baidu.com) =====================#

;; connection timed out; no servers could be reached

#===================== 测试内核DNS查询(www.instagram.com) =====================#

#===================== resolv.conf.d =====================#

# Interface wan
nameserver 221.131.143.69
nameserver 112.4.0.55
# Interface wan_6
nameserver 2409:8020:2000::8
nameserver 2409:8020:2000::88

#===================== 测试本机网络连接(www.baidu.com) =====================#

#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

#===================== 最近运行日志(自动切换为Debug模式) =====================#

time="2023-04-20T19:03:47+08:00" level=info msg="[TCP] 192.168.0.135:1356 --> mtalk.google.com:5228 match DomainKeyword(google) using 节点选择[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:03:48+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1341 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:03:48+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1357 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:03:49+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:85e2:92dd:5016:af97]:44804 --> [2409:8c28:202:8::199]:80 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:03:50+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1358 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:03:50+08:00" level=info msg="[TCP] 192.168.0.135:1359 --> dldir1.qq.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:03:51+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1360 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:03:52+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1361 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:03:53+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1362 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:03:54+08:00" level=info msg="[TCP] 192.168.0.135:1363 --> 104.26.13.31:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:03:55+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1364 --> [2606:4700:3033::ac43:94e3]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:03:56+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1367 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:03:56+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1368 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:03:58+08:00" level=info msg="[UDP] *WAN IP*.48:43379 --> 123.60.15.104:3478 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:03:58+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1369 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:03:58+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1370 --> [2409:8c1e:75b0:1016::151]:80 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:03:59+08:00" level=info msg="[TCP] 192.168.0.135:1371 --> 20.44.229.112:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:03:59+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1372 --> [2409:8c20:aa51:2e:3::3ce]:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:00+08:00" level=info msg="[TCP] 192.168.0.135:1373 --> 52.168.112.66:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:04:01+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1375 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:04:03+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1376 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:04:06+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1377 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:04:07+08:00" level=info msg="[TCP] 192.168.0.135:1379 --> api.vc.bilibili.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:08+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1381 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:04:10+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:79f3:24ea:8586:b69c]:46446 --> [2404:6800:4005:805::200a]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:04:10+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1382 --> [2409:8c1e:75b0:13::d5]:8080 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:11+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:79f3:24ea:8586:b69c]:41796 --> [2409:8c1e:8fd0:50::12]:80 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:11+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:79f3:24ea:8586:b69c]:38054 --> dns.weixin.qq.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:11+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:d14b:2ded:bc4a:3b27]:57496 --> [2402:4e00:1900:1700:0:9554:1ad0:140a]:8080 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:11+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:d14b:2ded:bc4a:3b27]:58018 --> [2409:8c1e:75b0:13::d5]:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:11+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1383 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:04:11+08:00" level=info msg="[TCP] 192.168.0.109:59774 --> dataflow.biliapi.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:12+08:00" level=info msg="[TCP] 192.168.0.135:1384 --> beacons.gcp.gvt2.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:13+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1385 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:04:15+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:d14b:2ded:bc4a:3b27]:37394 --> [2409:8c1e:8fd0:10::6d]:80 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:16+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:d14b:2ded:bc4a:3b27]:37396 --> [2409:8c1e:8fd0:10::6d]:80 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:17+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1386 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:04:18+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1387 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:04:20+08:00" level=info msg="[TCP] 192.168.0.107:40091 --> 223.111.250.54:80 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:21+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1388 --> [2a03:2880:f126:83:face:b00c:0:25de]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:04:23+08:00" level=info msg="[TCP] 192.168.0.135:1389 --> www.youtube.com:443 match DomainKeyword(youtube) using 节点选择[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:04:25+08:00" level=info msg="[UDP] 192.168.0.109:43379 --> 123.60.93.201:3478 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:26+08:00" level=info msg="[TCP] 192.168.0.135:1390 --> clients4.google.com:443 match DomainKeyword(google) using 节点选择[【A】香港 VIP 7 - Nearoute]"
2023-04-20 19:04:46 Watchdog: Clash Core Problem, Restart...
time="2023-04-20T19:04:47+08:00" level=info msg="Start initial compatible provider 电报吹水"
time="2023-04-20T19:04:47+08:00" level=info msg="Start initial compatible provider 故障切换"
time="2023-04-20T19:04:47+08:00" level=info msg="Start initial compatible provider 自动选择"
time="2023-04-20T19:04:47+08:00" level=info msg="Start initial compatible provider 手动选择"
time="2023-04-20T19:04:47+08:00" level=info msg="Start initial compatible provider 节点选择"
time="2023-04-20T19:04:47+08:00" level=info msg="Start initial compatible provider 最新域名"
time="2023-04-20T19:04:47+08:00" level=info msg="Start initial compatible provider 国外网站"
time="2023-04-20T19:04:47+08:00" level=info msg="Start initial compatible provider 动画疯"
time="2023-04-20T19:04:47+08:00" level=info msg="Authentication of local server updated"
time="2023-04-20T19:04:47+08:00" level=info msg="HTTP proxy listening at: [::]:7890"
time="2023-04-20T19:04:47+08:00" level=info msg="SOCKS proxy listening at: [::]:7891"
time="2023-04-20T19:04:47+08:00" level=info msg="Redirect proxy listening at: [::]:7892"
time="2023-04-20T19:04:47+08:00" level=info msg="RESTful API listening at: [::]:9090"
time="2023-04-20T19:04:47+08:00" level=info msg="TProxy server listening at: [::]:7895"
time="2023-04-20T19:04:47+08:00" level=info msg="Mixed(http+socks) proxy listening at: [::]:7893"
time="2023-04-20T19:04:47+08:00" level=info msg="DNS server listening at: [::]:7874"
time="2023-04-20T19:04:47+08:00" level=info msg="[UDP] 192.168.0.107:46257 --> 121.36.92.159:3478 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:47+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1426 --> [2404:6800:4012:4::200a]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:04:48+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1427 --> [2409:8c1e:75b0:1016::151]:80 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:48+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1428 --> [2409:8c1e:75b0:1016::151]:80 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:48+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1429 --> [2409:8c20:3c42:1f:3::3fc]:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:49+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1432 --> [2409:8c1e:8fd0:50::36]:80 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:50+08:00" level=info msg="[TCP] 192.168.0.135:1435 --> www.bilibili.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:50+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:85e2:92dd:5016:af97]:39605 --> [2409:8c20:5624::57]:80 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:50+08:00" level=info msg="[TCP] 192.168.0.135:1436 --> s1.hdslb.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:50+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1438 --> [2409:8c1e:8fd0:50::12]:80 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:50+08:00" level=info msg="[TCP] 192.168.0.135:1437 --> s1.hdslb.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:50+08:00" level=info msg="[TCP] 192.168.0.135:1439 --> upos-sz-mirrorcos.bilivideo.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:50+08:00" level=info msg="[TCP] 192.168.0.135:1440 --> static.hdslb.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:50+08:00" level=info msg="[TCP] 192.168.0.135:1441 --> api.bilibili.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:50+08:00" level=info msg="[TCP] 192.168.0.135:1442 --> data.bilibili.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:50+08:00" level=info msg="[TCP] 192.168.0.135:1443 --> api.bilibili.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:51+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1445 --> [2409:8c20:aa51:2e:3::3ce]:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:51+08:00" level=info msg="[TCP] 192.168.0.135:1444 --> 104.26.12.31:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:04:51+08:00" level=info msg="[TCP] 192.168.0.135:1446 --> api.live.bilibili.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:51+08:00" level=info msg="[TCP] 192.168.0.135:1447 --> i0.hdslb.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:51+08:00" level=info msg="[TCP] 192.168.0.135:1448 --> cm.bilibili.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:51+08:00" level=info msg="[TCP] 192.168.0.135:1449 --> i1.hdslb.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:51+08:00" level=info msg="[TCP] 192.168.0.135:1450 --> i2.hdslb.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:51+08:00" level=info msg="[TCP] 192.168.0.135:1451 --> api.live.bilibili.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:51+08:00" level=info msg="[TCP] 192.168.0.135:1452 --> cm.bilibili.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:51+08:00" level=info msg="[TCP] 192.168.0.135:1453 --> interface.bilibili.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:52+08:00" level=info msg="[TCP] 192.168.0.135:1454 --> bvc.bilivideo.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:52+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1455 --> [2606:4700:3033::ac43:94e3]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"
time="2023-04-20T19:04:52+08:00" level=info msg="[TCP] 192.168.0.135:1456 --> i0.hdslb.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:52+08:00" level=info msg="[TCP] 192.168.0.135:1457 --> broadcast.chat.bilibili.com:7826 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:52+08:00" level=info msg="[TCP] 192.168.0.135:1458 --> api.live.bilibili.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:53+08:00" level=info msg="[TCP] 192.168.0.135:1459 --> hw-v2-web-player-tracker.biliapi.net:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:53+08:00" level=info msg="[TCP] 192.168.0.135:1460 --> ali-web-player-tracker.biliapi.net:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:53+08:00" level=info msg="[TCP] 192.168.0.135:1461 --> data.bilibili.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:53+08:00" level=info msg="[TCP] 192.168.0.135:1462 --> 221.130.192.148:80 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:53+08:00" level=info msg="[TCP] 192.168.0.135:1463 --> hw-v2-web-player-tracker.biliapi.net:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:53+08:00" level=info msg="[UDP] 192.168.0.135:55020 --> hw-v2-web-player-tracker.biliapi.net:3478 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:54+08:00" level=info msg="[TCP] 192.168.0.135:1464 --> boss.hdslb.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:54+08:00" level=info msg="[TCP] 192.168.0.135:1465 --> bimp.hdslb.com:443 match GeoIP(CN) using DIRECT"
time="2023-04-20T19:04:56+08:00" level=info msg="[TCP] [2409:8a20:e33:f050:3cf6:a0da:84e4:b224]:1466 --> [2404:6800:4008:c04::bc]:443 match Match() using 国外网站[【A】香港 VIP 7 - Nearoute]"

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.0.135】 - Host:【boss.hdslb.com】 - DestinationIP:【39.135.220.47】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
2. SourceIP:【192.168.0.135】 - Host:【data.bilibili.com】 - DestinationIP:【223.111.252.72】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
3. SourceIP:【192.168.0.135】 - Host:【www.bilibili.com】 - DestinationIP:【112.13.92.202】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
4. SourceIP:【2409:8a20:e33:f050:3cf6:a0da:84e4:b224】 - Host:【Empty】 - DestinationIP:【2409:8c20:3c42:1f:3::3fc】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
5. SourceIP:【192.168.0.135】 - Host:【i1.hdslb.com】 - DestinationIP:【39.136.141.94】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
6. SourceIP:【192.168.0.135】 - Host:【Empty】 - DestinationIP:【104.26.12.31】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【【A】香港 VIP 7 - Nearoute】
7. SourceIP:【192.168.0.135】 - Host:【api.live.bilibili.com】 - DestinationIP:【112.13.92.196】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
8. SourceIP:【192.168.0.135】 - Host:【Empty】 - DestinationIP:【221.130.192.148】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
9. SourceIP:【192.168.0.135】 - Host:【cm.bilibili.com】 - DestinationIP:【112.13.92.203】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
10. SourceIP:【192.168.0.107】 - Host:【Empty】 - DestinationIP:【121.36.92.159】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
11. SourceIP:【192.168.0.135】 - Host:【i0.hdslb.com】 - DestinationIP:【39.136.141.94】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
12. SourceIP:【192.168.0.135】 - Host:【i0.hdslb.com】 - DestinationIP:【39.135.220.47】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
13. SourceIP:【192.168.0.135】 - Host:【bvc.bilivideo.com】 - DestinationIP:【223.111.250.53】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
14. SourceIP:【2409:8a20:e33:f050:3cf6:a0da:84e4:b224】 - Host:【Empty】 - DestinationIP:【2409:8c1e:8fd0:50::36】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
15. SourceIP:【192.168.0.135】 - Host:【s1.hdslb.com】 - DestinationIP:【112.25.18.119】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
16. SourceIP:【2409:8a20:e33:f050:3cf6:a0da:84e4:b224】 - Host:【Empty】 - DestinationIP:【2404:6800:4012:4::200a】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【【A】香港 VIP 7 - Nearoute】
17. SourceIP:【192.168.0.135】 - Host:【api.bilibili.com】 - DestinationIP:【112.13.92.199】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
18. SourceIP:【192.168.0.135】 - Host:【i2.hdslb.com】 - DestinationIP:【112.25.18.116】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
19. SourceIP:【192.168.0.135】 - Host:【cm.bilibili.com】 - DestinationIP:【111.48.57.44】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
20. SourceIP:【192.168.0.135】 - Host:【api.live.bilibili.com】 - DestinationIP:【117.169.96.199】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
21. SourceIP:【2409:8a20:e33:f050:3cf6:a0da:84e4:b224】 - Host:【Empty】 - DestinationIP:【2409:8c20:aa51:2e:3::3ce】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
22. SourceIP:【192.168.0.135】 - Host:【upos-sz-mirrorcos.bilivideo.com】 - DestinationIP:【117.162.51.73】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
23. SourceIP:【2409:8a20:e33:f050:3cf6:a0da:84e4:b224】 - Host:【Empty】 - DestinationIP:【2606:4700:3033::ac43:94e3】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【【A】香港 VIP 7 - Nearoute】
24. SourceIP:【192.168.0.135】 - Host:【bimp.hdslb.com】 - DestinationIP:【221.130.192.182】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
25. SourceIP:【192.168.0.135】 - Host:【static.hdslb.com】 - DestinationIP:【112.25.18.113】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
26. SourceIP:【192.168.0.135】 - Host:【interface.bilibili.com】 - DestinationIP:【223.111.250.57】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
27. SourceIP:【192.168.0.135】 - Host:【hw-v2-web-player-tracker.biliapi.net】 - DestinationIP:【223.109.175.205】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
28. SourceIP:【192.168.0.135】 - Host:【s1.hdslb.com】 - DestinationIP:【112.25.18.113】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
29. SourceIP:【192.168.0.135】 - Host:【api.bilibili.com】 - DestinationIP:【111.48.57.44】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
30. SourceIP:【2409:8a20:e33:f050:3cf6:a0da:84e4:b224】 - Host:【Empty】 - DestinationIP:【2404:6800:4008:c04::bc】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【【A】香港 VIP 7 - Nearoute】

`

[deuteros-gex]

跑过kill -9后一直没再动包括openclash在内的任何设置，等待openclash的守护进程把clash内核重启后，目前倒是挺正常在用了。。

2023-04-20 19:04:46 守护程序：检测到 Clash 内核崩溃，重启中... 2023-04-20 19:03:46 OpenClash 启动成功，请等待服务器上线！ 2023-04-20 19:03:46 第九步: 添加计划任务,启动进程守护程序... 2023-04-20 19:03:43 第八步: 重启 Dnsmasq 程序... 2023-04-20 19:03:43 提示：开始添加自定义防火墙规则... 2023-04-20 19:03:43 提示：正在根据防火墙端口转发和防火墙通信规则添加端口绕过规则... 2023-04-20 19:03:41 提示：检测到 Firewall4，使用 NFTABLE 规则... 2023-04-20 19:03:41 提示：IPv6 代理模式为 TProxy... 2023-04-20 19:03:41 提示：DNS 劫持模式为防火墙转发... 2023-04-20 19:03:41 警告：Dnsmasq 不支持 nftset, 使用 ipset 代替... 2023-04-20 19:03:41 第七步: 设置防火墙规则... 2023-04-20 19:03:41 第六步: 等待主程序下载外部文件... 2023-04-20 19:03:38 第五步: 检查内核启动状态... 2023-04-20 19:03:37 提示：未检测到特殊配置，调用 Dev 内核启动... 2023-04-20 19:03:37 第四步: 启动主程序... 2023-04-20 19:03:37 提示：开始运行自定义覆写脚本... 2023-04-20 19:03:36 提示：您为 SOCKS5/HTTP(S) 代理设置的账户密码为【Clash:Wit08xCl】 2023-04-20 19:03:36 第三步: 修改配置文件... 2023-04-20 19:03:36 第二步: 组件运行前检查... 2023-04-20 19:03:35 第一步: 获取配置... 2023-04-20 19:03:35 OpenClash 开始启动... 2023-04-20 19:03:35 第六步：删除 OpenClash 残留文件... 2023-04-20 19:03:33 第五步: 重启 Dnsmasq 程序... 2023-04-20 19:03:33 第四步: 关闭 Clash 主程序... 2023-04-20 19:03:33 第三步: 关闭 OpenClash 守护程序... 2023-04-20 19:03:32 第二步: 删除 OpenClash 防火墙规则... 2023-04-20 19:03:32 第一步: 备份当前策略组状态... 2023-04-20 19:03:32 OpenClash 开始关闭... 2023-04-20 19:03:32 OpenClash 重新启动中... 2023-04-20 19:03:22【/tmp/openclash_last_version】下载失败：【how to fix it, please visit the web page mentioned above.】 2023-04-20 19:03:22【/tmp/openclash_last_version】下载失败：【establish a secure connection to it. To learn more about this situation and】 2023-04-20 19:03:22【/tmp/openclash_last_version】下载失败：【curl failed to verify the legitimacy of the server and therefore could not】 2023-04-20 19:03:22【/tmp/openclash_last_version】下载失败：【】 2023-04-20 19:03:22【/tmp/openclash_last_version】下载失败：【More details here: https://curl.se/docs/sslcerts.html】 2023-04-20 19:03:22【/tmp/openclash_last_version】下载失败：【curl: (60) Cert verify failed: BADCERT_CN_MISMATCH】 2023-04-20 16:24:06 OpenClash 关闭成功！ 2023-04-20 16:24:06 第六步：删除 OpenClash 残留文件... 2023-04-20 16:24:04 第五步: 重启 Dnsmasq 程序... 2023-04-20 16:24:03 第四步: 关闭 Clash 主程序... 2023-04-20 16:24:03 第三步: 关闭 OpenClash 守护程序... 2023-04-20 16:24:02【/tmp/openclash_last_version】下载失败：【how to fix it, please visit the web page mentioned above.】 2023-04-20 16:24:02【/tmp/openclash_last_version】下载失败：【establish a secure connection to it. To learn more about this situation and】 2023-04-20 16:24:02【/tmp/openclash_last_version】下载失败：【curl failed to verify the legitimacy of the server and therefore could not】 2023-04-20 16:24:02【/tmp/openclash_last_version】下载失败：【】 2023-04-20 16:24:02【/tmp/openclash_last_version】下载失败：【More details here: https://curl.se/docs/sslcerts.html】 2023-04-20 16:24:02【/tmp/openclash_last_version】下载失败：【curl: (60) Cert verify failed: BADCERT_CN_MISMATCH】 2023-04-20 16:24:02 第二步: 删除 OpenClash 防火墙规则... 2023-04-20 16:24:02 第一步: 备份当前策略组状态... 2023-04-20 16:24:02 OpenClash 开始关闭... 2023-04-20 16:23:55 OpenClash 启动成功，请等待服务器上线！ 2023-04-20 16:23:55 第九步: 添加计划任务,启动进程守护程序... 2023-04-20 16:23:52 第八步: 重启 Dnsmasq 程序... 2023-04-20 16:23:52 提示：开始添加自定义防火墙规则... 2023-04-20 16:23:52 提示：正在根据防火墙端口转发和防火墙通信规则添加端口绕过规则... 2023-04-20 16:23:50 OpenClash 关闭成功！ 2023-04-20 16:23:50 第六步：删除 OpenClash 残留文件... 2023-04-20 16:23:50 提示：检测到 Firewall4，使用 NFTABLE 规则... 2023-04-20 16:23:50 提示：IPv6 代理模式为 TProxy... 2023-04-20 16:23:50 提示：DNS 劫持模式为防火墙转发... 2023-04-20 16:23:50 警告：Dnsmasq 不支持 nftset, 使用 ipset 代替... 2023-04-20 16:23:50 第七步: 设置防火墙规则... 2023-04-20 16:23:50 第六步: 等待主程序下载外部文件... 2023-04-20 16:23:46 第五步: 重启 Dnsmasq 程序... 2023-04-20 16:23:46 第五步: 检查内核启动状态... 2023-04-20 16:23:43【/tmp/openclash_last_version】下载失败：【how to fix it, please visit the web page mentioned above.】 2023-04-20 16:23:43【/tmp/openclash_last_version】下载失败：【establish a secure connection to it. To learn more about this situation and】 2023-04-20 16:23:43【/tmp/openclash_last_version】下载失败：【curl failed to verify the legitimacy of the server and therefore could not】 2023-04-20 16:23:43【/tmp/openclash_last_version】下载失败：【】 2023-04-20 16:23:43【/tmp/openclash_last_version】下载失败：【More details here: https://curl.se/docs/sslcerts.html】 2023-04-20 16:23:43【/tmp/openclash_last_version】下载失败：【curl: (60) Cert verify failed: BADCERT_CN_MISMATCH】 2023-04-20 16:23:45 第四步: 关闭 Clash 主程序... 2023-04-20 16:23:45【/tmp/openclash_last_version】下载失败：【how to fix it, please visit the web page mentioned above.】 2023-04-20 16:23:45【/tmp/openclash_last_version】下载失败：【establish a secure connection to it. To learn more about this situation and】 2023-04-20 16:23:45【/tmp/openclash_last_version】下载失败：【curl failed to verify the legitimacy of the server and therefore could not】 2023-04-20 16:23:45【/tmp/openclash_last_version】下载失败：【】 2023-04-20 16:23:45【/tmp/openclash_last_version】下载失败：【More details here: https://curl.se/docs/sslcerts.html】 2023-04-20 16:23:45【/tmp/openclash_last_version】下载失败：【curl: (60) Cert verify failed: BADCERT_CN_MISMATCH】 2023-04-20 16:23:45 第三步: 关闭 OpenClash 守护程序... 2023-04-20 16:23:45 第二步: 删除 OpenClash 防火墙规则... 2023-04-20 16:23:45 第一步: 备份当前策略组状态... 2023-04-20 16:23:45 OpenClash 开始关闭... 2023-04-20 16:23:45 提示：未检测到特殊配置，调用 Dev 内核启动... 2023-04-20 16:23:45 第四步: 启动主程序... 2023-04-20 16:23:45 提示：开始运行自定义覆写脚本... 2023-04-20 16:23:44 提示：您为 SOCKS5/HTTP(S) 代理设置的账户密码为【Clash:Wit08xCl】 2023-04-20 16:23:44 第三步: 修改配置文件... 2023-04-20 16:23:43 第二步: 组件运行前检查... 2023-04-20 16:23:43 第一步: 获取配置... 2023-04-20 16:23:43 OpenClash 开始启动... 2023-04-20 16:23:43 第六步：删除 OpenClash 残留文件... 2023-04-20 16:23:40 第五步: 重启 Dnsmasq 程序... 2023-04-20 16:23:40 第四步: 关闭 Clash 主程序... 2023-04-20 16:23:40 第三步: 关闭 OpenClash 守护程序... 2023-04-20 16:23:40 第二步: 删除 OpenClash 防火墙规则... 2023-04-20 16:23:40 第一步: 备份当前策略组状态... 2023-04-20 16:23:40 OpenClash 开始关闭... 2023-04-20 16:23:40 OpenClash 重新启动中...

[vernesong]

卡的时候再看吧

[remedynotavailable]

I also get this. All version after 103 causing cpu spike. Tried to 113 the same. I thought it was the meta core so I changed it to stable version downloaded manually from meta core gh page. It's still the same. It's all back to normal after downgraded to 103.

If I leave it for few hours it reached 100% load on all cores. Picrel I keep restarting the openclash while changing version and meta core.

[vernesong]

I also get this. All version after 103 causing cpu spike. Tried to 113 the same. I thought it was the meta core so I changed it to stable version downloaded manually from meta core gh page. It's still the same. It's all back to normal after downgraded to 103.

If I leave it for few hours it reached 100% load on all cores. Picrel I keep restarting the openclash while changing version and meta core.

try this and paste log

kill -9 "$(pidof clash |sed 's/$//g')" && /usr/share/openclash/openclash_debug.sh

[remedynotavailable]

I'm on 112. It seems to be normal.

[lisansas]

112和121都崩溃，是内存一步步增加，最后爆内存导致内核崩溃，换回103后也好了。

[anjue39]

我也一样的现象，卡死卡爆

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days