search

xiaorouji / openwrt-passwall

7.01k stars 2.62k forks source link

[Bug]: udp 透明代理好像是坏的 #3355

Closed moetayuko closed 1 month ago

moetayuko commented 1 month ago

描述您遇到的bug

启用 udp 透明代理后,路由器本机和下挂设备均无法访问外部 udp 服务,无论目标地址是墙内还是墙外

UDP 节点与 TCP 节点相同,代理模式设置如下: 图片

复现此Bug的步骤

  1. 启用 UDP 透明代理
  2. 在本机或下挂设备访问外部 UDP 服务,如 nslookup baidu.com 119.29.29.29

您想要实现的目的

UDP 访问正常

日志信息

xray

2024/08/07 09:53:14 [Debug] transport/internet/udp: UDP original destination: udp:119.29.29.29:53
2024/08/07 09:53:14 [Debug] [668435777] proxy/dokodemo: processing connection from: 192.168.6.176:59213
2024/08/07 09:53:14 [Info] [668435777] proxy/dokodemo: received request for 192.168.6.176:59213
2024/08/07 09:53:14 [Info] [668435777] app/proxyman/inbound: connection ends > fake: socket bind: address already in use
2024/08/07 09:53:15 [Info] [668435777] app/dispatcher: taking detour [direct] for [udp:119.29.29.29:53]
2024/08/07 09:53:15 [Debug] [668435777] transport/internet: dialing to udp:119.29.29.29:53
2024/08/07 09:53:15 192.168.6.176:59213 accepted udp:119.29.29.29:53 [udp_redir -> direct]
2024/08/07 09:53:15 [Info] [668435777] proxy/freedom: connection opened to udp:119.29.29.29:53, local endpoint [::]:39265, remote endpoint 119.29.29.29:53

感觉里面的 socket bind: address already in use 很可疑

nftable tracing

(mac 已打码)

trace id fe39eacd inet fw4 trace_chain packet: iif "br-lan" ether saddr xxx ether daddr yyy ip saddr 192.168.6.176 ip daddr 119.29.29.29 ip dscp cs0 ip ecn not-ect ip ttl 128 ip id 50722 ip protocol udp ip    length 60 udp sport 59213 udp dport 53 udp length 40 @th,64,96 0xec8501000001000000000000
trace id fe39eacd inet fw4 trace_chain rule ip daddr 119.29.29.29 meta nftrace set 1 (verdict continue)
trace id fe39eacd inet fw4 trace_chain verdict continue
trace id fe39eacd inet fw4 trace_chain policy accept
trace id fe39eacd inet fw4 raw_prerouting packet: iif "br-lan" ether saddr xxx ether daddr yyy ip saddr 192.168.6.176 ip daddr 119.29.29.29 ip dscp cs0 ip ecn not-ect ip ttl 128 ip id 50722 ip protocol udp ip length 60 udp sport 59213 udp dport 53 udp length 40 @th,64,96 0xec8501000001000000000000
trace id fe39eacd inet fw4 raw_prerouting verdict continue
trace id fe39eacd inet fw4 raw_prerouting policy accept
trace id fe39eacd inet fw4 mangle_prerouting packet: iif "br-lan" ether saddr xxx ether daddr yyy ip saddr 192.168.6.176 ip daddr 119.29.29.29 ip dscp cs0 ip ecn not-ect ip ttl 128 ip id 50722 ip protocol udp ip length 60 udp sport 59213 udp dport 53 udp length 40 @th,64,96 0xec8501000001000000000000
trace id fe39eacd inet fw4 mangle_prerouting rule counter packets 628 bytes 192481 jump PSW_DIVERT (verdict jump PSW_DIVERT)
trace id fe39eacd inet fw4 PSW_DIVERT verdict continue
trace id fe39eacd inet fw4 mangle_prerouting rule meta nfproto ipv4 counter packets 382 bytes 98616 jump PSW_MANGLE (verdict jump PSW_MANGLE)
trace id fe39eacd inet fw4 PSW_MANGLE rule ip protocol udp ip daddr @passwall_shuntlist counter packets 0 bytes 0 jump PSW_RULE comment "默认" (verdict jump PSW_RULE)
trace id fe39eacd inet fw4 PSW_RULE rule meta mark set ct mark counter packets 58 bytes 5791 (verdict continue)
trace id fe39eacd inet fw4 PSW_RULE rule meta l4proto udp ct state new meta mark set meta mark & 0x00000001 | 0x00000001 counter packets 2 bytes 152 (verdict continue)
trace id fe39eacd inet fw4 PSW_RULE rule ct mark set meta mark counter packets 35 bytes 2693 (verdict continue)
trace id fe39eacd inet fw4 PSW_RULE verdict continue meta mark 0x00000001
trace id fe39eacd inet fw4 PSW_MANGLE rule ip protocol udp counter packets 2 bytes 152 jump PSW_RULE comment "默认" (verdict jump PSW_RULE)
trace id fe39eacd inet fw4 PSW_RULE rule meta mark set ct mark counter packets 58 bytes 5791 (verdict continue)
trace id fe39eacd inet fw4 PSW_RULE verdict return meta mark 0x00000001
trace id fe39eacd inet fw4 PSW_MANGLE rule ip protocol udp counter packets 2 bytes 152 meta mark 0x00000001 tproxy ip to :1041 comment "默认" (verdict continue)
trace id fe39eacd inet fw4 PSW_MANGLE verdict return meta mark 0x00000001
trace id fe39eacd inet fw4 mangle_prerouting verdict continue meta mark 0x00000001
trace id fe39eacd inet fw4 mangle_prerouting policy accept meta mark 0x00000001
trace id fe39eacd inet fw4 dstnat packet: iif "br-lan" ether saddr xxx ether daddr yyy ip saddr 192.168.6.176 ip daddr 119.29.29.29 ip dscp cs0 ip ecn not-ect ip ttl 128 ip id 50722 ip protocol udp ip length  60 udp sport 59213 udp dport 53 udp length 40 @th,64,96 0xec8501000001000000000000
trace id fe39eacd inet fw4 dstnat rule jump PSW_REDIRECT (verdict jump PSW_REDIRECT)
trace id fe39eacd inet fw4 PSW_REDIRECT verdict continue meta mark 0x00000001
trace id fe39eacd inet fw4 dstnat verdict continue meta mark 0x00000001
trace id fe39eacd inet fw4 dstnat policy accept meta mark 0x00000001
trace id fe39eacd inet fw4 prerouting packet: iif "br-lan" ether saddr xxx ether daddr yyy ip saddr 192.168.6.176 ip daddr 119.29.29.29 ip dscp cs0 ip ecn not-ect ip ttl 128 ip id 50722 ip protocol udp ip     length 60 udp sport 59213 udp dport 53 udp length 40 @th,64,96 0xec8501000001000000000000
trace id fe39eacd inet fw4 prerouting rule iifname "br-lan" jump helper_lan comment "!fw4: Handle lan IPv4/IPv6 helper assignment" (verdict jump helper_lan)
trace id fe39eacd inet fw4 helper_lan verdict continue meta mark 0x00000001
trace id fe39eacd inet fw4 prerouting verdict continue meta mark 0x00000001
trace id fe39eacd inet fw4 prerouting policy accept meta mark 0x00000001
trace id fe39eacd inet fw4 mangle_input packet: iif "br-lan" ether saddr xxx ether daddr yyy ip saddr 192.168.6.176 ip daddr 119.29.29.29 ip dscp cs0 ip ecn not-ect ip ttl 128 ip id 50722 ip protocol udp ip   length 60 udp sport 59213 udp dport 53 udp length 40 @th,64,96 0xec8501000001000000000000
trace id fe39eacd inet fw4 mangle_input verdict continue meta mark 0x00000001
trace id fe39eacd inet fw4 mangle_input policy accept meta mark 0x00000001
trace id fe39eacd inet fw4 input packet: iif "br-lan" ether saddr xxx ether daddr yyy ip saddr 192.168.6.176 ip daddr 119.29.29.29 ip dscp cs0 ip ecn not-ect ip ttl 128 ip id 50722 ip protocol udp ip length   60 udp sport 59213 udp dport 53 udp length 40 @th,64,96 0xec8501000001000000000000
trace id fe39eacd inet fw4 input rule iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic" (verdict jump input_lan)
trace id fe39eacd inet fw4 input_lan rule jump accept_from_lan (verdict jump accept_from_lan)
trace id fe39eacd inet fw4 accept_from_lan rule iifname "br-lan" counter packets 185269 bytes 190254452 accept comment "!fw4: accept lan IPv4/IPv6 traffic" (verdict accept)

截图

No response

系统相关信息

OpenWrt 23.05.4 (r24012-d8dd03c46f) luci-app-passwall 4.78-1-smartdns-dev

其他信息

No response

hcym commented 1 month ago

udp一直正常了,p1p2都是的,

moetayuko commented 1 month ago

udp一直正常了,p1p2都是的,

啊?

moetayuko commented 1 month ago

v2ray/xray 内部实现问题,与 passwall 无关 https://github.com/v2fly/v2ray-core/issues/68 smartdns 监听 [::]:53 所以 53 端口走不了 udp 透明代理。针对 119.29.29.29 这种国内服务可以加入并启用直连列表来绕过透明代理,8.8.8.8 这种就无解了