v1.1.0 版不支持ipv6 转发

[j3l11234]

如题。 运行参数 /usr/bin/ipt2socks -l 1234 运行硬件 xiaomi r3g

[zfl9]

日志日志。

[zfl9]

-v/--verbose 日志

[zfl9]

另外你的 ip6tables 规则发来看下

[j3l11234]

ip6tables -t mangle -N REDSOCKS
ip6tables -t mangle -A REDSOCKS -p tcp -j TPROXY --on-ip ::1 --on-port 1234 --tproxy-mark 0x01/0x01
ip6tables -t mangle -A REDSOCKS -p udp -j TPROXY --on-ip ::1 --on-port 1234 --tproxy-mark 0x01/0x01
ip6tables -t mangle -N REDSOCKS_MARK
ip6tables -t mangle -A REDSOCKS_MARK -j MARK --set-mark 1
ip6tables -t mangle -A PREROUTING -m set --match-set gfwlist6 dst -j REDSOCKS
ip6tables -t mangle -A OUTPUT -m set --match-set gfwlist6 dst -j REDSOCKS_MARK
ip -6 rule add fwmark 1 lookup 100
ip -6 route add local default dev lo table 100

 [tcp_socks5_recv_authresp_cb] recv from 127.0.0.1#1080, nrecv:2
2020-05-08 10:45:49 INF: [tcp_socks5_send_proxyreq_cb] send to 127.0.0.1#1080, nsend:22
2020-05-08 10:45:49 INF: [tcp_socks5_recv_proxyresp_cb] recv from 127.0.0.1#1080, nrecv:10
2020-05-08 10:45:55 INF: [tcp_tproxy_accept_cb] source socket address: 2408:8207:18a5:25a0:d0e0:e5d9:e7d5:a4#53300
2020-05-08 10:45:55 INF: [tcp_tproxy_accept_cb] target socket address: 2001:4860:4860::8844#443
2020-05-08 10:45:55 INF: [tcp_tproxy_accept_cb] try to connect to 127.0.0.1#1080 ...
2020-05-08 10:45:55 INF: [tcp_socks5_connect_cb] connect to 127.0.0.1#1080 succeeded
2020-05-08 10:45:55 INF: [tcp_socks5_send_authreq_cb] send to 127.0.0.1#1080, nsend:3
2020-05-08 10:45:55 INF: [tcp_socks5_recv_authresp_cb] recv from 127.0.0.1#1080, nrecv:2
2020-05-08 10:45:55 INF: [tcp_socks5_send_proxyreq_cb] send to 127.0.0.1#1080, nsend:22
2020-05-08 10:45:55 INF: [tcp_socks5_recv_proxyresp_cb] recv from 127.0.0.1#1080, nrecv:10
2020-05-08 10:45:56 ERR: [tcp_socks5_recv_proxyresp_cb] recv from 127.0.0.1#1080: connection is closed
2020-05-08 10:45:58 INF: [udp_socks5_context_timeout_cb] context will be released, reason: timeout
2020-05-08 10:45:58 INF: [udp_socks5_context_timeout_cb] context will be released, reason: timeout
2020-05-08 10:45:58 ERR: [tcp_socks5_recv_proxyresp_cb] recv from 127.0.0.1#1080: connection is closed
2020-05-08 10:45:58 INF: [tcp_tproxy_accept_cb] source socket address: 2408:8207:18a5:25a0:9d1b:bef9:a857:3811#60769
2020-05-08 10:45:58 INF: [tcp_tproxy_accept_cb] target socket address: 2404:6800:4004:80f::200e#443
2020-05-08 10:45:58 INF: [tcp_tproxy_accept_cb] try to connect to 127.0.0.1#1080 ...
2020-05-08 10:45:58 INF: [tcp_socks5_connect_cb] connect to 127.0.0.1#1080 succeeded
2020-05-08 10:45:58 INF: [tcp_socks5_send_authreq_cb] send to 127.0.0.1#1080, nsend:3
2020-05-08 10:45:58 INF: [tcp_socks5_recv_authresp_cb] recv from 127.0.0.1#1080, nrecv:2
2020-05-08 10:45:58 INF: [tcp_socks5_send_proxyreq_cb] send to 127.0.0.1#1080, nsend:22
2020-05-08 10:45:58 INF: [tcp_socks5_recv_proxyresp_cb] recv from 127.0.0.1#1080, nrecv:10
2020-05-08 10:45:58 INF: [udp_socks5_context_timeout_cb] context will be released, reason: timeout
2020-05-08 10:45:58 INF: [udp_socks5_context_timeout_cb] context will be released, reason: timeout
2020-05-08 10:46:00 INF: [tcp_tproxy_accept_cb] source socket address: 192.168.24.16#53954
2020-05-08 10:46:00 INF: [tcp_tproxy_accept_cb] target socket address: 172.217.174.116#80
2020-05-08 10:46:00 INF: [tcp_tproxy_accept_cb] try to connect to 127.0.0.1#1080 ...
2020-05-08 10:46:00 INF: [tcp_socks5_connect_cb] connect to 127.0.0.1#1080 succeeded
2020-05-08 10:46:00 INF: [tcp_socks5_send_authreq_cb] send to 127.0.0.1#1080, nsend:3
2020-05-08 10:46:00 INF: [tcp_socks5_recv_authresp_cb] recv from 127.0.0.1#1080, nrecv:2
2020-05-08 10:46:00 INF: [tcp_socks5_send_proxyreq_cb] send to 127.0.0.1#1080, nsend:10
2020-05-08 10:46:00 INF: [tcp_socks5_recv_proxyresp_cb] recv from 127.0.0.1#1080, nrecv:10
2020-05-08 10:46:00 INF: [tcp_socks5_recv_proxyresp_cb] tunnel is ready, start forwarding ...
2020-05-08 10:46:00 ERR: [tcp_socks5_recv_proxyresp_cb] recv from 127.0.0.1#1080: connection is closed
2020-05-08 10:46:00 INF: [tcp_stream_payload_forward_cb] recv FIN from socks5 stream, release ctx
2020-05-08 10:46:00 INF: [tcp_tproxy_accept_cb] source socket address: 192.168.24.16#53959
2020-05-08 10:46:00 INF: [tcp_tproxy_accept_cb] target socket address: 172.217.174.116#80
2020-05-08 10:46:00 INF: [tcp_tproxy_accept_cb] try to connect to 127.0.0.1#1080 ...
2020-05-08 10:46:00 INF: [tcp_socks5_connect_cb] connect to 127.0.0.1#1080 succeeded
2020-05-08 10:46:00 INF: [tcp_socks5_send_authreq_cb] send to 127.0.0.1#1080, nsend:3
2020-05-08 10:46:00 INF: [tcp_socks5_recv_authresp_cb] recv from 127.0.0.1#1080, nrecv:2
2020-05-08 10:46:00 INF: [tcp_socks5_send_proxyreq_cb] send to 127.0.0.1#1080, nsend:10
2020-05-08 10:46:00 INF: [tcp_socks5_recv_proxyresp_cb] recv from 127.0.0.1#1080, nrecv:10
2020-05-08 10:46:00 INF: [tcp_socks5_recv_proxyresp_cb] tunnel is ready, start forwarding ...
2020-05-08 10:46:00 ERR: [tcp_stream_payload_forward_cb] recv from client stream: (null)
2020-05-08 10:46:01 ERR: [tcp_stream_payload_forward_cb] recv from client stream: (null)
2020-05-08 10:46:01 INF: [tcp_tproxy_accept_cb] source socket address: 192.168.24.16#53963
2020-05-08 10:46:01 INF: [tcp_tproxy_accept_cb] target socket address: 172.217.174.116#80
2020-05-08 10:46:01 INF: [tcp_tproxy_accept_cb] try to connect to 127.0.0.1#1080 ...
2020-05-08 10:46:01 INF: [tcp_socks5_connect_cb] connect to 127.0.0.1#1080 succeeded
2020-05-08 10:46:01 INF: [tcp_socks5_send_authreq_cb] send to 127.0.0.1#1080, nsend:3
2020-05-08 10:46:01 INF: [tcp_socks5_recv_authresp_cb] recv from 127.0.0.1#1080, nrecv:2
2020-05-08 10:46:01 INF: [tcp_socks5_send_proxyreq_cb] send to 127.0.0.1#1080, nsend:10
2020-05-08 10:46:01 INF: [tcp_socks5_recv_proxyresp_cb] recv from 127.0.0.1#1080, nrecv:10
2020-05-08 10:46:01 INF: [tcp_socks5_recv_proxyresp_cb] tunnel is ready, start forwarding ...
2020-05-08 10:46:01 ERR: [tcp_stream_payload_forward_cb] recv from client stream: (null)
^C

[zfl9]

看日志完全没啥问题啊，你看下上游socks5服务器的日志，是不是socks5服务器不支持v6转发。

[zfl9]

[tcp_socks5_recv_proxyresp_cb] recv from 127.0.0.1#1080: connection is closed

这是上游 socks5 服务器关闭了连接，看下socks5的详细日志。

[zfl9]

2020-05-08 10:45:55 INF: [tcp_tproxy_accept_cb] source socket address: 2408:8207:18a5:25a0:d0e0:e5d9:e7d5:a4#53300
2020-05-08 10:45:55 INF: [tcp_tproxy_accept_cb] target socket address: 2001:4860:4860::8844#443
2020-05-08 10:45:55 INF: [tcp_tproxy_accept_cb] try to connect to 127.0.0.1#1080 ...
2020-05-08 10:45:55 INF: [tcp_socks5_connect_cb] connect to 127.0.0.1#1080 succeeded
2020-05-08 10:45:55 INF: [tcp_socks5_send_authreq_cb] send to 127.0.0.1#1080, nsend:3
2020-05-08 10:45:55 INF: [tcp_socks5_recv_authresp_cb] recv from 127.0.0.1#1080, nrecv:2
2020-05-08 10:45:55 INF: [tcp_socks5_send_proxyreq_cb] send to 127.0.0.1#1080, nsend:22
2020-05-08 10:45:55 INF: [tcp_socks5_recv_proxyresp_cb] recv from 127.0.0.1#1080, nrecv:10
2020-05-08 10:45:56 ERR: [tcp_socks5_recv_proxyresp_cb] recv from 127.0.0.1#1080: connection is closed

从这个日志可以看出，recv_proxyresp_cb 里面，socks5 服务器应该返回总共 22 字节的 reponse，但是只收到了 10 字节，然后 socks5 服务器直接就关了连接。所以要查看 socks5 服务器是否不支持 ipv6.

ipv4代理请求(proxyreq)和代理响应(proxyresp)都是10字节。你可以从你给的日志中观察的到。 ipv6代理请求(proxyreq)和代理响应(proxyresp)都是22字节，但是你的socks5服务器只返回了10字节。 这显然是有问题的。

[j3l11234]

作为对比，我使用chrome，指定sock5的代理，访问同一个ipv6地址就是可以的。

[zfl9]

都说了，给我日志。不过，隐约能感觉到问题在哪里了。晚上有时间改一下，看下是否是猜想的这样。

[zfl9]

作为对比，我使用chrome，指定sock5的代理，访问同一个ipv6地址就是可以的。

嗯，如果是这样的话，那确实是 ipt2socks 的问题，而且之前的版本也有这个问题。。

[j3l11234]

Fri May  8 15:29:57 2020 daemon.err trojan[13821]: [2020-05-08 15:29:57] [INFO] 192.168.24.18:61804 requested connection to 2001:19f0:7001:3b6:5400:ff:fe5b:133b:443
Fri May  8 15:29:57 2020 daemon.err trojan[13821]: [2020-05-08 15:29:57] [INFO] 192.168.24.18:61804 disconnected, 2216 bytes received, 547 bytes sent, lasted for 0 seconds

Fri May  8 15:30:44 2020 daemon.err trojan[13821]: [2020-05-08 15:30:44] [INFO] 127.0.0.1:57444 requested connection to 2001:19f0:7001:03b6:5400:00ff:fe5b:133b:443
Fri May  8 15:31:45 2020 daemon.err trojan[13821]: [2020-05-08 15:31:45] [INFO] 127.0.0.1:57444 disconnected, 0 bytes received, 0 bytes sent, lasted for 61 seconds

上边是我用chrome访问的 下边是ipt2socks访问的 同一个目的地址

[zfl9]

ok，有时间我在解决。感谢提出.

[zfl9]

已更新，应该是没问题了。有时间你再试下。给我个反馈哈。 UPDATE: 再更新下，发现1.1.1版本的udp有个bug。1.1.2已修正。