search

zfl9 / ss-tproxy

ss/v2ray/xray/trojan/hysteria/naive/socks5 透明代理
GNU Affero General Public License v3.0
2.26k stars 434 forks source link

可以增加个naiveproxy的使用示例吗? #216

Closed sunlewuyou closed 1 year ago

sunlewuyou commented 1 year ago

弄了半天不成功,有没有小伙伴也是用naiveproxy,能给个示例吗?谢谢!

zfl9 commented 1 year ago

试试 tcponly='true'

另外可以在issue里面搜索关键字 naive ,我看到有小伙伴使用 naive 成功的。

sunlewuyou commented 1 year ago

@zfl9 好的,我再尝试尝试,感谢回复!

sunlewuyou commented 1 year ago

@zfl9 依次重新安装重新测试,还是未成功。 我的相关配置如下: 1、naive使用以下命令运行config.json

{
  "listen": "socks://127.0.0.1:1080",
  "proxy": "https://user:pass@example.com"
}

2、ss-tproxy.conf配置

## mode
#mode='global'  # global 模式 (不分流)
#mode='gfwlist' # gfwlist 模式 (黑名单)
mode='chnroute' # chnroute 模式 (白名单)

## ipv4/6
ipv4='true'     # true:启用ipv4透明代理; false:关闭ipv4透明代理
ipv6='false'    # true:启用ipv6透明代理; false:关闭ipv6透明代理

## tproxy
tproxy='false'  # true:TPROXY+TPROXY; false:REDIRECT+TPROXY

## tcponly
tcponly='true' # true:仅代理TCP流量; false:代理TCP和UDP流量

## selfonly
selfonly='false' # true:仅代理本机流量; false:代理本机及"内网"流量

## proxy
# user/group(#1,推荐) vs svraddr+port(#2), user/group选其中一个填写(不建议都填)
proxy_procuser='proxy'   # 本机代理进程的 user/uid,用来放行本机代理进程传出的流量
proxy_procgroup=''       # 本机代理进程的 group/gid,用来放行本机代理进程传出的流量
proxy_svraddr4=()        # 服务器的 IPv4 地址或域名,允许填写多个服务器地址,空格隔开
proxy_svraddr6=()        # 服务器的 IPv6 地址或域名,允许填写多个服务器地址,空格隔开
proxy_svrport=''         # 服务器的监听端口,可填多个端口,格式同 ipts_proxy_dst_port
proxy_tcpport='60080'    # ss/ssr/v2ray 等本机进程的 TCP 监听端口,该端口支持透明代理
proxy_udpport='60080'    # ss/ssr/v2ray 等本机进程的 UDP 监听端口,该端口支持透明代理
proxy_startcmd='su proxy -c"(naive /etc/naive.json </dev/null &>>/tmp/naive.log & ipt2socks </dev/null &>>/tmp/ipt2socks.log &)"'     # 用于启动本机代理进程的 shell 命令,该命令应该能立即执行完毕
proxy_stopcmd='kill -9 $(pidof naive) $(pidof ipt2socks)'      # 用于关闭本机代理进程的 shell 命令,该命令应该能立即执行完毕

3、脚本执行成功后的进程端口情况

root@debian11:~# netstat -tuanp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:60080         0.0.0.0:*               LISTEN      1301/ipt2socks      
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      1340/dnsmasq        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      608/sshd: /usr/sbin 
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      584/cupsd           
tcp        0      0 127.0.0.1:1080          0.0.0.0:*               LISTEN      1300/naive          
tcp        0      0 192.168.10.15:36894     112.80.248.75:443       ESTABLISHED 1300/naive          
tcp        0    248 192.168.10.15:22        192.168.10.8:54367      ESTABLISHED 1076/sshd: root@pts 
tcp6       0      0 ::1:60080               :::*                    LISTEN      1301/ipt2socks      
tcp6       0      0 :::53                   :::*                    LISTEN      1340/dnsmasq        
tcp6       0      0 :::22                   :::*                    LISTEN      608/sshd: /usr/sbin 
tcp6       0      0 ::1:631                 :::*                    LISTEN      584/cupsd           
udp        0      0 0.0.0.0:44472           0.0.0.0:*                           1331/chinadns-ng    
udp        0      0 127.0.0.1:65353         0.0.0.0:*                           1331/chinadns-ng    
udp        0      0 0.0.0.0:40838           0.0.0.0:*                           1340/dnsmasq        
udp        0      0 127.0.0.1:65454         0.0.0.0:*                           1342/dns2tcp        
udp        0      0 0.0.0.0:53              0.0.0.0:*                           1340/dnsmasq        
udp        0      0 192.168.10.15:68        192.168.10.1:67         ESTABLISHED 466/NetworkManager  
udp        0      0 0.0.0.0:631             0.0.0.0:*                           609/cups-browsed    
udp        0      0 127.0.0.1:60080         0.0.0.0:*                           1301/ipt2socks      
udp        0      0 0.0.0.0:43823           0.0.0.0:*                           463/avahi-daemon: r 
udp        0      0 0.0.0.0:54101           0.0.0.0:*                           1331/chinadns-ng    
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           463/avahi-daemon: r 
udp6       0      0 :::53                   :::*                                1340/dnsmasq        
udp6       0      0 fe80::1c2:226f:fe03:252 :::*                                466/NetworkManager  
udp6       0      0 ::1:60080               :::*                                1301/ipt2socks      
udp6       0      0 :::49931                :::*                                463/avahi-daemon: r 
udp6       0      0 :::5353                 :::*                                463/avahi-daemon: r

4、脚本执行成功后的iptables相关规则

root@debian11:~# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 19 packets, 3668 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   19  3668 SSTP_PREROUTING  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT 19 packets, 3668 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 49 packets, 2902 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   65  3858 SSTP_OUTPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 63 packets, 3742 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   65  3858 SSTP_POSTROUTING  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain SSTP_OUTPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    2   116 DNAT       udp  --  *      *       0.0.0.0/0            127.0.0.1            owner UID match 13 udp dpt:53 to:223.5.5.5:53
   17  1020 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            owner UID match 13
   18  1120 SSTP_RULE  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type LOCAL dst-type !LOCAL

Chain SSTP_POSTROUTING (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    2   116 MASQUERADE  udp  --  *      *       0.0.0.0/0            223.5.5.5            owner UID match 13 udp dpt:53

Chain SSTP_PREROUTING (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 SSTP_RULE  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type !LOCAL dst-type !LOCAL

Chain SSTP_RULE (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   14   840 DNAT       tcp  --  *      *       0.0.0.0/0            8.8.8.8              tcp dpt:53 flags:0x17/0x02 to:127.0.0.1:60080
    1   100 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set privaddr dst
    3   180 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set chnroute dst
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 1:65535 tcp flags:0x17/0x02 to:127.0.0.1:60080
zfl9 commented 1 year ago

ipt2socks默认为tproxy模式 tproxy='true'

zfl9 commented 1 year ago

理论上,所有的socks5代理接入,都与readme的trojan例子类似,最多就是tcponly的区别(取决于上游是否支持udp)

sunlewuyou commented 1 year ago

@zfl9 经过点拨,测试成功,非常感谢,这下用国内服务器编译路由固件就不用再担心用proxychains会出现莫名其妙的网络代理问题了,比如golang就好像不行,期待项目越来越完善,要是以后能有一键脚本那就nice了,再次感谢此项目对我的帮助!

zfl9 commented 1 year ago

是的,golang全静态链接的,所以proxychains-ng的魔法不起作用

sunlewuyou commented 1 year ago

@zfl9 晚安,好梦☽

sunlewuyou commented 1 year ago

@zfl9 才发现最新版脚本文件有一些改动,以前部署成功后写的部署文档照着做已经无法成功了,不知道是不是这个配置的原因:proxy_procgroup 以前的是proxy_procuser,脚本启动后用ps aux能看出来naive 和ipt2socks 启动的用户是proxy,改成proxy_procgroup 后不知道怎么改动了,这样写的发现不行:

proxy_startcmd='/usr/bin/naive /etc/naive/config.json >/dev/null 2>&1 & ipt2socks >/dev/null 2>&1 &'

请教新的写法,谢谢!

zfl9 commented 1 year ago

README 有一个例子:socks5 (trojan) 那个。

记得 tcponly='true',trojan 改为 naive 即可。

zfl9 commented 1 year ago

把 trojan 改为 naive 就好了。

# 这里只介绍 v4.7+ 版本的配置

tproxy='true' # ipt2socks默认为tproxy模式
tcponly='true' # naive 不支持 udp
proxy_startcmd='start_trojan'
proxy_stopcmd='stop_trojan'

start_trojan() {
    # 设置 setgid 权限位 (只需执行一次)
    set_proxy_group trojan
    set_proxy_group ipt2socks

    (trojan -c /etc/trojan.json </dev/null &>>/var/log/trojan.log &)
    (ipt2socks </dev/null &>>/var/log/ipt2socks.log &)
}

stop_trojan() {
    kill -9 $(pidof trojan) $(pidof ipt2socks) &>/dev/null
}
zfl9 commented 1 year ago

后面我在 readme 中多加几个例子吧,naive、clash 之类的。

zfl9 commented 1 year ago

set_proxy_group 就是给可执行文件设置“所属group”,"setgid"特殊权限位。

设置好之后,执行相关文件,会自动切换group身份。

之所以要切换group身份,就是为了区分不同类型的进程:

之前的版本可以选择 user 或者 group,新版本只留下了 group 一种方式。有多种考虑:

zfl9 commented 1 year ago

除了 user/group 这种“放行”方式,还可以利用 cgroup,但这个比 user/group 还麻烦,除非你全部都用 systemd 来处理。但 ss-tproxy 显然不能假设所有系统都使用 systemd。另外就是 cgroup 可用性可能不如 user/group。

另外,不需要手动去给可执行文件设置 (chmod、chown、setcap),照着 readme 的方式做就好了。

如果确实希望代理进程能够以非 root 用户运行,才需要给进程设置 setcap,获得相关能力,确保能执行透明代理。

zfl9 commented 1 year ago

更多细节,可以看看 #233

sunlewuyou commented 1 year ago

十分感谢,^(* ̄(oo) ̄)^

sunlewuyou commented 1 year ago

在WSL子系统里使用脚本时遇到的问题:

# 系统内核
[root@WSL ~]# uname -a
Linux WSL 5.15.90.1-microsoft-standard-WSL2 #1 SMP Fri Jan 27 02:56:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

# ss-tproxy.conf 主要配置
mode='chnroute' # 大陆白名单:{gfwlist}走代理,{ignlist,chnlist,chnroute}走直连,其他走代理
ipv4='true'     # 是否对ipv4启用'透明代理': true启用 false不启用
ipv6='true'    # 是否对ipv6启用'透明代理': true启用 false不启用
tproxy='false'  # true:  TPROXY(tcp)   + TPROXY(udp) ## 纯 tproxy 模式 ##
tcponly='true' # true:仅代理TCP流量 | false:代理TCP和UDP流量
proxy_startcmd='start_naive'
proxy_stopcmd='stop_naive' 

start_naive() {
    set_proxy_group naive
    set_proxy_group ipt2socks
    (/usr/local/bin/naive /etc/naive/config.json </dev/null &>>/var/log/naive.log &)
    (ipt2socks </dev/null &>>/var/log/ipt2socks.log &)
}

stop_naive() {
    kill -9 $(pidof naive) $(pidof ipt2socks) &>/dev/null
}

# 脚本启动无报错信息
[root@WSL ~]# ss-tproxy start
mode:       chnroute
proxy/tcp:  [running]
dnsmasq:    [running]
chinadns:   [running]
dns2tcp4:   [running]
dns2tcp6:   [running]

[root@WSL ~]# ss-tproxy show-iptables
==> iptables-mangle <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT

==> iptables-nat <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N SSTP_OUTPUT
-N SSTP_PREROUTING
-N SSTP_RULE
-A PREROUTING -j SSTP_PREROUTING
-A OUTPUT -j SSTP_OUTPUT
-A SSTP_OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m addrtype ! --dst-type LOCAL -m owner ! --gid-owner 1000 -j SSTP_RULE
-A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner ! --gid-owner 1000 -m owner ! --gid-owner 1001 -j REDIRECT --to-ports 53
-A SSTP_PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m addrtype ! --src-type LOCAL ! --dst-type LOCAL -j SSTP_RULE
-A SSTP_RULE -m set --match-set sstp_white dst -m set ! --match-set sstp_black dst -j RETURN
-A SSTP_RULE -p tcp -j DNAT --to-destination 127.0.0.1:60080

==> ip6tables-mangle <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT

==> ip6tables-nat <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N SSTP_OUTPUT
-N SSTP_PREROUTING
-N SSTP_RULE
-A PREROUTING -j SSTP_PREROUTING
-A OUTPUT -j SSTP_OUTPUT
-A SSTP_OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m addrtype ! --dst-type LOCAL -m owner ! --gid-owner 1000 -j SSTP_RULE
-A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner ! --gid-owner 1000 -m owner ! --gid-owner 1001 -j REDIRECT --to-ports 53
-A SSTP_PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m addrtype ! --src-type LOCAL ! --dst-type LOCAL -j SSTP_RULE
-A SSTP_RULE -m set --match-set sstp_white6 dst -m set ! --match-set sstp_black6 dst -j RETURN
-A SSTP_RULE -p tcp -j DNAT --to-destination [::1]:60080

# curl谷歌报错,curl cip.cc正常
[root@WSL ~]# curl -L -4 -vvv www.google.com
* Could not resolve host: www.google.com; Name or service not known
* Closing connection 0
curl: (6) Could not resolve host: www.google.com; Name or service not known

# dns2tcp.log
2023-05-31 01:11:08 INF: [udp_recvmsg_cb] recv from 127.0.0.1#39371, nrecv:32
2023-05-31 01:11:08 INF: [udp_recvmsg_cb] recv from ::1#45032, nrecv:32
2023-05-31 01:11:08 INF: [udp_recvmsg_cb] try to connect to 2001:4860:4860::8888#53
2023-05-31 01:11:08 INF: [udp_recvmsg_cb] try to connect to 8.8.8.8#53
2023-05-31 01:11:08 INF: [tcp_connect_cb] connect to 8.8.8.8#53 succeed
2023-05-31 01:11:08 INF: [tcp_connect_cb] connect to 2001:4860:4860::8888#53 succeed
2023-05-31 01:11:08 INF: [tcp_sendmsg_cb] send to 8.8.8.8#53, nsend:34
2023-05-31 01:11:08 INF: [tcp_sendmsg_cb] send to 2001:4860:4860::8888#53, nsend:34
2023-05-31 01:11:08 ERR: [tcp_recvmsg_cb] recv from 2001:4860:4860::8888#53: connection is closed
2023-05-31 01:11:09 ERR: [tcp_recvmsg_cb] recv from 8.8.8.8#53: connection is closed
2023-05-31 01:11:13 INF: [udp_recvmsg_cb] recv from 127.0.0.1#39371, nrecv:32
2023-05-31 01:11:13 INF: [udp_recvmsg_cb] recv from ::1#45032, nrecv:32
2023-05-31 01:11:13 INF: [udp_recvmsg_cb] try to connect to 2001:4860:4860::8888#53
2023-05-31 01:11:13 INF: [udp_recvmsg_cb] try to connect to 8.8.8.8#53
2023-05-31 01:11:13 INF: [tcp_connect_cb] connect to 2001:4860:4860::8888#53 succeed
2023-05-31 01:11:13 INF: [tcp_connect_cb] connect to 8.8.8.8#53 succeed
2023-05-31 01:11:13 INF: [tcp_sendmsg_cb] send to 2001:4860:4860::8888#53, nsend:34
2023-05-31 01:11:13 ERR: [tcp_recvmsg_cb] recv from 2001:4860:4860::8888#53: connection is closed
2023-05-31 01:11:13 INF: [tcp_sendmsg_cb] send to 8.8.8.8#53, nsend:34
2023-05-31 01:11:14 ERR: [tcp_recvmsg_cb] recv from 8.8.8.8#53: connection is closed

tproxy='false',虽然脚本成功启动无报错,但是代理不正常,国外dns不能解析。

sunlewuyou commented 1 year ago

因为wsl内核没有tproxy模块所以没有设置tproxy='true',如果这么设置会变成这样:

[root@WSL ~]# ss-tproxy start
RTNETLINK answers: File exists
RTNETLINK answers: Address family not supported by protocol
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
ip6tables: No chain/target/match by that name.
ip6tables: No chain/target/match by that name.
ip6tables: No chain/target/match by that name.
mode:       chnroute
proxy/tcp:  [running]
dnsmasq:    [running]
chinadns:   [running]
dns2tcp4:   [running]
dns2tcp6:   [running]

[root@WSL ~]# ss-tproxy show-iptables
==> iptables-mangle <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N SSTP_OUTPUT
-N SSTP_PREROUTING
-N SSTP_RULE
-A PREROUTING -j SSTP_PREROUTING
-A OUTPUT -j SSTP_OUTPUT
-A SSTP_OUTPUT -m addrtype --dst-type LOCAL -j RETURN
-A SSTP_OUTPUT -m conntrack --ctdir REPLY -j RETURN
-A SSTP_OUTPUT -m owner --gid-owner 1000 -j RETURN
-A SSTP_OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j SSTP_RULE
-A SSTP_PREROUTING -m addrtype --dst-type LOCAL -j RETURN
-A SSTP_PREROUTING -m conntrack --ctdir REPLY -j RETURN
-A SSTP_PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m addrtype ! --src-type LOCAL -j SSTP_RULE
-A SSTP_RULE -m set --match-set sstp_white dst -m set ! --match-set sstp_black dst -j RETURN

==> iptables-nat <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N SSTP_OUTPUT
-A OUTPUT -j SSTP_OUTPUT
-A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner ! --gid-owner 1000 -m owner ! --gid-owner 1001 -j REDIRECT --to-ports 53

==> ip6tables-mangle <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N SSTP_OUTPUT
-N SSTP_PREROUTING
-N SSTP_RULE
-A PREROUTING -j SSTP_PREROUTING
-A OUTPUT -j SSTP_OUTPUT
-A SSTP_OUTPUT -m addrtype --dst-type LOCAL -j RETURN
-A SSTP_OUTPUT -m conntrack --ctdir REPLY -j RETURN
-A SSTP_OUTPUT -m owner --gid-owner 1000 -j RETURN
-A SSTP_OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j SSTP_RULE
-A SSTP_PREROUTING -m addrtype --dst-type LOCAL -j RETURN
-A SSTP_PREROUTING -m conntrack --ctdir REPLY -j RETURN
-A SSTP_PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m addrtype ! --src-type LOCAL -j SSTP_RULE
-A SSTP_RULE -m set --match-set sstp_white6 dst -m set ! --match-set sstp_black6 dst -j RETURN

==> ip6tables-nat <==
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N SSTP_OUTPUT
-A OUTPUT -j SSTP_OUTPUT
-A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner ! --gid-owner 1000 -m owner ! --gid-owner 1001 -j REDIRECT --to-ports 53

脚本启动调试信息

[root@WSL ~]# ss-tproxy start -x
+ (( ++i ))
+ (( i < 2 ))
+ '[' 1 -eq 0 ']'
+ '[' /etc/ss-tproxy ']'
+ '[' ss-tproxy.conf ']'
+ cd -- /etc/ss-tproxy
+ load_config
+ file_required ss-tproxy.conf
+ file_is_exists ss-tproxy.conf
+ '[' -f ss-tproxy.conf ']'
+ source ss-tproxy.conf start
++ mode=chnroute
++ ipv4=true
++ ipv6=true
++ tproxy=true
++ tcponly=true
++ selfonly=false
++ proxy_procgroup=proxy
++ proxy_tcpport=60080
++ proxy_udpport=60080
++ proxy_startcmd=start_naive
++ proxy_stopcmd=stop_naive
++ dns_custom=false
++ dns_procgroup=proxy_dns
++ dns_mainport=53
++ dns_direct=223.5.5.5#53
++ dns_direct6=240C::6666#53
++ dns_direct_white=true
++ dns_direct6_white=true
++ dns_remote=8.8.8.8#53
++ dns_remote6=2001:4860:4860::8888#53
++ dns_remote_black=true
++ dns_remote6_black=true
++ dnsmasq_bind_port=
++ dnsmasq_cache_size=4096
++ dnsmasq_cache_time_min=3600
++ dnsmasq_query_maxcnt=1024
++ dnsmasq_log_enable=false
++ dnsmasq_log_file=/var/log/dnsmasq.log
++ dnsmasq_conf_dir=()
++ dnsmasq_conf_file=()
++ dnsmasq_conf_string=()
++ chinadns_for_gfwlist=true
++ chinadns_bind_port=65353
++ chinadns_chnlist_first=false
++ chinadns_extra_options=
++ chinadns_verbose=false
++ chinadns_logfile=/var/log/chinadns.log
++ dns2tcp_enable=auto
++ dns2tcp_bind_port=65454
++ dns2tcp_extra_options=
++ dns2tcp_verbose=true
++ dns2tcp_logfile=/var/log/dns2tcp.log
++ ipts_if_lo=lo
++ ipts_rt_tab=233
++ ipts_rt_mark=0x2333
++ ipts_set_snat=false
++ ipts_set_snat6=false
++ ipts_reddns_onstop=223.5.5.5#53
++ ipts_reddns6_onstop=240C::6666#53
++ ipts_proxy_dst_port=
++ opts_ss_netstat=auto
++ url_gfwlist=https://raw.githubusercontent.com/pexcn/daily/gh-pages/gfwlist/gfwlist.txt
++ url_chnlist=https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf
++ url_chnroute=https://ftp.apnic.net/stats/apnic/delegated-apnic-latest
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ is_global_mode
+ '[' chnroute = global ']'
+ is_gfwlist_mode
+ '[' chnroute = gfwlist ']'
+ is_chnroute_mode
+ '[' chnroute = chnroute ']'
+ file_required ignlist.ext
+ file_is_exists ignlist.ext
+ '[' -f ignlist.ext ']'
+ file_required chnlist.txt
+ file_is_exists chnlist.txt
+ '[' -f chnlist.txt ']'
+ file_required chnroute.txt
+ file_is_exists chnroute.txt
+ '[' -f chnroute.txt ']'
+ file_required chnroute6.txt
+ file_is_exists chnroute6.txt
+ '[' -f chnroute6.txt ']'
+ file_required gfwlist.txt
+ file_is_exists gfwlist.txt
+ '[' -f gfwlist.txt ']'
+ file_required gfwlist.ext
+ file_is_exists gfwlist.ext
+ '[' -f gfwlist.ext ']'
+ '[' proxy -a proxy '!=' 0 -a proxy '!=' root ']'
+ '[' proxy_dns -a proxy_dns '!=' 0 -a proxy_dns '!=' root ']'
+ '[' proxy '!=' proxy_dns ']'
+ group_is_exists proxy
+ is_uint proxy
+ '[' proxy ']'
+ '[' -z proxy ']'
+ grep -q '^proxy:' /etc/group
+ group_is_exists proxy_dns
+ is_uint proxy_dns
+ '[' proxy_dns ']'
+ '[' -z proxy_dns ']'
+ grep -q '^proxy_dns:' /etc/group
+ is_need_iproute
+ is_tcp_tproxy
+ is_true true
+ '[' true = true ']'
+ command_required ip
+ command_is_exists ip
+ type -P ip
+ command_required ipset
+ command_is_exists ipset
+ type -P ipset
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ command_required iptables
+ command_is_exists iptables
+ type -P iptables
+ is_enabled_ipv6
+ is_true true
+ '[' true = true ']'
+ command_required ip6tables
+ command_is_exists ip6tables
+ type -P ip6tables
+ '[' '' ']'
+ dnsmasq_bind_port=53
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ set_dns_group dnsmasq
+ set_command_group proxy_dns dnsmasq
+ command_required dnsmasq
+ command_is_exists dnsmasq
+ type -P dnsmasq
++ command_path dnsmasq
++ type -P dnsmasq
+ local group=proxy_dns path=/usr/sbin/dnsmasq
+ chgrp proxy_dns /usr/sbin/dnsmasq
+ chmod g+xs /usr/sbin/dnsmasq
+ is_enabled_chinadns
+ is_chnroute_mode
+ '[' chnroute = chnroute ']'
+ set_dns_group chinadns-ng
+ set_command_group proxy_dns chinadns-ng
+ command_required chinadns-ng
+ command_is_exists chinadns-ng
+ type -P chinadns-ng
++ command_path chinadns-ng
++ type -P chinadns-ng
+ local group=proxy_dns path=/usr/local/bin/chinadns-ng
+ chgrp proxy_dns /usr/local/bin/chinadns-ng
+ chmod g+xs /usr/local/bin/chinadns-ng
+ is_enabled_dns2tcp
+ case "$dns2tcp_enable" in
+ is_enabled_udp
+ is_false true
+ is_true true
+ '[' true = true ']'
+ set_dns_group dns2tcp
+ set_command_group proxy_dns dns2tcp
+ command_required dns2tcp
+ command_is_exists dns2tcp
+ type -P dns2tcp
++ command_path dns2tcp
++ type -P dns2tcp
+ local group=proxy_dns path=/usr/local/bin/dns2tcp
+ chgrp proxy_dns /usr/local/bin/dns2tcp
+ chmod g+xs /usr/local/bin/dns2tcp
+ case "$opts_ss_netstat" in
+ command_is_exists ss
+ type -P ss
+ netstat=ss
+ load_pidfile
+ ss_tproxy_is_started
+ iptables -t mangle -S SSTP_OUTPUT
+ source .ss-tproxy.pid
++ sstp_pid_dnsmasq=5383
++ sstp_pid_chinadns=5373
++ sstp_pid_dns2tcp4=5366
++ sstp_pid_dns2tcp6=5371
+ case "${arg_list[0]}" in
+ start
+ ss_tproxy_is_started
+ iptables -t mangle -S SSTP_OUTPUT
+ stop
+ call_func pre_stop
+ is_func pre_stop
++ type -t pre_stop
+ '[' function = function ']'
+ pre_stop
+ return
+ delete_pidfile
+ rm -f .ss-tproxy.pid
+ flush_iptables
+ _flush_iptables iptables
+ iptables -t mangle -D PREROUTING -j SSTP_PREROUTING
+ iptables -t mangle -D OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -D PREROUTING -j SSTP_PREROUTING
+ iptables -t nat -D OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ for table in mangle nat
++ iptables -t mangle -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local 'chain_list=SSTP_OUTPUT
SSTP_PREROUTING
SSTP_RULE'
+ for chain in '$chain_list'
+ iptables -t mangle -F SSTP_OUTPUT
+ command iptables -w -t mangle -F SSTP_OUTPUT
+ iptables -w -t mangle -F SSTP_OUTPUT
+ for chain in '$chain_list'
+ iptables -t mangle -F SSTP_PREROUTING
+ command iptables -w -t mangle -F SSTP_PREROUTING
+ iptables -w -t mangle -F SSTP_PREROUTING
+ for chain in '$chain_list'
+ iptables -t mangle -F SSTP_RULE
+ command iptables -w -t mangle -F SSTP_RULE
+ iptables -w -t mangle -F SSTP_RULE
+ for chain in '$chain_list'
+ iptables -t mangle -X SSTP_OUTPUT
+ command iptables -w -t mangle -X SSTP_OUTPUT
+ iptables -w -t mangle -X SSTP_OUTPUT
+ for chain in '$chain_list'
+ iptables -t mangle -X SSTP_PREROUTING
+ command iptables -w -t mangle -X SSTP_PREROUTING
+ iptables -w -t mangle -X SSTP_PREROUTING
+ for chain in '$chain_list'
+ iptables -t mangle -X SSTP_RULE
+ command iptables -w -t mangle -X SSTP_RULE
+ iptables -w -t mangle -X SSTP_RULE
+ for table in mangle nat
++ iptables -t nat -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local chain_list=SSTP_OUTPUT
+ for chain in '$chain_list'
+ iptables -t nat -F SSTP_OUTPUT
+ command iptables -w -t nat -F SSTP_OUTPUT
+ iptables -w -t nat -F SSTP_OUTPUT
+ for chain in '$chain_list'
+ iptables -t nat -X SSTP_OUTPUT
+ command iptables -w -t nat -X SSTP_OUTPUT
+ iptables -w -t nat -X SSTP_OUTPUT
+ _flush_iptables ip6tables
+ ip6tables -t mangle -D PREROUTING -j SSTP_PREROUTING
+ ip6tables -t mangle -D OUTPUT -j SSTP_OUTPUT
+ ip6tables -t nat -D PREROUTING -j SSTP_PREROUTING
+ ip6tables -t nat -D OUTPUT -j SSTP_OUTPUT
+ ip6tables -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ for table in mangle nat
++ ip6tables -t mangle -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local 'chain_list=SSTP_OUTPUT
SSTP_PREROUTING
SSTP_RULE'
+ for chain in '$chain_list'
+ ip6tables -t mangle -F SSTP_OUTPUT
+ command ip6tables -w -t mangle -F SSTP_OUTPUT
+ ip6tables -w -t mangle -F SSTP_OUTPUT
+ for chain in '$chain_list'
+ ip6tables -t mangle -F SSTP_PREROUTING
+ command ip6tables -w -t mangle -F SSTP_PREROUTING
+ ip6tables -w -t mangle -F SSTP_PREROUTING
+ for chain in '$chain_list'
+ ip6tables -t mangle -F SSTP_RULE
+ command ip6tables -w -t mangle -F SSTP_RULE
+ ip6tables -w -t mangle -F SSTP_RULE
+ for chain in '$chain_list'
+ ip6tables -t mangle -X SSTP_OUTPUT
+ command ip6tables -w -t mangle -X SSTP_OUTPUT
+ ip6tables -w -t mangle -X SSTP_OUTPUT
+ for chain in '$chain_list'
+ ip6tables -t mangle -X SSTP_PREROUTING
+ command ip6tables -w -t mangle -X SSTP_PREROUTING
+ ip6tables -w -t mangle -X SSTP_PREROUTING
+ for chain in '$chain_list'
+ ip6tables -t mangle -X SSTP_RULE
+ command ip6tables -w -t mangle -X SSTP_RULE
+ ip6tables -w -t mangle -X SSTP_RULE
+ for table in mangle nat
++ ip6tables -t nat -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local chain_list=SSTP_OUTPUT
+ for chain in '$chain_list'
+ ip6tables -t nat -F SSTP_OUTPUT
+ command ip6tables -w -t nat -F SSTP_OUTPUT
+ ip6tables -w -t nat -F SSTP_OUTPUT
+ for chain in '$chain_list'
+ ip6tables -t nat -X SSTP_OUTPUT
+ command ip6tables -w -t nat -X SSTP_OUTPUT
+ ip6tables -w -t nat -X SSTP_OUTPUT
+ flush_iproute
+ _flush_iproute -4
+ ip -4 rule del table 233
+ true
+ ip -4 rule del table 233
+ ip -4 route flush table 233
+ _flush_iproute -6
+ ip -6 rule del table 233
+ ip -6 route flush table 233
+ stop_dnsserver
+ kill -9 5383
+ kill -9 5373
+ kill -9 5366
+ kill -9 5371
+ call_func custom_dns_stop
+ is_func custom_dns_stop
++ type -t custom_dns_stop
+ '[' function = function ']'
+ custom_dns_stop
+ return
+ stop_proxyproc
+ eval stop_naive
++ stop_naive
+++ pidof naive
+++ pidof ipt2socks
++ kill -9 5362 5364
+ flush_ipset
++ ipset -n list
++ grep '^sstp_'
+ for setname in '$(ipset -n list | grep '\''^sstp_'\'')'
+ ipset destroy sstp_white
+ for setname in '$(ipset -n list | grep '\''^sstp_'\'')'
+ ipset destroy sstp_white6
+ for setname in '$(ipset -n list | grep '\''^sstp_'\'')'
+ ipset destroy sstp_black
+ for setname in '$(ipset -n list | grep '\''^sstp_'\'')'
+ ipset destroy sstp_black6
+ add_stoprule
+ is_proxy_other
+ is_false false
+ is_true false
+ '[' false = true ']'
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ _add_stoprule iptables
+ add_reddns_rule iptables
+ local direct_dns_ip direct_dns_ipx direct_dns_port
+ is_ipv4_ipts iptables
+ '[' iptables = iptables ']'
+ '[' -z 223.5.5.5#53 ']'
++ get_ip_from_addr 223.5.5.5#53
++ local addr=223.5.5.5#53
++ echo 223.5.5.5
+ direct_dns_ip=223.5.5.5
+ direct_dns_ipx=223.5.5.5
++ get_port_from_addr 223.5.5.5#53
++ local addr=223.5.5.5#53
++ echo 53
+ direct_dns_port=53
+ iptables -t nat -N SSTP_PREROUTING
+ iptables -t nat -N SSTP_POSTROUTING
+ iptables -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination 223.5.5.5:53
+ command iptables -w -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination 223.5.5.5:53
+ iptables -w -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination 223.5.5.5:53
+ iptables -t nat -A SSTP_POSTROUTING -d 223.5.5.5 -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE
+ command iptables -w -t nat -A SSTP_POSTROUTING -d 223.5.5.5 -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE
+ iptables -w -t nat -A SSTP_POSTROUTING -d 223.5.5.5 -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE
+ add_snat_rule iptables
+ is_ipv4_ipts iptables
+ '[' iptables = iptables ']'
+ is_false false
+ is_true false
+ '[' false = true ']'
+ return
+ add_sstp_chain iptables nat PREROUTING
+ local table=nat chain=PREROUTING
+ chain_is_exists iptables nat SSTP_PREROUTING
+ local table=nat chain=SSTP_PREROUTING
+ iptables -t nat -S SSTP_PREROUTING
+ iptables -t nat -A PREROUTING -j SSTP_PREROUTING
+ command iptables -w -t nat -A PREROUTING -j SSTP_PREROUTING
+ iptables -w -t nat -A PREROUTING -j SSTP_PREROUTING
+ add_sstp_chain iptables nat POSTROUTING
+ local table=nat chain=POSTROUTING
+ chain_is_exists iptables nat SSTP_POSTROUTING
+ local table=nat chain=SSTP_POSTROUTING
+ iptables -t nat -S SSTP_POSTROUTING
+ iptables -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ command iptables -w -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ iptables -w -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ is_enabled_ipv6
+ is_true true
+ '[' true = true ']'
+ _add_stoprule ip6tables
+ add_reddns_rule ip6tables
+ local direct_dns_ip direct_dns_ipx direct_dns_port
+ is_ipv4_ipts ip6tables
+ '[' ip6tables = iptables ']'
+ '[' -z 240C::6666#53 ']'
++ get_ip_from_addr 240C::6666#53
++ local addr=240C::6666#53
++ echo 240C::6666
+ direct_dns_ip=240C::6666
+ direct_dns_ipx='[240C::6666]'
++ get_port_from_addr 240C::6666#53
++ local addr=240C::6666#53
++ echo 53
+ direct_dns_port=53
+ ip6tables -t nat -N SSTP_PREROUTING
+ ip6tables -t nat -N SSTP_POSTROUTING
+ ip6tables -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination '[240C::6666]:53'
+ command ip6tables -w -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination '[240C::6666]:53'
+ ip6tables -w -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination '[240C::6666]:53'
+ ip6tables -t nat -A SSTP_POSTROUTING -d 240C::6666 -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE
+ command ip6tables -w -t nat -A SSTP_POSTROUTING -d 240C::6666 -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE
+ ip6tables -w -t nat -A SSTP_POSTROUTING -d 240C::6666 -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE
+ add_snat_rule ip6tables
+ is_ipv4_ipts ip6tables
+ '[' ip6tables = iptables ']'
+ is_false false
+ is_true false
+ '[' false = true ']'
+ return
+ add_sstp_chain ip6tables nat PREROUTING
+ local table=nat chain=PREROUTING
+ chain_is_exists ip6tables nat SSTP_PREROUTING
+ local table=nat chain=SSTP_PREROUTING
+ ip6tables -t nat -S SSTP_PREROUTING
+ ip6tables -t nat -A PREROUTING -j SSTP_PREROUTING
+ command ip6tables -w -t nat -A PREROUTING -j SSTP_PREROUTING
+ ip6tables -w -t nat -A PREROUTING -j SSTP_PREROUTING
+ add_sstp_chain ip6tables nat POSTROUTING
+ local table=nat chain=POSTROUTING
+ chain_is_exists ip6tables nat SSTP_POSTROUTING
+ local table=nat chain=SSTP_POSTROUTING
+ ip6tables -t nat -S SSTP_POSTROUTING
+ ip6tables -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ command ip6tables -w -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ ip6tables -w -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ call_func post_stop
+ is_func post_stop
++ type -t post_stop
+ '[' function = function ']'
+ post_stop
+ return
+ status
++ font_bold chnroute
++ printf '\e[1mchnroute\e[0m'
+ echo -e 'mode:\t\tchnroute'
mode:       chnroute
+ _status proxy/tcp tcp_port_is_exists 60080
+ local name=proxy/tcp func=tcp_port_is_exists
+ shift 2
+ tcp_port_is_exists 60080
+ ss -lnpt
+ grep -q ':60080[[:blank:]]'
++ color_red '[stopped]'
++ printf '\e[35m[stopped]\e[0m'
+ echo -e 'proxy/tcp:\t[stopped]'
proxy/tcp:  [stopped]
+ is_enabled_udp
+ is_false true
+ is_true true
+ '[' true = true ']'
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ _status dnsmasq process_is_running 5383
+ local name=dnsmasq func=process_is_running
+ shift 2
+ process_is_running 5383
+ kill -0 5383
++ color_red '[stopped]'
++ printf '\e[35m[stopped]\e[0m'
+ echo -e 'dnsmasq:\t[stopped]'
dnsmasq:    [stopped]
+ is_enabled_chinadns
+ is_chnroute_mode
+ '[' chnroute = chnroute ']'
+ _status chinadns process_is_running 5373
+ local name=chinadns func=process_is_running
+ shift 2
+ process_is_running 5373
+ kill -0 5373
++ color_red '[stopped]'
++ printf '\e[35m[stopped]\e[0m'
+ echo -e 'chinadns:\t[stopped]'
chinadns:   [stopped]
+ is_enabled_dns2tcp
+ case "$dns2tcp_enable" in
+ is_enabled_udp
+ is_false true
+ is_true true
+ '[' true = true ']'
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ _status dns2tcp4 process_is_running 5366
+ local name=dns2tcp4 func=process_is_running
+ shift 2
+ process_is_running 5366
+ kill -0 5366
++ color_red '[stopped]'
++ printf '\e[35m[stopped]\e[0m'
+ echo -e 'dns2tcp4:\t[stopped]'
dns2tcp4:   [stopped]
+ is_enabled_dns2tcp
+ case "$dns2tcp_enable" in
+ is_enabled_udp
+ is_false true
+ is_true true
+ '[' true = true ']'
+ is_enabled_ipv6
+ is_true true
+ '[' true = true ']'
+ _status dns2tcp6 process_is_running 5371
+ local name=dns2tcp6 func=process_is_running
+ shift 2
+ process_is_running 5371
+ kill -0 5371
++ color_red '[stopped]'
++ printf '\e[35m[stopped]\e[0m'
+ echo -e 'dns2tcp6:\t[stopped]'
dns2tcp6:   [stopped]
+ call_func extra_status
+ is_func extra_status
++ type -t extra_status
+ '[' function = function ']'
+ extra_status
+ return
+ echo

+ flush_iptables
+ _flush_iptables iptables
+ iptables -t mangle -D PREROUTING -j SSTP_PREROUTING
+ iptables -t mangle -D OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -D PREROUTING -j SSTP_PREROUTING
+ iptables -t nat -D OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ for table in mangle nat
++ iptables -t mangle -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local chain_list=
+ for table in mangle nat
++ iptables -t nat -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local 'chain_list=SSTP_POSTROUTING
SSTP_PREROUTING'
+ for chain in '$chain_list'
+ iptables -t nat -F SSTP_POSTROUTING
+ command iptables -w -t nat -F SSTP_POSTROUTING
+ iptables -w -t nat -F SSTP_POSTROUTING
+ for chain in '$chain_list'
+ iptables -t nat -F SSTP_PREROUTING
+ command iptables -w -t nat -F SSTP_PREROUTING
+ iptables -w -t nat -F SSTP_PREROUTING
+ for chain in '$chain_list'
+ iptables -t nat -X SSTP_POSTROUTING
+ command iptables -w -t nat -X SSTP_POSTROUTING
+ iptables -w -t nat -X SSTP_POSTROUTING
+ for chain in '$chain_list'
+ iptables -t nat -X SSTP_PREROUTING
+ command iptables -w -t nat -X SSTP_PREROUTING
+ iptables -w -t nat -X SSTP_PREROUTING
+ _flush_iptables ip6tables
+ ip6tables -t mangle -D PREROUTING -j SSTP_PREROUTING
+ ip6tables -t mangle -D OUTPUT -j SSTP_OUTPUT
+ ip6tables -t nat -D PREROUTING -j SSTP_PREROUTING
+ ip6tables -t nat -D OUTPUT -j SSTP_OUTPUT
+ ip6tables -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ for table in mangle nat
++ ip6tables -t mangle -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local chain_list=
+ for table in mangle nat
++ ip6tables -t nat -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local 'chain_list=SSTP_POSTROUTING
SSTP_PREROUTING'
+ for chain in '$chain_list'
+ ip6tables -t nat -F SSTP_POSTROUTING
+ command ip6tables -w -t nat -F SSTP_POSTROUTING
+ ip6tables -w -t nat -F SSTP_POSTROUTING
+ for chain in '$chain_list'
+ ip6tables -t nat -F SSTP_PREROUTING
+ command ip6tables -w -t nat -F SSTP_PREROUTING
+ ip6tables -w -t nat -F SSTP_PREROUTING
+ for chain in '$chain_list'
+ ip6tables -t nat -X SSTP_POSTROUTING
+ command ip6tables -w -t nat -X SSTP_POSTROUTING
+ ip6tables -w -t nat -X SSTP_POSTROUTING
+ for chain in '$chain_list'
+ ip6tables -t nat -X SSTP_PREROUTING
+ command ip6tables -w -t nat -X SSTP_PREROUTING
+ ip6tables -w -t nat -X SSTP_PREROUTING
+ call_func pre_start
+ is_func pre_start
++ type -t pre_start
+ '[' function = function ']'
+ pre_start
+ return
+ set_kernel_param
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ sysctl -wq net.ipv4.ip_forward=1
+ is_enabled_ipv6
+ is_true true
+ '[' true = true ']'
+ sysctl_all_iface 6 forwarding=1
+ for path in '/proc/sys/net/ipv$1/conf/*'
+ sysctl -wq net/ipv6/conf/all/forwarding=1
+ for path in '/proc/sys/net/ipv$1/conf/*'
+ sysctl -wq net/ipv6/conf/default/forwarding=1
+ for path in '/proc/sys/net/ipv$1/conf/*'
+ sysctl -wq net/ipv6/conf/eth0/forwarding=1
+ for path in '/proc/sys/net/ipv$1/conf/*'
+ sysctl -wq net/ipv6/conf/lo/forwarding=1
+ sysctl_all_iface 4 route_localnet=1
+ for path in '/proc/sys/net/ipv$1/conf/*'
+ sysctl -wq net/ipv4/conf/all/route_localnet=1
+ for path in '/proc/sys/net/ipv$1/conf/*'
+ sysctl -wq net/ipv4/conf/default/route_localnet=1
+ for path in '/proc/sys/net/ipv$1/conf/*'
+ sysctl -wq net/ipv4/conf/eth0/route_localnet=1
+ for path in '/proc/sys/net/ipv$1/conf/*'
+ sysctl -wq net/ipv4/conf/lo/route_localnet=1
+ sysctl_all_iface 4 send_redirects=0
+ for path in '/proc/sys/net/ipv$1/conf/*'
+ sysctl -wq net/ipv4/conf/all/send_redirects=0
+ for path in '/proc/sys/net/ipv$1/conf/*'
+ sysctl -wq net/ipv4/conf/default/send_redirects=0
+ for path in '/proc/sys/net/ipv$1/conf/*'
+ sysctl -wq net/ipv4/conf/eth0/send_redirects=0
+ for path in '/proc/sys/net/ipv$1/conf/*'
+ sysctl -wq net/ipv4/conf/lo/send_redirects=0
+ start_ipset
+ is_global_mode
+ '[' chnroute = global ']'
+ is_gfwlist_mode
+ '[' chnroute = gfwlist ']'
+ is_chnroute_mode
+ '[' chnroute = chnroute ']'
+ list_ext_ipv4 ignlist.ext
+ init_ipset sstp_white
+ grep '^-' ignlist.ext
+ cut -c2-
++ str_find sstp_white 6
++ [[ sstp_white == *\6* ]]
++ echo inet
+ ipset create sstp_white hash:net family inet
+ get_ext_whiteip
+ is_built_in_dns
+ list_ext_ipv4 -
+ is_false false
+ is_true false
+ '[' false = true ']'
+ get_ext_ip - true 223.5.5.5#53
+ case "$2" in
+ grep '^-' -
+ cut -c2-
++ get_ip_from_addr 223.5.5.5#53
++ local addr=223.5.5.5#53
++ echo 223.5.5.5
+ sed 's/^/add sstp_white /'
+ echo -223.5.5.5
+ ipset '-!' restore
+ get_ext_ip '~' true 240C::6666#53
+ case "$2" in
++ get_ip_from_addr 240C::6666#53
++ local addr=240C::6666#53
++ echo 240C::6666
+ echo '~240C::6666'
+ cat chnroute.txt
+ list_ext_ipv6 ignlist.ext
+ init_ipset sstp_white6
+ grep '^~' ignlist.ext
+ cut -c2-
++ str_find sstp_white6 6
++ [[ sstp_white6 == *\6* ]]
++ echo inet6
+ ipset create sstp_white6 hash:net family inet6
+ get_ext_whiteip
+ is_built_in_dns
+ list_ext_ipv6 -
+ is_false false
+ is_true false
+ '[' false = true ']'
+ get_ext_ip - true 223.5.5.5#53
+ case "$2" in
+ grep '^~' -
+ sed 's/^/add sstp_white6 /'
+ cut -c2-
+ ipset '-!' restore
++ get_ip_from_addr 223.5.5.5#53
++ local addr=223.5.5.5#53
++ echo 223.5.5.5
+ echo -223.5.5.5
+ get_ext_ip '~' true 240C::6666#53
+ case "$2" in
++ get_ip_from_addr 240C::6666#53
++ local addr=240C::6666#53
++ echo 240C::6666
+ echo '~240C::6666'
+ cat chnroute6.txt
+ list_ext_ipv4 gfwlist.ext
+ init_ipset sstp_black
+ grep '^-' gfwlist.ext
+ cut -c2-
++ str_find sstp_black 6
++ [[ sstp_black == *\6* ]]
++ echo inet
+ ipset create sstp_black hash:net family inet
+ get_ext_blackip
+ is_built_in_dns
+ list_ext_ipv4 -
+ is_false false
+ is_true false
+ '[' false = true ']'
+ get_ext_ip - true 8.8.8.8#53
+ case "$2" in
+ grep '^-' -
+ cut -c2-
+ sed 's/^/add sstp_black /'
++ get_ip_from_addr 8.8.8.8#53
+ ipset '-!' restore
++ local addr=8.8.8.8#53
++ echo 8.8.8.8
+ echo -8.8.8.8
+ get_ext_ip '~' true 2001:4860:4860::8888#53
+ case "$2" in
++ get_ip_from_addr 2001:4860:4860::8888#53
++ local addr=2001:4860:4860::8888#53
++ echo 2001:4860:4860::8888
+ echo '~2001:4860:4860::8888'
+ list_ext_ipv6 gfwlist.ext
+ init_ipset sstp_black6
+ grep '^~' gfwlist.ext
+ cut -c2-
++ str_find sstp_black6 6
++ [[ sstp_black6 == *\6* ]]
++ echo inet6
+ ipset create sstp_black6 hash:net family inet6
+ get_ext_blackip
+ is_built_in_dns
+ list_ext_ipv6 -
+ is_false false
+ is_true false
+ '[' false = true ']'
+ get_ext_ip - true 8.8.8.8#53
+ case "$2" in
+ grep '^~' -
+ cut -c2-
++ get_ip_from_addr 8.8.8.8#53
++ local addr=8.8.8.8#53
++ echo 8.8.8.8
+ sed 's/^/add sstp_black6 /'
+ ipset '-!' restore
+ echo -8.8.8.8
+ get_ext_ip '~' true 2001:4860:4860::8888#53
+ case "$2" in
++ get_ip_from_addr 2001:4860:4860::8888#53
++ local addr=2001:4860:4860::8888#53
++ echo 2001:4860:4860::8888
+ echo '~2001:4860:4860::8888'
+ start_proxyproc
+ eval start_naive
++ start_naive
++ set_proxy_group naive
++ set_command_group proxy naive
++ command_required naive
++ command_is_exists naive
++ type -P naive
+++ command_path naive
+++ type -P naive
++ local group=proxy path=/usr/local/bin/naive
++ chgrp proxy /usr/local/bin/naive
++ chmod g+xs /usr/local/bin/naive
++ set_proxy_group ipt2socks
++ set_command_group proxy ipt2socks
++ command_required ipt2socks
++ command_is_exists ipt2socks
++ type -P ipt2socks
+++ command_path ipt2socks
+++ type -P ipt2socks
++ local group=proxy path=/usr/local/bin/ipt2socks
++ chgrp proxy /usr/local/bin/ipt2socks
++ chmod g+xs /usr/local/bin/ipt2socks
++ /usr/local/bin/naive /etc/naive/config.json
++ ipt2socks
+ start_dnsserver
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ is_enabled_dns2tcp
+ case "$dns2tcp_enable" in
+ is_enabled_udp
+ is_false true
+ is_true true
+ '[' true = true ']'
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
++ start_dns2tcp 1
++ local args
++ (( 1 ))
++ args='-L 127.0.0.1#65454 -R 8.8.8.8#53'
++ is_true true
++ '[' true = true ']'
++ args+=' -v'
++ echo 5768
++ dns2tcp -L 127.0.0.1#65454 -R 8.8.8.8#53 -v
+ sstp_pid_dns2tcp4=5768
+ is_enabled_ipv6
+ is_true true
+ '[' true = true ']'
++ start_dns2tcp 0
++ local args
++ (( 0 ))
++ args='-L       ::1#65454 -R 2001:4860:4860::8888#53 -6'
++ is_true true
++ '[' true = true ']'
++ args+=' -v'
++ echo 5770
++ dns2tcp -L ::1#65454 -R 2001:4860:4860::8888#53 -6 -v
+ sstp_pid_dns2tcp6=5770
+ local dns_remote=127.0.0.1#65454
+ local dns_remote6=::1#65454
+ is_enabled_chinadns
+ is_chnroute_mode
+ '[' chnroute = chnroute ']'
+ start_chinadns
+ local 'args= -b 127.0.0.1 -l 65353'
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ is_enabled_ipv6
+ is_true true
+ '[' true = true ']'
+ args+=' -c 223.5.5.5#53,240C::6666#53'
+ args+=' -t 127.0.0.1#65454,::1#65454'
+ is_true false
+ '[' false = true ']'
+ is_gfwlist_mode
+ '[' chnroute = gfwlist ']'
++ echo 5772
+++ list_ext_domain gfwlist.ext
+++ list_ext_domain ignlist.ext
+++ grep '^@' gfwlist.ext
+++ is_true false
+++ cut -c2-
+++ grep '^@' ignlist.ext
+++ '[' false = true ']'
+++ cut -c2-
++ chinadns-ng -b 127.0.0.1 -l 65353 -c 223.5.5.5#53,240C::6666#53 -t 127.0.0.1#65454,::1#65454 -g gfwlist.txt,/dev/fd/63 -m chnlist.txt,/dev/fd/62 -4 sstp_white -6 sstp_white6 -a -A sstp_black,sstp_black6
+ sstp_pid_chinadns=5772
++ echo 'port = 53'
++ echo 'group = proxy_dns'
++ dnsmasq --keep-in-foreground --conf-file=-
++ echo 5782
++ is_true false
++ '[' false = true ']'
++ echo 'log-facility = /var/log/dnsmasq.log'
++ echo 'log-async = 20'
++ echo domain-needed
++ echo no-resolv
++ echo no-negcache
++ echo 'cache-size = 4096'
++ (( dnsmasq_cache_time_min ))
++ dnsmasq --help
++ grep -q min-cache-ttl
++ echo 'min-cache-ttl = 3600'
++ echo 'dns-forward-max = 1024'
++ is_global_mode
++ '[' chnroute = global ']'
++ is_gfwlist_mode
++ '[' chnroute = gfwlist ']'
++ is_chnroute_mode
++ '[' chnroute = chnroute ']'
++ get_chnroute_dnsconf
++ echo 'server = 127.0.0.1#65353'
+ sstp_pid_dnsmasq=5782
+ start_iproute
+ is_need_iproute
+ is_tcp_tproxy
+ is_true true
+ '[' true = true ']'
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ _start_iproute -4
+ local family=-4
+ ip -4 route add local default dev lo table 233
+ ip rule help
+ grep -Fwq protocol
+ ip -4 rule add fwmark 0x2333 table 233
+ is_enabled_ipv6
+ is_true true
+ '[' true = true ']'
+ _start_iproute -6
+ local family=-6
+ ip -6 route add local default dev lo table 233
RTNETLINK answers: File exists
+ ip rule help
+ grep -Fwq protocol
+ ip -6 rule add fwmark 0x2333 table 233
RTNETLINK answers: Address family not supported by protocol
+ start_iptables
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ _start_iptables iptables
+ start_iptables_pre iptables
+ iptables -t mangle -N SSTP_PREROUTING
+ command iptables -w -t mangle -N SSTP_PREROUTING
+ iptables -w -t mangle -N SSTP_PREROUTING
+ iptables -t mangle -N SSTP_OUTPUT
+ command iptables -w -t mangle -N SSTP_OUTPUT
+ iptables -w -t mangle -N SSTP_OUTPUT
+ iptables -t nat -N SSTP_PREROUTING
+ command iptables -w -t nat -N SSTP_PREROUTING
+ iptables -w -t nat -N SSTP_PREROUTING
+ iptables -t nat -N SSTP_OUTPUT
+ command iptables -w -t nat -N SSTP_OUTPUT
+ iptables -w -t nat -N SSTP_OUTPUT
+ iptables -t nat -N SSTP_POSTROUTING
+ command iptables -w -t nat -N SSTP_POSTROUTING
+ iptables -w -t nat -N SSTP_POSTROUTING
+ local loopback_addr loopback_addrx white_setname black_setname
+ init_iptables_param iptables
+ is_ipv4_ipts iptables
+ '[' iptables = iptables ']'
+ loopback_addr=127.0.0.1
+ loopback_addrx=127.0.0.1
+ white_setname=sstp_white
+ black_setname=sstp_black
+ is_tcp_tproxy
+ is_true true
+ '[' true = true ']'
+ start_iptables_tproxy iptables
+ do_proxy_tproxy iptables
++ is_tcp_tproxy
++ is_true true
++ '[' true = true ']'
++ echo 1
+ local tcp=1
++ is_enabled_udp
++ is_false true
++ is_true true
++ '[' true = true ']'
++ echo 0
+ local udp=0
+ create_sstp_rule iptables tproxy
+ local table action
+ '[' tproxy = tproxy ']'
+ table=mangle
+ action='-j CONNMARK --set-mark 0x2333'
+ iptables -t mangle -N SSTP_RULE
+ command iptables -w -t mangle -N SSTP_RULE
+ iptables -w -t mangle -N SSTP_RULE
+ is_global_mode
+ '[' chnroute = global ']'
+ is_gfwlist_mode
+ '[' chnroute = gfwlist ']'
+ is_chnroute_mode
+ '[' chnroute = chnroute ']'
+ iptables -t mangle -A SSTP_RULE -m set --match-set sstp_white dst -m set '!' --match-set sstp_black dst -j RETURN
+ command iptables -w -t mangle -A SSTP_RULE -m set --match-set sstp_white dst -m set '!' --match-set sstp_black dst -j RETURN
+ iptables -w -t mangle -A SSTP_RULE -m set --match-set sstp_white dst -m set '!' --match-set sstp_black dst -j RETURN
+ iptables -t mangle -A SSTP_RULE -j CONNMARK --set-mark 0x2333
+ command iptables -w -t mangle -A SSTP_RULE -j CONNMARK --set-mark 0x2333
+ iptables -w -t mangle -A SSTP_RULE -j CONNMARK --set-mark 0x2333
iptables: No chain/target/match by that name.
+ iptables -t mangle -A SSTP_OUTPUT -m addrtype --dst-type LOCAL -j RETURN
+ command iptables -w -t mangle -A SSTP_OUTPUT -m addrtype --dst-type LOCAL -j RETURN
+ iptables -w -t mangle -A SSTP_OUTPUT -m addrtype --dst-type LOCAL -j RETURN
+ iptables -t mangle -A SSTP_OUTPUT -m conntrack --ctdir REPLY -j RETURN
+ command iptables -w -t mangle -A SSTP_OUTPUT -m conntrack --ctdir REPLY -j RETURN
+ iptables -w -t mangle -A SSTP_OUTPUT -m conntrack --ctdir REPLY -j RETURN
+ iptables -t mangle -A SSTP_OUTPUT -m owner --gid-owner proxy -j RETURN
+ command iptables -w -t mangle -A SSTP_OUTPUT -m owner --gid-owner proxy -j RETURN
+ iptables -w -t mangle -A SSTP_OUTPUT -m owner --gid-owner proxy -j RETURN
+ (( udp ))
+ (( tcp ))
++ get_dst_port_match
++ '[' '' ']'
+ iptables -t mangle -A SSTP_OUTPUT -p tcp -m tcp --syn -j SSTP_RULE
+ command iptables -w -t mangle -A SSTP_OUTPUT -p tcp -m tcp --syn -j SSTP_RULE
+ iptables -w -t mangle -A SSTP_OUTPUT -p tcp -m tcp --syn -j SSTP_RULE
+ (( udp ))
+ iptables -t mangle -A SSTP_OUTPUT -m connmark --mark 0x2333 -j MARK --set-mark 0x2333
+ command iptables -w -t mangle -A SSTP_OUTPUT -m connmark --mark 0x2333 -j MARK --set-mark 0x2333
+ iptables -w -t mangle -A SSTP_OUTPUT -m connmark --mark 0x2333 -j MARK --set-mark 0x2333
iptables: No chain/target/match by that name.
+ iptables -t mangle -A SSTP_PREROUTING -m addrtype --dst-type LOCAL -j RETURN
+ command iptables -w -t mangle -A SSTP_PREROUTING -m addrtype --dst-type LOCAL -j RETURN
+ iptables -w -t mangle -A SSTP_PREROUTING -m addrtype --dst-type LOCAL -j RETURN
+ iptables -t mangle -A SSTP_PREROUTING -m conntrack --ctdir REPLY -j RETURN
+ command iptables -w -t mangle -A SSTP_PREROUTING -m conntrack --ctdir REPLY -j RETURN
+ iptables -w -t mangle -A SSTP_PREROUTING -m conntrack --ctdir REPLY -j RETURN
+ is_proxy_other
+ is_false false
+ is_true false
+ '[' false = true ']'
+ (( tcp ))
++ get_dst_port_match
++ '[' '' ']'
+ iptables -t mangle -A SSTP_PREROUTING -p tcp -m tcp --syn -m addrtype '!' --src-type LOCAL -j SSTP_RULE
+ command iptables -w -t mangle -A SSTP_PREROUTING -p tcp -m tcp --syn -m addrtype '!' --src-type LOCAL -j SSTP_RULE
+ iptables -w -t mangle -A SSTP_PREROUTING -p tcp -m tcp --syn -m addrtype '!' --src-type LOCAL -j SSTP_RULE
+ (( udp ))
+ (( tcp ))
+ iptables -t mangle -A SSTP_PREROUTING -p tcp -m connmark --mark 0x2333 -j TPROXY --on-ip 127.0.0.1 --on-port 60080 --tproxy-mark 0x2333
+ command iptables -w -t mangle -A SSTP_PREROUTING -p tcp -m connmark --mark 0x2333 -j TPROXY --on-ip 127.0.0.1 --on-port 60080 --tproxy-mark 0x2333
+ iptables -w -t mangle -A SSTP_PREROUTING -p tcp -m connmark --mark 0x2333 -j TPROXY --on-ip 127.0.0.1 --on-port 60080 --tproxy-mark 0x2333
iptables: No chain/target/match by that name.
+ (( udp ))
+ redir_dns_request iptables
+ iptables -t nat -A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner '!' --gid-owner proxy -m owner '!' --gid-owner proxy_dns -j REDIRECT --to-ports 53
+ command iptables -w -t nat -A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner '!' --gid-owner proxy -m owner '!' --gid-owner proxy_dns -j REDIRECT --to-ports 53
+ iptables -w -t nat -A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner '!' --gid-owner proxy -m owner '!' --gid-owner proxy_dns -j REDIRECT --to-ports 53
+ is_proxy_other
+ is_false false
+ is_true false
+ '[' false = true ']'
+ (( dns_mainport != 53 ))
+ is_proxy_other
+ is_false false
+ is_true false
+ '[' false = true ']'
+ add_snat_rule iptables
+ is_ipv4_ipts iptables
+ '[' iptables = iptables ']'
+ is_false false
+ is_true false
+ '[' false = true ']'
+ return
+ start_iptables_post iptables
+ iptables -t mangle -A PREROUTING -j SSTP_PREROUTING
+ command iptables -w -t mangle -A PREROUTING -j SSTP_PREROUTING
+ iptables -w -t mangle -A PREROUTING -j SSTP_PREROUTING
+ iptables -t mangle -A OUTPUT -j SSTP_OUTPUT
+ command iptables -w -t mangle -A OUTPUT -j SSTP_OUTPUT
+ iptables -w -t mangle -A OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -A PREROUTING -j SSTP_PREROUTING
+ command iptables -w -t nat -A PREROUTING -j SSTP_PREROUTING
+ iptables -w -t nat -A PREROUTING -j SSTP_PREROUTING
+ iptables -t nat -A OUTPUT -j SSTP_OUTPUT
+ command iptables -w -t nat -A OUTPUT -j SSTP_OUTPUT
+ iptables -w -t nat -A OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ command iptables -w -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ iptables -w -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ is_enabled_ipv6
+ is_true true
+ '[' true = true ']'
+ _start_iptables ip6tables
+ start_iptables_pre ip6tables
+ ip6tables -t mangle -N SSTP_PREROUTING
+ command ip6tables -w -t mangle -N SSTP_PREROUTING
+ ip6tables -w -t mangle -N SSTP_PREROUTING
+ ip6tables -t mangle -N SSTP_OUTPUT
+ command ip6tables -w -t mangle -N SSTP_OUTPUT
+ ip6tables -w -t mangle -N SSTP_OUTPUT
+ ip6tables -t nat -N SSTP_PREROUTING
+ command ip6tables -w -t nat -N SSTP_PREROUTING
+ ip6tables -w -t nat -N SSTP_PREROUTING
+ ip6tables -t nat -N SSTP_OUTPUT
+ command ip6tables -w -t nat -N SSTP_OUTPUT
+ ip6tables -w -t nat -N SSTP_OUTPUT
+ ip6tables -t nat -N SSTP_POSTROUTING
+ command ip6tables -w -t nat -N SSTP_POSTROUTING
+ ip6tables -w -t nat -N SSTP_POSTROUTING
+ local loopback_addr loopback_addrx white_setname black_setname
+ init_iptables_param ip6tables
+ is_ipv4_ipts ip6tables
+ '[' ip6tables = iptables ']'
+ loopback_addr=::1
+ loopback_addrx='[::1]'
+ white_setname=sstp_white6
+ black_setname=sstp_black6
+ is_tcp_tproxy
+ is_true true
+ '[' true = true ']'
+ start_iptables_tproxy ip6tables
+ do_proxy_tproxy ip6tables
++ is_tcp_tproxy
++ is_true true
++ '[' true = true ']'
++ echo 1
+ local tcp=1
++ is_enabled_udp
++ is_false true
++ is_true true
++ '[' true = true ']'
++ echo 0
+ local udp=0
+ create_sstp_rule ip6tables tproxy
+ local table action
+ '[' tproxy = tproxy ']'
+ table=mangle
+ action='-j CONNMARK --set-mark 0x2333'
+ ip6tables -t mangle -N SSTP_RULE
+ command ip6tables -w -t mangle -N SSTP_RULE
+ ip6tables -w -t mangle -N SSTP_RULE
+ is_global_mode
+ '[' chnroute = global ']'
+ is_gfwlist_mode
+ '[' chnroute = gfwlist ']'
+ is_chnroute_mode
+ '[' chnroute = chnroute ']'
+ ip6tables -t mangle -A SSTP_RULE -m set --match-set sstp_white6 dst -m set '!' --match-set sstp_black6 dst -j RETURN
+ command ip6tables -w -t mangle -A SSTP_RULE -m set --match-set sstp_white6 dst -m set '!' --match-set sstp_black6 dst -j RETURN
+ ip6tables -w -t mangle -A SSTP_RULE -m set --match-set sstp_white6 dst -m set '!' --match-set sstp_black6 dst -j RETURN
+ ip6tables -t mangle -A SSTP_RULE -j CONNMARK --set-mark 0x2333
+ command ip6tables -w -t mangle -A SSTP_RULE -j CONNMARK --set-mark 0x2333
+ ip6tables -w -t mangle -A SSTP_RULE -j CONNMARK --set-mark 0x2333
ip6tables: No chain/target/match by that name.
+ ip6tables -t mangle -A SSTP_OUTPUT -m addrtype --dst-type LOCAL -j RETURN
+ command ip6tables -w -t mangle -A SSTP_OUTPUT -m addrtype --dst-type LOCAL -j RETURN
+ ip6tables -w -t mangle -A SSTP_OUTPUT -m addrtype --dst-type LOCAL -j RETURN
+ ip6tables -t mangle -A SSTP_OUTPUT -m conntrack --ctdir REPLY -j RETURN
+ command ip6tables -w -t mangle -A SSTP_OUTPUT -m conntrack --ctdir REPLY -j RETURN
+ ip6tables -w -t mangle -A SSTP_OUTPUT -m conntrack --ctdir REPLY -j RETURN
+ ip6tables -t mangle -A SSTP_OUTPUT -m owner --gid-owner proxy -j RETURN
+ command ip6tables -w -t mangle -A SSTP_OUTPUT -m owner --gid-owner proxy -j RETURN
+ ip6tables -w -t mangle -A SSTP_OUTPUT -m owner --gid-owner proxy -j RETURN
+ (( udp ))
+ (( tcp ))
++ get_dst_port_match
++ '[' '' ']'
+ ip6tables -t mangle -A SSTP_OUTPUT -p tcp -m tcp --syn -j SSTP_RULE
+ command ip6tables -w -t mangle -A SSTP_OUTPUT -p tcp -m tcp --syn -j SSTP_RULE
+ ip6tables -w -t mangle -A SSTP_OUTPUT -p tcp -m tcp --syn -j SSTP_RULE
+ (( udp ))
+ ip6tables -t mangle -A SSTP_OUTPUT -m connmark --mark 0x2333 -j MARK --set-mark 0x2333
+ command ip6tables -w -t mangle -A SSTP_OUTPUT -m connmark --mark 0x2333 -j MARK --set-mark 0x2333
+ ip6tables -w -t mangle -A SSTP_OUTPUT -m connmark --mark 0x2333 -j MARK --set-mark 0x2333
ip6tables: No chain/target/match by that name.
+ ip6tables -t mangle -A SSTP_PREROUTING -m addrtype --dst-type LOCAL -j RETURN
+ command ip6tables -w -t mangle -A SSTP_PREROUTING -m addrtype --dst-type LOCAL -j RETURN
+ ip6tables -w -t mangle -A SSTP_PREROUTING -m addrtype --dst-type LOCAL -j RETURN
+ ip6tables -t mangle -A SSTP_PREROUTING -m conntrack --ctdir REPLY -j RETURN
+ command ip6tables -w -t mangle -A SSTP_PREROUTING -m conntrack --ctdir REPLY -j RETURN
+ ip6tables -w -t mangle -A SSTP_PREROUTING -m conntrack --ctdir REPLY -j RETURN
+ is_proxy_other
+ is_false false
+ is_true false
+ '[' false = true ']'
+ (( tcp ))
++ get_dst_port_match
++ '[' '' ']'
+ ip6tables -t mangle -A SSTP_PREROUTING -p tcp -m tcp --syn -m addrtype '!' --src-type LOCAL -j SSTP_RULE
+ command ip6tables -w -t mangle -A SSTP_PREROUTING -p tcp -m tcp --syn -m addrtype '!' --src-type LOCAL -j SSTP_RULE
+ ip6tables -w -t mangle -A SSTP_PREROUTING -p tcp -m tcp --syn -m addrtype '!' --src-type LOCAL -j SSTP_RULE
+ (( udp ))
+ (( tcp ))
+ ip6tables -t mangle -A SSTP_PREROUTING -p tcp -m connmark --mark 0x2333 -j TPROXY --on-ip ::1 --on-port 60080 --tproxy-mark 0x2333
+ command ip6tables -w -t mangle -A SSTP_PREROUTING -p tcp -m connmark --mark 0x2333 -j TPROXY --on-ip ::1 --on-port 60080 --tproxy-mark 0x2333
+ ip6tables -w -t mangle -A SSTP_PREROUTING -p tcp -m connmark --mark 0x2333 -j TPROXY --on-ip ::1 --on-port 60080 --tproxy-mark 0x2333
ip6tables: No chain/target/match by that name.
+ (( udp ))
+ redir_dns_request ip6tables
+ ip6tables -t nat -A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner '!' --gid-owner proxy -m owner '!' --gid-owner proxy_dns -j REDIRECT --to-ports 53
+ command ip6tables -w -t nat -A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner '!' --gid-owner proxy -m owner '!' --gid-owner proxy_dns -j REDIRECT --to-ports 53
+ ip6tables -w -t nat -A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner '!' --gid-owner proxy -m owner '!' --gid-owner proxy_dns -j REDIRECT --to-ports 53
+ is_proxy_other
+ is_false false
+ is_true false
+ '[' false = true ']'
+ (( dns_mainport != 53 ))
+ is_proxy_other
+ is_false false
+ is_true false
+ '[' false = true ']'
+ add_snat_rule ip6tables
+ is_ipv4_ipts ip6tables
+ '[' ip6tables = iptables ']'
+ is_false false
+ is_true false
+ '[' false = true ']'
+ return
+ start_iptables_post ip6tables
+ ip6tables -t mangle -A PREROUTING -j SSTP_PREROUTING
+ command ip6tables -w -t mangle -A PREROUTING -j SSTP_PREROUTING
+ ip6tables -w -t mangle -A PREROUTING -j SSTP_PREROUTING
+ ip6tables -t mangle -A OUTPUT -j SSTP_OUTPUT
+ command ip6tables -w -t mangle -A OUTPUT -j SSTP_OUTPUT
+ ip6tables -w -t mangle -A OUTPUT -j SSTP_OUTPUT
+ ip6tables -t nat -A PREROUTING -j SSTP_PREROUTING
+ command ip6tables -w -t nat -A PREROUTING -j SSTP_PREROUTING
+ ip6tables -w -t nat -A PREROUTING -j SSTP_PREROUTING
+ ip6tables -t nat -A OUTPUT -j SSTP_OUTPUT
+ command ip6tables -w -t nat -A OUTPUT -j SSTP_OUTPUT
+ ip6tables -w -t nat -A OUTPUT -j SSTP_OUTPUT
+ ip6tables -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ command ip6tables -w -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ ip6tables -w -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ call_func post_start
+ is_func post_start
++ type -t post_start
+ '[' function = function ']'
+ post_start
+ return
+ save_pidfile
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ echo sstp_pid_dnsmasq=5782
+ echo sstp_pid_chinadns=5772
+ echo sstp_pid_dns2tcp4=5768
+ echo sstp_pid_dns2tcp6=5770
+ call_func extra_pid
+ is_func extra_pid
++ type -t extra_pid
+ '[' function = function ']'
+ extra_pid
+ return
+ delete_unused_chain
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ _delete_unused_chain iptables
+ list=(mangle PREROUTING mangle OUTPUT nat PREROUTING nat OUTPUT nat POSTROUTING)
+ local list
+ (( i = 0 ))
+ (( i < 10 ))
+ local table=mangle chain=PREROUTING
+ chain_is_empty iptables mangle SSTP_PREROUTING
+ local table=mangle chain=SSTP_PREROUTING
++ iptables -t mangle -S SSTP_PREROUTING
++ wc -l
++ command iptables -w -t mangle -S SSTP_PREROUTING
++ iptables -w -t mangle -S SSTP_PREROUTING
+ '[' 4 -le 1 ']'
+ (( i += 2 ))
+ (( i < 10 ))
+ local table=mangle chain=OUTPUT
+ chain_is_empty iptables mangle SSTP_OUTPUT
+ local table=mangle chain=SSTP_OUTPUT
++ iptables -t mangle -S SSTP_OUTPUT
++ command iptables -w -t mangle -S SSTP_OUTPUT
++ wc -l
++ iptables -w -t mangle -S SSTP_OUTPUT
+ '[' 5 -le 1 ']'
+ (( i += 2 ))
+ (( i < 10 ))
+ local table=nat chain=PREROUTING
+ chain_is_empty iptables nat SSTP_PREROUTING
+ local table=nat chain=SSTP_PREROUTING
++ iptables -t nat -S SSTP_PREROUTING
++ wc -l
++ command iptables -w -t nat -S SSTP_PREROUTING
++ iptables -w -t nat -S SSTP_PREROUTING
+ '[' 1 -le 1 ']'
+ iptables -t nat -D PREROUTING -j SSTP_PREROUTING
+ command iptables -w -t nat -D PREROUTING -j SSTP_PREROUTING
+ iptables -w -t nat -D PREROUTING -j SSTP_PREROUTING
+ iptables -t nat -X SSTP_PREROUTING
+ command iptables -w -t nat -X SSTP_PREROUTING
+ iptables -w -t nat -X SSTP_PREROUTING
+ (( i += 2 ))
+ (( i < 10 ))
+ local table=nat chain=OUTPUT
+ chain_is_empty iptables nat SSTP_OUTPUT
+ local table=nat chain=SSTP_OUTPUT
++ iptables -t nat -S SSTP_OUTPUT
++ wc -l
++ command iptables -w -t nat -S SSTP_OUTPUT
++ iptables -w -t nat -S SSTP_OUTPUT
+ '[' 2 -le 1 ']'
+ (( i += 2 ))
+ (( i < 10 ))
+ local table=nat chain=POSTROUTING
+ chain_is_empty iptables nat SSTP_POSTROUTING
+ local table=nat chain=SSTP_POSTROUTING
++ iptables -t nat -S SSTP_POSTROUTING
++ wc -l
++ command iptables -w -t nat -S SSTP_POSTROUTING
++ iptables -w -t nat -S SSTP_POSTROUTING
+ '[' 1 -le 1 ']'
+ iptables -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ command iptables -w -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ iptables -w -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ iptables -t nat -X SSTP_POSTROUTING
+ command iptables -w -t nat -X SSTP_POSTROUTING
+ iptables -w -t nat -X SSTP_POSTROUTING
+ (( i += 2 ))
+ (( i < 10 ))
+ is_enabled_ipv6
+ is_true true
+ '[' true = true ']'
+ _delete_unused_chain ip6tables
+ list=(mangle PREROUTING mangle OUTPUT nat PREROUTING nat OUTPUT nat POSTROUTING)
+ local list
+ (( i = 0 ))
+ (( i < 10 ))
+ local table=mangle chain=PREROUTING
+ chain_is_empty ip6tables mangle SSTP_PREROUTING
+ local table=mangle chain=SSTP_PREROUTING
++ ip6tables -t mangle -S SSTP_PREROUTING
++ command ip6tables -w -t mangle -S SSTP_PREROUTING
++ wc -l
++ ip6tables -w -t mangle -S SSTP_PREROUTING
+ '[' 4 -le 1 ']'
+ (( i += 2 ))
+ (( i < 10 ))
+ local table=mangle chain=OUTPUT
+ chain_is_empty ip6tables mangle SSTP_OUTPUT
+ local table=mangle chain=SSTP_OUTPUT
++ ip6tables -t mangle -S SSTP_OUTPUT
++ wc -l
++ command ip6tables -w -t mangle -S SSTP_OUTPUT
++ ip6tables -w -t mangle -S SSTP_OUTPUT
+ '[' 5 -le 1 ']'
+ (( i += 2 ))
+ (( i < 10 ))
+ local table=nat chain=PREROUTING
+ chain_is_empty ip6tables nat SSTP_PREROUTING
+ local table=nat chain=SSTP_PREROUTING
++ ip6tables -t nat -S SSTP_PREROUTING
++ wc -l
++ command ip6tables -w -t nat -S SSTP_PREROUTING
++ ip6tables -w -t nat -S SSTP_PREROUTING
+ '[' 1 -le 1 ']'
+ ip6tables -t nat -D PREROUTING -j SSTP_PREROUTING
+ command ip6tables -w -t nat -D PREROUTING -j SSTP_PREROUTING
+ ip6tables -w -t nat -D PREROUTING -j SSTP_PREROUTING
+ ip6tables -t nat -X SSTP_PREROUTING
+ command ip6tables -w -t nat -X SSTP_PREROUTING
+ ip6tables -w -t nat -X SSTP_PREROUTING
+ (( i += 2 ))
+ (( i < 10 ))
+ local table=nat chain=OUTPUT
+ chain_is_empty ip6tables nat SSTP_OUTPUT
+ local table=nat chain=SSTP_OUTPUT
++ ip6tables -t nat -S SSTP_OUTPUT
++ command ip6tables -w -t nat -S SSTP_OUTPUT
++ wc -l
++ ip6tables -w -t nat -S SSTP_OUTPUT
+ '[' 2 -le 1 ']'
+ (( i += 2 ))
+ (( i < 10 ))
+ local table=nat chain=POSTROUTING
+ chain_is_empty ip6tables nat SSTP_POSTROUTING
+ local table=nat chain=SSTP_POSTROUTING
++ ip6tables -t nat -S SSTP_POSTROUTING
++ command ip6tables -w -t nat -S SSTP_POSTROUTING
++ wc -l
++ ip6tables -w -t nat -S SSTP_POSTROUTING
+ '[' 1 -le 1 ']'
+ ip6tables -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ command ip6tables -w -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ ip6tables -w -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ ip6tables -t nat -X SSTP_POSTROUTING
+ command ip6tables -w -t nat -X SSTP_POSTROUTING
+ ip6tables -w -t nat -X SSTP_POSTROUTING
+ (( i += 2 ))
+ (( i < 10 ))
+ status
++ font_bold chnroute
++ printf '\e[1mchnroute\e[0m'
+ echo -e 'mode:\t\tchnroute'
mode:       chnroute
+ _status proxy/tcp tcp_port_is_exists 60080
+ local name=proxy/tcp func=tcp_port_is_exists
+ shift 2
+ tcp_port_is_exists 60080
+ ss -lnpt
+ grep -q ':60080[[:blank:]]'
++ color_green '[running]'
++ printf '\e[32m[running]\e[0m'
+ echo -e 'proxy/tcp:\t[running]'
proxy/tcp:  [running]
+ is_enabled_udp
+ is_false true
+ is_true true
+ '[' true = true ']'
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ _status dnsmasq process_is_running 5782
+ local name=dnsmasq func=process_is_running
+ shift 2
+ process_is_running 5782
+ kill -0 5782
++ color_green '[running]'
++ printf '\e[32m[running]\e[0m'
+ echo -e 'dnsmasq:\t[running]'
dnsmasq:    [running]
+ is_enabled_chinadns
+ is_chnroute_mode
+ '[' chnroute = chnroute ']'
+ _status chinadns process_is_running 5772
+ local name=chinadns func=process_is_running
+ shift 2
+ process_is_running 5772
+ kill -0 5772
++ color_green '[running]'
++ printf '\e[32m[running]\e[0m'
+ echo -e 'chinadns:\t[running]'
chinadns:   [running]
+ is_enabled_dns2tcp
+ case "$dns2tcp_enable" in
+ is_enabled_udp
+ is_false true
+ is_true true
+ '[' true = true ']'
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ _status dns2tcp4 process_is_running 5768
+ local name=dns2tcp4 func=process_is_running
+ shift 2
+ process_is_running 5768
+ kill -0 5768
++ color_green '[running]'
++ printf '\e[32m[running]\e[0m'
+ echo -e 'dns2tcp4:\t[running]'
dns2tcp4:   [running]
+ is_enabled_dns2tcp
+ case "$dns2tcp_enable" in
+ is_enabled_udp
+ is_false true
+ is_true true
+ '[' true = true ']'
+ is_enabled_ipv6
+ is_true true
+ '[' true = true ']'
+ _status dns2tcp6 process_is_running 5770
+ local name=dns2tcp6 func=process_is_running
+ shift 2
+ process_is_running 5770
+ kill -0 5770
++ color_green '[running]'
++ printf '\e[32m[running]\e[0m'
+ echo -e 'dns2tcp6:\t[running]'
dns2tcp6:   [running]
+ call_func extra_status
+ is_func extra_status
++ type -t extra_status
+ '[' function = function ']'
+ extra_status
+ return
+ return 0

症状也是跟上面差不多一样,国内网站curl正常,国外不正常。

[root@WSL ~]# curl -L www.apple.com

# 会有大量的日志产生,下面是截取的一小段
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] try to connect to 2001:4860:4860::8888#53
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from 127.0.0.1#58528, nrecv:31
2023-05-31 01:32:23 ERR: [tcp_recvmsg_cb] recv from 2001:4860:4860::8888#53: connection is closed
2023-05-31 01:32:23 ERR: [udp_recvmsg_cb] create tcp socket: (24) Too many open files
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from ::1#48043, nrecv:31
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] try to connect to 2001:4860:4860::8888#53
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from ::1#48043, nrecv:31
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] try to connect to 2001:4860:4860::8888#53
2023-05-31 01:32:23 INF: [tcp_connect_cb] connect to 2001:4860:4860::8888#53 succeed
2023-05-31 01:32:23 INF: [tcp_sendmsg_cb] send to 2001:4860:4860::8888#53, nsend:33
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from ::1#48043, nrecv:31
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from 127.0.0.1#58528, nrecv:31
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] try to connect to 2001:4860:4860::8888#53
2023-05-31 01:32:23 ERR: [udp_recvmsg_cb] create tcp socket: (24) Too many open files
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from ::1#48043, nrecv:31
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] try to connect to 2001:4860:4860::8888#53
2023-05-31 01:32:23 ERR: [tcp_recvmsg_cb] recv from 2001:4860:4860::8888#53: connection is closed
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from 127.0.0.1#58528, nrecv:31
2023-05-31 01:32:23 ERR: [udp_recvmsg_cb] create tcp socket: (24) Too many open files
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from ::1#48043, nrecv:31
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] try to connect to 2001:4860:4860::8888#53
2023-05-31 01:32:23 ERR: [tcp_recvmsg_cb] recv from 2001:4860:4860::8888#53: connection is closed
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from 127.0.0.1#58528, nrecv:31
2023-05-31 01:32:23 ERR: [udp_recvmsg_cb] create tcp socket: (24) Too many open files
2023-05-31 01:32:23 INF: [tcp_connect_cb] connect to 2001:4860:4860::8888#53 succeed
2023-05-31 01:32:23 INF: [tcp_sendmsg_cb] send to 2001:4860:4860::8888#53, nsend:33
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from 127.0.0.1#58528, nrecv:31
2023-05-31 01:32:23 ERR: [udp_recvmsg_cb] create tcp socket: (24) Too many open files
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from 127.0.0.1#58528, nrecv:31
2023-05-31 01:32:23 ERR: [udp_recvmsg_cb] create tcp socket: (24) Too many open files
2023-05-31 01:32:23 ERR: [tcp_recvmsg_cb] recv from 2001:4860:4860::8888#53: connection is closed
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from ::1#48043, nrecv:31
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] try to connect to 2001:4860:4860::8888#53
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from 127.0.0.1#58528, nrecv:31
2023-05-31 01:32:23 ERR: [udp_recvmsg_cb] create tcp socket: (24) Too many open files
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from 127.0.0.1#58528, nrecv:31
2023-05-31 01:32:23 ERR: [udp_recvmsg_cb] create tcp socket: (24) Too many open files
2023-05-31 01:32:23 INF: [tcp_connect_cb] connect to 2001:4860:4860::8888#53 succeed
2023-05-31 01:32:23 INF: [tcp_sendmsg_cb] send to 2001:4860:4860::8888#53, nsend:33
2023-05-31 01:32:23 ERR: [tcp_recvmsg_cb] recv from 2001:4860:4860::8888#53: connection is closed
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from 127.0.0.1#58528, nrecv:31
2023-05-31 01:32:23 ERR: [udp_recvmsg_cb] create tcp socket: (24) Too many open files
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from 127.0.0.1#58528, nrecv:31
2023-05-31 01:32:23 ERR: [udp_recvmsg_cb] create tcp socket: (24) Too many open files
2023-05-31 01:32:23 ERR: [tcp_recvmsg_cb] recv from 2001:4860:4860::8888#53: connection is closed
2023-05-31 01:32:23 ERR: [tcp_recvmsg_cb] recv from 2001:4860:4860::8888#53: connection is closed
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from ::1#48043, nrecv:31
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] try to connect to 2001:4860:4860::8888#53
2023-05-31 01:32:23 INF: [tcp_connect_cb] connect to 2001:4860:4860::8888#53 succeed
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from 127.0.0.1#58528, nrecv:31
2023-05-31 01:32:23 ERR: [udp_recvmsg_cb] create tcp socket: (24) Too many open files
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from 127.0.0.1#58528, nrecv:31
2023-05-31 01:32:23 ERR: [udp_recvmsg_cb] create tcp socket: (24) Too many open files
2023-05-31 01:32:23 INF: [udp_recvmsg_cb] recv from 127.0.0.1#58528, nrecv:31
2023-05-31 01:32:23 ERR: [udp_recvmsg_cb] create tcp socket: (24) Too many open files
sunlewuyou commented 1 year ago

反复查看相关文档和日志信息,ipt2socks增加 -R -T 参数后curl国内和国外网址都能正常返回内容了。但是看日志还是有问题,仅仅访问了两次苹果网站,日志就达到了惊人的将近3GB! 以下是我清空dns2tcp日志后再进行的操作:

# 执行一次
curl -L www.apple.com

[root@WSL ~]# cat /var/log/dns2tcp.log | wc -l
14728
[root@WSL ~]# head /var/log/dns2tcp.log

2023-05-31 02:01:18 INF: [udp_recvmsg_cb] recv from 127.0.0.1#54370, nrecv:31
2023-05-31 02:01:18 INF: [udp_recvmsg_cb] recv from ::1#45470, nrecv:31
2023-05-31 02:01:18 INF: [udp_recvmsg_cb] try to connect to 2001:4860:4860::8888#53
2023-05-31 02:01:18 INF: [tcp_connect_cb] connect to 2001:4860:4860::8888#53 succeed
2023-05-31 02:01:18 INF: [udp_recvmsg_cb] try to connect to 8.8.8.8#53
2023-05-31 02:01:18 INF: [tcp_sendmsg_cb] send to 2001:4860:4860::8888#53, nsend:33
2023-05-31 02:01:18 INF: [tcp_connect_cb] connect to 8.8.8.8#53 succeed
2023-05-31 02:01:18 INF: [udp_recvmsg_cb] recv from ::1#45470, nrecv:31
2023-05-31 02:01:18 INF: [tcp_sendmsg_cb] send to 8.8.8.8#53, nsend:33

# 再执行一次
curl -L www.apple.com
[root@WSL ~]# cat /var/log/dns2tcp.log | wc -l
29675
[root@WSL ~]# tail -n20 /var/log/dns2tcp.log
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] recv from 8.8.8.8#53, nrecv:183
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] send to 127.0.0.1#58685, nsend:181
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] recv from 8.8.8.8#53, nrecv:183
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] send to 127.0.0.1#58685, nsend:181
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] recv from 8.8.8.8#53, nrecv:183
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] send to 127.0.0.1#58685, nsend:181
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] recv from 8.8.8.8#53, nrecv:183
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] send to 127.0.0.1#58685, nsend:181
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] recv from 8.8.8.8#53, nrecv:183
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] send to 127.0.0.1#58685, nsend:181
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] recv from 8.8.8.8#53, nrecv:183
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] send to 127.0.0.1#58685, nsend:181
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] recv from 8.8.8.8#53, nrecv:183
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] send to 127.0.0.1#58685, nsend:181
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] recv from 8.8.8.8#53, nrecv:183
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] send to 127.0.0.1#58685, nsend:181
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] recv from 8.8.8.8#53, nrecv:183
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] send to 127.0.0.1#58685, nsend:181
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] recv from 8.8.8.8#53, nrecv:183
2023-05-31 02:07:02 INF: [tcp_recvmsg_cb] send to 127.0.0.1#58685, nsend:181

# 访问谷歌和油管都不会产生新的日志记录
curl -L www.google.com

# 访问openai.com会产生少许日志
curl -L openai.com
[root@WSL ~]# tail -n33 /var/log/dns2tcp.log
2023-05-31 02:16:59 INF: [udp_recvmsg_cb] recv from 127.0.0.1#49025, nrecv:28
2023-05-31 02:16:59 INF: [udp_recvmsg_cb] recv from ::1#58468, nrecv:28
2023-05-31 02:16:59 INF: [udp_recvmsg_cb] try to connect to 8.8.8.8#53
2023-05-31 02:16:59 INF: [tcp_connect_cb] connect to 8.8.8.8#53 succeed
2023-05-31 02:16:59 INF: [udp_recvmsg_cb] try to connect to 2001:4860:4860::8888#53
2023-05-31 02:16:59 INF: [tcp_connect_cb] connect to 2001:4860:4860::8888#53 succeed
2023-05-31 02:16:59 INF: [tcp_sendmsg_cb] send to 8.8.8.8#53, nsend:30
2023-05-31 02:16:59 INF: [udp_recvmsg_cb] recv from 127.0.0.1#49025, nrecv:28
2023-05-31 02:16:59 INF: [tcp_sendmsg_cb] send to 2001:4860:4860::8888#53, nsend:30
2023-05-31 02:16:59 INF: [udp_recvmsg_cb] recv from ::1#58468, nrecv:28
2023-05-31 02:16:59 INF: [udp_recvmsg_cb] try to connect to 8.8.8.8#53
2023-05-31 02:16:59 INF: [udp_recvmsg_cb] try to connect to 2001:4860:4860::8888#53
2023-05-31 02:16:59 INF: [tcp_connect_cb] connect to 8.8.8.8#53 succeed
2023-05-31 02:16:59 INF: [tcp_connect_cb] connect to 2001:4860:4860::8888#53 succeed
2023-05-31 02:16:59 INF: [tcp_sendmsg_cb] send to 8.8.8.8#53, nsend:30
2023-05-31 02:16:59 INF: [tcp_sendmsg_cb] send to 2001:4860:4860::8888#53, nsend:30
2023-05-31 02:16:59 ERR: [tcp_recvmsg_cb] recv from 2001:4860:4860::8888#53: connection is closed
2023-05-31 02:16:59 ERR: [tcp_recvmsg_cb] recv from 2001:4860:4860::8888#53: connection is closed
2023-05-31 02:17:00 INF: [tcp_recvmsg_cb] recv from 8.8.8.8#53, nrecv:113
2023-05-31 02:17:00 INF: [tcp_recvmsg_cb] send to 127.0.0.1#49025, nsend:111
2023-05-31 02:17:00 INF: [tcp_recvmsg_cb] recv from 8.8.8.8#53, nrecv:62
2023-05-31 02:17:00 INF: [tcp_recvmsg_cb] send to 127.0.0.1#49025, nsend:60
2023-05-31 02:17:01 INF: [udp_recvmsg_cb] recv from 127.0.0.1#49025, nrecv:28
2023-05-31 02:17:01 INF: [udp_recvmsg_cb] recv from ::1#58468, nrecv:28
2023-05-31 02:17:01 INF: [udp_recvmsg_cb] try to connect to 8.8.8.8#53
2023-05-31 02:17:01 INF: [tcp_connect_cb] connect to 8.8.8.8#53 succeed
2023-05-31 02:17:01 INF: [udp_recvmsg_cb] try to connect to 2001:4860:4860::8888#53
2023-05-31 02:17:01 INF: [tcp_sendmsg_cb] send to 8.8.8.8#53, nsend:30
2023-05-31 02:17:01 INF: [tcp_connect_cb] connect to 2001:4860:4860::8888#53 succeed
2023-05-31 02:17:01 INF: [tcp_sendmsg_cb] send to 2001:4860:4860::8888#53, nsend:30
2023-05-31 02:17:01 ERR: [tcp_recvmsg_cb] recv from 2001:4860:4860::8888#53: connection is closed
2023-05-31 02:17:01 INF: [tcp_recvmsg_cb] recv from 8.8.8.8#53, nrecv:113
2023-05-31 02:17:01 INF: [tcp_recvmsg_cb] send to 127.0.0.1#49025, nsend:111

@zfl9 麻烦您帮忙再分析分析问题到底出在哪,谢谢~

zfl9 commented 1 year ago
  1. naive 不支持 udp,所以需要设置 tcponly='true',只代理 tcp 流量
  2. 没有 TPROXY 模块,所以需要使用 REDIRECT 模式:
    • tproxy='false'
    • ipt2socks 必须加上参数 -R
    • 这两个一定要配套,也就是说,如果tproxy='true',那么就不能带-R
  3. 最后关于日志问题,应该是之前错误设置时留下的,使用如下步骤,再试应该没问题:
    • ss-tproxy stop
    • rm -fr /var/log/ipt2socks.log
    • rm -fr /var/log/dns2tcp.log
    • 检查 ss-tproxy.conf,需要确保:
      • tproxy='false'
      • tcponly='true'
      • ipt2socks -R 参数
      • dns2tcp='auto' 或者 dns2tcp='true'
      • 把代理、dns进程的verbose日志关了,比如dns2tcp的,ipt2socks的
    • 然后 ss-tproxy start,进行 curl 测试,检查日志,应该正常。
sunlewuyou commented 1 year ago

@zfl9 按照上述指导进行了配置,问题解决了。 ipt2socks需不需要加参数 T 呢? 日志里会有少量ERR信息如下:

zfl9 commented 1 year ago

这些err看起来是ipv6无法访问,你检查下当前主机,是否可以访问ipv6,ip -6 route 看看是否设置了网关。

sunlewuyou commented 1 year ago

虽然有err,但是curl是成功返回了内容的。

[root@WSL ~]# ip -6 route
anycast fe80:: dev eth0 proto kernel metric 0 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
multicast ff00::/8 dev eth0 proto kernel metric 256 pref medium
zfl9 commented 1 year ago

curl 可以正常访问 v6 是吗?

curl -vv 看看是不是 ipv6 地址。国内(白名单)和国外(黑名单)都试下?

zfl9 commented 1 year ago

ipt2socks需不需要加参数 T 呢?

可以加也可以不加,因为已经设置了 tcponly='true',所以 ipt2socks 这边无所谓的。

sunlewuyou commented 1 year ago 
[root@WSL ~]# curl -vv -L chrome.com
* About to connect() to chrome.com port 80 (#0)
*   Trying 216.239.32.27...
* Connected to chrome.com (216.239.32.27) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: chrome.com
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Location: https://www.google.com/chrome/
< Content-Type: text/html; charset=UTF-8
< X-Content-Type-Options: nosniff
< Date: Wed, 31 May 2023 03:17:55 GMT
< Expires: Wed, 31 May 2023 03:47:55 GMT
< Cache-Control: public, max-age=1800
< Server: sffe
< Content-Length: 227
< X-XSS-Protection: 0
< 
* Ignoring the response-body
* Connection #0 to host chrome.com left intact
* Issue another request to this URL: 'https://www.google.com/chrome/'
* About to connect() to www.google.com port 443 (#1)
*   Trying 142.250.68.68...
* Connected to www.google.com (142.250.68.68) port 443 (#1)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*   subject: CN=www.google.com
*   start date: May 19 12:58:13 2023 GMT
*   expire date: Aug 11 12:58:12 2023 GMT
*   common name: www.google.com
*   issuer: CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
> GET /chrome/ HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.google.com
> Accept: */*
> 
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Vary: Accept-Encoding
< Content-Type: text/html; charset=UTF-8
< Content-Security-Policy-Report-Only: script-src 'nonce-6OkszJpjBo6Pe0ss57_0TA' 'report-sample' 'self' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https: https://analytics.google.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com; object-src 'none'; img-src * data:; connect-src 'self' *.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chrome; base-uri 'none'
< Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chrome
< Cross-Origin-Resource-Policy: cross-origin
< Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="uxe-owners-acl/chrome"
< Report-To: {"group":"uxe-owners-acl/chrome","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/uxe-owners-acl/chrome"}]}
< Content-Length: 296152
< Date: Wed, 31 May 2023 03:17:56 GMT
< Pragma: no-cache
< Expires: Fri, 01 Jan 1990 00:00:00 GMT
< Cache-Control: no-cache, must-revalidate
< Last-Modified: Thu, 25 May 2023 14:00:00 GMT
< X-Content-Type-Options: nosniff
< Server: sffe
< X-XSS-Protection: 0
< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
< 
<!DOCTYPE html>
            <script nonce="6OkszJpjBo6Pe0ss57_0TA">
  function r(p){try{window.stop();}catch(exception){document.execCommand('Stop');}window.location.replace(p+window.location.search)}var ua=navigator.userAgent;if(ua.match(".*NT 5\.[12].*")!==null){ r("/chrome/fallback/") }if(ua.indexOf("MSIE")>=0||ua.indexOf("Trident/7.0") > 0){ r("/chrome/fallback/") }</script><!--[if IE 9 ]>
<html class="no-js ie ie9 dir-ltr" lang="en" dir="ltr"><![endif]--><!--[if IE 8 ]>
  <html class="no-js ie ie8 dir-ltr" lang="en" dir="ltr"><![endif]--><!--[if IE 7 ]>
    <html class="no-js ie ie7 dir-ltr" lang="en" dir="ltr"><![endif]--><!--[if IE 6 ]>
      <html class="no-js ie ie6 dir-ltr" lang="en" dir="ltr"><![endif]--><!--[if (gte IE 10)|!(IE)]><!-->
        <html itemscope itemtype="https://schema.org/WebPage" class="no-js no-ie" lang="en" dir="ltr"><!--<![endif]-->
          <head>
            <meta charset="utf-8">
            <meta http-equiv="content-language" content="en-us">

[root@WSL ~]# curl -6 -vv -L chrome.com
* About to connect() to chrome.com port 80 (#0)
*   Trying 2001:4860:4802:32::1b...
* Failed to connect to 2001:4860:4802:32::1b: Network is unreachable
* couldn't connect to host at chrome.com:80
* Closing connection 0
curl: (7) Failed to connect to 2001:4860:4802:32::1b: Network is unreachable
zfl9 commented 1 year ago

看了下你的 v6 路由表,只有 fe80 地址(类似 v4 的 169.254),肯定是无法访问 v6 公网的。

sunlewuyou commented 1 year ago 
[root@WSL ~]# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.22.55.115  netmask 255.255.240.0  broadcast 172.22.63.255
        inet6 fe80::215:5dff:fed9:4ec  prefixlen 64  scopeid 0x20<link>
        ether 00:15:5d:d9:04:ec  txqueuelen 1000  (Ethernet)
        RX packets 2704  bytes 3013305 (2.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1419  bytes 102079 (99.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 8275  bytes 11968673 (11.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8275  bytes 11968673 (11.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

物理机是支持ipv6的,是代理服务器不支持ipv6的缘故吗?

zfl9 commented 1 year ago

系统是支持 v6,但问题是。。你没有v6网络呀。fe80 地址说明没有 v6 可用。

你可以 ss-tproxy stop,然后访问国内的 v6 网站看看,不能访问说明就是没有 v6 网络。

sunlewuyou commented 1 year ago

我想可能是WSL分配的私网地址导致的。我改成桥接试试,谢谢指点!

xtccc commented 1 year ago

我想可能是WSL分配的私网地址导致的。我改成桥接试试,谢谢指点!

你可以使用ping 240C::6666 -6 -c 1 看看有没有响应判断ipv6 是不是配置好了

ping 240C::6666 -6 -c 1
PING 240C::6666(240c::6666) 56 data bytes
64 bytes from 240c::6666: icmp_seq=1 ttl=57 time=21.5 ms

--- 240C::6666 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 21.492/21.492/21.492/0.000 ms
sunlewuyou commented 1 year ago

系统是支持 v6,但问题是。。你没有v6网络呀。fe80 地址说明没有 v6 可用。

你可以 ss-tproxy stop,然后访问国内的 v6 网站看看,不能访问说明就是没有 v6 网络。

WSL改成桥接后,未开启ss-tproxy前ipv6已可用了,开启后不能用了。

[root@WSL ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.4  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 2408:8352:1f:2261:5ebb:f6ff:fe9e:eefa  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::5ebb:f6ff:fe9e:eefa  prefixlen 64  scopeid 0x20<link>
        ether 5c:bb:f6:9e:ee:fa  txqueuelen 1000  (Ethernet)
        RX packets 71  bytes 8090 (7.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 31  bytes 3128 (3.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@WSL ~]# curl -6 -vv 6.ipw.cn
* About to connect() to 6.ipw.cn port 80 (#0)
*   Trying 2402:4e00:1013:e500:0:9671:f018:4947...
* Connected to 6.ipw.cn (2402:4e00:1013:e500:0:9671:f018:4947) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 6.ipw.cn
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 05 Jun 2023 01:08:20 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 37
< Connection: keep-alive
< Access-Control-Allow-Origin: https://ipw.cn
< strict-transport-security: max-age=16070400;preload
<
* Connection #0 to host 6.ipw.cn left intact
2408:8352:1f:2261:5ebb:f6ff:fe9e:eefa

[root@WSL ~]# ss-tproxy start
mode:           chnroute
proxy/tcp:      [running]
dnsmasq:        [running]
chinadns:       [running]
dns2tcp4:       [running]
dns2tcp6:       [running]

[root@WSL ~]# curl -6 -vv 6.ipw.cn
* About to connect() to 6.ipw.cn port 80 (#0)
*   Trying 2402:4e00:1013:e500:0:9671:f018:4947...
* Failed to connect to 2402:4e00:1013:e500:0:9671:f018:4947: Network is unreachable
* couldn't connect to host at 6.ipw.cn:80
* Closing connection 0
curl: (7) Failed to connect to 2402:4e00:1013:e500:0:9671:f018:4947: Network is unreachable
zfl9 commented 1 year ago

看下 ipt2socks 日志?

sunlewuyou commented 1 year ago

我想可能是WSL分配的私网地址导致的。我改成桥接试试,谢谢指点!

你可以使用ping 240C::6666 -6 -c 1 看看有没有响应判断ipv6 是不是配置好了

ping 240C::6666 -6 -c 1
PING 240C::6666(240c::6666) 56 data bytes
64 bytes from 240c::6666: icmp_seq=1 ttl=57 time=21.5 ms

--- 240C::6666 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 21.492/21.492/21.492/0.000 ms

未开启前是可以的,谢谢。

sunlewuyou commented 1 year ago

看下 ipt2socks 日志?

没有日志产生

[root@WSL ~]# tail -f /var/log/ipt2socks.log
2023-05-31 11:47:19 INF: [main] use redirect instead of tproxy
2023-05-31 11:59:30 INF: [main] server address: 127.0.0.1#1080
2023-05-31 11:59:30 INF: [main] listen address: 0.0.0.0#60080
2023-05-31 11:59:30 INF: [main] listen address: ::#60080
2023-05-31 11:59:30 INF: [main] udp cache maximum size: 256
2023-05-31 11:59:30 INF: [main] udp socket idle timeout: 60
2023-05-31 11:59:30 INF: [main] number of worker threads: 1
2023-05-31 11:59:30 INF: [main] enable tcp transparent proxy
2023-05-31 11:59:30 INF: [main] enable udp transparent proxy
2023-05-31 11:59:30 INF: [main] use redirect instead of tproxy
2023-05-31 12:11:01 INF: [main] server address: 127.0.0.1#1080
2023-05-31 12:11:01 INF: [main] listen address: 0.0.0.0#60080
2023-05-31 12:11:01 INF: [main] listen address: ::#60080
2023-05-31 12:11:01 INF: [main] udp cache maximum size: 256
2023-05-31 12:11:01 INF: [main] udp socket idle timeout: 60
2023-05-31 12:11:01 INF: [main] number of worker threads: 1
2023-05-31 12:11:01 INF: [main] enable tcp transparent proxy
2023-05-31 12:11:01 INF: [main] enable udp transparent proxy
2023-05-31 12:11:01 INF: [main] use redirect instead of tproxy
zfl9 commented 1 year ago

那这个ip应该是被判定为白名单,走直连,但是无法访问。。

这就奇了怪了,ss-tproxy stop 后,就可以访问是吗?

sunlewuyou commented 1 year ago

那这个ip应该是被判定为白名单,走直连,但是无法访问。。

这就奇了怪了,ss-tproxy stop 后,就可以访问是吗?

关闭了也访问不了了,我需要完全重启WSL才可以恢复。

[root@WSL ~]# ss-tproxy stop
mode:           chnroute
proxy/tcp:      [stopped]
dnsmasq:        [stopped]
chinadns:       [stopped]
dns2tcp4:       [stopped]
dns2tcp6:       [stopped]
[root@WSL ~]# ping 240C::6666 -6 -c 1
connect: Network is unreachable
[root@WSL ~]# curl -6 -vv 6.ipw.cn
* About to connect() to 6.ipw.cn port 80 (#0)
*   Trying 2402:4e00:1013:e500:0:9671:f018:4947...
* Failed to connect to 2402:4e00:1013:e500:0:9671:f018:4947: Network is unreachable
* couldn't connect to host at 6.ipw.cn:80
* Closing connection 0
curl: (7) Failed to connect to 2402:4e00:1013:e500:0:9671:f018:4947: Network is unreachable
zfl9 commented 1 year ago

那应该是 WSL 的 IPv6 网络有什么问题。看起来与 ss-tproxy 没关系了。

sunlewuyou commented 1 year ago

那应该是 WSL 的 IPv6 网络有什么问题。看起来与 ss-tproxy 没关系了。

应该是的,我搜索后发现Stack Overflow有人以前反馈过WSL下使用ipv6有问题,虽然微软目前看已经在WSL2中支持了ipv6,但貌似实际使用时尤其是复杂场景还是会出一些莫名其妙的问题。

同样我也在VM虚拟机的CentOS7中部署了ss-tproxy,开关ss-tproxy测试使用ipv6一切正常。

sunlewuyou commented 1 year ago

对了,请问您以后有将ss-tproxy做成一键安装脚本的打算吗?那种交互式选择加自定义参数输入的安装模式应该会更友善,现在的部署方式个人感觉对小白还是有门槛的,稍显复杂,容易出错,支持一键傻瓜式安装就最好了,这样小白也能轻松驾驭了。 最后希望本项目越来越好,作者事业顺利、身体健康~~~✧。٩(ˊᗜˋ)و✧*。

zfl9 commented 1 year ago

也许会,看有没有空哈。

已加入 TODO 列表。

zfl9 commented 1 year ago

naive 示例已添加到 README(注意,naive 不支持 UDP 代理)。

例子中,使用的是 TPROXY 模式,如果要使用 REDIRECT 模式,只需:

sunlewuyou commented 1 year ago

看到了,谢谢更新使用手册^_^