chinadns-ng版本下错了

YahuiWong commented 2 weeks ago

出现一个问题，封装在docker 之后发现启动之后 chinadns 是stop的状态

chinadns 是依赖表内核的TPROXY模块的嘛？

zfl9 commented 2 weeks ago

看日志。

YahuiWong commented 2 weeks ago

/var/log/chinadns.log 日志文件创建了，但是内容是空的，不知道怎么定位了

chinadns_verbose='true' 也没有看到日志内容

使用的chinadns版本是： 2024.10.14 tt-tproxy版本是： v4.8.3

YahuiWong commented 2 weeks ago

ss-tproxy restart -x 返回信息如下：

ss-tproxy restart -x
+ (( ++i ))
+ (( i < 2 ))
+ '[' 1 -eq 0 ']'
+ '[' /etc/ss-tproxy ']'
+ '[' ss-tproxy.conf ']'
+ cd -- /etc/ss-tproxy
+ load_config
+ file_required ss-tproxy.conf
+ file_is_exists ss-tproxy.conf
+ '[' -f ss-tproxy.conf ']'
+ source ss-tproxy.conf restart
++ mode=chnroute
++ ipv4=true
++ ipv6=false
++ tproxy=true
++ tcponly=false
++ selfonly=false
++ proxy_procgroup=proxy
++ proxy_tcpport=60080
++ proxy_udpport=60080
++ proxy_startcmd='/usr/local/bin/mihomo -d /etc/mihomo'
+++ ps -ef
+++ grep mihomo
+++ grep -v grep
+++ awk '{print $2}'
+++ sort -nur
+++ head -n 1
++ proxy_stopcmd='kill   '
++ dns_custom=false
++ dns_procgroup=proxy_dns
++ dns_mainport=60053
++ dns_direct=223.5.5.5
++ dns_direct6=240C::6666
++ dns_direct_white=true
++ dns_direct6_white=true
++ dns_remote_tcp=tcponly
++ dns_remote=8.8.8.8
++ dns_remote6=2001:4860:4860::8888
++ dns_remote_black=true
++ dns_remote6_black=true
++ chinadns_bind_port=
++ chinadns_cache_size=4096
++ chinadns_cache_stale=65535
++ chinadns_cache_refresh=20
++ chinadns_cache_db=dns-cache.db
++ chinadns_verdict_cache=4096
++ chinadns_verdict_db=verdict-cache.db
++ chinadns_chnlist_first=false
++ chinadns_config_files=
++ chinadns_extra_options=
++ chinadns_verbose=true
++ chinadns_logfile=/var/log/chinadns.log
++ ipts_if_lo=lo
++ ipts_rt_tab=233
++ ipts_rt_mark=0x2333
++ ipts_set_snat=false
++ ipts_set_snat6=false
++ ipts_reddns_onstop=223.5.5.5#53
++ ipts_reddns6_onstop=240C::6666#53
++ ipts_proxy_dst_port=
++ ipts_drop_quic=tcponly
++ opts_ss_netstat=auto
++ url_gfwlist=https://raw.githubusercontent.com/pexcn/daily/gh-pages/gfwlist/gfwlist.txt
++ url_chnlist=https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf
++ url_chnroute=https://ftp.apnic.net/stats/apnic/delegated-apnic-latest
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ is_global_mode
+ '[' chnroute = global ']'
+ is_gfwlist_mode
+ '[' chnroute = gfwlist ']'
+ is_chnroute_mode
+ '[' chnroute = chnroute ']'
+ file_required ignlist.ext
+ file_is_exists ignlist.ext
+ '[' -f ignlist.ext ']'
+ file_required chnlist.txt
+ file_is_exists chnlist.txt
+ '[' -f chnlist.txt ']'
+ file_required chnroute.txt
+ file_is_exists chnroute.txt
+ '[' -f chnroute.txt ']'
+ file_required chnroute6.txt
+ file_is_exists chnroute6.txt
+ '[' -f chnroute6.txt ']'
+ file_required gfwlist.txt
+ file_is_exists gfwlist.txt
+ '[' -f gfwlist.txt ']'
+ file_required gfwlist.ext
+ file_is_exists gfwlist.ext
+ '[' -f gfwlist.ext ']'
+ '[' proxy -a proxy '!=' 0 -a proxy '!=' root ']'
+ '[' proxy_dns -a proxy_dns '!=' 0 -a proxy_dns '!=' root ']'
+ '[' proxy '!=' proxy_dns ']'
+ group_is_exists proxy
+ is_uint proxy
+ '[' proxy ']'
+ '[' -z proxy ']'
+ grep -q '^proxy:' /etc/group
+ group_is_exists proxy_dns
+ is_uint proxy_dns
+ '[' proxy_dns ']'
+ '[' -z proxy_dns ']'
+ grep -q '^proxy_dns:' /etc/group
+ is_need_iproute
+ is_tcp_tproxy
+ is_true true
+ '[' true = true ']'
+ command_required ip
+ command_is_exists ip
+ type -P ip
+ command_required ipset
+ command_is_exists ipset
+ type -P ipset
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ command_required iptables
+ command_is_exists iptables
+ type -P iptables
+ is_enabled_ipv6
+ is_true false
+ '[' false = true ']'
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ set_dns_group chinadns-ng
+ set_command_group proxy_dns chinadns-ng
+ command_required chinadns-ng
+ command_is_exists chinadns-ng
+ type -P chinadns-ng
++ command_path chinadns-ng
++ type -P chinadns-ng
+ local group=proxy_dns path=/usr/local/bin/chinadns-ng
+ chgrp proxy_dns /usr/local/bin/chinadns-ng
+ chmod g+xs /usr/local/bin/chinadns-ng
+ case "$opts_ss_netstat" in
+ command_is_exists ss
+ type -P ss
+ netstat=ss
+ load_pidfile
+ ss_tproxy_is_started
+ iptables -t mangle -S SSTP_OUTPUT
+ source .ss-tproxy.pid
++ sstp_pid_chinadns=7246
+ case "${arg_list[0]}" in
+ stop
+ call_func pre_stop
+ is_func pre_stop
++ type -t pre_stop
+ '[' function = function ']'
+ pre_stop
+ return
+ delete_pidfile
+ rm -f .ss-tproxy.pid
+ flush_iptables
+ _flush_iptables iptables
+ iptables -t mangle -D PREROUTING -j SSTP_PREROUTING
+ iptables -t mangle -D OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -D PREROUTING -j SSTP_PREROUTING
+ iptables -t nat -D OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ for table in mangle nat
++ iptables -t mangle -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local 'chain_list=SSTP_OUTPUT
SSTP_PREROUTING
SSTP_RULE'
+ for chain in $chain_list
+ iptables -t mangle -F SSTP_OUTPUT
+ command iptables -w -t mangle -F SSTP_OUTPUT
+ for chain in $chain_list
+ iptables -t mangle -F SSTP_PREROUTING
+ command iptables -w -t mangle -F SSTP_PREROUTING
+ for chain in $chain_list
+ iptables -t mangle -F SSTP_RULE
+ command iptables -w -t mangle -F SSTP_RULE
+ for chain in $chain_list
+ iptables -t mangle -X SSTP_OUTPUT
+ command iptables -w -t mangle -X SSTP_OUTPUT
+ for chain in $chain_list
+ iptables -t mangle -X SSTP_PREROUTING
+ command iptables -w -t mangle -X SSTP_PREROUTING
+ for chain in $chain_list
+ iptables -t mangle -X SSTP_RULE
+ command iptables -w -t mangle -X SSTP_RULE
+ for table in mangle nat
++ iptables -t nat -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local 'chain_list=SSTP_OUTPUT
SSTP_POSTROUTING
SSTP_PREROUTING'
+ for chain in $chain_list
+ iptables -t nat -F SSTP_OUTPUT
+ command iptables -w -t nat -F SSTP_OUTPUT
+ for chain in $chain_list
+ iptables -t nat -F SSTP_POSTROUTING
+ command iptables -w -t nat -F SSTP_POSTROUTING
+ for chain in $chain_list
+ iptables -t nat -F SSTP_PREROUTING
+ command iptables -w -t nat -F SSTP_PREROUTING
+ for chain in $chain_list
+ iptables -t nat -X SSTP_OUTPUT
+ command iptables -w -t nat -X SSTP_OUTPUT
+ for chain in $chain_list
+ iptables -t nat -X SSTP_POSTROUTING
+ command iptables -w -t nat -X SSTP_POSTROUTING
+ for chain in $chain_list
+ iptables -t nat -X SSTP_PREROUTING
+ command iptables -w -t nat -X SSTP_PREROUTING
+ _flush_iptables ip6tables
+ ip6tables -t mangle -D PREROUTING -j SSTP_PREROUTING
+ ip6tables -t mangle -D OUTPUT -j SSTP_OUTPUT
+ ip6tables -t nat -D PREROUTING -j SSTP_PREROUTING
+ ip6tables -t nat -D OUTPUT -j SSTP_OUTPUT
+ ip6tables -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ for table in mangle nat
++ ip6tables -t mangle -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local chain_list=
+ for table in mangle nat
++ ip6tables -t nat -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local chain_list=
+ flush_iproute
+ _flush_iproute -4
+ ip -4 rule del table 233
+ true
+ ip -4 rule del table 233
+ ip -4 route flush table 233
+ _flush_iproute -6
+ ip -6 rule del table 233
+ ip -6 route flush table 233
+ stop_dnsserver
+ kill_by_pid 7246
+ '[' 1 -eq 0 ']'
+ for pid in "$@"
+ process_is_running 7246
+ kill -0 7246
+ local running_pids
+ (( i = 0 ))
+ (( i < 100 ))
+ running_pids=()
+ for pid in "$@"
+ process_is_running 7246
+ kill -0 7246
+ '[' 0 -eq 0 ']'
+ return
+ call_func custom_dns_stop
+ is_func custom_dns_stop
++ type -t custom_dns_stop
+ '[' function = function ']'
+ custom_dns_stop
+ return
+ stop_proxyproc
+ eval 'kill   '
++ kill
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
+ flush_ipset
++ ipset -n list
++ grep '^sstp_'
+ for setname in $(ipset -n list | grep '^sstp_')
+ ipset destroy sstp_white
+ for setname in $(ipset -n list | grep '^sstp_')
+ ipset destroy sstp_white6
+ for setname in $(ipset -n list | grep '^sstp_')
+ ipset destroy sstp_black
+ for setname in $(ipset -n list | grep '^sstp_')
+ ipset destroy sstp_black6
+ add_stoprule
+ is_proxy_other
+ is_false false
+ is_true false
+ '[' false = true ']'
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ _add_stoprule iptables
+ add_reddns_rule iptables
+ local direct_dns_ip direct_dns_ipx direct_dns_port
+ is_ipv4_ipts iptables
+ '[' iptables = iptables ']'
+ '[' -z 223.5.5.5#53 ']'
++ get_ip_from_addr 223.5.5.5#53
++ local addr=223.5.5.5#53
++ echo 223.5.5.5
+ direct_dns_ip=223.5.5.5
+ direct_dns_ipx=223.5.5.5
++ get_port_from_addr 223.5.5.5#53
++ local addr=223.5.5.5#53
++ echo 53
+ direct_dns_port=53
+ iptables -t nat -N SSTP_PREROUTING
+ iptables -t nat -N SSTP_POSTROUTING
+ iptables -t nat -A SSTP_PREROUTING -p tcp -m tcp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination 223.5.5.5:53
+ command iptables -w -t nat -A SSTP_PREROUTING -p tcp -m tcp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination 223.5.5.5:53
+ iptables -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination 223.5.5.5:53
+ command iptables -w -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination 223.5.5.5:53
+ iptables -t nat -A SSTP_POSTROUTING -d 223.5.5.5 -p tcp -m tcp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE
+ command iptables -w -t nat -A SSTP_POSTROUTING -d 223.5.5.5 -p tcp -m tcp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE
+ iptables -t nat -A SSTP_POSTROUTING -d 223.5.5.5 -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE
+ command iptables -w -t nat -A SSTP_POSTROUTING -d 223.5.5.5 -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE
+ add_snat_rule iptables
+ is_ipv4_ipts iptables
+ '[' iptables = iptables ']'
+ is_false false
+ is_true false
+ '[' false = true ']'
+ return
+ add_sstp_chain iptables nat PREROUTING
+ local table=nat chain=PREROUTING
+ chain_is_exists iptables nat SSTP_PREROUTING
+ local table=nat chain=SSTP_PREROUTING
+ iptables -t nat -S SSTP_PREROUTING
+ iptables -t nat -A PREROUTING -j SSTP_PREROUTING
+ command iptables -w -t nat -A PREROUTING -j SSTP_PREROUTING
+ add_sstp_chain iptables nat POSTROUTING
+ local table=nat chain=POSTROUTING
+ chain_is_exists iptables nat SSTP_POSTROUTING
+ local table=nat chain=SSTP_POSTROUTING
+ iptables -t nat -S SSTP_POSTROUTING
+ iptables -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ command iptables -w -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ is_enabled_ipv6
+ is_true false
+ '[' false = true ']'
+ call_func post_stop
+ is_func post_stop
++ type -t post_stop
+ '[' function = function ']'
+ post_stop
+ return
+ status
++ font_bold chnroute
++ printf '\e[1mchnroute\e[0m'
+ echo -e 'mode:\t\tchnroute'
mode:           chnroute
+ _status proxy/tcp tcp_port_is_exists 60080
+ local name=proxy/tcp func=tcp_port_is_exists
+ shift 2
+ tcp_port_is_exists 60080
+ ss -lnpt
+ grep -q ':60080[[:blank:]]'
++ color_red '[stopped]'
++ printf '\e[35m[stopped]\e[0m'
+ echo -e 'proxy/tcp:\t[stopped]'
proxy/tcp:      [stopped]
+ is_enabled_udp
+ is_false false
+ is_true false
+ '[' false = true ']'
+ _status proxy/udp udp_port_is_exists 60080
+ local name=proxy/udp func=udp_port_is_exists
+ shift 2
+ udp_port_is_exists 60080
+ ss -anpu
+ grep -q ':60080[[:blank:]]'
++ color_red '[stopped]'
++ printf '\e[35m[stopped]\e[0m'
+ echo -e 'proxy/udp:\t[stopped]'
proxy/udp:      [stopped]
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ _status chinadns process_is_running 7246
+ local name=chinadns func=process_is_running
+ shift 2
+ process_is_running 7246
+ kill -0 7246
++ color_red '[stopped]'
++ printf '\e[35m[stopped]\e[0m'
+ echo -e 'chinadns:\t[stopped]'
chinadns:       [stopped]
+ call_func extra_status
+ is_func extra_status
++ type -t extra_status
+ '[' function = function ']'
+ extra_status
+ return
+ check_resolv_conf
+ ss_tproxy_is_started
+ iptables -t mangle -S SSTP_OUTPUT
+ iptables -t nat -S SSTP_OUTPUT
+ ip6tables -t mangle -S SSTP_OUTPUT
+ ip6tables -t nat -S SSTP_OUTPUT
+ ip -4 rule
+ grep -q 'lookup 233'
+ ip -6 rule
+ grep -q 'lookup 233'
+ ip -4 route show table 233
+ grep -q '^'
+ ip -6 route show table 233
+ grep -q '^'
+ return
+ echo

+ start
+ ss_tproxy_is_started
+ iptables -t mangle -S SSTP_OUTPUT
+ iptables -t nat -S SSTP_OUTPUT
+ ip6tables -t mangle -S SSTP_OUTPUT
+ ip6tables -t nat -S SSTP_OUTPUT
+ ip -4 rule
+ grep -q 'lookup 233'
+ ip -6 rule
+ grep -q 'lookup 233'
+ ip -4 route show table 233
+ grep -q '^'
+ ip -6 route show table 233
+ grep -q '^'
+ flush_iptables
+ _flush_iptables iptables
+ iptables -t mangle -D PREROUTING -j SSTP_PREROUTING
+ iptables -t mangle -D OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -D PREROUTING -j SSTP_PREROUTING
+ iptables -t nat -D OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ for table in mangle nat
++ iptables -t mangle -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local chain_list=
+ for table in mangle nat
++ iptables -t nat -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local 'chain_list=SSTP_POSTROUTING
SSTP_PREROUTING'
+ for chain in $chain_list
+ iptables -t nat -F SSTP_POSTROUTING
+ command iptables -w -t nat -F SSTP_POSTROUTING
+ for chain in $chain_list
+ iptables -t nat -F SSTP_PREROUTING
+ command iptables -w -t nat -F SSTP_PREROUTING
+ for chain in $chain_list
+ iptables -t nat -X SSTP_POSTROUTING
+ command iptables -w -t nat -X SSTP_POSTROUTING
+ for chain in $chain_list
+ iptables -t nat -X SSTP_PREROUTING
+ command iptables -w -t nat -X SSTP_PREROUTING
+ _flush_iptables ip6tables
+ ip6tables -t mangle -D PREROUTING -j SSTP_PREROUTING
+ ip6tables -t mangle -D OUTPUT -j SSTP_OUTPUT
+ ip6tables -t nat -D PREROUTING -j SSTP_PREROUTING
+ ip6tables -t nat -D OUTPUT -j SSTP_OUTPUT
+ ip6tables -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ for table in mangle nat
++ ip6tables -t mangle -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local chain_list=
+ for table in mangle nat
++ ip6tables -t nat -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local chain_list=
+ call_func pre_start
+ is_func pre_start
++ type -t pre_start
+ '[' function = function ']'
+ pre_start
+ return
+ set_kernel_param
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ sysctl -wq net.ipv4.ip_forward=1
+ is_enabled_ipv6
+ is_true false
+ '[' false = true ']'
+ sysctl_all_iface 4 route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/all/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-0a38832e3da2/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-19f6a8dafa60/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-386daf7ab0b9/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-40f26993e811/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-6d595f781cd9/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/default/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/docker0/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/eth0/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/lo/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/veth4d38e6f/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/vethd365ce6/route_localnet=1
+ sysctl_all_iface 4 send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/all/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-0a38832e3da2/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-19f6a8dafa60/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-386daf7ab0b9/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-40f26993e811/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-6d595f781cd9/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/default/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/docker0/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/eth0/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/lo/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/veth4d38e6f/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/vethd365ce6/send_redirects=0
+ start_ipset
+ is_global_mode
+ '[' chnroute = global ']'
+ is_gfwlist_mode
+ '[' chnroute = gfwlist ']'
+ is_chnroute_mode
+ '[' chnroute = chnroute ']'
+ list_ext_ipv4 ignlist.ext
+ grep '^-' ignlist.ext
+ init_ipset sstp_white
+ cut -c2-
++ str_find sstp_white 6
++ [[ sstp_white == *\6* ]]
++ echo inet
+ ipset create sstp_white hash:net family inet
+ get_ext_whiteip
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ get_ext_ip - true 223.5.5.5
+ case "$2" in
+ for u in $3
+ list_ext_ipv4 -
++ get_upstream_ip 223.5.5.5
++ local upstream=223.5.5.5
++ upstream=223.5.5.5
++ upstream=223.5.5.5
++ upstream=223.5.5.5
++ upstream=223.5.5.5
++ echo 223.5.5.5
+ grep '^-' -
+ echo -223.5.5.5
+ get_ext_ip '~' true 240C::6666
+ case "$2" in
+ for u in $3
+ cut -c2-
++ get_upstream_ip 240C::6666
++ local upstream=240C::6666
++ upstream=240C::6666
++ upstream=240C::6666
++ upstream=240C::6666
++ upstream=240C::6666
++ echo 240C::6666
+ sed 's/^/add sstp_white /'
+ echo '~240C::6666'
+ ipset '-!' restore
+ cat chnroute.txt
+ list_ext_ipv6 ignlist.ext
+ init_ipset sstp_white6
+ grep '^~' ignlist.ext
++ str_find sstp_white6 6
++ [[ sstp_white6 == *\6* ]]
++ echo inet6
+ cut -c2-
+ ipset create sstp_white6 hash:net family inet6
+ get_ext_whiteip
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ list_ext_ipv6 -
+ get_ext_ip - true 223.5.5.5
+ case "$2" in
+ for u in $3
+ sed 's/^/add sstp_white6 /'
+ ipset '-!' restore
++ get_upstream_ip 223.5.5.5
++ local upstream=223.5.5.5
++ upstream=223.5.5.5
++ upstream=223.5.5.5
++ upstream=223.5.5.5
++ upstream=223.5.5.5
++ echo 223.5.5.5
+ cut -c2-
+ grep '^~' -
+ echo -223.5.5.5
+ get_ext_ip '~' true 240C::6666
+ case "$2" in
+ for u in $3
++ get_upstream_ip 240C::6666
++ local upstream=240C::6666
++ upstream=240C::6666
++ upstream=240C::6666
++ upstream=240C::6666
++ upstream=240C::6666
++ echo 240C::6666
+ echo '~240C::6666'
+ cat chnroute6.txt
+ list_ext_ipv4 gfwlist.ext
+ init_ipset sstp_black
+ grep '^-' gfwlist.ext
+ cut -c2-
++ str_find sstp_black 6
++ [[ sstp_black == *\6* ]]
++ echo inet
+ ipset create sstp_black hash:net family inet
+ get_ext_blackip
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ get_ext_ip - true 8.8.8.8
+ list_ext_ipv4 -
+ case "$2" in
+ for u in $3
+ grep '^-' -
++ get_upstream_ip 8.8.8.8
+ cut -c2-
++ local upstream=8.8.8.8
++ upstream=8.8.8.8
++ upstream=8.8.8.8
++ upstream=8.8.8.8
++ upstream=8.8.8.8
++ echo 8.8.8.8
+ sed 's/^/add sstp_black /'
+ echo -8.8.8.8
+ get_ext_ip '~' true 2001:4860:4860::8888
+ case "$2" in
+ for u in $3
+ ipset '-!' restore
++ get_upstream_ip 2001:4860:4860::8888
++ local upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ echo 2001:4860:4860::8888
+ echo '~2001:4860:4860::8888'
+ list_ext_ipv6 gfwlist.ext
+ init_ipset sstp_black6
+ grep '^~' gfwlist.ext
+ cut -c2-
++ str_find sstp_black6 6
++ [[ sstp_black6 == *\6* ]]
++ echo inet6
+ ipset create sstp_black6 hash:net family inet6
+ get_ext_blackip
+ list_ext_ipv6 -
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ grep '^~' -
+ get_ext_ip - true 8.8.8.8
+ case "$2" in
+ for u in $3
+ cut -c2-
++ get_upstream_ip 8.8.8.8
++ local upstream=8.8.8.8
++ upstream=8.8.8.8
++ upstream=8.8.8.8
++ upstream=8.8.8.8
++ upstream=8.8.8.8
++ echo 8.8.8.8
+ sed 's/^/add sstp_black6 /'
+ echo -8.8.8.8
+ get_ext_ip '~' true 2001:4860:4860::8888
+ ipset '-!' restore
+ case "$2" in
+ for u in $3
++ get_upstream_ip 2001:4860:4860::8888
++ local upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ echo 2001:4860:4860::8888
+ echo '~2001:4860:4860::8888'
+ start_proxyproc
+ eval '/usr/local/bin/mihomo -d /etc/mihomo'
++ /usr/local/bin/mihomo -d /etc/mihomo
INFO[2024-10-19T03:22:32.753176183Z] Start initial configuration in progress
INFO[2024-10-19T03:22:32.753668583Z] Geodata Loader mode: memconservative
INFO[2024-10-19T03:22:32.753761583Z] Geosite Matcher implementation: succinct
INFO[2024-10-19T03:22:32.754609083Z] Initial configuration complete, total time: 1ms
INFO[2024-10-19T03:22:32.758501483Z] RESTful API listening at: [::]:9090
INFO[2024-10-19T03:22:32.779023183Z] Sniffer is closed
INFO[2024-10-19T03:22:32.779364983Z] TProxy server listening at: 127.0.0.1:60080
INFO[2024-10-19T03:22:32.787864482Z] Start initial Compatible provider PROXY
INFO[2024-10-19T03:22:32.788002682Z] Start initial Compatible provider default

zfl9 commented 2 weeks ago

你的代理进程把脚本阻塞住了，没法执行后面的逻辑，启动dns，以及设置iptables规则等。

用systemctl封装一下吧，参考readme的clash一节

YahuiWong commented 2 weeks ago

你的代理进程把脚本阻塞住了，没法执行后面的逻辑，启动dns，以及设置iptables规则等。

我调整了代理脚本加了 & 之后restart 执行日志如下,依然是stop的

+ is_true true
+ '[' true = true ']'
+ is_global_mode
+ '[' chnroute = global ']'
+ is_gfwlist_mode
+ '[' chnroute = gfwlist ']'
+ is_chnroute_mode
+ '[' chnroute = chnroute ']'
+ file_required ignlist.ext
+ file_is_exists ignlist.ext
+ '[' -f ignlist.ext ']'
+ file_required chnlist.txt
+ file_is_exists chnlist.txt
+ '[' -f chnlist.txt ']'
+ file_required chnroute.txt
+ file_is_exists chnroute.txt
+ '[' -f chnroute.txt ']'
+ file_required chnroute6.txt
+ file_is_exists chnroute6.txt
+ '[' -f chnroute6.txt ']'
+ file_required gfwlist.txt
+ file_is_exists gfwlist.txt
+ '[' -f gfwlist.txt ']'
+ file_required gfwlist.ext
+ file_is_exists gfwlist.ext
+ '[' -f gfwlist.ext ']'
+ '[' proxy -a proxy '!=' 0 -a proxy '!=' root ']'
+ '[' proxy_dns -a proxy_dns '!=' 0 -a proxy_dns '!=' root ']'
+ '[' proxy '!=' proxy_dns ']'
+ group_is_exists proxy
+ is_uint proxy
+ '[' proxy ']'
+ '[' -z proxy ']'
+ grep -q '^proxy:' /etc/group
+ group_is_exists proxy_dns
+ is_uint proxy_dns
+ '[' proxy_dns ']'
+ '[' -z proxy_dns ']'
+ grep -q '^proxy_dns:' /etc/group
+ is_need_iproute
+ is_tcp_tproxy
+ is_true true
+ '[' true = true ']'
+ command_required ip
+ command_is_exists ip
+ type -P ip
+ command_required ipset
+ command_is_exists ipset
+ type -P ipset
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ command_required iptables
+ command_is_exists iptables
+ type -P iptables
+ is_enabled_ipv6
+ is_true false
+ '[' false = true ']'
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ set_dns_group chinadns-ng
+ set_command_group proxy_dns chinadns-ng
+ command_required chinadns-ng
+ command_is_exists chinadns-ng
+ type -P chinadns-ng
++ command_path chinadns-ng
++ type -P chinadns-ng
+ local group=proxy_dns path=/usr/local/bin/chinadns-ng
+ chgrp proxy_dns /usr/local/bin/chinadns-ng
+ chmod g+xs /usr/local/bin/chinadns-ng
+ case "$opts_ss_netstat" in
+ command_is_exists ss
+ type -P ss
+ netstat=ss
+ load_pidfile
+ ss_tproxy_is_started
+ iptables -t mangle -S SSTP_OUTPUT
+ source .ss-tproxy.pid
++ sstp_pid_chinadns=14786
+ case "${arg_list[0]}" in
+ stop
+ call_func pre_stop
+ is_func pre_stop
++ type -t pre_stop
+ '[' function = function ']'
+ pre_stop
+ return
+ delete_pidfile
+ rm -f .ss-tproxy.pid
+ flush_iptables
+ _flush_iptables iptables
+ iptables -t mangle -D PREROUTING -j SSTP_PREROUTING
+ iptables -t mangle -D OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -D PREROUTING -j SSTP_PREROUTING
+ iptables -t nat -D OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ for table in mangle nat
++ iptables -t mangle -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local 'chain_list=SSTP_OUTPUT
SSTP_PREROUTING
SSTP_RULE'
+ for chain in $chain_list
+ iptables -t mangle -F SSTP_OUTPUT
+ command iptables -w -t mangle -F SSTP_OUTPUT
+ for chain in $chain_list
+ iptables -t mangle -F SSTP_PREROUTING
+ command iptables -w -t mangle -F SSTP_PREROUTING
+ for chain in $chain_list
+ iptables -t mangle -F SSTP_RULE
+ command iptables -w -t mangle -F SSTP_RULE
+ for chain in $chain_list
+ iptables -t mangle -X SSTP_OUTPUT
+ command iptables -w -t mangle -X SSTP_OUTPUT
+ for chain in $chain_list
+ iptables -t mangle -X SSTP_PREROUTING
+ command iptables -w -t mangle -X SSTP_PREROUTING
+ for chain in $chain_list
+ iptables -t mangle -X SSTP_RULE
+ command iptables -w -t mangle -X SSTP_RULE
+ for table in mangle nat
++ iptables -t nat -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local 'chain_list=SSTP_OUTPUT
SSTP_POSTROUTING
SSTP_PREROUTING'
+ for chain in $chain_list
+ iptables -t nat -F SSTP_OUTPUT
+ command iptables -w -t nat -F SSTP_OUTPUT
+ for chain in $chain_list
+ iptables -t nat -F SSTP_POSTROUTING
+ command iptables -w -t nat -F SSTP_POSTROUTING
+ for chain in $chain_list
+ iptables -t nat -F SSTP_PREROUTING
+ command iptables -w -t nat -F SSTP_PREROUTING
+ for chain in $chain_list
+ iptables -t nat -X SSTP_OUTPUT
+ command iptables -w -t nat -X SSTP_OUTPUT
+ for chain in $chain_list
+ iptables -t nat -X SSTP_POSTROUTING
+ command iptables -w -t nat -X SSTP_POSTROUTING
+ for chain in $chain_list
+ iptables -t nat -X SSTP_PREROUTING
+ command iptables -w -t nat -X SSTP_PREROUTING
+ _flush_iptables ip6tables
+ ip6tables -t mangle -D PREROUTING -j SSTP_PREROUTING
+ ip6tables -t mangle -D OUTPUT -j SSTP_OUTPUT
+ ip6tables -t nat -D PREROUTING -j SSTP_PREROUTING
+ ip6tables -t nat -D OUTPUT -j SSTP_OUTPUT
+ ip6tables -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ for table in mangle nat
++ ip6tables -t mangle -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local chain_list=
+ for table in mangle nat
++ ip6tables -t nat -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local chain_list=
+ flush_iproute
+ _flush_iproute -4
+ ip -4 rule del table 233
+ true
+ ip -4 rule del table 233
+ ip -4 route flush table 233
+ _flush_iproute -6
+ ip -6 rule del table 233
+ ip -6 route flush table 233
+ stop_dnsserver
+ kill_by_pid 14786
+ '[' 1 -eq 0 ']'
+ for pid in "$@"
+ process_is_running 14786
+ kill -0 14786
+ local running_pids
+ (( i = 0 ))
+ (( i < 100 ))
+ running_pids=()
+ for pid in "$@"
+ process_is_running 14786
+ kill -0 14786
+ '[' 0 -eq 0 ']'
+ return
+ call_func custom_dns_stop
+ is_func custom_dns_stop
++ type -t custom_dns_stop
+ '[' function = function ']'
+ custom_dns_stop
+ return
+ stop_proxyproc
+ eval 'kill   14777'
++ kill 14777
+ flush_ipset
++ ipset -n list
WARN[2024-10-19T03:28:36.766546809Z] Mihomo shutting down
++ grep '^sstp_'
+ for setname in $(ipset -n list | grep '^sstp_')
+ ipset destroy sstp_white
+ for setname in $(ipset -n list | grep '^sstp_')
+ ipset destroy sstp_white6
+ for setname in $(ipset -n list | grep '^sstp_')
+ ipset destroy sstp_black
+ for setname in $(ipset -n list | grep '^sstp_')
+ ipset destroy sstp_black6
+ add_stoprule
+ is_proxy_other
+ is_false false
+ is_true false
+ '[' false = true ']'
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ _add_stoprule iptables
+ add_reddns_rule iptables
+ local direct_dns_ip direct_dns_ipx direct_dns_port
+ is_ipv4_ipts iptables
+ '[' iptables = iptables ']'
+ '[' -z 223.5.5.5#53 ']'
++ get_ip_from_addr 223.5.5.5#53
++ local addr=223.5.5.5#53
++ echo 223.5.5.5
+ direct_dns_ip=223.5.5.5
+ direct_dns_ipx=223.5.5.5
++ get_port_from_addr 223.5.5.5#53
++ local addr=223.5.5.5#53
++ echo 53
+ direct_dns_port=53
+ iptables -t nat -N SSTP_PREROUTING
+ iptables -t nat -N SSTP_POSTROUTING
+ iptables -t nat -A SSTP_PREROUTING -p tcp -m tcp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination 223.5.5.5:53
+ command iptables -w -t nat -A SSTP_PREROUTING -p tcp -m tcp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination 223.5.5.5:53
+ iptables -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination 223.5.5.5:53
+ command iptables -w -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL --dst-type LOCAL -j DNAT --to-destination 223.5.5.5:53
+ iptables -t nat -A SSTP_POSTROUTING -d 223.5.5.5 -p tcp -m tcp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE
+ command iptables -w -t nat -A SSTP_POSTROUTING -d 223.5.5.5 -p tcp -m tcp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE
+ iptables -t nat -A SSTP_POSTROUTING -d 223.5.5.5 -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE
+ command iptables -w -t nat -A SSTP_POSTROUTING -d 223.5.5.5 -p udp -m udp --dport 53 -m addrtype '!' --src-type LOCAL -j MASQUERADE
+ add_snat_rule iptables
+ is_ipv4_ipts iptables
+ '[' iptables = iptables ']'
+ is_false false
+ is_true false
+ '[' false = true ']'
+ return
+ add_sstp_chain iptables nat PREROUTING
+ local table=nat chain=PREROUTING
+ chain_is_exists iptables nat SSTP_PREROUTING
+ local table=nat chain=SSTP_PREROUTING
+ iptables -t nat -S SSTP_PREROUTING
+ iptables -t nat -A PREROUTING -j SSTP_PREROUTING
+ command iptables -w -t nat -A PREROUTING -j SSTP_PREROUTING
+ add_sstp_chain iptables nat POSTROUTING
+ local table=nat chain=POSTROUTING
+ chain_is_exists iptables nat SSTP_POSTROUTING
+ local table=nat chain=SSTP_POSTROUTING
+ iptables -t nat -S SSTP_POSTROUTING
+ iptables -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ command iptables -w -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ is_enabled_ipv6
+ is_true false
+ '[' false = true ']'
+ call_func post_stop
+ is_func post_stop
++ type -t post_stop
+ '[' function = function ']'
+ post_stop
+ return
+ status
++ font_bold chnroute
++ printf '\e[1mchnroute\e[0m'
+ echo -e 'mode:\t\tchnroute'
mode:           chnroute
+ _status proxy/tcp tcp_port_is_exists 60080
+ local name=proxy/tcp func=tcp_port_is_exists
+ shift 2
+ tcp_port_is_exists 60080
+ ss -lnpt
+ grep -q ':60080[[:blank:]]'
++ color_red '[stopped]'
++ printf '\e[35m[stopped]\e[0m'
+ echo -e 'proxy/tcp:\t[stopped]'
proxy/tcp:      [stopped]
+ is_enabled_udp
+ is_false false
+ is_true false
+ '[' false = true ']'
+ _status proxy/udp udp_port_is_exists 60080
+ local name=proxy/udp func=udp_port_is_exists
+ shift 2
+ udp_port_is_exists 60080
+ ss -anpu
+ grep -q ':60080[[:blank:]]'
++ color_red '[stopped]'
++ printf '\e[35m[stopped]\e[0m'
+ echo -e 'proxy/udp:\t[stopped]'
proxy/udp:      [stopped]
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ _status chinadns process_is_running 14786
+ local name=chinadns func=process_is_running
+ shift 2
+ process_is_running 14786
+ kill -0 14786
++ color_red '[stopped]'
++ printf '\e[35m[stopped]\e[0m'
+ echo -e 'chinadns:\t[stopped]'
chinadns:       [stopped]
+ call_func extra_status
+ is_func extra_status
++ type -t extra_status
+ '[' function = function ']'
+ extra_status
+ return
+ check_resolv_conf
+ ss_tproxy_is_started
+ iptables -t mangle -S SSTP_OUTPUT
+ iptables -t nat -S SSTP_OUTPUT
+ ip6tables -t mangle -S SSTP_OUTPUT
+ ip6tables -t nat -S SSTP_OUTPUT
+ ip -4 rule
+ grep -q 'lookup 233'
+ ip -6 rule
+ grep -q 'lookup 233'
+ ip -4 route show table 233
+ grep -q '^'
+ ip -6 route show table 233
+ grep -q '^'
+ return
+ echo

+ start
+ ss_tproxy_is_started
+ iptables -t mangle -S SSTP_OUTPUT
+ iptables -t nat -S SSTP_OUTPUT
+ ip6tables -t mangle -S SSTP_OUTPUT
+ ip6tables -t nat -S SSTP_OUTPUT
+ ip -4 rule
+ grep -q 'lookup 233'
+ ip -6 rule
+ grep -q 'lookup 233'
+ ip -4 route show table 233
+ grep -q '^'
+ ip -6 route show table 233
+ grep -q '^'
+ flush_iptables
+ _flush_iptables iptables
+ iptables -t mangle -D PREROUTING -j SSTP_PREROUTING
+ iptables -t mangle -D OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -D PREROUTING -j SSTP_PREROUTING
+ iptables -t nat -D OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ for table in mangle nat
++ iptables -t mangle -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local chain_list=
+ for table in mangle nat
++ iptables -t nat -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local 'chain_list=SSTP_POSTROUTING
SSTP_PREROUTING'
+ for chain in $chain_list
+ iptables -t nat -F SSTP_POSTROUTING
+ command iptables -w -t nat -F SSTP_POSTROUTING
+ for chain in $chain_list
+ iptables -t nat -F SSTP_PREROUTING
+ command iptables -w -t nat -F SSTP_PREROUTING
+ for chain in $chain_list
+ iptables -t nat -X SSTP_POSTROUTING
+ command iptables -w -t nat -X SSTP_POSTROUTING
+ for chain in $chain_list
+ iptables -t nat -X SSTP_PREROUTING
+ command iptables -w -t nat -X SSTP_PREROUTING
+ _flush_iptables ip6tables
+ ip6tables -t mangle -D PREROUTING -j SSTP_PREROUTING
+ ip6tables -t mangle -D OUTPUT -j SSTP_OUTPUT
+ ip6tables -t nat -D PREROUTING -j SSTP_PREROUTING
+ ip6tables -t nat -D OUTPUT -j SSTP_OUTPUT
+ ip6tables -t nat -D POSTROUTING -j SSTP_POSTROUTING
+ for table in mangle nat
++ ip6tables -t mangle -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local chain_list=
+ for table in mangle nat
++ ip6tables -t nat -S
++ grep '^-N SSTP_'
++ awk '{print $2}'
+ local chain_list=
+ call_func pre_start
+ is_func pre_start
++ type -t pre_start
+ '[' function = function ']'
+ pre_start
+ return
+ set_kernel_param
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ sysctl -wq net.ipv4.ip_forward=1
+ is_enabled_ipv6
+ is_true false
+ '[' false = true ']'
+ sysctl_all_iface 4 route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/all/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-0a38832e3da2/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-19f6a8dafa60/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-386daf7ab0b9/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-40f26993e811/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-6d595f781cd9/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/default/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/docker0/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/eth0/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/lo/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/veth4d38e6f/route_localnet=1
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/vethd365ce6/route_localnet=1
+ sysctl_all_iface 4 send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/all/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-0a38832e3da2/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-19f6a8dafa60/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-386daf7ab0b9/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-40f26993e811/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/br-6d595f781cd9/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/default/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/docker0/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/eth0/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/lo/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/veth4d38e6f/send_redirects=0
+ for path in /proc/sys/net/ipv$1/conf/*
+ sysctl -wq net/ipv4/conf/vethd365ce6/send_redirects=0
+ start_ipset
+ is_global_mode
+ '[' chnroute = global ']'
+ is_gfwlist_mode
+ '[' chnroute = gfwlist ']'
+ is_chnroute_mode
+ '[' chnroute = chnroute ']'
+ list_ext_ipv4 ignlist.ext
+ init_ipset sstp_white
+ grep '^-' ignlist.ext
++ str_find sstp_white 6
+ cut -c2-
++ [[ sstp_white == *\6* ]]
++ echo inet
+ ipset create sstp_white hash:net family inet
+ sed 's/^/add sstp_white /'
+ ipset '-!' restore
+ list_ext_ipv4 -
+ get_ext_whiteip
+ cut -c2-
+ grep '^-' -
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ get_ext_ip - true 223.5.5.5
+ case "$2" in
+ for u in $3
++ get_upstream_ip 223.5.5.5
++ local upstream=223.5.5.5
++ upstream=223.5.5.5
++ upstream=223.5.5.5
++ upstream=223.5.5.5
++ upstream=223.5.5.5
++ echo 223.5.5.5
+ echo -223.5.5.5
+ get_ext_ip '~' true 240C::6666
+ case "$2" in
+ for u in $3
++ get_upstream_ip 240C::6666
++ local upstream=240C::6666
++ upstream=240C::6666
++ upstream=240C::6666
++ upstream=240C::6666
++ upstream=240C::6666
++ echo 240C::6666
+ echo '~240C::6666'
+ cat chnroute.txt
+ list_ext_ipv6 ignlist.ext
+ init_ipset sstp_white6
+ grep '^~' ignlist.ext
++ str_find sstp_white6 6
++ [[ sstp_white6 == *\6* ]]
++ echo inet6
+ cut -c2-
+ ipset create sstp_white6 hash:net family inet6
+ get_ext_whiteip
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ get_ext_ip - true 223.5.5.5
+ case "$2" in
+ for u in $3
+ list_ext_ipv6 -
+ sed 's/^/add sstp_white6 /'
++ get_upstream_ip 223.5.5.5
++ local upstream=223.5.5.5
++ upstream=223.5.5.5
++ upstream=223.5.5.5
++ upstream=223.5.5.5
++ upstream=223.5.5.5
++ echo 223.5.5.5
+ ipset '-!' restore
+ echo -223.5.5.5
+ get_ext_ip '~' true 240C::6666
+ case "$2" in
+ for u in $3
+ grep '^~' -
++ get_upstream_ip 240C::6666
++ local upstream=240C::6666
++ upstream=240C::6666
++ upstream=240C::6666
++ upstream=240C::6666
++ upstream=240C::6666
++ echo 240C::6666
+ cut -c2-
+ echo '~240C::6666'
+ cat chnroute6.txt
+ list_ext_ipv4 gfwlist.ext
+ init_ipset sstp_black
+ grep '^-' gfwlist.ext
+ cut -c2-
++ str_find sstp_black 6
++ [[ sstp_black == *\6* ]]
++ echo inet
+ ipset create sstp_black hash:net family inet
+ get_ext_blackip
+ is_built_in_dns
+ list_ext_ipv4 -
+ is_false false
+ is_true false
+ '[' false = true ']'
+ get_ext_ip - true 8.8.8.8
+ case "$2" in
+ for u in $3
+ grep '^-' -
++ get_upstream_ip 8.8.8.8
++ local upstream=8.8.8.8
++ upstream=8.8.8.8
++ upstream=8.8.8.8
+ cut -c2-
++ upstream=8.8.8.8
++ upstream=8.8.8.8
++ echo 8.8.8.8
+ sed 's/^/add sstp_black /'
+ ipset '-!' restore
+ echo -8.8.8.8
+ get_ext_ip '~' true 2001:4860:4860::8888
+ case "$2" in
+ for u in $3
++ get_upstream_ip 2001:4860:4860::8888
++ local upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ echo 2001:4860:4860::8888
+ echo '~2001:4860:4860::8888'
+ list_ext_ipv6 gfwlist.ext
+ init_ipset sstp_black6
+ grep '^~' gfwlist.ext
+ cut -c2-
++ str_find sstp_black6 6
++ [[ sstp_black6 == *\6* ]]
++ echo inet6
+ ipset create sstp_black6 hash:net family inet6
+ get_ext_blackip
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ list_ext_ipv6 -
+ get_ext_ip - true 8.8.8.8
+ case "$2" in
+ for u in $3
++ get_upstream_ip 8.8.8.8
++ local upstream=8.8.8.8
+ grep '^~' -
++ upstream=8.8.8.8
++ upstream=8.8.8.8
++ upstream=8.8.8.8
++ upstream=8.8.8.8
++ echo 8.8.8.8
+ cut -c2-
+ sed 's/^/add sstp_black6 /'
+ echo -8.8.8.8
+ get_ext_ip '~' true 2001:4860:4860::8888
+ ipset '-!' restore
+ case "$2" in
+ for u in $3
++ get_upstream_ip 2001:4860:4860::8888
++ local upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ upstream=2001:4860:4860::8888
++ echo 2001:4860:4860::8888
+ echo '~2001:4860:4860::8888'
+ start_proxyproc
+ eval '/usr/local/bin/mihomo -d /etc/mihomo &'
+ start_dnsserver
++ /usr/local/bin/mihomo -d /etc/mihomo
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ start_chinadns
+ local args=
+ is_enabled_ipv6
+ is_true false
+ '[' false = true ']'
+ args+=' -b 0.0.0.0'
+ '[' '' ']'
+ args+=' -l 60053'
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
++ get_chinadns_upstream direct 223.5.5.5
++ local opt use_tcp_dns
++ '[' direct = direct ']'
++ opt=-c
++ use_tcp_dns=0
++ for upstream in $2
++ (( use_tcp_dns ))
++ echo ' -c 223.5.5.5'
+ args+=' -c 223.5.5.5'
+ is_enabled_ipv6
+ is_true false
+ '[' false = true ']'
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
++ get_chinadns_upstream remote 8.8.8.8
++ local opt use_tcp_dns
++ '[' remote = direct ']'
++ opt=-t
++ case "$dns_remote_tcp" in
++ is_enabled_udp
++ is_false false
++ is_true false
++ '[' false = true ']'
++ use_tcp_dns=0
++ for upstream in $2
++ (( use_tcp_dns ))
++ echo ' -t 8.8.8.8'
+ args+=' -t 8.8.8.8'
+ is_enabled_ipv6
+ is_true false
+ '[' false = true ']'
+ args+=' --cache 4096'
+ args+=' --cache-stale 65535'
+ args+=' --cache-refresh 20'
+ args+=' --verdict-cache 4096'
+ '[' dns-cache.db ']'
+ args+=' --cache-db dns-cache.db'
+ '[' verdict-cache.db ']'
+ args+=' --verdict-cache-db verdict-cache.db'
+ '[' '' ']'
+ is_true true
+ '[' true = true ']'
+ args+=' -v'
+ is_global_mode
+ '[' chnroute = global ']'
+ is_gfwlist_mode
+ '[' chnroute = gfwlist ']'
++ trap '' CHLD
++ echo 16302
+++ list_ext_domain ignlist.ext
+++ list_ext_domain gfwlist.ext
+++ grep '^@' ignlist.ext
+++ is_true false
+++ '[' false = true ']'
+++ cut -c2-
+++ grep '^@' gfwlist.ext
+++ cut -c2-
++ chinadns-ng -b 0.0.0.0 -l 60053 -c 223.5.5.5 -t 8.8.8.8 --cache 4096 --cache-stale 65535 --cache-refresh 20 --verdict-cache 4096 --cache-db dns-cache.db --verdict-cache-db verdict-cache.db -v -m chnlist.txt,/dev/fd/63 -g gfwlist.txt,/dev/fd/62 -a sstp_white,sstp_white6 -A sstp_black,sstp_black6 -4 sstp_white -6 sstp_white6
+ sstp_pid_chinadns=16302
+ start_iproute
+ is_need_iproute
+ is_tcp_tproxy
+ is_true true
+ '[' true = true ']'
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ _start_iproute -4
+ local family=-4
+ ip -4 route add local default dev lo table 233
+ ip rule help
+ grep -Fwq protocol
+ ip -4 rule add fwmark 0x2333 table 233 protocol static
+ is_enabled_ipv6
+ is_true false
+ '[' false = true ']'
+ start_iptables
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ _start_iptables iptables
+ start_iptables_pre iptables
+ iptables -t mangle -N SSTP_PREROUTING
+ command iptables -w -t mangle -N SSTP_PREROUTING
+ iptables -t mangle -N SSTP_OUTPUT
+ command iptables -w -t mangle -N SSTP_OUTPUT
+ iptables -t nat -N SSTP_PREROUTING
+ command iptables -w -t nat -N SSTP_PREROUTING
+ iptables -t nat -N SSTP_OUTPUT
+ command iptables -w -t nat -N SSTP_OUTPUT
+ iptables -t nat -N SSTP_POSTROUTING
+ command iptables -w -t nat -N SSTP_POSTROUTING
INFO[2024-10-19T03:28:37.49222392Z] Start initial configuration in progress
+ local loopback_addr loopback_addrx white_setname black_setname
+ init_iptables_param iptables
INFO[2024-10-19T03:28:37.49271642Z] Geodata Loader mode: memconservative
+ is_ipv4_ipts iptables
+ '[' iptables = iptables ']'
+ loopback_addr=127.0.0.1
+ loopback_addrx=127.0.0.1
+ white_setname=sstp_white
INFO[2024-10-19T03:28:37.49313372Z] Geosite Matcher implementation: succinct
+ black_setname=sstp_black
+ is_drop_quic
+ case "$ipts_drop_quic" in
+ is_enabled_udp
+ is_false false
+ is_true false
+ '[' false = true ']'
+ is_tcp_tproxy
+ is_true true
+ '[' true = true ']'
+ start_iptables_tproxy iptables
+ redir_dns_request iptables
+ iptables -t nat -A SSTP_OUTPUT -p tcp -m tcp --dport 53 --syn -m owner '!' --gid-owner proxy -m owner '!' --gid-owner proxy_dns -j REDIRECT --to-ports 60053
+ command iptables -w -t nat -A SSTP_OUTPUT -p tcp -m tcp --dport 53 --syn -m owner '!' --gid-owner proxy -m owner '!' --gid-owner proxy_dns -j REDIRECT --to-ports 60053
INFO[2024-10-19T03:28:37.49414732Z] Initial configuration complete, total time: 1ms
+ iptables -t nat -A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner '!' --gid-owner proxy -m owner '!' --gid-owner proxy_dns -j REDIRECT --to-ports 60053
+ command iptables -w -t nat -A SSTP_OUTPUT -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m owner '!' --gid-owner proxy -m owner '!' --gid-owner proxy_dns -j REDIRECT --to-ports 60053
INFO[2024-10-19T03:28:37.49662142Z] RESTful API listening at: [::]:9090
+ iptables -t nat -A SSTP_POSTROUTING -d 127.0.0.1 '!' -s 127.0.0.1 -j SNAT --to-source 127.0.0.1
+ command iptables -w -t nat -A SSTP_POSTROUTING -d 127.0.0.1 '!' -s 127.0.0.1 -j SNAT --to-source 127.0.0.1
+ is_proxy_other
+ is_false false
+ is_true false
+ '[' false = true ']'
+ iptables -t nat -A SSTP_PREROUTING -p tcp -m tcp --dport 53 --syn -m addrtype '!' --src-type LOCAL -j REDIRECT --to-ports 60053    
+ command iptables -w -t nat -A SSTP_PREROUTING -p tcp -m tcp --dport 53 --syn -m addrtype '!' --src-type LOCAL -j REDIRECT --to-ports 60053
+ is_proxy_other
+ is_false false
+ is_true false
+ '[' false = true ']'
+ iptables -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m addrtype '!' --src-type LOCAL -j REDIRECT --to-ports 60053
+ command iptables -w -t nat -A SSTP_PREROUTING -p udp -m udp --dport 53 -m conntrack --ctstate NEW -m addrtype '!' --src-type LOCAL -j REDIRECT --to-ports 60053
+ do_proxy_tproxy iptables
++ is_tcp_tproxy
++ is_true true
++ '[' true = true ']'
++ echo 1
+ local tcp=1
++ is_enabled_udp
++ is_false false
++ is_true false
++ '[' false = true ']'
++ echo 1
+ local udp=1
+ create_sstp_rule iptables tproxy
+ local table action
+ '[' tproxy = tproxy ']'
+ table=mangle
+ action='-j CONNMARK --set-mark 0x2333'
+ iptables -t mangle -N SSTP_RULE
+ command iptables -w -t mangle -N SSTP_RULE
+ is_global_mode
+ '[' chnroute = global ']'
+ is_gfwlist_mode
+ '[' chnroute = gfwlist ']'
+ is_chnroute_mode
+ '[' chnroute = chnroute ']'
+ iptables -t mangle -A SSTP_RULE -m set --match-set sstp_white dst -m set '!' --match-set sstp_black dst -j RETURN
+ command iptables -w -t mangle -A SSTP_RULE -m set --match-set sstp_white dst -m set '!' --match-set sstp_black dst -j RETURN       
+ iptables -t mangle -A SSTP_RULE -j CONNMARK --set-mark 0x2333
INFO[2024-10-19T03:28:37.51255602Z] Sniffer is closed
+ command iptables -w -t mangle -A SSTP_RULE -j CONNMARK --set-mark 0x2333
INFO[2024-10-19T03:28:37.51294432Z] TProxy server listening at: 127.0.0.1:60080
INFO[2024-10-19T03:28:37.52206892Z] Start initial Compatible provider PROXY
INFO[2024-10-19T03:28:37.52226552Z] Start initial Compatible provider default
Warning: Extension CONNMARK revision 0 not supported, missing kernel module?
iptables v1.8.9 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain SSTP_RULE
+ iptables -t mangle -A SSTP_OUTPUT -m addrtype --dst-type LOCAL -j RETURN
+ command iptables -w -t mangle -A SSTP_OUTPUT -m addrtype --dst-type LOCAL -j RETURN
+ iptables -t mangle -A SSTP_OUTPUT -m conntrack --ctdir REPLY -j RETURN
+ command iptables -w -t mangle -A SSTP_OUTPUT -m conntrack --ctdir REPLY -j RETURN
+ iptables -t mangle -A SSTP_OUTPUT -m owner --gid-owner proxy -j RETURN
+ command iptables -w -t mangle -A SSTP_OUTPUT -m owner --gid-owner proxy -j RETURN
+ (( tcp ))
+ iptables -t mangle -A SSTP_OUTPUT -p tcp -m tcp --dport 53 -m owner '!' --gid-owner proxy_dns -j RETURN
+ command iptables -w -t mangle -A SSTP_OUTPUT -p tcp -m tcp --dport 53 -m owner '!' --gid-owner proxy_dns -j RETURN
+ (( udp ))
+ iptables -t mangle -A SSTP_OUTPUT -p udp -m udp --dport 53 -m owner '!' --gid-owner proxy_dns -j RETURN
+ command iptables -w -t mangle -A SSTP_OUTPUT -p udp -m udp --dport 53 -m owner '!' --gid-owner proxy_dns -j RETURN
+ (( tcp ))
++ get_dst_port_match
++ '[' '' ']'
+ iptables -t mangle -A SSTP_OUTPUT -p tcp -m tcp --syn -j SSTP_RULE
+ command iptables -w -t mangle -A SSTP_OUTPUT -p tcp -m tcp --syn -j SSTP_RULE
+ (( udp ))
++ get_dst_port_match
++ '[' '' ']'
+ iptables -t mangle -A SSTP_OUTPUT -p udp -m conntrack --ctstate NEW,RELATED -j SSTP_RULE
+ command iptables -w -t mangle -A SSTP_OUTPUT -p udp -m conntrack --ctstate NEW,RELATED -j SSTP_RULE
+ iptables -t mangle -A SSTP_OUTPUT -m connmark --mark 0x2333 -j MARK --set-mark 0x2333
+ command iptables -w -t mangle -A SSTP_OUTPUT -m connmark --mark 0x2333 -j MARK --set-mark 0x2333
Warning: Extension connmark revision 0 not supported, missing kernel module?
iptables v1.8.9 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain SSTP_OUTPUT
+ iptables -t mangle -A SSTP_PREROUTING -m addrtype --dst-type LOCAL -j RETURN
+ command iptables -w -t mangle -A SSTP_PREROUTING -m addrtype --dst-type LOCAL -j RETURN
+ iptables -t mangle -A SSTP_PREROUTING -m conntrack --ctdir REPLY -j RETURN
+ command iptables -w -t mangle -A SSTP_PREROUTING -m conntrack --ctdir REPLY -j RETURN
+ is_proxy_other
+ is_false false
+ is_true false
+ '[' false = true ']'
+ (( tcp ))
++ get_dst_port_match
++ '[' '' ']'
+ iptables -t mangle -A SSTP_PREROUTING -p tcp -m tcp --syn '!' --dport 53 -m addrtype '!' --src-type LOCAL -j SSTP_RULE
+ command iptables -w -t mangle -A SSTP_PREROUTING -p tcp -m tcp --syn '!' --dport 53 -m addrtype '!' --src-type LOCAL -j SSTP_RULE  
+ (( udp ))
++ get_dst_port_match
++ '[' '' ']'
+ iptables -t mangle -A SSTP_PREROUTING -p udp -m udp '!' --dport 53 -m conntrack --ctstate NEW,RELATED -m addrtype '!' --src-type LOCAL -j SSTP_RULE
+ command iptables -w -t mangle -A SSTP_PREROUTING -p udp -m udp '!' --dport 53 -m conntrack --ctstate NEW,RELATED -m addrtype '!' --src-type LOCAL -j SSTP_RULE
+ (( tcp ))
+ iptables -t mangle -A SSTP_PREROUTING -p tcp -m connmark --mark 0x2333 -j TPROXY --on-ip 127.0.0.1 --on-port 60080 --tproxy-mark 0x2333
+ command iptables -w -t mangle -A SSTP_PREROUTING -p tcp -m connmark --mark 0x2333 -j TPROXY --on-ip 127.0.0.1 --on-port 60080 --tproxy-mark 0x2333
Warning: Extension connmark revision 0 not supported, missing kernel module?
Warning: Extension TPROXY revision 0 not supported, missing kernel module?
iptables v1.8.9 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain SSTP_PREROUTING
+ (( udp ))
+ iptables -t mangle -A SSTP_PREROUTING -p udp -m connmark --mark 0x2333 -j TPROXY --on-ip 127.0.0.1 --on-port 60080 --tproxy-mark 0x2333
+ command iptables -w -t mangle -A SSTP_PREROUTING -p udp -m connmark --mark 0x2333 -j TPROXY --on-ip 127.0.0.1 --on-port 60080 --tproxy-mark 0x2333
Warning: Extension connmark revision 0 not supported, missing kernel module?
Warning: Extension TPROXY revision 0 not supported, missing kernel module?
iptables v1.8.9 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain SSTP_PREROUTING
+ is_proxy_other
+ is_false false
+ is_true false
+ '[' false = true ']'
+ add_snat_rule iptables
+ is_ipv4_ipts iptables
+ '[' iptables = iptables ']'
+ is_false false
+ is_true false
+ '[' false = true ']'
+ return
+ start_iptables_post iptables
+ iptables -t mangle -A PREROUTING -j SSTP_PREROUTING
+ command iptables -w -t mangle -A PREROUTING -j SSTP_PREROUTING
+ iptables -t mangle -A OUTPUT -j SSTP_OUTPUT
+ command iptables -w -t mangle -A OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -A PREROUTING -j SSTP_PREROUTING
+ command iptables -w -t nat -A PREROUTING -j SSTP_PREROUTING
+ iptables -t nat -A OUTPUT -j SSTP_OUTPUT
+ command iptables -w -t nat -A OUTPUT -j SSTP_OUTPUT
+ iptables -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ command iptables -w -t nat -A POSTROUTING -j SSTP_POSTROUTING
+ is_enabled_ipv6
+ is_true false
+ '[' false = true ']'
+ call_func post_start
+ is_func post_start
++ type -t post_start
+ '[' function = function ']'
+ post_start
+ return
+ save_pidfile
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ echo sstp_pid_chinadns=16302
+ call_func extra_pid
+ is_func extra_pid
++ type -t extra_pid
+ '[' function = function ']'
+ extra_pid
+ return
+ delete_unused_chain
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ _delete_unused_chain iptables
+ list=('mangle' 'PREROUTING' 'mangle' 'OUTPUT' 'nat' 'PREROUTING' 'nat' 'OUTPUT' 'nat' 'POSTROUTING')
+ local list
+ (( i = 0 ))
+ (( i < 10 ))
+ local table=mangle chain=PREROUTING
+ chain_is_empty iptables mangle SSTP_PREROUTING
+ local table=mangle chain=SSTP_PREROUTING
++ iptables -t mangle -S SSTP_PREROUTING
++ command iptables -w -t mangle -S SSTP_PREROUTING
++ wc -l
# Warning: iptables-legacy tables present, use iptables-legacy to see them
+ '[' 5 -le 1 ']'
+ (( i += 2 ))
+ (( i < 10 ))
+ local table=mangle chain=OUTPUT
+ chain_is_empty iptables mangle SSTP_OUTPUT
+ local table=mangle chain=SSTP_OUTPUT
++ wc -l
++ iptables -t mangle -S SSTP_OUTPUT
++ command iptables -w -t mangle -S SSTP_OUTPUT
# Warning: iptables-legacy tables present, use iptables-legacy to see them
+ '[' 8 -le 1 ']'
+ (( i += 2 ))
+ (( i < 10 ))
+ local table=nat chain=PREROUTING
+ chain_is_empty iptables nat SSTP_PREROUTING
+ local table=nat chain=SSTP_PREROUTING
++ iptables -t nat -S SSTP_PREROUTING
++ command iptables -w -t nat -S SSTP_PREROUTING
++ wc -l
# Warning: iptables-legacy tables present, use iptables-legacy to see them
+ '[' 3 -le 1 ']'
+ (( i += 2 ))
+ (( i < 10 ))
+ local table=nat chain=OUTPUT
+ chain_is_empty iptables nat SSTP_OUTPUT
+ local table=nat chain=SSTP_OUTPUT
++ iptables -t nat -S SSTP_OUTPUT
++ command iptables -w -t nat -S SSTP_OUTPUT
++ wc -l
# Warning: iptables-legacy tables present, use iptables-legacy to see them
+ '[' 3 -le 1 ']'
+ (( i += 2 ))
+ (( i < 10 ))
+ local table=nat chain=POSTROUTING
+ chain_is_empty iptables nat SSTP_POSTROUTING
+ local table=nat chain=SSTP_POSTROUTING
++ iptables -t nat -S SSTP_POSTROUTING
++ command iptables -w -t nat -S SSTP_POSTROUTING
++ wc -l
# Warning: iptables-legacy tables present, use iptables-legacy to see them
+ '[' 2 -le 1 ']'
+ (( i += 2 ))
+ (( i < 10 ))
+ is_enabled_ipv6
+ is_true false
+ '[' false = true ']'
+ status
++ font_bold chnroute
++ printf '\e[1mchnroute\e[0m'
+ echo -e 'mode:\t\tchnroute'
mode:           chnroute
+ _status proxy/tcp tcp_port_is_exists 60080
+ local name=proxy/tcp func=tcp_port_is_exists
+ shift 2
+ tcp_port_is_exists 60080
+ ss -lnpt
+ grep -q ':60080[[:blank:]]'
++ color_green '[running]'
++ printf '\e[32m[running]\e[0m'
+ echo -e 'proxy/tcp:\t[running]'
proxy/tcp:      [running]
+ is_enabled_udp
+ is_false false
+ is_true false
+ '[' false = true ']'
+ _status proxy/udp udp_port_is_exists 60080
+ local name=proxy/udp func=udp_port_is_exists
+ shift 2
+ udp_port_is_exists 60080
+ ss -anpu
+ grep -q ':60080[[:blank:]]'
++ color_green '[running]'
++ printf '\e[32m[running]\e[0m'
+ echo -e 'proxy/udp:\t[running]'
proxy/udp:      [running]
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ _status chinadns process_is_running 16302
+ local name=chinadns func=process_is_running
+ shift 2
+ process_is_running 16302
+ kill -0 16302
++ color_red '[stopped]'
++ printf '\e[35m[stopped]\e[0m'
+ echo -e 'chinadns:\t[stopped]'
chinadns:       [stopped]
+ call_func extra_status
+ is_func extra_status
++ type -t extra_status
+ '[' function = function ']'
+ extra_status
+ return
+ check_resolv_conf
+ ss_tproxy_is_started
+ iptables -t mangle -S SSTP_OUTPUT
++ awk 'BEGIN {ORS=" "} $1 == "nameserver" && $2 ~ /\./ {print "`" $2 "`"}' /etc/resolv.conf
+ local 'ipv4_dns=`10.255.255.254` '
++ awk 'BEGIN {ORS=" "} $1 == "nameserver" && $2 ~ /:/ {print "`" $2 "`"}' /etc/resolv.conf
+ local ipv6_dns=
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ is_enabled_ipv6
+ is_true false
+ '[' false = true ']'
+ '[' '' ']'
+ return 0

zfl9 commented 2 weeks ago

看chinadns日志文件，另外sudo ss-tproxy status看状态。

chinadns-ng 并不依赖 TPROXY 模块，具体问题要看 log 才知道什么情况。

zfl9 commented 2 weeks ago

看调试输出，iptables缺少一些模块啊，先把报错解决下吧。用不用docker都没什么区别，只是namespace隔离而已。

YahuiWong commented 2 weeks ago

看调试输出，iptables缺少一些模块啊，先把报错解决下吧。用不用docker都没什么区别，只是namespace隔离而已。

是因为debian12的原因嘛，没有看出来是缺少什么模块 https://github.com/zfl9/ss-tproxy/issues/242

YahuiWong commented 2 weeks ago

cat /var/log/chinadns.log 是一个空文件，没有内容

ss-tproxy status -x的信息如下；

root@f0c0845a33d3:/var/log# ss-tproxy state -x
+ (( ++i ))
+ (( i < 2 ))
+ '[' 1 -eq 0 ']'
+ '[' /etc/ss-tproxy ']'
+ '[' ss-tproxy.conf ']'
+ cd -- /etc/ss-tproxy
+ load_config
+ file_required ss-tproxy.conf
+ file_is_exists ss-tproxy.conf
+ '[' -f ss-tproxy.conf ']'
+ source ss-tproxy.conf state
++ mode=chnroute
++ ipv4=true
++ ipv6=false
++ tproxy=true
++ tcponly=false
++ selfonly=false
++ proxy_procgroup=proxy
++ proxy_tcpport=60080
++ proxy_udpport=60080
++ proxy_startcmd='/usr/local/bin/mihomo -d /etc/mihomo &'
++ proxy_stopcmd='kill   $(ps -ef | grep mihomo | grep -v grep | awk '\''{print $2}'\'' | sort -nur | head -n 1 )'
++ dns_custom=false
++ dns_procgroup=proxy_dns
++ dns_mainport=60053
++ dns_direct=223.5.5.5
++ dns_direct6=240C::6666
++ dns_direct_white=true
++ dns_direct6_white=true
++ dns_remote_tcp=tcponly
++ dns_remote=8.8.8.8
++ dns_remote6=2001:4860:4860::8888
++ dns_remote_black=true
++ dns_remote6_black=true
++ chinadns_bind_port=
++ chinadns_cache_size=4096
++ chinadns_cache_stale=65535
++ chinadns_cache_refresh=20
++ chinadns_cache_db=dns-cache.db
++ chinadns_verdict_cache=4096
++ chinadns_verdict_db=verdict-cache.db
++ chinadns_chnlist_first=false
++ chinadns_config_files=
++ chinadns_extra_options=
++ chinadns_verbose=true
++ chinadns_logfile=/var/log/chinadns.log
++ ipts_if_lo=lo
++ ipts_rt_tab=233
++ ipts_rt_mark=0x2333
++ ipts_set_snat=false
++ ipts_set_snat6=false
++ ipts_reddns_onstop=223.5.5.5#53
++ ipts_reddns6_onstop=240C::6666#53
++ ipts_proxy_dst_port=
++ ipts_drop_quic=tcponly
++ opts_ss_netstat=auto
++ url_gfwlist=https://raw.githubusercontent.com/pexcn/daily/gh-pages/gfwlist/gfwlist.txt
++ url_chnlist=https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf
++ url_chnroute=https://ftp.apnic.net/stats/apnic/delegated-apnic-latest
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ is_global_mode
+ '[' chnroute = global ']'
+ is_gfwlist_mode
+ '[' chnroute = gfwlist ']'
+ is_chnroute_mode
+ '[' chnroute = chnroute ']'
+ file_required ignlist.ext
+ file_is_exists ignlist.ext
+ '[' -f ignlist.ext ']'
+ file_required chnlist.txt
+ file_is_exists chnlist.txt
+ '[' -f chnlist.txt ']'
+ file_required chnroute.txt
+ file_is_exists chnroute.txt
+ '[' -f chnroute.txt ']'
+ file_required chnroute6.txt
+ file_is_exists chnroute6.txt
+ '[' -f chnroute6.txt ']'
+ file_required gfwlist.txt
+ file_is_exists gfwlist.txt
+ '[' -f gfwlist.txt ']'
+ file_required gfwlist.ext
+ file_is_exists gfwlist.ext
+ '[' -f gfwlist.ext ']'
+ '[' proxy -a proxy '!=' 0 -a proxy '!=' root ']'
+ '[' proxy_dns -a proxy_dns '!=' 0 -a proxy_dns '!=' root ']'
+ '[' proxy '!=' proxy_dns ']'
+ group_is_exists proxy
+ is_uint proxy
+ '[' proxy ']'
+ '[' -z proxy ']'
+ grep -q '^proxy:' /etc/group
+ group_is_exists proxy_dns
+ is_uint proxy_dns
+ '[' proxy_dns ']'
+ '[' -z proxy_dns ']'
+ grep -q '^proxy_dns:' /etc/group
+ is_need_iproute
+ is_tcp_tproxy
+ is_true true
+ '[' true = true ']'
+ command_required ip
+ command_is_exists ip
+ type -P ip
+ command_required ipset
+ command_is_exists ipset
+ type -P ipset
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ command_required iptables
+ command_is_exists iptables
+ type -P iptables
+ is_enabled_ipv6
+ is_true false
+ '[' false = true ']'
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ set_dns_group chinadns-ng
+ set_command_group proxy_dns chinadns-ng
+ command_required chinadns-ng
+ command_is_exists chinadns-ng
+ type -P chinadns-ng
++ command_path chinadns-ng
++ type -P chinadns-ng
+ local group=proxy_dns path=/usr/local/bin/chinadns-ng
+ chgrp proxy_dns /usr/local/bin/chinadns-ng
+ chmod g+xs /usr/local/bin/chinadns-ng
+ case "$opts_ss_netstat" in
+ command_is_exists ss
+ type -P ss
+ netstat=ss
+ load_pidfile
+ ss_tproxy_is_started
+ iptables -t mangle -S SSTP_OUTPUT
+ source .ss-tproxy.pid
++ sstp_pid_chinadns=204
+ case "${arg_list[0]}" in
+ status
++ font_bold chnroute
++ printf '\e[1mchnroute\e[0m'
+ echo -e 'mode:\t\tchnroute'
mode:           chnroute
+ _status proxy/tcp tcp_port_is_exists 60080
+ local name=proxy/tcp func=tcp_port_is_exists
+ shift 2
+ tcp_port_is_exists 60080
+ ss -lnpt
+ grep -q ':60080[[:blank:]]'
++ color_green '[running]'
++ printf '\e[32m[running]\e[0m'
+ echo -e 'proxy/tcp:\t[running]'
proxy/tcp:      [running]
+ is_enabled_udp
+ is_false false
+ is_true false
+ '[' false = true ']'
+ _status proxy/udp udp_port_is_exists 60080
+ local name=proxy/udp func=udp_port_is_exists
+ shift 2
+ udp_port_is_exists 60080
+ grep -q ':60080[[:blank:]]'
+ ss -anpu
++ color_green '[running]'
++ printf '\e[32m[running]\e[0m'
+ echo -e 'proxy/udp:\t[running]'
proxy/udp:      [running]
+ is_built_in_dns
+ is_false false
+ is_true false
+ '[' false = true ']'
+ _status chinadns process_is_running 204
+ local name=chinadns func=process_is_running
+ shift 2
+ process_is_running 204
+ kill -0 204
++ color_red '[stopped]'
++ printf '\e[35m[stopped]\e[0m'
+ echo -e 'chinadns:\t[stopped]'
chinadns:       [stopped]
+ call_func extra_status
+ is_func extra_status
++ type -t extra_status
+ '[' function = function ']'
+ extra_status
+ return
+ check_resolv_conf
+ ss_tproxy_is_started
+ iptables -t mangle -S SSTP_OUTPUT
++ awk 'BEGIN {ORS=" "} $1 == "nameserver" && $2 ~ /\./ {print "`" $2 "`"}' /etc/resolv.conf
+ local 'ipv4_dns=`127.0.0.11` '
++ awk 'BEGIN {ORS=" "} $1 == "nameserver" && $2 ~ /:/ {print "`" $2 "`"}' /etc/resolv.conf
+ local ipv6_dns=
+ is_enabled_ipv4
+ is_true true
+ '[' true = true ']'
+ is_enabled_ipv6
+ is_true false
+ '[' false = true ']'
+ '[' '' ']'
+ return 0

YahuiWong commented 2 weeks ago

ip 访问可以通，但是域名访问是不通的 dns没有生效

zfl9 commented 2 weeks ago

你改下log文件位置呗，灵活一点，也许这个目录无法写入，没权限

你先正常restart别带-x，看看什么输出，发出来

YahuiWong commented 2 weeks ago

你改下log文件位置呗，灵活一点，也许这个目录无法写入，没权限

你先正常restart别带-x，看看什么输出，发出来
ss-tproxy restart 
mode:           chnroute
proxy/tcp:      [stopped]
proxy/udp:      [stopped]
chinadns:       [stopped]

mode: chnroute proxy/tcp: [running] proxy/udp: [running] chinadns: [stopped]


执行  ps -ef               如下

UID PID PPID C STIME TTY TIME CMD root 1 0 0 06:13 ? 00:00:00 bash /startup.sh root 164 0 0 06:13 pts/0 00:00:00 bash root 8840 1 0 06:22 pts/0 00:00:00 /usr/local/bin/mihomo -d /etc/mihomo root 9470 1 0 06:22 ? 00:00:00 sleep 2 root 9471 164 0 06:22 pts/0 00:00:00 ps -ef

zfl9 commented 2 weeks ago

你下载的chinadns-ng不对，先确保在终端能执行chinadns-ng(不带任何参数)，有正常输出。

zfl9 commented 2 weeks ago

怕不是下载的x86_64_v4了

我真有点怀疑releases的说明文字到底有没有人看过。。。

YahuiWong commented 2 weeks ago

怕不是下载的x86_64_v4了

我真有点怀疑releases的说明文字到底有没有人看过。。。

是呀，就是这个，正要问是不是这个版本的原因，有什么差别呢?

YahuiWong commented 2 weeks ago

换成 @x86_64 之后是running状态了

zfl9 commented 2 weeks ago

release页面有说明，自己看链接，google了解吧，网上能轻易获得的信息没必要重复一遍，要学会自己检索知识，有提问的功夫，为什么不动动手指搜一下呢。

我只提一句，看自己的cpu最高支持到x86_64的v几微架构级别。如果嫌麻烦，就无脑选v1。

YahuiWong commented 2 weeks ago

的确是微架构级别下载错了，受教了

zfl9 / ss-tproxy

chinadns-ng版本下错了 #286