-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] openwrt tun mixed stack unable to hijack dns #1258
Comments
What to check? ip a | grep utun
8: utun: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 9000 qdisc pfifo_fast state UNKNOWN group default qlen 500
inet 198.18.0.1/30 brd 198.18.0.3 scope global utun EDIT: ~# curl -vv google.com
* Could not resolve host: google.com
* Closing connection
curl: (6) Could not resolve host: google.com
~# curl -vv google.com --interface utun
* Host google.com:80 was resolved.
* IPv6: (none)
* IPv4: 172.253.118.102, 172.253.118.100, 172.253.118.139, 172.253.118.101, 172.253.118.113, 172.253.118.138
* Trying 172.253.118.102:80...
* socket successfully bound to interface 'utun'
* Connected to google.com (172.253.118.102) port 80
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 302 Found
< Location: http://www.google.com/sorry/index?continue=http://google.com/&q=EgRoHJqWGJ-zkLIGIinItgvMhX6eUMNNkBxIvu0DGEWQCCysuUzXEOIh05okgGz6L9y5635oEDIBcloBQw
< Date: Wed, 15 May 2024 02:10:39 GMT
< Pragma: no-cache
< Expires: Fri, 01 Jan 1990 00:00:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Content-Type: text/html; charset=UTF-8
< Server: HTTP server (unknown)
< Content-Length: 347
< X-XSS-Protection: 0
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.com/sorry/index?continue=http://google.com/&q=EgRoHJqWGJ-zkLIGIinItgvMhX6eUMNNkBxIvu0DGEWQCCysuUzXEOIh05okgGz6L9y5635oEDIBcloBQw">here</A>.
</BODY></HTML>
* Connection #0 to host google.com left intact |
@lux5am Check the resolv.conf file to ensure it does not contain private addresses, as private addresses cannot be hijacked. |
@xishang0128 I tried with kdig @8.8.8.8 or any random server it also timeout. But sometimes it works. Which is strange. Switched to gvisor everything is fine. The same with system. The problem only when using mixed stack. Turned off mihomo also no problem. My ISP actually hijack all DNS request at UDP:53 for censorship. So I use mihomo with fallback to doh. So plain UDP with non censored domain should be fast. When using doh it should also responded in less than 1sec. So timeout should not be there. It seems mihomo do hijack the DNS request but failed to response DNS request properly or something in between when using mixed stack. I remember the problem occured only a few months ago. So I switched to gvisor. I reported to sing-box project since it's more appropriate to report sing problem in there, and it's closed immedietly without explanation as usual. I enabled debug log and there's nothing about DNS in the log when using mixed stack. Switched to gvisor it immediately flooded with DNS hijack log. |
Verify steps
Operating System
Linux
System Version
Openwrt 23.05.3
Mihomo Version
Mihomo Meta alpha-619f341 linux arm64 with go1.22.2 Sat May 11 16:12:32 UTC 2024
Use tags: with_gvisor
Configuration File
Description
When using tun mixed stack local traffic didn't appear in connection log. It seems there's no local traffic routed to mihomo tun. Checked with
curl https://ip.sb/ip
it's indeed not enter mihomo.Changed to system or gvisor there's no problem. It able to route local traffic normally.
I also tried sing-box. it has the same issue. I suspected it's something to do with sing library. I opened the issue few weeks ago in sing project it's immediately closed without reply as expected.
EDIT:
I checked again. It does route local traffic but the DNS request. So local service unable to resolve host.
Reproduction Steps
Enable tun with mixed stack.
Try to use internet within the router with ssh. Eg
curl https://ip.sb/ip -A Mozilla
Observe
Logs
No response
The text was updated successfully, but these errors were encountered: