sing-box icon indicating copy to clipboard operation
sing-box copied to clipboard

Published 20 hours ago verified publisher icon SagerNet

Wrong behaviour of UDP NAT

Open 1715173329 opened this issue 3 years ago • 3 comments

Welcome

  • [X] Yes, I'm using the latest major release. Only such installations are supported.
  • [X] Yes, I've searched similar issues on GitHub and didn't find any.
  • [X] Yes, I've included all information below (version, config, etc).

Description of the problem

UDP Connections routing to direct-out were blocked when endpoint_independent_nat was enabled. Tested via NatTypeTester v5.0.

Logs:

Commit: f13ecbd9bbf9e3dbdce25b3a86aa138006f3b697: https://paste.debian.net/plainh/2f4d0603

Commit: e4cece6095610964f22afe0ce9cfe1bcb355f661 (git HEAD): https://paste.debian.net/plainh/9cf3e758 It crashes immediately with Out of Memory error when there's new UDP connection. But works fine if endpoint_independent_nat is disabled.

Version of sing-box

$ sing-box version
sing-box 0.1.0 (go1.18.4, linux, arm64, CGO disabled)

Server and client configuration file

{
  "dns": {
    "servers": [
      {
        "tag": "google",
        "address": "tls://8.8.8.8"
      },
      {
        "tag": "local",
        "address": "223.5.5.5",
        "detour": "direct"
      }
    ],
    "rules": [
      {
        "domain": "mydomain.com",
        "geosite": "cn",
        "server": "local"
      }
    ],
    "strategy": "ipv4_only"
  },
  "inbounds": [
    {
      "type": "tun",
      "interface_name": "emortal-singbox",
      "inet4_address": "172.19.0.1/30",
      "auto_route": true,
      "sniff": true,
      "endpoint_independent_nat": true
    }
  ],
  "outbounds": [
    {
      "type": "shadowsocks",
      "tag": "proxy",
      "server": "-",
      "server_port": 0,
      "method": "aes-128-gcm",
      "password": "-"
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "block",
      "tag": "block"
    },
    {
      "type": "dns",
      "tag": "dns-out"
    }
  ],
  "route": {
   "geoip": {
      "path": "/etc/homeproxy/resources/geoip.db",
      "download_url": "https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db",
      "download_detour": "proxy"
    },
    "geosite": {
      "path": "/etc/homeproxy/resources/geosite.db",
      "download_url": "https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db",
      "download_detour": "proxy"
    },
    "rules": [
      {
        "protocol": "dns",
        "outbound": "dns-out"
      },
      {
        "geosite": "category-ads-all",
        "outbound": "block"
      },
      {
        "geosite": "cn",
        "geoip": "cn",
        "outbound": "direct"
      }
    ],
    "auto_detect_interface": true
  }
}

1715173329 avatar Aug 20 '22 17:08 1715173329

Try 7613b8dbfebf160ae1576a650e10450be575d9e7

nekohasekai avatar Aug 21 '22 03:08 nekohasekai

Works now, thank you!

1715173329 avatar Aug 21 '22 15:08 1715173329

Still doesn't look alright. NAT filter remains Address and port dependent.

1715173329 avatar Aug 21 '22 17:08 1715173329

done.

1715173329 avatar Aug 22 '22 21:08 1715173329