Comments (4)
It works fine on my device. I suggest checking if it's an issue with the local device/system.
from mihomo.
It works fine on my device. I suggest checking if it's an issue with the local device/system.
What to check?
I tried openclash it works but it use manual route and some services don't get routed like local dns and other net service.
ip a | grep utun
8: utun: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 9000 qdisc pfifo_fast state UNKNOWN group default qlen 500
inet 198.18.0.1/30 brd 198.18.0.3 scope global utun
EDIT:
I checked again. Apparently it does routed the traffic but failed to hijack DNS request.
Openclash actually replace dnsmasq forward DNS to mihomo :7874 so it works. But curl seems to not use dnsmasq (127.0.0.1:53). So it failed.
dig with random DNS server also always timed out. With system/gvisor dig is fine.
~# curl -vv google.com
* Could not resolve host: google.com
* Closing connection
curl: (6) Could not resolve host: google.com
~# curl -vv google.com --interface utun
* Host google.com:80 was resolved.
* IPv6: (none)
* IPv4: 172.253.118.102, 172.253.118.100, 172.253.118.139, 172.253.118.101, 172.253.118.113, 172.253.118.138
* Trying 172.253.118.102:80...
* socket successfully bound to interface 'utun'
* Connected to google.com (172.253.118.102) port 80
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 302 Found
< Location: http://www.google.com/sorry/index?continue=http://google.com/&q=EgRoHJqWGJ-zkLIGIinItgvMhX6eUMNNkBxIvu0DGEWQCCysuUzXEOIh05okgGz6L9y5635oEDIBcloBQw
< Date: Wed, 15 May 2024 02:10:39 GMT
< Pragma: no-cache
< Expires: Fri, 01 Jan 1990 00:00:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Content-Type: text/html; charset=UTF-8
< Server: HTTP server (unknown)
< Content-Length: 347
< X-XSS-Protection: 0
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.com/sorry/index?continue=http://google.com/&q=EgRoHJqWGJ-zkLIGIinItgvMhX6eUMNNkBxIvu0DGEWQCCysuUzXEOIh05okgGz6L9y5635oEDIBcloBQw">here</A>.
</BODY></HTML>
* Connection #0 to host google.com left intact
from mihomo.
@lux5am Check the resolv.conf file to ensure it does not contain private addresses, as private addresses cannot be hijacked.
from mihomo.
@xishang0128
I always checked ignore resolv file in DHCP setting tho since it's connected to my isp router/modem and provide DHCP with its own DNS (192.168.0.1) so indeed it can't be hijacked.
I tried with kdig @8.8.8.8 or any random server it also timeout. But sometimes it works. Which is strange.
Switched to gvisor everything is fine.
The same with system. The problem only when using mixed stack.
Turned off mihomo also no problem. My ISP actually hijack all DNS request at UDP:53 for censorship. So I use mihomo with fallback to doh.
So plain UDP with non censored domain should be fast. When using doh it should also responded in less than 1sec. So timeout should not be there.
It seems mihomo do hijack the DNS request but failed to response DNS request properly or something in between when using mixed stack.
I remember the problem occured only a few months ago. So I switched to gvisor. I reported to sing-box project since it's more appropriate to report sing problem in there, and it's closed immedietly without explanation as usual.
I suspected there's some changes in sing-tun or related library that mihomo uses. Since sing-box also suffer the same issue.
I enabled debug log and there's nothing about DNS in the log when using mixed stack. Switched to gvisor it immediately flooded with DNS hijack log.
from mihomo.
Related Issues (20)
- [Bug] rules中自定义的 DOMAIN-SUFFIX 规则不生效 HOT 4
- [Bug] v1.18.4 开始,proxy-provider 中包含 vmess://xxxxxxx 节点会导致内核退出 HOT 3
- [Bug] Android 版本 mihomo 内核无法建立对外连接:`operation not permitted` HOT 3
- [Feature] Proxy-provider 中的节点使用 URI 格式时,如何确认 mihomo 已正确识别到所有参数? HOT 4
- [Bug] 订阅链接IPV6地址重复套中括号[] HOT 1
- [Bug] ipv6通过redirect/tproxy代理,使用dnslookup时,日志只记录ipv4 DNS请求的连接,没有ipv6 DNS的连接 HOT 20
- [Bug] 直接使用内核进行redirect/tproxy透明代理,无法直连访问网站,报错 error: reject loopback connection HOT 6
- [Feature] 改进域名匹配 HOT 8
- tun模式下,不同网段的地址无法代理?
- [已解决] 小米路由Tun下内核无法使用更新本地搭建的链接作为代理集 HOT 4
- [Bug] IPv6流量会走不支持IPv6的proxy,即使proxy已配置了ip-version: ipv4 HOT 10
- [Bug] clash meta for Android 应用包列表不能检测小米系统自带的app HOT 3
- [Feature] 在策略组中提供主备切换类型 HOT 3
- SSID Strategy HOT 4
- [Feature] 对CNAME记录使用代理 HOT 2
- [Bug] Incorrect & Inconsistent IN-USER behaviour
- [Feature] Parental control feature, I wrote two new rule type for Parental control, could you please add them?
- [Bug] About dns configuration of dhcp type under windows HOT 2
- [Bug] HOT 1
- [Bug] 废弃的链接不会杀死,一直保留在进程中 HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mihomo.