使用direct入站监听53端口时 无法连接任意目标53端口

[YUeH885]

操作系统

Linux

系统版本

openSUSE Tumbleweed 20241030

安装类型

sing-box 原始命令行程序

如果您使用图形客户端程序，请提供该程序版本。

No response

版本

sing-box version 1.10.1

Environment: go1.23.2 linux/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: b80ec55ba0aafc60774e19c409e55ced50ddaab3
CGO: disabled

描述

使用direct入站监听53端口时 无法连接任意目标53端口

重现方式

{
    "dns": {
        "servers": [
            {
                "tag": "direct",
                "address": "223.5.5.5",
                "detour": "direct"
            }
        ]
    },
    "inbounds": [
        {
            "type": "tproxy",
            "tag": "tproxy-in",
            "listen": "::",
            "listen_port": 12345
        },
        {
            "type": "direct",
            "tag": "dns-in",
            "listen": "::",
            "listen_port": 53
        }
    ],
    "outbounds": [
        {
            "type": "direct",
            "tag": "direct"
        },
        {
            "type": "dns",
            "tag": "dns"
        }
    ],
    "route": {
        "rules": [
            {
                "inbound": "dns-in",
                "outbound": "dns"
            }
        ],
        "default_mark": 10
    }
}

ip rule add fwmark 0x1 lookup 100
ip route add local default dev lo table 100
nft add table inet sb_tproxy
nft add chain inet sb_tproxy prerouting { type filter hook prerouting priority mangle \; policy accept \; }
nft add chain inet sb_tproxy output { type route hook output priority mangle \; policy accept \; }
nft add rule inet sb_tproxy prerouting ip daddr 1.1.1.1 meta l4proto { tcp, udp } meta mark set 1 tproxy ip to :12345 accept
nft add rule inet sb_tproxy output meta mark 10 return
nft add rule inet sb_tproxy output ip daddr 1.1.1.1 meta l4proto { tcp, udp } meta mark set 1 accept

使用 dig @1.1.1.1 查询dns

日志

INFO[0000] router: updated default interface wlp0s20f3, index 2
INFO[0000] inbound/tproxy[tproxy-in]: tcp server started at [::]:12345
INFO[0000] inbound/tproxy[tproxy-in]: udp server started at [::]:12345
INFO[0000] inbound/direct[dns-in]: tcp server started at [::]:53
INFO[0000] inbound/direct[dns-in]: udp server started at [::]:53
INFO[0000] sing-box started (0.00s)
INFO[0005] [4218398311 0ms] inbound/tproxy[tproxy-in]: inbound packet connection from 192.168.1.50:43969
INFO[0005] [4218398311 0ms] inbound/tproxy[tproxy-in]: inbound packet connection to 1.1.1.1:53
INFO[0005] [4218398311 0ms] outbound/direct[direct]: outbound packet connection
DEBUG[0005] [1029465734 248ms] inbound/tproxy[tproxy-in]: connection closed: download: listen udp 1.1.1.1:53: bind: address already in use | upload: io: read/write on closed pipe
INFO[0010] [3976724772 0ms] inbound/tproxy[tproxy-in]: inbound packet connection from 192.168.1.50:51317
INFO[0010] [3976724772 0ms] inbound/tproxy[tproxy-in]: inbound packet connection to 1.1.1.1:53
INFO[0010] [3976724772 0ms] outbound/direct[direct]: outbound packet connection
DEBUG[0010] [105783582 207ms] inbound/tproxy[tproxy-in]: connection closed: download: listen udp 1.1.1.1:53: bind: address already in use | upload: io: read/write on closed pipe
INFO[0015] [3883189136 0ms] inbound/tproxy[tproxy-in]: inbound packet connection from 192.168.1.50:35598
INFO[0015] [3883189136 0ms] inbound/tproxy[tproxy-in]: inbound packet connection to 1.1.1.1:53
INFO[0015] [3883189136 0ms] outbound/direct[direct]: outbound packet connection
DEBUG[0015] [655334467 209ms] inbound/tproxy[tproxy-in]: connection closed: download: listen udp 1.1.1.1:53: bind: address already in use | upload: io: read/write on closed pipe

支持我们

• 我已经 赞助

完整性要求

• 我保证阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
• 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程，而不是一个脱敏的复杂客户端配置文件。
• 我保证提供了可用于重现我报告的错误的最简配置，而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
• 我保证提供了完整的配置文件与日志，而不是出于对自身智力的自信而仅提供了部分认为有用的部分。