Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] ruleset的 ip 规则ipv6 会漏 #959

Closed
6 tasks done
Felix-Koh opened this issue Jan 4, 2024 · 6 comments
Closed
6 tasks done

[Bug] ruleset的 ip 规则ipv6 会漏 #959

Felix-Koh opened this issue Jan 4, 2024 · 6 comments
Labels
bug Something isn't working

Comments

@Felix-Koh
Copy link

Verify steps

  • 确保你使用的是本仓库最新的的 mihomo 或 mihomo Alpha 版本 Ensure you are using the latest version of Mihomo or Mihomo Alpha from this repository.
  • 如果你可以自己 debug 并解决的话,提交 PR 吧 Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.
  • 我已经在 Issue Tracker 中找过我要提出的问题 I have searched on the issue tracker for a related issue.
  • 我已经使用 Alpha 分支版本测试过,问题依旧存在 I have tested using the dev branch, and the issue still exists.
  • 我已经仔细看过 Documentation 并无法自行解决问题 I have read the documentation and was unable to solve the issue.
  • 这是 Mihomo 核心的问题,并非我所使用的 Mihomo 衍生版本(如 OpenMihomo、KoolMihomo 等)的特定问题 This is an issue of the Mihomo core per se, not to the derivatives of Mihomo, like OpenMihomo or KoolMihomo.

Mihomo version

2e12cee

What OS are you seeing the problem on?

No response

Mihomo config

######### 锚点 start #######
# 策略组相关
pr: &pr {type: select, proxies: [PROXY,HK,TW,JP,SG,US,📍 WARP,🇺🇳,🌏,Auto,DIRECT]}

#这里是订阅更新和延迟测试相关的
p: &p {type: http, interval: 3600, health-check: {enable: true, url: http://1.1.1.1/generate_204, interval: 300}}

######### 锚点 end #######


# url 里填写自己的订阅,名称不能重复
proxy-providers:
  provider1:
    <<: *p
    url: "xxx"

  provider2:
    <<: *p
    url: "xxx"

log-level: warning
ipv6: true
allow-lan: true
mixed-port: 7890
unified-delay: false
tcp-concurrent: true

external-controller: 127.0.0.1:9090
external-ui: ui
external-ui-url: "https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip"

find-process-mode: 'off'
global-client-fingerprint: chrome

#keep-alive-interval: 3600

geodata-mode: true
geodata-loader: standard
geox-url:
  geoip: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat"
  geosite: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat"
  mmdb: "xxx"

geo-auto-update: true # 是否自动更新 geodata
geo-update-interval: 24 # 更新间隔,单位:小时

profile:
  store-selected: true
  store-fake-ip: true

sniffer:
  enable: true
  sniff:
    HTTP:
      ports: [80, 8080-8880]
      override-destination: true
    TLS:
      ports: [443, 8443]
    QUIC:
      ports: [443, 8443]
  skip-domain:
    - "Mijia Cloud"

dns:
  enable: true
  ipv6: true
  prefer-h3: true
  listen: 0.0.0.0:7874
  enhanced-mode: redir-host
  fake-ip-range: 28.0.0.1/8
  default-nameserver:
  - 223.5.5.5
  nameserver:
    - 'https://1.1.1.2/dns-query#PROXY'
    #- 'https://dns.google/dns-query#dns'
  proxy-server-nameserver:
  - https://1.12.12.12/dns-query
  nameserver-policy:
    "rule-set:dns-cn":
      - 223.5.5.5
    "rule-set:cn_domain,private,apple-cn":
      - https://223.5.5.5/dns-query
      - https://1.12.12.12/dns-query
proxies:

 proxy-groups:

  - {name: PROXY, type: select, proxies: [HK, TW, JP, SG, US, 📍 WARP, Us_Hy2, 🇺🇳, 🌏, Auto, DIRECT]}
  #- {name: Apple, type: select, proxies: [DIRECT, PROXY, Auto, HK, TW, JP, SG, US, 🇺🇳, 🌏]}
  - {name: Google, <<: *pr}
  - {name: Emby, type: select , include-all-providers: true, filter: "(?i)^(?!.*(?:重置)).*"}
  - {name: Telegram, <<: *pr}
  #- {name: Twitter, <<: *pr}
  #- {name: pixiv, <<: *pr}
  #- {name: 哔哩哔哩, type: select, proxies: [DIRECT, HK, TW, JP, SG, US, 🇺🇳, 🌏, Auto]}
  #- {name: 巴哈姆特, <<: *pr}
  - {name: YouTube, <<: *pr}
  - {name: NETFLIX, <<: *pr}
  #- {name: Steam, <<: *pr}
  #- {name: Spotify, <<: *pr}
  #- {name: github, <<: *pr}
  #- {name: 国内, type: select, proxies: [DIRECT, PROXY, HK, TW, JP, SG, US, 🇺🇳, 🌏, Auto]}

  - {name: FINAL, <<: *pr}

#分隔,下面是地区分组
  - {name: 📍 WARP, type: select, proxies: [☁️ HK-WARP, ☁️ TW-WARP, ☁️ JP-WARP, ☁️ SG-WARP, ☁️ US-WARP]}
  - {name: HK, type: fallback , include-all-providers: true, filter: "^(?=.*HK)(?=.*BBGP).*$"}
  - {name: TW, type: fallback , include-all-providers: true, filter: "(?i)台|tw|tp|taiwan"}
  - {name: JP, type: fallback , include-all-providers: true, filter: "(?i)日|jp|japan"}
  - {name: US, type: fallback , include-all-providers: true, filter: "(?i)美|us|unitedstates|united states"}
  - {name: SG, type: fallback , include-all-providers: true, filter: "(?i)(新|sg|singapore)"}
  - {name: 🇺🇳, type: select , include-all-providers: true, filter: "(?i)^(?!.*(?:HK|JP|US|SG|🇨🇳|港|hk|🇭🇰|hongkong|台|tw|tp|taiwan|日|jp|japan|新|sg|singapore|美|us|🇺🇸|unitedstates|重置)).*"}
  - {name: 🌏, type: select , include-all-providers: true, filter: "(?i)^(?!.*(?:重置)).*"}
  - {name: Auto, type: url-test, include-all-providers: true, tolerance: 10, filter: "(?i)^(?!.*(?:重置)).*"}

rules:
  - GEOIP,lan,DIRECT,no-resolve
  - RULE-SET,Reject+,REJECT
  - RULE-SET,Unbreak+,DIRECT
  - RULE-SET,private,DIRECT
  - RULE-SET,Emby,Emby
  #- RULE-SET,ehentai_domain,ehentai
  #- RULE-SET,github_domain,Github
  #- RULE-SET,twitter_domain,Twitter
  - RULE-SET,youtube_domain,YouTube
  - RULE-SET,google,Google
  - RULE-SET,telegram_domain,Telegram
  - RULE-SET,netflix_domain,NETFLIX
  - RULE-SET,apple-cn,DIRECT
  - RULE-SET,steam-cn,DIRECT
  - RULE-SET,game-cn,DIRECT
  - RULE-SET,cn_domain,DIRECT
  - RULE-SET,proxy_domain,PROXY

  #- RULE-SET,google_ip,Google
  - RULE-SET,netflix_ip,NETFLIX
  - RULE-SET,telegram_ip,Telegram
  #- RULE-SET,twitter_ip,Twitter
  - RULE-SET,cn_ip,DIRECT
  - MATCH,FINAL
  
rule-anchor:
  ip: &ip {type: http, interval: 86400, behavior: ipcidr, format: text}
  domain: &domain {type: http, interval: 86400, behavior: domain, format: text}
  classical: &classical {type: http, interval: 86400, behavior: classical, format: text}
rule-providers:
  game-cn:
    <<: *classical
    url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Game/GameDownloadCN/GameDownloadCN.list"
  steam-cn:
    <<: *classical
    url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/SteamCN/SteamCN.list"
  google:
    <<: *classical
    url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Google/Google.list"
  Unbreak+:
    <<: *classical
    url: "xxx"
  Reject+:
    <<: *classical
    url: "xxx"
  Emby:
    <<: *classical
    url: "xxx"

  private:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/private.list"
  dns-cn:
    <<: *domain
    url: "xxx"
  cn_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/cn.list"
  biliintl_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/biliintl.list"
  ehentai_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/ehentai.list"
  github_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/github.list"
  twitter_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/twitter.list"
  youtube_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/youtube.list"
  google_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/google.list"
  telegram_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/telegram.list"
  netflix_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/netflix.list"
  bilibili_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/bilibili.list"
  bahamut_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/bahamut.list"
  spotify_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/spotify.list"
  pixiv_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/pixiv.list"
  proxy_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Proxy/Proxy_Domain_For_Clash.txt"
  gfw_domain:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/gfw.list"
  geolocation-!cn:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/geolocation-!cn.list"
  apple-cn:
    <<: *domain
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/apple-cn.list"

  cn_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/cn.list"
  google_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/google.list"
  netflix_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/netflix.list"
  twitter_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/twitter.list"
  telegram_ip:
    <<: *ip
    url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/telegram.list"

Mihomo log

No response

Description

例如这个[240e:964:ea02:100:1800::71] ip, 同一个 ip 规则使用 geoip 会命中CN,用 ruleset 则会流到 MATCH
@Felix-Koh Felix-Koh added the bug Something isn't working label Jan 4, 2024
@Paulgudring
Copy link

我觉得这个问题应该反应在MetaCubeX/meta-rules-dat,按理来说这个rule-set是用工具(可能是MetaCubeX/geo)从geoip转换来的,内容上应该一致。

@Felix-Koh
Copy link
Author

我觉得这个问题应该反应在MetaCubeX/meta-rules-dat,按理来说这个rule-set是用工具(可能是MetaCubeX/geo)从geoip转换来的,内容上应该一致。

我对比过两个规则内容是一致的,但是 ruleset 就是会漏(好像漏的都是 v6 的)

@xishang0128
Copy link

非8整倍的cidr匹配会失败,还未修复,可以先等等

Larvan2 added a commit that referenced this issue Jan 6, 2024
@Larvan2
close #959; fix: resolve IPv6 rule-set issue #959.
5e41893
Larvan2 added a commit that referenced this issue Jan 6, 2024
@Larvan2
Closes #959; fix: resolve IPv6 rule-set issue #959.
44ee311
Larvan2 added a commit that referenced this issue Jan 6, 2024
@Larvan2
fix: resolve IPv6 rule-set issue #959.
6bc9155
@Felix-Koh
Copy link
Author

今天发现还是有漏(2409:8087:1e03:21::27)

@Larvan2
Copy link
Member

Larvan2 commented Jan 9, 2024

再试试

@Felix-Koh
Copy link
Author

Felix-Koh commented Jan 9, 2024
edited

再试试

好了,谢谢大佬(^🙏^)

@Larvan2 Larvan2 closed this as completed Jan 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Felix-Koh @Larvan2 @Paulgudring @xishang0128