gRPC cannot be proxied with dialerProxy to freedom #2232
Comments
|
感谢你的测试,可能不是 gRPC 内部的问题,而是 Xray 调用 gRPC 的问题
|
|
|
I checked this with xray v1.8.3 and I can confirm that as @HirbodBehnam mentioned, it doesn't work with gRPC. On the other hand, WS works fine. |
|
I was able to reproduce the problem, but couldn't figure out the root cause either. It seems to be a real problem, it is dropping the outbound connection somewhere inside freedom proxy. |
|
@cty123 分享些经验? |
|
解决这个问题应该不难,插一些 log 看一下哪里断了就发现了 |
|
我已经试过了,最早是在freedom 这里断的https://github.com/XTLS/Xray-core/blob/main/proxy/freedom/freedom.go#L205, 显示的错误就是 |
|
以前有个 bug 是若 cancel gRPC 某一子连接的 ctx,会 cancel 整个 gRPC 连接,这个 EOF 可能是类似的原因 |
|
h2 同理,如果 h2 加 dialerProxy 也有这问题,基本上可以确定就是它了 |
|
这我倒是可以试试看 |
|
那就交给你啦,你的反馈很有帮助,“服务端这边显示是客户端先关闭的连接,但是客户端的grpc显示关闭的原因是EOF”这个症状很符合那个 bug,解决办法就是不传原始 ctx,只复制一些关键的信息(若有必要),参考: Xray-core/transport/internet/grpc/dial.go Lines 100 to 102 in 10d6b06 |
修正一下这个描述,应该是把原始 ctx 传给了子连接,子连接结束时调用了 cancel,结果整个 gRPC 连接都断开了(表现为断流) |
但这次这个 bug 盲猜符合这个描述,应该是 gRPC 把第一个子连接的 gctx 传给了 dialerProxy,然后这个 gctx 被 cancel。。。 |
|
还真的跟你说的一样,我debug了好几天了都。就是你说的这个地方 Xray-core/transport/internet/grpc/dial.go Lines 100 to 102 in 10d6b06 我创了个新的context传进去马上就好了,完美使用 |
再次修正 & 总结:
|
|
我改好了,请测试 d92002a 的 gRPC 能否使用 dialerProxy 原本 H2 应该是没这个问题的,因为它原本是 context.Background(),这次改成了 DialTLSContext,需要测试有没有引入新问题 此前传给 REALITY UClient 的 ctx 实际上没被用到,一直想改,这次顺便改成了 |
再再次修正:记混了,不是 gRPC,是 H2 以前出现过的 bug #289 (comment) ,修复见 #289 (comment) |
XTLS/Xray-core#2232 (comment) Thank @cty123 for testing Fixes XTLS/Xray-core#2232 BTW: Use `uConn.HandshakeContext(ctx)` in REALITY fix(app/router): fixed a bug in geoip matching with refactoring (#2489) * Refactor the IP address matching with netipx library * Add a regression test for previous bug Fixes XTLS/Xray-core#1933 --------- Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com> fix(transport): correctly release UDS locker file (#2305) * fix(transport): correctly release UDS locker file * use callback function to do some jobs after create listener Update transport/internet/reality/reality.go Fixes XTLS/Xray-core#2491 Upgrade dependencies Update workflows to use Go 1.21
Hello
I found a quite strange bug in gRPC transport. Take a look at this config:
{ "log": { "loglevel": "debug" }, "inbounds": [ { "listen": "127.0.0.1", "port": "10808", "protocol": "socks", "settings": { "udp": true } }, { "listen": "127.0.0.1", "port": "10809", "protocol": "http" } ], "outbounds": [ { "protocol": "trojan", "settings": { "servers": [ { "address": "example.com", "port": 443, "password": "pass" } ] }, "streamSettings": { "network": "gun", "security": "tls", "grpcSettings": { "serviceName": "servername" }, "sockopt": { "dialerProxy": "direct" } } }, { "protocol": "freedom", "tag": "direct" } ] }This config should just route gRPC traffic via a freedom outbound and thus have no difference between adding
dialerProxyand not. However, I couldn't get this config to work. If I remove thesockoptfrom the config it works fine. Logs look like this:And wiresharks shows that my own PC sends a FIN to server:
I tried digging into Xray and Google's gRPC source code with debugging and watching when the pipes get closed but I couldn't figure it out. HOWEVER, I found an alternative way to forward any traffic to a specific outbound. This method involves using
dokodemo-doorwith a specific routing and using thedokedemo-dooraddress as the outbound address. Consider following config file:{ "log": { "loglevel": "debug" }, "inbounds": [ { "listen": "127.0.0.1", "port": "10808", "protocol": "socks", "settings": { "udp": true } }, { "listen": "127.0.0.1", "port": "10809", "protocol": "http" }, { "listen": "127.0.0.1", "port": "28111", "protocol": "dokodemo-door", "settings": { "address": "104.21.2.133", "port": 443, "network": "tcp" }, "tag": "fragmentedinbound" } ], "outbounds": [ { "protocol": "trojan", "settings": { "servers": [ { "address": "127.0.0.1", "port": 28111, "password": "password" } ] }, "streamSettings": { "network": "gun", "security": "tls", "grpcSettings": { "serviceName": "..." }, "tlsSettings": { "serverName": "..." } } }, { "protocol": "freedom", "settings": { "fragment": { "length": "1-2", "interval": "0-1", "packets": "1" } }, "tag": "fragment" }, { "protocol": "freedom", "tag": "direct" } ], "routing": { "domainMatcher": "mph", "domainStrategy": "IPIfNonMatch", "rules": [ { "domain": [ "regexp:.*\\.ir$", "ext:iran.dat:ir", "ext:iran.dat:other" ], "outboundTag": "direct", "type": "field" }, { "ip": [ "geoip:private", "geoip:ir" ], "outboundTag": "direct", "type": "field" }, { "inboundTag": [ "fragmentedinbound" ], "outboundTag": "fragment", "type": "field" } ] } }This is basically the config which I'm currently using to connect. I'm not expecting this to be fixed anytime soon considering that there is a neat workaround.
The text was updated successfully, but these errors were encountered: