Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

无法显示路由信息 #239

Closed
Bryan2333 opened this issue May 10, 2024 · 11 comments
Closed

无法显示路由信息 #239

Bryan2333 opened this issue May 10, 2024 · 11 comments

Comments

@Bryan2333
Copy link

Bryan2333 commented May 10, 2024
edited

本项目是基于Linux/macOS的,请确认您遇到的问题是否在Linux或macOS上存在。

你正在使用哪个版本的 nexttrace?

Linux build from source

你看到的异常现象是什么?

除了开始的节点和结束节点,其他节点的路由信息无法显示

_20240510_175042.webp

你期待看到的正常表现是怎样的?

正常显示路由信息

请附上你的命令

sudo nexttrace america.archive.pkgbuild.com

然后选IPv4地址

请附上出错时软件输出的错误信息

无错误输出

是否查询过本仓库wiki有没有类似错误
@tsosunchia
Copy link
Member

可能是你网络中防火墙的问题

@Bryan2333
Copy link
Author

我感觉不太可能,我这边直接使用traceroute跟踪了一下对应的IP,是可以显示出来的。
_20240510_203921.webp

@tsosunchia
Copy link
Member

你是在什么环境下运行的

@Bryan2333
Copy link
Author

我的系统是Arch Linux,然后用的是AUR上的这个包nexttrace

我电脑上用Nftables配了一个TProxy的透明代理。我尝试过把透明代理的规则删掉,但还是没办法显示出中间的路由信息。

@tsosunchia
Copy link
Member

建议抓一下包

@Bryan2333
Copy link
Author

我用wireshark抓了ICMP的包。

这个是开启透明代理时的情况,nexttrace除了开始节点和结束节点以外的节点都显示不出来。
屏幕截图_20240510_205249

这个是关闭透明代理时的情况,nexttrace可以显示出部分路由。
屏幕截图_20240510_205547

@Bryan2333
Copy link
Author

顺便附上我的Nftables的规则

table inet clash_tproxy {
	chain prerouting {
		type filter hook prerouting priority mangle; policy accept;
		meta l4proto tcp socket transparent 1 meta mark set 0x00000001
		socket transparent 0 return
		ip daddr { 0.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.168.0.0/16, 224.0.0.0/3 } return
		ip6 daddr { ::1, fd00::/8, fe80::/10 } return
		tcp dport != { 22, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 5222, 8080, 8443 } return
		meta l4proto tcp meta mark set 0x00000001 tproxy ip to 127.0.0.1:7894 accept
		meta l4proto tcp meta mark set 0x00000001 tproxy ip6 to [::1]:7894 accept
	}
}
table inet clash_tproxy_local {
	chain output {
		type route hook output priority mangle; policy accept;
		meta skuid { 960, 961 } return
		ip daddr { 0.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.168.0.0/16, 224.0.0.0/3 } return
		ip6 daddr { ::1, fd00::/8, fe80::/10 } return
		tcp dport != { 22, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 5222, 8080, 8443 } return
		meta l4proto tcp meta mark set 0x00000001
	}
}
table inet clash_tproxy_dns {
	chain prerouting {
		type nat hook prerouting priority filter; policy accept;
		fib saddr type != local udp dport 53 redirect to :5333
	}

	chain output {
		type nat hook output priority filter; policy accept;
		meta skuid 961 return
		fib daddr type != local udp dport 53 redirect to :5333
	}
}

@tsosunchia
Copy link
Member

大概看了一下,
这个问题,我觉得如果你去询问你所使用的代理软件的issue区可能更有用

@tsosunchia
Copy link
Member

大概是你的nft哪里配的有问题

@tsosunchia
Copy link
Member

我感觉不太可能,我这边直接使用traceroute跟踪了一下对应的IP,是可以显示出来的。

_20240510_203921.webp

你可以试试

traceroute --icmp

看看能不能正常trace

nextttace默认使用icmp

@Bryan2333
Copy link
Author

Bryan2333 commented May 10, 2024
edited

我试了,果然不行。我查了一下,Linux下traceroute默认用的是UDP协议,端口是33434。

我这边nexttrace改用UDP协议加上33434端口查询就好了,默认的53端口不行。

屏幕截图_20240510_212525

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Bryan2333 @tsosunchia