UDP proxy has no effect on ENV:Windivert

Question

UDP proxy has no effect on ENV:Windivert

lanslot-choby opened this issue 4 years ago · 8 comments

The udp proxy has no effect, you can use this tool to test it. When the shadow-windivert mode has taken effect, the udp request of the program will not be intercepted.

Answer 1 · 2020-08-24T02:28:31.000Z

Can you show me your config file?

I'm not sure about your intention exactly. Though I understand the test program sends non-standard DNS requests to servers, like AdGuard DNS and some others, do you need these packets to be intercepted or not?

After adding these IPs of the servers to the config file, logs appeared.

Answer 2 · 2020-08-24T10:47:11.000Z

{
	"Server": [
		"socks://127.0.0.1:8388"   // here is ss-local runed with udprelay...
	],
	
	"NameServer": "udp://8.8.8.8",
	
	"FilterString": "outbound and (ip ? ip.DstAddr != 8.8.8.8 and ip.DstAddr != 127.0.0.1 : true)",

    "AppRules": {
        "Proxy":[
            "xx.exe",
            "dig.exe",
            "curl.exe",
            "chrome.exe",
            "nslookup.exe"
        ]
    }
}

I am runing in the ss-local-Mode, tcp is ok,but udp not work.
When udp requested, the verbose log show nothing, udp packet used the old network environment.

Answer 3 · 2020-08-24T15:02:09.000Z

You can test with my ss-local,I used go-tun2socks with it,and works well.

Answer 4 · 2020-08-25T02:16:33.000Z

Commit 3c7a0fa may have fixed this issue.

Answer 5 · 2020-08-25T06:16:08.000Z

Great!
Thank you very much,I have test your new commit,and it Fixed.
But could you check like my ss-local mode,configurate file like before I posted.My dns seems doesn't works very well..

Answer 6 · 2020-08-25T10:32:44.000Z

Dear imgk,
I means, "NameServer": "udp://8.8.8.8", in my ss-local with udprelay mode, doesn't work.
DNS results are incorrect, DNS results ware modified by GFW

Answer 7 · 2020-08-25T11:55:02.000Z

The dns queries captured by shadow will not be sent through proxy by default as these queries do not contain EDNS section which indicates the IP address of the client. The clean dns result may slow down the speed when browsing some websites. If you want to get clean dns result, please add 8.8.8.8/32 to IPCIDRRules->Proxy section, and change the FilterString to outbound and not loopback and (ip ? ip.DstAddr != REMOTE-SERVER-IP : true). A more selective and precise filter string may improve performance.

Answer 8 · 2020-08-25T14:12:21.000Z

Ok,not a very good solution,I think you can do the part of dns resolv better.
Thank you very much!