Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

splithttp client with http3 connectivity issue #3673

Closed
3 tasks done
dyhkwong opened this issue Aug 11, 2024 · 8 comments
Closed
3 tasks done

splithttp client with http3 connectivity issue #3673

dyhkwong opened this issue Aug 11, 2024 · 8 comments
Labels
bug Something isn't working

Comments

@dyhkwong
Copy link
Contributor

dyhkwong commented Aug 11, 2024

Integrity requirements

  • I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
  • I provided the complete config and logs, rather than just providing the truncated parts based on my own judgment.
  • I searched issues and did not find any similar issues.

Version

498d8eb

Description

This issue is raised per request of #3570.

Since 22535d8, splithttp (with alpn h3 so it's http3) client does not work with trojan, vless, http, and vmess with zero security.

Symptom: Client only works on the first few connections. After a few seconds the log will be filled with app/proxyman/inbound: connection ends > proxy/socks: connection ends > context canceled, and new connections can't be established anymore. Connections can recover after a long time.

Additinal infomation: VMess with non-zero security does not have this issue. Splithttp with non-http3 also does not have this issue. Temporarily reverting 22535d8 can fix this.

Reproduction Method

Run both the following server and client configurations locally.
Configure browser to use the socks inbound and visit some websites.
After a few seconds no website can be opened anymore.

Client config


{
	"log": {
		"loglevel": "debug"
	},
	"inbounds": [
		{
			"listen": "127.0.0.1",
			"port": 1080,
			"protocol": "socks",
			"settings": {
				"udp": true
			}
		}
	],
	"outbounds": [
		{
			"protocol": "vless",
			"settings": {
				"vnext": [
					{
						"address": "127.0.0.1",
						"port": 443,
						"users": [
							{
								"id": "00000000-0000-0000-0000-000000000000",
								"encryption": "none"
							}
						]
					}
				]
			},
			"streamSettings": {
				"security": "tls",
				"network": "splithttp",
				"tlsSettings": {
					"serverName": "example.com", 
					"allowInsecure": true,
					"alpn": [
						"h3"
					]
				}
			}
		}
	]
}

Server config


{
	"log": {
		"loglevel": "debug"
	},
	"inbounds": [
		{
			"listen": "127.0.0.1",
			"port": 443,
			"protocol": "vless",
			"settings": {
				"clients": [
					{
						"id": "00000000-0000-0000-0000-000000000000"
					}
				],
				"decryption": "none"
			},
			"streamSettings": {
				"security": "tls",
				"network": "splithttp",
				"tlsSettings": {
					"certificates": [
						{
							"certificateFile": "certificate.crt",
							"keyFile": "key.key"
						}
					],
					"alpn": [
						"h3"
					]
				}
			}
		}
	],
	"outbounds": [
		{
			"protocol": "freedom"
		}
	]
}

certificate.crt and key.key.zip

Client log

client.log

Server log

server.log

server log should be not related

@mmmray mmmray added the bug Something isn't working label Aug 11, 2024
@mmmray
Copy link
Collaborator

mmmray commented Aug 11, 2024

I also can't reproduce this with the provided configs on Ubuntu 24 and within an Arch docker container. it's really strange. Maybe #3613 can serve as a workaround for this issue.

@RPRX
Copy link
Member

RPRX commented Aug 12, 2024

如果这个问题确实存在,之前类似的问题都是 ctx 的问题,但看起来这里的 ctx 没问题,虽然没有命名为 ctxInner

VMess with non-zero security does not have this issue

这是比较奇怪的,为啥跑在上面的代理协议有加密就没问题,按理来说不应该有区别?

@RPRX
Copy link
Member

RPRX commented Aug 12, 2024

想到了 VMess 可能双端都有无限 drain 机制,但我依稀记得我把非 TCP or DS 时的 drain 给关了,难道 drain 了所以没 cancel ctx?

还有我用 VLESS+SplitHTTP 目前没能复现 issue 所述情况,@ll11l1lIllIl1lll @Fangliding @yuhan6665 看看

@RPRX
Copy link
Member

RPRX commented Aug 12, 2024

这是比较奇怪的,为啥跑在上面的代理协议有加密就没问题,按理来说不应该有区别?

@mmmray any ideas?

@mmmray
Copy link
Collaborator

mmmray commented Aug 12, 2024

i already tested ubuntu, arch, v2rayng, i am going to try windows next since that's what the logs are from (or maybe somebody else can test it there, since I accidentally destroyed my VM)

@mmmray
Copy link
Collaborator

mmmray commented Aug 23, 2024

I forgot to post, I couldn't repro this on Windows 10 either :(

Something is really strange here. Maybe #3710 makes a difference? (after all, it is a connection leak, so maybe that locks up the client after a while)

@dyhkwong
Copy link
Contributor Author

Although I have no idea why others people can't reproduce this, with #3710 merged, I can't reproduce this anymore. It should be case 2 in #3710 because I can get it work with a new server and an old client.

@mmmray
Copy link
Collaborator

mmmray commented Aug 23, 2024

awesome lol. thanks for the thorough bugreport

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants