Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] SUB-RULE 括号内的进程匹配规则无效 #876

Closed
6 tasks done
Brbrbr1995 opened this issue Dec 6, 2023 · 7 comments
Closed
6 tasks done

[Bug] SUB-RULE 括号内的进程匹配规则无效 #876

Brbrbr1995 opened this issue Dec 6, 2023 · 7 comments
Labels
bug Something isn't working

Comments

@Brbrbr1995
Copy link

Verify steps

  • 确保你使用的是本仓库最新的的 mihomo 或 mihomo Alpha 版本 Ensure you are using the latest version of Mihomo or Mihomo Alpha from this repository.
  • 如果你可以自己 debug 并解决的话,提交 PR 吧 Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.
  • 我已经在 Issue Tracker 中找过我要提出的问题 I have searched on the issue tracker for a related issue.
  • 我已经使用 Alpha 分支版本测试过,问题依旧存在 I have tested using the dev branch, and the issue still exists.
  • 我已经仔细看过 Documentation 并无法自行解决问题 I have read the documentation and was unable to solve the issue.
  • 这是 Mihomo 核心的问题,并非我所使用的 Mihomo 衍生版本(如 OpenMihomo、KoolMihomo 等)的特定问题 This is an issue of the Mihomo core per se, not to the derivatives of Mihomo, like OpenMihomo or KoolMihomo.

Mihomo version

alpha-92129b3

What OS are you seeing the problem on?

Windows

Mihomo config

log-level: debug

profile:
  store-selected: true
  store-fake-ip: false



#██████████████████████
#███  █████   ████  ███
#███  █████    ███  ███
#███  █████  █  ██  ███
#███  █████  ██  █  ███
#███  █████  ███    ███
#██████████████████████



allow-lan: true
bind-address: "*"

ipv6: false

port: 21101
socks-port: 21102
mixed-port: 21103

tun:
  enable: true
  stack: system
  auto-route: true
  auto-detect-interface: true
  mtu: 1480
  dns-hijack:
    - any:53

dns:
  enable: true
  listen: 0.0.0.0:53
  ipv6: false
  enhanced-mode: redir-host
  use-hosts: true
  prefer-h3: true

  nameserver-policy:

  proxy-server-nameserver:
    - https://1.1.1.1/dns-query#h3=true&DIRECT
    - https://1.0.0.1/dns-query#h3=true&DIRECT
    - https://9.9.9.9/dns-query#h3=true&DIRECT
    - https://208.67.222.222/dns-query#h3=true&DIRECT&DIRECT
  default-nameserver:
    - https://1.1.1.1/dns-query#h3=true&DIRECT
    - https://1.0.0.1/dns-query#h3=true&DIRECT
    - https://9.9.9.9/dns-query#h3=true&DIRECT
    - https://208.67.222.222/dns-query#h3=true&DIRECT
  nameserver:
    - https://1.1.1.1/dns-query#h3=true&DIRECT
    - https://1.0.0.1/dns-query#h3=true&DIRECT
    - https://9.9.9.9/dns-query#h3=true&DIRECT
    - https://208.67.222.222/dns-query#h3=true&DIRECT&DIRECT



#██████████████████████████████████████████████████
#███      ██████  ████  █████  ██████████       ███
#███  ███  █████  ████  █████  ██████████  ████████
#███      ██████  ████  █████  ██████████     █████
#███  ███  █████  ████  █████  ██████████  ████████
#███  ███  ██████      ██████       █████       ███
#██████████████████████████████████████████████████



mode: rule

find-process-mode: strict

geodata-mode: false

geox-url:
  mmdb: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.metadb"
  geoip: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat"
  geosite: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat"

geodata-loader: standard

rule-providers:

  RPT:
    type: http
    behavior: classical
    url: "http://192.168.1.14/Rule/RPT.yaml"
    path: ./Provider/Rule/RPT.yaml
    interval: 3600

rules:
#  - PROCESS-NAME,xxx.exe,REJECT
  - SUB-RULE,(RULE-SET,RPT),SR1
  - MATCH,REJECT

sub-rules:
  SR1:
    - DOMAIN-SUFFIX,browserleaks.com,DIRECT
    - MATCH,DIRECT



#████████████████████████████████████████
#████      ██████  ████  █████        ███
#███  ████  █████  ████  ████████  ██████
#███  ████  █████  ████  ████████  ██████
#███  ████  █████  ████  ████████  ██████
#████      ███████      █████████  ██████
#████████████████████████████████████████



unified-delay: false
tcp-concurrent: false
keep-alive-interval: 10
global-client-fingerprint: chrome

sniffer:
  enable: true
  force-dns-mapping: true
  parse-pure-ip: true
  override-destination: true
  sniff:
    HTTP:
      ports: [80, 8080-8880]
      override-destination: true
    TLS:
      ports: [443, 8443]
      override-destination: true
    QUIC:
      ports: [443, 8443]
      override-destination: true
  force-domain:
  skip-domain:

proxies:

Mihomo log

C:\Users\username\Desktop\Mihomo>cd /d C:\Users\username\Desktop\Mihomo\

C:\Users\username\Desktop\Mihomo>title Mihomo TEST

C:\Users\username\Desktop\Mihomo>Mihomo.exe -d \ -ext-ui \MetaCubeXD -ext-ctl 0.0.0.0:21100 -f "C:\Users\username\Desktop\TEST.yaml"
INFO[2023-12-06T11:14:59.5212426+08:00] Start initial configuration in progress
INFO[2023-12-06T11:14:59.5223978+08:00] Geodata Loader mode: standard
INFO[2023-12-06T11:14:59.5223978+08:00] Initial configuration complete, total time: 0ms
INFO[2023-12-06T11:14:59.5230192+08:00] Sniffer is loaded and working
INFO[2023-12-06T11:14:59.5241689+08:00] DNS server listening at: [::]:53
INFO[2023-12-06T11:14:59.5241689+08:00] RESTful API listening at: [::]:21100
INFO[2023-12-06T11:14:59.5247277+08:00] HTTP proxy listening at: [::]:21101
INFO[2023-12-06T11:14:59.5252448+08:00] SOCKS proxy listening at: [::]:21102
INFO[2023-12-06T11:14:59.5252448+08:00] Mixed(http+socks) proxy listening at: [::]:21103
WARN[2023-12-06T11:14:59.5275362+08:00] [TUN] default interface changed by monitor,  => Ethernet
INFO[2023-12-06T11:14:59.7726186+08:00] [TUN] Tun adapter listening at: Meta([198.18.0.1/30],[]), mtu: 1480, auto route: true, ip stack: System
INFO[2023-12-06T11:14:59.7726186+08:00] Start initial compatible provider default
INFO[2023-12-06T11:14:59.7731664+08:00] Start initial provider RPT
DEBU[2023-12-06T11:14:59.7805107+08:00] [https://9.9.9.9:443/dns-query] using HTTP/3 for this upstream: QUIC was faster
DEBU[2023-12-06T11:14:59.7805107+08:00] [https://208.67.222.222:443/dns-query] using HTTP/3 for this upstream: QUIC was faster
DEBU[2023-12-06T11:14:59.7805107+08:00] [https://1.1.1.1:443/dns-query] using HTTP/3 for this upstream: QUIC was faster
DEBU[2023-12-06T11:14:59.7805107+08:00] [https://1.0.0.1:443/dns-query] using HTTP/3 for this upstream: QUIC was faster
DEBU[2023-12-06T11:14:59.830062+08:00] [Rule] use default rules
INFO[2023-12-06T11:14:59.8330451+08:00] [UDP] 198.18.0.1:137 --> 198.18.0.3:137 match  using REJECT
DEBU[2023-12-06T11:15:00.2550483+08:00] [DNS] hijack udp:198.18.0.2:53 from 198.18.0.1:54278
DEBU[2023-12-06T11:15:00.2550483+08:00] [DNS] resolve www.msftconnecttest.com from https://208.67.222.222:443/dns-query
DEBU[2023-12-06T11:15:00.2550483+08:00] [DNS] resolve www.msftconnecttest.com from https://9.9.9.9:443/dns-query
DEBU[2023-12-06T11:15:00.2550483+08:00] [DNS] resolve www.msftconnecttest.com from https://1.1.1.1:443/dns-query
DEBU[2023-12-06T11:15:00.2550483+08:00] [DNS] resolve www.msftconnecttest.com from https://1.0.0.1:443/dns-query
DEBU[2023-12-06T11:15:00.4565528+08:00] [DNS] www.msftconnecttest.com --> [96.7.128.82 96.7.128.50 96.7.128.53 96.7.128.55 96.7.128.73 96.7.128.46 96.7.128.47 96.7.128.80 96.7.128.69] A from https://1.0.0.1:443/dns-query
DEBU[2023-12-06T11:15:00.6104859+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:00.6172312+08:00] [UDP] 198.18.0.1:137 --> 198.18.0.3:137 match  using REJECT
DEBU[2023-12-06T11:15:00.702465+08:00] [DNS] cp.cloudflare.com --> [104.16.132.229 104.16.133.229] A from https://1.0.0.1:443/dns-query
DEBU[2023-12-06T11:15:00.7365256+08:00] re-creating the http client due to requesting https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA3d3dw9tc2Z0Y29ubmVjdHRlc3QDY29tAAABAAE: Get_0rtt "https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAAmNwCmNsb3VkZmxhcmUDY29tAAABAAE": H3_REQUEST_CANCELLED (local)
DEBU[2023-12-06T11:15:00.773188+08:00] [https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA3d3dw9tc2Z0Y29ubmVjdHRlc3QDY29tAAABAAE] using HTTP/3 for this upstream: QUIC was faster
DEBU[2023-12-06T11:15:00.8172665+08:00] [Sniffer] Sniff tcp [198.18.0.1:3542]-->[www.msftconnecttest.com:80] success, replace domain [www.msftconnecttest.com]-->[www.msftconnecttest.com]
DEBU[2023-12-06T11:15:00.8190754+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:00.8267013+08:00] [TCP] 198.18.0.1:3542 --> www.msftconnecttest.com:80 match Match using REJECT
DEBU[2023-12-06T11:15:01.3586848+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:01.3586848+08:00] [UDP] 198.18.0.1:137 --> 198.18.0.3:137 match  using REJECT
DEBU[2023-12-06T11:15:01.3982894+08:00] Health Checked, proxy: DIRECT, url: https://cp.cloudflare.com/generate_204, alive: true, delay: 1625 ms uid: {6b796a45-a1b9-41c7-a0d5-747847605402}
DEBU[2023-12-06T11:15:01.3987966+08:00] Finish A Health Checking {6b796a45-a1b9-41c7-a0d5-747847605402}
DEBU[2023-12-06T11:15:02.1241048+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:02.1241048+08:00] [UDP] 198.18.0.1:137 --> 198.18.0.3:137 match  using REJECT
DEBU[2023-12-06T11:15:04.8324558+08:00] [DNS] hijack udp:198.18.0.2:53 from 198.18.0.1:54807
DEBU[2023-12-06T11:15:04.8329966+08:00] [DNS] resolve browserleaks.com from https://208.67.222.222:443/dns-query
DEBU[2023-12-06T11:15:04.833061+08:00] [DNS] resolve browserleaks.com from https://9.9.9.9:443/dns-query
DEBU[2023-12-06T11:15:04.833061+08:00] [DNS] resolve browserleaks.com from https://1.1.1.1:443/dns-query
DEBU[2023-12-06T11:15:04.833061+08:00] [DNS] resolve browserleaks.com from https://1.0.0.1:443/dns-query
DEBU[2023-12-06T11:15:05.2336085+08:00] [DNS] browserleaks.com --> [104.236.69.55] A from https://1.1.1.1:443/dns-query
DEBU[2023-12-06T11:15:05.2336085+08:00] re-creating the http client due to requesting https://1.0.0.1:443/dns-query?dns=AAABAAABAAAAAAAADGJyb3dzZXJsZWFrcwNjb20AAAEAAQ: Get_0rtt "https://1.0.0.1:443/dns-query?dns=AAABAAABAAAAAAAADGJyb3dzZXJsZWFrcwNjb20AAAEAAQ": H3_REQUEST_CANCELLED (local)
DEBU[2023-12-06T11:15:05.2351171+08:00] [https://1.0.0.1:443/dns-query?dns=AAABAAABAAAAAAAADGJyb3dzZXJsZWFrcwNjb20AAAEAAQ] using HTTP/3 for this upstream: QUIC was faster
DEBU[2023-12-06T11:15:05.2386165+08:00] [Sniffer] Sniff tcp [198.18.0.1:3543]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:05.2386165+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:05.2391551+08:00] [TCP] 198.18.0.1:3543 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:05.2402732+08:00] [Sniffer] Sniff tcp [198.18.0.1:3544]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:05.240827+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:05.240827+08:00] [TCP] 198.18.0.1:3544 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:06.5003504+08:00] [Sniffer] Sniff tcp [198.18.0.1:3545]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:06.5008577+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:06.5020756+08:00] [TCP] 198.18.0.1:3545 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:06.5036385+08:00] [Sniffer] Sniff tcp [198.18.0.1:3546]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:06.5036385+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:06.504292+08:00] [TCP] 198.18.0.1:3546 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:06.8726277+08:00] [Sniffer] Sniff tcp [198.18.0.1:3547]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:06.8726277+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:06.8737647+08:00] [TCP] 198.18.0.1:3547 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:06.8775349+08:00] [Sniffer] Sniff tcp [198.18.0.1:3548]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:06.8783782+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:06.8783782+08:00] [TCP] 198.18.0.1:3548 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:07.895815+08:00] [Sniffer] Sniff tcp [198.18.0.1:3549]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:07.8958324+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:07.896954+08:00] [TCP] 198.18.0.1:3549 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:07.8986113+08:00] [Sniffer] Sniff tcp [198.18.0.1:3550]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:07.89914+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:07.8992022+08:00] [TCP] 198.18.0.1:3550 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:08.6803978+08:00] [Sniffer] Sniff tcp [198.18.0.1:3551]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:08.6809359+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:08.6822239+08:00] [TCP] 198.18.0.1:3551 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:08.6839796+08:00] [Sniffer] Sniff tcp [198.18.0.1:3552]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:08.6839796+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:08.6845233+08:00] [TCP] 198.18.0.1:3552 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:08.8168341+08:00] [Sniffer] Sniff tcp [198.18.0.1:3553]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:08.8168341+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:08.8185079+08:00] [TCP] 198.18.0.1:3553 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:08.8200944+08:00] [Sniffer] Sniff tcp [198.18.0.1:3554]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:08.8200944+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:08.8206401+08:00] [TCP] 198.18.0.1:3554 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.1502117+08:00] [Sniffer] Sniff tcp [198.18.0.1:3555]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.1507406+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.1518671+08:00] [TCP] 198.18.0.1:3555 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.153497+08:00] [Sniffer] Sniff tcp [198.18.0.1:3556]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.153497+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.154041+08:00] [TCP] 198.18.0.1:3556 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.3015819+08:00] [Sniffer] Sniff tcp [198.18.0.1:3557]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.3015819+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.3030973+08:00] [TCP] 198.18.0.1:3557 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.3043855+08:00] [Sniffer] Sniff tcp [198.18.0.1:3558]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.3049206+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.3049854+08:00] [TCP] 198.18.0.1:3558 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.4698032+08:00] [Sniffer] Sniff tcp [198.18.0.1:3559]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.4698032+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.4715106+08:00] [TCP] 198.18.0.1:3559 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.4727862+08:00] [Sniffer] Sniff tcp [198.18.0.1:3560]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.4732931+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.4739558+08:00] [TCP] 198.18.0.1:3560 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.6207452+08:00] [Sniffer] Sniff tcp [198.18.0.1:3561]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.6207836+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.6219046+08:00] [TCP] 198.18.0.1:3561 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.6235+08:00] [Sniffer] Sniff tcp [198.18.0.1:3562]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.6240252+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.6256665+08:00] [TCP] 198.18.0.1:3562 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.7801695+08:00] [Sniffer] Sniff tcp [198.18.0.1:3563]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.7810057+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.7826628+08:00] [TCP] 198.18.0.1:3563 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.7838879+08:00] [Sniffer] Sniff tcp [198.18.0.1:3564]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.7838879+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.7849754+08:00] [TCP] 198.18.0.1:3564 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.9352034+08:00] [Sniffer] Sniff tcp [198.18.0.1:3565]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.9352034+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.9389717+08:00] [TCP] 198.18.0.1:3565 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:09.9401122+08:00] [Sniffer] Sniff tcp [198.18.0.1:3566]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:09.940691+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:09.9417843+08:00] [TCP] 198.18.0.1:3566 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:10.0759332+08:00] [Sniffer] Sniff tcp [198.18.0.1:3567]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:10.0759332+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:10.0771066+08:00] [TCP] 198.18.0.1:3567 --> browserleaks.com:443 match Match using REJECT
DEBU[2023-12-06T11:15:10.0788112+08:00] [Sniffer] Sniff tcp [198.18.0.1:3568]-->[browserleaks.com:443] success, replace domain [browserleaks.com]-->[browserleaks.com]
DEBU[2023-12-06T11:15:10.0793513+08:00] [Rule] use default rules
INFO[2023-12-06T11:15:10.0793513+08:00] [TCP] 198.18.0.1:3568 --> browserleaks.com:443 match Match using REJECT

Description

疑似 rule provider 里的进程规则没有触发 find process
rule 第一行如果不注释掉的话提前触发的话就会正常走direct
反之会被reject
@Brbrbr1995 Brbrbr1995 added the bug Something isn't working label Dec 6, 2023
@Brbrbr1995
Copy link
Author

RPT.yaml

payload:
  - PROCESS-NAME,chrome.exe

@Brbrbr1995
Copy link
Author

应该是sub-rule的问题,如下配置也不能匹配

rules:
#  - PROCESS-NAME,xxx.exe,REJECT
  - SUB-RULE,(PROCESS-NAME,chrome.exe),SR1
  - MATCH,REJECT

@xishang0128
Copy link

经测试,匹配没有任何问题,请检查环境问题
image
image
image

@Brbrbr1995
Copy link
Author

你第一张图里那样是可以正常解析的,有问题的是SUB-RULE后面括号里的进程规则

@Brbrbr1995
Copy link
Author

Brbrbr1995 commented Dec 6, 2023
edited
Loading

除非提前触发find process,或者 find-process-mode: always
我怎么试都是不行,
这是在rules第一行触发
INFO[2023-12-06T15:23:39.9822432+08:00] [TCP] 198.18.0.1:5079(chrome.exe) --> tls.browserleaks.com:443 match SubRules((PROCESS-NAME,chrome.exe)) using DIRECT
这是把第一行注释掉
INFO[2023-12-06T15:24:41.612551+08:00] [TCP] 198.18.0.1:1832 --> browserleaks.com:443 match Match using REJECT
就删了一个#

@Brbrbr1995 Brbrbr1995 changed the title [Bug] Rule Provider 内的进程匹配规则无效 [Bug] SUB-RULE 括号内的进程匹配规则无效 Dec 6, 2023
@cesaryuan
Copy link

发现了同样的问题,SUB-RULE 括号内的使用进程匹配规则无效,NETWORK规则没有问题。

比如下面的规则会匹配到第二行(- PROCESS-NAME,curl.exe,REJECT)而不是第一行(- SUB-RULE,(PROCESS-NAME,curl.exe),test)。

sub-rules:
  test:
    - MATCH,DIRECT
rules:
  - SUB-RULE,(PROCESS-NAME,curl.exe),test
  - PROCESS-NAME,curl.exe,REJECT
  - MATCH,REJECT

@cesaryuan cesaryuan mentioned this issue Jan 2, 2024
Merged
@senzyo
Copy link

senzyo commented Apr 29, 2024

版本: mihomo-linux-amd64-v1.18.4.gz
配置:

find-process-mode: strict
...
rules:
  - SUB-RULE,(PROCESS-NAME,aria2c),test
sub-rules:
  test:
    - GEOIP,cn,DIRECT

可以匹配到进程, 没有问题。

顺便一提, 如果要匹配 RULE-SET 中的 PROCESS-NAME, 比如:

rules:
  - SUB-RULE,(RULE-SET,download_process),test
sub-rules:
  test:
    - GEOIP,cn,DIRECT

find-process-mode 需要为 always 而不是 strict

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cesaryuan @xishang0128 @senzyo @Brbrbr1995