[Bug] fakeip模式下浏览国内网页很慢，大概在4c10d42版本之后出的问题

[bsdcpp]

Verify steps

• I have read the documentation and understand the meaning of all configuration items I have written, avoiding a large number of seemingly useful options or default values.
• I have not reviewed the documentation and resolve this issue.
• I have not searched the Issue Tracker for the problem I am going to raise.
• I have tested with the latest Alpha branch version, and the issue still persists.
• I have provided server and client configuration files and processes that can reproduce the issue locally, rather than a desensitized complex client configuration file.
• I have provided the simplest configuration that can reproduce the error I reported, rather than relying on remote servers, TUN, graphical client interfaces, or other closed-source software.
• I have provided complete configuration files and logs, rather than providing only parts that I believe are useful due to confidence in my own intelligence.

Operating System

Linux

System Version

5.10.194

Mihomo Version

我测了好几个alpha版本，定位问题是在4c10d42之后开始出现的。（4c10d42版本没问题）

Configuration File

我用shellcrash默认配置，tun混合+fakeip模式

Description

在版本4c10d42之后那个版本，我测试过“chore: cleanup dns policy match code #1519”肯定是有问题的。表现为：
访问国内news.163.com，jd.com首页加载转圈超过10s，打开任何子页面都会转圈很长时间。

Reproduction Steps

用这两个版本排查就可以。

Logs

No response

[xishang0128]

no log no issue,并且非直接运行内核以及未提供最简可复现配置用于开发者复现

[bsdcpp]

no log no issue,并且非直接运行内核以及未提供最简可复现配置用于开发者复现

我用的shellcrash，用的初始配置，日志没发现什么异常。我认为随意用fakeip配置都可以复现。
rules:
Match, DIRECT
这样来也是有问题，推测是DNS问题，后来挨个alpha版本排查出这个4c10d42版本开始出问题。

ps: 同配置换release版本和pre都没问题， DNS部分

dns:
  enable: true
  listen: :1053
  use-hosts: true
  ipv6: false
  default-nameserver:
    - 114.114.114.114
    - 223.5.5.5
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  fake-ip-filter:
    - '*.lan'

[wwqgtxx]

@bsdcpp 建议贴shellcrash输出的完整配置文件（可以去掉proxy部分），以及详细的debug日志（在今天最新的Alpha版本下测）

[bsdcpp]

@bsdcpp 建议贴shellcrash输出的完整配置文件（可以去掉proxy部分），以及详细的debug日志（在今天最新的Alpha版本下测）
感谢两位大佬回复。
我在shellcrash里不配节点，就是全局走DIRECT也一样的问题，换4c10d42版本就好，换新的alpha都是一个问题。

打开浏览器隐私模式，打开news.163.com和www.jd.com，用了有问题的版本，首页加载至少10s。京东的图片加载很慢不全，打开商品详情页也慢半拍。

配置如下：

mixed-port: 7890
redir-port: 7892
tproxy-port: 7893
authentication: [""]
allow-lan: true
mode: Rule
log-level: info
ipv6: true
external-controller: :9999
external-ui: ui
secret:
tun: {enable: true, stack: system, device: utun, auto-route: false, auto-detect-interface: false}
experimental: {ignore-resolve-fail: true, interface-name: en0}

find-process-mode: "off"
routing-mark: 7894
dns:
  enable: true
  listen: :1053
  use-hosts: true
  ipv6: false
  default-nameserver:
    - 114.114.114.114
    - 223.5.5.5
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  fake-ip-filter:
    - '*.lan'
    - '*.localdomain'
    - '*.example'
    - '*.invalid'
    - '*.localhost'
    - '*.test'
    - '*.local'
    - '*.home.arpa'
    - 'time.*.com'
    - 'time.*.gov'
    - 'time.*.edu.cn'
    - 'time.*.apple.com'
    - 'time-ios.apple.com'
    - 'time1.*.com'
    - 'time2.*.com'
    - 'time3.*.com'
    - 'time4.*.com'
    - 'time5.*.com'
    - 'time6.*.com'
    - 'time7.*.com'
    - 'ntp.*.com'
    - 'ntp1.*.com'
    - 'ntp2.*.com'
    - 'ntp3.*.com'
    - 'ntp4.*.com'
    - 'ntp5.*.com'
    - 'ntp6.*.com'
    - 'ntp7.*.com'
    - '*.time.edu.cn'
    - '*.ntp.org.cn'
    - '+.pool.ntp.org'
    - 'time1.cloud.tencent.com'
    - 'music.163.com'
    - '*.music.163.com'
    - '*.126.net'
    - 'musicapi.taihe.com'
    - 'music.taihe.com'
    - 'songsearch.kugou.com'
    - 'trackercdn.kugou.com'
    - '*.kuwo.cn'
    - 'api-jooxtt.sanook.com'
    - 'api.joox.com'
    - 'joox.com'
    - 'y.qq.com'
    - '*.y.qq.com'
    - 'streamoc.music.tc.qq.com'
    - 'mobileoc.music.tc.qq.com'
    - 'isure.stream.qqmusic.qq.com'
    - 'dl.stream.qqmusic.qq.com'
    - 'aqqmusic.tc.qq.com'
    - 'amobile.music.tc.qq.com'
    - '*.xiami.com'
    - '*.music.migu.cn'
    - 'music.migu.cn'
    - '+.msftconnecttest.com'
    - '+.msftncsi.com'
    - 'localhost.ptlogin2.qq.com'
    - 'localhost.sec.qq.com'
    - '+.qq.com'
    - '+.tencent.com'
    - '+.steamcontent.com'
    - '+.srv.nintendo.net'
    - '*.n.n.srv.nintendo.net'
    - '+.cdn.nintendo.net'
    - '+.stun.playstation.net'
    - 'xbox.*.*.microsoft.com'
    - '*.*.xboxlive.com'
    - 'xbox.*.microsoft.com'
    - 'xnotify.xboxlive.com'
    - '+.battlenet.com.cn'
    - '+.wotgame.cn'
    - '+.wggames.cn'
    - '+.wowsgame.cn'
    - '+.wargaming.net'
    - 'proxy.golang.org'
    - 'stun.*.*'
    - 'stun.*.*.*'
    - '+.stun.*.*'
    - '+.stun.*.*.*'
    - '+.stun.*.*.*.*'
    - '+.stun.*.*.*.*.*'
    - 'heartbeat.belkin.com'
    - '*.linksys.com'
    - '*.linksyssmartwifi.com'
    - '*.router.asus.com'
    - 'mesu.apple.com'
    - 'swscan.apple.com'
    - 'swquery.apple.com'
    - 'swdownload.apple.com'
    - 'swcdn.apple.com'
    - 'swdist.apple.com'
    - 'lens.l.google.com'
    - 'stun.l.google.com'
    - 'na.b.g-tun.com'
    - '+.nflxvideo.net'
    - '*.square-enix.com'
    - '*.finalfantasyxiv.com'
    - '*.ffxiv.com'
    - '*.ff14.sdo.com'
    - 'ff.dorado.sdo.com'
    - '*.mcdn.bilivideo.cn'
    - '+.media.dssott.com'
    - 'shark007.net'
    - '+.market.xiaomi.com'
    - '+.cmbchina.com'
    - '+.cmbimg.com'
    - 'adguardteam.github.io'
    - 'adrules.top'
    - 'anti-ad.net'
    - 'local.adguard.org'
    - 'static.adtidy.org'
    - '+.sandai.net'
    - '+.n0808.com'
    - '+.3gppnetwork.org'
    - '+.uu.163.com'
    - 'ps.res.netease.com'
    - '+.oray.com'
    - '+.orayimg.com'
  nameserver: [114.114.114.114]
  fallback: [1.0.0.1, 8.8.4.4]
  fallback-filter:
    geoip: true
    domain:
      - '+.bing.com'
      - '+.linkedin.com'
hosts:
   'localhost': 127.0.0.1
proxies:
  - name: "proxy"
    type: socks5
    server: 192.168.2.128
    port: 9100

rules:
 - MATCH,DIRECT

日志

24-08-29 20:41:26[ warn ][TCP] dial DIRECT (match Match/) 192.168.2.4:63469 --> cms-bucket.ws.126.net:443 error: connect failed: dial tcp 128.1.157.226:443: i/o timeout dial tcp 128.1.157.225:443: i/o timeout dial tcp 128.1.157.231:443: i/o timeout dial tcp 128.1.157.232:443: i/o timeout dial tcp 128.1.157.229:443: i/o timeout dial tcp 128.1.157.228:443: i/o timeout dial tcp 128.1.157.227:443: i/o timeout dial tcp 128.1.157.230:443: i/o timeout connect failed: dial tcp [2602:ffe4:c45:0:3::7f7]:443: connect: network is unreachable dial tcp [2602:ffe4:c45:0:3::7f8]:443: connect: network is unreachable
24-08-29 20:41:26[ warn ][TCP] dial DIRECT (match Match/) 192.168.2.4:63468 --> cms-bucket.ws.126.net:443 error: connect failed: dial tcp 128.1.157.226:443: i/o timeout dial tcp 128.1.157.225:443: i/o timeout dial tcp 128.1.157.231:443: i/o timeout dial tcp 128.1.157.232:443: i/o timeout dial tcp 128.1.157.229:443: i/o timeout dial tcp 128.1.157.228:443: i/o timeout dial tcp 128.1.157.227:443: i/o timeout dial tcp 128.1.157.230:443: i/o timeout connect failed: dial tcp [2602:ffe4:c45:0:3::7f7]:443: connect: network is unreachable dial tcp [2602:ffe4:c45:0:3::7f8]:443: connect: network is unreachable
24-08-29 20:41:26[ info ][TCP] 192.168.2.4:63493 --> nimg.ws.126.net:443 match Match using DIRECT
24-08-29 20:41:25[ info ][TCP] 192.168.2.4:63492 --> nimg.ws.126.net:443 match Match using DIRECT
24-08-29 20:41:25[ debug ][DNS] resolve data.live.126.net A from udp://1.0.0.1:53
24-08-29 20:41:25[ debug ][DNS] resolve data.live.126.net A from udp://8.8.4.4:53

根据下面高人指点，应该是请求国内dns的时候跑到fallback里去请求了，麻烦大佬看看是不是这里做cleanup dns policy match 的时候改出问题了：d48db2c

[RodmanWang]

这个我也同样问题+1

[bsdcpp]

这个我也同样问题+1

对的，我感觉是通病，访问国内网络特别慢，圈圈不停转。你可以选择4c10d42这个版本或者release版本，马上就好。

[Skyxim]

24-08-29 20:41:26[ warn ][TCP] dial DIRECT (match Match/) 192.168.2.4:63469 --> cms-bucket.ws.126.net:443 error: connect failed: dial tcp 128.1.157.226:443: i/o timeout dial tcp 128.1.157.225:443: i/o timeout dial tcp 128.1.157.231:443: i/o timeout dial tcp 128.1.157.232:443: i/o timeout dial tcp 128.1.157.229:443: i/o timeout dial tcp 128.1.157.228:443: i/o timeout dial tcp 128.1.157.227:443: i/o timeout dial tcp 128.1.157.230:443: i/o timeout connect failed: dial tcp [2602:ffe4:c45:0:3::7f7]:443: connect: network is unreachable dial tcp [2602:ffe4:c45:0:3::7f8]:443: connect: network is unreachable
24-08-29 20:41:26[ warn ][TCP] dial DIRECT (match Match/) 192.168.2.4:63468 --> cms-bucket.ws.126.net:443 error: connect failed: dial tcp 128.1.157.226:443: i/o timeout dial tcp 128.1.157.225:443: i/o timeout dial tcp 128.1.157.231:443: i/o timeout dial tcp 128.1.157.232:443: i/o timeout dial tcp 128.1.157.229:443: i/o timeout dial tcp 128.1.157.228:443: i/o timeout dial tcp 128.1.157.227:443: i/o timeout dial tcp 128.1.157.230:443: i/o timeout connect failed: dial tcp [2602:ffe4:c45:0:3::7f7]:443: connect: network is unreachable dial tcp [2602:ffe4:c45:0:3::7f8]:443: connect: network is unreachable

使用的 IP 为 1.0.0.1 解析得到的结果，不能直连（链接超时很正常），删除 fallback 是否恢复，
至于为什么会采用 fallback 日志太短无法判断

[bsdcpp]

24-08-29 20:41:26[ warn ][TCP] dial DIRECT (match Match/) 192.168.2.4:63469 --> cms-bucket.ws.126.net:443 error: connect failed: dial tcp 128.1.157.226:443: i/o timeout dial tcp 128.1.157.225:443: i/o timeout dial tcp 128.1.157.231:443: i/o timeout dial tcp 128.1.157.232:443: i/o timeout dial tcp 128.1.157.229:443: i/o timeout dial tcp 128.1.157.228:443: i/o timeout dial tcp 128.1.157.227:443: i/o timeout dial tcp 128.1.157.230:443: i/o timeout connect failed: dial tcp [2602:ffe4:c45:0:3::7f7]:443: connect: network is unreachable dial tcp [2602:ffe4:c45:0:3::7f8]:443: connect: network is unreachable
24-08-29 20:41:26[ warn ][TCP] dial DIRECT (match Match/) 192.168.2.4:63468 --> cms-bucket.ws.126.net:443 error: connect failed: dial tcp 128.1.157.226:443: i/o timeout dial tcp 128.1.157.225:443: i/o timeout dial tcp 128.1.157.231:443: i/o timeout dial tcp 128.1.157.232:443: i/o timeout dial tcp 128.1.157.229:443: i/o timeout dial tcp 128.1.157.228:443: i/o timeout dial tcp 128.1.157.227:443: i/o timeout dial tcp 128.1.157.230:443: i/o timeout connect failed: dial tcp [2602:ffe4:c45:0:3::7f7]:443: connect: network is unreachable dial tcp [2602:ffe4:c45:0:3::7f8]:443: connect: network is unreachable

使用的 IP 为 1.0.0.1 解析得到的结果，不能直连（链接超时很正常），删除 fallback 是否恢复， 至于为什么会采用 fallback 日志太短无法判断

高人，很可能是走这个fallback的DNS去了，我把fallback设置成null就没问题了，但是fallback还是应该要有的吧。

24-08-29 21:02:22[ debug ][DNS] gia.jd.com --> [] AAAA from udp://1.0.0.1:53
24-08-29 21:02:22[ info ][TCP] 192.168.2.4:65032 --> gia.jd.com:443 using DIRECT
24-08-29 21:02:22[ info ][TCP] 192.168.2.4:65031 --> gia.jd.com:443 using DIRECT
24-08-29 21:02:22[ debug ][DNS] gia.jd.com --> [] AAAA from udp://8.8.4.4:53
24-08-29 21:02:20[ debug ][DNS] cache hit mercury.jd.com --> [240e:83:204::1d] AAAA, expire at 2024-08-29 13:02:32
24-08-29 21:02:20[ debug ][DNS] cache hit mercury.jd.com --> [103.107.90.37] A, expire at 2024-08-29 13:03:18
24-08-29 21:02:20[ debug ][DNS] mercury.jd.com --> [240e:83:204::1d] AAAA from udp://8.8.4.4:53
24-08-29 21:02:20[ debug ][DNS] mercury.jd.com --> [103.107.90.37] A from udp://8.8.4.4:53
24-08-29 21:02:20[ debug ][DNS] resolve mercury.jd.com A from udp://1.0.0.1:53
24-08-29 21:02:20[ debug ][DNS] resolve mercury.jd.com A from udp://8.8.4.4:53
24-08-29 21:02:12[ debug ][DNS] imgcps.jd.com --> [120.193.39.193] A from udp://1.0.0.1:53

24-08-29 20:41:23[ debug ][DNS] resolve g.163.com AAAA from udp://8.8.4.4:53
24-08-29 20:41:23[ debug ][DNS] resolve g.163.com AAAA from udp://1.0.0.1:53
24-08-29 20:41:16[ debug ][DNS] resolve news.163.com AAAA from udp://1.0.0.1:53
24-08-29 20:41:16[ debug ][DNS] resolve news.163.com AAAA from udp://8.8.4.4:53

[wwqgtxx]

fixed in a96f72a