You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is an issue attempting to solve a real-world issue that I have encountered lately. The problem is described as follows:
To enable the ECH feature of browsers, one have to enable the built-in browser DoH resolver. But this will cause proxy clients to unable to sniff and hijack DNS requests as usual.
If TUN inbound is enabled and an IPv6 address is add to the TUN interface, even if the remote proxy server does not support IPv6, the browser will still attempt to send request to the resolved IPv6 address and will fail.
Under existing protocols, there is no way for the server to tell its clients that either it does not support IPv6 or an IPv6 request fails, thus browser's Happy Eyeball fallback cannot be triggered (by proxy client returning an ICMP unreadable response on TUN), causing connection failure.
To address this issue, I propose that an error code representing "IPv6 connection failure" to be added, so that proxy clients can properly trigger Happy Eyeballs when TUN inbound is used.
SagerNet/sing-box#932 (comment) is to reveal its impracticability, not to motivate someone to implement it. Proxy protocols targeting the GFW, e.g. Shadowsocks 2022, are designed as 0-RTT to avoid detectable characteristic, so error code is not possible.
This comment is exactly what motivated me to make such proposal, and I have made discussions with nekohasekai and Ian Moore with this. ECH has its value in at least adding an extra layer of safety against Deep Packet Inspection technology, and if this is something that cannot be implemented it will be a great pity.
This is an issue attempting to solve a real-world issue that I have encountered lately. The problem is described as follows:
To address this issue, I propose that an error code representing "IPv6 connection failure" to be added, so that proxy clients can properly trigger Happy Eyeballs when TUN inbound is used.
edit: context: SagerNet/sing-box#932 (comment)
The text was updated successfully, but these errors were encountered: