ss-tunnel doesn't forward IPv6 UDP packets

[Oliv1a]

What version of shadowsocks-libev are you using?

shadowsocks-libev 3.3.5

What operating system are you using?

Ubuntu 21.04

What did you do?

ss-tunnel -c /etc/shadowsocks-libev/tunnel.json -v
dig @::1 -p 5333 google.com

What did you expect to see?

; <<>> DiG 9.16.8-Ubuntu <<>> @::1 -p 5333 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20360
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		775	IN	A	166.234.123.111

;; Query time: 4 msec
;; SERVER: ::1#5333(::1)
;; WHEN: ***************
;; MSG SIZE  rcvd: 54

What did you see instead?

; <<>> DiG 9.16.8-Ubuntu <<>> @::1 -p 5333 google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

What is your config in detail (with all sensitive info masked)?

ss-tunnel -c /etc/shadowsocks-libev/tunnel.json -v

{
    "server":"IPv6 address",
    "server_port":*****,
    "password":"**********",
    "method":"aes-256-gcm",
    "local_address":"::1",
    "local_port":5333,
    "tunnel_address":"1.1.1.1:53",
    "mode":"tcp_and_udp",
    "timeout":60
}


ss-server -c /etc/shadowsocks-libev/server.json -v

{
    "server":["::0","0.0.0.0"],
    "server_port":*****,
    "password":"**********",
    "method":"aes-256-gcm",
    "mode":"tcp_and_udp",
    "timeout":60
}

I used "dig @::1 -p 5333 google.com" and "dig @::1 -p 5333 +tcp google.com" to test IPv4 and IPv6, TCP over IPv6 works normally, both TCP and UDP over IPv4 are working fine, only UDP over IPv6 does not work. I can confirm that the ip6tables configuration is ok and I tested it in a number of different network environments including the intranet, and the problem can be reproduced.

The log when it works fine is as follows: (When using IPv4 UDP forwarding | "server":"IPv4 address")

tunnel log:

21:23:34 INFO: [udp] server receive a packet
21:23:34 INFO: [5333] [udp] cache miss: 1.1.1.1:53 <-> ::1:41816
21:23:35 INFO: [udp] remote receive a packet

server log:

21:23:35 INFO: [udp] server receive a packet
21:23:35 INFO: [12345] [udp] cache miss: 1.1.1.1:53 <-> [My client IPv4 address]:32941
21:23:35 INFO: [udp] remote receive a packet

The log when it fails to work is as follows: (When using IPv6 UDP forwarding | "server":"IPv6 address")

tunnel log:

22:04:20 INFO: [udp] server receive a packet
22:04:20 INFO: [5333] [udp] cache miss: 1.1.1.1:53 <-> ::1:48847
22:04:25 INFO: [udp] server receive a packet
22:04:25 INFO: [5333] [udp] cache hit: 1.1.1.1:53 <-> ::1:48847
22:04:30 INFO: [udp] server receive a packet
22:04:30 INFO: [5333] [udp] cache hit: 1.1.1.1:53 <-> ::1:48847

server log:

22:04:20 INFO: [udp] server receive a packet
22:04:20 INFO: [12345] [udp] cache miss: 1.1.1.1:53 <-> [My client IPv6 address]:46581
22:04:20 INFO: [udp] remote receive a packet
22:04:25 INFO: [udp] server receive a packet
22:04:25 INFO: [12345] [udp] cache hit: 1.1.1.1:53 <-> [My client IPv6 address]:46581
22:04:25 INFO: [udp] remote receive a packet
22:04:30 INFO: [udp] server receive a packet
22:04:30 INFO: [12345] [udp] cache hit: 1.1.1.1:53 <-> [My client IPv6 address]:46581
22:04:30 INFO: [udp] remote receive a packet

When I replaced "1.1.1.1" with "2001:4860:4860::8888" for testing, the result was the same.

Thank you for your time.

[z826540272]

确实是这样的,目前ipv6 UDP 不工作

[madeye]

Triaged — confirmed by a second reporter: ss-tunnel UDP fails when the ss-server is reached over IPv6 (the reply never returns). Labeling bug to investigate.