Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory leak in vless reality outbound #2439

Open
4 of 5 tasks
ls819011 opened this issue Jan 5, 2025 · 4 comments
Open
4 of 5 tasks

Memory leak in vless reality outbound #2439

ls819011 opened this issue Jan 5, 2025 · 4 comments
Labels
bug Something isn't working

Comments

@ls819011
Copy link

ls819011 commented Jan 5, 2025

Operating system

Linux

System version

Ubuntu 22.04.5 LTS (GNU/Linux 5.15.0-130-generic x86_64)

Installation type

Original sing-box Command Line

If you are using a graphical client, please provide the version of the client.

I don't use graphical client.

Version

sing-box version 1.10.6

Environment: go1.23.4 linux/amd64
Tags: with_gvisor,with_quic,with_dhcp,with_wireguard,with_ech,with_utls,with_reality_server,with_acme,with_clash_api
Revision: 578571b97291bd60e1083b006f12dfb82efb0603
CGO: disabled

Description

Due to the current circumstances, I am forced to use a proxy/VPN to watch YouTube videos. Youtube uses HLS protocol to translate videos and video is transfered by 10-seconds long chunks, i.e. Youtube player opens connections once per 10 seconds to get next chunk. Watching Youtube video through sing-box vless reality connection I've noticed that memory usage on remote server is growing fast enough. I've noticed this while I use sing-box v1.10.5 and upgrade to 1.10.6 did not help.
I have home server running sing-box as proxy under Ubuntu 22.04.5 and I use Android TV Player with SmartTube player on it to watch Youtube videos. Last time when I watch videos I monitored amount of inbound and outbound connections to/from sing-box at my home server. Here is Ubuntu console output:

root@home-server:~# date
Sun 05 Jan 2025 00:14:00 MSK
root@home-server:~# netstat -na | grep 192.168.0.242:2080 | grep ESTABLISHED -c
9
root@home-server:~# netstat -na | grep <server-ip-address>:443 | grep ESTABLISHED -c
158
root@home-server:~# netstat -na | grep 192.168.0.242:2080 | grep ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40376     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40390     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40358     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40388     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40026     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40062     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40020     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40356     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40374     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40364     ESTABLISHED
root@home-server:~# netstat -na | grep 192.168.0.242:2080 | grep ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40418     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40402     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40388     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40026     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40396     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40062     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40020     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40414     ESTABLISHED
root@home-server:~# netstat -na | grep 192.168.0.242:2080 | grep ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40464     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40026     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40062     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40020     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40454     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40466     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40448     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40446     ESTABLISHED
root@home-server:~# netstat -na | grep 192.168.0.242:2080 | grep ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40492     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40026     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40502     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40496     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40062     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40020     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40484     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40482     ESTABLISHED
root@home-server:~# netstat -na | grep <server-ip-address>:443 | grep ESTABLISHED -c
215
root@home-server:~#

i.e. while I was watching video amount of established connections to sing-box was always at 8-9 and source ports of inbound connections were changing but amount of outgoing connections from sing-box to server some time grew up to 215.
Here is Ubuntu console output after end of watching Youtube videos:

root@home-server:~# date
Sun 05 Jan 2025 00:27:58 MSK
root@home-server:~# netstat -na | grep 192.168.0.242:2080 | grep ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:41042     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:41044     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:41038     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:41040     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40902     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40924     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40758     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:41046     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40768     ESTABLISHED
tcp        0      0 192.168.0.242:2080      192.168.0.240:40750     ESTABLISHED
root@home-server:~# netstat -na | grep <server-ip-address>:443 | grep ESTABLISHED -c
455

Here is Ubuntu console output some time later:

root@home-server:~# date
Sun 05 Jan 2025 00:50:23 MSK
root@home-server:~# netstat -na | grep 192.168.0.242:2080 | grep ESTABLISHED
root@home-server:~# netstat -na | grep 192.168.0.242:2080 | grep ESTABLISHED -c
0
root@home-server:~# netstat -na | grep <server-ip-address>:443 | grep ESTABLISHED -c
447
root@home-server:~#

i.e. all inbound connections to sing-box were disconnected but sing-box keep 447 connections to server open.

Here is Ubuntu console output 9 hours later:

root@home-server:~# date
Sun 05 Jan 2025 10:17:18 MSK
root@home-server:~# netstat -na | grep 192.168.0.242:2080 | grep ESTABLISHED -c
0
root@home-server:~# netstat -na | grep <server-ip-address>:443 | grep ESTABLISHED -c
447
root@home-server:~# systemctl restart [email protected] 
root@home-server:~# netstat -na | grep <server-ip-address>:443 | grep ESTABLISHED -c
0

All 447 connections remain alive all this time. Only service restart disconnected these connections.
After service restart 45MB has been released on remote server:
изображение
I tried to use multiplex to prevent memory leak but sing-box fail to start with multiplex enabled on client side with my configuration with the following message:

FATAL[0000] start service: initialize rule-set[6]: initial rule-set: antizapret: local error: tls: bad record MAC

Reproduction

Client config:

{
  "dns": {
    "independent_cache": true,
    "rules": [
      {
        "outbound": "any",
        "server": "dns-local"
      },
      {
        "query_type": [
          32,
          33
        ],
        "server": "dns-block"
      },
      {
        "domain_suffix": ".lan",
        "server": "dns-block"
      }
    ],
    "servers": [
      {
        "address": "rcode://success",
        "tag": "dns-block"
      },
      {
        "address": "local",
        "detour": "direct",
        "tag": "dns-local"
      }
    ]
  },
  "inbounds": [
    {
      "domain_strategy": "",
      "listen": "0.0.0.0",
      "listen_port": 2080,
      "sniff": true,
      "sniff_override_destination": false,
      "tag": "socks-in",
      "type": "socks"
    }
  ],
  "outbounds": [
    {
      "domain_strategy": "",
      "flow": "xtls-rprx-vision",
      "packet_encoding": "",
      "server": "<server-ip-address>",
      "server_port": 443,
      "tag": "proxy",
      "tls": {
        "enabled": true,
        "reality": {
          "enabled": true,
          "public_key": "BYcze4iNY3cmGEcGSxnIuN0I__C1XVkObdSArPHuOSQ",
          "short_id": "247646003cc365a3"
        },
        "server_name": "www.nokia.com",
        "utls": {
          "enabled": true,
          "fingerprint": "chrome"
        }
      },
      "type": "vless",
      "uuid": "8ee2f35d-0b1b-4d92-8127-deb5a1235741"
    },
    {
      "type": "direct",
      "tag": "direct"
    },
    {
      "type": "direct",
      "tag": "bypass"
    },
    {
      "tag": "block",
      "type": "block"
    }
  ],
  "log": {
    "disabled": false,
    "output": "/var/log/sing-box/reality.log",
    "level": "info",
    "timestamp": true
  },
  "route": {
    "auto_detect_interface": false,
    "final": "direct",
    "rules": [
      {
        "domain_keyword": [
        ],
        "domain": [
        ],
        "domain_suffix": [
            "bbc.co.uk",
            "4pda.to",
            "signal.org",
            "viber.com"
        ],
        "rule_set": [
          "antizapret",
          "youtube",
          "spotify",
          "signal",
          "rakuten"
        ],
        "outbound": "proxy"
      },
      {
        "rule_set": [
          "category-ads-all",
          "category-ads"
        ],
        "outbound": "block"
      }
    ],
    "rule_set": [
      {
        "tag": "antizapret",
        "type": "remote",
        "format": "binary",
        "url": "https://github.com/savely-krasovsky/antizapret-sing-box/releases/latest/download/antizapret.srs",
        "download_detour": "proxy",
        "update_interval": "1d"
      },
      {
        "tag": "youtube",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-youtube.srs",
        "download_detour": "proxy",
        "update_interval": "1d"
      },
      {
        "tag": "spotify",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-spotify.srs",
        "download_detour": "proxy",
        "update_interval": "1d"
      },
      {
        "tag": "signal",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-signal.srs",
        "download_detour": "proxy",
        "update_interval": "1d"
      },
      { 
        "tag": "rakuten",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-rakuten.srs",
        "download_detour": "proxy",
        "update_interval": "1d"
      },
      {
        "tag": "category-ads-all",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-category-ads-all.srs",
        "download_detour": "proxy",
        "update_interval": "1d"
      },
      {
        "tag": "category-ads",
        "type": "remote",
        "format": "binary",
        "url": "https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-category-ads.srs",
        "download_detour": "proxy",
        "update_interval": "1d"
      }
    ]
  }
}

Logs

No response

Supporter

Integrity requirements

  • I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
  • I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
  • I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
  • I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.
@ls819011
Copy link
Author

ls819011 commented Jan 7, 2025

It looks like Windows console version has the same bug. That's graph of established incoming vless reality connections to remote server:
изображение
Around 0:30 today client PC running Windows console version of sing-box was turned off.

@nekohasekai
Copy link
Member

Try b3eb299

@nekohasekai nekohasekai added the bug Something isn't working label Jan 7, 2025
@ls819011
Copy link
Author

ls819011 commented Jan 7, 2025

I would prefer to wait it released. Thanks for the quick response.

@ls819011
Copy link
Author

It looks like the issue is resolved with upgrade to 1.10.7.
Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants