[FET] add lazy option to endpoints

[Mon-ius]

Operating system

macOS

System version

15.3.1

Installation type

sing-box for macOS Graphical Client

If you are using a graphical client, please provide the version of the client.

1.11.4

Version

1.11.4

Description

When haveendpoints in client side, it will not start instantly but wait for the incoming request, which leads a long time wait (~60s) on web browser, especially when connect to warp network.

In practice, when start the sing-box app. If we directly access reddit.com, which defined as should route via WARP here in given config.json, it cost 60s to finally load in web page. However, if we execute curl -fsSL https://ipinfo.io/ip, before access reddit.com, it cost only 3 seconds, due to curl -fsSL https://ipinfo.io/ip trigger the endpoints started.

Reproduction

config.json

{
    "log": {
        "level": "warn",
        "timestamp": true
    },
    "experimental": {
        "cache_file": {
            "enabled": true,
            "store_rdrc": true
        }
    },
    "dns": {
        "servers": [
            {
                "tag": "remote",
                "address": "https://1.0.0.1/dns-query",
                "address_resolver": "local",
                "client_subnet": "1.0.1.0",
                "detour": "Proxy"
            },
            {
                "tag": "local",
                "address": "udp://119.29.29.29",
                "detour": "direct-out"
            }
        ],
        "rules": [
            {
                "outbound": "any",
                "server": "local",
                "action": "route"
            },
            {
                "action": "route-options",
                "domain": [
                    "*"
                ],
                "rewrite_ttl": 64,
                "udp_connect": false,
                "udp_disable_domain_unmapping": false
            },
            {
                "rule_set": "geosite-geolocation-cn",
                "server": "local",
                "action": "route"
            },
            {
                "type": "logical",
                "mode": "and",
                "rules": [
                    {
                        "rule_set": "geosite-geolocation-!cn",
                        "invert": true
                    },
                    {
                        "rule_set": "geoip-cn"
                    }
                ],
                "server": "remote",
                "client_subnet": "114.114.114.114/24"
            }
        ],
        "strategy": "ipv4_only",
        "final": "remote",
        "reverse_mapping": true,
        "disable_cache": false,
        "disable_expire": false
    },
    "inbounds": [
        {
            "type": "tun",
            "tag": "tun-in",
            "address": [
                "172.19.0.0/30",
                "fdfe:dcba:9876::0/126"
            ],
            "mtu": 1492,
            "auto_route": true,
            "strict_route": true,
            "stack": "gvisor"
        }
    ],
    "endpoints": [
        {
            "tag": "WARP",
            "type": "wireguard",
            "address": [
                "172.16.0.2/32",
                "2606:4700:110:864e:8987:3712:f9cc:f59d/128"
            ],
            "private_key": "xxxxx",
            "peers": [
                {
                    "address": "162.159.192.1",
                    "port": 2408,
                    "public_key": "xxxxxxxxxxxxx",
                    "allowed_ips": [
                        "0.0.0.0/0"
                    ],
                    "persistent_keepalive_interval": 30,
                    "reserved": [107, 160, 239]
                }
            ],
            "mtu": 1408,
            "udp_fragment": true,
            "detour": "Proxy"
        }
    ],
    "outbounds": [
        {
            "tag": "direct-out",
            "type": "direct",
            "udp_fragment": true
        },
        {
            "tag": "Proxy",
            "type": "hysteria2",
            "server": "example.com",
            "server_port": 443,
            "up_mbps": 500,
            "down_mbps": 500,
            "password": "password",
            "connect_timeout": "5s",
            "tcp_fast_open": true,
            "tls": {
                "enabled": true,
                "server_name": "example.com",
                "alpn": [
                    "h3"
                ]
            }
        }
    ],
    "route": {
        "final": "Proxy",
        "auto_detect_interface": true,
        "rules": [
            {
                "inbound": "tun-in",
                "action": "sniff"
            },
            {
                "protocol": "dns",
                "action": "hijack-dns"
            },
            {
                "protocol": [
                    "BitTorrent"
                ],
                "outbound": "direct-out"
            },
            {
                "rule_set": [
                    "geoip-cn",
                    "geosite-geolocation-cn"
                ],
                "outbound": "direct-out"
            },
            {
                "ip_is_private": true,
                "outbound": "direct-out"
            },
            {
                "domain": [
                    "whatismyipaddress.com",
                    "ipinfo.io",
                    "reddit.com"
                ],
                "outbound": "WARP"
            },
            {
                "ip_cidr": [
                    "0.0.0.0/8",
                    "10.0.0.0/8",
                    "127.0.0.0/8",
                    "169.254.0.0/16",
                    "172.16.0.0/12",
                    "192.168.0.0/16",
                    "224.0.0.0/4",
                    "240.0.0.0/4",
                    "52.80.0.0/16"
                ],
                "outbound": "direct-out"
            },
            {
                "rule_set": "geosite-geolocation-!cn",
                "outbound": "Proxy"
            }
        ],
        "rule_set": [
            {
                "tag": "geosite-geolocation-cn",
                "type": "remote",
                "format": "binary",
                "url": "https://testingcf.jsdelivr.net/gh/lyc8503/sing-box-rules@rule-set-geosite/geosite-geolocation-cn.srs",
                "download_detour": "direct-out"
            },
            {
                "tag": "geosite-geolocation-!cn",
                "type": "remote",
                "format": "binary",
                "url": "https://testingcf.jsdelivr.net/gh/lyc8503/sing-box-rules@rule-set-geosite/geosite-geolocation-!cn.srs",
                "download_detour": "direct-out"
            },
            {
                "tag": "geoip-cn",
                "type": "remote",
                "format": "binary",
                "url": "https://testingcf.jsdelivr.net/gh/lyc8503/sing-box-rules@rule-set-geoip/geoip-cn.srs",
                "download_detour": "direct-out"
            }
        ]
    }
}

Logs

(packet-tunnel): Here I stand
ERROR[0001] endpoint/wireguard[WARP]: read packet: io: read/write on closed pipe
ERROR[0001] [2708212148 676ms] dns: exchange failed
for
only-669006-116-1-229-68.nstool.321fenx.com. IN HTTPS: use
IN HTTPS: use of closed network connection
ERROR[0001] [42978461 676ms] dns: exchange failed for only-669006-116-1-229-68.nstool.321fenx.com.
IN A: use of closed network connection
ERROR[0024] [2307349606 789ms] connection: connection download closed: close top 151.101.1.140:443:
endpoint not connected
ERROR[0032] [1959672628 591ms] connection: connection download closed: close top
151.101.193.140:443: endpoint not connected

Supporter

• I am a sponsor

Integrity requirements

• I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
• I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
• I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

[Mon-ius]

I am not very sure if this behavior should be regard as a bug, due to it can be caused by many http request send to trigger the endpoint started thus caused a heavy delay.

If not bug, a simple lazy bool option can be added to control if the endpoint should be triggered whether the app started or first http request received.

The solution without reviewing code is very naive and just trigger the endpoint start by using a single http request 🤗

[nekohasekai]

You misunderstood. This endpoint not connected is a gVisor error, equivalent to use of closed network connection.

Please submit the original bug instead of speculating on the cause.

[Mon-ius]

So you prefer to regard it as the bug?

How do you explain the behavior, once we trigger one success of connection to endpoint, then it work normal without long term delay?

[Mon-ius]

However, while changing gVisor into system, the behavior remains the same, so still endpoint issue on this case.