Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect Wi-Fi SSID detection on the latest macOS #2609

Open
4 of 5 tasks
skavans opened this issue Feb 18, 2025 · 4 comments
Open
4 of 5 tasks

Incorrect Wi-Fi SSID detection on the latest macOS #2609

skavans opened this issue Feb 18, 2025 · 4 comments
Labels
bug Something isn't working

Comments

@skavans
Copy link

skavans commented Feb 18, 2025

Operating system

macOS

System version

15.3.1 (24D70)

Installation type

sing-box for macOS Graphical Client

If you are using a graphical client, please provide the version of the client.

SFM Version 1.12.0-alpha.9

Version



Description


The SSID matching doesn't work in the latest SFM alpha app (in all the 1.12.0 alphas actually). I believe, the app sees only "" as SSID, so all the related rules do not work.


Reproduction


Client config:


{
  "inbounds": [
    {
      "type": "tun",
      "tag": "in-tun",
      "address": "172.16.0.1/30",
      "auto_route": true,
      "strict_route": false,
      "sniff": true,
      "sniff_override_destination": true,
    }
  ],
  "dns": {
    "servers": [
      {
        "tag": "dns-one",
        "type": "udp",
        "server": "8.8.8.8",
        "detour": "direct"
      },
      {
        "tag": "dns-two",
        "type": "udp",
        "server": "1.1.1.1",
        "detour": "direct"
      }
    ],
    "rules": [
      {
        "wifi_ssid": "MY_SSID",
        "invert": true,
        "action": "route",
        "server": "dns-one"
      }
    ],
    "final": "dns-two"
  },
  "route": {
    "rules": [
      {
        "action": "sniff"
      },
      {
        "protocol": "dns",
        "action": "hijack-dns"
      }
    ]
  }
}


Expected behavior


When I'm not connected to MY_SSID Wi-Fi network, I expect all the DNS requests to be routed to dns-one DNS server, and to the dns-two server othervise.


Actual behavior


Even when I am connected to MY_SSID Wi-Fi network, all the requests are routed to the dns-one DNS server.


Logs


+0300 2025-02-18 20:34:47 INFO network: updated available networks: en0 (wifi)
+0300 2025-02-18 20:34:47 INFO network: updated default interface en0, index 11, type wifi
+0300 2025-02-18 20:34:48 INFO inbound/tun[in-tun]: started at utun4
+0300 2025-02-18 20:34:48 INFO [1092883874 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:59970
+0300 2025-02-18 20:34:48 INFO [3829112893 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:49878
+0300 2025-02-18 20:34:48 INFO [25880730 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:50361
+0300 2025-02-18 20:34:48 INFO [25880730 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [25880730 0ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [25880730 0ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 INFO [4027863450 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:59889
+0300 2025-02-18 20:34:48 INFO [4027863450 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [4027863450 0ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [4027863450 0ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 INFO [1524605068 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:50868
+0300 2025-02-18 20:34:48 INFO [1524605068 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 INFO [3807424431 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:60548
+0300 2025-02-18 20:34:48 DEBUG [1524605068 0ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 INFO [3807424431 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 INFO [2660328071 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:64705
+0300 2025-02-18 20:34:48 INFO [2660328071 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [2660328071 0ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [2660328071 0ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 INFO [73375215 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:61976
+0300 2025-02-18 20:34:48 INFO [73375215 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [73375215 0ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [73375215 0ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 INFO [1092883874 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [1092883874 1ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [1092883874 1ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 DEBUG [3807424431 0ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [3807424431 1ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 DEBUG [1524605068 0ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 INFO [1875851802 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:52681
+0300 2025-02-18 20:34:48 INFO [1875851802 1ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [1875851802 1ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [1875851802 1ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 INFO [3829112893 1ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [3829112893 1ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [3829112893 1ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 INFO sing-box started (0.122s)
+0300 2025-02-18 20:34:48 INFO [1553738614 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:60151
+0300 2025-02-18 20:34:48 INFO [1553738614 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [1553738614 0ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [1553738614 0ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 INFO [3694459768 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:56703
+0300 2025-02-18 20:34:48 INFO [3694459768 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [3694459768 0ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [3694459768 0ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 INFO [2087485650 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:51344
+0300 2025-02-18 20:34:48 INFO [2087485650 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [2087485650 0ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [2087485650 0ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 INFO [665108768 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:64026
+0300 2025-02-18 20:34:48 INFO [665108768 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [665108768 0ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [665108768 0ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 INFO [1054520473 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:64852
+0300 2025-02-18 20:34:48 INFO [1054520473 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [1054520473 0ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [1054520473 0ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 INFO [1938656667 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:61937
+0300 2025-02-18 20:34:48 INFO [1938656667 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [1938656667 0ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [1938656667 0ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 INFO [2340544013 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:50991
+0300 2025-02-18 20:34:48 INFO [2340544013 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [2340544013 0ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [2340544013 0ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 INFO [4285783007 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:60194
+0300 2025-02-18 20:34:48 INFO [4285783007 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [4285783007 0ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [4285783007 0ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 INFO [1552471544 0ms] inbound/tun[in-tun]: inbound packet connection from 172.16.0.1:64887
+0300 2025-02-18 20:34:48 INFO [1552471544 0ms] inbound/tun[in-tun]: inbound packet connection to 172.16.0.2:53
+0300 2025-02-18 20:34:48 DEBUG [1552471544 0ms] router: sniffed packet protocol: dns
+0300 2025-02-18 20:34:48 DEBUG [1552471544 0ms] router: match[0] => sniff
+0300 2025-02-18 20:34:48 DEBUG [2660328071 301ms] router: match[1] protocol=dns => hijack-dns
+0300 2025-02-18 20:34:48 DEBUG [25880730 301ms] router: match[1] protocol=dns => hijack-dns
+0300 2025-02-18 20:34:48 DEBUG [3829112893 301ms] router: match[1] protocol=dns => hijack-dns
+0300 2025-02-18 20:34:48 DEBUG [1524605068 301ms] router: match[1] protocol=dns => hijack-dns
+0300 2025-02-18 20:34:48 DEBUG [2660328071 301ms] dns: exchange 120.0.168.192.in-addr.arpa. IN PTR
+0300 2025-02-18 20:34:48 DEBUG [3807424431 301ms] router: match[1] protocol=dns => hijack-dns
+0300 2025-02-18 20:34:48 DEBUG [4027863450 301ms] router: match[1] protocol=dns => hijack-dns
+0300 2025-02-18 20:34:48 DEBUG [1875851802 301ms] router: match[1] protocol=dns => hijack-dns
+0300 2025-02-18 20:34:48 DEBUG [3829112893 301ms] dns: exchange _dns.resolver.arpa. IN SVCB
+0300 2025-02-18 20:34:48 DEBUG [3807424431 301ms] dns: exchange b._dns-sd._udp.0.0.16.172.in-addr.arpa. IN PTR
+0300 2025-02-18 20:34:48 DEBUG [25880730 301ms] dns: exchange 1.0.16.172.in-addr.arpa. IN PTR
+0300 2025-02-18 20:34:48 DEBUG [1524605068 301ms] dns: exchange db._dns-sd._udp.0.0.16.172.in-addr.arpa. IN PTR
+0300 2025-02-18 20:34:48 DEBUG [1092883874 301ms] router: match[1] protocol=dns => hijack-dns
+0300 2025-02-18 20:34:48 DEBUG [2660328071 301ms] dns: match[1] !(wifi_ssid=MY_SSID) => route(dns-one)


Supporter



Integrity requirements


    

  •  I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
    • 

  •  I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
    • 

  •  I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
    • 

  •  I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.
    • 


      		
    

      
  





        



            

              
            

        

      


      
    








      

    



      

  
      



  

  @skavans





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  Author


  


  

    

      

      
            skavans
  

      

      

      commented


        Feb 18, 2025


      
    


  





      


        


  
    

      
          
The same config works on Android in SFA Version 1.12.0-alpha.9

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
      



  

  @skavans





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  Author


  


  

    

      

      
            skavans
  

      

      

      commented


        Feb 18, 2025


      
    


  





      


        


  
    

      
          
In logs attached, the last line shows the wrong DNS routing:


+0300 2025-02-18 20:34:48 DEBUG [2660328071 301ms] dns: match[1] !(wifi_ssid=MY_SSID) => route(dns-one)


      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
            

    

      
    

    


      

          @nekohasekai
nekohasekai




          added
  the 

  bug

  Something isn't working
 label


      Feb 19, 2025

    

  








      

  
      



  

  @nekohasekai





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      

  
  Member


      

  


  

    

  





      


        


  
    

      
          
According to https://developer.apple.com/forums/thread/732431 and https://developer.apple.com/forums/thread/739712, it seems that we can no longer get the WIFI SSID and BSSID via CoreWLAN in a System Extension. I will try to get the App Store version working again, but it will take some time.

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
      



  

  @skavans





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  Author


  


  

    

      

      
            skavans
  

      

      

      commented


        Feb 20, 2025


      
  

  

    
      

        
          edited
          
        
        
      

    
    
      
        
      Loading

      
    
  



    


  





      


        


  
    

      
          
This bash one-liner works:


> ipconfig getsummary "$(networksetup -listallhardwareports | awk '/Wi-Fi|AirPort/{getline; print $NF}')" | grep '  SSID : ' | awk -F ': ' '{print $2}'
MY_SSID


I read somewhere that that's the single option available for now.

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    
















  
  

    

      

  





  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                  




    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

      

    bug

  Something isn't working








      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          
  

    

      

        
          

            
    

    Development
  




              
    
No branches or pull requests







        
      

    

  


      

    

  
      

  

    

      2 participants
    

    

        
          @skavans 
        
          @nekohasekai