Sing-box & QUIC: UDP Connection Drop After Some Time

Hey guys! Ever run into a situation where your long-lived UDP connections just up and quit on you when using a QUIC-based proxy like TUIC or Hysteria 2 with sing-box? It's a real head-scratcher, and I'm here to dive deep into it. We're talking about connections like those used by HTTP/3 or online games – the kind that need to stay alive. In my experience, these connections frequently run into issues, usually stopping abruptly after about two minutes. Let's break down what's happening, why it matters, and what you can do about it.

The Heart of the Problem: QUIC and UDP

At the core, the problem boils down to how QUIC and UDP interact. QUIC is designed to be a secure and efficient transport protocol built on top of UDP. The issue seems to stem from how sing-box, a powerful proxy tool, handles these QUIC connections, particularly in the context of UDP datagrams. When using QUIC, these long-lived UDP connections are prone to failure. But, when using TUIC's udp_over_stream, which offers a different encapsulation approach, the problem magically disappears. The question is: what's the difference, and why does one work while the other falters?

If you're using sing-box and running into this, you're not alone. It's a common issue that impacts anyone relying on these types of persistent UDP connections. The symptoms are clear: a connection that starts fine, perhaps transferring data at a decent rate, only to suddenly stop. This can lead to dropped connections in games, interrupted video streams, and overall frustration.

So, what's causing this? Let's dig deeper into the configuration and the logs to gain a clearer understanding of the root causes. We'll also explore potential workarounds or solutions to keep those connections alive.

Diving into the Setup: Configuration and Testing

To really understand this, we need to get our hands dirty with the specifics. First off, I've used sing-box version 1.13.0-alpha.27, running on a Linux system, specifically CachyOS. Setting up the test involves a few key steps.

1. Configuration: The setup starts with a config.json file. This file tells sing-box how to handle incoming and outgoing connections, which includes setting up our QUIC proxy. The configuration is critical because it dictates how sing-box manages the flow of UDP packets. A misconfiguration can quickly lead to dropped connections and performance issues.
2. Generating UDP Traffic: Once sing-box is configured, we need to generate some long-lived UDP traffic to simulate the use cases mentioned above. This is done using tools like curl. The specific command, curl -v -o /dev/null --limit-rate 20k --http3-only 'https://h3.speed.cloudflare.com/__down?bytes=104857600', is designed to create a sustained stream of HTTP/3 traffic.
3. Observation: The key is to run this test and watch what happens. The expectation is that the connection will halt after a certain period of time. Typically, it occurs within a couple of minutes. Checking the logs is very important; they often reveal vital clues about the connection's behavior. The logs will often show the connection being established and then abruptly closed, indicating that something goes wrong during the data transfer. So, setting up the test environment accurately and observing the system behavior in real-time is crucial to troubleshooting the problem.

By carefully configuring our test setup and monitoring the outcomes, we can isolate the issue and search for an appropriate solution.

Deciphering the Logs: Clues and Insights

The logs are a treasure trove of information. They give us a detailed look at what's happening behind the scenes. Key log entries will indicate how sing-box is handling each connection and where it might be running into issues. Here's a glimpse into the important parts and what to look for:

1. Connection Establishment: Initially, the logs show the establishment of connections. You'll see entries indicating that sing-box is receiving inbound connections, such as INFO inbound/tuic[tuic-in]: inbound packet connection from 127.0.0.1:53096. These lines tell us that sing-box is correctly receiving and processing the connections. The log entries show the connections being initiated, which means that the proxy is working.
2. Routing and Forwarding: The logs also show how sing-box routes these connections to the appropriate destination. These lines confirm that the system is properly routing the traffic. This stage is key in ensuring data is going to the intended servers and clients.
3. The Sudden Halt: The most critical part of the logs reveals the moment of failure. You'll find entries such as TRACE connection: packet upload closed and TRACE connection: packet download closed. These entries are a clear sign that the connection has been terminated prematurely. They highlight a sudden closure, which implies that a problem occurred somewhere during the data transfer process. This helps pinpoint the exact moment of failure, which is important for understanding the root cause. This information offers critical insight into the issues.

By carefully examining these logs, you can identify patterns, pinpoint the exact moment of failure, and gain critical insights into how to solve these problems.

Troubleshooting and Potential Solutions

When you're dealing with dropped UDP connections, there are several troubleshooting steps you can take. These steps will help you identify the problem and find solutions.

• Configuration Review: Double-check your sing-box configuration file (config.json). Ensure that all settings related to QUIC and UDP proxying are correctly configured. Typos, missing settings, or incorrect values can cause connections to fail. Make sure that the settings align with the documentation.
• Version Check: Make sure you're using the latest version of sing-box. The issue could be a known bug that's already been fixed in a newer release. Staying updated with the latest versions can help resolve this kind of problem.
• Alternative Protocols: If QUIC is consistently causing problems, consider using udp_over_stream. This might be a viable workaround while you wait for a fix or further investigation. It encapsulates UDP packets within a stream, which can bypass some of the issues seen with standard QUIC implementations.
• Rate Limiting: Experiment with rate-limiting settings in sing-box. Sometimes, excessive UDP traffic can overwhelm the proxy, causing connections to drop. Try reducing the bandwidth limit to see if it stabilizes the connections.
• Contacting Developers: If the problem persists, reach out to the sing-box developers. Provide them with detailed logs, configuration files, and the steps to reproduce the issue. This helps them understand and resolve the issue.

Conclusion: Navigating the UDP Proxy Maze

Dealing with dropped UDP connections through QUIC proxies can be a real pain, but it's manageable. By understanding the basics, using the proper configurations, thoroughly checking your logs, and applying these troubleshooting steps, you can effectively navigate the UDP proxy maze. Don't hesitate to reach out to the community and developers for assistance. Your input can help improve sing-box and make it more robust for everyone. Happy proxying, guys!