BUG Report: Statistics Module Interferes with dokodemo-door's `followRedirect` on Windows

[yandujun363]

BUG Report: Statistics Module Interferes with dokodemo-door's followRedirect on Windows

Summary

The statistics module (statsInboundDownlink/statsInboundUplink) interferes with dokodemo-door protocol's followRedirect: true functionality on Windows, preventing it from correctly extracting destination addresses from forwarded connections.

Environment

• Xray Version: 25.12.8
• Operating System: Windows
• Architecture: x86_64
• Scenario: MITM proxy with ECH enforcement

Configuration

{
  "log": {
    "access": "access.log",
    "error": "error.log",
    "loglevel": "debug",
    "dnsLog": false
  },
  "dns": {
    "servers": [
        "https+local://77.88.8.8/dns-query"
    ],
    "tag": "dns",
    "queryStrategy": "UseIP"
  },
  "api": {
    "tag": "api",
    "listen": "127.0.0.1:5700",
    "services": [
      "HandlerService",
      "LoggerService",
      "StatsService",
      "RoutingService"
    ]
  },
  "stats": {},
  "policy": {
    "system": {
      "statsInboundDownlink": true,
      "statsInboundUplink": true,
      "statsOutboundDownlink": true,
      "statsOutboundUplink": true
    }
  },
  "inbounds": [
    {
      "tag": "socks-inbound-enforce-ECH",
      "port": 1080,
      "listen": "127.0.0.1",
      "protocol": "socks",
      "settings": {
        "udp": true,
        "ip": "127.0.0.1"
      }
    },
    {
      "tag": "tls_unpacker",
      "listen": "127.0.0.1",
      "port": 5100,
      "protocol": "dokodemo-door",
      "settings": {
        "address":"127.0.0.1",
        "network": "tcp",
        "port": 443,
        "followRedirect": true
      },
      "streamSettings": {
        "security": "tls",
        "tlsSettings": {
          "alpn": [
            "http/1.1",
            "h2"
          ],
          "certificates": [
            {
              "usage": "issue",
              "certificateFile": "./CA.crt",
              "keyFile": "./CA.pem"
            }
          ]
        }
      }
    }
  ],
  "outbounds": [
    {
      "tag": "direct",
      "protocol": "freedom",
      "settings": {
        "domainStrategy": "UseIP"
      }
    },
    {
      "tag": "tls_repacker",
      "protocol": "freedom",
      "settings": {
        "redirect": "encryptedsni.com:443",
        "domainStrategy": "ForceIP"
      },
      "streamSettings": {
        "security": "tls",
        "tlsSettings": {
          "serverName": "FromMitm",
          "verifyPeerCertInNames": [
            "FromMitm"
          ],
          "alpn": [
            "FromMitm"
          ],
          "fingerprint": "unsafe",
          "echConfigList": "encryptedsni.com+udp://1.1.1.1",
          "echForceQuery": "full"
        }
      }
    },
    {
      "tag": "redirect_to_unpacker",
      "protocol": "freedom",
      "settings": {
        "redirect": "127.0.0.1:5100"
      }
    }
  ],
  "routing": {
    "domainStrategy": "IPOnDemand",
    "rules": [
      {
        "inboundTag": [
          "socks-inbound-enforce-ECH"
        ],
        "port": 443,
        "ip":[
          "geoip:cloudflare"
        ],
        "outboundTag": "redirect_to_unpacker"
      },
      {
        "inboundTag": [
          "socks-inbound-enforce-ECH"
        ],
        "ip": [
          "geoip:!cloudflare"
        ],
        "outboundTag": "direct"
      },
      {
        "inboundTag": [
          "tls_unpacker"
        ],
        "outboundTag": "tls_repacker"
      }
    ]
  }
}

Problem Description

When statistics are enabled (statsInboundDownlink: true, statsInboundUplink: true):

1. dokodemo-door with followRedirect: true fails to extract destination address from forwarded connections
2. Connection fails with error: unable to get destination
3. Traffic is incorrectly routed to 127.0.0.1:443 instead of the actual target (e.g., www.pixiv.net:443)

When statistics are disabled (statsInboundDownlink: false, statsInboundUplink: false):

1. followRedirect: true works correctly
2. Destination address is properly extracted
3. Connection succeeds

Steps to Reproduce

1. Start Xray with above configuration (statistics enabled)
2. Make a SOCKS connection to www.pixiv.net:443(curl -v -k -I --socks5-hostname 127.0.0.1:1080 https://www.pixiv.net)
3. Observe failure in logs
4. Disable statistics in config
5. Restart Xray and repeat step 2
6. Observe success

Log Comparison

With statistics enabled (FAILS):

[Info] [2705368421] proxy/dokodemo: processing connection from: 127.0.0.1:56964
[Info] [2705368421] app/proxyman/inbound: connection ends > proxy/dokodemo: unable to get destination
[Info] [1209002489] app/dispatcher: taking detour [tls_repacker] for [tcp:127.0.0.1:443]

With statistics disabled (SUCCEEDS):

[Info] [1707136610] proxy/dokodemo: received request for 127.0.0.1:56976
[Info] transport/internet/tls: new certificate for www.pixiv.net issued
[Info] [1707136610] app/dispatcher: taking detour [tls_repacker] for [tcp:www.pixiv.net:443]

Expected Behavior

Statistics module should not interfere with dokodemo-door's followRedirect functionality. Destination address extraction should work regardless of statistics settings.

Actual Behavior

Statistics module initialization appears to interfere with the first data packet processing in dokodemo-door, preventing followRedirect from extracting the correct destination address.

Additional Information

2025/12/18 01:42:13.270632 [Debug] app/log: Logger started
2025/12/18 01:42:13.271629 [Info] app/dns: DNS: created DOHL client for https://77.88.8.8/dns-query, with h2c false
2025/12/18 01:42:13.271629 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:1080
2025/12/18 01:42:13.271629 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:5100
2025/12/18 01:42:13.271629 [Debug] app/stats: create new counter outbound>>>direct>>>traffic>>>uplink
2025/12/18 01:42:13.271629 [Debug] app/stats: create new counter outbound>>>direct>>>traffic>>>downlink
2025/12/18 01:42:13.271629 [Debug] app/stats: create new counter outbound>>>tls_repacker>>>traffic>>>uplink
2025/12/18 01:42:13.271629 [Debug] app/stats: create new counter outbound>>>tls_repacker>>>traffic>>>downlink
2025/12/18 01:42:13.271629 [Debug] app/stats: create new counter outbound>>>redirect_to_unpacker>>>traffic>>>uplink
2025/12/18 01:42:13.271629 [Debug] app/stats: create new counter outbound>>>redirect_to_unpacker>>>traffic>>>downlink
2025/12/18 01:42:13.271629 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:1080
2025/12/18 01:42:13.271629 [Info] transport/internet/udp: listening UDP on 127.0.0.1:1080
2025/12/18 01:42:13.271629 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:5100
2025/12/18 01:42:13.272625 [Info] app/commander: API server listening on 127.0.0.1:5700
2025/12/18 01:42:13.272625 [Warning] core: Xray 25.12.8 started
2025/12/18 01:42:18.143833 [Info] [1857519222] proxy/socks: TCP Connect request to tcp:www.pixiv.net:443
2025/12/18 01:42:18.144365 [Debug] app/dns: domain www.pixiv.net will use DNS in order: [DOHL//77.88.8.8]
2025/12/18 01:42:18.144365 [Info] app/dns: DOHL//77.88.8.8 querying: www.pixiv.net.
2025/12/18 01:42:18.144365 [Debug] transport/internet: dialing to tcp:77.88.8.8:443
2025/12/18 01:42:18.949039 [Info] app/dns: DOHL//77.88.8.8 got answer: www.pixiv.net. TypeAAAA -> [], rtt: 804.6744ms, lock: 0s
2025/12/18 01:42:18.949884 [Info] app/dns: DOHL//77.88.8.8 got answer: www.pixiv.net. TypeA -> [8.6.112.0 8.47.69.0], rtt: 805.5193ms, lock: 0s
2025/12/18 01:42:18.949884 [Info] [1857519222] app/dispatcher: taking detour [redirect_to_unpacker] for [tcp:www.pixiv.net:443]
2025/12/18 01:42:18.949884 [Info] [1857519222] transport/internet/tcp: dialing TCP to tcp:127.0.0.1:5100
2025/12/18 01:42:18.949884 [Debug] [1857519222] transport/internet: dialing to tcp:127.0.0.1:5100
2025/12/18 01:42:18.950439 [Info] [1857519222] proxy/freedom: connection opened to tcp:127.0.0.1:5100, local endpoint 127.0.0.1:60325, remote endpoint 127.0.0.1:5100
2025/12/18 01:42:18.950439 [Debug] [1857519222] proxy: CopyRawConn (maybe) readv
2025/12/18 01:42:18.950439 [Debug] [947353094] proxy/dokodemo: processing connection from: 127.0.0.1:60325
2025/12/18 01:42:18.965951 [Info] transport/internet/tls: new certificate for www.pixiv.net (expire on 2025-12-17T18:42:18Z) issued
2025/12/18 01:42:18.973624 [Info] [947353094] proxy/dokodemo: received request for 127.0.0.1:60325
2025/12/18 01:42:18.973624 [Info] [947353094] app/dispatcher: taking detour [tls_repacker] for [tcp:www.pixiv.net:443]
2025/12/18 01:42:18.973624 [Debug] app/dns: domain encryptedsni.com will use DNS in order: [DOHL//77.88.8.8]
2025/12/18 01:42:18.973624 [Info] app/dns: DOHL//77.88.8.8 querying: encryptedsni.com.
2025/12/18 01:42:19.214890 [Info] app/dns: DOHL//77.88.8.8 got answer: encryptedsni.com. TypeAAAA -> [], rtt: 241.1308ms, lock: 135.2µs
2025/12/18 01:42:19.214890 [Info] app/dns: DOHL//77.88.8.8 got answer: encryptedsni.com. TypeA -> [8.6.112.0 8.47.69.0], rtt: 241.266ms, lock: 0s
2025/12/18 01:42:19.214890 [Info] [947353094] proxy/freedom: dialing to tcp:8.47.69.0:443
2025/12/18 01:42:19.214890 [Info] [947353094] transport/internet/tcp: dialing TCP to tcp:8.47.69.0:443
2025/12/18 01:42:19.214890 [Debug] [947353094] transport/internet: dialing to tcp:8.47.69.0:443
2025/12/18 01:42:19.386672 [Debug] transport/internet/tls: Trying to query ECH config for domain: encryptedsni.com with ECH server: udp://1.1.1.1
2025/12/18 01:42:19.386672 [Debug] transport/internet: dialing to udp:1.1.1.1:53
2025/12/18 01:42:19.461855 [Debug] transport/internet/tls: Get ECH config:AEX+DQBBSQAgACBLdOxgHsuJnrzu6NaEiSyAxbNZTQ5EMUDTgVY6+LHdLQAEAAEAAQASY2xvdWRmbGFyZS1lY2guY29tAAA= TTL:300
2025/12/18 01:42:19.650171 [Info] [947353094] proxy/freedom: connection opened to tcp:encryptedsni.com:443, local endpoint 10.0.0.6:60326, remote endpoint 8.47.69.0:443
2025/12/18 01:42:23.161745 [Debug] app/log: Logger closing
2025/12/18 01:42:41.833853 [Debug] app/log: Logger started
2025/12/18 01:42:41.833853 [Info] app/dns: DNS: created DOHL client for https://77.88.8.8/dns-query, with h2c false
2025/12/18 01:42:41.833853 [Debug] app/stats: create new counter inbound>>>socks-inbound-enforce-ECH>>>traffic>>>uplink
2025/12/18 01:42:41.833853 [Debug] app/stats: create new counter inbound>>>socks-inbound-enforce-ECH>>>traffic>>>downlink
2025/12/18 01:42:41.833853 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:1080
2025/12/18 01:42:41.833853 [Debug] app/stats: create new counter inbound>>>tls_unpacker>>>traffic>>>uplink
2025/12/18 01:42:41.833853 [Debug] app/stats: create new counter inbound>>>tls_unpacker>>>traffic>>>downlink
2025/12/18 01:42:41.833853 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:5100
2025/12/18 01:42:41.833853 [Debug] app/stats: create new counter outbound>>>direct>>>traffic>>>uplink
2025/12/18 01:42:41.833853 [Debug] app/stats: create new counter outbound>>>direct>>>traffic>>>downlink
2025/12/18 01:42:41.833853 [Debug] app/stats: create new counter outbound>>>tls_repacker>>>traffic>>>uplink
2025/12/18 01:42:41.833853 [Debug] app/stats: create new counter outbound>>>tls_repacker>>>traffic>>>downlink
2025/12/18 01:42:41.833853 [Debug] app/stats: create new counter outbound>>>redirect_to_unpacker>>>traffic>>>uplink
2025/12/18 01:42:41.833853 [Debug] app/stats: create new counter outbound>>>redirect_to_unpacker>>>traffic>>>downlink
2025/12/18 01:42:41.834862 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:5100
2025/12/18 01:42:41.834862 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:1080
2025/12/18 01:42:41.834862 [Info] transport/internet/udp: listening UDP on 127.0.0.1:1080
2025/12/18 01:42:41.834862 [Info] app/commander: API server listening on 127.0.0.1:5700
2025/12/18 01:42:41.834862 [Warning] core: Xray 25.12.8 started
2025/12/18 01:42:44.123833 [Info] [1951873738] proxy/socks: TCP Connect request to tcp:www.pixiv.net:443
2025/12/18 01:42:44.123997 [Debug] app/dns: domain www.pixiv.net will use DNS in order: [DOHL//77.88.8.8]
2025/12/18 01:42:44.123997 [Info] app/dns: DOHL//77.88.8.8 querying: www.pixiv.net.
2025/12/18 01:42:44.124135 [Debug] transport/internet: dialing to tcp:77.88.8.8:443
2025/12/18 01:42:44.849508 [Info] app/dns: DOHL//77.88.8.8 got answer: www.pixiv.net. TypeAAAA -> [], rtt: 725.5107ms, lock: 0s
2025/12/18 01:42:44.870478 [Info] app/dns: DOHL//77.88.8.8 got answer: www.pixiv.net. TypeA -> [8.47.69.0 8.6.112.0], rtt: 746.301ms, lock: 0s
2025/12/18 01:42:44.870832 [Info] [1951873738] app/dispatcher: taking detour [redirect_to_unpacker] for [tcp:www.pixiv.net:443]
2025/12/18 01:42:44.870832 [Info] [1951873738] transport/internet/tcp: dialing TCP to tcp:127.0.0.1:5100
2025/12/18 01:42:44.870832 [Debug] [1951873738] transport/internet: dialing to tcp:127.0.0.1:5100
2025/12/18 01:42:44.872140 [Info] [1951873738] proxy/freedom: connection opened to tcp:127.0.0.1:5100, local endpoint 127.0.0.1:60364, remote endpoint 127.0.0.1:5100
2025/12/18 01:42:44.872729 [Debug] [2128431444] proxy/dokodemo: processing connection from: 127.0.0.1:60364
2025/12/18 01:42:44.872729 [Debug] [1951873738] proxy: CopyRawConn (maybe) readv
2025/12/18 01:42:44.872729 [Info] [2128431444] proxy/dokodemo: received request for 127.0.0.1:60364
2025/12/18 01:42:44.872729 [Info] [2128431444] app/dispatcher: taking detour [tls_repacker] for [tcp:127.0.0.1:443]
2025/12/18 01:42:44.872729 [Debug] app/dns: domain encryptedsni.com will use DNS in order: [DOHL//77.88.8.8]
2025/12/18 01:42:44.872729 [Info] app/dns: DOHL//77.88.8.8 querying: encryptedsni.com.
2025/12/18 01:42:45.110653 [Info] app/dns: DOHL//77.88.8.8 got answer: encryptedsni.com. TypeA -> [8.6.112.0 8.47.69.0], rtt: 237.9243ms, lock: 0s
2025/12/18 01:42:45.110653 [Info] app/dns: DOHL//77.88.8.8 got answer: encryptedsni.com. TypeAAAA -> [], rtt: 237.9243ms, lock: 0s
2025/12/18 01:42:45.110653 [Info] [2128431444] proxy/freedom: dialing to tcp:8.47.69.0:443
2025/12/18 01:42:45.110653 [Info] [2128431444] transport/internet/tcp: dialing TCP to tcp:8.47.69.0:443
2025/12/18 01:42:45.110653 [Debug] [2128431444] transport/internet: dialing to tcp:8.47.69.0:443
2025/12/18 01:42:45.282557 [Debug] transport/internet/tls: Trying to query ECH config for domain: encryptedsni.com with ECH server: udp://1.1.1.1
2025/12/18 01:42:45.282557 [Debug] transport/internet: dialing to udp:1.1.1.1:53
2025/12/18 01:42:45.351029 [Debug] transport/internet/tls: Get ECH config:AEX+DQBBSQAgACBLdOxgHsuJnrzu6NaEiSyAxbNZTQ5EMUDTgVY6+LHdLQAEAAEAAQASY2xvdWRmbGFyZS1lY2guY29tAAA= TTL:300
2025/12/18 01:42:45.527154 [Debug] app/dns: domain encryptedsni.com will use DNS in order: [DOHL//77.88.8.8]
2025/12/18 01:42:45.527301 [Debug] app/dns: DOHL//77.88.8.8 cache HIT encryptedsni.com. -> [8.6.112.0 8.47.69.0]
2025/12/18 01:42:45.527301 [Info] [2128431444] proxy/freedom: dialing to tcp:8.47.69.0:443
2025/12/18 01:42:45.527301 [Info] [2128431444] transport/internet/tcp: dialing TCP to tcp:8.47.69.0:443
2025/12/18 01:42:45.527301 [Debug] [2128431444] transport/internet: dialing to tcp:8.47.69.0:443
2025/12/18 01:42:45.697565 [Debug] transport/internet/tls: Cache hit for domain: encryptedsni.com
2025/12/18 01:42:45.969861 [Debug] app/dns: domain encryptedsni.com will use DNS in order: [DOHL//77.88.8.8]
2025/12/18 01:42:45.969861 [Debug] app/dns: DOHL//77.88.8.8 cache HIT encryptedsni.com. -> [8.6.112.0 8.47.69.0]
2025/12/18 01:42:45.969861 [Info] [2128431444] proxy/freedom: dialing to tcp:8.47.69.0:443
2025/12/18 01:42:45.969861 [Info] [2128431444] transport/internet/tcp: dialing TCP to tcp:8.47.69.0:443
2025/12/18 01:42:45.969861 [Debug] [2128431444] transport/internet: dialing to tcp:8.47.69.0:443
2025/12/18 01:42:46.180880 [Debug] transport/internet/tls: Cache hit for domain: encryptedsni.com
2025/12/18 01:42:46.586882 [Debug] app/dns: domain encryptedsni.com will use DNS in order: [DOHL//77.88.8.8]
2025/12/18 01:42:46.586882 [Debug] app/dns: DOHL//77.88.8.8 cache HIT encryptedsni.com. -> [8.6.112.0 8.47.69.0]
2025/12/18 01:42:46.586882 [Info] [2128431444] proxy/freedom: dialing to tcp:8.6.112.0:443
2025/12/18 01:42:46.586882 [Info] [2128431444] transport/internet/tcp: dialing TCP to tcp:8.6.112.0:443
2025/12/18 01:42:46.586882 [Debug] [2128431444] transport/internet: dialing to tcp:8.6.112.0:443
2025/12/18 01:42:46.762299 [Debug] transport/internet/tls: Cache hit for domain: encryptedsni.com
2025/12/18 01:42:47.232341 [Debug] app/dns: domain encryptedsni.com will use DNS in order: [DOHL//77.88.8.8]
2025/12/18 01:42:47.232341 [Debug] app/dns: DOHL//77.88.8.8 cache HIT encryptedsni.com. -> [8.6.112.0 8.47.69.0]
2025/12/18 01:42:47.232341 [Info] [2128431444] proxy/freedom: dialing to tcp:8.6.112.0:443
2025/12/18 01:42:47.233133 [Info] [2128431444] transport/internet/tcp: dialing TCP to tcp:8.6.112.0:443
2025/12/18 01:42:47.233133 [Debug] [2128431444] transport/internet: dialing to tcp:8.6.112.0:443
2025/12/18 01:42:47.397368 [Debug] transport/internet/tls: Cache hit for domain: encryptedsni.com
2025/12/18 01:42:47.963681 [Info] [2128431444] app/proxyman/outbound: app/proxyman/outbound: failed to process outbound traffic > proxy/freedom: failed to open connection to tcp:encryptedsni.com:443 > common/retry: [transport/internet/tcp: MITM freedom RAW TLS: failed to verify Domain Fronting certificate from  > remote error: tls: handshake failure] > common/retry: all retry attempts failed
2025/12/18 01:42:47.963681 [Info] [1951873738] app/proxyman/outbound: app/proxyman/outbound: failed to process outbound traffic > proxy/freedom: connection ends > proxy: failed to process response > read tcp 127.0.0.1:60364->127.0.0.1:5100: wsarecv: An existing connection was forcibly closed by the remote host.
2025/12/18 01:42:53.987375 [Debug] app/log: Logger closing

[Fangliding]

我就说就核心这conn包来包去去直接断言迟早出事

[Fangliding]

尝试 pull request 中的版本

[yandujun363]

测试通过
已合并到Fork：yandujun363/Xray-core/tree/fix-stats-unwrap

2025/12/18 11:58:27.558165 [Debug] app/log: Logger started
2025/12/18 11:58:27.558165 [Info] app/dns: DNS: created DOHL client for https://77.88.8.8/dns-query, with h2c false
2025/12/18 11:58:27.558165 [Debug] app/stats: create new counter inbound>>>socks-inbound-enforce-ECH>>>traffic>>>uplink
2025/12/18 11:58:27.558165 [Debug] app/stats: create new counter inbound>>>socks-inbound-enforce-ECH>>>traffic>>>downlink
2025/12/18 11:58:27.558165 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:1080
2025/12/18 11:58:27.558165 [Debug] app/stats: create new counter inbound>>>tls_unpacker>>>traffic>>>uplink
2025/12/18 11:58:27.558165 [Debug] app/stats: create new counter inbound>>>tls_unpacker>>>traffic>>>downlink
2025/12/18 11:58:27.562194 [Debug] app/proxyman/inbound: creating stream worker on 127.0.0.1:5100
2025/12/18 11:58:27.562194 [Debug] app/stats: create new counter outbound>>>direct>>>traffic>>>uplink
2025/12/18 11:58:27.562194 [Debug] app/stats: create new counter outbound>>>direct>>>traffic>>>downlink
2025/12/18 11:58:27.562194 [Debug] app/stats: create new counter outbound>>>tls_repacker>>>traffic>>>uplink
2025/12/18 11:58:27.562194 [Debug] app/stats: create new counter outbound>>>tls_repacker>>>traffic>>>downlink
2025/12/18 11:58:27.562194 [Debug] app/stats: create new counter outbound>>>redirect_to_unpacker>>>traffic>>>uplink
2025/12/18 11:58:27.562194 [Debug] app/stats: create new counter outbound>>>redirect_to_unpacker>>>traffic>>>downlink
2025/12/18 11:58:27.562194 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:1080
2025/12/18 11:58:27.562194 [Info] transport/internet/udp: listening UDP on 127.0.0.1:1080
2025/12/18 11:58:27.562194 [Info] transport/internet/tcp: listening TCP on 127.0.0.1:5100
2025/12/18 11:58:27.562194 [Info] app/commander: API server listening on 127.0.0.1:5700
2025/12/18 11:58:27.562194 [Warning] core: Xray 25.12.8 started
2025/12/18 11:58:36.720557 [Info] [823463284] proxy/socks: TCP Connect request to tcp:www.pixiv.net:443
2025/12/18 11:58:36.720557 [Debug] app/dns: domain www.pixiv.net will use DNS in order: [DOHL//77.88.8.8]
2025/12/18 11:58:36.720557 [Info] app/dns: DOHL//77.88.8.8 querying: www.pixiv.net.
2025/12/18 11:58:36.721074 [Debug] transport/internet: dialing to tcp:77.88.8.8:443
2025/12/18 11:58:37.730511 [Info] app/dns: DOHL//77.88.8.8 got answer: www.pixiv.net. TypeAAAA -> [], rtt: 1.0099543s, lock: 0s
2025/12/18 11:58:37.768741 [Info] app/dns: DOHL//77.88.8.8 got answer: www.pixiv.net. TypeA -> [8.47.69.0 8.6.112.0], rtt: 1.0481694s, lock: 0s
2025/12/18 11:58:37.768741 [Info] [823463284] app/dispatcher: taking detour [redirect_to_unpacker] for [tcp:www.pixiv.net:443]
2025/12/18 11:58:37.768827 [Info] [823463284] transport/internet/tcp: dialing TCP to tcp:127.0.0.1:5100
2025/12/18 11:58:37.768827 [Debug] [823463284] transport/internet: dialing to tcp:127.0.0.1:5100
2025/12/18 11:58:37.769036 [Info] [823463284] proxy/freedom: connection opened to tcp:127.0.0.1:5100, local endpoint 127.0.0.1:53817, remote endpoint 127.0.0.1:5100
2025/12/18 11:58:37.769036 [Debug] [823463284] proxy: CopyRawConn (maybe) readv
2025/12/18 11:58:37.769036 [Debug] [3851197349] proxy/dokodemo: processing connection from: 127.0.0.1:53817
2025/12/18 11:58:37.784240 [Info] transport/internet/tls: new certificate for www.pixiv.net (expire on 2025-12-18T04:58:37Z) issued
2025/12/18 11:58:37.792641 [Info] [3851197349] proxy/dokodemo: received request for 127.0.0.1:53817
2025/12/18 11:58:37.792641 [Info] [3851197349] app/dispatcher: taking detour [tls_repacker] for [tcp:www.pixiv.net:443]
2025/12/18 11:58:37.792641 [Debug] app/dns: domain encryptedsni.com will use DNS in order: [DOHL//77.88.8.8]
2025/12/18 11:58:37.792641 [Info] app/dns: DOHL//77.88.8.8 querying: encryptedsni.com.
2025/12/18 11:58:38.085528 [Info] app/dns: DOHL//77.88.8.8 got answer: encryptedsni.com. TypeAAAA -> [], rtt: 292.8866ms, lock: 0s
2025/12/18 11:58:38.085528 [Info] [3851197349] proxy/freedom: dialing to tcp:8.47.69.0:443
2025/12/18 11:58:38.085528 [Info] [3851197349] transport/internet/tcp: dialing TCP to tcp:8.47.69.0:443
2025/12/18 11:58:38.086042 [Debug] [3851197349] transport/internet: dialing to tcp:8.47.69.0:443
2025/12/18 11:58:38.086155 [Info] app/dns: DOHL//77.88.8.8 got answer: encryptedsni.com. TypeA -> [8.47.69.0 8.6.112.0], rtt: 292.8866ms, lock: 0s
2025/12/18 11:58:38.257480 [Debug] transport/internet/tls: Trying to query ECH config for domain: encryptedsni.com with ECH server: udp://1.1.1.1
2025/12/18 11:58:38.257673 [Debug] transport/internet: dialing to udp:1.1.1.1:53
2025/12/18 11:58:38.329261 [Debug] transport/internet/tls: Get ECH config:AEX+DQBB2gAgACDHT4XFrV5E546+0liEcZt6JDB4aieyA91/gpekk1b9dQAEAAEAAQASY2xvdWRmbGFyZS1lY2guY29tAAA= TTL:300
2025/12/18 11:58:38.517465 [Info] [3851197349] proxy/freedom: connection opened to tcp:encryptedsni.com:443, local endpoint 10.0.0.6:53818, remote endpoint 8.47.69.0:443
2025/12/18 11:58:41.593693 [Debug] app/log: Logger closing