feat: support uid rule
eg. UID,1000/5000-6000,Proxy
This commit is contained in:
parent
0cb5270452
commit
3d6aea4c1e
6 changed files with 106 additions and 6 deletions
|
@ -2,12 +2,11 @@ package process
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
|
"github.com/Dreamacro/clash/common/nnip"
|
||||||
|
C "github.com/Dreamacro/clash/constant"
|
||||||
"net"
|
"net"
|
||||||
"net/netip"
|
"net/netip"
|
||||||
"runtime"
|
"runtime"
|
||||||
|
|
||||||
"github.com/Dreamacro/clash/common/nnip"
|
|
||||||
C "github.com/Dreamacro/clash/constant"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -25,6 +24,14 @@ func FindProcessName(network string, srcIP netip.Addr, srcPort int) (string, err
|
||||||
return findProcessName(network, srcIP, srcPort)
|
return findProcessName(network, srcIP, srcPort)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func FindUid(network string, srcIP netip.Addr, srcPort int) (int32, error) {
|
||||||
|
_, uid, err := resolveSocketByNetlink(network, srcIP, srcPort)
|
||||||
|
if err != nil {
|
||||||
|
return -1, err
|
||||||
|
}
|
||||||
|
return uid, nil
|
||||||
|
}
|
||||||
|
|
||||||
func ShouldFindProcess(metadata *C.Metadata) bool {
|
func ShouldFindProcess(metadata *C.Metadata) bool {
|
||||||
if runtime.GOOS == "android" {
|
if runtime.GOOS == "android" {
|
||||||
return false
|
return false
|
||||||
|
|
|
@ -37,7 +37,6 @@ func findProcessName(network string, ip netip.Addr, srcPort int) (string, error)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
return resolveProcessNameByProcSearch(inode, uid)
|
return resolveProcessNameByProcSearch(inode, uid)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -108,7 +107,7 @@ func resolveSocketByNetlink(network string, ip netip.Addr, srcPort int) (int32,
|
||||||
return 0, 0, fmt.Errorf("netlink message: NLMSG_ERROR")
|
return 0, 0, fmt.Errorf("netlink message: NLMSG_ERROR")
|
||||||
}
|
}
|
||||||
|
|
||||||
inode, uid := unpackSocketDiagResponse(&messages[0])
|
inode, uid := unpackSocketDiagResponse(&message)
|
||||||
if inode < 0 || uid < 0 {
|
if inode < 0 || uid < 0 {
|
||||||
return 0, 0, fmt.Errorf("invalid inode(%d) or uid(%d)", inode, uid)
|
return 0, 0, fmt.Errorf("invalid inode(%d) or uid(%d)", inode, uid)
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,6 +16,7 @@ const (
|
||||||
Script
|
Script
|
||||||
RuleSet
|
RuleSet
|
||||||
Network
|
Network
|
||||||
|
Uid
|
||||||
MATCH
|
MATCH
|
||||||
AND
|
AND
|
||||||
OR
|
OR
|
||||||
|
@ -56,6 +57,8 @@ func (rt RuleType) String() string {
|
||||||
return "RuleSet"
|
return "RuleSet"
|
||||||
case Network:
|
case Network:
|
||||||
return "Network"
|
return "Network"
|
||||||
|
case Uid:
|
||||||
|
return "Uid"
|
||||||
case AND:
|
case AND:
|
||||||
return "AND"
|
return "AND"
|
||||||
case OR:
|
case OR:
|
||||||
|
|
89
rule/common/uid.go
Normal file
89
rule/common/uid.go
Normal file
|
@ -0,0 +1,89 @@
|
||||||
|
package common
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/Dreamacro/clash/common/utils"
|
||||||
|
"github.com/Dreamacro/clash/component/process"
|
||||||
|
C "github.com/Dreamacro/clash/constant"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Uid struct {
|
||||||
|
*Base
|
||||||
|
uids []utils.Range[int32]
|
||||||
|
oUid string
|
||||||
|
adapter string
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewUid(oUid, adapter string) (*Uid, error) {
|
||||||
|
//if len(_uids) > 28 {
|
||||||
|
// return nil, fmt.Errorf("%s, too many uid to use, maximum support 28 uid", errPayload.Error())
|
||||||
|
//}
|
||||||
|
|
||||||
|
var uidRange []utils.Range[int32]
|
||||||
|
for _, u := range strings.Split(oUid, "/") {
|
||||||
|
if u == "" {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
subUids := strings.Split(u, "-")
|
||||||
|
subUidsLen := len(subUids)
|
||||||
|
if subUidsLen > 2 {
|
||||||
|
return nil, errPayload
|
||||||
|
}
|
||||||
|
|
||||||
|
uidStart, err := strconv.ParseUint(strings.Trim(subUids[0], "[ ]"), 10, 32)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errPayload
|
||||||
|
}
|
||||||
|
|
||||||
|
switch subUidsLen {
|
||||||
|
case 1:
|
||||||
|
uidRange = append(uidRange, *utils.NewRange(int32(uidStart), int32(uidStart)))
|
||||||
|
case 2:
|
||||||
|
uidEnd, err := strconv.ParseUint(strings.Trim(subUids[1], "[ ]"), 10, 32)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errPayload
|
||||||
|
}
|
||||||
|
|
||||||
|
uidRange = append(uidRange, *utils.NewRange(int32(uidStart), int32(uidEnd)))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(uidRange) == 0 {
|
||||||
|
return nil, errPayload
|
||||||
|
}
|
||||||
|
return &Uid{
|
||||||
|
Base: &Base{},
|
||||||
|
adapter: adapter,
|
||||||
|
oUid: oUid,
|
||||||
|
uids: uidRange,
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (u *Uid) RuleType() C.RuleType {
|
||||||
|
return C.Uid
|
||||||
|
}
|
||||||
|
|
||||||
|
func (u *Uid) Match(metadata *C.Metadata) bool {
|
||||||
|
srcPort, err := strconv.Atoi(metadata.SrcPort)
|
||||||
|
if err != nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if uid, err := process.FindUid(metadata.NetWork.String(), metadata.SrcIP, srcPort); err == nil {
|
||||||
|
for _, _uid := range u.uids {
|
||||||
|
if _uid.Contains(uid) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
func (u *Uid) Adapter() string {
|
||||||
|
return u.adapter
|
||||||
|
}
|
||||||
|
|
||||||
|
func (u *Uid) Payload() string {
|
||||||
|
return u.oUid
|
||||||
|
}
|
|
@ -45,6 +45,8 @@ func ParseRule(tp, payload, target string, params []string) (C.Rule, error) {
|
||||||
parsed, parseErr = RP.NewRuleSet(payload, target)
|
parsed, parseErr = RP.NewRuleSet(payload, target)
|
||||||
case "NETWORK":
|
case "NETWORK":
|
||||||
parsed, parseErr = RC.NewNetworkType(payload, target)
|
parsed, parseErr = RC.NewNetworkType(payload, target)
|
||||||
|
case "UID":
|
||||||
|
parsed, parseErr = RC.NewUid(payload, target)
|
||||||
case "AND":
|
case "AND":
|
||||||
parsed, parseErr = logic.NewAND(payload, target)
|
parsed, parseErr = logic.NewAND(payload, target)
|
||||||
case "OR":
|
case "OR":
|
||||||
|
|
|
@ -328,7 +328,7 @@ func handleTCPConn(connCtx C.ConnContext) {
|
||||||
if rule == nil {
|
if rule == nil {
|
||||||
log.Warnln("[TCP] dial %s to %s error: %s", proxy.Name(), metadata.RemoteAddress(), err.Error())
|
log.Warnln("[TCP] dial %s to %s error: %s", proxy.Name(), metadata.RemoteAddress(), err.Error())
|
||||||
} else {
|
} else {
|
||||||
log.Warnln("[TCP] dial %s (match %s/%s) to %s error: %s", proxy.Name(), rule.RuleType().String(), rule.Payload(), metadata.RemoteAddress(), err.Error())
|
log.Warnln("[TCP] dial %s (match %s(%s)) to %s error: %s", proxy.Name(), rule.RuleType().String(), rule.Payload(), metadata.RemoteAddress(), err.Error())
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue