From 1cfae4aba879d1b78c2a2529fdf1f8a2c9c039eb Mon Sep 17 00:00:00 2001 From: gVisor bot Date: Sat, 28 May 2022 19:26:42 +0800 Subject: [PATCH 1/7] =?UTF-8?q?refactor:=20=E5=90=88=E5=B9=B6=E9=83=A8?= =?UTF-8?q?=E5=88=86android=E4=BB=A3=E7=A0=81=E5=85=A5linux=20&&=20ip=20?= =?UTF-8?q?=E4=BD=BF=E7=94=A8netlink=E9=85=8D=E7=BD=AE=E8=B7=AF=E7=94=B1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- component/process/process_android.go | 228 ------------------ component/process/process_linux.go | 32 ++- .../tun/ipstack/commons/router_android.go | 44 +++- listener/tun/ipstack/commons/router_linux.go | 68 +++++- 4 files changed, 119 insertions(+), 253 deletions(-) delete mode 100644 component/process/process_android.go diff --git a/component/process/process_android.go b/component/process/process_android.go deleted file mode 100644 index 6013ecd3..00000000 --- a/component/process/process_android.go +++ /dev/null @@ -1,228 +0,0 @@ -package process - -import ( - "bytes" - "encoding/binary" - "fmt" - "net" - "net/netip" - "os" - "path" - "path/filepath" - "strings" - "syscall" - "unicode" - "unsafe" - - "github.com/Dreamacro/clash/common/pool" -) - -// from https://github.com/vishvananda/netlink/blob/bca67dfc8220b44ef582c9da4e9172bf1c9ec973/nl/nl_linux.go#L52-L62 -var nativeEndian = func() binary.ByteOrder { - var x uint32 = 0x01020304 - if *(*byte)(unsafe.Pointer(&x)) == 0x01 { - return binary.BigEndian - } - - return binary.LittleEndian -}() - -const ( - sizeOfSocketDiagRequest = syscall.SizeofNlMsghdr + 8 + 48 - socketDiagByFamily = 20 - pathProc = "/proc" -) - -func findProcessName(network string, ip netip.Addr, srcPort int) (int32, string, error) { - inode, uid, err := resolveSocketByNetlink(network, ip, srcPort) - if err != nil { - return -1, "", err - } - - pp, err := resolveProcessNameByProcSearch(inode, uid) - return uid, pp, err -} - -func resolveSocketByNetlink(network string, ip netip.Addr, srcPort int) (int32, int32, error) { - var family byte - var protocol byte - - switch network { - case TCP: - protocol = syscall.IPPROTO_TCP - case UDP: - protocol = syscall.IPPROTO_UDP - default: - return 0, 0, ErrInvalidNetwork - } - - if ip.Is4() { - family = syscall.AF_INET - } else { - family = syscall.AF_INET6 - } - - req := packSocketDiagRequest(family, protocol, ip, uint16(srcPort)) - - socket, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_DGRAM, syscall.NETLINK_INET_DIAG) - if err != nil { - return 0, 0, fmt.Errorf("dial netlink: %w", err) - } - defer syscall.Close(socket) - - _ = syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 100}) - _ = syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 100}) - - if err := syscall.Connect(socket, &syscall.SockaddrNetlink{ - Family: syscall.AF_NETLINK, - Pad: 0, - Pid: 0, - Groups: 0, - }); err != nil { - return 0, 0, err - } - - if _, err := syscall.Write(socket, req); err != nil { - return 0, 0, fmt.Errorf("write request: %w", err) - } - - rb := pool.Get(pool.RelayBufferSize) - defer pool.Put(rb) - - n, err := syscall.Read(socket, rb) - if err != nil { - return 0, 0, fmt.Errorf("read response: %w", err) - } - - messages, err := syscall.ParseNetlinkMessage(rb[:n]) - if err != nil { - return 0, 0, fmt.Errorf("parse netlink message: %w", err) - } else if len(messages) == 0 { - return 0, 0, fmt.Errorf("unexcepted netlink response") - } - - message := messages[0] - if message.Header.Type&syscall.NLMSG_ERROR != 0 { - return 0, 0, fmt.Errorf("netlink message: NLMSG_ERROR") - } - - uid, inode := unpackSocketDiagResponse(&messages[0]) - if uid < 0 || inode < 0 { - return 0, 0, fmt.Errorf("invalid uid(%d) or inode(%d)", uid, inode) - } - - return uid, inode, nil -} - -func packSocketDiagRequest(family, protocol byte, source netip.Addr, sourcePort uint16) []byte { - s := make([]byte, 16) - - copy(s, source.AsSlice()) - - buf := make([]byte, sizeOfSocketDiagRequest) - - nativeEndian.PutUint32(buf[0:4], sizeOfSocketDiagRequest) - nativeEndian.PutUint16(buf[4:6], socketDiagByFamily) - nativeEndian.PutUint16(buf[6:8], syscall.NLM_F_REQUEST|syscall.NLM_F_DUMP) - nativeEndian.PutUint32(buf[8:12], 0) - nativeEndian.PutUint32(buf[12:16], 0) - - buf[16] = family - buf[17] = protocol - buf[18] = 0 - buf[19] = 0 - nativeEndian.PutUint32(buf[20:24], 0xFFFFFFFF) - - binary.BigEndian.PutUint16(buf[24:26], sourcePort) - binary.BigEndian.PutUint16(buf[26:28], 0) - - copy(buf[28:44], s) - copy(buf[44:60], net.IPv6zero) - - nativeEndian.PutUint32(buf[60:64], 0) - nativeEndian.PutUint64(buf[64:72], 0xFFFFFFFFFFFFFFFF) - - return buf -} - -func unpackSocketDiagResponse(msg *syscall.NetlinkMessage) (inode, uid int32) { - if len(msg.Data) < 72 { - return 0, 0 - } - - data := msg.Data - - uid = int32(nativeEndian.Uint32(data[64:68])) - inode = int32(nativeEndian.Uint32(data[68:72])) - - return -} - -func resolveProcessNameByProcSearch(inode, uid int32) (string, error) { - files, err := os.ReadDir(pathProc) - if err != nil { - return "", err - } - - buffer := make([]byte, syscall.PathMax) - socket := []byte(fmt.Sprintf("socket:[%d]", inode)) - - for _, f := range files { - if !f.IsDir() || !isPid(f.Name()) { - continue - } - - info, err := f.Info() - if err != nil { - return "", err - } - if info.Sys().(*syscall.Stat_t).Uid != uint32(uid) { - continue - } - - processPath := path.Join(pathProc, f.Name()) - fdPath := path.Join(processPath, "fd") - - fds, err := os.ReadDir(fdPath) - if err != nil { - continue - } - - for _, fd := range fds { - n, err := syscall.Readlink(path.Join(fdPath, fd.Name()), buffer) - if err != nil { - continue - } - - if bytes.Equal(buffer[:n], socket) { - cmdline, err := os.ReadFile(path.Join(processPath, "cmdline")) - if err != nil { - return "", err - } - - return splitCmdline(cmdline), nil - } - } - } - - return "", fmt.Errorf("process of uid(%d),inode(%d) not found", uid, inode) -} - -func splitCmdline(cmdline []byte) string { - cmdline = bytes.Trim(cmdline, " ") - - idx := bytes.IndexFunc(cmdline, func(r rune) bool { - return unicode.IsControl(r) || unicode.IsSpace(r) - }) - - if idx == -1 { - return filepath.Base(string(cmdline)) - } - return filepath.Base(string(cmdline[:idx])) -} - -func isPid(s string) bool { - return strings.IndexFunc(s, func(r rune) bool { - return !unicode.IsDigit(r) - }) == -1 -} diff --git a/component/process/process_linux.go b/component/process/process_linux.go index 4f937ba0..c2809da1 100644 --- a/component/process/process_linux.go +++ b/component/process/process_linux.go @@ -1,5 +1,3 @@ -//go:build !android - package process import ( @@ -10,6 +8,8 @@ import ( "net/netip" "os" "path" + "path/filepath" + "runtime" "strings" "syscall" "unicode" @@ -198,8 +198,19 @@ func resolveProcessNameByProcSearch(inode, uid int32) (string, error) { continue } - if bytes.Equal(buffer[:n], socket) { - return os.Readlink(path.Join(processPath, "exe")) + if runtime.GOOS == "android" { + if bytes.Equal(buffer[:n], socket) { + cmdline, err := os.ReadFile(path.Join(processPath, "cmdline")) + if err != nil { + return "", err + } + + return splitCmdline(cmdline), nil + } + } else { + if bytes.Equal(buffer[:n], socket) { + return os.Readlink(path.Join(processPath, "exe")) + } } } } @@ -207,6 +218,19 @@ func resolveProcessNameByProcSearch(inode, uid int32) (string, error) { return "", fmt.Errorf("process of uid(%d),inode(%d) not found", uid, inode) } +func splitCmdline(cmdline []byte) string { + cmdline = bytes.Trim(cmdline, " ") + + idx := bytes.IndexFunc(cmdline, func(r rune) bool { + return unicode.IsControl(r) || unicode.IsSpace(r) + }) + + if idx == -1 { + return filepath.Base(string(cmdline)) + } + return filepath.Base(string(cmdline[:idx])) +} + func isPid(s string) bool { return strings.IndexFunc(s, func(r rune) bool { return !unicode.IsDigit(r) diff --git a/listener/tun/ipstack/commons/router_android.go b/listener/tun/ipstack/commons/router_android.go index 4dc351fc..812af547 100644 --- a/listener/tun/ipstack/commons/router_android.go +++ b/listener/tun/ipstack/commons/router_android.go @@ -5,8 +5,9 @@ import ( "github.com/Dreamacro/clash/common/cmd" "github.com/Dreamacro/clash/listener/tun/device" "github.com/Dreamacro/clash/log" + "github.com/vishvananda/netlink" + "net" "net/netip" - "strconv" "strings" ) @@ -30,38 +31,63 @@ func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int, ip = addr.Masked().Addr().Next() ) - _, err := cmd.ExecCmd(fmt.Sprintf("ip addr add %s dev %s", ip.String(), interfaceName)) + metaLink, err := netlink.LinkByName(interfaceName) if err != nil { return err } - _, err = cmd.ExecCmd(fmt.Sprintf("ip link set %s up", interfaceName)) + naddr, err := netlink.ParseAddr(addr.String()) if err != nil { return err } - if err = execRouterCmd("add", addr.Masked().String(), interfaceName, ip.String(), "main"); err != nil { + if err = netlink.AddrAdd(metaLink, naddr); err != nil { + return err + } + + if err = netlink.LinkSetUp(metaLink); err != nil { + return err + } + + if err = netlink.RouteAdd(&netlink.Route{ + LinkIndex: metaLink.Attrs().Index, + Scope: netlink.SCOPE_LINK, + Protocol: 2, + Src: ip.AsSlice(), + Table: 254, + }); err != nil { return err } if autoRoute { - err = configInterfaceRouting(interfaceName, addr) + err = configInterfaceRouting(metaLink.Attrs().Index, interfaceName, ip) } return err } -func configInterfaceRouting(interfaceName string, addr netip.Prefix) error { - linkIP := addr.Masked().Addr().Next() +func configInterfaceRouting(index int, interfaceName string, ip netip.Addr) error { const tableId = 1981801 for _, route := range defaultRoutes { - if err := execRouterCmd("add", route, interfaceName, linkIP.String(), strconv.Itoa(tableId)); err != nil { + _, ipn, err := net.ParseCIDR(route) + if err != nil { + return err + } + + if err := netlink.RouteAdd(&netlink.Route{ + LinkIndex: index, + Scope: netlink.SCOPE_LINK, + Protocol: 2, + Src: ip.AsSlice(), + Dst: ipn, + Table: 254, + }); err != nil { return err } } execAddRuleCmd(fmt.Sprintf("lookup main pref 9000")) execAddRuleCmd(fmt.Sprintf("from 0.0.0.0 iif lo uidrange 0-4294967294 lookup %d pref 9001", tableId)) - execAddRuleCmd(fmt.Sprintf("from %s iif lo uidrange 0-4294967294 lookup %d pref 9002", linkIP, tableId)) + execAddRuleCmd(fmt.Sprintf("from %s iif lo uidrange 0-4294967294 lookup %d pref 9002", ip, tableId)) execAddRuleCmd(fmt.Sprintf("from all iif %s lookup main suppress_prefixlength 0 pref 9003", interfaceName)) execAddRuleCmd(fmt.Sprintf("not from all iif lo lookup %d pref 9004", tableId)) diff --git a/listener/tun/ipstack/commons/router_linux.go b/listener/tun/ipstack/commons/router_linux.go index b34dd5a4..9428accb 100644 --- a/listener/tun/ipstack/commons/router_linux.go +++ b/listener/tun/ipstack/commons/router_linux.go @@ -6,15 +6,33 @@ import ( "fmt" "github.com/Dreamacro/clash/common/cmd" "github.com/Dreamacro/clash/listener/tun/device" + "github.com/vishvananda/netlink" + "net" "net/netip" ) func GetAutoDetectInterface() (string, error) { - execCmd, err := cmd.ExecCmd("bash -c ip route show | grep 'default via' | awk -F ' ' 'NR==1{print $5}' | xargs echo -n") - if execCmd == "" { - return "", fmt.Errorf("interface not found") + routes, err := netlink.RouteList(nil, netlink.FAMILY_V4) + if err != nil { + return "", err } - return execCmd, err + + for _, route := range routes { + if route.Dst == nil { + lk, err := netlink.LinkByIndex(route.LinkIndex) + if err != nil { + return "", err + } + + if lk.Type() == "tuntap" { + continue + } + + return lk.Attrs().Name, nil + } + } + + return "", fmt.Errorf("interface not found") } func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int, autoRoute bool) error { @@ -23,29 +41,55 @@ func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int, ip = addr.Masked().Addr().Next() ) - if _, err := cmd.ExecCmd(fmt.Sprintf("ip addr add %s dev %s", ip.String(), interfaceName)); err != nil { + metaLink, err := netlink.LinkByName(interfaceName) + if err != nil { return err } - if _, err := cmd.ExecCmd(fmt.Sprintf("ip link set %s up", interfaceName)); err != nil { + naddr, err := netlink.ParseAddr(addr.String()) + if err != nil { return err } - if err := execRouterCmd("add", addr.Masked().String(), interfaceName, ip.String(), "main"); err != nil { + if err = netlink.AddrAdd(metaLink, naddr); err != nil { + return err + } + + if err = netlink.LinkSetUp(metaLink); err != nil { + return err + } + + if err = netlink.RouteAdd(&netlink.Route{ + LinkIndex: metaLink.Attrs().Index, + Scope: netlink.SCOPE_LINK, + Protocol: 2, + Src: ip.AsSlice(), + Table: 254, + }); err != nil { return err } if autoRoute { - _ = configInterfaceRouting(interfaceName, addr) + _ = configInterfaceRouting(metaLink.Attrs().Index, interfaceName, ip) } return nil } -func configInterfaceRouting(interfaceName string, addr netip.Prefix) error { - linkIP := addr.Masked().Addr().Next() - +func configInterfaceRouting(index int, interfaceName string, ip netip.Addr) error { for _, route := range defaultRoutes { - if err := execRouterCmd("add", route, interfaceName, linkIP.String(), "main"); err != nil { + _, ipn, err := net.ParseCIDR(route) + if err != nil { + return err + } + + if err := netlink.RouteAdd(&netlink.Route{ + LinkIndex: index, + Scope: netlink.SCOPE_LINK, + Protocol: 2, + Src: ip.AsSlice(), + Dst: ipn, + Table: 254, + }); err != nil { return err } } From b44848c8dc8e5c45cbd90fb77cfcd6628ac547fd Mon Sep 17 00:00:00 2001 From: gVisor bot Date: Sat, 28 May 2022 23:29:03 +0800 Subject: [PATCH 2/7] fix: npe --- config/config.go | 8 +++++--- listener/tun/tun_adapter.go | 6 +----- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/config/config.go b/config/config.go index a4f0e942..d170617e 100644 --- a/config/config.go +++ b/config/config.go @@ -115,7 +115,7 @@ type Tun struct { DNSHijack []netip.AddrPort `yaml:"dns-hijack" json:"dns-hijack"` AutoRoute bool `yaml:"auto-route" json:"auto-route"` AutoDetectInterface bool `yaml:"auto-detect-interface" json:"auto-detect-interface"` - TunAddressPrefix *netip.Prefix `yaml:"-" json:"-"` + TunAddressPrefix netip.Prefix `yaml:"-" json:"-"` } // IPTables config @@ -910,9 +910,11 @@ func parseTun(rawTun RawTun, general *General, dnsCfg *DNS) (*Tun, error) { dnsHijack = append(dnsHijack, addrPort) } - var tunAddressPrefix *netip.Prefix + var tunAddressPrefix netip.Prefix if dnsCfg.FakeIPRange != nil { - tunAddressPrefix = dnsCfg.FakeIPRange.IPNet() + tunAddressPrefix = *dnsCfg.FakeIPRange.IPNet() + } else { + tunAddressPrefix = netip.MustParsePrefix("198.18.0.1/16") } return &Tun{ diff --git a/listener/tun/tun_adapter.go b/listener/tun/tun_adapter.go index 35a9d0a6..9d0cad1b 100644 --- a/listener/tun/tun_adapter.go +++ b/listener/tun/tun_adapter.go @@ -26,7 +26,7 @@ import ( func New(tunConf *config.Tun, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound.PacketAdapter) (ipstack.Stack, error) { var ( - tunAddress = netip.Prefix{} + tunAddress = tunConf.TunAddressPrefix devName = tunConf.Device stackType = tunConf.Stack autoRoute = tunConf.AutoRoute @@ -38,10 +38,6 @@ func New(tunConf *config.Tun, tcpIn chan<- C.ConnContext, udpIn chan<- *inbound. err error ) - if tunConf.TunAddressPrefix != nil { - tunAddress = *tunConf.TunAddressPrefix - } - if devName == "" { devName = generateDeviceName() } From 0c3071f85c745e43b494ea4f322fb95aaf15275a Mon Sep 17 00:00:00 2001 From: gVisor bot Date: Sat, 28 May 2022 23:29:22 +0800 Subject: [PATCH 3/7] fix: route on android --- listener/tun/ipstack/commons/router_android.go | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/listener/tun/ipstack/commons/router_android.go b/listener/tun/ipstack/commons/router_android.go index 812af547..68e90b8e 100644 --- a/listener/tun/ipstack/commons/router_android.go +++ b/listener/tun/ipstack/commons/router_android.go @@ -49,16 +49,6 @@ func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int, return err } - if err = netlink.RouteAdd(&netlink.Route{ - LinkIndex: metaLink.Attrs().Index, - Scope: netlink.SCOPE_LINK, - Protocol: 2, - Src: ip.AsSlice(), - Table: 254, - }); err != nil { - return err - } - if autoRoute { err = configInterfaceRouting(metaLink.Attrs().Index, interfaceName, ip) } @@ -80,7 +70,7 @@ func configInterfaceRouting(index int, interfaceName string, ip netip.Addr) erro Protocol: 2, Src: ip.AsSlice(), Dst: ipn, - Table: 254, + Table: tableId, }); err != nil { return err } From 32d332b8737670aa244fbf152164538a95cd33cf Mon Sep 17 00:00:00 2001 From: gVisor bot Date: Sun, 29 May 2022 15:03:27 +0800 Subject: [PATCH 4/7] =?UTF-8?q?refactor:=20=E4=BD=BF=E7=94=A8=20netlink=20?= =?UTF-8?q?=E9=85=8D=E7=BD=AE=20ip=20rule?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- go.mod | 4 +- go.sum | 6 +- listener/listener.go | 12 ++-- .../tun/ipstack/commons/router_android.go | 65 +++++++++++++------ 4 files changed, 61 insertions(+), 26 deletions(-) diff --git a/go.mod b/go.mod index e629e777..cb9e8ea4 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/oschwald/geoip2-golang v1.7.0 github.com/sirupsen/logrus v1.8.1 github.com/stretchr/testify v1.7.1 - github.com/vishvananda/netlink v1.0.1-0.20190930145447-2ec5bdc52b86 + github.com/vishvananda/netlink v1.2.0-beta.0.20220404152918-5e915e014938 github.com/xtls/go v0.0.0-20210920065950-d4af136d3672 go.etcd.io/bbolt v1.3.6 go.uber.org/atomic v1.9.0 @@ -60,3 +60,5 @@ require ( ) replace golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 => github.com/MetaCubeX/wintun-go v0.0.0-20220319102620-bbc5e6b2015e + +replace github.com/vishvananda/netlink v1.2.0-beta.0.20220404152918-5e915e014938 => github.com/MetaCubeX/netlink v1.2.0-beta.0.20220428021510-cbf1fc89c622 diff --git a/go.sum b/go.sum index bb38823c..83bb085b 100644 --- a/go.sum +++ b/go.sum @@ -10,6 +10,8 @@ git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGy github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/Dreamacro/go-shadowsocks2 v0.1.8 h1:Ixejp5JscEc866gAvm/l6TFd7BOBvDviKgwb1quWw3g= github.com/Dreamacro/go-shadowsocks2 v0.1.8/go.mod h1:51y4Q6tJoCE7e8TmYXcQRqfoxPfE9Cvn79V6pB6Df7Y= +github.com/MetaCubeX/netlink v1.2.0-beta.0.20220428021510-cbf1fc89c622 h1:Rs71V26e5N/5EEK2p2o2iG763sAjD4lit4ob061Tf9E= +github.com/MetaCubeX/netlink v1.2.0-beta.0.20220428021510-cbf1fc89c622/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= github.com/MetaCubeX/wintun-go v0.0.0-20220319102620-bbc5e6b2015e h1:GRfT5Lf8HP7RNczKIwTYLoCh1PPuIs/sY9hj+W+3deg= github.com/MetaCubeX/wintun-go v0.0.0-20220319102620-bbc5e6b2015e/go.mod h1:ARUuShAtcziEJ/vnZ2hgoP+zc0J7Ukcca2S/NPDoQCc= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= @@ -202,8 +204,7 @@ github.com/u-root/uio v0.0.0-20220204230159-dac05f7d2cb4 h1:hl6sK6aFgTLISijk6xIz github.com/u-root/uio v0.0.0-20220204230159-dac05f7d2cb4/go.mod h1:LpEX5FO/cB+WF4TYGY1V5qktpaZLkKkSegbr0V4eYXA= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/vishvananda/netlink v1.0.1-0.20190930145447-2ec5bdc52b86 h1:7SWt9pGCMaw+N1ZhRsaLKaYNviFhxambdoaoYlDqz1w= -github.com/vishvananda/netlink v1.0.1-0.20190930145447-2ec5bdc52b86/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= +github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg= github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/xtls/go v0.0.0-20210920065950-d4af136d3672 h1:4mkzGhKqt3JO1BWYjtD3iRFyAx4ow67hmSqOcGjuxqQ= @@ -297,6 +298,7 @@ golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/listener/listener.go b/listener/listener.go index 80429dd7..abedb842 100644 --- a/listener/listener.go +++ b/listener/listener.go @@ -2,9 +2,9 @@ package proxy import ( "fmt" - "github.com/Dreamacro/clash/common/cmd" "github.com/Dreamacro/clash/listener/inner" "github.com/Dreamacro/clash/listener/tun/ipstack/commons" + "github.com/vishvananda/netlink" "net" "runtime" "sort" @@ -457,9 +457,13 @@ func Cleanup(wait bool) { } if runtime.GOOS == "android" { - prefs := []int{9000, 9001, 9002, 9003, 9004} - for _, pref := range prefs { - _, _ = cmd.ExecCmd(fmt.Sprintf("ip rule del pref %d", pref)) + r := netlink.NewRule() + for i := 0; i < 5; i++ { + r.Priority = 9000 + i*10 + err := netlink.RuleDel(r) + if err != nil { + log.Warnln("[TOUTE] cleanup route rule: %s", err) + } } } } diff --git a/listener/tun/ipstack/commons/router_android.go b/listener/tun/ipstack/commons/router_android.go index 68e90b8e..8c8c3a34 100644 --- a/listener/tun/ipstack/commons/router_android.go +++ b/listener/tun/ipstack/commons/router_android.go @@ -57,6 +57,7 @@ func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int, func configInterfaceRouting(index int, interfaceName string, ip netip.Addr) error { const tableId = 1981801 + var pref = 9000 for _, route := range defaultRoutes { _, ipn, err := net.ParseCIDR(route) @@ -75,25 +76,51 @@ func configInterfaceRouting(index int, interfaceName string, ip netip.Addr) erro return err } } - execAddRuleCmd(fmt.Sprintf("lookup main pref 9000")) - execAddRuleCmd(fmt.Sprintf("from 0.0.0.0 iif lo uidrange 0-4294967294 lookup %d pref 9001", tableId)) - execAddRuleCmd(fmt.Sprintf("from %s iif lo uidrange 0-4294967294 lookup %d pref 9002", ip, tableId)) - execAddRuleCmd(fmt.Sprintf("from all iif %s lookup main suppress_prefixlength 0 pref 9003", interfaceName)) - execAddRuleCmd(fmt.Sprintf("not from all iif lo lookup %d pref 9004", tableId)) + + logIfErr := func(e error) { + if e != nil { + log.Warnln("[TOUTE] config route rule: %s", e) + } + } + + var r *netlink.Rule + r = netlink.NewRule() + r.Table = 254 + r.Priority = pref + logIfErr(netlink.RuleAdd(r)) + pref += 10 + + r = netlink.NewRule() + _, nl, _ := net.ParseCIDR("0.0.0.0/32") + r.Table = tableId + r.Priority = pref + r.Src = nl + r.IifName = "lo" + r.UID = netlink.NewRuleUIDRange(0, 4294967294) + logIfErr(netlink.RuleAdd(r)) + pref += 10 + + _, nl, _ = net.ParseCIDR(ip.String()) + r.Priority = pref + r.Src = nl + logIfErr(netlink.RuleAdd(r)) + pref += 10 + + r = netlink.NewRule() + r.Table = 254 + r.Priority = pref + r.IifName = interfaceName + r.SuppressPrefixlen = 0 + logIfErr(netlink.RuleAdd(r)) + pref += 10 + + r = netlink.NewRule() + r.Table = tableId + r.Priority = pref + r.IifName = "lo" + r.SuppressPrefixlen = 0 + r.Invert = true + logIfErr(netlink.RuleAdd(r)) return nil } - -func execAddRuleCmd(rule string) { - _, err := cmd.ExecCmd("ip rule add " + rule) - if err != nil { - log.Warnln("%s", err) - } -} - -func execRouterCmd(action, route, interfaceName, linkIP, table string) error { - cmdStr := fmt.Sprintf("ip route %s %s dev %s proto kernel scope link src %s table %s", action, route, interfaceName, linkIP, table) - - _, err := cmd.ExecCmd(cmdStr) - return err -} From 54c131e558d9bd7a014a4fde0512db22202c1ed9 Mon Sep 17 00:00:00 2001 From: gVisor bot Date: Sun, 29 May 2022 15:35:08 +0800 Subject: [PATCH 5/7] =?UTF-8?q?refactor:=20=E4=BD=BF=E7=94=A8=20netlink=20?= =?UTF-8?q?=E8=8E=B7=E5=8F=96=E9=BB=98=E8=AE=A4=E7=BD=91=E5=8D=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- go.mod | 2 +- go.sum | 4 ++-- .../tun/ipstack/commons/router_android.go | 23 +++++++++++-------- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index cb9e8ea4..e4a64444 100644 --- a/go.mod +++ b/go.mod @@ -61,4 +61,4 @@ require ( replace golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 => github.com/MetaCubeX/wintun-go v0.0.0-20220319102620-bbc5e6b2015e -replace github.com/vishvananda/netlink v1.2.0-beta.0.20220404152918-5e915e014938 => github.com/MetaCubeX/netlink v1.2.0-beta.0.20220428021510-cbf1fc89c622 +replace github.com/vishvananda/netlink v1.2.0-beta.0.20220404152918-5e915e014938 => github.com/MetaCubeX/netlink v1.2.0-beta.0.20220529072258-d6853f887820 diff --git a/go.sum b/go.sum index 83bb085b..5079b59e 100644 --- a/go.sum +++ b/go.sum @@ -10,8 +10,8 @@ git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGy github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/Dreamacro/go-shadowsocks2 v0.1.8 h1:Ixejp5JscEc866gAvm/l6TFd7BOBvDviKgwb1quWw3g= github.com/Dreamacro/go-shadowsocks2 v0.1.8/go.mod h1:51y4Q6tJoCE7e8TmYXcQRqfoxPfE9Cvn79V6pB6Df7Y= -github.com/MetaCubeX/netlink v1.2.0-beta.0.20220428021510-cbf1fc89c622 h1:Rs71V26e5N/5EEK2p2o2iG763sAjD4lit4ob061Tf9E= -github.com/MetaCubeX/netlink v1.2.0-beta.0.20220428021510-cbf1fc89c622/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= +github.com/MetaCubeX/netlink v1.2.0-beta.0.20220529072258-d6853f887820 h1:fGKWZ25VApYnuPZoNeqdH/nZtHa2XMajwH6Yj/OgoVc= +github.com/MetaCubeX/netlink v1.2.0-beta.0.20220529072258-d6853f887820/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= github.com/MetaCubeX/wintun-go v0.0.0-20220319102620-bbc5e6b2015e h1:GRfT5Lf8HP7RNczKIwTYLoCh1PPuIs/sY9hj+W+3deg= github.com/MetaCubeX/wintun-go v0.0.0-20220319102620-bbc5e6b2015e/go.mod h1:ARUuShAtcziEJ/vnZ2hgoP+zc0J7Ukcca2S/NPDoQCc= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= diff --git a/listener/tun/ipstack/commons/router_android.go b/listener/tun/ipstack/commons/router_android.go index 8c8c3a34..5abaee94 100644 --- a/listener/tun/ipstack/commons/router_android.go +++ b/listener/tun/ipstack/commons/router_android.go @@ -2,27 +2,30 @@ package commons import ( "fmt" - "github.com/Dreamacro/clash/common/cmd" "github.com/Dreamacro/clash/listener/tun/device" "github.com/Dreamacro/clash/log" "github.com/vishvananda/netlink" "net" "net/netip" - "strings" ) func GetAutoDetectInterface() (ifn string, err error) { - cmdRes, err := cmd.ExecCmd("ip route get 1.1.1.1 uid 4294967295") - - sps := strings.Split(cmdRes, " ") - if len(sps) > 4 { - ifn = sps[4] + routes, err := netlink.RouteGetWithOptions( + net.ParseIP("1.1.1.1"), + &netlink.RouteGetOptions{ + Uid: &netlink.UID{Uid: 4294967295}, + }) + if err != nil { + return "", err } - if ifn == "" { - err = fmt.Errorf("interface not found") + for _, route := range routes { + if lk, err := netlink.LinkByIndex(route.LinkIndex); err == nil { + return lk.Attrs().Name, nil + } } - return + + return "", fmt.Errorf("interface not found") } func ConfigInterfaceAddress(dev device.Device, addr netip.Prefix, forceMTU int, autoRoute bool) error { From 6a5cdb7793781cf380d18934f3f769887cfe4e50 Mon Sep 17 00:00:00 2001 From: gVisor bot Date: Sun, 29 May 2022 18:12:43 +0800 Subject: [PATCH 6/7] =?UTF-8?q?chore:=20=E8=B0=83=E6=95=B4uid=E7=B3=BB?= =?UTF-8?q?=E7=BB=9F=E5=88=A4=E6=96=AD=E4=BD=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- rule/common/uid.go | 5 +++++ rule/logic/common.go | 7 +------ rule/parser.go | 7 +------ rule/provider/parse.go | 7 +------ 4 files changed, 8 insertions(+), 18 deletions(-) diff --git a/rule/common/uid.go b/rule/common/uid.go index 00f0c3d8..d5321581 100644 --- a/rule/common/uid.go +++ b/rule/common/uid.go @@ -1,10 +1,12 @@ package common import ( + "fmt" "github.com/Dreamacro/clash/common/utils" "github.com/Dreamacro/clash/component/process" C "github.com/Dreamacro/clash/constant" "github.com/Dreamacro/clash/log" + "runtime" "strconv" "strings" ) @@ -20,6 +22,9 @@ func NewUid(oUid, adapter string) (*Uid, error) { //if len(_uids) > 28 { // return nil, fmt.Errorf("%s, too many uid to use, maximum support 28 uid", errPayload.Error()) //} + if !(runtime.GOOS == "linux" || runtime.GOOS == "android") { + return nil, fmt.Errorf("uid rule not support this platform") + } var uidRange []utils.Range[int32] for _, u := range strings.Split(oUid, "/") { diff --git a/rule/logic/common.go b/rule/logic/common.go index 18bdddf8..4272b943 100644 --- a/rule/logic/common.go +++ b/rule/logic/common.go @@ -11,7 +11,6 @@ import ( "net/http" "os" "regexp" - "runtime" "strings" ) @@ -106,11 +105,7 @@ func parseRule(tp, payload string, params []string) (C.Rule, error) { noResolve := RC.HasNoResolve(params) parsed, parseErr = provider.NewRuleSet(payload, "", noResolve) case "UID": - if runtime.GOOS == "linux" || runtime.GOOS == "android" { - parsed, parseErr = RC.NewUid(payload, "") - } else { - parseErr = fmt.Errorf("uid rule not support this platform") - } + parsed, parseErr = RC.NewUid(payload, "") case "IN-TYPE": parsed, parseErr = RC.NewInType(payload, "") case "NOT": diff --git a/rule/parser.go b/rule/parser.go index e82e3fda..660f1575 100644 --- a/rule/parser.go +++ b/rule/parser.go @@ -6,7 +6,6 @@ import ( RC "github.com/Dreamacro/clash/rule/common" "github.com/Dreamacro/clash/rule/logic" RP "github.com/Dreamacro/clash/rule/provider" - "runtime" ) func ParseRule(tp, payload, target string, params []string) (C.Rule, error) { @@ -43,11 +42,7 @@ func ParseRule(tp, payload, target string, params []string) (C.Rule, error) { case "NETWORK": parsed, parseErr = RC.NewNetworkType(payload, target) case "UID": - if runtime.GOOS == "linux" || runtime.GOOS == "android" { - parsed, parseErr = RC.NewUid(payload, target) - } else { - parseErr = fmt.Errorf("uid rule not support this platform") - } + parsed, parseErr = RC.NewUid(payload, target) case "IN-TYPE": parsed, parseErr = RC.NewInType(payload, target) case "AND": diff --git a/rule/provider/parse.go b/rule/provider/parse.go index f1604d46..ae53203b 100644 --- a/rule/provider/parse.go +++ b/rule/provider/parse.go @@ -7,7 +7,6 @@ import ( C "github.com/Dreamacro/clash/constant" P "github.com/Dreamacro/clash/constant/provider" RC "github.com/Dreamacro/clash/rule/common" - "runtime" "time" ) @@ -86,11 +85,7 @@ func parseRule(tp, payload, target string, params []string) (C.Rule, error) { case "NETWORK": parsed, parseErr = RC.NewNetworkType(payload, target) case "UID": - if runtime.GOOS == "linux" || runtime.GOOS == "android" { - parsed, parseErr = RC.NewUid(payload, target) - } else { - parseErr = fmt.Errorf("uid rule not support this platform") - } + parsed, parseErr = RC.NewUid(payload, target) case "IN-TYPE": parsed, parseErr = RC.NewInType(payload, target) default: From abf999d80fd521441b4b58c2e4e6b6520c239105 Mon Sep 17 00:00:00 2001 From: gVisor bot Date: Sun, 29 May 2022 20:00:38 +0800 Subject: [PATCH 7/7] fix: compile --- Makefile | 6 +++--- listener/listener.go | 13 +------------ listener/tun/ipstack/commons/router_android.go | 11 +++++++++++ listener/tun/ipstack/commons/router_darwin.go | 2 ++ listener/tun/ipstack/commons/router_linux.go | 2 ++ listener/tun/ipstack/commons/router_others.go | 2 ++ listener/tun/ipstack/commons/router_windows.go | 2 ++ 7 files changed, 23 insertions(+), 15 deletions(-) diff --git a/Makefile b/Makefile index f0a0618d..1a87f518 100644 --- a/Makefile +++ b/Makefile @@ -47,9 +47,9 @@ WINDOWS_ARCH_LIST = \ windows-arm64 \ windows-arm32v7 -all:linux-amd64 linux-arm64\ - darwin-amd64 darwin-arm64\ - windows-amd64 windows-arm64\ +all:linux-amd64v3 linux-arm64\ + darwin-amd64v3 darwin-arm64\ + windows-amd64v3 windows-arm64\ docker: GOAMD64=v3 $(GOBUILD) -o $(BINDIR)/$(NAME)-$@ diff --git a/listener/listener.go b/listener/listener.go index abedb842..29f6d441 100644 --- a/listener/listener.go +++ b/listener/listener.go @@ -4,9 +4,7 @@ import ( "fmt" "github.com/Dreamacro/clash/listener/inner" "github.com/Dreamacro/clash/listener/tun/ipstack/commons" - "github.com/vishvananda/netlink" "net" - "runtime" "sort" "strconv" "sync" @@ -456,16 +454,7 @@ func Cleanup(wait bool) { commons.WaitForTunClose(lastTunConf.Device) } - if runtime.GOOS == "android" { - r := netlink.NewRule() - for i := 0; i < 5; i++ { - r.Priority = 9000 + i*10 - err := netlink.RuleDel(r) - if err != nil { - log.Warnln("[TOUTE] cleanup route rule: %s", err) - } - } - } + commons.CleanupRule() } tunStackListener = nil lastTunConf = nil diff --git a/listener/tun/ipstack/commons/router_android.go b/listener/tun/ipstack/commons/router_android.go index 5abaee94..172c9ce3 100644 --- a/listener/tun/ipstack/commons/router_android.go +++ b/listener/tun/ipstack/commons/router_android.go @@ -127,3 +127,14 @@ func configInterfaceRouting(index int, interfaceName string, ip netip.Addr) erro return nil } + +func CleanupRule() { + r := netlink.NewRule() + for i := 0; i < 5; i++ { + r.Priority = 9000 + i*10 + err := netlink.RuleDel(r) + if err != nil { + log.Warnln("[TOUTE] cleanup route rule: %s", err) + } + } +} diff --git a/listener/tun/ipstack/commons/router_darwin.go b/listener/tun/ipstack/commons/router_darwin.go index 47e3db1a..3132fced 100644 --- a/listener/tun/ipstack/commons/router_darwin.go +++ b/listener/tun/ipstack/commons/router_darwin.go @@ -61,3 +61,5 @@ func execRouterCmd(action, inet, route string, interfaceName string) error { _, err := cmd.ExecCmd(fmt.Sprintf("route %s %s %s -interface %s", action, inet, route, interfaceName)) return err } + +func CleanupRule() {} diff --git a/listener/tun/ipstack/commons/router_linux.go b/listener/tun/ipstack/commons/router_linux.go index 9428accb..d5f3edab 100644 --- a/listener/tun/ipstack/commons/router_linux.go +++ b/listener/tun/ipstack/commons/router_linux.go @@ -103,3 +103,5 @@ func execRouterCmd(action, route, interfaceName, linkIP, table string) error { _, err := cmd.ExecCmd(cmdStr) return err } + +func CleanupRule() {} diff --git a/listener/tun/ipstack/commons/router_others.go b/listener/tun/ipstack/commons/router_others.go index 6c8ea341..dfc409f4 100644 --- a/listener/tun/ipstack/commons/router_others.go +++ b/listener/tun/ipstack/commons/router_others.go @@ -17,3 +17,5 @@ func GetAutoDetectInterface() (string, error) { func ConfigInterfaceAddress(device.Device, netip.Prefix, int, bool) error { return fmt.Errorf("unsupported on this OS: %s", runtime.GOOS) } + +func CleanupRule() {} diff --git a/listener/tun/ipstack/commons/router_windows.go b/listener/tun/ipstack/commons/router_windows.go index b29b20ab..2abfa0ff 100644 --- a/listener/tun/ipstack/commons/router_windows.go +++ b/listener/tun/ipstack/commons/router_windows.go @@ -269,3 +269,5 @@ func getAutoDetectInterfaceByFamily(family winipcfg.AddressFamily) (string, erro return "", errors.New("ethernet interface not found") } + +func CleanupRule() {}