Chore: move find connection process to tunnel (#2016)
This commit is contained in:
parent
9683c297a7
commit
b866f06414
16 changed files with 84 additions and 64 deletions
|
@ -3,7 +3,6 @@ package process
|
||||||
import (
|
import (
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"net"
|
"net"
|
||||||
"path/filepath"
|
|
||||||
"syscall"
|
"syscall"
|
||||||
"unsafe"
|
"unsafe"
|
||||||
|
|
||||||
|
@ -96,7 +95,7 @@ func getExecPathFromPID(pid uint32) (string, error) {
|
||||||
return "", errno
|
return "", errno
|
||||||
}
|
}
|
||||||
|
|
||||||
return filepath.Base(unix.ByteSliceToString(buf)), nil
|
return unix.ByteSliceToString(buf), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func readNativeUint32(b []byte) uint32 {
|
func readNativeUint32(b []byte) uint32 {
|
||||||
|
|
|
@ -4,7 +4,6 @@ import (
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"path/filepath"
|
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
@ -77,7 +76,7 @@ func getExecPathFromPID(pid uint32) (string, error) {
|
||||||
return "", errno
|
return "", errno
|
||||||
}
|
}
|
||||||
|
|
||||||
return filepath.Base(string(buf[:size-1])), nil
|
return string(buf[:size-1]), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func readNativeUint32(b []byte) uint32 {
|
func readNativeUint32(b []byte) uint32 {
|
||||||
|
|
|
@ -7,7 +7,6 @@ import (
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
"path/filepath"
|
|
||||||
"strings"
|
"strings"
|
||||||
"syscall"
|
"syscall"
|
||||||
"unicode"
|
"unicode"
|
||||||
|
@ -68,9 +67,8 @@ func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int32, int3
|
||||||
}
|
}
|
||||||
defer syscall.Close(socket)
|
defer syscall.Close(socket)
|
||||||
|
|
||||||
syscall.SetNonblock(socket, true)
|
syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 100})
|
||||||
syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 50})
|
syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 100})
|
||||||
syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 50})
|
|
||||||
|
|
||||||
if err := syscall.Connect(socket, &syscall.SockaddrNetlink{
|
if err := syscall.Connect(socket, &syscall.SockaddrNetlink{
|
||||||
Family: syscall.AF_NETLINK,
|
Family: syscall.AF_NETLINK,
|
||||||
|
@ -198,12 +196,7 @@ func resolveProcessNameByProcSearch(inode, uid int32) (string, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if bytes.Equal(buffer[:n], socket) {
|
if bytes.Equal(buffer[:n], socket) {
|
||||||
cmdline, err := os.ReadFile(path.Join(processPath, "cmdline"))
|
return os.Readlink(path.Join(processPath, "exe"))
|
||||||
if err != nil {
|
|
||||||
return "", err
|
|
||||||
}
|
|
||||||
|
|
||||||
return splitCmdline(cmdline), nil
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -211,14 +204,6 @@ func resolveProcessNameByProcSearch(inode, uid int32) (string, error) {
|
||||||
return "", fmt.Errorf("process of uid(%d),inode(%d) not found", uid, inode)
|
return "", fmt.Errorf("process of uid(%d),inode(%d) not found", uid, inode)
|
||||||
}
|
}
|
||||||
|
|
||||||
func splitCmdline(cmdline []byte) string {
|
|
||||||
idx := bytes.IndexFunc(cmdline, func(r rune) bool {
|
|
||||||
return unicode.IsControl(r) || unicode.IsSpace(r)
|
|
||||||
})
|
|
||||||
|
|
||||||
return filepath.Base(string(cmdline[:idx]))
|
|
||||||
}
|
|
||||||
|
|
||||||
func isPid(s string) bool {
|
func isPid(s string) bool {
|
||||||
return strings.IndexFunc(s, func(r rune) bool {
|
return strings.IndexFunc(s, func(r rune) bool {
|
||||||
return !unicode.IsDigit(r)
|
return !unicode.IsDigit(r)
|
||||||
|
|
|
@ -3,7 +3,6 @@ package process
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"path/filepath"
|
|
||||||
"sync"
|
"sync"
|
||||||
"syscall"
|
"syscall"
|
||||||
"unsafe"
|
"unsafe"
|
||||||
|
@ -220,5 +219,5 @@ func getExecPathFromPID(pid uint32) (string, error) {
|
||||||
if r1 == 0 {
|
if r1 == 0 {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
return filepath.Base(syscall.UTF16ToString(buf[:size])), nil
|
return syscall.UTF16ToString(buf[:size]), nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -63,15 +63,16 @@ func (t Type) MarshalJSON() ([]byte, error) {
|
||||||
|
|
||||||
// Metadata is used to store connection address
|
// Metadata is used to store connection address
|
||||||
type Metadata struct {
|
type Metadata struct {
|
||||||
NetWork NetWork `json:"network"`
|
NetWork NetWork `json:"network"`
|
||||||
Type Type `json:"type"`
|
Type Type `json:"type"`
|
||||||
SrcIP net.IP `json:"sourceIP"`
|
SrcIP net.IP `json:"sourceIP"`
|
||||||
DstIP net.IP `json:"destinationIP"`
|
DstIP net.IP `json:"destinationIP"`
|
||||||
SrcPort string `json:"sourcePort"`
|
SrcPort string `json:"sourcePort"`
|
||||||
DstPort string `json:"destinationPort"`
|
DstPort string `json:"destinationPort"`
|
||||||
AddrType int `json:"-"`
|
AddrType int `json:"-"`
|
||||||
Host string `json:"host"`
|
Host string `json:"host"`
|
||||||
DNSMode DNSMode `json:"dnsMode"`
|
DNSMode DNSMode `json:"dnsMode"`
|
||||||
|
ProcessPath string `json:"processPath"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *Metadata) RemoteAddress() string {
|
func (m *Metadata) RemoteAddress() string {
|
||||||
|
|
|
@ -11,6 +11,7 @@ const (
|
||||||
SrcPort
|
SrcPort
|
||||||
DstPort
|
DstPort
|
||||||
Process
|
Process
|
||||||
|
ProcessPath
|
||||||
MATCH
|
MATCH
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -36,6 +37,8 @@ func (rt RuleType) String() string {
|
||||||
return "DstPort"
|
return "DstPort"
|
||||||
case Process:
|
case Process:
|
||||||
return "Process"
|
return "Process"
|
||||||
|
case ProcessPath:
|
||||||
|
return "ProcessPath"
|
||||||
case MATCH:
|
case MATCH:
|
||||||
return "Match"
|
return "Match"
|
||||||
default:
|
default:
|
||||||
|
@ -49,4 +52,5 @@ type Rule interface {
|
||||||
Adapter() string
|
Adapter() string
|
||||||
Payload() string
|
Payload() string
|
||||||
ShouldResolveIP() bool
|
ShouldResolveIP() bool
|
||||||
|
ShouldFindProcess() bool
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,6 +34,10 @@ func (d *Domain) ShouldResolveIP() bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (d *Domain) ShouldFindProcess() bool {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
func NewDomain(domain string, adapter string) *Domain {
|
func NewDomain(domain string, adapter string) *Domain {
|
||||||
return &Domain{
|
return &Domain{
|
||||||
domain: strings.ToLower(domain),
|
domain: strings.ToLower(domain),
|
||||||
|
|
|
@ -35,6 +35,10 @@ func (dk *DomainKeyword) ShouldResolveIP() bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (dk *DomainKeyword) ShouldFindProcess() bool {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
func NewDomainKeyword(keyword string, adapter string) *DomainKeyword {
|
func NewDomainKeyword(keyword string, adapter string) *DomainKeyword {
|
||||||
return &DomainKeyword{
|
return &DomainKeyword{
|
||||||
keyword: strings.ToLower(keyword),
|
keyword: strings.ToLower(keyword),
|
||||||
|
|
|
@ -35,6 +35,10 @@ func (ds *DomainSuffix) ShouldResolveIP() bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (ds *DomainSuffix) ShouldFindProcess() bool {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
func NewDomainSuffix(suffix string, adapter string) *DomainSuffix {
|
func NewDomainSuffix(suffix string, adapter string) *DomainSuffix {
|
||||||
return &DomainSuffix{
|
return &DomainSuffix{
|
||||||
suffix: strings.ToLower(suffix),
|
suffix: strings.ToLower(suffix),
|
||||||
|
|
|
@ -28,6 +28,10 @@ func (f *Match) ShouldResolveIP() bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (f *Match) ShouldFindProcess() bool {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
func NewMatch(adapter string) *Match {
|
func NewMatch(adapter string) *Match {
|
||||||
return &Match{
|
return &Match{
|
||||||
adapter: adapter,
|
adapter: adapter,
|
||||||
|
|
|
@ -42,6 +42,10 @@ func (g *GEOIP) ShouldResolveIP() bool {
|
||||||
return !g.noResolveIP
|
return !g.noResolveIP
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (g *GEOIP) ShouldFindProcess() bool {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
func NewGEOIP(country string, adapter string, noResolveIP bool) *GEOIP {
|
func NewGEOIP(country string, adapter string, noResolveIP bool) *GEOIP {
|
||||||
geoip := &GEOIP{
|
geoip := &GEOIP{
|
||||||
country: country,
|
country: country,
|
||||||
|
|
|
@ -54,6 +54,10 @@ func (i *IPCIDR) ShouldResolveIP() bool {
|
||||||
return !i.noResolveIP
|
return !i.noResolveIP
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (i *IPCIDR) ShouldFindProcess() bool {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
func NewIPCIDR(s string, adapter string, opts ...IPCIDROption) (*IPCIDR, error) {
|
func NewIPCIDR(s string, adapter string, opts ...IPCIDROption) (*IPCIDR, error) {
|
||||||
_, ipnet, err := net.ParseCIDR(s)
|
_, ipnet, err := net.ParseCIDR(s)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -32,7 +32,9 @@ func ParseRule(tp, payload, target string, params []string) (C.Rule, error) {
|
||||||
case "DST-PORT":
|
case "DST-PORT":
|
||||||
parsed, parseErr = NewPort(payload, target, false)
|
parsed, parseErr = NewPort(payload, target, false)
|
||||||
case "PROCESS-NAME":
|
case "PROCESS-NAME":
|
||||||
parsed, parseErr = NewProcess(payload, target)
|
parsed, parseErr = NewProcess(payload, target, true)
|
||||||
|
case "PROCESS-PATH":
|
||||||
|
parsed, parseErr = NewProcess(payload, target, false)
|
||||||
case "MATCH":
|
case "MATCH":
|
||||||
parsed = NewMatch(target)
|
parsed = NewMatch(target)
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -38,6 +38,10 @@ func (p *Port) ShouldResolveIP() bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (p *Port) ShouldFindProcess() bool {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
func NewPort(port string, adapter string, isSource bool) (*Port, error) {
|
func NewPort(port string, adapter string, isSource bool) (*Port, error) {
|
||||||
_, err := strconv.ParseUint(port, 10, 16)
|
_, err := strconv.ParseUint(port, 10, 16)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -1,21 +1,16 @@
|
||||||
package rules
|
package rules
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"path/filepath"
|
||||||
"strconv"
|
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/Dreamacro/clash/common/cache"
|
|
||||||
"github.com/Dreamacro/clash/component/process"
|
|
||||||
C "github.com/Dreamacro/clash/constant"
|
C "github.com/Dreamacro/clash/constant"
|
||||||
"github.com/Dreamacro/clash/log"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var processCache = cache.NewLRUCache(cache.WithAge(2), cache.WithSize(64))
|
|
||||||
|
|
||||||
type Process struct {
|
type Process struct {
|
||||||
adapter string
|
adapter string
|
||||||
process string
|
process string
|
||||||
|
nameOnly bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ps *Process) RuleType() C.RuleType {
|
func (ps *Process) RuleType() C.RuleType {
|
||||||
|
@ -23,26 +18,11 @@ func (ps *Process) RuleType() C.RuleType {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ps *Process) Match(metadata *C.Metadata) bool {
|
func (ps *Process) Match(metadata *C.Metadata) bool {
|
||||||
key := fmt.Sprintf("%s:%s:%s", metadata.NetWork.String(), metadata.SrcIP.String(), metadata.SrcPort)
|
if ps.nameOnly {
|
||||||
cached, hit := processCache.Get(key)
|
return strings.EqualFold(filepath.Base(metadata.ProcessPath), ps.process)
|
||||||
if !hit {
|
|
||||||
srcPort, err := strconv.Atoi(metadata.SrcPort)
|
|
||||||
if err != nil {
|
|
||||||
processCache.Set(key, "")
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
name, err := process.FindProcessName(metadata.NetWork.String(), metadata.SrcIP, srcPort)
|
|
||||||
if err != nil {
|
|
||||||
log.Debugln("[Rule] find process name %s error: %s", C.Process.String(), err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
processCache.Set(key, name)
|
|
||||||
|
|
||||||
cached = name
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return strings.EqualFold(cached.(string), ps.process)
|
return strings.EqualFold(metadata.ProcessPath, ps.process)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ps *Process) Adapter() string {
|
func (ps *Process) Adapter() string {
|
||||||
|
@ -57,9 +37,14 @@ func (ps *Process) ShouldResolveIP() bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewProcess(process string, adapter string) (*Process, error) {
|
func (ps *Process) ShouldFindProcess() bool {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewProcess(process string, adapter string, nameOnly bool) (*Process, error) {
|
||||||
return &Process{
|
return &Process{
|
||||||
adapter: adapter,
|
adapter: adapter,
|
||||||
process: process,
|
process: process,
|
||||||
|
nameOnly: nameOnly,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,11 +5,13 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"runtime"
|
"runtime"
|
||||||
|
"strconv"
|
||||||
"sync"
|
"sync"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/Dreamacro/clash/adapter/inbound"
|
"github.com/Dreamacro/clash/adapter/inbound"
|
||||||
"github.com/Dreamacro/clash/component/nat"
|
"github.com/Dreamacro/clash/component/nat"
|
||||||
|
P "github.com/Dreamacro/clash/component/process"
|
||||||
"github.com/Dreamacro/clash/component/resolver"
|
"github.com/Dreamacro/clash/component/resolver"
|
||||||
C "github.com/Dreamacro/clash/constant"
|
C "github.com/Dreamacro/clash/constant"
|
||||||
"github.com/Dreamacro/clash/constant/provider"
|
"github.com/Dreamacro/clash/constant/provider"
|
||||||
|
@ -308,6 +310,7 @@ func match(metadata *C.Metadata) (C.Proxy, C.Rule, error) {
|
||||||
defer configMux.RUnlock()
|
defer configMux.RUnlock()
|
||||||
|
|
||||||
var resolved bool
|
var resolved bool
|
||||||
|
var processFound bool
|
||||||
|
|
||||||
if node := resolver.DefaultHosts.Search(metadata.Host); node != nil {
|
if node := resolver.DefaultHosts.Search(metadata.Host); node != nil {
|
||||||
ip := node.Data.(net.IP)
|
ip := node.Data.(net.IP)
|
||||||
|
@ -327,6 +330,21 @@ func match(metadata *C.Metadata) (C.Proxy, C.Rule, error) {
|
||||||
resolved = true
|
resolved = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !processFound && rule.ShouldFindProcess() {
|
||||||
|
processFound = true
|
||||||
|
|
||||||
|
srcPort, err := strconv.Atoi(metadata.SrcPort)
|
||||||
|
if err == nil {
|
||||||
|
path, err := P.FindProcessName(metadata.NetWork.String(), metadata.SrcIP, srcPort)
|
||||||
|
if err != nil {
|
||||||
|
log.Debugln("[Process] find process %s: %v", metadata.String(), err)
|
||||||
|
} else {
|
||||||
|
log.Debugln("[Process] %s from process %s", metadata.String(), path)
|
||||||
|
metadata.ProcessPath = path
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if rule.Match(metadata) {
|
if rule.Match(metadata) {
|
||||||
adapter, ok := proxies[rule.Adapter()]
|
adapter, ok := proxies[rule.Adapter()]
|
||||||
if !ok {
|
if !ok {
|
||||||
|
|
Loading…
Reference in a new issue