From ae1e1dc9f6f2a920b1fc37c552c3763ffa86fa92 Mon Sep 17 00:00:00 2001 From: Dreamacro <305009791@qq.com> Date: Sun, 19 Jul 2020 13:17:05 +0800 Subject: [PATCH] Feature: support PROCESS-NAME on macOS --- config/config.go | 4 + constant/rule.go | 3 + rules/base.go | 5 +- rules/parser.go | 2 + rules/process_darwin.go | 171 ++++++++++++++++++++++++++++++++++++++++ rules/process_other.go | 11 +++ 6 files changed, 194 insertions(+), 2 deletions(-) create mode 100644 rules/process_darwin.go create mode 100644 rules/process_other.go diff --git a/config/config.go b/config/config.go index a715e40c..3db0e5bd 100644 --- a/config/config.go +++ b/config/config.go @@ -382,6 +382,10 @@ func parseRules(cfg *RawConfig, proxies map[string]C.Proxy) ([]C.Rule, error) { parsed, parseErr := R.ParseRule(rule[0], payload, target, params) if parseErr != nil { + if parseErr == R.ErrPlatformNotSupport { + log.Warnln("Rules[%d] [%s] don't support current OS, skip", idx, line) + continue + } return nil, fmt.Errorf("Rules[%d] [%s] error: %s", idx, line, parseErr.Error()) } diff --git a/constant/rule.go b/constant/rule.go index 4db333b4..6774589d 100644 --- a/constant/rule.go +++ b/constant/rule.go @@ -10,6 +10,7 @@ const ( SrcIPCIDR SrcPort DstPort + Process MATCH ) @@ -33,6 +34,8 @@ func (rt RuleType) String() string { return "SrcPort" case DstPort: return "DstPort" + case Process: + return "Process" case MATCH: return "Match" default: diff --git a/rules/base.go b/rules/base.go index 793cad7e..dbe91abf 100644 --- a/rules/base.go +++ b/rules/base.go @@ -5,8 +5,9 @@ import ( ) var ( - errPayload = errors.New("payload error") - errParams = errors.New("params error") + errPayload = errors.New("payload error") + errParams = errors.New("params error") + ErrPlatformNotSupport = errors.New("not support on this platform") noResolve = "no-resolve" ) diff --git a/rules/parser.go b/rules/parser.go index 2f09e793..6e78b8fa 100644 --- a/rules/parser.go +++ b/rules/parser.go @@ -31,6 +31,8 @@ func ParseRule(tp, payload, target string, params []string) (C.Rule, error) { parsed, parseErr = NewPort(payload, target, true) case "DST-PORT": parsed, parseErr = NewPort(payload, target, false) + case "PROCESS-NAME": + parsed, parseErr = NewProcess(payload, target) case "MATCH": parsed = NewMatch(target) default: diff --git a/rules/process_darwin.go b/rules/process_darwin.go new file mode 100644 index 00000000..cc99a6f7 --- /dev/null +++ b/rules/process_darwin.go @@ -0,0 +1,171 @@ +package rules + +import ( + "bytes" + "encoding/binary" + "errors" + "net" + "path/filepath" + "strconv" + "strings" + "syscall" + "unsafe" + + C "github.com/Dreamacro/clash/constant" + "github.com/Dreamacro/clash/log" +) + +type Process struct { + adapter string + process string +} + +func (ps *Process) RuleType() C.RuleType { + return C.Process +} + +func (ps *Process) Match(metadata *C.Metadata) bool { + name, err := getExecPathFromAddress(metadata.SrcIP, metadata.SrcPort, metadata.NetWork == C.TCP) + if err != nil { + log.Debugln("[%s] getExecPathFromAddress error: %s", C.Process.String(), err.Error()) + return false + } + + return strings.ToLower(name) == ps.process +} + +func (p *Process) Adapter() string { + return p.adapter +} + +func (p *Process) Payload() string { + return p.process +} + +func (p *Process) NoResolveIP() bool { + return true +} + +func NewProcess(process string, adapter string) (*Process, error) { + return &Process{ + adapter: adapter, + process: process, + }, nil +} + +const ( + procpidpathinfo = 0xb + procpidpathinfosize = 1024 + proccallnumpidinfo = 0x2 +) + +func getExecPathFromPID(pid uint32) (string, error) { + buf := make([]byte, procpidpathinfosize) + _, _, errno := syscall.Syscall6( + syscall.SYS_PROC_INFO, + proccallnumpidinfo, + uintptr(pid), + procpidpathinfo, + 0, + uintptr(unsafe.Pointer(&buf[0])), + procpidpathinfosize) + if errno != 0 { + return "", errno + } + firstZero := bytes.IndexByte(buf, 0) + if firstZero <= 0 { + return "", nil + } + + return filepath.Base(string(buf[:firstZero])), nil +} + +func getExecPathFromAddress(ip net.IP, portStr string, isTCP bool) (string, error) { + port, err := strconv.Atoi(portStr) + if err != nil { + return "", err + } + + spath := "net.inet.tcp.pcblist_n" + if !isTCP { + spath = "net.inet.udp.pcblist_n" + } + + value, err := syscall.Sysctl(spath) + if err != nil { + return "", err + } + + buf := []byte(value) + + var kinds uint32 = 0 + so, inp := 0, 0 + for i := roundUp8(xinpgenSize(buf)); i < uint32(len(buf)) && xinpgenSize(buf[i:]) > 24; i += roundUp8(xinpgenSize(buf[i:])) { + thisKind := binary.LittleEndian.Uint32(buf[i+4 : i+8]) + if kinds&thisKind == 0 { + kinds |= thisKind + switch thisKind { + case 0x1: + // XSO_SOCKET + so = int(i) + case 0x10: + // XSO_INPCB + inp = int(i) + default: + break + } + } + + // all blocks needed by tcp/udp + if (isTCP && kinds != 0x3f) || (!isTCP && kinds != 0x1f) { + continue + } + kinds = 0 + + // xsocket_n.xso_protocol + proto := binary.LittleEndian.Uint32(buf[so+36 : so+40]) + if proto != syscall.IPPROTO_TCP && proto != syscall.IPPROTO_UDP { + continue + } + + srcPort := binary.BigEndian.Uint16(buf[inp+18 : inp+20]) + if uint16(port) != srcPort { + continue + } + + // xinpcb_n.inp_vflag + flag := buf[inp+44] + + var srcIP net.IP + if flag&0x1 > 0 { + // ipv4 + srcIP = net.IP(buf[inp+76 : inp+80]) + } else if flag&0x2 > 0 { + // ipv6 + srcIP = net.IP(buf[inp+64 : inp+80]) + } else { + continue + } + + if !ip.Equal(srcIP) { + continue + } + + // xsocket_n.so_last_pid + pid := binary.LittleEndian.Uint32(buf[so+68 : so+72]) + return getExecPathFromPID(pid) + } + + return "", errors.New("process not found") +} + +func xinpgenSize(b []byte) uint32 { + return binary.LittleEndian.Uint32(b[:4]) +} + +func roundUp8(n uint32) uint32 { + if n == 0 { + return uint32(8) + } + return (n + 7) & ((^uint32(8)) + 1) +} diff --git a/rules/process_other.go b/rules/process_other.go new file mode 100644 index 00000000..3a918025 --- /dev/null +++ b/rules/process_other.go @@ -0,0 +1,11 @@ +// +build !darwin + +package rules + +import ( + C "github.com/Dreamacro/clash/constant" +) + +func NewProcess(process string, adapter string) (C.Rule, error) { + return nil, ErrPlatformNotSupport +}