From a0221bf897330647f024d4854b053970854ecd7d Mon Sep 17 00:00:00 2001 From: Dreamacro <8615343+Dreamacro@users.noreply.github.com> Date: Thu, 17 Feb 2022 14:23:47 +0800 Subject: [PATCH 1/9] Fix: `routing-mark` should effect on root --- component/dialer/dialer.go | 2 ++ component/dialer/options.go | 5 +++-- config/config.go | 19 +++++++++++-------- hub/executor/executor.go | 1 + 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/component/dialer/dialer.go b/component/dialer/dialer.go index c84fcaa4..d2b56959 100644 --- a/component/dialer/dialer.go +++ b/component/dialer/dialer.go @@ -38,6 +38,7 @@ func DialContext(ctx context.Context, network, address string, options ...Option func ListenPacket(ctx context.Context, network, address string, options ...Option) (net.PacketConn, error) { cfg := &option{ interfaceName: DefaultInterface.Load(), + routingMark: int(DefaultRoutingMark.Load()), } for _, o := range DefaultOptions { @@ -69,6 +70,7 @@ func ListenPacket(ctx context.Context, network, address string, options ...Optio func dialContext(ctx context.Context, network string, destination net.IP, port string, options []Option) (net.Conn, error) { opt := &option{ interfaceName: DefaultInterface.Load(), + routingMark: int(DefaultRoutingMark.Load()), } for _, o := range DefaultOptions { diff --git a/component/dialer/options.go b/component/dialer/options.go index b3cca810..2d884094 100644 --- a/component/dialer/options.go +++ b/component/dialer/options.go @@ -3,8 +3,9 @@ package dialer import "go.uber.org/atomic" var ( - DefaultOptions []Option - DefaultInterface = atomic.NewString("") + DefaultOptions []Option + DefaultInterface = atomic.NewString("") + DefaultRoutingMark = atomic.NewInt32(0) ) type option struct { diff --git a/config/config.go b/config/config.go index a9abe71f..c6c83d11 100644 --- a/config/config.go +++ b/config/config.go @@ -29,10 +29,11 @@ import ( type General struct { Inbound Controller - Mode T.TunnelMode `json:"mode"` - LogLevel log.LogLevel `json:"log-level"` - IPv6 bool `json:"ipv6"` - Interface string `json:"-"` + Mode T.TunnelMode `json:"mode"` + LogLevel log.LogLevel `json:"log-level"` + IPv6 bool `json:"ipv6"` + Interface string `json:"-"` + RoutingMark int `json:"-"` } // Inbound @@ -137,6 +138,7 @@ type RawConfig struct { ExternalUI string `yaml:"external-ui"` Secret string `yaml:"secret"` Interface string `yaml:"interface-name"` + RoutingMark int `yaml:"routing-mark"` ProxyProvider map[string]map[string]interface{} `yaml:"proxy-providers"` Hosts map[string]string `yaml:"hosts"` @@ -265,10 +267,11 @@ func parseGeneral(cfg *RawConfig) (*General, error) { ExternalUI: cfg.ExternalUI, Secret: cfg.Secret, }, - Mode: cfg.Mode, - LogLevel: cfg.LogLevel, - IPv6: cfg.IPv6, - Interface: cfg.Interface, + Mode: cfg.Mode, + LogLevel: cfg.LogLevel, + IPv6: cfg.IPv6, + Interface: cfg.Interface, + RoutingMark: cfg.RoutingMark, }, nil } diff --git a/hub/executor/executor.go b/hub/executor/executor.go index 1405e81b..9a9cc81b 100644 --- a/hub/executor/executor.go +++ b/hub/executor/executor.go @@ -162,6 +162,7 @@ func updateGeneral(general *config.General, force bool) { resolver.DisableIPv6 = !general.IPv6 dialer.DefaultInterface.Store(general.Interface) + dialer.DefaultRoutingMark.Store(int32(general.RoutingMark)) iface.FlushCache() From 03e4b5d525940ca3aaa33384767c1438711dae00 Mon Sep 17 00:00:00 2001 From: Dreamacro <8615343+Dreamacro@users.noreply.github.com> Date: Sat, 19 Feb 2022 00:08:51 +0800 Subject: [PATCH 2/9] Chore: use golangci-lint config file --- .golangci.yaml | 14 ++++++++++++++ Makefile | 2 +- component/dialer/bind_darwin.go | 4 ++-- 3 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 .golangci.yaml diff --git a/.golangci.yaml b/.golangci.yaml new file mode 100644 index 00000000..efe91527 --- /dev/null +++ b/.golangci.yaml @@ -0,0 +1,14 @@ +linters: + disable-all: true + enable: + - gofumpt + - megacheck + - govet + - gci + +linters-settings: + gci: + sections: + - standard + - prefix(github.com/Dreamacro/clash) + - default diff --git a/Makefile b/Makefile index b6a5b22a..c9c51130 100644 --- a/Makefile +++ b/Makefile @@ -114,7 +114,7 @@ all-arch: $(PLATFORM_LIST) $(WINDOWS_ARCH_LIST) releases: $(gz_releases) $(zip_releases) lint: - golangci-lint run --disable-all -E govet -E gofumpt -E megacheck ./... + golangci-lint run ./... clean: rm $(BINDIR)/* diff --git a/component/dialer/bind_darwin.go b/component/dialer/bind_darwin.go index bf51b305..57e09bb5 100644 --- a/component/dialer/bind_darwin.go +++ b/component/dialer/bind_darwin.go @@ -4,9 +4,9 @@ import ( "net" "syscall" - "golang.org/x/sys/unix" - "github.com/Dreamacro/clash/component/iface" + + "golang.org/x/sys/unix" ) type controlFn = func(network, address string, c syscall.RawConn) error From 132a6a6a2f45cd1db3dc1f0b756944b78adf4a24 Mon Sep 17 00:00:00 2001 From: Kaming Chan Date: Wed, 23 Feb 2022 11:22:46 +0800 Subject: [PATCH 3/9] Fix: listener tcp keepalive & reuse net.BufferedConn (#1987) --- listener/http/proxy.go | 7 ++++++- listener/mixed/mixed.go | 2 ++ listener/socks/tcp.go | 7 +------ 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/listener/http/proxy.go b/listener/http/proxy.go index 23a73739..becb3673 100644 --- a/listener/http/proxy.go +++ b/listener/http/proxy.go @@ -19,7 +19,12 @@ func HandleConn(c net.Conn, in chan<- C.ConnContext, cache *cache.Cache) { client := newClient(c.RemoteAddr(), in) defer client.CloseIdleConnections() - conn := N.NewBufferedConn(c) + var conn *N.BufferedConn + if bufConn, ok := c.(*N.BufferedConn); ok { + conn = bufConn + } else { + conn = N.NewBufferedConn(c) + } keepAlive := true trusted := cache == nil // disable authenticate if cache is nil diff --git a/listener/mixed/mixed.go b/listener/mixed/mixed.go index 8fd4f990..57fd055e 100644 --- a/listener/mixed/mixed.go +++ b/listener/mixed/mixed.go @@ -64,6 +64,8 @@ func New(addr string, in chan<- C.ConnContext) (*Listener, error) { } func handleConn(conn net.Conn, in chan<- C.ConnContext, cache *cache.Cache) { + conn.(*net.TCPConn).SetKeepAlive(true) + bufConn := N.NewBufferedConn(conn) head, err := bufConn.Peek(1) if err != nil { diff --git a/listener/socks/tcp.go b/listener/socks/tcp.go index 29016f5b..7cce32ee 100644 --- a/listener/socks/tcp.go +++ b/listener/socks/tcp.go @@ -61,6 +61,7 @@ func New(addr string, in chan<- C.ConnContext) (*Listener, error) { } func handleSocks(conn net.Conn, in chan<- C.ConnContext) { + conn.(*net.TCPConn).SetKeepAlive(true) bufConn := N.NewBufferedConn(conn) head, err := bufConn.Peek(1) if err != nil { @@ -84,9 +85,6 @@ func HandleSocks4(conn net.Conn, in chan<- C.ConnContext) { conn.Close() return } - if c, ok := conn.(*net.TCPConn); ok { - c.SetKeepAlive(true) - } in <- inbound.NewSocket(socks5.ParseAddr(addr), conn, C.SOCKS4) } @@ -96,9 +94,6 @@ func HandleSocks5(conn net.Conn, in chan<- C.ConnContext) { conn.Close() return } - if c, ok := conn.(*net.TCPConn); ok { - c.SetKeepAlive(true) - } if command == socks5.CmdUDPAssociate { defer conn.Close() io.Copy(io.Discard, conn) From b52d0c16e9d936c28a9a8b4bbb279b941d1424d0 Mon Sep 17 00:00:00 2001 From: Dreamacro <8615343+Dreamacro@users.noreply.github.com> Date: Sun, 27 Feb 2022 18:00:04 +0800 Subject: [PATCH 4/9] Chore: vmess test remove all alterid --- test/config/vmess-aead.json | 28 ---------------- test/config/vmess-grpc.json | 3 +- test/config/vmess-http.json | 3 +- test/config/vmess-http2.json | 3 +- test/config/vmess-tls.json | 3 +- test/config/vmess-ws-0rtt.json | 3 +- test/config/vmess-ws-tls.json | 3 +- test/config/vmess-ws.json | 3 +- test/config/vmess.json | 3 +- test/vmess_test.go | 59 ++++------------------------------ 10 files changed, 14 insertions(+), 97 deletions(-) delete mode 100644 test/config/vmess-aead.json diff --git a/test/config/vmess-aead.json b/test/config/vmess-aead.json deleted file mode 100644 index 27bc4757..00000000 --- a/test/config/vmess-aead.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "inbounds": [ - { - "port": 10002, - "listen": "0.0.0.0", - "protocol": "vmess", - "settings": { - "clients": [ - { - "id": "b831381d-6324-4d53-ad4f-8cda48b30811", - "alterId": 0 - } - ] - }, - "streamSettings": { - "network": "tcp" - } - } - ], - "outbounds": [ - { - "protocol": "freedom" - } - ], - "log": { - "loglevel": "debug" - } -} \ No newline at end of file diff --git a/test/config/vmess-grpc.json b/test/config/vmess-grpc.json index 22e11763..178e0685 100644 --- a/test/config/vmess-grpc.json +++ b/test/config/vmess-grpc.json @@ -7,8 +7,7 @@ "settings": { "clients": [ { - "id": "b831381d-6324-4d53-ad4f-8cda48b30811", - "alterId": 32 + "id": "b831381d-6324-4d53-ad4f-8cda48b30811" } ] }, diff --git a/test/config/vmess-http.json b/test/config/vmess-http.json index aa6c6c8e..90550c35 100644 --- a/test/config/vmess-http.json +++ b/test/config/vmess-http.json @@ -7,8 +7,7 @@ "settings": { "clients": [ { - "id": "b831381d-6324-4d53-ad4f-8cda48b30811", - "alterId": 32 + "id": "b831381d-6324-4d53-ad4f-8cda48b30811" } ] }, diff --git a/test/config/vmess-http2.json b/test/config/vmess-http2.json index 48873731..c6916a1b 100644 --- a/test/config/vmess-http2.json +++ b/test/config/vmess-http2.json @@ -7,8 +7,7 @@ "settings": { "clients": [ { - "id": "b831381d-6324-4d53-ad4f-8cda48b30811", - "alterId": 32 + "id": "b831381d-6324-4d53-ad4f-8cda48b30811" } ] }, diff --git a/test/config/vmess-tls.json b/test/config/vmess-tls.json index ae2fa489..17e87d66 100644 --- a/test/config/vmess-tls.json +++ b/test/config/vmess-tls.json @@ -7,8 +7,7 @@ "settings": { "clients": [ { - "id": "b831381d-6324-4d53-ad4f-8cda48b30811", - "alterId": 32 + "id": "b831381d-6324-4d53-ad4f-8cda48b30811" } ] }, diff --git a/test/config/vmess-ws-0rtt.json b/test/config/vmess-ws-0rtt.json index 7e2876d0..c22909bf 100644 --- a/test/config/vmess-ws-0rtt.json +++ b/test/config/vmess-ws-0rtt.json @@ -7,8 +7,7 @@ "settings": { "clients": [ { - "id": "b831381d-6324-4d53-ad4f-8cda48b30811", - "alterId": 32 + "id": "b831381d-6324-4d53-ad4f-8cda48b30811" } ] }, diff --git a/test/config/vmess-ws-tls.json b/test/config/vmess-ws-tls.json index dda1e0c9..14278f3d 100644 --- a/test/config/vmess-ws-tls.json +++ b/test/config/vmess-ws-tls.json @@ -7,8 +7,7 @@ "settings": { "clients": [ { - "id": "b831381d-6324-4d53-ad4f-8cda48b30811", - "alterId": 32 + "id": "b831381d-6324-4d53-ad4f-8cda48b30811" } ] }, diff --git a/test/config/vmess-ws.json b/test/config/vmess-ws.json index 94ace4e3..2bcb604d 100644 --- a/test/config/vmess-ws.json +++ b/test/config/vmess-ws.json @@ -7,8 +7,7 @@ "settings": { "clients": [ { - "id": "b831381d-6324-4d53-ad4f-8cda48b30811", - "alterId": 32 + "id": "b831381d-6324-4d53-ad4f-8cda48b30811" } ] }, diff --git a/test/config/vmess.json b/test/config/vmess.json index bcf53cd8..1a8f9355 100644 --- a/test/config/vmess.json +++ b/test/config/vmess.json @@ -7,8 +7,7 @@ "settings": { "clients": [ { - "id": "b831381d-6324-4d53-ad4f-8cda48b30811", - "alterId": 32 + "id": "b831381d-6324-4d53-ad4f-8cda48b30811" } ] }, diff --git a/test/vmess_test.go b/test/vmess_test.go index 1483cf0a..bf66fcd8 100644 --- a/test/vmess_test.go +++ b/test/vmess_test.go @@ -34,51 +34,12 @@ func TestClash_Vmess(t *testing.T) { }) proxy, err := outbound.NewVmess(outbound.VmessOption{ - Name: "vmess", - Server: localIP.String(), - Port: 10002, - UUID: "b831381d-6324-4d53-ad4f-8cda48b30811", - Cipher: "auto", - AlterID: 32, - UDP: true, - }) - if err != nil { - assert.FailNow(t, err.Error()) - } - - time.Sleep(waitTime) - testSuit(t, proxy) -} - -func TestClash_VmessAEAD(t *testing.T) { - configPath := C.Path.Resolve("vmess-aead.json") - - cfg := &container.Config{ - Image: ImageVmess, - ExposedPorts: defaultExposedPorts, - } - hostCfg := &container.HostConfig{ - PortBindings: defaultPortBindings, - Binds: []string{fmt.Sprintf("%s:/etc/v2ray/config.json", configPath)}, - } - - id, err := startContainer(cfg, hostCfg, "vmess-aead") - if err != nil { - assert.FailNow(t, err.Error()) - } - - t.Cleanup(func() { - cleanContainer(id) - }) - - proxy, err := outbound.NewVmess(outbound.VmessOption{ - Name: "vmess", - Server: localIP.String(), - Port: 10002, - UUID: "b831381d-6324-4d53-ad4f-8cda48b30811", - Cipher: "auto", - AlterID: 0, - UDP: true, + Name: "vmess", + Server: localIP.String(), + Port: 10002, + UUID: "b831381d-6324-4d53-ad4f-8cda48b30811", + Cipher: "auto", + UDP: true, }) if err != nil { assert.FailNow(t, err.Error()) @@ -114,7 +75,6 @@ func TestClash_VmessTLS(t *testing.T) { Port: 10002, UUID: "b831381d-6324-4d53-ad4f-8cda48b30811", Cipher: "auto", - AlterID: 32, TLS: true, SkipCertVerify: true, ServerName: "example.org", @@ -154,7 +114,6 @@ func TestClash_VmessHTTP2(t *testing.T) { Port: 10002, UUID: "b831381d-6324-4d53-ad4f-8cda48b30811", Cipher: "auto", - AlterID: 32, Network: "h2", TLS: true, SkipCertVerify: true, @@ -197,7 +156,6 @@ func TestClash_VmessHTTP(t *testing.T) { Port: 10002, UUID: "b831381d-6324-4d53-ad4f-8cda48b30811", Cipher: "auto", - AlterID: 32, Network: "http", UDP: true, HTTPOpts: outbound.HTTPOptions{ @@ -250,7 +208,6 @@ func TestClash_VmessWebsocket(t *testing.T) { Port: 10002, UUID: "b831381d-6324-4d53-ad4f-8cda48b30811", Cipher: "auto", - AlterID: 32, Network: "ws", UDP: true, }) @@ -288,7 +245,6 @@ func TestClash_VmessWebsocketTLS(t *testing.T) { Port: 10002, UUID: "b831381d-6324-4d53-ad4f-8cda48b30811", Cipher: "auto", - AlterID: 32, Network: "ws", TLS: true, SkipCertVerify: true, @@ -328,7 +284,6 @@ func TestClash_VmessGrpc(t *testing.T) { Port: 10002, UUID: "b831381d-6324-4d53-ad4f-8cda48b30811", Cipher: "auto", - AlterID: 32, Network: "grpc", TLS: true, SkipCertVerify: true, @@ -370,7 +325,6 @@ func TestClash_VmessWebsocket0RTT(t *testing.T) { Port: 10002, UUID: "b831381d-6324-4d53-ad4f-8cda48b30811", Cipher: "auto", - AlterID: 32, Network: "ws", UDP: true, ServerName: "example.org", @@ -411,7 +365,6 @@ func TestClash_VmessWebsocketXray0RTT(t *testing.T) { Port: 10002, UUID: "b831381d-6324-4d53-ad4f-8cda48b30811", Cipher: "auto", - AlterID: 32, Network: "ws", UDP: true, ServerName: "example.org", From 83bfe521b1a554a02d0f33fb982cd740339ebd05 Mon Sep 17 00:00:00 2001 From: Kr328 Date: Sat, 5 Mar 2022 18:25:16 +0800 Subject: [PATCH 5/9] Fix: should split linux process name with space (#2008) --- component/process/process_linux.go | 25 +++++++++---------------- 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/component/process/process_linux.go b/component/process/process_linux.go index be758a69..0ca42716 100644 --- a/component/process/process_linux.go +++ b/component/process/process_linux.go @@ -9,7 +9,9 @@ import ( "os" "path" "path/filepath" + "strings" "syscall" + "unicode" "unsafe" "github.com/Dreamacro/clash/common/pool" @@ -219,24 +221,15 @@ func resolveProcessNameByProcSearch(inode, uid int) (string, error) { } func splitCmdline(cmdline []byte) string { - indexOfEndOfString := len(cmdline) + idx := bytes.IndexFunc(cmdline, func(r rune) bool { + return unicode.IsControl(r) || unicode.IsSpace(r) + }) - for i, c := range cmdline { - if c == 0 { - indexOfEndOfString = i - break - } - } - - return filepath.Base(string(cmdline[:indexOfEndOfString])) + return filepath.Base(string(cmdline[:idx])) } func isPid(s string) bool { - for _, s := range s { - if s < '0' || s > '9' { - return false - } - } - - return true + return strings.IndexFunc(s, func(r rune) bool { + return !unicode.IsDigit(r) + }) == -1 } From f6c7281bb71d8e08547fad1395f26bf4549111a9 Mon Sep 17 00:00:00 2001 From: Dreamacro <8615343+Dreamacro@users.noreply.github.com> Date: Sun, 6 Mar 2022 21:48:25 +0800 Subject: [PATCH 6/9] Chore: update github action workflow --- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/docker.yml | 4 ++-- .github/workflows/linter.yml | 16 +++++++++++++--- .github/workflows/release.yml | 2 +- .github/workflows/stale.yml | 2 +- 5 files changed, 21 insertions(+), 11 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ae1a2793..8a36dc97 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,8 +1,8 @@ -name: "CodeQL" +name: CodeQL on: push: - branches: [ master, dev ] + branches: [master, dev] jobs: analyze: @@ -12,11 +12,11 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'go' ] + language: ['go'] steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Initialize CodeQL uses: github/codeql-action/init@v1 diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index f0ad1ea8..38860d5b 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Check out code into the Go module directory - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 @@ -52,7 +52,7 @@ jobs: - name: Get all docker tags if: startsWith(github.ref, 'refs/tags/') - uses: actions/github-script@v4 + uses: actions/github-script@v6 id: tags with: script: | diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 26d318c3..a81cfc1c 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -4,9 +4,19 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 + + - name: Get latest go version + id: version + run: | + echo ::set-output name=go_version::$(curl -s https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json | grep -oE '"version": "[0-9]{1}.[0-9]{1,}(.[0-9]{1,})?"' | head -1 | cut -d':' -f2 | sed 's/ //g; s/"//g') + + - name: Setup Go + uses: actions/setup-go@v2 + with: + go-version: ${{ steps.version.outputs.go_version }} + - name: golangci-lint - uses: golangci/golangci-lint-action@v2 + uses: golangci/golangci-lint-action@v3 with: version: latest - args: --disable-all -E govet -E gofumpt -E megacheck ./... diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d4bad8a3..8226d875 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,7 +15,7 @@ jobs: go-version: ${{ steps.version.outputs.go_version }} - name: Check out code into the Go module directory - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Cache go module uses: actions/cache@v2 diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 68f986ff..34cd0d31 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/stale@v4 + - uses: actions/stale@v5 with: stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days' days-before-stale: 60 From 9683c297a74c07cf63f84a41f6ffa138a5adefca Mon Sep 17 00:00:00 2001 From: Kr328 Date: Wed, 9 Mar 2022 13:41:50 +0800 Subject: [PATCH 7/9] Chore: add more details to process resolving (#2017) --- component/process/process_linux.go | 45 ++++++++++++------------------ 1 file changed, 18 insertions(+), 27 deletions(-) diff --git a/component/process/process_linux.go b/component/process/process_linux.go index 0ca42716..c718dc2f 100644 --- a/component/process/process_linux.go +++ b/component/process/process_linux.go @@ -4,7 +4,6 @@ import ( "bytes" "encoding/binary" "fmt" - "io" "net" "os" "path" @@ -27,17 +26,6 @@ var nativeEndian = func() binary.ByteOrder { return binary.LittleEndian }() -type ( - SocketResolver func(network string, ip net.IP, srcPort int) (inode, uid int, err error) - ProcessNameResolver func(inode, uid int) (name string, err error) -) - -// export for android -var ( - DefaultSocketResolver SocketResolver = resolveSocketByNetlink - DefaultProcessNameResolver ProcessNameResolver = resolveProcessNameByProcSearch -) - const ( sizeOfSocketDiagRequest = syscall.SizeofNlMsghdr + 8 + 48 socketDiagByFamily = 20 @@ -45,15 +33,15 @@ const ( ) func findProcessName(network string, ip net.IP, srcPort int) (string, error) { - inode, uid, err := DefaultSocketResolver(network, ip, srcPort) + inode, uid, err := resolveSocketByNetlink(network, ip, srcPort) if err != nil { return "", err } - return DefaultProcessNameResolver(inode, uid) + return resolveProcessNameByProcSearch(inode, uid) } -func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int, int, error) { +func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int32, int32, error) { var family byte var protocol byte @@ -76,7 +64,7 @@ func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int, int, e socket, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_DGRAM, syscall.NETLINK_INET_DIAG) if err != nil { - return 0, 0, err + return 0, 0, fmt.Errorf("dial netlink: %w", err) } defer syscall.Close(socket) @@ -94,7 +82,7 @@ func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int, int, e } if _, err := syscall.Write(socket, req); err != nil { - return 0, 0, err + return 0, 0, fmt.Errorf("write request: %w", err) } rb := pool.Get(pool.RelayBufferSize) @@ -102,24 +90,27 @@ func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int, int, e n, err := syscall.Read(socket, rb) if err != nil { - return 0, 0, err + return 0, 0, fmt.Errorf("read response: %w", err) } messages, err := syscall.ParseNetlinkMessage(rb[:n]) if err != nil { - return 0, 0, err + return 0, 0, fmt.Errorf("parse netlink message: %w", err) } else if len(messages) == 0 { - return 0, 0, io.ErrUnexpectedEOF + return 0, 0, fmt.Errorf("unexcepted netlink response") } message := messages[0] if message.Header.Type&syscall.NLMSG_ERROR != 0 { - return 0, 0, syscall.ESRCH + return 0, 0, fmt.Errorf("netlink message: NLMSG_ERROR") } uid, inode := unpackSocketDiagResponse(&messages[0]) + if uid < 0 || inode < 0 { + return 0, 0, fmt.Errorf("invalid uid(%d) or inode(%d)", uid, inode) + } - return int(uid), int(inode), nil + return uid, inode, nil } func packSocketDiagRequest(family, protocol byte, source net.IP, sourcePort uint16) []byte { @@ -157,20 +148,20 @@ func packSocketDiagRequest(family, protocol byte, source net.IP, sourcePort uint return buf } -func unpackSocketDiagResponse(msg *syscall.NetlinkMessage) (inode, uid uint32) { +func unpackSocketDiagResponse(msg *syscall.NetlinkMessage) (inode, uid int32) { if len(msg.Data) < 72 { return 0, 0 } data := msg.Data - uid = nativeEndian.Uint32(data[64:68]) - inode = nativeEndian.Uint32(data[68:72]) + uid = int32(nativeEndian.Uint32(data[64:68])) + inode = int32(nativeEndian.Uint32(data[68:72])) return } -func resolveProcessNameByProcSearch(inode, uid int) (string, error) { +func resolveProcessNameByProcSearch(inode, uid int32) (string, error) { files, err := os.ReadDir(pathProc) if err != nil { return "", err @@ -217,7 +208,7 @@ func resolveProcessNameByProcSearch(inode, uid int) (string, error) { } } - return "", syscall.ESRCH + return "", fmt.Errorf("process of uid(%d),inode(%d) not found", uid, inode) } func splitCmdline(cmdline []byte) string { From b866f06414585c2c73ce2aef7a2f7b3a0dda2abe Mon Sep 17 00:00:00 2001 From: Kr328 Date: Sat, 12 Mar 2022 19:07:53 +0800 Subject: [PATCH 8/9] Chore: move find connection process to tunnel (#2016) --- component/process/process_darwin.go | 3 +- component/process/process_freebsd_amd64.go | 3 +- component/process/process_linux.go | 21 ++-------- component/process/process_windows.go | 3 +- constant/metadata.go | 19 ++++----- constant/rule.go | 4 ++ rule/domain.go | 4 ++ rule/domain_keyword.go | 4 ++ rule/domain_suffix.go | 4 ++ rule/final.go | 4 ++ rule/geoip.go | 4 ++ rule/ipcidr.go | 4 ++ rule/parser.go | 4 +- rule/port.go | 4 ++ rule/process.go | 45 ++++++++-------------- tunnel/tunnel.go | 18 +++++++++ 16 files changed, 84 insertions(+), 64 deletions(-) diff --git a/component/process/process_darwin.go b/component/process/process_darwin.go index 7e4baf74..7870b227 100644 --- a/component/process/process_darwin.go +++ b/component/process/process_darwin.go @@ -3,7 +3,6 @@ package process import ( "encoding/binary" "net" - "path/filepath" "syscall" "unsafe" @@ -96,7 +95,7 @@ func getExecPathFromPID(pid uint32) (string, error) { return "", errno } - return filepath.Base(unix.ByteSliceToString(buf)), nil + return unix.ByteSliceToString(buf), nil } func readNativeUint32(b []byte) uint32 { diff --git a/component/process/process_freebsd_amd64.go b/component/process/process_freebsd_amd64.go index bf84ce5b..f3e64646 100644 --- a/component/process/process_freebsd_amd64.go +++ b/component/process/process_freebsd_amd64.go @@ -4,7 +4,6 @@ import ( "encoding/binary" "fmt" "net" - "path/filepath" "strconv" "strings" "sync" @@ -77,7 +76,7 @@ func getExecPathFromPID(pid uint32) (string, error) { return "", errno } - return filepath.Base(string(buf[:size-1])), nil + return string(buf[:size-1]), nil } func readNativeUint32(b []byte) uint32 { diff --git a/component/process/process_linux.go b/component/process/process_linux.go index c718dc2f..d70a2922 100644 --- a/component/process/process_linux.go +++ b/component/process/process_linux.go @@ -7,7 +7,6 @@ import ( "net" "os" "path" - "path/filepath" "strings" "syscall" "unicode" @@ -68,9 +67,8 @@ func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int32, int3 } defer syscall.Close(socket) - syscall.SetNonblock(socket, true) - syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 50}) - syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 50}) + syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 100}) + syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 100}) if err := syscall.Connect(socket, &syscall.SockaddrNetlink{ Family: syscall.AF_NETLINK, @@ -198,12 +196,7 @@ func resolveProcessNameByProcSearch(inode, uid int32) (string, error) { } if bytes.Equal(buffer[:n], socket) { - cmdline, err := os.ReadFile(path.Join(processPath, "cmdline")) - if err != nil { - return "", err - } - - return splitCmdline(cmdline), nil + return os.Readlink(path.Join(processPath, "exe")) } } } @@ -211,14 +204,6 @@ func resolveProcessNameByProcSearch(inode, uid int32) (string, error) { return "", fmt.Errorf("process of uid(%d),inode(%d) not found", uid, inode) } -func splitCmdline(cmdline []byte) string { - idx := bytes.IndexFunc(cmdline, func(r rune) bool { - return unicode.IsControl(r) || unicode.IsSpace(r) - }) - - return filepath.Base(string(cmdline[:idx])) -} - func isPid(s string) bool { return strings.IndexFunc(s, func(r rune) bool { return !unicode.IsDigit(r) diff --git a/component/process/process_windows.go b/component/process/process_windows.go index 834bc824..e2fb96ca 100644 --- a/component/process/process_windows.go +++ b/component/process/process_windows.go @@ -3,7 +3,6 @@ package process import ( "fmt" "net" - "path/filepath" "sync" "syscall" "unsafe" @@ -220,5 +219,5 @@ func getExecPathFromPID(pid uint32) (string, error) { if r1 == 0 { return "", err } - return filepath.Base(syscall.UTF16ToString(buf[:size])), nil + return syscall.UTF16ToString(buf[:size]), nil } diff --git a/constant/metadata.go b/constant/metadata.go index a911b5e8..6789c913 100644 --- a/constant/metadata.go +++ b/constant/metadata.go @@ -63,15 +63,16 @@ func (t Type) MarshalJSON() ([]byte, error) { // Metadata is used to store connection address type Metadata struct { - NetWork NetWork `json:"network"` - Type Type `json:"type"` - SrcIP net.IP `json:"sourceIP"` - DstIP net.IP `json:"destinationIP"` - SrcPort string `json:"sourcePort"` - DstPort string `json:"destinationPort"` - AddrType int `json:"-"` - Host string `json:"host"` - DNSMode DNSMode `json:"dnsMode"` + NetWork NetWork `json:"network"` + Type Type `json:"type"` + SrcIP net.IP `json:"sourceIP"` + DstIP net.IP `json:"destinationIP"` + SrcPort string `json:"sourcePort"` + DstPort string `json:"destinationPort"` + AddrType int `json:"-"` + Host string `json:"host"` + DNSMode DNSMode `json:"dnsMode"` + ProcessPath string `json:"processPath"` } func (m *Metadata) RemoteAddress() string { diff --git a/constant/rule.go b/constant/rule.go index d7c43416..9e1908f2 100644 --- a/constant/rule.go +++ b/constant/rule.go @@ -11,6 +11,7 @@ const ( SrcPort DstPort Process + ProcessPath MATCH ) @@ -36,6 +37,8 @@ func (rt RuleType) String() string { return "DstPort" case Process: return "Process" + case ProcessPath: + return "ProcessPath" case MATCH: return "Match" default: @@ -49,4 +52,5 @@ type Rule interface { Adapter() string Payload() string ShouldResolveIP() bool + ShouldFindProcess() bool } diff --git a/rule/domain.go b/rule/domain.go index f23ab18d..2b2a076b 100644 --- a/rule/domain.go +++ b/rule/domain.go @@ -34,6 +34,10 @@ func (d *Domain) ShouldResolveIP() bool { return false } +func (d *Domain) ShouldFindProcess() bool { + return false +} + func NewDomain(domain string, adapter string) *Domain { return &Domain{ domain: strings.ToLower(domain), diff --git a/rule/domain_keyword.go b/rule/domain_keyword.go index b3d6fbaa..046eafe4 100644 --- a/rule/domain_keyword.go +++ b/rule/domain_keyword.go @@ -35,6 +35,10 @@ func (dk *DomainKeyword) ShouldResolveIP() bool { return false } +func (dk *DomainKeyword) ShouldFindProcess() bool { + return false +} + func NewDomainKeyword(keyword string, adapter string) *DomainKeyword { return &DomainKeyword{ keyword: strings.ToLower(keyword), diff --git a/rule/domain_suffix.go b/rule/domain_suffix.go index a1f9f28f..09219338 100644 --- a/rule/domain_suffix.go +++ b/rule/domain_suffix.go @@ -35,6 +35,10 @@ func (ds *DomainSuffix) ShouldResolveIP() bool { return false } +func (ds *DomainSuffix) ShouldFindProcess() bool { + return false +} + func NewDomainSuffix(suffix string, adapter string) *DomainSuffix { return &DomainSuffix{ suffix: strings.ToLower(suffix), diff --git a/rule/final.go b/rule/final.go index 91c0b9d9..80a38f03 100644 --- a/rule/final.go +++ b/rule/final.go @@ -28,6 +28,10 @@ func (f *Match) ShouldResolveIP() bool { return false } +func (f *Match) ShouldFindProcess() bool { + return false +} + func NewMatch(adapter string) *Match { return &Match{ adapter: adapter, diff --git a/rule/geoip.go b/rule/geoip.go index 3b6fbe6b..152d4e63 100644 --- a/rule/geoip.go +++ b/rule/geoip.go @@ -42,6 +42,10 @@ func (g *GEOIP) ShouldResolveIP() bool { return !g.noResolveIP } +func (g *GEOIP) ShouldFindProcess() bool { + return false +} + func NewGEOIP(country string, adapter string, noResolveIP bool) *GEOIP { geoip := &GEOIP{ country: country, diff --git a/rule/ipcidr.go b/rule/ipcidr.go index ff3b83c4..42c0c9fb 100644 --- a/rule/ipcidr.go +++ b/rule/ipcidr.go @@ -54,6 +54,10 @@ func (i *IPCIDR) ShouldResolveIP() bool { return !i.noResolveIP } +func (i *IPCIDR) ShouldFindProcess() bool { + return false +} + func NewIPCIDR(s string, adapter string, opts ...IPCIDROption) (*IPCIDR, error) { _, ipnet, err := net.ParseCIDR(s) if err != nil { diff --git a/rule/parser.go b/rule/parser.go index 6e78b8fa..212029bf 100644 --- a/rule/parser.go +++ b/rule/parser.go @@ -32,7 +32,9 @@ func ParseRule(tp, payload, target string, params []string) (C.Rule, error) { case "DST-PORT": parsed, parseErr = NewPort(payload, target, false) case "PROCESS-NAME": - parsed, parseErr = NewProcess(payload, target) + parsed, parseErr = NewProcess(payload, target, true) + case "PROCESS-PATH": + parsed, parseErr = NewProcess(payload, target, false) case "MATCH": parsed = NewMatch(target) default: diff --git a/rule/port.go b/rule/port.go index b6e8abb1..2cc7a7a2 100644 --- a/rule/port.go +++ b/rule/port.go @@ -38,6 +38,10 @@ func (p *Port) ShouldResolveIP() bool { return false } +func (p *Port) ShouldFindProcess() bool { + return false +} + func NewPort(port string, adapter string, isSource bool) (*Port, error) { _, err := strconv.ParseUint(port, 10, 16) if err != nil { diff --git a/rule/process.go b/rule/process.go index 638ec723..52f0cec2 100644 --- a/rule/process.go +++ b/rule/process.go @@ -1,21 +1,16 @@ package rules import ( - "fmt" - "strconv" + "path/filepath" "strings" - "github.com/Dreamacro/clash/common/cache" - "github.com/Dreamacro/clash/component/process" C "github.com/Dreamacro/clash/constant" - "github.com/Dreamacro/clash/log" ) -var processCache = cache.NewLRUCache(cache.WithAge(2), cache.WithSize(64)) - type Process struct { - adapter string - process string + adapter string + process string + nameOnly bool } func (ps *Process) RuleType() C.RuleType { @@ -23,26 +18,11 @@ func (ps *Process) RuleType() C.RuleType { } func (ps *Process) Match(metadata *C.Metadata) bool { - key := fmt.Sprintf("%s:%s:%s", metadata.NetWork.String(), metadata.SrcIP.String(), metadata.SrcPort) - cached, hit := processCache.Get(key) - if !hit { - srcPort, err := strconv.Atoi(metadata.SrcPort) - if err != nil { - processCache.Set(key, "") - return false - } - - name, err := process.FindProcessName(metadata.NetWork.String(), metadata.SrcIP, srcPort) - if err != nil { - log.Debugln("[Rule] find process name %s error: %s", C.Process.String(), err.Error()) - } - - processCache.Set(key, name) - - cached = name + if ps.nameOnly { + return strings.EqualFold(filepath.Base(metadata.ProcessPath), ps.process) } - return strings.EqualFold(cached.(string), ps.process) + return strings.EqualFold(metadata.ProcessPath, ps.process) } func (ps *Process) Adapter() string { @@ -57,9 +37,14 @@ func (ps *Process) ShouldResolveIP() bool { return false } -func NewProcess(process string, adapter string) (*Process, error) { +func (ps *Process) ShouldFindProcess() bool { + return true +} + +func NewProcess(process string, adapter string, nameOnly bool) (*Process, error) { return &Process{ - adapter: adapter, - process: process, + adapter: adapter, + process: process, + nameOnly: nameOnly, }, nil } diff --git a/tunnel/tunnel.go b/tunnel/tunnel.go index f00a7bd0..07284880 100644 --- a/tunnel/tunnel.go +++ b/tunnel/tunnel.go @@ -5,11 +5,13 @@ import ( "fmt" "net" "runtime" + "strconv" "sync" "time" "github.com/Dreamacro/clash/adapter/inbound" "github.com/Dreamacro/clash/component/nat" + P "github.com/Dreamacro/clash/component/process" "github.com/Dreamacro/clash/component/resolver" C "github.com/Dreamacro/clash/constant" "github.com/Dreamacro/clash/constant/provider" @@ -308,6 +310,7 @@ func match(metadata *C.Metadata) (C.Proxy, C.Rule, error) { defer configMux.RUnlock() var resolved bool + var processFound bool if node := resolver.DefaultHosts.Search(metadata.Host); node != nil { ip := node.Data.(net.IP) @@ -327,6 +330,21 @@ func match(metadata *C.Metadata) (C.Proxy, C.Rule, error) { resolved = true } + if !processFound && rule.ShouldFindProcess() { + processFound = true + + srcPort, err := strconv.Atoi(metadata.SrcPort) + if err == nil { + path, err := P.FindProcessName(metadata.NetWork.String(), metadata.SrcIP, srcPort) + if err != nil { + log.Debugln("[Process] find process %s: %v", metadata.String(), err) + } else { + log.Debugln("[Process] %s from process %s", metadata.String(), path) + metadata.ProcessPath = path + } + } + } + if rule.Match(metadata) { adapter, ok := proxies[rule.Adapter()] if !ok { From d1dd21417b4c319e412a92c315d23ff464cbdcac Mon Sep 17 00:00:00 2001 From: suyar <296399959@qq.com> Date: Tue, 15 Mar 2022 11:30:52 +0800 Subject: [PATCH 9/9] Feature: add tzdata to Dockerfile (#2027) Co-authored-by: suyaqi --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 90a651b9..6e67d5d4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ RUN go mod download && \ FROM alpine:latest LABEL org.opencontainers.image.source="https://github.com/Dreamacro/clash" -RUN apk add --no-cache ca-certificates +RUN apk add --no-cache ca-certificates tzdata COPY --from=builder /Country.mmdb /root/.config/clash/ COPY --from=builder /clash / ENTRYPOINT ["/clash"]