Chore: move find connection process to tunnel (#2016)

This commit is contained in:
gVisor bot 2022-03-12 19:07:53 +08:00
parent f99dceee26
commit 14b581cd8d
16 changed files with 84 additions and 64 deletions

View File

@ -3,7 +3,6 @@ package process
import (
"encoding/binary"
"net"
"path/filepath"
"syscall"
"unsafe"
@ -96,7 +95,7 @@ func getExecPathFromPID(pid uint32) (string, error) {
return "", errno
}
return filepath.Base(unix.ByteSliceToString(buf)), nil
return unix.ByteSliceToString(buf), nil
}
func readNativeUint32(b []byte) uint32 {

View File

@ -4,7 +4,6 @@ import (
"encoding/binary"
"fmt"
"net"
"path/filepath"
"strconv"
"strings"
"sync"
@ -77,7 +76,7 @@ func getExecPathFromPID(pid uint32) (string, error) {
return "", errno
}
return filepath.Base(string(buf[:size-1])), nil
return string(buf[:size-1]), nil
}
func readNativeUint32(b []byte) uint32 {

View File

@ -7,7 +7,6 @@ import (
"net"
"os"
"path"
"path/filepath"
"strings"
"syscall"
"unicode"
@ -68,9 +67,8 @@ func resolveSocketByNetlink(network string, ip net.IP, srcPort int) (int32, int3
}
defer syscall.Close(socket)
syscall.SetNonblock(socket, true)
syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 50})
syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 50})
syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_SNDTIMEO, &syscall.Timeval{Usec: 100})
syscall.SetsockoptTimeval(socket, syscall.SOL_SOCKET, syscall.SO_RCVTIMEO, &syscall.Timeval{Usec: 100})
if err := syscall.Connect(socket, &syscall.SockaddrNetlink{
Family: syscall.AF_NETLINK,
@ -198,12 +196,7 @@ func resolveProcessNameByProcSearch(inode, uid int32) (string, error) {
}
if bytes.Equal(buffer[:n], socket) {
cmdline, err := os.ReadFile(path.Join(processPath, "cmdline"))
if err != nil {
return "", err
}
return splitCmdline(cmdline), nil
return os.Readlink(path.Join(processPath, "exe"))
}
}
}
@ -211,14 +204,6 @@ func resolveProcessNameByProcSearch(inode, uid int32) (string, error) {
return "", fmt.Errorf("process of uid(%d),inode(%d) not found", uid, inode)
}
func splitCmdline(cmdline []byte) string {
idx := bytes.IndexFunc(cmdline, func(r rune) bool {
return unicode.IsControl(r) || unicode.IsSpace(r)
})
return filepath.Base(string(cmdline[:idx]))
}
func isPid(s string) bool {
return strings.IndexFunc(s, func(r rune) bool {
return !unicode.IsDigit(r)

View File

@ -3,7 +3,6 @@ package process
import (
"fmt"
"net"
"path/filepath"
"sync"
"syscall"
"unsafe"
@ -220,5 +219,5 @@ func getExecPathFromPID(pid uint32) (string, error) {
if r1 == 0 {
return "", err
}
return filepath.Base(syscall.UTF16ToString(buf[:size])), nil
return syscall.UTF16ToString(buf[:size]), nil
}

View File

@ -63,15 +63,16 @@ func (t Type) MarshalJSON() ([]byte, error) {
// Metadata is used to store connection address
type Metadata struct {
NetWork NetWork `json:"network"`
Type Type `json:"type"`
SrcIP net.IP `json:"sourceIP"`
DstIP net.IP `json:"destinationIP"`
SrcPort string `json:"sourcePort"`
DstPort string `json:"destinationPort"`
AddrType int `json:"-"`
Host string `json:"host"`
DNSMode DNSMode `json:"dnsMode"`
NetWork NetWork `json:"network"`
Type Type `json:"type"`
SrcIP net.IP `json:"sourceIP"`
DstIP net.IP `json:"destinationIP"`
SrcPort string `json:"sourcePort"`
DstPort string `json:"destinationPort"`
AddrType int `json:"-"`
Host string `json:"host"`
DNSMode DNSMode `json:"dnsMode"`
ProcessPath string `json:"processPath"`
}
func (m *Metadata) RemoteAddress() string {

View File

@ -11,6 +11,7 @@ const (
SrcPort
DstPort
Process
ProcessPath
MATCH
)
@ -36,6 +37,8 @@ func (rt RuleType) String() string {
return "DstPort"
case Process:
return "Process"
case ProcessPath:
return "ProcessPath"
case MATCH:
return "Match"
default:
@ -49,4 +52,5 @@ type Rule interface {
Adapter() string
Payload() string
ShouldResolveIP() bool
ShouldFindProcess() bool
}

View File

@ -34,6 +34,10 @@ func (d *Domain) ShouldResolveIP() bool {
return false
}
func (d *Domain) ShouldFindProcess() bool {
return false
}
func NewDomain(domain string, adapter string) *Domain {
return &Domain{
domain: strings.ToLower(domain),

View File

@ -35,6 +35,10 @@ func (dk *DomainKeyword) ShouldResolveIP() bool {
return false
}
func (dk *DomainKeyword) ShouldFindProcess() bool {
return false
}
func NewDomainKeyword(keyword string, adapter string) *DomainKeyword {
return &DomainKeyword{
keyword: strings.ToLower(keyword),

View File

@ -35,6 +35,10 @@ func (ds *DomainSuffix) ShouldResolveIP() bool {
return false
}
func (ds *DomainSuffix) ShouldFindProcess() bool {
return false
}
func NewDomainSuffix(suffix string, adapter string) *DomainSuffix {
return &DomainSuffix{
suffix: strings.ToLower(suffix),

View File

@ -28,6 +28,10 @@ func (f *Match) ShouldResolveIP() bool {
return false
}
func (f *Match) ShouldFindProcess() bool {
return false
}
func NewMatch(adapter string) *Match {
return &Match{
adapter: adapter,

View File

@ -42,6 +42,10 @@ func (g *GEOIP) ShouldResolveIP() bool {
return !g.noResolveIP
}
func (g *GEOIP) ShouldFindProcess() bool {
return false
}
func NewGEOIP(country string, adapter string, noResolveIP bool) *GEOIP {
geoip := &GEOIP{
country: country,

View File

@ -54,6 +54,10 @@ func (i *IPCIDR) ShouldResolveIP() bool {
return !i.noResolveIP
}
func (i *IPCIDR) ShouldFindProcess() bool {
return false
}
func NewIPCIDR(s string, adapter string, opts ...IPCIDROption) (*IPCIDR, error) {
_, ipnet, err := net.ParseCIDR(s)
if err != nil {

View File

@ -32,7 +32,9 @@ func ParseRule(tp, payload, target string, params []string) (C.Rule, error) {
case "DST-PORT":
parsed, parseErr = NewPort(payload, target, false)
case "PROCESS-NAME":
parsed, parseErr = NewProcess(payload, target)
parsed, parseErr = NewProcess(payload, target, true)
case "PROCESS-PATH":
parsed, parseErr = NewProcess(payload, target, false)
case "MATCH":
parsed = NewMatch(target)
default:

View File

@ -38,6 +38,10 @@ func (p *Port) ShouldResolveIP() bool {
return false
}
func (p *Port) ShouldFindProcess() bool {
return false
}
func NewPort(port string, adapter string, isSource bool) (*Port, error) {
_, err := strconv.ParseUint(port, 10, 16)
if err != nil {

View File

@ -1,21 +1,16 @@
package rules
import (
"fmt"
"strconv"
"path/filepath"
"strings"
"github.com/Dreamacro/clash/common/cache"
"github.com/Dreamacro/clash/component/process"
C "github.com/Dreamacro/clash/constant"
"github.com/Dreamacro/clash/log"
)
var processCache = cache.NewLRUCache(cache.WithAge(2), cache.WithSize(64))
type Process struct {
adapter string
process string
adapter string
process string
nameOnly bool
}
func (ps *Process) RuleType() C.RuleType {
@ -23,26 +18,11 @@ func (ps *Process) RuleType() C.RuleType {
}
func (ps *Process) Match(metadata *C.Metadata) bool {
key := fmt.Sprintf("%s:%s:%s", metadata.NetWork.String(), metadata.SrcIP.String(), metadata.SrcPort)
cached, hit := processCache.Get(key)
if !hit {
srcPort, err := strconv.Atoi(metadata.SrcPort)
if err != nil {
processCache.Set(key, "")
return false
}
name, err := process.FindProcessName(metadata.NetWork.String(), metadata.SrcIP, srcPort)
if err != nil {
log.Debugln("[Rule] find process name %s error: %s", C.Process.String(), err.Error())
}
processCache.Set(key, name)
cached = name
if ps.nameOnly {
return strings.EqualFold(filepath.Base(metadata.ProcessPath), ps.process)
}
return strings.EqualFold(cached.(string), ps.process)
return strings.EqualFold(metadata.ProcessPath, ps.process)
}
func (ps *Process) Adapter() string {
@ -57,9 +37,14 @@ func (ps *Process) ShouldResolveIP() bool {
return false
}
func NewProcess(process string, adapter string) (*Process, error) {
func (ps *Process) ShouldFindProcess() bool {
return true
}
func NewProcess(process string, adapter string, nameOnly bool) (*Process, error) {
return &Process{
adapter: adapter,
process: process,
adapter: adapter,
process: process,
nameOnly: nameOnly,
}, nil
}

View File

@ -5,11 +5,13 @@ import (
"fmt"
"net"
"runtime"
"strconv"
"sync"
"time"
"github.com/Dreamacro/clash/adapter/inbound"
"github.com/Dreamacro/clash/component/nat"
P "github.com/Dreamacro/clash/component/process"
"github.com/Dreamacro/clash/component/resolver"
C "github.com/Dreamacro/clash/constant"
"github.com/Dreamacro/clash/constant/provider"
@ -308,6 +310,7 @@ func match(metadata *C.Metadata) (C.Proxy, C.Rule, error) {
defer configMux.RUnlock()
var resolved bool
var processFound bool
if node := resolver.DefaultHosts.Search(metadata.Host); node != nil {
ip := node.Data.(net.IP)
@ -327,6 +330,21 @@ func match(metadata *C.Metadata) (C.Proxy, C.Rule, error) {
resolved = true
}
if !processFound && rule.ShouldFindProcess() {
processFound = true
srcPort, err := strconv.Atoi(metadata.SrcPort)
if err == nil {
path, err := P.FindProcessName(metadata.NetWork.String(), metadata.SrcIP, srcPort)
if err != nil {
log.Debugln("[Process] find process %s: %v", metadata.String(), err)
} else {
log.Debugln("[Process] %s from process %s", metadata.String(), path)
metadata.ProcessPath = path
}
}
}
if rule.Match(metadata) {
adapter, ok := proxies[rule.Adapter()]
if !ok {