//go:build !android && linux package ebpf import ( "fmt" "net/netip" "github.com/vishvananda/netlink" "github.com/Dreamacro/clash/common/cmd" "github.com/Dreamacro/clash/component/dialer" "github.com/Dreamacro/clash/component/ebpf/redir" "github.com/Dreamacro/clash/component/ebpf/tc" C "github.com/Dreamacro/clash/constant" ) // NewTcEBpfProgram new redirect to tun ebpf program func NewTcEBpfProgram(ifaceNames []string, tunName string) (*TcEBpfProgram, error) { tunIface, err := netlink.LinkByName(tunName) if err != nil { return nil, fmt.Errorf("lookup network iface %q: %w", tunName, err) } tunIndex := uint32(tunIface.Attrs().Index) dialer.DefaultRoutingMark.Store(C.ClashTrafficMark) ifMark := uint32(dialer.DefaultRoutingMark.Load()) var pros []C.EBpf for _, ifaceName := range ifaceNames { iface, err := netlink.LinkByName(ifaceName) if err != nil { return nil, fmt.Errorf("lookup network iface %q: %w", ifaceName, err) } if iface.Attrs().OperState != netlink.OperUp { return nil, fmt.Errorf("network iface %q is down", ifaceName) } attrs := iface.Attrs() index := attrs.Index tcPro := tc.NewEBpfTc(ifaceName, index, ifMark, tunIndex) if err = tcPro.Start(); err != nil { return nil, err } pros = append(pros, tcPro) } systemSetting(ifaceNames...) return &TcEBpfProgram{pros: pros, rawNICs: ifaceNames}, nil } // NewRedirEBpfProgram new auto redirect ebpf program func NewRedirEBpfProgram(ifaceNames []string, redirPort uint16, defaultRouteInterfaceName string) (*TcEBpfProgram, error) { defaultRouteInterface, err := netlink.LinkByName(defaultRouteInterfaceName) if err != nil { return nil, fmt.Errorf("lookup network iface %q: %w", defaultRouteInterfaceName, err) } defaultRouteIndex := uint32(defaultRouteInterface.Attrs().Index) var pros []C.EBpf for _, ifaceName := range ifaceNames { iface, err := netlink.LinkByName(ifaceName) if err != nil { return nil, fmt.Errorf("lookup network iface %q: %w", ifaceName, err) } attrs := iface.Attrs() index := attrs.Index addrs, err := netlink.AddrList(iface, netlink.FAMILY_V4) if err != nil { return nil, fmt.Errorf("lookup network iface %q address: %w", ifaceName, err) } if len(addrs) == 0 { return nil, fmt.Errorf("network iface %q does not contain any ipv4 addresses", ifaceName) } address, _ := netip.AddrFromSlice(addrs[0].IP) redirAddrPort := netip.AddrPortFrom(address, redirPort) redirPro := redir.NewEBpfRedirect(ifaceName, index, 0, defaultRouteIndex, redirAddrPort) if err = redirPro.Start(); err != nil { return nil, err } pros = append(pros, redirPro) } systemSetting(ifaceNames...) return &TcEBpfProgram{pros: pros, rawNICs: ifaceNames}, nil } func systemSetting(ifaceNames ...string) { _, _ = cmd.ExecCmd("sysctl -w net.ipv4.ip_forward=1") _, _ = cmd.ExecCmd("sysctl -w net.ipv4.conf.all.forwarding=1") _, _ = cmd.ExecCmd("sysctl -w net.ipv4.conf.all.accept_local=1") _, _ = cmd.ExecCmd("sysctl -w net.ipv4.conf.all.accept_redirects=1") _, _ = cmd.ExecCmd("sysctl -w net.ipv4.conf.all.rp_filter=0") for _, ifaceName := range ifaceNames { _, _ = cmd.ExecCmd(fmt.Sprintf("sysctl -w net.ipv4.conf.%s.forwarding=1", ifaceName)) _, _ = cmd.ExecCmd(fmt.Sprintf("sysctl -w net.ipv4.conf.%s.accept_local=1", ifaceName)) _, _ = cmd.ExecCmd(fmt.Sprintf("sysctl -w net.ipv4.conf.%s.accept_redirects=1", ifaceName)) _, _ = cmd.ExecCmd(fmt.Sprintf("sysctl -w net.ipv4.conf.%s.rp_filter=0", ifaceName)) } }