Closed EternalARK closed 1 month ago
Functionality preview.
Could not start on my router 1、capsh cannot set CAP_PERFMON,cap_bpf 2、I do not know what package need to installed for kernel on openwrt to make bpf work, should firgueed in makefile
Could not start on my router 1、capsh cannot set CAP_PERFMON,cap_bpf 2、I do not know what package need to installe for kernel on openwrt to make bpf work, should firgueed in makefile
Yes, this functionality requires some kernel capabilities. Perhaps you need to recompile the kernel. But without kernel capabilities I thought capsh can perform enable. I will add code to switch capability sets for system configures.
meta core:
level=error msg="Attached tc ebpf program error: cannot add clsact qdisc: no such file or directory"
premium core:
No client connections into the core when enabled
meta core: level=error msg="Attached tc ebpf program error: cannot add clsact qdisc: no such file or directory" premium core: No client connections into the core when enabled
Your kernel does not support ebpf. You should re-edit configure page settings and program will omit ebpf configurations I guess.
meta core: level=error msg="Attached tc ebpf program error: cannot add clsact qdisc: no such file or directory" premium core: No client connections into the core when enabled
meta core: level=error msg="Attached tc ebpf program error: cannot add clsact qdisc: no such file or directory" premium core: No client connections into the core when enabled
And it only supports meta core I guess. Never tried on premium core.
are you sure it works for you? you code is defined the firewall rule always works
are you sure it works for you? you code is defined the firewall rule always works
I will do more reliability research. According to ebpf's handling, no firewall redirect should be needed, it will dial all conections out of selected interface through the program before firewall procedure. And I've tested it's true. But I've asked upperstream that DIRECT method cannot accept passthrough so likely it will not improve performance.
are you sure it works for you? you code is defined the firewall rule always works
I will do more reliability research. According to ebpf's handling, no firewall redirect should be needed, it will dial all conections out of selected interface through the program before firewall procedure. And I've tested it's true. But I've asked upperstream that DIRECT method cannot accept passthrough so likely it will not improve performance.
are you sure it works for you? you code is defined the firewall rule always works
And it's already been changed I guess.
I've compiled and run it on my arm router. It should be fine by now.
luci-app-openclash_0.46.015-beta_all.zip Try it in case you want.
Please tell me if I should do more work to adapt ebpf functionality. In the future I will alter Clash Meta to impove DIRECT route out of tunnel therefore you don't need to update openclash to bypass traffic, it would be done inside clash and complete through ebpf preroute traffic program.
Basic functionalities were enabled. Firewall rules can be simplified in order to reduce firewall workload.