EternalARK
commented
4 months ago
Functionality preview.
Closed EternalARK closed 1 month ago
EternalARK
commented
4 months ago
Functionality preview.
vernesong
commented
3 months ago Could not start on my router 1、capsh cannot set CAP_PERFMON,cap_bpf 2、I do not know what package need to installed for kernel on openwrt to make bpf work, should firgueed in makefile
EternalARK
commented
3 months ago Could not start on my router 1、capsh cannot set CAP_PERFMON,cap_bpf 2、I do not know what package need to installe for kernel on openwrt to make bpf work, should firgueed in makefile
Yes, this functionality requires some kernel capabilities. Perhaps you need to recompile the kernel. But without kernel capabilities I thought capsh can perform enable. I will add code to switch capability sets for system configures.
vernesong
commented
3 months ago
meta core:
level=error msg="Attached tc ebpf program error: cannot add clsact qdisc: no such file or directory"
premium core:
No client connections into the core when enabledmeta core: level=error msg="Attached tc ebpf program error: cannot add clsact qdisc: no such file or directory" premium core: No client connections into the core when enabled
Your kernel does not support ebpf. You should re-edit configure page settings and program will omit ebpf configurations I guess.
EternalARK
commented
3 months ago meta core: level=error msg="Attached tc ebpf program error: cannot add clsact qdisc: no such file or directory" premium core: No client connections into the core when enabledmeta core: level=error msg="Attached tc ebpf program error: cannot add clsact qdisc: no such file or directory" premium core: No client connections into the core when enabled
And it only supports meta core I guess. Never tried on premium core.
vernesong
commented
3 months ago are you sure it works for you? you code is defined the firewall rule always works
EternalARK
commented
3 months ago are you sure it works for you? you code is defined the firewall rule always works
I will do more reliability research. According to ebpf's handling, no firewall redirect should be needed, it will dial all conections out of selected interface through the program before firewall procedure. And I've tested it's true. But I've asked upperstream that DIRECT method cannot accept passthrough so likely it will not improve performance.
EternalARK
commented
3 months ago are you sure it works for you? you code is defined the firewall rule always works
I will do more reliability research. According to ebpf's handling, no firewall redirect should be needed, it will dial all conections out of selected interface through the program before firewall procedure. And I've tested it's true. But I've asked upperstream that DIRECT method cannot accept passthrough so likely it will not improve performance.
are you sure it works for you? you code is defined the firewall rule always works
And it's already been changed I guess.
EternalARK
commented
3 months ago I've compiled and run it on my arm router. It should be fine by now.
EternalARK
commented
3 months ago luci-app-openclash_0.46.015-beta_all.zip Try it in case you want.
EternalARK
commented
2 months ago Please tell me if I should do more work to adapt ebpf functionality. In the future I will alter Clash Meta to impove DIRECT route out of tunnel therefore you don't need to update openclash to bypass traffic, it would be done inside clash and complete through ebpf preroute traffic program.
ydoKFVJQDymJcb
commented
1 month ago
Basic functionalities were enabled. Firewall rules can be simplified in order to reduce firewall workload.