Enable eBPF support.

[EternalARK]

Basic functionalities were enabled. Firewall rules can be simplified in order to reduce firewall workload.

[EternalARK]

Functionality preview.

[vernesong]

Could not start on my router
1、capsh cannot set CAP_PERFMON,cap_bpf
2、I do not know what package need to installed for kernel on openwrt to make bpf work, should firgueed in makefile

[EternalARK]

Could not start on my router 1、capsh cannot set CAP_PERFMON,cap_bpf 2、I do not know what package need to installe for kernel on openwrt to make bpf work, should firgueed in makefile

Yes, this functionality requires some kernel capabilities. Perhaps you need to recompile the kernel. But without kernel capabilities I thought capsh can perform enable. I will add code to switch capability sets for system configures.

[vernesong]

meta core:
level=error msg="Attached tc ebpf program error: cannot add clsact qdisc: no such file or directory"

premium core:
No client connections into the core when enabled

[EternalARK]

meta core:
level=error msg="Attached tc ebpf program error: cannot add clsact qdisc: no such file or directory"

premium core:
No client connections into the core when enabled

Your kernel does not support ebpf. You should re-edit configure page settings and program will omit ebpf configurations I guess.

[EternalARK]

meta core:
level=error msg="Attached tc ebpf program error: cannot add clsact qdisc: no such file or directory"

premium core:
No client connections into the core when enabled

meta core:
level=error msg="Attached tc ebpf program error: cannot add clsact qdisc: no such file or directory"

premium core:
No client connections into the core when enabled

And it only supports meta core I guess. Never tried on premium core.

[vernesong]

are you sure it works for you? you code is defined the firewall rule always works

[EternalARK]

are you sure it works for you? you code is defined the firewall rule always works

I will do more reliability research. According to ebpf's handling, no firewall redirect should be needed, it will dial all conections out of selected interface through the program before firewall procedure. And I've tested it's true. But I've asked upperstream that DIRECT method cannot accept passthrough so likely it will not improve performance.

[EternalARK]

are you sure it works for you? you code is defined the firewall rule always works

I will do more reliability research. According to ebpf's handling, no firewall redirect should be needed, it will dial all conections out of selected interface through the program before firewall procedure. And I've tested it's true. But I've asked upperstream that DIRECT method cannot accept passthrough so likely it will not improve performance.

are you sure it works for you? you code is defined the firewall rule always works

And it's already been changed I guess.

[EternalARK]

I've compiled and run it on my arm router. It should be fine by now.

[EternalARK]

luci-app-openclash_0.46.015-beta_all.zip
Try it in case you want.

[EternalARK]

Please tell me if I should do more work to adapt ebpf functionality. In the future I will alter Clash Meta to impove DIRECT route out of tunnel therefore you don't need to update openclash to bypass traffic, it would be done inside clash and complete through ebpf preroute traffic program.

[ydoKFVJQDymJcb]

MetaCubeX/mihomo@0793998
...