fix: make fwmark linux-specific functionality

Author: sabify

cmd/outline-ss-server/config_example.yml

@@ -29,7 +29,7 @@ services:
         secret: Secret1
     dialer:
       # fwmark can be used in conjunction with other Linux networking features like cgroups, network namespaces, and TC (Traffic Control) for sophisticated network management.
-      # Value of 0 disables fwmark (SO_MARK)
+      # Value of 0 disables fwmark (SO_MARK) (Linux Only)
       fwmark: 0
   - listeners:
       - type: tcp

service/tcp.go

@@ -24,9 +24,7 @@ import (
 	"log/slog"
 	"net"
 	"net/netip"
-	"os"
 	"sync"
-	"syscall"
 	"time"
 
 	"github.com/Jigsaw-Code/outline-sdk/transport"
@@ -168,24 +166,6 @@ func NewStreamHandler(authenticate StreamAuthenticateFunc, timeout time.Duration
 	}
 }
 
-func MakeValidatingTCPStreamDialer(targetIPValidator onet.TargetIPValidator, fwmark uint) transport.StreamDialer {
-	return &transport.TCPDialer{Dialer: net.Dialer{Control: func(network, address string, c syscall.RawConn) error {
-		if fwmark > 0 {
-			err := c.Control(func(fd uintptr) {
-				err := syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_MARK, int(fwmark))
-				if err != nil {
-					slog.Error("Set fwmark failed.", "err", os.NewSyscallError("failed to set mark for TCP socket", err))
-				}
-			})
-			if err != nil {
-				slog.Error("Set TCPDialer Control func failed.", "err", err)
-			}
-		}
-		ip, _, _ := net.SplitHostPort(address)
-		return targetIPValidator(net.ParseIP(ip))
-	}}}
-}
-
 // StreamHandler is a handler that handles stream connections.
 type StreamHandler interface {
 	Handle(ctx context.Context, conn transport.StreamConn, connMetrics TCPConnMetrics)

service/tcp_linux.go

@@ -0,0 +1,49 @@
+// Copyright 2018 Jigsaw Operations LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build linux
+
+package service
+
+import (
+	"log/slog"
+	"net"
+	"os"
+	"syscall"
+
+	"github.com/Jigsaw-Code/outline-sdk/transport"
+
+	onet "github.com/Jigsaw-Code/outline-ss-server/net"
+)
+
+// fwmark can be used in conjunction with other Linux networking features like cgroups, network namespaces, and TC (Traffic Control) for sophisticated network management.
+// Value of 0 disables fwmark (SO_MARK) (Linux Only)
+func MakeValidatingTCPStreamDialer(targetIPValidator onet.TargetIPValidator, fwmark uint) transport.StreamDialer {
+	return &transport.TCPDialer{Dialer: net.Dialer{Control: func(network, address string, c syscall.RawConn) error {
+		if fwmark > 0 {
+			err := c.Control(func(fd uintptr) {
+				err := syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_MARK, int(fwmark))
+				if err != nil {
+					slog.Error("Set fwmark failed.", "err", os.NewSyscallError("failed to set mark for TCP socket", err))
+				}
+			})
+			if err != nil {
+				slog.Error("Set TCPDialer Control func failed.", "err", err)
+				return err
+			}
+		}
+		ip, _, _ := net.SplitHostPort(address)
+		return targetIPValidator(net.ParseIP(ip))
+	}}}
+}

service/tcp_other.go

@@ -0,0 +1,35 @@
+// Copyright 2018 Jigsaw Operations LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build !linux
+
+package service
+
+import (
+	"net"
+	"syscall"
+
+	"github.com/Jigsaw-Code/outline-sdk/transport"
+
+	onet "github.com/Jigsaw-Code/outline-ss-server/net"
+)
+
+// fwmark can be used in conjunction with other Linux networking features like cgroups, network namespaces, and TC (Traffic Control) for sophisticated network management.
+// Value of 0 disables fwmark (SO_MARK) (Linux Only)
+func MakeValidatingTCPStreamDialer(targetIPValidator onet.TargetIPValidator, fwmark uint) transport.StreamDialer {
+	return &transport.TCPDialer{Dialer: net.Dialer{Control: func(network, address string, c syscall.RawConn) error {
+		ip, _, _ := net.SplitHostPort(address)
+		return targetIPValidator(net.ParseIP(ip))
+	}}}
+}

service/udp.go

@@ -20,10 +20,8 @@ import (
 	"log/slog"
 	"net"
 	"net/netip"
-	"os"
 	"runtime/debug"
 	"sync"
-	"syscall"
 	"time"
 
 	"github.com/Jigsaw-Code/outline-sdk/transport/shadowsocks"
@@ -98,31 +96,6 @@ func NewPacketHandler(natTimeout time.Duration, cipherList CipherList, m UDPMetr
 	return &packetHandler{natTimeout: natTimeout, ciphers: cipherList, m: m, ssm: ssMetrics, targetIPValidator: onet.RequirePublicIP, dialer: dialer}
 }
 
-// fwmark can be used in conjunction with other Linux networking features like cgroups, network namespaces, and TC (Traffic Control) for sophisticated network management.
-// Value of 0 disables fwmark (SO_MARK)
-func MakeTargetPacketListener(fwmark uint) UDPDialer {
-	return func() (net.PacketConn, *onet.ConnectionError) {
-		udpConn, err := net.ListenPacket("udp", "")
-		if err != nil {
-			return nil, onet.NewConnectionError("ERR_CREATE_SOCKET", "Failed to create UDP socket", err)
-		}
-
-		if fwmark > 0 {
-			file, err := udpConn.(*net.UDPConn).File()
-			if err != nil {
-				return nil, onet.NewConnectionError("ERR_CREATE_SOCKET", "Failed to get UDP socket file", err)
-			}
-			defer file.Close()
-
-			err = syscall.SetsockoptInt(int(file.Fd()), syscall.SOL_SOCKET, syscall.SO_MARK, int(fwmark))
-			if err != nil {
-				slog.Error("Set fwmark failed.", "err", os.NewSyscallError("failed to set mark for UDP socket", err))
-			}
-		}
-		return udpConn, nil
-	}
-}
-
 // PacketHandler is a running UDP shadowsocks proxy that can be stopped.
 type PacketHandler interface {
 	// SetTargetIPValidator sets the function to be used to validate the target IP addresses.

service/udp_linux.go

@@ -0,0 +1,56 @@
+// Copyright 2018 Jigsaw Operations LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build linux
+
+package service
+
+import (
+	"log/slog"
+	"net"
+	"os"
+	"syscall"
+
+	onet "github.com/Jigsaw-Code/outline-ss-server/net"
+)
+
+// fwmark can be used in conjunction with other Linux networking features like cgroups, network namespaces, and TC (Traffic Control) for sophisticated network management.
+// Value of 0 disables fwmark (SO_MARK) (Linux Only)
+func MakeTargetPacketListener(fwmark uint) UDPDialer {
+	return func() (net.PacketConn, *onet.ConnectionError) {
+		udpConn, err := net.ListenPacket("udp", "")
+		if err != nil {
+			return nil, onet.NewConnectionError("ERR_CREATE_SOCKET", "Failed to create UDP socket", err)
+		}
+
+		if fwmark > 0 {
+			rawConn, err := udpConn.(*net.UDPConn).SyscallConn()
+			if err != nil {
+				udpConn.Close()
+				return nil, onet.NewConnectionError("ERR_CREATE_SOCKET", "Failed to get UDP raw connection", err)
+			}
+			err = rawConn.Control(func(fd uintptr) {
+				err := syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_MARK, int(fwmark))
+				if err != nil {
+					slog.Error("Set fwmark failed.", "err", os.NewSyscallError("failed to set fwmark for UDP socket", err))
+				}
+			})
+			if err != nil {
+				udpConn.Close()
+				return nil, onet.NewConnectionError("ERR_CREATE_SOCKET", "Set UDPDialer Control func failed.", err)
+			}
+		}
+		return udpConn, nil
+	}
+}

service/udp_other.go

@@ -0,0 +1,35 @@
+// Copyright 2018 Jigsaw Operations LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build !linux
+
+package service
+
+import (
+	"net"
+
+	onet "github.com/Jigsaw-Code/outline-ss-server/net"
+)
+
+// fwmark can be used in conjunction with other Linux networking features like cgroups, network namespaces, and TC (Traffic Control) for sophisticated network management.
+// Value of 0 disables fwmark (SO_MARK)
+func MakeTargetPacketListener(fwmark uint) UDPDialer {
+	return func() (net.PacketConn, *onet.ConnectionError) {
+		udpConn, err := net.ListenPacket("udp", "")
+		if err != nil {
+			return nil, onet.NewConnectionError("ERR_CREATE_SOCKET", "Failed to create UDP socket", err)
+		}
+		return udpConn, nil
+	}
+}