Environment
Arch + clash-verge
Cause
Found out that I had never successfully turned on TUN (not using clash for win, stay away from electron)
Checking
First, open tun, check all the parameters, and then.
After checking the log, I found that it was a permission problem, and after a quick check
Next,setcapneeds to be executed so that clash can bind privileged ports and create tun devices under non-root privileges.
Here clash can be replaced with clash-meta, two different kernels.
set cap
Parameter meaning
CAP_NET_BIND_SERVICE: allows binding to ports smaller than 1024
CAP_NET_ADMIN: allows network management tasks to be performed
+ep Explanation.
cap_effective (e),cap_inheritable (i),cap_permitted (p)
- cap_effective: When a process wants to perform a privileged operation, the operating system checks if the corresponding bit of cap_effective is valid, instead of checking if the process has a valid UID of 0.
For example, if a process wants to set the system clock, the Linux kernel will check if the CAP_SYS_TIME bit (bit 25) of cap_effective is valid.
- cap_permitted: indicates the capabilities that the process can use. cap_permitted can contain capabilities that are not in cap_effective, which are temporarily dropped by the process itself, or cap_effective is a subset of cap_permitted.
- cap_inheritable: indicates a capability that can be inherited by the current process.
So the meaning of the directive is to give and make capable the net binding, net management privileges.
类比 chmod +x
Effect
花絮
Looked at the author, AMD, or a contributor to clash.
I pinged Google with termux on my phone and found that I could ping through, and when I looked in the settings, the default was to route all traffic. I'd like to pay tribute to Kr328
https://github.com/Kr328
