feat: only load part of programs for bind to wan only

component/control/bpf_utils.go

@@ -98,12 +98,28 @@ func BatchUpdate(m *ebpf.Map, keys interface{}, values interface{}, opts *ebpf.B
 
 type bpfObjectsLan struct {
 	// NOTICE: Consider to update me if any program added.
+	//bpfPrograms
 	TproxyEgress  *ebpf.Program `ebpf:"tproxy_egress"`
 	TproxyIngress *ebpf.Program `ebpf:"tproxy_ingress"`
 
 	bpfMaps
 }
 
+type bpfObjectsWan struct {
+	// NOTICE: Consider to update me if any program added.
+	//bpfPrograms
+	Inet6Bind        *ebpf.Program `ebpf:"inet6_bind"`
+	InetAutobind     *ebpf.Program `ebpf:"inet_autobind"`
+	InetBind         *ebpf.Program `ebpf:"inet_bind"`
+	InetRelease      *ebpf.Program `ebpf:"inet_release"`
+	InetSendPrepare  *ebpf.Program `ebpf:"inet_send_prepare"`
+	TcpConnect       *ebpf.Program `ebpf:"tcp_connect"`
+	TproxyWanEgress  *ebpf.Program `ebpf:"tproxy_wan_egress"`
+	TproxyWanIngress *ebpf.Program `ebpf:"tproxy_wan_ingress"`
+
+	bpfMaps
+}
+
 func AssignBpfObjects(to *bpfObjects, from interface{}) {
 	vTo := reflect.Indirect(reflect.ValueOf(to))
 	vFrom := reflect.Indirect(reflect.ValueOf(from))

component/control/control_plane.go

@@ -65,12 +65,21 @@ func NewControlPlane(
 	dnsUpstream string,
 	checkUrl string,
 	checkInterval time.Duration,
-	onlyBindLanInterface bool,
+	bindLan bool,
+	bindWan bool,
 ) (c *ControlPlane, err error) {
 	kernelVersion, e := internal.KernelVersion()
 	if e != nil {
 		return nil, fmt.Errorf("failed to get kernel version: %w", e)
 	}
+	if kernelVersion.Less(consts.BasicFeatureVersion) {
+		return nil, fmt.Errorf("your kernel version %v does not satisfy basic requirement; expect >=%v", c.kernelVersion.String(), consts.BasicFeatureVersion.String())
+	}
+	if bindWan && kernelVersion.Less(consts.FtraceFeatureVersion) {
+		// Not support ftrace (fentry/fexit).
+		// PID bypass needs it.
+		return nil, fmt.Errorf("your kernel version %v does not support bind to WAN; expect >=%v; remove wan_interface in config file and try again", c.kernelVersion.String(), consts.FtraceFeatureVersion.String())
+	}
 
 	// Allow the current process to lock memory for eBPF resources.
 	if err = rlimit.RemoveMemlock(); err != nil {
@@ -87,10 +96,13 @@ func NewControlPlane(
 			LogLevel: ebpf.LogLevelStats,
 		}
 	}
-	var obj interface{} = &bpf
-	if kernelVersion.Less(consts.FtraceFeatureVersion) || onlyBindLanInterface {
+	var obj interface{} = &bpf // Bind both LAN and WAN.
+	if bindLan && !bindWan {
 		// Trick. Replace the beams with rotten timbers.
 		obj = &bpfObjectsLan{}
+	} else if !bindLan && bindWan {
+		// Trick. Replace the beams with rotten timbers.
+		obj = &bpfObjectsWan{}
 	}
 retryLoadBpf:
 	if err = loadBpfObjects(obj, &ebpf.CollectionOptions{
@@ -388,12 +400,6 @@ func (c *ControlPlane) BindLan(ifname string) error {
 }
 
 func (c *ControlPlane) BindWan(ifname string) error {
-	if c.kernelVersion.Less(consts.FtraceFeatureVersion) {
-		// Not support ftrace (fentry/fexit).
-		// PID bypass needs it.
-		return fmt.Errorf("your kernel version %v does not support bind to WAN; expect >=%v; remove wan_interface in config file and try again", c.kernelVersion.String(), consts.FtraceFeatureVersion.String())
-	}
-
 	link, err := netlink.LinkByName(ifname)
 	if err != nil {
 		return err