dae/.github/workflows/kernel-test.yml

name: Kernel Test

on:
  pull_request:
    paths:
      - "**/*.go"
      - "**/*.c"
      - "**/*.h"
      - "go.mod"
      - "go.sum"
      - ".github/workflows/kernel-test.yml"

jobs:

  build:
    runs-on: ubuntu-22.04
    steps:
    - uses: actions/checkout@v4

    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        cache-dependency-path: |
          go.mod
          go.sum
        go-version: 1.22.4

    - name: Generate and build
      run: |
        git submodule update --init
        make GOFLAGS="-buildvcs=false" CC=clang

    - name: Store executable
      uses: actions/upload-artifact@v4
      with:
        name: dae
        path: dae

  test:
    runs-on: ubuntu-22.04
    name: Test
    needs: build
    strategy:
      fail-fast: false
      matrix:
        kernel: [ '6.1-20240305.092417', '6.6-20240305.092417' ]
    timeout-minutes: 10
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11

      - name: Retrieve stored executable
        uses: actions/download-artifact@v4.1.4
        with:
          name: dae
          path: dae

      - name: Provision LVH VMs
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          test-name: dae-test
          image-version: ${{ matrix.kernel }}
          host-mount: ./
          dns-resolver: '1.1.1.1'
          install-dependencies: 'true'
          cmd: |
            chmod +x /host/dae/dae

            apt update
            apt install -y unzip

      - name: Setup network
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex

            docker network create --ipv6 --subnet 2001:0DB8::/112 dae
            docker run -td --name v2ray --privileged --network dae -v /host:/host ubuntu:22.04 bash
            docker run -td --name dae --privileged --network dae -v /host:/host -v /sys:/sys ubuntu:22.04 bash

      - name: Setup v2ray server
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex
            cd /host

            curl -OL https://github.com/v2fly/v2ray-core/releases/download/v4.31.0/v2ray-linux-64.zip
            unzip v2ray-linux-64.zip
            docker cp ./v2ray v2ray:/usr/bin
            docker cp ./v2ctl v2ray:/usr/bin

            cat > ./v2ray.json <<!
            {
                "log": {
                    "access": "/host/v2ray.access.log",
                    "error": "/host/v2ray.error.log",
                    "loglevel": "warning"
                },
                "inbound": {
                    "port": 23333,
                    "protocol": "vmess",
                    "settings": {
                        "clients": [
                            {
                                "id": "b004539e-0d7b-7996-c378-fb040e42de70",
                                "level": 0,
                                "alterId": 0
                            }
                        ]
                    }
                },
                "outbound": {
                    "protocol": "freedom",
                    "settings": {}
                },
                "inboundDetour": [],
                "outboundDetour": []
            }
            !

            nohup docker exec v2ray v2ray -c /host/v2ray.json &> v2ray.log &
            sleep 5s
            cat v2ray.log

            echo '{"v":"2","ps":"test","add":"v2ray","port":"23333","id":"b004539e-0d7b-7996-c378-fb040e42de70","aid":"0","net":"tcp","tls":"","type":"none","path":"","host":"v2ray"}' > vmess.json

      - name: Setup dae server
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex
            cd /host

            docker exec dae apt update
            docker exec dae apt install -y curl dnsutils netcat

            vmess_link=$(base64 -w0 vmess.json)
            cat > ./conf.dae <<!
            global {
                tproxy_port: 12345
                log_level: trace

                lan_interface: auto
                wan_interface: auto
                allow_insecure: false
                auto_config_kernel_parameter: true
            }

            node {
                local: 'vmess://\$vmess_link'
            }

            group {
                proxy {
                    policy: min_moving_avg
                }
            }

            routing {
                pname(dae) -> direct
                fallback: proxy
            }
            !

            chmod 600 ./conf.dae
            nohup docker exec dae /host/dae/dae run -c /host/conf.dae &> dae.log &
            sleep 5s
            cat dae.log

      - name: Check WAN IPv4 TCP
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex

            docker exec dae curl 1.1.1.1:443
            cat /host/dae.log | grep -F -- '-> 1.1.1.1:443'
            cat /host/v2ray.access.log | grep -q 'accepted tcp:1.1.1.1:443'

      - name: Check WAN IPv4 UDP
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex

            docker exec dae dig @1.1.1.1 one.one.one.one
            cat /host/dae.log | grep -F -- '-> 1.1.1.1:53'
            cat /host/v2ray.access.log | grep -q 'accepted udp:1.1.1.1:53'

      - name: Check WAN IPv6 TCP
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex

            docker exec dae nc -v -w1 2606:4700:4700::1111 443 &> /host/nc.log
            cat /host/nc.log | grep -q 'succeeded!'
            cat /host/dae.log | grep -F -- '-> [2606:4700:4700::1111]:443'

      - name: Check WAN IPv6 UDP
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex

            docker exec dae dig @2606:4700:4700::1111 one.one.one.one
            cat /host/dae.log | grep -F -- '-> [2606:4700:4700::1111]:53'

      - name: Setup WAN UDP port conflict
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex

            docker restart -t0 dae v2ray
            nohup docker exec v2ray v2ray -c /host/v2ray.json &> v2ray.log &
            nohup docker exec dae /host/dae/dae run -c /host/conf.dae &> dae.log &
            sleep 5s
            nohup docker exec dae nc -lu 53 &> nc.log &

      - name: Check WAN IPv4 UDP with port conflict
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex

            docker exec dae dig @1.1.1.1 one.one.one.one
            cat /host/dae.log | grep -F -- '-> 1.1.1.1:53'
            cat /host/v2ray.access.log | grep -q 'accepted udp:1.1.1.1:53'

      - name: Check WAN IPv6 UDP with port conflict
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex

            docker exec dae dig @2606:4700:4700::1111 one.one.one.one
            cat /host/dae.log | grep -F -- '-> [2606:4700:4700::1111]:53'

      - name: Setup LAN
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex
            cd /host

            docker restart -t0 dae
            docker exec dae apt install -y iproute2 iptables iputils-ping

            cat >lan.bash <<!
            set -ex

            ip net a dae
            ip l a dae-veth type veth peer name dae-veth-peer
            ip l s dae-veth-peer up
            ip l s dae-veth netns dae
            ip net e dae ip l s dae-veth up
            ip r a 10.0.0.1 dev dae-veth-peer
            ip net e dae ip a a 10.0.0.1 dev dae-veth
            ip net e dae ip r a 169.254.0.1 dev dae-veth
            ip net e dae ip r a default via 169.254.0.1 dev dae-veth

            sysctl net.ipv6.conf.dae-veth-peer.disable_ipv6=0
            ip -6 r a fd00:ffff::1 dev dae-veth-peer
            ip -6 a a fe80::ecee:eeff:feee:eeee dev dae-veth-peer
            ip net e dae ip -6 a a fd00:ffff::1 dev dae-veth
            ip net e dae ip -6 r r default via fe80::ecee:eeff:feee:eeee dev dae-veth

            sysctl net.ipv4.conf.dae-veth-peer.proxy_arp=1
            sysctl net.ipv4.conf.dae-veth-peer.rp_filter=2
            iptables-legacy -t nat -A POSTROUTING -s 10.0.0.1/32 -j MASQUERADE
            !
            docker exec dae bash /host/lan.bash

            docker exec dae ping -c1 10.0.0.1
            docker exec dae ip net e dae curl 1.0.0.1
            docker exec dae ping -c1 fd00:ffff::1

            docker exec dae sysctl net.ipv4.conf.dae-veth-peer.send_redirects=0
            docker exec dae sysctl net.ipv6.conf.dae-veth-peer.forwarding=1

            vmess_link=$(base64 -w0 vmess.json)
            cat > ./conf.dae <<!
            global {
                tproxy_port: 12345
                log_level: trace

                lan_interface: dae-veth-peer
                wan_interface: dae-veth-peer,eth0
                allow_insecure: false
                auto_config_kernel_parameter: true
            }

            node {
                local: 'vmess://\$vmess_link'
            }

            group {
                proxy {
                    policy: min_moving_avg
                }
            }

            routing {
                pname(dae) -> direct
                fallback: proxy
            }
            !

            chmod 600 ./conf.dae
            nohup docker exec dae /host/dae/dae run -c /host/conf.dae &> dae.log &
            sleep 5s
            cat dae.log

      - name: Check LAN IPv4 TCP
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex

            docker exec dae ip net e dae curl 1.0.0.1
            cat /host/dae.log | grep -F -- '-> 1.0.0.1:80'
            cat /host/v2ray.access.log | grep -q 'accepted tcp:1.0.0.1:80'

      - name: Check LAN IPv4 UDP
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex

            docker exec dae ip net e dae dig @8.8.4.4 one.one.one.one
            cat /host/dae.log | grep -F -- '-> 8.8.4.4:53'
            cat /host/v2ray.access.log | grep -q 'accepted udp:8.8.4.4:53'

      - name: Check LAN IPv6 TCP
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex

            docker exec dae ip net e dae nc -v -w1 2606:4700:4700::1001 80 &> /host/nc.log
            cat /host/nc.log | grep -q 'succeeded!'
            cat /host/dae.log | grep -F -- '-> [2606:4700:4700::1001]:80'

      - name: Check LAN IPv6 UDP
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex

            docker exec dae ip net e dae dig @2001:4860:4860::8844 one.one.one.one
            cat /host/dae.log | grep -F -- '-> [2001:4860:4860::8844]:53'

      - name: Setup LAN UDP port conflict
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex

            docker restart -t0 dae v2ray

            docker exec dae rm -f /var/run/netns/dae
            docker exec dae bash /host/lan.bash
            docker exec dae sysctl net.ipv4.conf.dae-veth-peer.send_redirects=0
            docker exec dae sysctl net.ipv6.conf.dae-veth-peer.forwarding=1

            nohup docker exec v2ray v2ray -c /host/v2ray.json &> v2ray.log &
            nohup docker exec dae /host/dae/dae run -c /host/conf.dae &> dae.log &
            sleep 5s
            nohup docker exec dae nc -lu 53 &> nc.log &

      - name: Check LAN IPv4 UDP with port conflict
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex

            docker exec dae ip net e dae dig @8.8.4.4 one.one.one.one
            cat /host/dae.log | grep -F -- '-> 8.8.4.4:53'
            cat /host/v2ray.access.log | grep -q 'accepted udp:8.8.4.4:53'

      - name: Check LAN IPv6 UDP with port conflict
        uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16
        with:
          provision: 'false'
          cmd: |
            set -ex

            docker exec dae ip net e dae dig @2001:4860:4860::8844 one.one.one.one
            cat /host/dae.log | grep -F -- '-> [2001:4860:4860::8844]:53'
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`name: Kernel Test`

			`on:`
			`pull_request:`
			`paths:`
			`- "*/.go"`
			`- "*/.c"`
			`- "*/.h"`
			`- "go.mod"`
			`- "go.sum"`
			`- ".github/workflows/kernel-test.yml"`

			`jobs:`

			`build:`
			`runs-on: ubuntu-22.04`
			`steps:`
ci: update ci modules using nodejs to latest (#465) Co-authored-by: Markson Hon <markson@nixos.local> Co-authored-by: Markson Hon <markson@localhost.lan> 2024-03-02 18:26:46 +07:00			`- uses: actions/checkout@v4`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00
			`- name: Set up Go`
ci: update ci modules using nodejs to latest (#465) Co-authored-by: Markson Hon <markson@nixos.local> Co-authored-by: Markson Hon <markson@localhost.lan> 2024-03-02 18:26:46 +07:00			`uses: actions/setup-go@v5`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`with:`
ci: update ci modules using nodejs to latest (#465) Co-authored-by: Markson Hon <markson@nixos.local> Co-authored-by: Markson Hon <markson@localhost.lan> 2024-03-02 18:26:46 +07:00			`cache-dependency-path: \|`
			`go.mod`
			`go.sum`
feat: Add support for hysteria2 dialer and protocol (#533) Co-authored-by: mzz <2017@duck.com> 2024-06-16 19:41:27 +07:00			`go-version: 1.22.4`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00
			`- name: Generate and build`
			`run: \|`
			`git submodule update --init`
			`make GOFLAGS="-buildvcs=false" CC=clang`

			`- name: Store executable`
ci: update ci modules using nodejs to latest (#465) Co-authored-by: Markson Hon <markson@nixos.local> Co-authored-by: Markson Hon <markson@localhost.lan> 2024-03-02 18:26:46 +07:00			`uses: actions/upload-artifact@v4`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`with:`
			`name: dae`
			`path: dae`

			`test:`
			`runs-on: ubuntu-22.04`
			`name: Test`
			`needs: build`
			`strategy:`
			`fail-fast: false`
			`matrix:`
refactor/optimize(bpf): rework bpf route with bpf_loop (#580) 2024-10-30 00:06:13 +07:00			`kernel: [ '6.1-20240305.092417', '6.6-20240305.092417' ]`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`timeout-minutes: 10`
			`steps:`
			`- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11`

			`- name: Retrieve stored executable`
ci: update ci modules using nodejs to latest (#465) Co-authored-by: Markson Hon <markson@nixos.local> Co-authored-by: Markson Hon <markson@localhost.lan> 2024-03-02 18:26:46 +07:00			`uses: actions/download-artifact@v4.1.4`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`with:`
			`name: dae`
			`path: dae`

			`- name: Provision LVH VMs`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`with:`
			`test-name: dae-test`
			`image-version: ${{ matrix.kernel }}`
			`host-mount: ./`
			`dns-resolver: '1.1.1.1'`
			`install-dependencies: 'true'`
			`cmd: \|`
			`chmod +x /host/dae/dae`

ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`apt update`
			`apt install -y unzip`

			`- name: Setup network`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`

ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`docker network create --ipv6 --subnet 2001:0DB8::/112 dae`
			`docker run -td --name v2ray --privileged --network dae -v /host:/host ubuntu:22.04 bash`
			`docker run -td --name dae --privileged --network dae -v /host:/host -v /sys:/sys ubuntu:22.04 bash`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`- name: Setup v2ray server`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`cd /host`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`curl -OL https://github.com/v2fly/v2ray-core/releases/download/v4.31.0/v2ray-linux-64.zip`
			`unzip v2ray-linux-64.zip`
			`docker cp ./v2ray v2ray:/usr/bin`
			`docker cp ./v2ctl v2ray:/usr/bin`

			`cat > ./v2ray.json <<!`
			`{`
			`"log": {`
			`"access": "/host/v2ray.access.log",`
			`"error": "/host/v2ray.error.log",`
			`"loglevel": "warning"`
			`},`
			`"inbound": {`
			`"port": 23333,`
			`"protocol": "vmess",`
			`"settings": {`
			`"clients": [`
			`{`
			`"id": "b004539e-0d7b-7996-c378-fb040e42de70",`
			`"level": 0,`
			`"alterId": 0`
			`}`
			`]`
			`}`
			`},`
			`"outbound": {`
			`"protocol": "freedom",`
			`"settings": {}`
			`},`
			`"inboundDetour": [],`
			`"outboundDetour": []`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`}`
			`!`

ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`nohup docker exec v2ray v2ray -c /host/v2ray.json &> v2ray.log &`
			`sleep 5s`
			`cat v2ray.log`

			`echo '{"v":"2","ps":"test","add":"v2ray","port":"23333","id":"b004539e-0d7b-7996-c378-fb040e42de70","aid":"0","net":"tcp","tls":"","type":"none","path":"","host":"v2ray"}' > vmess.json`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00
			`- name: Setup dae server`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`cd /host`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00
			`docker exec dae apt update`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`docker exec dae apt install -y curl dnsutils netcat`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`vmess_link=$(base64 -w0 vmess.json)`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`cat > ./conf.dae <<!`
			`global {`
			`tproxy_port: 12345`
			`log_level: trace`

			`lan_interface: auto`
			`wan_interface: auto`
			`allow_insecure: false`
Use bpf_sk_assign at tproxy_wan_ingress (#383) 2024-01-01 18:28:10 +07:00			`auto_config_kernel_parameter: true`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`}`

			`node {`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`local: 'vmess://\$vmess_link'`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`}`

			`group {`
			`proxy {`
			`policy: min_moving_avg`
			`}`
			`}`

			`routing {`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`pname(dae) -> direct`
			`fallback: proxy`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`}`
			`!`

			`chmod 600 ./conf.dae`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`nohup docker exec dae /host/dae/dae run -c /host/conf.dae &> dae.log &`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`sleep 5s`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`cat dae.log`

			`- name: Check WAN IPv4 TCP`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`

			`docker exec dae curl 1.1.1.1:443`
			`cat /host/dae.log \| grep -F -- '-> 1.1.1.1:443'`
			`cat /host/v2ray.access.log \| grep -q 'accepted tcp:1.1.1.1:443'`

			`- name: Check WAN IPv4 UDP`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`

			`docker exec dae dig @1.1.1.1 one.one.one.one`
			`cat /host/dae.log \| grep -F -- '-> 1.1.1.1:53'`
			`cat /host/v2ray.access.log \| grep -q 'accepted udp:1.1.1.1:53'`

			`- name: Check WAN IPv6 TCP`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`

			`docker exec dae nc -v -w1 2606:4700:4700::1111 443 &> /host/nc.log`
			`cat /host/nc.log \| grep -q 'succeeded!'`
			`cat /host/dae.log \| grep -F -- '-> [2606:4700:4700::1111]:443'`

			`- name: Check WAN IPv6 UDP`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`

			`docker exec dae dig @2606:4700:4700::1111 one.one.one.one`
			`cat /host/dae.log \| grep -F -- '-> [2606:4700:4700::1111]:53'`

			`- name: Setup WAN UDP port conflict`
			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`

			`docker restart -t0 dae v2ray`
			`nohup docker exec v2ray v2ray -c /host/v2ray.json &> v2ray.log &`
			`nohup docker exec dae /host/dae/dae run -c /host/conf.dae &> dae.log &`
			`sleep 5s`
			`nohup docker exec dae nc -lu 53 &> nc.log &`

			`- name: Check WAN IPv4 UDP with port conflict`
			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`

			`docker exec dae dig @1.1.1.1 one.one.one.one`
			`cat /host/dae.log \| grep -F -- '-> 1.1.1.1:53'`
			`cat /host/v2ray.access.log \| grep -q 'accepted udp:1.1.1.1:53'`

			`- name: Check WAN IPv6 UDP with port conflict`
			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`

bpf: Don't clear checksum on wan_egress (#393) 2024-01-01 19:40:23 +07:00			`docker exec dae dig @2606:4700:4700::1111 one.one.one.one`
			`cat /host/dae.log \| grep -F -- '-> [2606:4700:4700::1111]:53'`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00
			`- name: Setup LAN`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`
			`cd /host`

			`docker restart -t0 dae`
			`docker exec dae apt install -y iproute2 iptables iputils-ping`

			`cat >lan.bash <<!`
			`set -ex`

			`ip net a dae`
			`ip l a dae-veth type veth peer name dae-veth-peer`
			`ip l s dae-veth-peer up`
			`ip l s dae-veth netns dae`
			`ip net e dae ip l s dae-veth up`
			`ip r a 10.0.0.1 dev dae-veth-peer`
			`ip net e dae ip a a 10.0.0.1 dev dae-veth`
			`ip net e dae ip r a 169.254.0.1 dev dae-veth`
			`ip net e dae ip r a default via 169.254.0.1 dev dae-veth`

			`sysctl net.ipv6.conf.dae-veth-peer.disable_ipv6=0`
			`ip -6 r a fd00:ffff::1 dev dae-veth-peer`
			`ip -6 a a fe80::ecee:eeff:feee:eeee dev dae-veth-peer`
			`ip net e dae ip -6 a a fd00:ffff::1 dev dae-veth`
			`ip net e dae ip -6 r r default via fe80::ecee:eeff:feee:eeee dev dae-veth`

			`sysctl net.ipv4.conf.dae-veth-peer.proxy_arp=1`
			`sysctl net.ipv4.conf.dae-veth-peer.rp_filter=2`
			`iptables-legacy -t nat -A POSTROUTING -s 10.0.0.1/32 -j MASQUERADE`
			`!`
			`docker exec dae bash /host/lan.bash`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`docker exec dae ping -c1 10.0.0.1`
			`docker exec dae ip net e dae curl 1.0.0.1`
			`docker exec dae ping -c1 fd00:ffff::1`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`docker exec dae sysctl net.ipv4.conf.dae-veth-peer.send_redirects=0`
			`docker exec dae sysctl net.ipv6.conf.dae-veth-peer.forwarding=1`

			`vmess_link=$(base64 -w0 vmess.json)`
			`cat > ./conf.dae <<!`
			`global {`
			`tproxy_port: 12345`
			`log_level: trace`

			`lan_interface: dae-veth-peer`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`wan_interface: dae-veth-peer,eth0`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`allow_insecure: false`
Use bpf_sk_assign at tproxy_wan_ingress (#383) 2024-01-01 18:28:10 +07:00			`auto_config_kernel_parameter: true`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`}`

			`node {`
			`local: 'vmess://\$vmess_link'`
			`}`

			`group {`
			`proxy {`
			`policy: min_moving_avg`
			`}`
			`}`

			`routing {`
			`pname(dae) -> direct`
			`fallback: proxy`
			`}`
			`!`

			`chmod 600 ./conf.dae`
			`nohup docker exec dae /host/dae/dae run -c /host/conf.dae &> dae.log &`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`sleep 5s`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`cat dae.log`

ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`- name: Check LAN IPv4 TCP`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`

			`docker exec dae ip net e dae curl 1.0.0.1`
			`cat /host/dae.log \| grep -F -- '-> 1.0.0.1:80'`
			`cat /host/v2ray.access.log \| grep -q 'accepted tcp:1.0.0.1:80'`

			`- name: Check LAN IPv4 UDP`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`

			`docker exec dae ip net e dae dig @8.8.4.4 one.one.one.one`
			`cat /host/dae.log \| grep -F -- '-> 8.8.4.4:53'`
			`cat /host/v2ray.access.log \| grep -q 'accepted udp:8.8.4.4:53'`

			`- name: Check LAN IPv6 TCP`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`

			`docker exec dae ip net e dae nc -v -w1 2606:4700:4700::1001 80 &> /host/nc.log`
			`cat /host/nc.log \| grep -q 'succeeded!'`
			`cat /host/dae.log \| grep -F -- '-> [2606:4700:4700::1001]:80'`

			`- name: Check LAN IPv6 UDP`
feat(bpf): implement stack bypass (#458) Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com> 2024-03-01 17:27:02 +07:00			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`

			`docker exec dae ip net e dae dig @2001:4860:4860::8844 one.one.one.one`
			`cat /host/dae.log \| grep -F -- '-> [2001:4860:4860::8844]:53'`

			`- name: Setup LAN UDP port conflict`
			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`

			`docker restart -t0 dae v2ray`

			`docker exec dae rm -f /var/run/netns/dae`
			`docker exec dae bash /host/lan.bash`
			`docker exec dae sysctl net.ipv4.conf.dae-veth-peer.send_redirects=0`
			`docker exec dae sysctl net.ipv6.conf.dae-veth-peer.forwarding=1`

			`nohup docker exec v2ray v2ray -c /host/v2ray.json &> v2ray.log &`
			`nohup docker exec dae /host/dae/dae run -c /host/conf.dae &> dae.log &`
			`sleep 5s`
			`nohup docker exec dae nc -lu 53 &> nc.log &`

			`- name: Check LAN IPv4 UDP with port conflict`
			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`

			`docker exec dae ip net e dae dig @8.8.4.4 one.one.one.one`
			`cat /host/dae.log \| grep -F -- '-> 8.8.4.4:53'`
			`cat /host/v2ray.access.log \| grep -q 'accepted udp:8.8.4.4:53'`

			`- name: Check LAN IPv6 UDP with port conflict`
			`uses: cilium/little-vm-helper@9d758b756305e83718a51b792a5aeabd022a39ec # v0.0.16`
ci: Test against various kernels on PR (#373) 2023-12-19 22:05:03 +07:00			`with:`
			`provision: 'false'`
			`cmd: \|`
			`set -ex`

ci: Add more kernel tests (#386) 2024-01-01 15:13:48 +07:00			`docker exec dae ip net e dae dig @2001:4860:4860::8844 one.one.one.one`
			`cat /host/dae.log \| grep -F -- '-> [2001:4860:4860::8844]:53'`