feat: support to auto config kernel parameters

2025-01-22 02:07:50 +07:00 · 2023-03-25 17:16:24 +08:00 · 2023-03-25 17:16:24 +08:00 · 43d5d81858
commit 43d5d81858
parent 5d8fc85fd9
7 changed files with 84 additions and 36 deletions
--- a/config/config.go
+++ b/config/config.go
@ -17,15 +17,16 @@ type Global struct {
 	LogLevel   string `mapstructure:"log_level" default:"info"`
 	// We use DirectTcpCheckUrl to check (tcp)*(ipv4/ipv6) connectivity for direct.
 	//DirectTcpCheckUrl string `mapstructure:"direct_tcp_check_url" default:"http://www.qualcomm.cn/generate_204"`
-	TcpCheckUrl           string        `mapstructure:"tcp_check_url" default:"http://keep-alv.google.com/generate_204"`
-	UdpCheckDns           string        `mapstructure:"udp_check_dns" default:"dns.google:53"`
-	CheckInterval         time.Duration `mapstructure:"check_interval" default:"30s"`
-	CheckTolerance        time.Duration `mapstructure:"check_tolerance" default:"0"`
-	LanInterface          []string      `mapstructure:"lan_interface"`
-	WanInterface          []string      `mapstructure:"wan_interface"`
-	AllowInsecure         bool          `mapstructure:"allow_insecure" default:"false"`
-	DialMode              string        `mapstructure:"dial_mode" default:"domain"`
-	DisableWaitingNetwork bool          `mapstructure:"disable_waiting_network" default:"false"`
+	TcpCheckUrl               string        `mapstructure:"tcp_check_url" default:"http://keep-alv.google.com/generate_204"`
+	UdpCheckDns               string        `mapstructure:"udp_check_dns" default:"dns.google:53"`
+	CheckInterval             time.Duration `mapstructure:"check_interval" default:"30s"`
+	CheckTolerance            time.Duration `mapstructure:"check_tolerance" default:"0"`
+	LanInterface              []string      `mapstructure:"lan_interface"`
+	WanInterface              []string      `mapstructure:"wan_interface"`
+	AllowInsecure             bool          `mapstructure:"allow_insecure" default:"false"`
+	DialMode                  string        `mapstructure:"dial_mode" default:"domain"`
+	DisableWaitingNetwork     bool          `mapstructure:"disable_waiting_network" default:"false"`
+	AutoConfigKernelParameter bool          `mapstructure:"auto_config_kernel_parameter" default:"false"`
 }

 type FunctionOrString interface{}
--- a/config/desc.go
+++ b/config/desc.go
@ -49,7 +49,8 @@ var GlobalDesc = Desc{
 2. "domain". Dial proxy using the domain from sniffing. This will relieve DNS pollution problem to a great extent if have impure DNS environment. Generally, this mode brings faster proxy response time because proxy will re-resolve the domain in remote, thus get better IP result to connect. This policy does not impact routing. That is to say, domain rewrite will be after traffic split of routing and dae will not re-route it.
 3. "domain+". Based on domain mode but do not check the reality of sniffed domain. It is useful for users whose DNS requests do not go through dae but want faster proxy response time. Notice that, if DNS requests do not go through dae, dae cannot split traffic by domain.
 4. "domain++". Based on domain+ mode but force to re-route traffic using sniffed domain to partially recover domain based traffic split ability. It doesn't work for direct traffic and consumes more CPU resources.`,
-	"disable_waiting_network": "Disable waiting for network before pulling subscriptions.",
+	"disable_waiting_network":      "Disable waiting for network before pulling subscriptions.",
+	"auto_config_kernel_parameter": "Automatically configure Linux kernel parameters like ip_forward and send_redirects. Check out https://github.com/daeuniverse/dae/blob/main/docs/getting-started/kernel-parameters.md to see what will dae do.",
 }

 var DnsDesc = Desc{
--- a/control/control_plane.go
+++ b/control/control_plane.go
@ -188,8 +188,15 @@ func NewControlPlane(
 		if err = core.setupRoutingPolicy(); err != nil {
 			return nil, err
 		}
+		if global.AutoConfigKernelParameter {
+			_ = SetIpv4forward("1")
+		}
 		global.LanInterface = common.Deduplicate(global.LanInterface)
 		for _, ifname := range global.LanInterface {
+			if global.AutoConfigKernelParameter {
+				SetSendRedirects(ifname, "0")
+				SetForwarding(ifname, "1")
+			}
 			if err = core.bindLan(ifname); err != nil {
 				return nil, fmt.Errorf("bindLan: %v: %w", ifname, err)
 			}
--- a/control/utils.go
+++ b/control/utils.go
@ -10,9 +10,9 @@ import (
 	"encoding/binary"
 	"encoding/hex"
 	"fmt"
-	"github.com/mzz2017/softwind/netproxy"
 	"github.com/daeuniverse/dae/common"
 	"github.com/daeuniverse/dae/common/consts"
+	"github.com/mzz2017/softwind/netproxy"
 	"golang.org/x/sys/unix"
 	"net/netip"
 	"os"
@ -105,6 +105,28 @@ func CheckIpforward(ifname string) error {
 	return nil
 }

+func setForwarding(ifname string, ipversion consts.IpVersionStr, val string) error {
+	path := fmt.Sprintf("/proc/sys/net/ipv%v/conf/%v/forwarding", ipversion, ifname)
+	err := os.WriteFile(path, []byte(val), 0644)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func SetIpv4forward(val string) error {
+	err := os.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte(val), 0644)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func SetForwarding(ifname string, val string) {
+	_ = setForwarding(ifname, consts.IpVersionStr_4, val)
+	_ = setForwarding(ifname, consts.IpVersionStr_6, val)
+}
+
 func checkSendRedirects(ifname string, ipversion consts.IpVersionStr) error {
 	path := fmt.Sprintf("/proc/sys/net/ipv%v/conf/%v/send_redirects", ipversion, ifname)
 	b, err := os.ReadFile(path)
@ -124,6 +146,19 @@ func CheckSendRedirects(ifname string) error {
 	return nil
 }

+func setSendRedirects(ifname string, ipversion consts.IpVersionStr, val string) error {
+	path := fmt.Sprintf("/proc/sys/net/ipv%v/conf/%v/send_redirects", ipversion, ifname)
+	err := os.WriteFile(path, []byte(val), 0644)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func SetSendRedirects(ifname string, val string) {
+	_ = setSendRedirects(ifname, consts.IpVersionStr_4, val)
+}
+
 func MagicNetwork(network string, mark uint32) string {
 	if mark == 0 {
 		return network
--- a/docs/getting-started/README.md
+++ b/docs/getting-started/README.md
@ -54,31 +54,6 @@ Check them using command like:
 > **Note**
 > `Armbian` users can follow the [**Upgrade Guide**](./kernel-upgrade.md) to upgrade the kernel to meet the kernel configuration requirement.

-## Kernel Parameters
-
-If you set up dae as a router or other intermediate device and bind it to LAN interfaces, you need to adjust some linux kernel parameters to make everything work fine. By default, the latest Linux distributions have IP Forwarding `disabled`. In the case where we need to up a Linux router/gateway or a VPN server or simply a plain dial-in server, then we need to enable forwarding. Moreover, in order to keep our gateway position and keep correct downstream route table, we should disable `send-redirects`. Do the followings to adjust linux kernel parameters:
-
-For every LAN interfaces you want to proxy:
-
-```shell
-export lan_ifname=docker0
-
-sudo tee /etc/sysctl.d/60-dae-$lan_ifname.conf << EOF
-net.ipv4.conf.$lan_ifname.forwarding = 1
-net.ipv6.conf.$lan_ifname.forwarding = 1
-net.ipv4.conf.$lan_ifname.send_redirects = 0
-EOF
-sudo sysctl --system
-```
-
-It is also recommended to enable IPv4 forward to avoid weird situations:
-```shell
-echo "net.ipv4.ip_forward = 1" | sudo tee /etc/sysctl.d/60-ip-foward.conf
-sudo sysctl --system
-```
-
-Please modify `docker0` to your LAN interface.
-
 ## Installation

 ### Archlinux/Manjaro
@ -137,6 +112,7 @@ global {

  log_level: info
  allow_insecure: false
+  auto_config_kernel_parameter: true
 }

 subscription {
--- a/docs/getting-started/kernel-parameters.md
+++ b/docs/getting-started/kernel-parameters.md
@ -0,0 +1,24 @@
+# Configure Kernel Parameters
+
+If you set up dae as a router or other intermediate device and bind it to LAN interfaces, you need to adjust some linux kernel parameters to make everything work fine. By default, the latest Linux distributions have IP Forwarding `disabled`. In the case where we need to up a Linux router/gateway or a VPN server or simply a plain dial-in server, then we need to enable forwarding. Moreover, in order to keep our gateway position and keep correct downstream route table, we should disable `send-redirects`. Do the followings to adjust linux kernel parameters:
+
+For every LAN interfaces you want to proxy:
+
+```shell
+export lan_ifname=docker0
+
+sudo tee /etc/sysctl.d/60-dae-$lan_ifname.conf << EOF
+net.ipv4.conf.$lan_ifname.forwarding = 1
+net.ipv6.conf.$lan_ifname.forwarding = 1
+net.ipv4.conf.$lan_ifname.send_redirects = 0
+EOF
+sudo sysctl --system
+```
+
+It is also recommended to enable IPv4 forward to avoid weird situations:
+```shell
+echo "net.ipv4.ip_forward = 1" | sudo tee /etc/sysctl.d/60-ip-forward.conf
+sudo sysctl --system
+```
+
+Please modify `docker0` to your LAN interface.
--- a/example.dae
+++ b/example.dae
@ -50,6 +50,10 @@ global {

    # Disable waiting for network before pulling subscriptions.
    disable_waiting_network: false
+
+    # Automatically configure Linux kernel parameters like ip_forward and send_redirects. Check out
+    # https://github.com/daeuniverse/dae/blob/main/docs/getting-started/kernel-parameters.md to see what will dae do.
+    auto_config_kernel_parameter: true
 }

 # Subscriptions defined here will be resolved as nodes and merged as a part of the global node pool.