mirror of
https://github.com/daeuniverse/dae.git
synced 2025-07-05 16:00:24 +07:00
chore: replace ip with dip, port with dport
This commit is contained in:
@ -82,7 +82,7 @@ Please refer to [Quick Start Guide](./docs/getting-started/README.md) to start u
|
|||||||
|
|
||||||
## Known Issues
|
## Known Issues
|
||||||
|
|
||||||
1. If you setup dae and also a shadowsocks server (or any UDP servers) on the same machine in public network, such as a VPS, don't forget to add `sport(your server ports) -> must_direct` rule for your UDP server port. Because states of UDP are hard to maintain, all outgoing UDP packets will potentially be proxied (depends on your routing), including traffic to your client. This is not what we want to see. `must_direct` means all traffic including DNS traffic will be direct.
|
1. If you setup dae and also a shadowsocks server (or any UDP servers) on the same machine in public network, such as a VPS, don't forget to add `l4proto(udp) && sport(your server ports) -> must_direct` rule for your UDP server port. Because states of UDP are hard to maintain, all outgoing UDP packets will potentially be proxied (depends on your routing), including traffic to your client. That is not what we want to see. `must_direct` makes all traffic from this port including DNS traffic direct.
|
||||||
|
|
||||||
## TODO
|
## TODO
|
||||||
|
|
||||||
|
@ -144,7 +144,7 @@ routing {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if rules, err = routing.ApplyRulesOptimizers(r.Rules,
|
if rules, err = routing.ApplyRulesOptimizers(r.Rules,
|
||||||
&routing.RefineFunctionParamKeyOptimizer{},
|
&routing.AliasOptimizer{},
|
||||||
&routing.DatReaderOptimizer{Logger: logrus.StandardLogger()},
|
&routing.DatReaderOptimizer{Logger: logrus.StandardLogger()},
|
||||||
&routing.MergeAndSortRulesOptimizer{},
|
&routing.MergeAndSortRulesOptimizer{},
|
||||||
&routing.DeduplicateParamsOptimizer{},
|
&routing.DeduplicateParamsOptimizer{},
|
||||||
|
@ -37,15 +37,21 @@ func ApplyRulesOptimizers(rules []*config_parser.RoutingRule, optimizers ...Rule
|
|||||||
return rules, err
|
return rules, err
|
||||||
}
|
}
|
||||||
|
|
||||||
type RefineFunctionParamKeyOptimizer struct {
|
type AliasOptimizer struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (o *RefineFunctionParamKeyOptimizer) Optimize(rules []*config_parser.RoutingRule) ([]*config_parser.RoutingRule, error) {
|
func (o *AliasOptimizer) Optimize(rules []*config_parser.RoutingRule) ([]*config_parser.RoutingRule, error) {
|
||||||
for _, rule := range rules {
|
for _, rule := range rules {
|
||||||
for _, function := range rule.AndFunctions {
|
for _, function := range rule.AndFunctions {
|
||||||
|
switch function.Name {
|
||||||
|
case "dport":
|
||||||
|
function.Name = consts.Function_Port
|
||||||
|
case "dip":
|
||||||
|
function.Name = consts.Function_Ip
|
||||||
|
}
|
||||||
for _, param := range function.Params {
|
for _, param := range function.Params {
|
||||||
switch function.Name {
|
switch function.Name {
|
||||||
case "domain":
|
case consts.Function_Domain:
|
||||||
// Rewrite to authoritative key name.
|
// Rewrite to authoritative key name.
|
||||||
switch param.Key {
|
switch param.Key {
|
||||||
case "", "domain":
|
case "", "domain":
|
||||||
@ -92,7 +98,7 @@ func (o *MergeAndSortRulesOptimizer) Optimize(rules []*config_parser.RoutingRule
|
|||||||
// Sort ParamList.
|
// Sort ParamList.
|
||||||
for i := range newRules {
|
for i := range newRules {
|
||||||
for _, function := range newRules[i].AndFunctions {
|
for _, function := range newRules[i].AndFunctions {
|
||||||
if function.Name == "ip" {
|
if function.Name == consts.Function_Ip || function.Name == consts.Function_SourceIp {
|
||||||
// Sort by IPv4, IPv6, vals.
|
// Sort by IPv4, IPv6, vals.
|
||||||
sort.SliceStable(function.Params, func(i, j int) bool {
|
sort.SliceStable(function.Params, func(i, j int) bool {
|
||||||
vi, vj := 4, 4
|
vi, vj := 4, 4
|
||||||
|
@ -272,7 +272,7 @@ func NewControlPlane(
|
|||||||
// Apply rules optimizers.
|
// Apply rules optimizers.
|
||||||
var rules []*config_parser.RoutingRule
|
var rules []*config_parser.RoutingRule
|
||||||
if rules, err = routing.ApplyRulesOptimizers(routingA.Rules,
|
if rules, err = routing.ApplyRulesOptimizers(routingA.Rules,
|
||||||
&routing.RefineFunctionParamKeyOptimizer{},
|
&routing.AliasOptimizer{},
|
||||||
&routing.DatReaderOptimizer{Logger: log},
|
&routing.DatReaderOptimizer{Logger: log},
|
||||||
&routing.MergeAndSortRulesOptimizer{},
|
&routing.MergeAndSortRulesOptimizer{},
|
||||||
&routing.DeduplicateParamsOptimizer{},
|
&routing.DeduplicateParamsOptimizer{},
|
||||||
|
@ -21,17 +21,17 @@ domain(geosite:category-ads) -> block
|
|||||||
domain(geosite:cn)->direct
|
domain(geosite:cn)->direct
|
||||||
|
|
||||||
### Dest IP rule
|
### Dest IP rule
|
||||||
ip(8.8.8.8) -> direct
|
dip(8.8.8.8) -> direct
|
||||||
ip(101.97.0.0/16) -> direct
|
dip(101.97.0.0/16) -> direct
|
||||||
ip(geoip:private) -> direct
|
dip(geoip:private) -> direct
|
||||||
|
|
||||||
### Source IP rule
|
### Source IP rule
|
||||||
sip(192.168.0.0/24) -> my_group
|
sip(192.168.0.0/24) -> my_group
|
||||||
sip(192.168.50.0/24) -> direct
|
sip(192.168.50.0/24) -> direct
|
||||||
|
|
||||||
### Dest port rule
|
### Dest port rule
|
||||||
port(80) -> direct
|
dport(80) -> direct
|
||||||
port(10080-30000) -> direct
|
dport(10080-30000) -> direct
|
||||||
|
|
||||||
### Source port rule
|
### Source port rule
|
||||||
sport(38563) -> direct
|
sport(38563) -> direct
|
||||||
@ -54,14 +54,14 @@ pname(curl) -> direct
|
|||||||
### Multiple domains rule
|
### Multiple domains rule
|
||||||
domain(keyword: google, suffix: www.twitter.com, suffix: v2raya.org) -> my_group
|
domain(keyword: google, suffix: www.twitter.com, suffix: v2raya.org) -> my_group
|
||||||
### Multiple IP rule
|
### Multiple IP rule
|
||||||
ip(geoip:cn, geoip:private) -> direct
|
dip(geoip:cn, geoip:private) -> direct
|
||||||
ip(9.9.9.9, 223.5.5.5) -> direct
|
dip(9.9.9.9, 223.5.5.5) -> direct
|
||||||
sip(192.168.0.6, 192.168.0.10, 192.168.0.15) -> direct
|
sip(192.168.0.6, 192.168.0.10, 192.168.0.15) -> direct
|
||||||
|
|
||||||
### 'And' rule
|
### 'And' rule
|
||||||
ip(geoip:cn) && port(80) -> direct
|
dip(geoip:cn) && dport(80) -> direct
|
||||||
ip(8.8.8.8) && l4proto(tcp) && port(1-1023, 8443) -> my_group
|
dip(8.8.8.8) && l4proto(tcp) && dport(1-1023, 8443) -> my_group
|
||||||
ip(1.1.1.1) && sip(10.0.0.1, 172.20.0.0/16) -> direct
|
dip(1.1.1.1) && sip(10.0.0.1, 172.20.0.0/16) -> direct
|
||||||
|
|
||||||
### 'Not' rule
|
### 'Not' rule
|
||||||
!domain(geosite:google-scholar,
|
!domain(geosite:google-scholar,
|
||||||
@ -78,7 +78,7 @@ domain(geosite:geolocation-!cn) &&
|
|||||||
|
|
||||||
### Customized DAT file
|
### Customized DAT file
|
||||||
domain(ext:"yourdatfile.dat:yourtag")->direct
|
domain(ext:"yourdatfile.dat:yourtag")->direct
|
||||||
ip(ext:"yourdatfile.dat:yourtag")->direct
|
dip(ext:"yourdatfile.dat:yourtag")->direct
|
||||||
|
|
||||||
### Mark for direct/must_direct outbound
|
### Mark for direct/must_direct outbound
|
||||||
# Mark is useful when you want to redirect traffic to specific interface (such as wireguard) or other advanced uses.
|
# Mark is useful when you want to redirect traffic to specific interface (such as wireguard) or other advanced uses.
|
||||||
|
@ -127,6 +127,7 @@ routing {
|
|||||||
|
|
||||||
# If you set upstream (in section "global") to a DNS service in localhost (dnsmasq, adguard, etc.), to avoid loops,
|
# If you set upstream (in section "global") to a DNS service in localhost (dnsmasq, adguard, etc.), to avoid loops,
|
||||||
# let them "must_direct", which makes DNS requests not redirect back to dae again.
|
# let them "must_direct", which makes DNS requests not redirect back to dae again.
|
||||||
|
# "pname" means process name.
|
||||||
#pname(dnsmasq) -> must_direct
|
#pname(dnsmasq) -> must_direct
|
||||||
|
|
||||||
# Network managers in localhost should be direct to avoid false negative network connectivity check when binding to
|
# Network managers in localhost should be direct to avoid false negative network connectivity check when binding to
|
||||||
@ -135,15 +136,16 @@ routing {
|
|||||||
|
|
||||||
# Put it in the front to prevent broadcast, multicast and other packets that should be sent to the LAN from being
|
# Put it in the front to prevent broadcast, multicast and other packets that should be sent to the LAN from being
|
||||||
# forwarded by the proxy.
|
# forwarded by the proxy.
|
||||||
ip(224.0.0.0/3, 'ff00::/8') -> direct
|
# "dip" means destination IP.
|
||||||
|
dip(224.0.0.0/3, 'ff00::/8') -> direct
|
||||||
|
|
||||||
# This line allows you to access private addresses directly instead of via your proxy. If you really want to access
|
# This line allows you to access private addresses directly instead of via your proxy. If you really want to access
|
||||||
# private addresses in your proxy host network, modify the below line.
|
# private addresses in your proxy host network, modify the below line.
|
||||||
ip(geoip:private) -> direct
|
dip(geoip:private) -> direct
|
||||||
|
|
||||||
### Write your rules below.
|
### Write your rules below.
|
||||||
|
|
||||||
ip(geoip:cn) -> direct
|
dip(geoip:cn) -> direct
|
||||||
domain(geosite:cn) -> direct
|
domain(geosite:cn) -> direct
|
||||||
|
|
||||||
fallback: my_group
|
fallback: my_group
|
||||||
|
Reference in New Issue
Block a user