feat: add dial_mode domain++

This commit is contained in:
mzz2017 2023-03-14 18:22:00 +08:00
parent c28aea0589
commit 86547c6522
7 changed files with 33 additions and 24 deletions

View File

@ -13,11 +13,12 @@ const (
DialMode_Ip DialMode = "ip"
DialMode_Domain DialMode = "domain"
DialMode_DomainPlus DialMode = "domain+"
DialMode_DomainCao DialMode = "domain++"
)
func ParseDialMode(mode string) (DialMode, error) {
switch mode {
case "ip", "domain", "domain+":
case "ip", "domain", "domain+", "domain++":
return DialMode(mode), nil
default:
return "", fmt.Errorf("unsupported dial mode: %v", mode)

View File

@ -17,18 +17,14 @@ type Global struct {
LogLevel string `mapstructure:"log_level" default:"info"`
// We use DirectTcpCheckUrl to check (tcp)*(ipv4/ipv6) connectivity for direct.
//DirectTcpCheckUrl string `mapstructure:"direct_tcp_check_url" default:"http://www.qualcomm.cn/generate_204"`
TcpCheckUrl string `mapstructure:"tcp_check_url" default:"http://keep-alv.google.com/generate_204"`
UdpCheckDns string `mapstructure:"udp_check_dns" default:"dns.google:53"`
CheckInterval time.Duration `mapstructure:"check_interval" default:"30s"`
CheckTolerance time.Duration `mapstructure:"check_tolerance" default:"0"`
// Deprecated:
DnsUpstream string `mapstructure:"dns_upstream" default:"<empty>"`
LanInterface []string `mapstructure:"lan_interface"`
// Deprecated:
LanNatDirect bool `mapstructure:"lan_nat_direct" default:"false"`
WanInterface []string `mapstructure:"wan_interface"`
AllowInsecure bool `mapstructure:"allow_insecure" default:"false"`
DialMode string `mapstructure:"dial_mode" default:"domain"`
TcpCheckUrl string `mapstructure:"tcp_check_url" default:"http://keep-alv.google.com/generate_204"`
UdpCheckDns string `mapstructure:"udp_check_dns" default:"dns.google:53"`
CheckInterval time.Duration `mapstructure:"check_interval" default:"30s"`
CheckTolerance time.Duration `mapstructure:"check_tolerance" default:"0"`
LanInterface []string `mapstructure:"lan_interface"`
WanInterface []string `mapstructure:"wan_interface"`
AllowInsecure bool `mapstructure:"allow_insecure" default:"false"`
DialMode string `mapstructure:"dial_mode" default:"domain"`
}
type FunctionOrString interface{}

View File

@ -42,13 +42,13 @@ var GlobalDesc = Desc{
"check_interval": "Interval of connectivity check for TCP and UDP",
"check_tolerance": "Group will switch node only when new_latency <= old_latency - tolerance.",
"lan_interface": "The LAN interface to bind. Use it if you only want to proxy LAN instead of localhost.",
"lan_nat_direct": "[Deprecated] SNAT for incoming connection to avoid redirects.\nAlways set it true if you are NOT using dae as a transparent bridge, but will reduce forwarding performance for direct traffic in LAN mode.\nThis option does not affect direct traffic performance of WAN.",
"wan_interface": "The WAN interface to bind. Use it if you want to proxy localhost.",
"allow_insecure": "Allow insecure TLS certificates. It is not recommended to turn it on unless you have to.",
"dial_mode": `Optional values of dial_mode are:
1. "ip". Dial proxy using the IP from DNS directly. This allows your ipv4, ipv6 to choose the optimal path respectively, and makes the IP version requested by the application meet expectations. For example, if you use curl -4 ip.sb, you will request IPv4 via proxy and get a IPv4 echo. And curl -6 ip.sb will request IPv6. This may solve some wierd full-cone problem if your are be your node support that.
2. "domain". Dial proxy using the domain from sniffing. This will relieve DNS pollution problem to a great extent if have impure DNS environment. Generally, this mode brings faster proxy response time because proxy will re-resolve the domain in remote, thus get better IP result to connect. This policy does not impact routing. That is to say, domain rewrite will be after traffic split of routing and dae will not re-route it.
3. "domain+". Based on domain mode but do not check the reality of sniffed domain. It is useful for users whose DNS requests do not go through dae but want faster proxy response time. Notice that, if DNS requests do not go through dae, dae cannot split traffic by domain`,
3. "domain+". Based on domain mode but do not check the reality of sniffed domain. It is useful for users whose DNS requests do not go through dae but want faster proxy response time. Notice that, if DNS requests do not go through dae, dae cannot split traffic by domain.
4. "domain++". Based on domain+ mode but force to re-route traffic using sniffed domain to partially recover domain based traffic split ability. It doesn't work for direct traffic and consumes more CPU resources.`,
}
var DnsDesc = Desc{

View File

@ -11,9 +11,6 @@ import (
"github.com/bits-and-blooms/bloom/v3"
"github.com/cilium/ebpf"
"github.com/cilium/ebpf/rlimit"
"github.com/mzz2017/softwind/pool"
"github.com/mzz2017/softwind/protocol/direct"
"github.com/sirupsen/logrus"
"github.com/daeuniverse/dae/common"
"github.com/daeuniverse/dae/common/consts"
"github.com/daeuniverse/dae/common/netutils"
@ -24,6 +21,9 @@ import (
"github.com/daeuniverse/dae/config"
"github.com/daeuniverse/dae/pkg/config_parser"
internal "github.com/daeuniverse/dae/pkg/ebpf_internal"
"github.com/mzz2017/softwind/pool"
"github.com/mzz2017/softwind/protocol/direct"
"github.com/sirupsen/logrus"
"golang.org/x/net/dns/dnsmessage"
"golang.org/x/sys/unix"
"net"
@ -51,7 +51,7 @@ type ControlPlane struct {
dnsController *DnsController
onceNetworkReady sync.Once
dialMode consts.DialMode
dialMode consts.DialMode
routingMatcher *RoutingMatcher
@ -487,6 +487,8 @@ func (c *ControlPlane) ChooseDialTarget(outbound consts.OutboundIndex, dst netip
}
}
case consts.DialMode_DomainCao:
fallthrough
case consts.DialMode_DomainPlus:
dialMode = consts.DialMode_Domain
}

View File

@ -7,13 +7,13 @@ package control
import (
"fmt"
"github.com/mzz2017/softwind/netproxy"
"github.com/mzz2017/softwind/pkg/zeroalloc/io"
"github.com/sirupsen/logrus"
"github.com/daeuniverse/dae/common"
"github.com/daeuniverse/dae/common/consts"
"github.com/daeuniverse/dae/component/outbound/dialer"
"github.com/daeuniverse/dae/component/sniffing"
"github.com/mzz2017/softwind/netproxy"
"github.com/mzz2017/softwind/pkg/zeroalloc/io"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
"net"
"net/netip"
@ -62,7 +62,11 @@ func (c *ControlPlane) handleConn(lConn net.Conn) (err error) {
src = common.ConvergeAddrPort(src)
dst = common.ConvergeAddrPort(dst)
// Get outbound.
var outboundIndex = consts.OutboundIndex(routingResult.Outbound)
if c.dialMode == consts.DialMode_DomainCao && domain != "" {
outboundIndex = consts.OutboundControlPlaneRouting
}
switch outboundIndex {
case consts.OutboundDirect:

View File

@ -9,13 +9,13 @@ import (
"encoding/binary"
"errors"
"fmt"
"github.com/mzz2017/softwind/pkg/zeroalloc/buffer"
"github.com/sirupsen/logrus"
"github.com/daeuniverse/dae/common"
"github.com/daeuniverse/dae/common/consts"
"github.com/daeuniverse/dae/component/outbound/dialer"
"github.com/daeuniverse/dae/component/sniffing"
internal "github.com/daeuniverse/dae/pkg/ebpf_internal"
"github.com/mzz2017/softwind/pkg/zeroalloc/buffer"
"github.com/sirupsen/logrus"
"golang.org/x/net/dns/dnsmessage"
"net"
"net/netip"
@ -139,6 +139,10 @@ func (c *ControlPlane) handlePkt(lConn *net.UDPConn, data []byte, src, pktDst, r
// Get outbound.
outboundIndex := consts.OutboundIndex(routingResult.Outbound)
if c.dialMode == consts.DialMode_DomainCao && domain != "" {
outboundIndex = consts.OutboundControlPlaneRouting
}
switch outboundIndex {
case consts.OutboundDirect:
case consts.OutboundMustDirect:

View File

@ -44,6 +44,8 @@ global {
# 3. "domain+". Based on domain mode but do not check the reality of sniffed domain. It is useful for users whose
# DNS requests do not go through dae but want faster proxy response time. Notice that, if DNS requests do not
# go through dae, dae cannot split traffic by domain.
# 4. "domain++". Based on domain+ mode but force to re-route traffic using sniffed domain to partially recover
# domain based traffic split ability. It doesn't work for direct traffic and consumes more CPU resources.
dial_mode: domain
}