diff --git a/README.md b/README.md index 5e7347e..37aad63 100644 --- a/README.md +++ b/README.md @@ -26,10 +26,11 @@ As a successor of [v2rayA](https://github.com/v2rayA/v2rayA), dae abandoned v2ra - [x] Support to automatically switch nodes according to policy. That is to say, support to automatically test independent TCP/UDP/IPv4/IPv6 latencies, and then use the best nodes for corresponding traffic according to user-defined policy. - [x] Support advanced DNS resolution process. - [x] Support full-cone NAT for shadowsocks, trojan(-go) and socks5 (no test). +- [x] Support various trending proxy protocols, seen in [proxy-protocols.md](./docs/en/proxy-protocols.md). ## Getting Started -Please refer to [Quick Start Guide](./docs/getting-started) to start using `dae` right away! +Please refer to [Quick Start Guide](./docs/en/README.md) to start using `dae` right away! Documentation: @@ -40,7 +41,7 @@ Documentation: ## How it works -See [How it works](docs/how_it_works_zh.md). +See [How it works](./docs/en/how-it-works.md). ## TODO @@ -53,7 +54,7 @@ See [How it works](docs/how_it_works_zh.md). ## Contributors -Special thanks goes to all [contributors](https://github.com/daeuniverse/dae/graphs/contributors). If you would like to contribute, please see the [instructions](./CONTRIBUTING.md). Also, it is recommended following the [commit-msg-guide](./docs/commit-msg-guide.md). +Special thanks goes to all [contributors](https://github.com/daeuniverse/dae/graphs/contributors). If you would like to contribute, please see the [instructions](./docs/en/development/contribute.md). Also, it is recommended following the [commit-msg-guide](./docs/en/development/commit-msg-guide.md). ## License diff --git a/docs/getting-started/README.md b/docs/en/README.md similarity index 86% rename from docs/getting-started/README.md rename to docs/en/README.md index dabfbe5..8e67a8f 100644 --- a/docs/getting-started/README.md +++ b/docs/en/README.md @@ -1,6 +1,6 @@ # Quick Start Guide -[**简体中文**](README_zh.md) | [**English**](README.md) +[**简体中文**](../zh/README.md) | [**English**](README.md) ## Linux Kernel Requirement @@ -9,7 +9,7 @@ Use `uname -r` to check the kernel version on your machine. > **Note** -> If you find your kernel version is `< 5.8`, follow the [**Upgrade Guide**](./kernel-upgrade.md) to upgrade the kernel to the minimum required version. +> If you find your kernel version is `< 5.8`, follow the [**Upgrade Guide**](user-guide/kernel-upgrade.md) to upgrade the kernel to the minimum required version. `Bind to LAN: >= 5.8` @@ -64,7 +64,7 @@ Check them using command like: (zcat /proc/config.gz || cat /boot/{config,config-$(uname -r)}) | grep -E 'CONFIG_(DEBUG_INFO|DEBUG_INFO_BTF|KPROBES|KPROBE_EVENTS|BPF|BPF_SYSCALL|BPF_JIT|BPF_STREAM_PARSER|NET_CLS_ACT|NET_SCH_INGRESS|NET_INGRESS|NET_EGRESS|NET_CLS_BPF|BPF_EVENTS|CGROUPS)=|# CONFIG_DEBUG_INFO_REDUCED is not set' ``` -> **Note**: `Armbian` users can follow the [**Upgrade Guide**](./kernel-upgrade.md) to upgrade the kernel to meet the kernel configuration requirement. +> **Note**: `Armbian` users can follow the [**Upgrade Guide**](user-guide/kernel-upgrade.md) to upgrade the kernel to meet the kernel configuration requirement. ## Installation @@ -104,7 +104,7 @@ emerge -a net-proxy/dae ### macOS -We provide a hacky way to run dae on your macOS. See [run on macOS](run-on-macos.md). +We provide a hacky way to run dae on your macOS. See [run on macOS](tutorials/run-on-macos.md). ### Docker @@ -121,7 +121,7 @@ docker compose up -d --build > **Note**: This approach is **ONLY** recommended for `advanced` users. With this approach, users may have flexibility to test various versions of dae. Noted that newly introduced features are sometimes buggy, do it at your own risk. -dae can run as a daemon (systemd) service. See [run-as-daemon](run-as-daemon.md) +dae can run as a daemon (systemd) service. See [run-as-daemon](user-guide/run-as-daemon.md) ### Installation Script @@ -129,7 +129,7 @@ See [daeuniverse/dae-installer](https://github.com/daeuniverse/dae-installer) (o ### Build from scratch -See [Build Guide](build-by-yourself.md). +See [Build Guide](user-guide/build-by-yourself.md). ## Minimal Configuration @@ -157,7 +157,7 @@ subscription { # Fill in your subscription links here. } -# See https://github.com/daeuniverse/dae/blob/main/docs/dns.md for full examples. +# See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/dns.md for full examples. dns { upstream { googledns: 'tcp+udp://dns.google.com:53' @@ -182,7 +182,7 @@ group { } } -# See https://github.com/daeuniverse/dae/blob/main/docs/routing.md for full examples. +# See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples. routing { pname(NetworkManager) -> direct dip(224.0.0.0/3, 'ff00::/8') -> direct @@ -205,7 +205,7 @@ If you use PVE, refer to [#37](https://github.com/daeuniverse/dae/discussions/37 When the configuration changes, it is convenient to use command to hot reload the configuration, and the existing connection will not be interrupted in the process. When you want to suspend dae, you can use command to pause. -See [Reload and suspend](reload-and-suspend.md). +See [Reload and suspend](user-guide/reload-and-suspend.md). ## Troubleshooting diff --git a/docs/dns.md b/docs/en/configuration/dns.md similarity index 98% rename from docs/dns.md rename to docs/en/configuration/dns.md index e90ea15..356a130 100644 --- a/docs/dns.md +++ b/docs/en/configuration/dns.md @@ -29,7 +29,7 @@ dns { googledns: 'tcp+udp://dns.google.com:53' } # The routing format of 'request' and 'response' is similar with section 'routing'. - # See https://github.com/daeuniverse/dae/blob/main/docs/routing.md + # See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md routing { # According to the request of dns query, decide to use which DNS upstream. # Match rules from top to bottom. diff --git a/docs/getting-started/external-dns.md b/docs/en/configuration/external-dns.md similarity index 100% rename from docs/getting-started/external-dns.md rename to docs/en/configuration/external-dns.md diff --git a/docs/routing.md b/docs/en/configuration/routing.md similarity index 100% rename from docs/routing.md rename to docs/en/configuration/routing.md diff --git a/docs/commit-msg-guide.md b/docs/en/development/commit-msg-guide.md similarity index 100% rename from docs/commit-msg-guide.md rename to docs/en/development/commit-msg-guide.md diff --git a/CONTRIBUTING.md b/docs/en/development/contribute.md similarity index 72% rename from CONTRIBUTING.md rename to docs/en/development/contribute.md index 5e461f8..7454037 100644 --- a/CONTRIBUTING.md +++ b/docs/en/development/contribute.md @@ -1,12 +1,12 @@ # Contribute -If you want to contribute to a project and make it better, your help is very welcome. Contributing is also a great way to learn more about social coding on Github, new technologies and and their ecosystems and how to make constructive, helpful bug reports, feature requests and the noblest of all contributions: a good, clean pull request. +If you want to contribute to a project and make it better, your help is very welcome. Contributing is also a great way to learn more about social coding on GitHub, new technologies and their ecosystems and how to make constructive, helpful bug reports, feature requests and the noblest of all contributions: a good, clean pull request. -### Bug Reports and Feature Requests +## Bug Reports and Feature Requests If you have found a `bug` or have a `feature request`, please use the search first in case a similar issue already exists. If not, please create an [issue](https://github.com/daeuniverse/dae/issues/new) in this repository -### Code +## Code If you would like to fix a bug or implement a feature, please `fork` the repository and `create a Pull Request`. @@ -14,9 +14,9 @@ Before you start any Pull Request, `it is recommended that you create an issue` `Pull Requests` can only be merged once all status checks are green. -### Pre-commit Hook +## Pre-commit Hook -This repo uses [pre-commit hook](https://github.com/pre-commit/pre-commit-hooks) to apply linting check prior to writing commit to local git history. To set up pre-commit, do the followings: +This repo uses [pre-commit hook](https://github.com/pre-commit/pre-commit-hooks) to apply linting check prior to writing commit to local Git history. To set up pre-commit, do the followings: ```bash # install pre-commit @@ -25,10 +25,10 @@ pip3 install pre-commit pre-commit install ``` -### How to make a clean pull request +## How to make a clean pull request -- Create a `personal fork` of the project on Github. -- Clone the fork on your local machine. Your remote repo on Github is called `origin`. +- Create a `personal fork` of the project on GitHub. +- Clone the fork on your local machine. Your remote repo on GitHub is called `origin`. - Add the original repository as a remote called `upstream`. - If you created your fork a while ago be sure to pull upstream changes into your local repository. - Create a new branch to work on! Branch from `develop` if it exists, else from `master`. @@ -37,14 +37,14 @@ pre-commit install - If the project has tests run them! - Write or adapt tests as needed. - Add or change the documentation as needed. -- Squash your commits into a single commit with git's [interactive rebase](https://help.github.com/articles/interactive-rebase). Create a new branch if necessary. -- Push your branch to your fork on Github, the remote `origin`. +- Squash your commits into a single commit with Git's [interactive rebase](https://help.github.com/articles/interactive-rebase). Create a new branch if necessary. +- Push your branch to your fork on GitHub, the remote `origin`. - From your fork open a pull request in the correct branch. Target the project's `develop` branch if there is one, else go for `master`! - Once the pull request is approved and merged you can pull the changes from `upstream` to your local repo and delete your extra branch(es). And last but not least: Always write your commit messages in the present tense. Your commit message should describe what the commit, when applied, does to the code – not what you did to the code. -### Re-requesting a review +## Re-requesting a review -Please do not ping your reviewer(s) by mentioning them in a new comment. Instead, use the re-request review functionality. Read more about this in the [ GitHub docs, Re-requesting a review ](https://docs.github.com/en/free-pro-team@latest/github/collaborating-with-issues-and-pull-requests/incorporating-feedback-in-your-pull-request#re-requesting-a-review). +Please do not ping your reviewer(s) by mentioning them in a new comment. Instead, use the re-request review functionality. Read more about this in the [GitHub docs, Re-requesting a review](https://docs.github.com/en/free-pro-team@latest/github/collaborating-with-issues-and-pull-requests/incorporating-feedback-in-your-pull-request#re-requesting-a-review). diff --git a/docs/en/how-it-works.md b/docs/en/how-it-works.md new file mode 100644 index 0000000..bee11f7 --- /dev/null +++ b/docs/en/how-it-works.md @@ -0,0 +1,61 @@ +# Working Principle of dae + +[**简体中文**](../zh/how-it-works.md) | [**English**](./how-it-works.md) + +dae operates by loading a program into the tc (traffic control) mount point in the Linux kernel using [eBPF](https://en.wikipedia.org/wiki/EBPF). This program performs traffic splitting before the traffic enters the TCP/IP network stack. The position of tc in the Linux network protocol stack is shown in the diagram below (the diagram illustrates the receiving path, while the sending path is in the opposite direction), where netfilter represents the location of iptables/nftables. + +![](../netstack-path.webp) + +## Traffic Splitting Principle + +### Splitting Information + +dae supports traffic splitting based on domain name, source IP, destination IP, source port, destination port, TCP/UDP, IPv4/IPv6, process name, MAC address, and other factors. + +Among them, source IP, destination IP, source port, destination port, TCP/UDP, IPv4/IPv6, and MAC address can be obtained by parsing MACv2 frames. + +The **process name** is obtained by listening to local process socket, connect, and sendmsg system calls in the cgroupv2 mount point and reading and parsing the command line from the process control block. This method is much faster than user-space programs like Clash that scan the entire procfs to obtain process information (the latter may take even tens of milliseconds). + +The **domain name** is obtained by intercepting DNS requests and associating the requested domain name with the corresponding IP address. Although this method has some issues: + +1. It may lead to misjudgment. For example, if two websites, one domestic and one foreign, share the same IP address and are accessed simultaneously within a short period of time, or if the browser has DNS caching. +2. The user's DNS requests must go through dae. For example, setting dae as the DNS server or using public DNS while dae is acting as the gateway. + +However, compared to other solutions, this approach is already an optimal solution. For example, the Fake IP approach cannot perform IP-based splitting and suffers from severe cache pollution issues, while the domain sniffing approach can only sniff traffic such as TLS/HTTP. In fact, using SNI sniffing for traffic splitting is indeed a better choice, but due to eBPF's limitations on program complexity and its lack of friendly support for loops, we cannot implement domain sniffing in the kernel space. + +Therefore, when DNS requests cannot go through dae, domain-based splitting will fail. + +> To reduce DNS pollution and achieve better CDN connection speed, dae implements domain sniffing in user space. When `dial_mode` is set to "domain" or its variants and the traffic needs to be proxied, dae sends the sniffed domain to the proxy server instead of sending the IP address. This way, the proxy server will re-resolve the domain and connect using the optimal IP, thereby solving the problem of DNS pollution and achieving better CDN connection speed. +> +> At the same time, for advanced users who have already used other splitting solutions and do not want to route DNS requests through dae but still want the part of the traffic to be split based on domain (e.g., splitting some traffic to Netflix nodes and some to download nodes based on the target domain, of course, some can be directly connected via the core), they can force the use of sniffed domain for splitting by setting `dial_mode: domain++`. + +dae performs traffic splitting by redirecting the traffic using the program in the tc mount point. The redirection is based on the splitting result, either redirecting the traffic to dae's tproxy port or allowing it to bypass dae and go directly. + +### Proxy Principle + +The proxy principle of dae is similar to other programs. The difference is that when binding to the LAN interface, dae uses eBPF to directly associate the socket buffer of the traffic to be proxied in the tc mount point with the socket of dae's tproxy listening port. When binding to the WAN interface, dae moves the socket buffer of the traffic to be proxied from the egress queue of the network card to the ingress queue, disables its checksum, and modifies the destination address to the tproxy listening port. + +In terms of benchmarking, dae's proxy performance is slightly better than other proxy programs, but not by much. + +### Direct Connection Principle + +Traditionally, in order to perform traffic splitting, the traffic needs to go through a proxy program, go through the splitting module, and then decide whether to go through a proxy or be directly connected. This involves parsing, processing, and copying the traffic through the network stack, passing it to the proxy program, and then copying, processing, and encapsulating it through the network stack before sending it out, which consumes a significant amount of resources. Especially for scenarios like BitTorrent downloads, even if direct connection is set, it still consumes a large number of connections, ports, memory, and CPU resources. It can even affect NAT type in gaming scenarios due to improper handling by the proxy program, resulting in connection errors. + +dae performs traffic splitting at an earlier stage in the kernel, and directly connected traffic is forwarded through layer 3 routing, saving a significant amount of overhead from transitioning between kernel and user space. At this stage, Linux behaves like a pure switch or router. + +> To make direct connection effective, for users with advanced topologies, please ensure that after configuring the [kernel parameters](user-guide/kernel-parameters.md) and **disabling** dae, other devices can access the network normally when the device where dae is located is set as the gateway. For example, accessing 223.5.5.5 should receive a "UrlPathError" response, and when performing tcpdump on the device where dae is located, you should be able to see the request packets from client devices. + +Therefore, for directly connected traffic, dae does not perform SNAT. For users with a "side-router" setup, this will result in asymmetric routing, where traffic from client devices is sent through dae to the gateway when being sent out, but is directly sent from the gateway to the client devices when being received, bypassing dae. + +> Here, "side-router" is defined as: 1) acting as the gateway, 2) performing SNAT on TCP/UDP, and 3) having the LAN interface and WAN interface in the same network segment. +> +> For example, if the laptop is at 192.168.0.3, the side-router is at 192.168.0.2, and the router is at 192.168.0.1, the logical three-layer topology would be: laptop -> side-router -> router. On the router side, only TCP/UDP traffic with a source IP of 192.168.0.2 can be seen, and there will be no TCP/UDP traffic with a source IP of 192.168.0.3. +> +> As far as we know, we are the first to define "side-router" like this (laughs). + +Asymmetric routing brings one advantage and one potential issue: + +1. It can improve performance. Since the return traffic does not pass through dae, the direct connection performance becomes as fast as without a side-router, as the path is reduced. +2. It may cause the failure of stateful firewall's state maintenance and result in packet loss (e.g., Sophos Firewall). However, this issue generally does not occur in home networks + +From a benchmark perspective, the direct connectivity performance of dae is like a beast compared to other proxy. diff --git a/docs/en/proxy-protocols.md b/docs/en/proxy-protocols.md new file mode 100644 index 0000000..0ee261a --- /dev/null +++ b/docs/en/proxy-protocols.md @@ -0,0 +1,48 @@ +# Proxy Protocols + +> **Note**: dae currently supports the following proxy protocols + +- [x] HTTP(S), naiveproxy +- [x] Socks + - [x] Socks4 + - [x] Socks4a + - [x] Socks5 +- [x] VMess(AEAD, alterID=0) / VLESS + - [x] TCP + - [x] WS + - [x] TLS + - [x] gRPC +- [x] Shadowsocks + - [x] AEAD Ciphers + - [x] Stream Ciphers + - [x] simple-obfs + - [ ] v2ray-plugin +- [x] ShadowsocksR +- [x] Trojan + - [x] Trojan-gfw + - [x] Trojan-go +- [x] Tuic (v5) + +For other requirements, one way to expand protocol support is by using external proxy programs. Below is an example of using the external naiveproxy. + +Although dae and other proxy programs support the HTTPS protocol, using them does not utilize the chromium networking stack, which weakens the camouflage effect of naiveproxy. Therefore, using an external naiveproxy program is recommended. + +1. Start naiveproxy: + + Since the socks implementation of naiveproxy may have some issues and cannot be used by curl and dae, the example uses naiveproxy to open an HTTP listening port. Note that HTTP proxy does not support proxying UDP traffic, so if you are using an external proxy program, it is advisable to prioritize using the socks5 port. + + ```bash + naiveproxy --listen=http://127.0.0.1:1090 --proxy=https://yourlink + ``` + +2. In the section of dae's configuration related to nodes, add the following line: `http://127.0.0.1:1090`, and remember to use this node in the group you are using. + +3. If you have bound the WAN interface, meaning you have filled in the `global.wan_interface` field, make sure to add the following line near the top in the routing section to prevent traffic from flowing back to dae after passing through naiveproxy, causing a loop: + + ```shell + pname(naiveproxy) -> must_direct + ``` + + Here, `pname` refers to the process name. You can determine the process name of naiveproxy by examining the command used to start it, running the `ps -ef` command at runtime, or observing the dae logs. The meaning of `must_direct` is to allow all traffic, including DNS queries, to pass through directly without redirecting to dae. + + Users who only bind the LAN interface do not need to perform this step. diff --git a/docs/getting-started/troubleshooting.md b/docs/en/troubleshooting.md similarity index 96% rename from docs/getting-started/troubleshooting.md rename to docs/en/troubleshooting.md index a8f1594..60a1d1b 100644 --- a/docs/getting-started/troubleshooting.md +++ b/docs/en/troubleshooting.md @@ -8,7 +8,7 @@ invalid argument: unknown func bpf_trace_printk Solution: -Compile dae with CFLAG `-D__REMOVE_BPF_PRINTK`. See [build-by-yourself](build-by-yourself.md). +Compile dae with CFLAG `-D__REMOVE_BPF_PRINTK`. See [build-by-yourself](user-guide/build-by-yourself.md). ## No network after `dae suspend` @@ -24,7 +24,7 @@ Because dae will not hijack any DNS request if it was suspended. ### Troubleshoot local DNS service -If you use `adguardhome`, `mosdns` in `dns` section, refer to [external-dns](external-dns.md). +If you use `adguardhome`, `mosdns` in `dns` section, refer to [external-dns](configuration/external-dns.md). ### Troubleshoot firewall diff --git a/docs/getting-started/run-on-macos.md b/docs/en/tutorials/run-on-macos.md similarity index 97% rename from docs/getting-started/run-on-macos.md rename to docs/en/tutorials/run-on-macos.md index 5038f80..828928a 100644 --- a/docs/getting-started/run-on-macos.md +++ b/docs/en/tutorials/run-on-macos.md @@ -115,7 +115,7 @@ subscription { # Fill in your subscription links here. } -# See https://github.com/daeuniverse/dae/blob/main/docs/dns.md for full examples. +# See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/dns.md for full examples. dns { upstream { googledns: 'tcp+udp://dns.google.com:53' @@ -140,7 +140,7 @@ group { } } -# See https://github.com/daeuniverse/dae/blob/main/docs/routing.md for full examples. +# See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples. routing { pname(NetworkManager) -> direct dip(224.0.0.0/3, 'ff00::/8') -> direct diff --git a/docs/getting-started/build-by-yourself.md b/docs/en/user-guide/build-by-yourself.md similarity index 100% rename from docs/getting-started/build-by-yourself.md rename to docs/en/user-guide/build-by-yourself.md diff --git a/docs/getting-started/kernel-parameters.md b/docs/en/user-guide/kernel-parameters.md similarity index 100% rename from docs/getting-started/kernel-parameters.md rename to docs/en/user-guide/kernel-parameters.md diff --git a/docs/getting-started/kernel-upgrade.md b/docs/en/user-guide/kernel-upgrade.md similarity index 100% rename from docs/getting-started/kernel-upgrade.md rename to docs/en/user-guide/kernel-upgrade.md diff --git a/docs/getting-started/reload-and-suspend.md b/docs/en/user-guide/reload-and-suspend.md similarity index 100% rename from docs/getting-started/reload-and-suspend.md rename to docs/en/user-guide/reload-and-suspend.md diff --git a/docs/getting-started/run-as-daemon.md b/docs/en/user-guide/run-as-daemon.md similarity index 100% rename from docs/getting-started/run-as-daemon.md rename to docs/en/user-guide/run-as-daemon.md diff --git a/docs/getting-started/README_zh.md b/docs/zh/README.md similarity index 92% rename from docs/getting-started/README_zh.md rename to docs/zh/README.md index 31b37a7..47c9f2d 100644 --- a/docs/getting-started/README_zh.md +++ b/docs/zh/README.md @@ -7,7 +7,7 @@ 使用 `uname -r` 来查看内核版本。 > **注意** -> 如果你的内核版本低于 `5.8`,可以参考 [**Upgrade Guide**](./kernel-upgrade.md) 升级你的内核。 +> 如果你的内核版本低于 `5.8`,可以参考 [**Upgrade Guide**](../en/user-guide/kernel-upgrade.md) 升级你的内核。 `绑定到 LAN 接口: >= 5.8` @@ -60,7 +60,7 @@ CONFIG_BPF_EVENTS=y (zcat /proc/config.gz || cat /boot/{config,config-$(uname -r)}) | grep -E 'CONFIG_(DEBUG_INFO|DEBUG_INFO_BTF|KPROBES|KPROBE_EVENTS|BPF|BPF_SYSCALL|BPF_JIT|BPF_STREAM_PARSER|NET_CLS_ACT|NET_SCH_INGRESS|NET_INGRESS|NET_EGRESS|NET_CLS_BPF|BPF_EVENTS|CGROUPS)=|# CONFIG_DEBUG_INFO_REDUCED is not set' ``` -> **注意**: `Armbian` 用户可以参考 [**Upgrade Guide**](./kernel-upgrade.md) 升级到支持的内核。 +> **注意**: `Armbian` 用户可以参考 [**Upgrade Guide**](../en/user-guide/kernel-upgrade.md) 升级到支持的内核。 ## 安装 @@ -98,7 +98,7 @@ emerge -a net-proxy/dae ### macOS -我们提供了一种比较 hacky 的方式在 macOS 上运行 dae,见 [run on macOS](run-on-macos.md)。 +我们提供了一种比较 hacky 的方式在 macOS 上运行 dae,见 [run on macOS](../en/tutorials/run-on-macos.md)。 ### Docker @@ -115,7 +115,7 @@ docker compose up -d --build > **Note**: 这种方法仅建议高级用户使用。采用这种方法,用户可以灵活地测试各个版本的 dae。请注意,新引入的功能有时可能存在 bug,因此请自行承担风险。 -dae 可以以守护进程(systemd)的形式运行,见 [run as daemon](run-as-daemon.md)。 +dae 可以以守护进程(systemd)的形式运行,见 [run as daemon](../en/user-guide/run-as-daemon.md)。 ### 安装脚本 @@ -123,7 +123,7 @@ dae 可以以守护进程(systemd)的形式运行,见 [run as daemon](run- ### 手动构建 -见 [Build Guide](build-by-yourself.md)。 +见 [Build Guide](../en/user-guide/build-by-yourself.md)。 ## 最小 dae 配置 @@ -151,7 +151,7 @@ subscription { # 在下面填入你的订阅链接。 } -# 更多的 DNS 样例见 https://github.com/daeuniverse/dae/blob/main/docs/dns.md +# 更多的 DNS 样例见 https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/dns.md dns { upstream { googledns: 'tcp+udp://dns.google.com:53' @@ -176,7 +176,7 @@ group { } } -# 更多的 Routing 样例见 https://github.com/daeuniverse/dae/blob/main/docs/routing.md +# 更多的 Routing 样例见 https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md routing { pname(NetworkManager, systemd-resolved, dnsmasq) -> must_direct dip(224.0.0.0/3, 'ff00::/8') -> direct @@ -216,11 +216,11 @@ dns { 当配置变化时,可以方便使用命令进行配置的热重载,在该过程中不会中断已有连接。当想暂停代理时,可使用命令进行暂停。 -详见 [Reload and suspend](reload-and-suspend.md)。 +详见 [Reload and suspend](../en/user-guide/reload-and-suspend.md)。 ## 错误排查 -详见 [Troubleshooting](troubleshooting.md)。 +详见 [Troubleshooting](../en/troubleshooting.md)。 ## 大鹅宇宙 diff --git a/docs/how_it_works_zh.md b/docs/zh/how-it-works.md similarity index 93% rename from docs/how_it_works_zh.md rename to docs/zh/how-it-works.md index b78f71e..5363888 100644 --- a/docs/how_it_works_zh.md +++ b/docs/zh/how-it-works.md @@ -2,7 +2,7 @@ dae 通过 [eBPF](https://en.wikipedia.org/wiki/EBPF) 在 Linux 内核的 tc (traffic control) 挂载点加载一个程序,通过该程序在流量进入 TCP/IP 网络栈之前进行流量分流。tc 在 Linux 网络协议栈中的位置见下图所示(图为收包路径,发包路径方向相反),其中 netfilter 是 iptables/nftables 的位置。 -![](netstack-path.webp) +![](../netstack-path.webp) ## 分流原理 @@ -41,7 +41,7 @@ dae 的代理原理和其他程序近似。区别是在绑定 LAN 接口时,da dae 在内核的较早路径上就对流量进行了分流,直连流量将直接进行三层路由转发,节省了大量内核态到用户态的切换和拷贝开销,此时 Linux 相当于一个纯粹的交换机或路由器。 -> 为了让直连生效,对于高级拓扑的用户,请确保按 [kernel-parameters](getting-started/kernel-parameters.md) 配置后,在**关闭** dae 的情况下,其他设备将 dae 所在设备设为网关时,网络是畅通的。例如访问 223.5.5.5 能够得到“UrlPathError”的响应,且在 dae 所在设备进行 tcpdump 可以看到客户端设备的请求报文。 +> 为了让直连生效,对于高级拓扑的用户,请确保按 [kernel-parameters](../en/user-guide/kernel-parameters.md) 配置后,在**关闭** dae 的情况下,其他设备将 dae 所在设备设为网关时,网络是畅通的。例如访问 223.5.5.5 能够得到“UrlPathError”的响应,且在 dae 所在设备进行 tcpdump 可以看到客户端设备的请求报文。 因此,对于直连流量,dae 不会进行 SNAT,对于“旁路由”用户,这将形成非对称路由,即客户端设备发包时流量通过 dae 设备发送到网关,收包时由网关直接发给客户端设备,绕过 dae 设备。 diff --git a/docs/getting-started/other-proxy-protocol_zh.md b/docs/zh/proxy-protocols.md similarity index 97% rename from docs/getting-started/other-proxy-protocol_zh.md rename to docs/zh/proxy-protocols.md index ee9c2de..ee19ac9 100644 --- a/docs/getting-started/other-proxy-protocol_zh.md +++ b/docs/zh/proxy-protocols.md @@ -1,6 +1,6 @@ # 其他代理协议 -dae 目前支持的代理协议有: +> **Note**: dae 目前支持以下代理协议 - [x] HTTP(S), naiveproxy - [x] Socks diff --git a/example.dae b/example.dae index 7dbc97f..7767278 100644 --- a/example.dae +++ b/example.dae @@ -31,7 +31,7 @@ global { wan_interface: auto # Automatically configure Linux kernel parameters like ip_forward and send_redirects. Check out - # https://github.com/daeuniverse/dae/blob/main/docs/getting-started/kernel-parameters.md to see what will dae do. + # https://github.com/daeuniverse/dae/blob/main/docs/en/user-guide/kernel-parameters.md to see what will dae do. auto_config_kernel_parameter: true @@ -114,7 +114,7 @@ node { node2: 'vless://LINK' } -# See https://github.com/daeuniverse/dae/blob/main/docs/dns.md for full examples. +# See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/dns.md for full examples. dns { # For example, if ipversion_prefer is 4 and the domain name has both type A and type AAAA records, the dae will only # respond to type A queries and response empty answer to type AAAA queries. @@ -186,7 +186,7 @@ group { } } -# See https://github.com/daeuniverse/dae/blob/main/docs/routing.md for full examples. +# See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples. routing { ### Preset rules. diff --git a/hack/ci/config-doc-generator.py b/hack/ci/config-doc-generator.py index baa41a6..5df1265 100644 --- a/hack/ci/config-doc-generator.py +++ b/hack/ci/config-doc-generator.py @@ -2,15 +2,15 @@ import re def read_config(filename): - with open(filename, 'r') as f: - return ''.join(f.readlines()) + with open(filename, "r") as f: + return "".join(f.readlines()) def replacetext(src_file, dest_file, search_text, replace_text): - with open(src_file, 'r+') as src: + with open(src_file, "r+") as src: src_file = src.read() # Read src.close() - with open(dest_file, 'w') as dest: + with open(dest_file, "w") as dest: dest_file = re.sub(search_text, replace_text, src_file) # Replace dest.seek(0) # Setting the position to the top of the page to insert data dest.write(dest_file) # Write @@ -19,16 +19,16 @@ def replacetext(src_file, dest_file, search_text, replace_text): def main(): - search_text = '' - replace_text = read_config('example.dae') + search_text = "" + replace_text = read_config("example.dae") replacetext( - 'docs/templates/example-config.md', - 'docs/sync/example-config.md', + "hack/templates/example-config.md", + "hack/sync/example-config.md", search_text, replace_text, ) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/hack/test/insert.sh b/hack/mock/insert.sh similarity index 100% rename from hack/test/insert.sh rename to hack/mock/insert.sh diff --git a/docs/sync/.gitkeep b/hack/sync/.gitkeep similarity index 100% rename from docs/sync/.gitkeep rename to hack/sync/.gitkeep diff --git a/docs/templates/example-config.md b/hack/templates/example-config.md similarity index 100% rename from docs/templates/example-config.md rename to hack/templates/example-config.md