ci: add check-docs workflow (#93)

* ci: add check-docs workflow * chore: ignore node_modules * chore(deps): add package-lock * style: apply formatting * style: apply formatting * fix: fix typo * fix: fix all proposed changes by markdown-lint * fix: fix trailing spaces * fix(troubleshooting.md): apply minor fi * fix(getting-started): apply minior fix * ci: dont' kick off build when changes made to check-doc.yml * ci: ONLY kick off build when target workflow file changes * trigger build * fix(build.yml): fix syntax * trigger build * fix: fix broken syntax
2024-12-22 16:24:40 +07:00 · 2023-05-21 00:41:44 +08:00 · 2023-05-21 00:41:44 +08:00 · eac04e991b
commit eac04e991b
parent ae6667bb5d
24 changed files with 10005 additions and 90 deletions
--- a/.autocorrectrc
+++ b/.autocorrectrc
@ -0,0 +1,8 @@
+rules:
+  # Default rules: https://github.com/huacnlee/autocorrect/raw/main/autocorrect/.autocorrectrc.default
+  spellcheck: 1
+spellcheck:
+  words:
+    # Please do not add a general English word (eg. apple, python) here.
+    # Users can add their special words to their .autocorrectrc file by their need.
+    - filesystem = file system
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -12,7 +12,7 @@ on:
      - "**/*.h"
      - "go.mod"
      - "go.sum"
-      - ".github/workflows/*.yml"
+      - ".github/workflows/build.yml"
  release:
    types: [ prereleased ]
  pull_request:
@ -23,7 +23,7 @@ on:
      - "**/*.h"
      - "go.mod"
      - "go.sum"
-      - ".github/workflows/*.yml"
+      - ".github/workflows/build.yml"

 jobs:
  build:
--- a/.github/workflows/check-docs.yml
+++ b/.github/workflows/check-docs.yml
@ -0,0 +1,47 @@
+name: Check document
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'README*.md'
+      - 'docs/**'
+      - 'package.json'
+      - '.autocorrectrc'
+      - '.markdownlint-cli2.jsonc'
+      - '.github/workflows/check-docs.yaml'
+  pull_request:
+    branches: [main]
+    paths:
+      - 'README*.md'
+      - 'docs/**'
+      - 'package.json'
+      - '.autocorrectrc'
+      - '.markdownlint-cli2.jsonc'
+      - '.github/workflows/check-docs.yaml'
+
+jobs:
+  check-doc:
+    name: Check document
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Use Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '16.x'
+          cache: 'npm'
+      - name: Install dependencies
+        run: |
+          npm ci
+      - name: Lint Markdown files (markdownlint)
+        run: |
+          npm run markdown-lint
+      - name: Lint Markdown files (autocorrect)
+        uses: huacnlee/autocorrect-action@main
+        with:
+          args: --lint ./docs/
+      - name: Check broken link (including broken anchor)
+        run: |
+          npm run check-broken-link
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -10,7 +10,7 @@ on:
      - "**/*.h"
      - "go.mod"
      - "go.sum"
-      - ".github/workflows/*.yml"
+      - ".github/workflows/docker.yml"
  release:
    types: [ prereleased ]

--- a/.gitignore
+++ b/.gitignore
@ -7,3 +7,4 @@ bpf_bpfel*.go
 dae
 outline.json
 go-mod/
+node_modules/
--- a/.markdownlint-cli2.jsonc
+++ b/.markdownlint-cli2.jsonc
@ -0,0 +1,181 @@
+{
+  "customRules": [
+    "markdownlint-rule-enhanced-proper-names/src/enhanced-proper-names.js",
+    "markdownlint-rule-no-trailing-slash-in-links/src/no-trailing-slash-in-links.js"
+  ],
+  "config": {
+    "default": true,
+    "first-heading-h1": false,
+    "heading-style": {
+      "style": "atx"
+    },
+    "ul-style": false,
+    "no-hard-tabs": {
+      "spaces_per_tab": 4
+    },
+    "line-length": false,
+    "no-duplicate-heading": {
+      "allow_different_nesting": true
+    },
+    "no-inline-html": {
+      "allowed_elements": [
+        "Badge",
+        "TabItem",
+        "Tabs",
+        "a",
+        "br",
+        "div",
+        "img",
+        "li",
+        "ul",
+        "kbd",
+        "p",
+        "span",
+        "sup",
+        "iframe"
+      ]
+    },
+    "fenced-code-language": false,
+    "first-line-heading": false,
+    "no-alt-text": false,
+    "code-block-style": {
+      "style": "fenced"
+    },
+    "code-fence-style": {
+      "style": "backtick"
+    },
+    "link-fragments": false,
+    "no-trailing-slash-in-links": true,
+    "enhanced-proper-names": {
+      "code_blocks": false,
+      "html_elements": false,
+      "heading_id": false,
+      "names": [
+        "ACL",
+        "AI",
+        "API",
+        "ARM",
+        "ARM64",
+        "AWS",
+        "Amazon",
+        "Ansible",
+        "Apache",
+        "Azure",
+        "BSD",
+        "BadgerDB",
+        "CDH",
+        "CPU",
+        "CSI Driver",
+        "CSI",
+        "CentOS",
+        "Ceph",
+        "CephFS",
+        "ClickHouse",
+        "Cloud SQL",
+        "Colab",
+        "Consul",
+        "Debian",
+        "DevOps",
+        "DistCp",
+        "Docker Compose",
+        "Docker",
+        "Dockerfile",
+        "Doris",
+        "ECI",
+        "Elasticsearch",
+        "FTP",
+        "FUSE",
+        "Flink",
+        "Fluid",
+        "FoundationDB",
+        "GCC",
+        "GID",
+        "Git",
+        "GitHub",
+        "Google",
+        "Grafana",
+        "Graphite",
+        "HBase",
+        "HDFS",
+        "HDP",
+        "HTTP",
+        "HTTPS",
+        "Hadoop",
+        "Hive Metastore",
+        "Hive",
+        "Hudi",
+        "IAM",
+        "ID",
+        "IOPS",
+        "IP",
+        "Iceberg",
+        "JAR",
+        "JDK",
+        "JSON",
+        "Java",
+        "JuiceFS",
+        "JuiceFSRuntime",
+        "Juicedata",
+        "K8s",
+        "Kerberos",
+        "KeyDB",
+        "Kubernetes",
+        "LDAP",
+        "LZ4",
+        "Linux",
+        "M1",
+        "MariaDB",
+        "Maven",
+        "MinIO",
+        "MySQL",
+        "NFS",
+        "POSIX",
+        "PV",
+        "PVC",
+        "PostgreSQL",
+        "PowerShell",
+        "Prometheus",
+        "Pushgateway",
+        "Python",
+        "QPS",
+        "QoS",
+        "RADOS",
+        "RESTful",
+        "RGW",
+        "RPC",
+        "Raft",
+        "Ranger",
+        "Redis",
+        "S3",
+        "SDK",
+        "SFTP",
+        "SID",
+        "SMB",
+        "SQL",
+        "SQLite",
+        "SSH",
+        "Samba",
+        "Scala",
+        "Spark",
+        "StarRocks",
+        "ThriftServer",
+        "TiKV",
+        "Trino",
+        "UID",
+        "UUID",
+        "Ubuntu",
+        "Unix",
+        "VFS",
+        "WebDAV",
+        "WinFsp",
+        "Windows",
+        "YAML",
+        "YARN",
+        "Zstandard",
+        "etcd",
+        "macFUSE",
+        "macOS"
+      ]
+    }
+  }
+}
--- a/README.md
+++ b/README.md
@ -12,25 +12,25 @@

 **_dae_**, means goose, is a high-performance transparent proxy solution.

-In order to improve the traffic split performance as much as possible, dae runs the transparent proxy and traffic split suite in the linux kernel by eBPF. Therefore, dae has the opportunity to make the direct traffic bypass the forwarding by proxy application and achieve true direct traffic through. Under such a magic trick, there is almost no performance loss and additional resource consumption for direct traffic.
+In order to improve the traffic split performance as much as possible, dae runs the transparent proxy and traffic split suite in the Linux kernel by eBPF. Therefore, dae has the opportunity to make the direct traffic bypass the forwarding by proxy application and achieve true direct traffic through. Under such a magic trick, there is almost no performance loss and additional resource consumption for direct traffic.

 As a successor of [v2rayA](https://github.com/v2rayA/v2rayA), dae abandoned v2ray-core to meet the needs of users more freely.

-**Features**
+## Features

-1. Implement `Real Direct` traffic split (need ipforward on) to achieve [high performance](https://docs.google.com/spreadsheets/d/1UaWU6nNho7edBNjNqC8dfGXLlW0-cm84MM7sH6Gp7UE/edit?usp=sharing).
-1. Support to split traffic by process name in local host.
-1. Support to split traffic by MAC address in LAN.
-1. Support to split traffic with invert match rules.
-1. Support to automatically switch nodes according to policy. That is to say, support to automatically test independent TCP/UDP/IPv4/IPv6 latencies, and then use the best nodes for corresponding traffic according to user-defined policy.
-1. Support advanced DNS resolution process.
-1. Support full-cone NAT for shadowsocks, trojan(-go) and socks5 (no test).
+- [x] Implement `Real Direct` traffic split (need ipforward on) to achieve [high performance](https://docs.google.com/spreadsheets/d/1UaWU6nNho7edBNjNqC8dfGXLlW0-cm84MM7sH6Gp7UE/edit?usp=sharing).
+- [x] Support to split traffic by process name in local host.
+- [x] Support to split traffic by MAC address in LAN.
+- [x] Support to split traffic with invert match rules.
+- [x] Support to automatically switch nodes according to policy. That is to say, support to automatically test independent TCP/UDP/IPv4/IPv6 latencies, and then use the best nodes for corresponding traffic according to user-defined policy.
+- [x] Support advanced DNS resolution process.
+- [x] Support full-cone NAT for shadowsocks, trojan(-go) and socks5 (no test).

 ## Getting Started

 Please refer to [Quick Start Guide](./docs/getting-started) to start using `dae` right away!

-Documentation: https://dae.v2raya.org
+Documentation: <https://dae.v2raya.org>

 ## Notes

--- a/docs/commit-msg-guide.md
+++ b/docs/commit-msg-guide.md
@ -1,9 +1,9 @@
 # Semantic Commit Messages

-## The reasons for these conventions:
+## The reasons for these conventions

 - automatic generating of the changelog
- simple navigation through git history (e.g. ignoring the style changes)
+- simple navigation through Git history (e.g. ignoring the style changes)

 See how a minor change to your commit message style can make you a better developer.

@ -36,7 +36,7 @@ Example `<type>` values:
 - `test`: (adding missing tests, refactoring tests; no production code change)
 - `chore`: (updating grunt tasks etc; no production code change, e.g. dependencies upgrade)
 - `perf`: (perfomance improvement change, e.g. better concurrency performance)
- `ci`: (updating CI configuration files and scripts e.g. .github/workflows/*.yml )
+- `ci`: (updating CI configuration files and scripts e.g. `.gitHub/workflows/*.yml` )

 Example `<Scope>` values:

@ -59,7 +59,7 @@ use as in the `<subject>`, use the imperative, present tense: "change" not "chan

 ## Message footer

-##### Referencing issues
+### Referencing issues

 Closed issues should be listed on a separate line in the footer prefixed with "Closes" keyword as the following:

@ -75,7 +75,7 @@ Closes #123, #245, #992

 ## References

- https://www.conventionalcommits.org/
- https://seesparkbox.com/foundry/semantic_commit_messages
- http://karma-runner.github.io/1.0/dev/git-commit-msg.html
- https://wadehuanglearning.blogspot.com/2019/05/commit-commit-commit-why-what-commit.html
+- <https://www.conventionalcommits.org/>
+- <https://seesparkbox.com/foundry/semantic_commit_messages>
+- <http://karma-runner.github.io/1.0/dev/git-commit-msg.html>
+- <https://wadehuanglearning.blogspot.com/2019/05/commit-commit-commit-why-what-commit.html>
--- a/docs/dns.md
+++ b/docs/dns.md
@ -52,12 +52,12 @@ dns {
            # Accept the response if the request is sent to upstream 'googledns'. This is useful to avoid loop.
            upstream(googledns) -> accept
            # If DNS request name is not in CN and response answers include private IP, which is most likely polluted
-            # in China mainland. Therefore, resend DNS request to 'googledns' to get correct result. 
+            # in China mainland. Therefore, resend DNS request to 'googledns' to get correct result.
            !qname(geosite:cn) && ip(geoip:private) -> googledns
            fallback: accept
        }
    }
-    
+
 }
 ```

--- a/docs/getting-started/README.md
+++ b/docs/getting-started/README.md
@ -11,7 +11,7 @@ Use `uname -r` to check the kernel version on your machine.
 > **Note**
 > If you find your kernel version is `< 5.8`, follow the [**Upgrade Guide**](./kernel-upgrade.md) to upgrade the kernel to the minimum required version.

-**Bind to LAN: >= 5.8**
+`Bind to LAN: >= 5.8`

 You need bind dae to LAN interface, if you want to provide network service for LAN as an intermediate device.

@ -19,7 +19,7 @@ This feature requires the kernel version of machine on which dae install >= 5.8.

 Note that if you bind dae to LAN only, dae only provide network service for traffic from LAN, and not impact local programs.

-**Bind to WAN: >= 5.8**
+`Bind to WAN: >= 5.8`

 You need bind dae to WAN interface, if you want dae to provide network service for local programs.

@ -38,6 +38,7 @@ zcat /proc/config.gz || cat /boot/{config,config-$(uname -r)}
 ```

 dae needs:
+
 ```
 CONFIG_BPF=y
 CONFIG_BPF_SYSCALL=y
@ -56,20 +57,20 @@ CONFIG_DEBUG_INFO_BTF=y
 CONFIG_KPROBE_EVENTS=y
 CONFIG_BPF_EVENTS=y
 ```
+
 Check them using command like:

 ```shell
 (zcat /proc/config.gz || cat /boot/{config,config-$(uname -r)}) | grep -E 'CONFIG_(DEBUG_INFO|DEBUG_INFO_BTF|KPROBES|KPROBE_EVENTS|BPF|BPF_SYSCALL|BPF_JIT|BPF_STREAM_PARSER|NET_CLS_ACT|NET_SCH_INGRESS|NET_INGRESS|NET_EGRESS|NET_CLS_BPF|BPF_EVENTS|CGROUPS)=|# CONFIG_DEBUG_INFO_REDUCED is not set'
 ```

-> **Note**
-> `Armbian` users can follow the [**Upgrade Guide**](./kernel-upgrade.md) to upgrade the kernel to meet the kernel configuration requirement.
+> **Note**: `Armbian` users can follow the [**Upgrade Guide**](./kernel-upgrade.md) to upgrade the kernel to meet the kernel configuration requirement.

 ## Installation

 ### Archlinux/Manjaro

-dae has been released on [AUR](https://aur.archlinux.org/packages/dae/).
+dae has been released on [AUR](https://aur.archlinux.org/packages/dae).

 ```shell
 # yay -S dae
@ -91,11 +92,11 @@ sudo systemctl enable dae

 ### macOS

-We provide a hacky way to run dae on your macOS. See [run on macos](run-on-macos.md).
+We provide a hacky way to run dae on your macOS. See [run on macOS](run-on-macos.md).

 ### Docker

-Pre-built image and related docs can be found at https://hub.docker.com/r/daeuniverse/dae.
+Pre-built image and related docs can be found at <https://hub.docker.com/r/daeuniverse/dae>.

 Alternatively, you can use `docker compose`:

--- a/docs/getting-started/README_zh.md
+++ b/docs/getting-started/README_zh.md
@ -2,14 +2,14 @@

 ## Linux 内核要求

-## 内核版本
+### 内核版本

 使用 `uname -r` 来查看内核版本。

 > **注意**
 > 如果你的内核版本低于 `5.8`，可以参考 [**Upgrade Guide**](./kernel-upgrade.md) 升级你的内核。

-**绑定到 LAN 接口: >= 5.8**
+`绑定到 LAN 接口: >= 5.8`

 如果你想作为路由器、网桥等中间设备，为其他设备提供代理服务，需要把 dae 绑定到 LAN 接口上。

@ -17,7 +17,7 @@

 如果你只在 `lan_interface` 中填写了接口，而未在 `wan_interface` 中填写内容，那么本地程序将无法被代理。如果你期望代理本地程序，需要在 `wan_interface` 中填写 `auto` 或是手动输入 WAN 接口。

-**绑定到 WAN 接口: >= 5.8**
+`绑定到 WAN 接口: >= 5.8`

 如果你想为本地程序提供代理服务，需要把 dae 绑定到 WAN 接口上。

@ -34,6 +34,7 @@ zcat /proc/config.gz || cat /boot/{config,config-$(uname -r)}
 ```

 dae 需要以下内核选项：
+
 ```
 CONFIG_BPF=y
 CONFIG_BPF_SYSCALL=y
@ -52,20 +53,20 @@ CONFIG_DEBUG_INFO_BTF=y
 CONFIG_KPROBE_EVENTS=y
 CONFIG_BPF_EVENTS=y
 ```
+
 你可以通过以下命令检查他们：

 ```shell
 (zcat /proc/config.gz || cat /boot/{config,config-$(uname -r)}) | grep -E 'CONFIG_(DEBUG_INFO|DEBUG_INFO_BTF|KPROBES|KPROBE_EVENTS|BPF|BPF_SYSCALL|BPF_JIT|BPF_STREAM_PARSER|NET_CLS_ACT|NET_SCH_INGRESS|NET_INGRESS|NET_EGRESS|NET_CLS_BPF|BPF_EVENTS|CGROUPS)=|# CONFIG_DEBUG_INFO_REDUCED is not set'
 ```

-> **注意**
-> `Armbian` 用户可以参考 [**Upgrade Guide**](./kernel-upgrade.md) 升级到支持的内核。
+> **注意**: `Armbian` 用户可以参考 [**Upgrade Guide**](./kernel-upgrade.md) 升级到支持的内核。

 ## 安装

 ### Archlinux/Manjaro

-dae 已发布于 [AUR](https://aur.archlinux.org/packages/dae/)，使用下述命令安装：
+dae 已发布于 [AUR](https://aur.archlinux.org/packages/dae)，使用下述命令安装：

 ```shell
 # yay -S dae
@ -87,7 +88,7 @@ sudo systemctl enable dae

 ### macOS

-我们提供了一种比较 hacky 的方式在 macOS 上运行 dae，见 [run on macos](run-on-macos.md)。
+我们提供了一种比较 hacky 的方式在 macOS 上运行 dae，见 [run on macOS](run-on-macos.md)。

 ### Docker

@ -175,6 +176,7 @@ routing {
 ```

 如果你不在乎极致速度，而是更注重隐私和 DNS 泄露，使用以下配置替换上述的 dns 部分：
+
 ```shell
 dns {
  upstream {
@ -206,4 +208,4 @@ dns {

 ## 大鹅宇宙

-Telegram: https://t.me/daeuniverse
+Telegram: <https://t.me/daeuniverse>
--- a/docs/getting-started/build-by-yourself.md
+++ b/docs/getting-started/build-by-yourself.md
@ -2,7 +2,7 @@

 ## Build

-**Make Dependencies**
+### Make Dependencies

 ```shell
 clang >= 10
@ -11,7 +11,7 @@ golang >= 1.18
 make
 ```

-**Build**
+### Compilation

 ```shell
 git clone https://github.com/daeuniverse/dae.git
@ -34,7 +34,7 @@ make GOFLAGS="-buildvcs=false" \

 ## Run

-**Runtime Dependencies**
+### Runtime Dependencies

 For traffic splitting, dae relies on the following data sources, [geoip.dat](https://github.com/v2ray/geoip/releases/latest) and [geosite.dat](https://github.com/v2fly/domain-list-community/releases/latest).

@ -46,17 +46,20 @@ curl -L -o geosite.dat https://github.com/v2ray/domain-list-community/releases/l
 popd
 ```

-**Run**
+### Run

 Download the example config file:
+
 ```shell
 curl -L -o example.dae https://github.com/daeuniverse/dae/raw/main/example.dae
 ```
+
 See [example.dae](https://github.com/daeuniverse/dae/blob/main/example.dae).

 After fine tuning, run dae:
+
 ```shell
 ./dae run -c example.dae
 ```

-Alternatively, you may run dae as a daemon(systemd) service. Check out more details [HERE](./run-as-daemon.md).
+Alternatively, you may run dae as a daemon(systemd) service. Check out more details [HERE](./run-as-daemon.md).
--- a/docs/getting-started/external-dns.md
+++ b/docs/getting-started/external-dns.md
@ -7,7 +7,7 @@ If you use a external DNS like AdguardHome, you could refer to the following gui

 ## External DNS on localhost

-If you set up an external DNS on localhost, you may want to let the DNS queries to dns.google.com proxied. For example, if you have the following configuration in AdguardHome:
+If you set up an external DNS on localhost, you may want to let the DNS queries to `dns.google.com` proxied. For example, if you have the following configuration in AdguardHome:

 ```
 Listen on: the same machine with dae, port 53.
@ -53,7 +53,7 @@ You should configure dae as follows:

 ## External DNS on another machine in LAN

-If you set up a external DNS on another machine in LAN, you may want to let the DNS queries to dns.google.com proxied. For example, if you have following configuration in AdguardHome:
+If you set up a external DNS on another machine in LAN, you may want to let the DNS queries to `dns.google.com` proxied. For example, if you have following configuration in `AdguardHome`:

 ```
 Listen on: 192.168.30.3:53 (mac address: 8c:16:45:36:1c:5a)
@ -73,9 +73,9 @@ You should configure dae as follows:
   # Or use MAC address if in the same link:
   # mac(8c:16:45:36:1c:5a) && l4proto(udp) && dport(53) -> must_direct
   ```
-   
+
   And make sure domain `dns.google.com` will be proxied in routing rules.
-   
+
 3. Add upstream and request to section "dns".

   ```
--- a/docs/getting-started/kernel-parameters.md
+++ b/docs/getting-started/kernel-parameters.md
@ -3,7 +3,7 @@
 > **Note**
 > Parameters will be automatically configured if `global.auto_config_kernel_parameter` is `true`.

-If you set up dae as a router or other intermediate device and bind it to LAN interfaces, you need to adjust some linux kernel parameters to make everything work fine. By default, the latest Linux distributions have IP Forwarding `disabled`. In the case where we need to up a Linux router/gateway or a VPN server or simply a plain dial-in server, then we need to enable forwarding. Moreover, in order to keep our gateway position and keep correct downstream route table, we should disable `send-redirects`. Do the followings to adjust linux kernel parameters:
+If you set up dae as a router or other intermediate device and bind it to LAN interfaces, you need to adjust some Linux kernel parameters to make everything work fine. By default, the latest Linux distributions have IP Forwarding `disabled`. In the case where we need to up a Linux router/gateway or a VPN server or simply a plain dial-in server, then we need to enable forwarding. Moreover, in order to keep our gateway position and keep correct downstream route table, we should disable `send-redirects`. Do the followings to adjust Linux kernel parameters:

 For every LAN interfaces you want to proxy:

@ -19,6 +19,7 @@ sudo sysctl --system
 ```

 It is also recommended to enable IPv4 forward to avoid weird situations:
+
 ```shell
 echo "net.ipv4.ip_forward = 1" | sudo tee /etc/sysctl.d/60-ip-forward.conf
 sudo sysctl --system
--- a/docs/getting-started/kernel-upgrade.md
+++ b/docs/getting-started/kernel-upgrade.md
@ -8,8 +8,7 @@ A `kernel` is the core of any operating system. Before you start calling Linux a

 Upgrading the Linux kernel is not easy; you must do this only if you find security errors or hardware interaction issues. If your system crashes, you might have to recover the whole system. Mostly, Linux distributions come with the most upgraded kernel. Upgrading the Linux kernel doesn’t delete or remove the previous kernel; it is kept inside the system.

-> **Note**
-> You should not upgrade your kernel manually unless you want some specific driver support. You can roll back to the older kernel from the recovery menu of your Linux system. However, you may need to upgrade the kernel for hardware issues or security issues.
+> **Note**: You should not upgrade your kernel manually unless you want some specific driver support. You can roll back to the older kernel from the recovery menu of your Linux system. However, you may need to upgrade the kernel for hardware issues or security issues.

 ### Preparation

@ -17,8 +16,7 @@ Before you start upgrading your Linux kernel, you must know the Kernel’s `curr

 Various Linux distributions have different methods to upgrade the Linux kernel. This guide convers ways to upgrade the kernel to a desired version for most `Armbian Linux`, `Debian-based Linux`, `RedHat, Fedora based Linux`, and `Arch-based Linux` distributions.

-> **Note**
-> Since `dae` is builts with `eBPF`, your host must meet the minimum Kernel version, `>= 5.8` for dae to properly running.
+> **Note**: Since `dae` is builts with `eBPF`, your host must meet the minimum Kernel version, `>= 5.8` for dae to properly running.

 ### Upgrade to BTF Kernel on Armbian Linux

@ -46,15 +44,13 @@ sudo reboot
 uname -r
 ```

-(DEBIAN ONLY): If you would like to upgrade to the latest Kernel (AGGRESSIVE UPGRADE), follow the commands below:
+(Debian ONLY): If you would like to upgrade to the latest Kernel (AGGRESSIVE UPGRADE), follow the commands below:

-> **Warning**
-> The latest Kernel that Debian officially supports is available in the `unstable release`. Debian Unstable (also known by its codename "Sid") is not strictly a release, but rather a rolling development version of the Debian distribution containing the latest packages that have been introduced into Debian. Upgrading to the latest Kernel might potentially introduce breaking changes to your system, so please do at your own risk.
+> **Warning**: The latest Kernel that Debian officially supports is available in the `unstable release`. Debian Unstable (also known by its codename "SID") is not strictly a release, but rather a rolling development version of the Debian distribution containing the latest packages that have been introduced into Debian. Upgrading to the latest Kernel might potentially introduce breaking changes to your system, so please do at your own risk.

-Reference: [https://www.itsfoss.net/installing-linux-5-14-kernel-on-debian-11/](https://www.itsfoss.net/installing-linux-5-14-kernel-on-debian-11/)
+Reference: [https://www.itsfoss.net/installing-linux-5-14-kernel-on-debian-11/](https://www.itsfoss.net/installing-linux-5-14-kernel-on-debian-11)

-> **Note**
-> Please modify the following line if your system is NOT on Debian11: `Pin: release a=bullseye` - e.g. `Pin: release a=buster` (Debian10)
+> **Note**: Please modify the following line if your system is NOT on Debian11: `Pin: release a=bullseye` - e.g. `Pin: release a=buster` (Debian10)

 ```shell
 # Sync databases.
--- a/docs/getting-started/other-proxy-protocol_zh.md
+++ b/docs/getting-started/other-proxy-protocol_zh.md
@ -24,11 +24,11 @@ dae 目前支持的代理协议有：

 有其他需求的，一种方式是通过外接其他代理程序来扩展协议支持。下面给出外接 naiveproxy 的例子。

-尽管 dae 等代理程序支持 https 协议，但由于并不使用 chromium 网络栈，削弱了 naiveproxy 的伪装效果，因此可以选择外接 naiveproxy 程序来实现。
+尽管 dae 等代理程序支持 HTTPS 协议，但由于并不使用 chromium 网络栈，削弱了 naiveproxy 的伪装效果，因此可以选择外接 naiveproxy 程序来实现。

 1. 启动 naiveproxy：

-   由于 naiveproxy 的 socks 实现可能有些问题，无法被 curl 和 dae 使用，样例中使用 naiveproxy 开启一个 http 监听端口。注意，http 代理不支持代理 udp 流量，所以如果你外接其他代理程序，建议优先考虑使用 socks5 端口。
+   由于 naiveproxy 的 socks 实现可能有些问题，无法被 curl 和 dae 使用，样例中使用 naiveproxy 开启一个 HTTP 监听端口。注意，HTTP 代理不支持代理 udp 流量，所以如果你外接其他代理程序，建议优先考虑使用 socks5 端口。

   ```bash
   naiveproxy --listen=http://127.0.0.1:1090 --proxy=https://yourlink
--- a/docs/getting-started/reload-and-suspend.md
+++ b/docs/getting-started/reload-and-suspend.md
@ -2,7 +2,7 @@

 dae supports configuration reloading and program suspending, which can help you save a lot of time when modifying the configuration or temporarily suspend dae.

-**Reload**
+## Reload

 Generally, dae won't interrupt connections when reloading configuration. And reloading is much faster than restarting.

@ -12,11 +12,11 @@ Usage:
 dae reload
 ```

-**Suspend**
+## Suspend

 It will be useful if you want to suspend dae temporarily and recover it later.

-Usage:
+## Usage

 ```shell
 dae suspend
@ -27,4 +27,3 @@ If you want to recover, use reload:
 ```shell
 dae reload
 ```
-
--- a/docs/getting-started/run-as-daemon.md
+++ b/docs/getting-started/run-as-daemon.md
@ -9,7 +9,7 @@ dae can run as a daemon(systemd) service so that it can run at boot.

 ## Prerequisites

-**Optional Geo Data Files**
+### Optional Geo Data Files

 For more convenient traffic split, dae relies on the following data sources, [geoip.dat](https://github.com/v2ray/geoip/releases/latest) and [geosite.dat](https://github.com/v2fly/domain-list-community/releases/latest).

@ -21,10 +21,9 @@ curl -L -o geosite.dat https://github.com/v2ray/domain-list-community/releases/l
 popd
 ```

-**Configuration File**
+### Configuration File

-> **Note**
-> The config file is recommended to save under `/etc/dae`
+> **Note**: The config file is recommended to save under `/etc/dae`

 Download the sample config file:

--- a/docs/getting-started/run-on-macos.md
+++ b/docs/getting-started/run-on-macos.md
@ -10,9 +10,9 @@ You can install brew referring to official docs <https://docs.brew.sh/Installati
 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
 ```

-### For arm64
+### For ARM64

-To install arm64 architecture packages, homebrew should be installed in `/opt/homebrew`:
+To install ARM64 architecture packages, homebrew should be installed in `/opt/homebrew`:

 ```shell
 cd /opt
@ -88,7 +88,7 @@ network:
        lima0:
            dhcp4: true
            dhcp6: true
-    version: 2  
+    version: 2
 EOF

 # Apply netplan.
@ -215,6 +215,7 @@ chmod +x /Users/Shared/bin/dae-network-update.sh
 ```

 Give no-password permission for route.
+
 ```shell
 if [ $(id -u) -eq "0" ]; then echo 'Do not use root!!'; else echo "$(whoami) ALL=(ALL) NOPASSWD: $(which route)" | sudo tee /etc/sudoers.d/"$(whoami)"-route; fi
 ```
--- a/docs/getting-started/troubleshooting.md
+++ b/docs/getting-started/troubleshooting.md
@ -1,8 +1,8 @@
 # Troubleshooting

-### Unknown bpf_trace_printk
+## Unknown bpf_trace_printk

-```
+```console
 invalid argument: unknown func bpf_trace_printk
 ```

@ -10,51 +10,51 @@ Solution:

 Compile dae with CFLAG `-D__REMOVE_BPF_PRINTK`. See [build-by-yourself](build-by-yourself.md).

-### PVE related
+## PVE related

-1. [PVE NIC Hardware passthrough](https://github.com/daeuniverse/dae/issues/43)
+- [PVE NIC Hardware passthrough](https://github.com/daeuniverse/dae/issues/43)

-### Binding to WAN but no network
+## Binding to WAN but no network

-**1. Troubleshoot local DNS service**
+### Troubleshoot local DNS service

 If you use `adguardhome`, `mosdns` in `dns` section, refer to [external-dns](external-dns.md).

-**2. Troubleshoot firewall**
+### Troubleshoot firewall

 If you bind to wan, make sure firewall is stopped or `12345` is allowed by firewall. Don't worry about the security of this port because this port has its own firewall rule.

 Usual firewalls on Linux:

-```
+```bash
 ufw
 firewalld
 ```

-**3. Troubleshoot PPPoE**
+### Troubleshoot PPPoE

 dae does not support PPPoE yet. We are working on it. However, binding to LAN for other machines should work fine.

-### Binding to LAN but bad DNS in other machines
+## Binding to LAN but bad DNS in other machines

-**1. Troubleshoot config of dae**
+### Troubleshoot config of dae

 Make sure you have bind to the correct LAN interfaces.

 For example, if your use the same interface eth1 for WAN and LAN, write it as `wan_interface: eth1` and also in `lan_interface: eth1`. If the LAN interfaces you want to proxy are eth1 and docker0, write them both as `lan_interface: eth1,docker0`.

-**2. Troubleshoot DNS**
+### Troubleshoot DNS

 To verify on another machine in LAN:

-```
+```bash
 curl -i 1.1.1.1
 curl -i google.com
 ```

 If the first line has a response and the second line doesn't, check whether port `53` is occupied by others on dae's machine.

-```
+```bash
 netstat -ulpen|grep 53
 # or
 # lsof -i:53 -n
--- a/docs/how_it_works_zh.md
+++ b/docs/how_it_works_zh.md
@ -1,6 +1,6 @@
 # dae 的工作原理

-dae 通过 [eBPF](https://en.wikipedia.org/wiki/EBPF)  在 Linux 内核的 tc (traffic control) 挂载点加载一个程序，通过该程序在流量进入 TCP/IP 网络栈之前进行流量分流。tc 在 linux 网络协议栈中的位置见下图所示（图为收包路径，发包路径方向相反），其中 netfilter 是 iptables/nftables 的位置。
+dae 通过 [eBPF](https://en.wikipedia.org/wiki/EBPF) 在 Linux 内核的 tc (traffic control) 挂载点加载一个程序，通过该程序在流量进入 TCP/IP 网络栈之前进行流量分流。tc 在 Linux 网络协议栈中的位置见下图所示（图为收包路径，发包路径方向相反），其中 netfilter 是 iptables/nftables 的位置。

 ![](netstack-path.webp)

@ -31,7 +31,7 @@ dae 会通过在 tc 挂载点的程序将流量分流，根据分流结果决定

 ### 代理原理

-dae 的代理原理和其他程序近似。区别是在绑定 LAN 接口时， dae 通过 eBPF 将 tc 挂载点的需代理流量的 socket buffer 直接关联至 dae 的 tproxy 侦听端口的 socket；在绑定 WAN 接口时，dae 将需代理流量 socket buffer 从网卡出队列移动至网卡的入队列，禁用其 checksum，并修改目的地址为 tproxy 侦听端口。
+dae 的代理原理和其他程序近似。区别是在绑定 LAN 接口时，dae 通过 eBPF 将 tc 挂载点的需代理流量的 socket buffer 直接关联至 dae 的 tproxy 侦听端口的 socket；在绑定 WAN 接口时，dae 将需代理流量 socket buffer 从网卡出队列移动至网卡的入队列，禁用其 checksum，并修改目的地址为 tproxy 侦听端口。

 以 benchmark 来看，dae 的代理性能比其他代理程序好一些，但不多。

@ -46,9 +46,9 @@ dae 在内核的较早路径上就对流量进行了分流，直连流量将直
 因此，对于直连流量，dae 不会进行 SNAT，对于“旁路由”用户，这将形成非对称路由，即客户端设备发包时流量通过 dae 设备发送到网关，收包时由网关直接发给客户端设备，绕过 dae 设备。

 > 这里的旁路由定义为：1，被设为网关。2，对 TCP/UDP 进行 SNAT。3，LAN 接口和 WAN 接口属于同一个网段。
-> 
+>
 > 例如笔记本电脑在 192.168.0.3，旁路由在 192.168.0.2，路由器在 192.168.0.1。三层逻辑拓扑为：笔记本电脑 -> 旁路由 -> 路由器，且在路由器一侧只能看到源 IP 是 192.168.0.2 的 TCP/UDP 流量，而没有 192.168.0.3 的 TCP/UDP 流量。
-> 
+>
 > 据目前所知，我们是第一个对旁路由进行定义的（笑）。

 非对称路由将带来一个优点和一个可能的问题：
--- a/docs/routing.md
+++ b/docs/routing.md
@ -1,6 +1,6 @@
 # Routing

-## Examples:
+## Examples

 ```shell
 ### Built-in outbounds: block, direct, must_rules
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -0,0 +1,26 @@
+{
+  "name": "dae",
+  "version": "1.0.0",
+  "author": "Daeuniverse",
+  "license": "Apache",
+  "repository": "github:daeuniverse/dae",
+  "scripts": {
+    "check-broken-link": "./node_modules/.bin/remark --quiet --frail ./docs/ README*.md",
+    "markdown-lint": "./node_modules/.bin/markdownlint-cli2 './docs/**/*.md' README*.md",
+    "markdown-lint-fix": "./node_modules/.bin/markdownlint-cli2-fix './docs/**/*.md' README*.md"
+  },
+  "dependencies": {
+    "markdownlint-cli2": "^0.5.1",
+    "markdownlint-rule-enhanced-proper-names": "^0.0.1",
+    "markdownlint-rule-no-trailing-slash-in-links": "^0.0.1",
+    "remark-cli": "^11.0.0",
+    "remark-validate-links": "^12.1.0",
+    "remark-validate-links-heading-id": "^0.0.3"
+  },
+  "remarkConfig": {
+    "plugins": [
+      "remark-validate-links-heading-id",
+      "remark-validate-links"
+    ]
+  }
+}