mirrors/dae
1
0
Fork 0
mirror of https://github.com/daeuniverse/dae.git synced 2025-07-26 23:59:10 +07:00
Code Issues Packages Projects Releases Wiki Activity

fix: Opt out TCP sockmap bypass by default (#518)

Browse Source 
Signed-off-by: gray <gray.liang@isovalent.com>
Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com>
This commit is contained in:
/gray
2024-05-20 21:03:39 +08:00
committed by GitHub
parent a71c69a7c9
commit ec7cf06de4
4 changed files with 19 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
config/config.go
View File

@ -24,17 +24,18 @@ type Global struct {
LogLevel string `mapstructure:"log_level" default:"info"` LogLevel string `mapstructure:"log_level" default:"info"`
// We use DirectTcpCheckUrl to check (tcp)*(ipv4/ipv6) connectivity for direct. // We use DirectTcpCheckUrl to check (tcp)*(ipv4/ipv6) connectivity for direct.
//DirectTcpCheckUrl string `mapstructure:"direct_tcp_check_url" default:"http://www.qualcomm.cn/generate_204"` //DirectTcpCheckUrl string `mapstructure:"direct_tcp_check_url" default:"http://www.qualcomm.cn/generate_204"`
TcpCheckUrl []string `mapstructure:"tcp_check_url" default:"http://cp.cloudflare.com,1.1.1.1,2606:4700:4700::1111"` TcpCheckUrl []string `mapstructure:"tcp_check_url" default:"http://cp.cloudflare.com,1.1.1.1,2606:4700:4700::1111"`
TcpCheckHttpMethod string `mapstructure:"tcp_check_http_method" default:"HEAD"` // Use 'HEAD' because some server implementations bypass accounting for this kind of traffic. TcpCheckHttpMethod string `mapstructure:"tcp_check_http_method" default:"HEAD"` // Use 'HEAD' because some server implementations bypass accounting for this kind of traffic.
UdpCheckDns []string `mapstructure:"udp_check_dns" default:"dns.google.com:53,8.8.8.8,2001:4860:4860::8888"` UdpCheckDns []string `mapstructure:"udp_check_dns" default:"dns.google.com:53,8.8.8.8,2001:4860:4860::8888"`
CheckInterval time.Duration `mapstructure:"check_interval" default:"30s"` CheckInterval time.Duration `mapstructure:"check_interval" default:"30s"`
CheckTolerance time.Duration `mapstructure:"check_tolerance" default:"0"` CheckTolerance time.Duration `mapstructure:"check_tolerance" default:"0"`
LanInterface []string `mapstructure:"lan_interface"` LanInterface []string `mapstructure:"lan_interface"`
WanInterface []string `mapstructure:"wan_interface"` WanInterface []string `mapstructure:"wan_interface"`
AllowInsecure bool `mapstructure:"allow_insecure" default:"false"` AllowInsecure bool `mapstructure:"allow_insecure" default:"false"`
DialMode string `mapstructure:"dial_mode" default:"domain"` DialMode string `mapstructure:"dial_mode" default:"domain"`
DisableWaitingNetwork bool `mapstructure:"disable_waiting_network" default:"false"` DisableWaitingNetwork bool `mapstructure:"disable_waiting_network" default:"false"`
AutoConfigKernelParameter bool `mapstructure:"auto_config_kernel_parameter" default:"false"` EnableLocalTcpFastRedirect bool `mapstructure:"enable_local_tcp_fast_redirect" default:"false"`
AutoConfigKernelParameter bool `mapstructure:"auto_config_kernel_parameter" default:"false"`
// DEPRECATED: not used as of https://github.com/daeuniverse/dae/pull/458 // DEPRECATED: not used as of https://github.com/daeuniverse/dae/pull/458
AutoConfigFirewallRule bool `mapstructure:"auto_config_firewall_rule" default:"false"` AutoConfigFirewallRule bool `mapstructure:"auto_config_firewall_rule" default:"false"`
SniffingTimeout time.Duration `mapstructure:"sniffing_timeout" default:"100ms"` SniffingTimeout time.Duration `mapstructure:"sniffing_timeout" default:"100ms"`

6
control/control_plane.go
View File

@ -221,8 +221,10 @@ func NewControlPlane(
if err = core.setupSkPidMonitor(); err != nil { if err = core.setupSkPidMonitor(); err != nil {
log.WithError(err).Warnln("cgroup2 is not enabled; pname routing cannot be used") log.WithError(err).Warnln("cgroup2 is not enabled; pname routing cannot be used")
} }
if err = core.setupLocalTcpFastRedirect(); err != nil { if global.EnableLocalTcpFastRedirect {
log.WithError(err).Warnln("failed to setup local tcp fast redirect") if err = core.setupLocalTcpFastRedirect(); err != nil {
log.WithError(err).Warnln("failed to setup local tcp fast redirect")
}
} }
for _, ifname := range global.WanInterface { for _, ifname := range global.WanInterface {
if err = core.bindWan(ifname, global.AutoConfigKernelParameter); err != nil { if err = core.bindWan(ifname, global.AutoConfigKernelParameter); err != nil {

1
docs/en/configuration/separate-config.md
View File

@ -44,6 +44,7 @@ global {
dial_mode: domain dial_mode: domain
disable_waiting_network: false disable_waiting_network: false
enable_local_tcp_fast_redirect: false
auto_config_kernel_parameter: true auto_config_kernel_parameter: true
sniffing_timeout: 100ms sniffing_timeout: 100ms
} }

2
example.dae
View File

@ -19,6 +19,8 @@ global {
# Disable waiting for network before pulling subscriptions. # Disable waiting for network before pulling subscriptions.
disable_waiting_network: false disable_waiting_network: false
# Enable fast redirect for local TCP connections. There is a known kernel issue that breaks certain clients/proxies, such as nadoo/glider. Users may enable this experimental option at their own risks.
enable_local_tcp_fast_redirect: false
##### Interface and kernel options. ##### Interface and kernel options.