mirror of
https://github.com/daeuniverse/dae.git
synced 2025-07-23 22:31:24 +07:00
fix: Opt out TCP sockmap bypass by default (#518)
Signed-off-by: gray <gray.liang@isovalent.com> Co-authored-by: Sumire (菫) <151038614+sumire88@users.noreply.github.com>
This commit is contained in:
@ -24,17 +24,18 @@ type Global struct {
|
|||||||
LogLevel string `mapstructure:"log_level" default:"info"`
|
LogLevel string `mapstructure:"log_level" default:"info"`
|
||||||
// We use DirectTcpCheckUrl to check (tcp)*(ipv4/ipv6) connectivity for direct.
|
// We use DirectTcpCheckUrl to check (tcp)*(ipv4/ipv6) connectivity for direct.
|
||||||
//DirectTcpCheckUrl string `mapstructure:"direct_tcp_check_url" default:"http://www.qualcomm.cn/generate_204"`
|
//DirectTcpCheckUrl string `mapstructure:"direct_tcp_check_url" default:"http://www.qualcomm.cn/generate_204"`
|
||||||
TcpCheckUrl []string `mapstructure:"tcp_check_url" default:"http://cp.cloudflare.com,1.1.1.1,2606:4700:4700::1111"`
|
TcpCheckUrl []string `mapstructure:"tcp_check_url" default:"http://cp.cloudflare.com,1.1.1.1,2606:4700:4700::1111"`
|
||||||
TcpCheckHttpMethod string `mapstructure:"tcp_check_http_method" default:"HEAD"` // Use 'HEAD' because some server implementations bypass accounting for this kind of traffic.
|
TcpCheckHttpMethod string `mapstructure:"tcp_check_http_method" default:"HEAD"` // Use 'HEAD' because some server implementations bypass accounting for this kind of traffic.
|
||||||
UdpCheckDns []string `mapstructure:"udp_check_dns" default:"dns.google.com:53,8.8.8.8,2001:4860:4860::8888"`
|
UdpCheckDns []string `mapstructure:"udp_check_dns" default:"dns.google.com:53,8.8.8.8,2001:4860:4860::8888"`
|
||||||
CheckInterval time.Duration `mapstructure:"check_interval" default:"30s"`
|
CheckInterval time.Duration `mapstructure:"check_interval" default:"30s"`
|
||||||
CheckTolerance time.Duration `mapstructure:"check_tolerance" default:"0"`
|
CheckTolerance time.Duration `mapstructure:"check_tolerance" default:"0"`
|
||||||
LanInterface []string `mapstructure:"lan_interface"`
|
LanInterface []string `mapstructure:"lan_interface"`
|
||||||
WanInterface []string `mapstructure:"wan_interface"`
|
WanInterface []string `mapstructure:"wan_interface"`
|
||||||
AllowInsecure bool `mapstructure:"allow_insecure" default:"false"`
|
AllowInsecure bool `mapstructure:"allow_insecure" default:"false"`
|
||||||
DialMode string `mapstructure:"dial_mode" default:"domain"`
|
DialMode string `mapstructure:"dial_mode" default:"domain"`
|
||||||
DisableWaitingNetwork bool `mapstructure:"disable_waiting_network" default:"false"`
|
DisableWaitingNetwork bool `mapstructure:"disable_waiting_network" default:"false"`
|
||||||
AutoConfigKernelParameter bool `mapstructure:"auto_config_kernel_parameter" default:"false"`
|
EnableLocalTcpFastRedirect bool `mapstructure:"enable_local_tcp_fast_redirect" default:"false"`
|
||||||
|
AutoConfigKernelParameter bool `mapstructure:"auto_config_kernel_parameter" default:"false"`
|
||||||
// DEPRECATED: not used as of https://github.com/daeuniverse/dae/pull/458
|
// DEPRECATED: not used as of https://github.com/daeuniverse/dae/pull/458
|
||||||
AutoConfigFirewallRule bool `mapstructure:"auto_config_firewall_rule" default:"false"`
|
AutoConfigFirewallRule bool `mapstructure:"auto_config_firewall_rule" default:"false"`
|
||||||
SniffingTimeout time.Duration `mapstructure:"sniffing_timeout" default:"100ms"`
|
SniffingTimeout time.Duration `mapstructure:"sniffing_timeout" default:"100ms"`
|
||||||
|
@ -221,8 +221,10 @@ func NewControlPlane(
|
|||||||
if err = core.setupSkPidMonitor(); err != nil {
|
if err = core.setupSkPidMonitor(); err != nil {
|
||||||
log.WithError(err).Warnln("cgroup2 is not enabled; pname routing cannot be used")
|
log.WithError(err).Warnln("cgroup2 is not enabled; pname routing cannot be used")
|
||||||
}
|
}
|
||||||
if err = core.setupLocalTcpFastRedirect(); err != nil {
|
if global.EnableLocalTcpFastRedirect {
|
||||||
log.WithError(err).Warnln("failed to setup local tcp fast redirect")
|
if err = core.setupLocalTcpFastRedirect(); err != nil {
|
||||||
|
log.WithError(err).Warnln("failed to setup local tcp fast redirect")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
for _, ifname := range global.WanInterface {
|
for _, ifname := range global.WanInterface {
|
||||||
if err = core.bindWan(ifname, global.AutoConfigKernelParameter); err != nil {
|
if err = core.bindWan(ifname, global.AutoConfigKernelParameter); err != nil {
|
||||||
|
@ -44,6 +44,7 @@ global {
|
|||||||
|
|
||||||
dial_mode: domain
|
dial_mode: domain
|
||||||
disable_waiting_network: false
|
disable_waiting_network: false
|
||||||
|
enable_local_tcp_fast_redirect: false
|
||||||
auto_config_kernel_parameter: true
|
auto_config_kernel_parameter: true
|
||||||
sniffing_timeout: 100ms
|
sniffing_timeout: 100ms
|
||||||
}
|
}
|
||||||
|
@ -19,6 +19,8 @@ global {
|
|||||||
# Disable waiting for network before pulling subscriptions.
|
# Disable waiting for network before pulling subscriptions.
|
||||||
disable_waiting_network: false
|
disable_waiting_network: false
|
||||||
|
|
||||||
|
# Enable fast redirect for local TCP connections. There is a known kernel issue that breaks certain clients/proxies, such as nadoo/glider. Users may enable this experimental option at their own risks.
|
||||||
|
enable_local_tcp_fast_redirect: false
|
||||||
|
|
||||||
##### Interface and kernel options.
|
##### Interface and kernel options.
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user