eBPF-based Linux high-performance transparent proxy solution.
Go to file
2023-03-13 22:04:02 +08:00
.github/workflows ci: remove unnecessary deps (#19) 2023-02-19 11:23:38 +08:00
cmd chore: prompt 2023-03-13 14:25:14 +08:00
common optimize(dial_mode): cache for real domain 2023-03-13 16:40:37 +08:00
component optimize(dial_mode): cache for real domain 2023-03-13 16:40:37 +08:00
config docs: update dial_mode 2023-03-13 16:49:01 +08:00
control fix: bad behaviour of must_direct 2023-03-13 22:04:02 +08:00
docs Update kernel-upgrade.md 2023-03-08 18:56:01 +08:00
install chore: support docker. fix #30 2023-03-04 13:16:26 +08:00
pkg fix: kernelVersion.err should be clear if final version from utsname 2023-03-08 17:01:24 +08:00
.gitignore Revert "chore: include compiled file for lib use" 2023-03-03 15:33:31 +08:00
.gitmodules
CODEOWNERS chore: add codeowners (#23) 2023-02-19 20:40:20 +08:00
docker-compose.yml chore: support docker. fix #30 2023-03-04 13:16:26 +08:00
Dockerfile chore: support docker. fix #30 2023-03-04 13:16:26 +08:00
example.dae docs: update example.dae 2023-03-13 17:05:27 +08:00
go.mod optimize(dial_mode): cache for real domain 2023-03-13 16:40:37 +08:00
go.sum optimize(dial_mode): cache for real domain 2023-03-13 16:40:37 +08:00
insert.sh feat: reject packet sent to tproxy port directly for security 2023-02-13 03:41:59 +08:00
LICENSE
logo.png
main.go feat/optimize: add userspace routing and optimize domain routing (#18) 2023-02-18 18:27:28 +08:00
Makefile chore: remove selective loading bpf objects 2023-02-27 09:56:00 +08:00
README.md docs: not so lightweight 2023-03-03 16:36:22 +08:00

dae

dae, means goose, is a high-performance transparent proxy solution.

In order to improve the traffic split performance as much as possible, dae runs the transparent proxy and traffic split suite in the linux kernel by eBPF. Therefore, dae has the opportunity to make the direct traffic bypass the forwarding by proxy application and achieve true direct traffic through. Under such a magic trick, there is almost no performance loss and additional resource consumption for direct traffic.

As a successor of v2rayA, dae abandoned v2ray-core to meet the needs of users more freely.

Features

  1. Implement Real Direct traffic split (need ipforward on) to achieve high performance.
  2. Support to split traffic by process name in local host.
  3. Support to split traffic by MAC address in LAN.
  4. Support to split traffic with invert match rules.
  5. Support to automatically switch nodes according to policy. That is to say, support to automatically test independent TCP/UDP/IPv4/IPv6 latencies, and then use the best nodes for corresponding traffic according to user-defined policy.
  6. Support advanced DNS resolution process.
  7. Support full-cone NAT for shadowsocks, trojan(-go) and socks5 (no test).

Getting Started

Please refer to Quick Start Guide to start using dae right away!

Known Issues

  1. If you setup dae and also a shadowsocks server (or any UDP servers) on the same machine in public network, such as a VPS, don't forget to add l4proto(udp) && sport(your server ports) -> must_direct rule for your UDP server port. Because states of UDP are hard to maintain, all outgoing UDP packets will potentially be proxied (depends on your routing), including traffic to your client. This behaviour is not what we want to see. must_direct makes all traffic from this port including DNS traffic direct.

TODO

  • Automatically check dns upstream and source loop (whether upstream is also a client of us) and remind the user to add sip rule.
  • MACv2 extension extraction.
  • Log to userspace.
  • Protocol-oriented node features detecting (or filter), such as full-cone (especially VMess and VLESS).
  • Add quick-start guide
  • ...