eBPF-based Linux high-performance transparent proxy solution.
Go to file
2024-03-30 20:59:58 +08:00
.github style: format bpf c code using kernel checkpatch.pl (#477) 2024-03-15 20:26:21 +08:00
cmd feat: support reloading progress and error for dae reload (#470) 2024-03-27 13:01:37 +08:00
common chore: bump submodule dae_bpf_headers (#487) 2024-03-30 14:34:15 +08:00
component fix/docs: fix the first check failure and possible dns leaking (#418) 2024-01-11 13:47:05 +00:00
config feat(bpf): implement stack bypass (#458) 2024-03-01 18:27:02 +08:00
control fix(bpf): revert using bpf_redirect_peer (#480) 2024-03-30 20:59:58 +08:00
docs chore: bump submodule dae_bpf_headers (#487) 2024-03-30 14:34:15 +08:00
hack chore(license): update license signature (#406) 2024-01-04 17:28:16 +08:00
install chore: add fish completion (#398) 2024-01-02 19:45:51 +08:00
pkg chore(license): update license signature (#406) 2024-01-04 17:28:16 +08:00
scripts style: format bpf c code using kernel checkpatch.pl (#477) 2024-03-15 20:26:21 +08:00
trace chore: bump submodule dae_bpf_headers (#487) 2024-03-30 14:34:15 +08:00
.autocorrectrc
.editorconfig
.gitignore feat: dae trace (#435) 2024-01-27 13:33:00 +08:00
.gitmodules feat: dae trace (#435) 2024-01-27 13:33:00 +08:00
.gitmodules.d.mk feat: dae trace (#435) 2024-01-27 13:33:00 +08:00
.markdownlint-cli2.jsonc
.pre-commit-config.yaml chore(license): update license signature (#406) 2024-01-04 17:28:16 +08:00
CHANGELOGS.md ci(release): draft release v0.5.1 (#441) 2024-01-24 00:15:16 +08:00
CODEOWNERS
docker-compose.yml
Dockerfile chore(Dockerfile): upgrade golang and clang (https://github.com/daeuniverse/daed/issues/250) (#320) 2023-09-04 11:57:40 +08:00
example.dae feat(bpf): implement stack bypass (#458) 2024-03-01 18:27:02 +08:00
go.mod feat: add httpupgrade (#472) 2024-03-27 12:53:47 +08:00
go.sum feat: add httpupgrade (#472) 2024-03-27 12:53:47 +08:00
LICENSE
logo.png
main.go chore(license): update license signature (#406) 2024-01-04 17:28:16 +08:00
Makefile style: format bpf c code using kernel checkpatch.pl (#477) 2024-03-15 20:26:21 +08:00
package-lock.json
package.json
README.md docs(readme): refine project description (#317) 2023-10-21 08:35:48 +00:00

dae

Build License version lastcommit

dae, means goose, is a high-performance transparent proxy solution.

To enhance traffic split performance as much as possible, dae employs the transparent proxy and traffic split suite within the Linux kernel using eBPF. As a result, dae can enable direct traffic to bypass the proxy application's forwarding, facilitating genuine direct traffic passage. Through this remarkable feat, there is minimal performance loss and negligible additional resource consumption for direct traffic.

As a successor of v2rayA, dae abandoned v2ray-core to meet the needs of users more freely.

Features

  • Implement Real Direct traffic split (need ipforward on) to achieve high performance.
  • Support to split traffic by process name in local host.
  • Support to split traffic by MAC address in LAN.
  • Support to split traffic with invert match rules.
  • Support to automatically switch nodes according to policy. That is to say, support to automatically test independent TCP/UDP/IPv4/IPv6 latencies, and then use the best nodes for corresponding traffic according to user-defined policy.
  • Support advanced DNS resolution process.
  • Support full-cone NAT for shadowsocks, trojan(-go) and socks5 (no test).
  • Support various trending proxy protocols, seen in proxy-protocols.md.

Getting Started

Please refer to Quick Start Guide to start using dae right away!

Notes

  1. If you setup dae and also a shadowsocks server (or any UDP servers) on the same machine in public network, such as a VPS, don't forget to add l4proto(udp) && sport(your server ports) -> must_direct rule for your UDP server port. Because states of UDP are hard to maintain, all outgoing UDP packets will potentially be proxied (depends on your routing), including traffic to your client. This behaviour is not what we want to see. must_direct makes all traffic from this port including DNS traffic direct.
  2. If users in mainland China find that the first screen time is very long when they visit some domestic websites for the first time, please check whether you use foreign DNS to handle some domestic domain in DNS routing. Sometimes this is hard to spot. For example, ocsp.digicert.cn is included in geosite:geolocation-!cn unexpectedly, which will cause some tls handshakes to take a long time. Be careful to use such domain sets in DNS routing.

How it works

See How it works.

TODO

  • Automatically check dns upstream and source loop (whether upstream is also a client of us) and remind the user to add sip rule.
  • MACv2 extension extraction.
  • Log to userspace.
  • Protocol-oriented node features detecting (or filter), such as full-cone (especially VMess and VLESS).
  • Add quick-start guide
  • ...

Contributors

Special thanks goes to all contributors. If you would like to contribute, please see the instructions. Also, it is recommended following the commit-msg-guide.

License

AGPL-3.0 (C) daeuniverse

Stargazers over time

Stargazers over time