eBPF-based Linux high-performance transparent proxy solution.
Go to file
2023-02-04 20:53:29 +08:00
.github/workflows feat: support real process name traffic split (#6) 2023-02-04 11:24:03 +08:00
cmd feat: new log formatter 2023-02-04 15:02:44 +08:00
common fix/chore: fix lpm batch update problem and remove BTF requirement 2023-02-04 13:37:36 +08:00
component feat: add DNS rush-answer filter 2023-02-04 20:53:29 +08:00
config feat: refactor []string config parser 2023-02-01 12:30:26 +08:00
install docs: typo and example 2023-02-01 00:02:46 +08:00
pkg feat: new log formatter 2023-02-04 15:02:44 +08:00
.gitignore chore: bpf headers to submodule 2023-01-31 21:44:20 +08:00
.gitmodules feat: support real process name traffic split (#6) 2023-02-04 11:24:03 +08:00
example.dae feat: add DNS rush-answer filter 2023-02-04 20:53:29 +08:00
go.mod feat: new log formatter 2023-02-04 15:02:44 +08:00
go.sum feat: new log formatter 2023-02-04 15:02:44 +08:00
insert.sh refactor: use cgroupv2 instead of ftrace to get better compatibility 2023-02-02 21:22:18 +08:00
LICENSE init 2023-01-23 19:54:21 +08:00
logo.png init 2023-01-23 19:54:21 +08:00
main.go chore: update copyright 2023-01-28 13:56:06 +08:00
Makefile chore: fix ci 2023-02-02 21:26:54 +08:00
README.md docs/fix: README; fix BatchUpdate version requirement 2023-02-04 18:27:13 +08:00
routing.md feat: support real process name traffic split (#6) 2023-02-04 11:24:03 +08:00

dae

dae, means goose, is a lightweight and high-performance transparent proxy solution.

In order to improve the traffic split performance as much as possible, dae runs the transparent proxy and traffic split suite in the linux kernel by eBPF. Therefore, we have the opportunity to make the direct traffic bypass the forwarding by proxy application and achieve true direct traffic through. Under such a magic trick, there is almost no performance loss and additional resource consumption for direct traffic.

As a successor of v2rayA, dae abandoned v2ray-core to meet the needs of users more freely.

Usage

Build:

git clone https://github.com/v2rayA/dae.git
cd dae
git submodule update --init
make

Run:

./dae run -c example.dae

See example.dae.

Linux Kernel Requirement

Kernel Version

Use uname -r to check the kernel version on your machine.

Bind to LAN: >= 5.8

You need bind dae to LAN interface, if you want to provide network service for LAN as an intermediate device.

This feature requires the kernel version of machine on which dae install >= 5.8.

Note that if you bind dae to LAN only, dae only provide network service for traffic from LAN, and not impact local programs.

Bind to WAN: >= 5.8

You need bind dae to WAN interface, if you want dae to provide network service for local programs.

This feature requires kernel version of the machine >= 5.8.

Note that if you bind dae to WAN only, dae only provide network service for local programs and not impact traffic coming in from other interfaces.

TODO

  1. Check dns upstream and source loop (whether upstream is also a client of us) and remind the user to add sip rule.
  2. Domain routing performance optimization.
  3. Handle the case that nodes do not support UDP by adding filter: l4proto_out(tcp, udp), and filter out those nodes support both TCP and UDP. Thus we can use routing to handle it.
  4. Handle the case that nodes do not support IPv6 by adding filter: ipversion_out(4, 6), and filter out those nodes support both IPv4 and IPv6. Thus we can use routing to handle it.
  5. L4Checksum problem. Maybe it is hard to solve.
  6. MACv2 extension extraction.
  7. Log to userspace.
  8. ...