eBPF-based Linux high-performance transparent proxy solution.
Go to file
2024-09-24 13:33:16 +00:00
.github ci/fix(trigger-downstream-flake-sync): update dispatch target (#613) 2024-08-26 09:20:29 -04:00
cmd feat: add MPTCP support (#601) 2024-08-27 09:49:51 +08:00
common feat: add MPTCP support (#601) 2024-08-27 09:49:51 +08:00
component feat: allow group override global node connectivity check (#623) 2024-09-08 22:13:06 +08:00
config feat: allow group override global node connectivity check (#623) 2024-09-08 22:13:06 +08:00
control fix: crash on openwrt (#640) 2024-09-19 13:40:05 -04:00
docs docs: add linux-aarch64-7ji as recommended kernel for Arch Linux ARM (#648) 2024-09-24 13:33:16 +00:00
hack chore(license): update license signature (#406) 2024-01-04 17:28:16 +08:00
install chore(dae.service): set TimeoutStartSec=120 instead of 10 (#510) 2024-04-29 13:28:39 +08:00
pkg fix: support to report all error when reloading (#540) 2024-06-15 16:41:07 +08:00
scripts style: format bpf c code using kernel checkpatch.pl (#477) 2024-03-15 20:26:21 +08:00
trace feat: support to maintain udp conn state (#493) 2024-04-08 22:23:55 +08:00
.autocorrectrc ci: add check-docs workflow (#93) 2023-05-21 00:41:44 +08:00
.clang-format feat: support to maintain udp conn state (#493) 2024-04-08 22:23:55 +08:00
.editorconfig chore: add editorconfig (#85) 2023-05-14 13:07:55 +08:00
.gitignore feat: support to maintain udp conn state (#493) 2024-04-08 22:23:55 +08:00
.gitmodules feat: dae trace (#435) 2024-01-27 13:33:00 +08:00
.gitmodules.d.mk feat: dae trace (#435) 2024-01-27 13:33:00 +08:00
.markdownlint-cli2.jsonc ci: add check-docs workflow (#93) 2023-05-21 00:41:44 +08:00
.pre-commit-config.yaml chore(license): update license signature (#406) 2024-01-04 17:28:16 +08:00
CHANGELOGS.md chore(changelogs): add v0.7.1 release changelogs (#609) 2024-08-20 23:18:36 -04:00
CODEOWNERS chore: update codeowners (#234) 2023-07-23 19:33:43 +08:00
docker-compose.yml chore: support docker. fix #30 2023-03-04 13:16:26 +08:00
Dockerfile feat: Add support for hysteria2 dialer and protocol (#533) 2024-06-16 20:41:27 +08:00
example.dae feat: allow group override global node connectivity check (#623) 2024-09-08 22:13:06 +08:00
go.mod fix: crash on openwrt (#640) 2024-09-19 13:40:05 -04:00
go.sum fix: crash on openwrt (#640) 2024-09-19 13:40:05 -04:00
LICENSE init 2023-01-23 19:54:21 +08:00
logo.png init 2023-01-23 19:54:21 +08:00
main.go chore(license): update license signature (#406) 2024-01-04 17:28:16 +08:00
Makefile feat: support to maintain udp conn state (#493) 2024-04-08 22:23:55 +08:00
package-lock.json ci: add check-docs workflow (#93) 2023-05-21 00:41:44 +08:00
package.json ci: add check-docs workflow (#93) 2023-05-21 00:41:44 +08:00
README.md docs(readme): refine project description (#317) 2023-10-21 08:35:48 +00:00

dae

Build License version lastcommit

dae, means goose, is a high-performance transparent proxy solution.

To enhance traffic split performance as much as possible, dae employs the transparent proxy and traffic split suite within the Linux kernel using eBPF. As a result, dae can enable direct traffic to bypass the proxy application's forwarding, facilitating genuine direct traffic passage. Through this remarkable feat, there is minimal performance loss and negligible additional resource consumption for direct traffic.

As a successor of v2rayA, dae abandoned v2ray-core to meet the needs of users more freely.

Features

  • Implement Real Direct traffic split (need ipforward on) to achieve high performance.
  • Support to split traffic by process name in local host.
  • Support to split traffic by MAC address in LAN.
  • Support to split traffic with invert match rules.
  • Support to automatically switch nodes according to policy. That is to say, support to automatically test independent TCP/UDP/IPv4/IPv6 latencies, and then use the best nodes for corresponding traffic according to user-defined policy.
  • Support advanced DNS resolution process.
  • Support full-cone NAT for shadowsocks, trojan(-go) and socks5 (no test).
  • Support various trending proxy protocols, seen in proxy-protocols.md.

Getting Started

Please refer to Quick Start Guide to start using dae right away!

Notes

  1. If you setup dae and also a shadowsocks server (or any UDP servers) on the same machine in public network, such as a VPS, don't forget to add l4proto(udp) && sport(your server ports) -> must_direct rule for your UDP server port. Because states of UDP are hard to maintain, all outgoing UDP packets will potentially be proxied (depends on your routing), including traffic to your client. This behaviour is not what we want to see. must_direct makes all traffic from this port including DNS traffic direct.
  2. If users in mainland China find that the first screen time is very long when they visit some domestic websites for the first time, please check whether you use foreign DNS to handle some domestic domain in DNS routing. Sometimes this is hard to spot. For example, ocsp.digicert.cn is included in geosite:geolocation-!cn unexpectedly, which will cause some tls handshakes to take a long time. Be careful to use such domain sets in DNS routing.

How it works

See How it works.

TODO

  • Automatically check dns upstream and source loop (whether upstream is also a client of us) and remind the user to add sip rule.
  • MACv2 extension extraction.
  • Log to userspace.
  • Protocol-oriented node features detecting (or filter), such as full-cone (especially VMess and VLESS).
  • Add quick-start guide
  • ...

Contributors

Special thanks goes to all contributors. If you would like to contribute, please see the instructions. Also, it is recommended following the commit-msg-guide.

License

AGPL-3.0 (C) daeuniverse

Stargazers over time

Stargazers over time