daeuniverse / dae Goto Github PK
View Code? Open in Web Editor NEWeBPF-based Linux high-performance transparent proxy solution.
License: GNU Affero General Public License v3.0
eBPF-based Linux high-performance transparent proxy solution.
License: GNU Affero General Public License v3.0
ifeng.com slow to open, the problem disappears after rolling back to the file before this change.
dae --version
):cat /etc/os-release
):uname -a
):I would like to introduce a new dedicated CI pipeline to achieve the followings:
./docs
regex
pattern in the CI to pick up the special syntax for DocusarusTo reduce maintenance overheads.
*.md
dae --version
):cat /etc/os-release
):uname -a
):为了避免系统中存在多个DNS缓存,对于同时使用dae和其他DNS服务程序 (如dnsmasq,coredns,adguardhome)的用户,是否应该建议将DNS服务程序的缓存disable?
带有 IPv6 目标地址的 UDP 数据包无法被代理
带有 IPv6 目标地址的 UDP 数据包正常代理
% dig +short www.google.com @2400:3200:: // 证实本地 IPv6 环境正常
107.181.166.244
% dig +short +tcp www.google.com @2606:4700:4700::1111 // 证实服务端 IPv6 环境正常
172.217.25.164
% dig +short www.google.com @2606:4700:4700::1111 // 代理 v6udp 超时
;; communications error to 2606:4700:4700::1111#53: timed out
^C
未在日志中观察到任何关于 [2606:4700:4700::1111]:53 的条目
dae --version
): dae version 0.1.9patch1
cat /etc/os-release
):uname -a
):Do not use Port will be faster?
sniffed_domain
in log is set, but target remains ip.
dae
on the gateway with dial_mode: domain++
.direct
mode and DoH enabled.dae --version
): 0.2.0cat /etc/os-release
):uname -a
):In future release cycles, we should consider adding a link to point users to the example.dae
based on the associated release tag. Consider the following release notes:
Full Changelog: v0.1.10rc...v0.1.10rc1
Example Config: https://github.com/daeuniverse/dae/blob/v0.1.10rc1/example.dae
We should also make some modifications to the installer
script, including logic to pull the latest example.dae
for any new future releases.
I am using adguardhome as upstream DNS but it is not working with dae, the domain traffic split not work. Could you please give me a sample config file. Many thanks!
Node is naiveproxy socks5
adguardhome:china website 223.5.5.5 upd dns,other site Google DoH dns
My current configuration file is below
global {
tproxy_port: 12345
log_level: info
#tcp_check_url: 'http://keep-alv.google.com/generate_204'
#udp_check_dns: 'dns.google:53'
#check_interval: 30s
#check_tolerance: 50ms
lan_interface: enp1s0
# wan_interface: enp1s0
allow_insecure: false
dial_mode: domain
}
node {
fast_node: 'socks5://127.0.0.1:10000'
cloud_node: 'socks5://127.0.0.1:10001'
}
dns {
upstream {
adguardhomedns: 'tcp+udp://127.0.0.1:53'
}
#routing {
#request {
#fallback: asis
#}
#response {
#upstream(localdns) -> accept
# !qname(geosite:cn) && ip(geoip:private) -> googledns
#fallback: accept
#}
#}
}
group {
fast_group {
policy: fixed(0)
}
cloud_group {
policy: fixed(1)
}
}
routing {
### Preset rules.
pname(AdGuardHome) -> must_direct
# pname(NetworkManager, systemd-resolved) -> direct
dip(224.0.0.0/3, 'ff00::/8') -> direct
dip(geoip:private) -> direct
### Write your rules below.
dip(1.0.0.1) -> fast_group
dip(1.1.1.1) -> fast_group
domain(apple.com) -> direct
domain(apple.news) -> direct
dip(geoip:cn) -> direct
domain(geosite:cn) -> direct
fallback: fast_group
}
当我ssh到路由器执行
curl -kfSLo "/tmp/temp.dat" "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat"
或者
wget --no-check-certificate -O "/tmp/temp.dat" "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat"
命令时, 发现路由器本机并没有被dae代理
在路由器下局域网的电脑上执行上面的命令, 上面的链接是会被正常代理的
global {
tproxy_port: 12345
log_level: info
tcp_check_url: 'http://www.google-analytics.com/generate_204'
udp_check_dns: 'one.one.one.one:53'
check_interval: 30s
check_tolerance: 50ms
lan_interface: br-lan
wan_interface: auto
allow_insecure: false
dial_mode: domain
disable_waiting_network: false
auto_config_kernel_parameter: true
sniffing_timeout: 100ms
}
subscription {
xxx_SSR: 'https://xxx.xxxnodes.com/Subscription/ShadowRocketImportService?sid=373757&token=xxxxx'
}
node {
# Add your node links here.
# Support socks5, http, https, ss, ssr, vmess, vless, trojan, trojan-go
# 'socks5://localhost:1080'
# mylink: 'ss://LINK'
# node1: 'vmess://LINK'
# node2: 'vless://LINK'
}
dns {
ipversion_prefer: 4
upstream {
alidns: 'udp://dns.alidns.com:53'
googledns: 'tcp+udp://dns.google.com:53'
}
routing {
request {
qname(geosite:category-ads-all) -> reject
qname(geosite:geolocation-!cn) -> googledns
qname(geosite:apple-cn, geosite:cn) -> alidns
fallback: asis
}
response {
upstream(googledns) -> accept
!qname(geosite:cn) && ip(geoip:private) -> googledns
fallback: accept
}
}
}
group {
AT_SG {
filter: name(keyword: '新加坡', keyword: 'SG')
policy: min_moving_avg
}
AT_TW {
filter: name(keyword: '**', keyword: 'TW')
policy: min_moving_avg
}
}
routing {
pname(NetworkManager) -> direct
dip(224.0.0.0/3, 'ff00::/8') -> direct
dip(geoip:private, geoip:cn) -> direct
dport(6888) -> direct
domain(geosite:cn,
geosite:apple-cn,
geosite:spotify,
geosite:zoom,
geosite:win-update,
geosite:category-scholar-cn,
geosite:category-scholar-!cn) -> direct
domain(suffix: microsoft.com,
suffix: liveatc.net,
suffix: ls.apple.com,
suffix: akadns.net,
suffix: akamaiedge.net) -> direct
fallback: AT_SG
}
allow_insecure: true
will cause failure to connect with grpc node. And this problem will disappear after set it false
.
Log:
[Jun 03 23:19:10] DEBUG Connectivity Check Failed err=context deadline exceeded network=udp6(DNS) node=test
[Jun 03 23:19:10] DEBUG Connectivity Check Failed err=context deadline exceeded network=udp4(DNS) node=test
[Jun 03 23:19:10] DEBUG Connectivity Check Failed err=timeout network=tcp6 node=test
[Jun 03 23:19:10] DEBUG Connectivity Check Failed err=context deadline exceeded network=tcp6(DNS) node=test
[Jun 03 23:19:10] INFO ALIVE --udp6(DNS)-> NOT ALIVE: dialer=test group=default
[Jun 03 23:19:10] INFO Group has no dialer alive group=default network=udp6(DNS)
[Jun 03 23:19:10] WARN Outbound <default> udp6 -> NOT ALIVE, notify the kernel program. outboundId=2
[Jun 03 23:19:10] DEBUG Connectivity Check Failed err=context deadline exceeded network=tcp4(DNS) node=test
vmess+grpc
node.allow_insecure: true
.dae --version
): v0.1.10rc1cat /etc/os-release
):uname -a
):🚀 @daebot proposed the following changelogs for release v0.1.0 generated in workflow run.
Full Changelog: v0.2.0rc4...v0.2.0
If local has ipv6 addresses and routes and remote proxy doesn't, eBPF program will disable the ipv6 traffic to this remote proxy.
However, some softwares have bad happy eyeballs support and always retry.
Occurs since v17.
Fixed in v20.
nodejs/node#41625
nodejs/node#44731
Occurs on but not only v7.3.4.
No version context was given.
Wait 60s for timeout and fallback.
We should disable dropping ipv6 traffic if node has no ipv6 connectivity (at least) in domain++ mode.
Or, only drop them in IP mode (not a good idea if no sniffed domain).
as title
0.1.4 使用 wan_interface: auto
可能会载入失败,请直接填入 WAN 接口的名称,或者使用 main 分支手动编译。下个版本修复。
Openwrt 启动dae的init.d脚本
一、使用说明: 请把以下内容替换到 /etc/init.d/dae 感谢@tty228给的改进版本,修复了dnsmasq问题
#!/bin/sh /etc/rc.common
START=99
STOP=99
LOG_FILE="/var/log/dae.log"
# 如果不需要生成日志,取消下一行的注释
#LOG_FILE="/dev/null"
start_pre() {
if ! /usr/bin/dae validate -c /etc/dae/config.dae; then
echo "dae config file /etc/dae/config.dae is invalid or too open, exiting."
exit 1
fi
}
start() {
# 检查 dae 进程是否已经在运行
if [ $(pidof /usr/bin/dae) ]; then
echo "dae process is already running!"
return 1
fi
# 清空并添加 DNS 转发,否则关闭劫持后,会因无网络无法启动 dae
uci -q del dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server='223.5.5.5'
# 关闭 OpenWrt dnsmasq 53 劫持
uci set dhcp.@dnsmasq[0].noresolv='1'
uci commit dhcp
/etc/init.d/dnsmasq reload
echo "Disable the 'noresolv' feature in Dnsmasq"
# 清空日志,自选
echo "" > $LOG_FILE
# 启动 dae 进程,并将日志输出到 LOG_FILE 文件中
start_pre
/usr/bin/dae run --disable-timestamp -c /etc/dae/config.dae >> $LOG_FILE 2>&1 &
echo "Started dae process."
# 记录进程 PID
echo $! > /var/run/dae.pid
}
stop() {
# 停止 dae 进程
if [ -f /var/run/dae.pid ]; then
pid=$(cat /var/run/dae.pid)
kill -15 $pid
echo "dae stopped"
# 清空添加的 DNS 转发,并恢复 noresolv 功能
uci -q del dhcp.@dnsmasq[0].server
uci set dhcp.@dnsmasq[0].noresolv='0'
uci commit dhcp
/etc/init.d/dnsmasq reload
echo "Enable the 'noresolv' feature in Dnsmasq"
else
echo "dae is not running"
fi
# 删除进程 PID 文件
rm -f /var/run/dae.pid
}
restart() {
stop
sleep 1
start
}
reload() {
# 从 PID 文件中读取进程 ID
if [ -f /var/run/dae.pid ]; then
pid=$(cat /var/run/dae.pid)
# 重新加载 dae 进程
/usr/bin/dae reload $pid
echo "Reloaded dae process."
else
echo "dae process is not running!"
fi
}
二、扩展功能:
1.暂停dae: /usr/bin/dae suspend $(cat /var/run/dae.pid)
2.查看日志: tail -f /var/log/dae.log
(ps:自己注意dae日志文件大小 ,已知问题OPENWRT下日志文件大于512M dae会崩,建议安装第三方日志管理软件)
以下废弃。。
三、目前已知dae会和Dnsmasq发生冲突
1.
echo "nameserver 223.5.5.5" > /etc/resolv.conf
2.建议把 Dnsmasq DNS监听端口设置为 0 或者 /etc/init.d/dnsmasq stop (ps:慎用!!!可能会失去dhcp功能)(补充:不需要关,见评论区)
dae --version
):dae version 0.1.8-20230505
cat /etc/os-release
):NAME="OpenWrt"
VERSION="SNAPSHOT"
ID="openwrt"
ID_LIKE="lede openwrt"
PRETTY_NAME="OpenWrt SNAPSHOT"
VERSION_ID="snapshot"
HOME_URL="https://openwrt.org/"
BUG_URL="https://bugs.openwrt.org/"
SUPPORT_URL="https://forum.openwrt.org/"
BUILD_ID="r5942-f953b064c"
OPENWRT_BOARD="x86/64"
OPENWRT_ARCH="x86_64"
OPENWRT_TAINTS="no-all"
OPENWRT_DEVICE_MANUFACTURER="OpenWrt"
OPENWRT_DEVICE_MANUFACTURER_URL="https://openwrt.org/"
OPENWRT_DEVICE_PRODUCT="Generic"
OPENWRT_DEVICE_REVISION="v0"
OPENWRT_RELEASE="OpenWrt SNAPSHOT r5942-f953b064c"
uname -a
):Linux OpenWrt 5.15.105 #0 SMP Fri May 5 05:11:46 2023 x86_64 GNU/Linux
global {
tproxy_port: 12345
log_level: debug
tcp_check_url: 'http://cp.cloudflare.com,1.1.1.1,2606:4700:4700::1111'
udp_check_dns: 'dns.google.com:53,8.8.8.8,2001:4860:4860::8888'
check_interval: 30s
check_tolerance: 50ms
#lan_interface: docker0
wan_interface: auto
allow_insecure: false
dial_mode: domain
disable_waiting_network: false
auto_config_kernel_parameter: true
sniffing_timeout: 100ms
}
subscription {
}
node {
# Add your node links here.
# Support socks5, http, https, ss, ssr, vmess, vless, trojan, trojan-go
# 'socks5://localhost:1080'
# mylink: 'ss://LINK'
# node1: 'vmess://LINK'
# node2: 'vless://LINK'
iepl: '节点链接'
}
dns {
ipversion_prefer: 4
upstream {
alidns: 'udp://223.5.5.5:53'
googledns: 'tcp+udp://8.8.8.8:53'
}
routing {
request {
fallback: alidns
}
response {
upstream(googledns) -> accept
!qname(geosite:cn) && ip(geoip:private) -> googledns
fallback: accept
}
}
}
group {
amy {
policy: fixed(0)
}
}
# See https://github.com/daeuniverse/dae/blob/main/docs/routing.md for full examples.
routing {
pname(dnsmasq, systemd-resolved, NetworkManager) -> direct
dip(224.0.0.0/3, 'ff00::/8') -> direct
dip(geoip:private) -> direct
### Write your rules below.
dip(geoip:cn) -> direct
domain(geosite:cn) -> direct
qname(geolocation-!cn) -> amy
fallback: amy
}
root@OpenWrt:~# (zcat /proc/config.gz || cat /boot/{config,config-$(uname -r)}) | grep -E 'CONFIG_(DEBUG_INFO|DEBUG_INFO_BTF|KPROBES|
KPROBE_EVENTS|BPF|BPF_SYSCALL|BPF_JIT|BPF_STREAM_PARSER|NET_CLS_ACT|NET_SCH_INGRESS|NET_INGRESS|NET_EGRESS|NET_CLS_BPF|BPF_EVENTS|CGR
OUPS)=|# CONFIG_DEBUG_INFO_REDUCED is not set'
CONFIG_BPF=y
CONFIG_BPF_SYSCALL=y
CONFIG_BPF_JIT=y
CONFIG_CGROUPS=y
CONFIG_KPROBES=y
CONFIG_NET_INGRESS=y
CONFIG_NET_EGRESS=y
CONFIG_NET_SCH_INGRESS=m
CONFIG_NET_CLS_BPF=m
CONFIG_NET_CLS_ACT=y
CONFIG_BPF_STREAM_PARSER=y
CONFIG_DEBUG_INFO=y
# CONFIG_DEBUG_INFO_REDUCED is not set
CONFIG_DEBUG_INFO_BTF=y
CONFIG_KPROBE_EVENTS=y
CONFIG_BPF_EVENTS=y
Fri May 5 19:34:06 2023 daemon.err dae[6846]: time="May 05 11:34:06" level=info msg="Include config files: [/etc/dae/config.dae]"
Fri May 5 19:34:06 2023 daemon.err dae[6846]: time="May 05 11:34:06" level=info msg="Loading eBPF programs and maps into the kernel..."
Fri May 5 19:34:06 2023 daemon.err dae[6846]: time="May 05 11:34:06" level=info msg="The loading process takes about 120MB free memory, which will be released after loading. Insufficient memory will cause loading failure."
Fri May 5 19:34:08 2023 daemon.info procd: - init complete -
Fri May 5 19:34:10 2023 daemon.err dae[6846]: time="May 05 11:34:10" level=info msg="Loaded eBPF programs and maps"
Fri May 5 19:34:10 2023 daemon.err dae[6846]: time="May 05 11:34:10" level=info msg="Bind to WAN: pppoe-wan"
Fri May 5 19:34:10 2023 daemon.err dae[6846]: time="May 05 11:34:10" level=info msg="Group "amy" node list:"
Fri May 5 19:34:10 2023 daemon.err dae[6846]: time="May 05 11:34:10" level=info msg=" iepl"
Fri May 5 19:34:10 2023 daemon.err dae[6846]: time="May 05 11:34:10" level=debug msg="Search "geoip.dat" in [/.local/share/dae, /usr/local/share/dae, /usr/share/dae, /etc/dae]"
Fri May 5 19:34:10 2023 daemon.err dae[6846]: time="May 05 11:34:10" level=debug msg="Found "geoip.dat" at /usr/share/dae/geoip.dat"
Fri May 5 19:34:10 2023 daemon.err dae[6846]: time="May 05 11:34:10" level=debug msg="Read geoip "geoip.dat:private" from /usr/share/dae/geoip.dat"
Fri May 5 19:34:10 2023 daemon.err dae[6846]: time="May 05 11:34:10" level=debug msg="Read geoip "geoip.dat:cn" from /usr/share/dae/geoip.dat"
Fri May 5 19:34:10 2023 daemon.err dae[6846]: time="May 05 11:34:10" level=debug msg="Search "geosite.dat" in [/.local/share/dae, /usr/local/share/dae, /usr/share/dae, /etc/dae]"
Fri May 5 19:34:10 2023 daemon.err dae[6846]: time="May 05 11:34:10" level=debug msg="Found "geosite.dat" at /usr/share/dae/geosite.dat"
Fri May 5 19:34:10 2023 daemon.err dae[6846]: time="May 05 11:34:10" level=debug msg="Read geosite "geosite.dat:cn" from /usr/share/dae/geosite.dat"
Fri May 5 19:34:11 2023 daemon.err dae[6846]: time="May 05 11:34:11" level=debug msg="RoutingA:
Fri May 5 19:34:11 2023 daemon.err dae[6846]: pname([n = 3]) -> direct
Fri May 5 19:34:11 2023 daemon.err dae[6846]: ip([n = 10981]) -> direct
Fri May 5 19:34:11 2023 daemon.err dae[6846]: domain([n = 65703]) -> direct
Fri May 5 19:34:11 2023 daemon.err dae[6846]: qname([n = 1]) -> amy
Fri May 5 19:34:11 2023 daemon.err dae[6846]: fallback: amy
Fri May 5 19:34:11 2023 daemon.err dae[6846]: "
Fri May 5 19:34:11 2023 daemon.err dae[6846]: time="May 05 11:34:11" level=debug msg="[rule] pname([n = 3]) -> direct"
Fri May 5 19:34:11 2023 daemon.err dae[6846]: time="May 05 11:34:11" level=debug msg=" pname() -> direct"
Fri May 5 19:34:11 2023 daemon.err dae[6846]: time="May 05 11:34:11" level=debug msg="[rule] ip([n = 10981]) -> direct"
Fri May 5 19:34:11 2023 daemon.err dae[6846]: time="May 05 11:34:11" level=debug msg=" ip() -> direct"
Fri May 5 19:34:11 2023 daemon.err dae[6846]: time="May 05 11:34:11" level=debug msg="[rule] domain([n = 65703]) -> direct"
Fri May 5 19:34:11 2023 daemon.err dae[6846]: time="May 05 11:34:11" level=debug msg=" domain(full) -> <OR>"
Fri May 5 19:34:11 2023 daemon.err dae[6846]: time="May 05 11:34:11" level=debug msg=" domain(regex) -> <OR>"
Fri May 5 19:34:11 2023 daemon.err dae[6846]: time="May 05 11:34:11" level=debug msg=" domain(suffix) -> direct"
Fri May 5 19:34:11 2023 daemon.err dae[6846]: time="May 05 11:34:11" level=debug msg="[rule] qname([n = 1]) -> amy"
Fri May 5 19:34:11 2023 daemon.err dae[6846]: time="2023-05-05T11:34:11Z" level=fatal msg="NewRoutingMatcherBuilder: unknown function: qname"
Fri May 5 19:34:16 2023 daemon.err dae[6986]: time="May 05 11:34:16" level=info msg="Include config files: [/etc/dae/config.dae]"
Fri May 5 19:34:16 2023 daemon.err dae[6986]: time="May 05 11:34:16" level=info msg="Loading eBPF programs and maps into the kernel..."
Fri May 5 19:34:16 2023 daemon.err dae[6986]: time="May 05 11:34:16" level=info msg="The loading process takes about 120MB free memory, which will be released after loading. Insufficient memory will cause loading failure."
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=info msg="Loaded eBPF programs and maps"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=info msg="Bind to WAN: pppoe-wan"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=info msg="Group "amy" node list:"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=info msg=" iepl"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg="Search "geoip.dat" in [/.local/share/dae, /usr/local/share/dae, /usr/share/dae, /etc/dae]"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg="Found "geoip.dat" at /usr/share/dae/geoip.dat"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg="Read geoip "geoip.dat:private" from /usr/share/dae/geoip.dat"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg="Read geoip "geoip.dat:cn" from /usr/share/dae/geoip.dat"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg="Search "geosite.dat" in [/.local/share/dae, /usr/local/share/dae, /usr/share/dae, /etc/dae]"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg="Found "geosite.dat" at /usr/share/dae/geosite.dat"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg="Read geosite "geosite.dat:cn" from /usr/share/dae/geosite.dat"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg="RoutingA:
Fri May 5 19:34:20 2023 daemon.err dae[6986]: pname([n = 3]) -> direct
Fri May 5 19:34:20 2023 daemon.err dae[6986]: ip([n = 10981]) -> direct
Fri May 5 19:34:20 2023 daemon.err dae[6986]: domain([n = 65703]) -> direct
Fri May 5 19:34:20 2023 daemon.err dae[6986]: qname([n = 1]) -> amy
Fri May 5 19:34:20 2023 daemon.err dae[6986]: fallback: amy
Fri May 5 19:34:20 2023 daemon.err dae[6986]: "
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg="[rule] pname([n = 3]) -> direct"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg=" pname() -> direct"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg="[rule] ip([n = 10981]) -> direct"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg=" ip() -> direct"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg="[rule] domain([n = 65703]) -> direct"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg=" domain(full) -> <OR>"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg=" domain(regex) -> <OR>"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg=" domain(suffix) -> direct"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="May 05 11:34:20" level=debug msg="[rule] qname([n = 1]) -> amy"
Fri May 5 19:34:20 2023 daemon.err dae[6986]: time="2023-05-05T11:34:20Z" level=fatal msg="NewRoutingMatcherBuilder: unknown function: qname"
Fri May 5 19:34:25 2023 daemon.err dae[7040]: time="May 05 11:34:25" level=info msg="Include config files: [/etc/dae/config.dae]"
Fri May 5 19:34:25 2023 daemon.err dae[7040]: time="May 05 11:34:25" level=info msg="Loading eBPF programs and maps into the kernel..."
Fri May 5 19:34:25 2023 daemon.err dae[7040]: time="May 05 11:34:25" level=info msg="The loading process takes about 120MB free memory, which will be released after loading. Insufficient memory will cause loading failure."
Fri May 5 19:34:29 2023 daemon.err nmbd[4804]: [2023/05/05 19:34:29.164238, 0] ../../source3/nmbd/nmbd_become_lmb.c:398(become_local_master_stage2)
Fri May 5 19:34:29 2023 daemon.err nmbd[4804]: *****
Fri May 5 19:34:29 2023 daemon.err nmbd[4804]:
Fri May 5 19:34:29 2023 daemon.err nmbd[4804]: Samba name server OPENWRT is now a local master browser for workgroup WORKGROUP on subnet 192.168.1.1
Fri May 5 19:34:29 2023 daemon.err nmbd[4804]:
Fri May 5 19:34:29 2023 daemon.err nmbd[4804]: *****
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=info msg="Loaded eBPF programs and maps"
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=info msg="Bind to WAN: pppoe-wan"
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=info msg="Group "amy" node list:"
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=info msg=" iepl"
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=debug msg="Search "geoip.dat" in [/.local/share/dae, /usr/local/share/dae, /usr/share/dae, /etc/dae]"
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=debug msg="Found "geoip.dat" at /usr/share/dae/geoip.dat"
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=debug msg="Read geoip "geoip.dat:private" from /usr/share/dae/geoip.dat"
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=debug msg="Read geoip "geoip.dat:cn" from /usr/share/dae/geoip.dat"
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=debug msg="Search "geosite.dat" in [/.local/share/dae, /usr/local/share/dae, /usr/share/dae, /etc/dae]"
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=debug msg="Found "geosite.dat" at /usr/share/dae/geosite.dat"
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=debug msg="Read geosite "geosite.dat:cn" from /usr/share/dae/geosite.dat"
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=debug msg="RoutingA:
Fri May 5 19:34:29 2023 daemon.err dae[7040]: pname([n = 3]) -> direct
Fri May 5 19:34:29 2023 daemon.err dae[7040]: ip([n = 10981]) -> direct
Fri May 5 19:34:29 2023 daemon.err dae[7040]: domain([n = 65703]) -> direct
Fri May 5 19:34:29 2023 daemon.err dae[7040]: qname([n = 1]) -> amy
Fri May 5 19:34:29 2023 daemon.err dae[7040]: fallback: amy
Fri May 5 19:34:29 2023 daemon.err dae[7040]: "
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=debug msg="[rule] pname([n = 3]) -> direct"
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=debug msg=" pname() -> direct"
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=debug msg="[rule] ip([n = 10981]) -> direct"
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=debug msg=" ip() -> direct"
Fri May 5 19:34:29 2023 daemon.err dae[7040]: time="May 05 11:34:29" level=debug msg="[rule] domain([n = 65703]) -> direct"
Fri May 5 19:34:30 2023 daemon.err dae[7040]: time="May 05 11:34:30" level=debug msg=" domain(full) -> <OR>"
Fri May 5 19:34:30 2023 daemon.err dae[7040]: time="May 05 11:34:30" level=debug msg=" domain(regex) -> <OR>"
Fri May 5 19:34:30 2023 daemon.err dae[7040]: time="May 05 11:34:30" level=debug msg=" domain(suffix) -> direct"
Fri May 5 19:34:30 2023 daemon.err dae[7040]: time="May 05 11:34:30" level=debug msg="[rule] qname([n = 1]) -> amy"
Fri May 5 19:34:30 2023 daemon.err dae[7040]: time="2023-05-05T11:34:30Z" level=fatal msg="NewRoutingMatcherBuilder: unknown function: qname"
Fri May 5 19:34:35 2023 daemon.err dae[7076]: time="May 05 11:34:35" level=info msg="Include config files: [/etc/dae/config.dae]"
Fri May 5 19:34:35 2023 daemon.err dae[7076]: time="May 05 11:34:35" level=info msg="Loading eBPF programs and maps into the kernel..."
Fri May 5 19:34:35 2023 daemon.err dae[7076]: time="May 05 11:34:35" level=info msg="The loading process takes about 120MB free memory, which will be released after loading. Insufficient memory will cause loading failure."
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=info msg="Loaded eBPF programs and maps"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=info msg="Bind to WAN: pppoe-wan"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=info msg="Group "amy" node list:"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=info msg=" iepl"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg="Search "geoip.dat" in [/.local/share/dae, /usr/local/share/dae, /usr/share/dae, /etc/dae]"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg="Found "geoip.dat" at /usr/share/dae/geoip.dat"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg="Read geoip "geoip.dat:private" from /usr/share/dae/geoip.dat"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg="Read geoip "geoip.dat:cn" from /usr/share/dae/geoip.dat"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg="Search "geosite.dat" in [/.local/share/dae, /usr/local/share/dae, /usr/share/dae, /etc/dae]"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg="Found "geosite.dat" at /usr/share/dae/geosite.dat"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg="Read geosite "geosite.dat:cn" from /usr/share/dae/geosite.dat"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg="RoutingA:
Fri May 5 19:34:39 2023 daemon.err dae[7076]: pname([n = 3]) -> direct
Fri May 5 19:34:39 2023 daemon.err dae[7076]: ip([n = 10981]) -> direct
Fri May 5 19:34:39 2023 daemon.err dae[7076]: domain([n = 65703]) -> direct
Fri May 5 19:34:39 2023 daemon.err dae[7076]: qname([n = 1]) -> amy
Fri May 5 19:34:39 2023 daemon.err dae[7076]: fallback: amy
Fri May 5 19:34:39 2023 daemon.err dae[7076]: "
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg="[rule] pname([n = 3]) -> direct"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg=" pname() -> direct"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg="[rule] ip([n = 10981]) -> direct"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg=" ip() -> direct"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg="[rule] domain([n = 65703]) -> direct"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg=" domain(full) -> <OR>"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg=" domain(regex) -> <OR>"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg=" domain(suffix) -> direct"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="May 05 11:34:39" level=debug msg="[rule] qname([n = 1]) -> amy"
Fri May 5 19:34:39 2023 daemon.err dae[7076]: time="2023-05-05T11:34:39Z" level=fatal msg="NewRoutingMatcherBuilder: unknown function: qname"
Fri May 5 19:34:44 2023 daemon.err dae[7090]: time="May 05 11:34:44" level=info msg="Include config files: [/etc/dae/config.dae]"
Fri May 5 19:34:44 2023 daemon.err dae[7090]: time="May 05 11:34:44" level=info msg="Loading eBPF programs and maps into the kernel..."
Fri May 5 19:34:44 2023 daemon.err dae[7090]: time="May 05 11:34:44" level=info msg="The loading process takes about 120MB free memory, which will be released after loading. Insufficient memory will cause loading failure."
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=info msg="Loaded eBPF programs and maps"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=info msg="Bind to WAN: pppoe-wan"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=info msg="Group "amy" node list:"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=info msg=" iepl"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg="Search "geoip.dat" in [/.local/share/dae, /usr/local/share/dae, /usr/share/dae, /etc/dae]"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg="Found "geoip.dat" at /usr/share/dae/geoip.dat"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg="Read geoip "geoip.dat:private" from /usr/share/dae/geoip.dat"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg="Read geoip "geoip.dat:cn" from /usr/share/dae/geoip.dat"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg="Search "geosite.dat" in [/.local/share/dae, /usr/local/share/dae, /usr/share/dae, /etc/dae]"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg="Found "geosite.dat" at /usr/share/dae/geosite.dat"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg="Read geosite "geosite.dat:cn" from /usr/share/dae/geosite.dat"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg="RoutingA:
Fri May 5 19:34:48 2023 daemon.err dae[7090]: pname([n = 3]) -> direct
Fri May 5 19:34:48 2023 daemon.err dae[7090]: ip([n = 10981]) -> direct
Fri May 5 19:34:48 2023 daemon.err dae[7090]: domain([n = 65703]) -> direct
Fri May 5 19:34:48 2023 daemon.err dae[7090]: qname([n = 1]) -> amy
Fri May 5 19:34:48 2023 daemon.err dae[7090]: fallback: amy
Fri May 5 19:34:48 2023 daemon.err dae[7090]: "
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg="[rule] pname([n = 3]) -> direct"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg=" pname() -> direct"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg="[rule] ip([n = 10981]) -> direct"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg=" ip() -> direct"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg="[rule] domain([n = 65703]) -> direct"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg=" domain(full) -> <OR>"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg=" domain(regex) -> <OR>"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg=" domain(suffix) -> direct"
Fri May 5 19:34:48 2023 daemon.err dae[7090]: time="May 05 11:34:48" level=debug msg="[rule] qname([n = 1]) -> amy"
Fri May 5 19:34:49 2023 daemon.err dae[7090]: time="2023-05-05T11:34:49Z" level=fatal msg="NewRoutingMatcherBuilder: unknown function: qname"
Fri May 5 19:34:49 2023 daemon.info procd: Instance dae::dae s in a crash loop 6 crashes, 4 seconds since last crash
I want to treat my US node (with higher average latency) as main use, and if it is down, failover to HK node (with lower average latency).
My US node has more traffic and bandwidth.
If you are using Intel i225/226 NIC, you may encounter the problem that the client cannot get the DNS IP after enabling the NIC hardware passthrough feature under PVE.
Solution
Please add this solution to the Troubleshooting Doc. Thank you.
Does dae have DNS cache? I have DDNS configured on my router and nslookup can return the correct IP if not connected through dae. If connected via dae it always returns the old IP unless I restart the dae service
dae --version
):cat /etc/os-release
):uname -a
):NAME="OpenWrt"
VERSION="23.05.0-rc2"
ID="openwrt"
ID_LIKE="lede openwrt"
PRETTY_NAME="OpenWrt 23.05.0-rc2"
VERSION_ID="23.05.0-rc2"
HOME_URL="https://openwrt.org/"
BUG_URL="https://bugs.openwrt.org/"
SUPPORT_URL="https://forum.openwrt.org/"
BUILD_ID="r23228-cd17d8df2a"
OPENWRT_BOARD="x86/64"
OPENWRT_ARCH="x86_64"
OPENWRT_TAINTS=""
OPENWRT_DEVICE_MANUFACTURER="OpenWrt"
OPENWRT_DEVICE_MANUFACTURER_URL="https://openwrt.org/"
OPENWRT_DEVICE_PRODUCT="Generic"
OPENWRT_DEVICE_REVISION="v0"
OPENWRT_RELEASE="OpenWrt 23.05.0-rc2 r23228-cd17d8df2a"
Linux OpenWrt 5.15.118 #0 SMP Mon Jun 26 11:20:39 2023 x86_64 GNU/Linux
dae
安装在主路由上面, 该路由器为PPPoE
拨号, 启动dae
后刚开始一段时间打开国外网站都很快, 过几分钟/几十分钟后随机出现某些被代理的网站打开时浏览器页面一直转圈, 也没有该网站域名相关的日志输出, 等几秒/几十秒后网站就打开了(这时候有该网站域名相关的日志输出了), 之后一段时间内打开该网站都会很快
加密协议 'Shadowsocks AEAD'
shadowsocks_encrypt_method 'aes-128-gcm'
shadowsocks_plugin 'obfs-local'
shadowsocks_plugin_opts 'obfs=http;obfs-host=5c2d9c0098.douyincdn.com'
global {
tproxy_port: 12345
tproxy_port_protect: true
so_mark_from_dae: 0
log_level: info
disable_waiting_network: false
lan_interface: eth0,eth2
#wan_interface: auto
auto_config_kernel_parameter: true
tcp_check_url: 'http://cp.cloudflare.com,1.1.1.1,2606:4700:4700::1111'
tcp_check_http_method: HEAD
udp_check_dns: 'dns.google.com:53,8.8.8.8,2001:4860:4860::8888'
check_interval: 30s
check_tolerance: 50ms
dial_mode: domain
allow_insecure: false
sniffing_timeout: 100ms
tls_implementation: tls
utls_imitate: chrome_auto
}
subscription {
FC: 'https://'
}
dns {
ipversion_prefer: 4
upstream {
localdns: 'udp://223.5.5.5:53'
remotedns: 'tcp://1.1.1.1:53'
}
routing {
request {
#qname(geosite:category-ads-all) -> reject
qname(geosite:cn) -> localdns
qname(geosite:geolocation-!cn) -> remotedns
fallback: localdns
}
response {
upstream(remotedns) -> accept
!qname(geosite:cn) && ip(geoip:private) -> remotedns
fallback: accept
}
}
}
group {
proxy {
#filter: name(keyword: '新加坡')
filter: subtag(FC) && name(keyword: '新加坡') && !name(keyword: '实验性')
policy: fixed(0)
}
}
routing {
### Preset rules.
pname(NetworkManager) -> direct
### Dest IP rule
dip(224.0.0.0/3, 'ff00::/8') -> direct
dip(geoip:private) -> direct
### Source IP rule
### Dest port rule
!dport(22, 53, 80, 143, 443, 465, 587, 853, 993, 995, 8080, 8443, 9418) -> direct
### Source port rule
### Level 4 protocol rule
### IP version rule:
### Write your rules below.
#domain(geosite:category-ads-all) -> block
l4proto(udp) && dport(443) && domain(geosite:youtube) -> block
dip(geoip:cn) -> direct
domain(geosite:cn) -> direct
domain(geosite:steam@cn) -> direct
fallback: proxy
}
同样的节点配置在homeproxy
下面没有这种情况出现
The latest commit "[fix: should update system DNS every 5 seconds" caused the error
INFO The loading process takes about 150MB free memory, which will be released after loading. Insufficient memory will cause loading failure.
FATA[0004] load eBPF objects: field TproxyLanIngress: program tproxy_lan_ingress : load program: argument list too long: ; if (match_set->outbound != OUTBOUND_LOGICAL_OR) {: 938: (15) if r2 == 0xfe goto pc-117 ; frame1: R (truncated, 954 line(s) omitted)
Build command
git clone --depth 1 https://github.com/daeuniverse/dae.git
cd dae
git submodule update --init
go mod download
go mod vendor
make CGO_ENABLED=0 GOFLAGS="-trimpath -modcacherw" CFLAGS="-D__REMOVE_BPF_PRINTK" CC=clang goos=linux goarch=amd64 goamd64=v2
Do you have any suggestions?
[[https://xanmod.org/_detail/xanmod_wallpaper.png?id=download](https://xanmod.org/_detail/xanmod_wallpaper.png?id=download)](https://xanmod.org/_detail/xanmod_wallpaper.png?id=download)
As the title suggests.
ipversion_prefer
might cause failures to access website the first time.
See following image:
This is caused by #63. It changes behavior that responses with NX to 0.0.0.0.
adguardhome and dae are finally working properly! I will share some experiences.
dns {
upstream {
adguardhome: 'udp://127.0.0.1:53'
}
routing {
request {
fallback: adguardhome
}
}
}
My system environment: NIC: Intel i226, PVE: 7.3-6/Kernel 6.1.15-1, VM: Debian 11.6
Currently, I am using dae with version v0.1.7
. I noticed that when doing dae reload
, it does NOT check the config syntax even though there is an error.
This should be considered a minor issue. However, if the functionality of checking syntax errors can be inherited to reload
, that would certainly bring additional joy when using dae.
Check the daed project build step logs for details
https://github.com/daeuniverse/daed/actions/runs/5230019229/jobs/9443351141
domain based routing
currently we are dns query associated with ip to get domain. it may not works if client not using standard way to query dns. afaik, some chinese bloat ware will use httpdns to query dns. and modern browser will enable doh by default. both of them will make dae not works.
in my case. dae will run on a router. and i dont have control to all client connecting it. so that i cant disable doh on every client manually.
i saw that you said its hard to write a sni sniffer in ebpf. but can we send first few bit of a packet back to userspace. do the sniffing as usual. then send result back to kernel? i know that it would be slower. so keep it as a default off option.
In dae, currently we can only use "dns.ipversion_prefer: 4" to prefer IPv4, but there is no way to IPv6 for some domains. if it would be useful to add a DNS routing rule to allow certain domains to use IPv6.
我注意到dae的DNS缓存更新比较慢,上游DNS的查询结果已经更新,但是dae的缓存却迟迟不更新。
请考虑设计禁用DNS缓存的功能。目前的操作系统和路由器都自带了DNS缓存功能,网关有没有缓存应该是无所谓的。
如果您觉得缓存是有必要的,请让用户自行设置缓存时间或者选择哪些域名不缓存。
非常感谢你带来如此强大而简洁的程序,祝周末愉快 ;)
dae --version
):cat /etc/os-release
):uname -a
):Constantly improve CI quality build.
release
build from regular buildpr-based
build from regular buildexample.dae
to generate-changelogs
workflowdaily-preview
buildshared
workflows/actions to chain reusable steps to various downstream workflows ==> CI Modularity
🚀 @daebot proposed the following changelogs for release v0.1.0 generated in workflow run.
tcp_check_http_method
from CONNECT to HEAD
in #137 by (@mzz2017)Example Config: https://github.com/daeuniverse/dae/blob/v0.2.0rc3/example.dae
Full Changelog: v0.2.0rc2...v0.2.0rc3
v0.1.10rc 无法启动,v0.1.9-patch.1没有问题。应该是这个修改([patch: search geodata at same dir with config first ))导致的。
dae, config.dae,geoip.dat 均在同一目录。
日志如下
root@debian:~# journalctl -u dae.service
Mar 15 09:11:20 debian systemd[1]: Starting dae Service...
Mar 15 09:12:50 debian systemd[1]: dae.service: start-pre operation timed out. >
Mar 15 09:12:50 debian systemd[1]: dae.service: Control process exited, code=ki>
Mar 15 09:12:50 debian systemd[1]: dae.service: Failed with result 'timeout'.
Mar 15 09:12:50 debian systemd[1]: Failed to start dae Service.
Mar 15 09:12:50 debian systemd[1]: dae.service: Scheduled restart job, restart >
Mar 15 09:12:50 debian systemd[1]: Stopped dae Service.
Mar 15 09:12:50 debian systemd[1]: Starting dae Service...
Mar 15 09:12:50 debian systemd[484]: dae.service: Failed to locate executable />
Mar 15 09:12:50 debian systemd[484]: dae.service: Failed at step EXEC spawning >
Mar 15 09:12:50 debian systemd[1]: dae.service: Control process exited, code=ex>
Mar 15 09:12:50 debian systemd[1]: dae.service: Failed with result 'exit-code'.
Mar 15 09:12:50 debian systemd[1]: Failed to start dae Service.
Mar 15 09:17:57 debian systemd[1]: Starting dae Service...
Mar 15 09:17:57 debian bash[529]: /bin/bash: line 1: /usr/local/bin/naive.sh: N>
Mar 15 09:17:57 debian systemd[1]: dae.service: Control process exited, code=ex>
Mar 15 09:17:57 debian systemd[1]: dae.service: Failed with result 'exit-code'.
Mar 15 09:17:57 debian systemd[1]: Failed to start dae Service.
Mar 15 09:19:28 debian systemd[1]: Starting dae Service...
Mar 15 09:19:28 debian bash[559]: /bin/bash: line 1: /usr/local/bin/naive.sh: N>
Mar 15 09:19:28 debian systemd[1]: dae.service: Control process exited, code=ex>
Mar 15 09:19:28 debian systemd[1]: dae.service: Failed with result 'exit-code'.
Mar 15 09:19:28 debian systemd[1]: Failed to start dae Service.
lines 1-23...skipping...
Mar 15 09:11:20 debian systemd[1]: Starting dae Service...
Mar 15 09:12:50 debian systemd[1]: dae.service: start-pre operation timed out. Terminating.
Mar 15 09:12:50 debian systemd[1]: dae.service: Control process exited, code=killed, status=15/TERM
Mar 15 09:12:50 debian systemd[1]: dae.service: Failed with result 'timeout'.
Mar 15 09:12:50 debian systemd[1]: Failed to start dae Service.
Mar 15 09:12:50 debian systemd[1]: dae.service: Scheduled restart job, restart counter is at 1.
Mar 15 09:12:50 debian systemd[1]: Stopped dae Service.
Mar 15 09:12:50 debian systemd[1]: Starting dae Service...
Mar 15 09:12:50 debian systemd[484]: dae.service: Failed to locate executable /usr/bin/naive: No such file or directory
Mar 15 09:12:50 debian systemd[484]: dae.service: Failed at step EXEC spawning /usr/bin/naive: No such file or directory
Mar 15 09:12:50 debian systemd[1]: dae.service: Control process exited, code=exited, status=203/EXEC
Mar 15 09:12:50 debian systemd[1]: dae.service: Failed with result 'exit-code'.
Mar 15 09:12:50 debian systemd[1]: Failed to start dae Service.
Mar 15 09:17:57 debian systemd[1]: Starting dae Service...
Mar 15 09:17:57 debian bash[529]: /bin/bash: line 1: /usr/local/bin/naive.sh: No such file or directory
Mar 15 09:17:57 debian systemd[1]: dae.service: Control process exited, code=exited, status=127/n/a
Mar 15 09:17:57 debian systemd[1]: dae.service: Failed with result 'exit-code'.
Mar 15 09:17:57 debian systemd[1]: Failed to start dae Service.
Mar 15 09:19:28 debian systemd[1]: Starting dae Service...
Mar 15 09:19:28 debian bash[559]: /bin/bash: line 1: /usr/local/bin/naive.sh: No such file or directory
Mar 15 09:19:28 debian systemd[1]: dae.service: Control process exited, code=exited, status=127/n/a
Mar 15 09:19:28 debian systemd[1]: dae.service: Failed with result 'exit-code'.
Mar 15 09:19:28 debian systemd[1]: Failed to start dae Service.
dae --version
):cat /etc/os-release
):uname -a
):Is it possible to include /etc/dae/
as one of the search dirs for geoip.dat
and geosite.dat
?
[Mar 24 20:58:26] DEBUG Search "geoip.dat" in [/root/.local/share/dae, /usr/local/share/dae, /usr/share/dae, /var/lib/snapd/desktop/dae]
[Mar 24 20:58:26] DEBUG Failed to read geoip "geoip.dat:private": geoip.dat: file does not exist in [/root/.local/share/dae, /usr/local/share/dae, /usr/share/dae, /var/lib/snapd/desktop/dae]
verifying github.com/safchain/[email protected]: checksum mismatch
downloaded: h1:tjsEsesUSlGdnUAAiIaEvk/YEycwk0k3Q6/q77qGpBI=
go.sum: h1:dILxMBqDnQfX192cCAPjZr9v2IgVXeElHPy435Z/IdE=
SECURITY ERROR
Dont add non-direct ip to ebpf rules
If we add dnsmasq
and systemd-resolved
to must_direct, in 'binding to WAN' scenario, DNS mapping will fail because all DNS queries will bypass dae
.
The best way is to refer to external-dns.md. But it is not OOTB (out-of-the-box) and is expensive to configure.
Removing them from must_direct is not the best way but just acceptable. Its disadvantage is that those local domain servers have cache and they will not always request to upstream each time, thus if some domains share the same IP, domain rules can be incorrectly matched due to incorrect mappings.
🚀 @daebot proposed the following changelogs for release v0.1.0 generated in workflow run.
Full Changelog: v0.2.0rc4...v0.2.0
Consider adding documentation support to provide end-users with a step-by-step guide to upgrade the Linux Kernel on the host to the minimum version (v5.8) so as to meet the environment requirement for Dae.
NAME="OpenWrt"
VERSION="23.05.0-rc1"
ID="openwrt"
ID_LIKE="lede openwrt"
PRETTY_NAME="OpenWrt 23.05.0-rc1"
VERSION_ID="23.05.0-rc1"
HOME_URL="https://openwrt.org/"
BUG_URL="https://bugs.openwrt.org/"
SUPPORT_URL="https://forum.openwrt.org/"
BUILD_ID="r23069-e2701e0f33"
OPENWRT_BOARD="x86/64"
OPENWRT_ARCH="x86_64"
OPENWRT_TAINTS="override"
OPENWRT_DEVICE_MANUFACTURER="OpenWrt"
OPENWRT_DEVICE_MANUFACTURER_URL="https://openwrt.org/"
OPENWRT_DEVICE_PRODUCT="Generic"
OPENWRT_DEVICE_REVISION="v0"
OPENWRT_RELEASE="OpenWrt 23.05.0-rc1 r23069-e2701e0f33"
Linux OpenWrt 5.15.114 #0 SMP Sat Jun 3 09:42:00 2023 x86_64 GNU/Linux
路由器上面同时装有dae
和samba4
, dae
启动前samba4
能够正常使用, 只要启动一次后除非重启或者dae suspend
(kill -9 dae pid
也不行), 否则被dae绑定的网口都连不上samba4
, 未绑定的网口可以正常使用
global {
tproxy_port: 12345
tproxy_port_protect: true
so_mark_from_dae: 0
log_level: info
disable_waiting_network: false
lan_interface: eth0,eth2
#wan_interface: auto
auto_config_kernel_parameter: true
tcp_check_url: 'http://cp.cloudflare.com,1.1.1.1,2606:4700:4700::1111'
tcp_check_http_method: HEAD
udp_check_dns: 'dns.google.com:53,8.8.8.8,2001:4860:4860::8888'
check_interval: 30s
check_tolerance: 50ms
dial_mode: domain
allow_insecure: false
sniffing_timeout: 100ms
tls_implementation: tls
utls_imitate: chrome_auto
}
subscription {
FC: 'https://'
}
dns {
ipversion_prefer: 4
upstream {
localdns: 'udp://223.5.5.5:53'
remotedns: 'tcp://1.1.1.1:53'
}
routing {
request {
#qname(geosite:category-ads-all) -> reject
qname(geosite:cn) -> localdns
qname(geosite:geolocation-!cn) -> remotedns
fallback: localdns
}
response {
upstream(remotedns) -> accept
!qname(geosite:cn) && ip(geoip:private) -> remotedns
fallback: accept
}
}
}
group {
proxy {
#filter: name(keyword: '新加坡')
filter: subtag(FC) && name(keyword: '新加坡') && !name(keyword: '实验性')
policy: fixed(0)
}
}
routing {
### Preset rules.
pname(NetworkManager) -> direct
### Dest IP rule
dip(224.0.0.0/3, 'ff00::/8') -> direct
dip(geoip:private) -> direct
### Source IP rule
### Dest port rule
!dport(22, 53, 80, 143, 443, 465, 587, 853, 993, 995, 8080, 8443, 9418) -> direct
### Source port rule
### Level 4 protocol rule
### IP version rule:
### Write your rules below.
#domain(geosite:category-ads-all) -> block
l4proto(udp) && dport(443) && domain(geosite:youtube) -> block
dip(geoip:cn) -> direct
domain(geosite:cn) -> direct
domain(geosite:steam@cn) -> direct
fallback: proxy
}
samba4
global{}
routing{}
daed
,同样也连不上samba4
As the title suggests.
Add ansible scripts to automate the workflow of updating geodata
Some end-users in our community request such a feature.
As a successor of v2raya
, I wonder if dae can support separating policy-based routing (former: routingA) as a file.
Consider the following examples
/etc/dae/config.dae
routing {
### Preset rules.
# If you bind to WAN and set upstream (in section "dns") to a DNS service in localhost (dnsmasq, adguard, etc.),
# to avoid loops, let them "must_direct", which makes DNS requests not redirect back to dae again.
# "pname" means process name.
pname(dnsmasq, systemd-resolved) && l4proto(udp) && dport(53) -> must_direct
# Network managers in localhost should be direct to avoid false negative network connectivity check when binding to
# WAN.
pname(NetworkManager) -> direct
# Put it in the front to prevent broadcast, multicast and other packets that should be sent to the LAN from being
# forwarded by the proxy.
# "dip" means destination IP.
dip(224.0.0.0/3, 'ff00::/8') -> direct
# This line allows you to access private addresses directly instead of via your proxy. If you really want to access
# private addresses in your proxy host network, modify the below line.
dip(geoip:private) -> direct
### Write your rules below.
rule_file: # <-- ideally in array format
- ./custom-rules.dae
/etc/dae/custom-rules.dae
### Write your rules below.
dip(geoip:cn) -> direct
domain(geosite:cn) -> direct
ip(ext:"geoip.dat:netflix") -> SG
domain(ext:"geosite.dat:netflix") -> SG
fallback: proxy
Using the following config will cause failures to check connectivity:
tcp_check_http_method: CONNECT
tcp_check_url: 'http://gstatic.com/generate_204'
This is because CONNECT
to http://gstatic.com/generate_204
returns 400
, and dae assumes it is a failure.
Reproduce it manually as following image:
Related: #77
dae --version
): >=v0.1.10cat /etc/os-release
):uname -a
):Seems like the keyword
matching does NOT actually take effect. Consider the following configs:
domain(suffix:linkedin.com) -> proxy
domain(keyword:linkedin) -> proxy
domain(keyword:linuxfoundation,
keyword:notion,
keyword:github,
keyword:gist,
keyword:aws,
keyword:oracle,
keyword:quay,
keyword:docker,
keyword:kubernetes,
keyword:yahoo,
keyword:pikpak
) -> proxy
Failed to start with error
FATA[0000] dae.Run: rlimit.RemoveMemlock:failed to set memlock rlimit: operation not permitted
Runs without panicking
Clone daed
repo and checkout to ci-publish-docker-image
branch
git clone [email protected]:daeuniverse/daed.git -b ci-publish-docker-image
Docker build and run
docker build . -t daed
docker run -it --rm daed
Origin issue opened in dae-wing
here
dae --version
):cat /etc/os-release
):NAME="Arch Linux"
PRETTY_NAME="Arch Linux"
ID=arch
BUILD_ID=rolling
ANSI_COLOR="38;2;23;147;209"
HOME_URL="https://archlinux.org/"
DOCUMENTATION_URL="https://wiki.archlinux.org/"
SUPPORT_URL="https://bbs.archlinux.org/"
BUG_REPORT_URL="https://bugs.archlinux.org/"
PRIVACY_POLICY_URL="https://terms.archlinux.org/docs/privacy-policy/"
LOGO=archlinux-logo
IMAGE_ID=archlinux
IMAGE_VERSION=2023.06.01
uname -a
):Linux dae-test 6.3.6-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 05 Jun 2023 15:12:57 +0000 x86_64 GNU/Linux
Docker Version:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.