graymon
graymon
### Background 0.5 -> 0.6 引入 dae0 有个被忽视的变化——mtu 可能被缩小了,因为 dae0/dae0peer mtu 被硬编码为 1500. 这可能导致了 https://github.com/daeuniverse/dae/issues/509. 考虑 0.5 的 lan 劫持流量场景,假如 lan interface mtu 是 9000,那么被劫持流量的 tcp 握手协商 mss 为 9000...
### Improvement Suggestion early demux 是内核网络栈的一种加速机制,对于已建立的网络连接(tcp or udp),网络包不经过内核路由查询直接 local deliver。early demux 在大多数 distro 应该是默认开启的。 dae bpf 部分也有对应的 tcp early demux 逻辑,但是在 wan 和 lan 里实现得分离,比如: - wan: 已经完成握手的 tcp 段会查询...
### Background Openwrt may fail to load bpf after c/ebpf upgrade. ### Checklist - [ ] The Pull Request has been fully tested - [ ] There's an entry in...
### Background 按照 #817 的讨论,在不需要 pid/pname 监控的场景下不执行 cgroup bpf。 注意 reload 无法切换两种模式,因为 reload 不 re-load bpf,无法重新注入 so_mark_from_dae。 预计能提升 wan 场景下全系统性能损耗,毕竟之前 root cgroup 都要监控,还要 per-packet 处理 `task_struct->mm->arg_starg` 都是不小的 overhead。 ### Checklist...
### Improvement Suggestion - [ ] go mod - [ ] git submodule (libbpf) - [ ] github ci actions (lvh, kernel version) Feel free to pick either one. ###...
### Background ### Checklist - [ ] The Pull Request has been fully tested - [ ] There's an entry in the CHANGELOGS - [ ] There is a user-facing...
### Background ### Checklist - [ ] The Pull Request has been fully tested - [ ] There's an entry in the CHANGELOGS - [ ] There is a user-facing...
### Background 之前 route() 返回一个 s64 承载 `outbound | mark ### Checklist - [ ] The Pull Request has been fully tested - [ ] There's an entry in the...
### Improvement Suggestion On top of https://github.com/daeuniverse/dae/issues/840. 保持和内核 udp early demux 相似的逻辑:https://patchwork.ozlabs.org/project/netdev/patch/[email protected]/ ### Potential Benefits 相同会话的 udp 包不再需要重复执行缓慢的路由函数,提升性能
### Greetings _No response_ ### Feature Request redirect([interface_name], [ingress|egress]) e.g. `dip(1.1.1.1.1) -> redirect(wlp0s20f3, ingress)` e.g. `pname(nginx) -> redirect(lo, egress)` The `[interface_name]` has to be in the same netns as wan/lan...