config

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2024 License: AGPL-3.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var DnsDesc = Desc{
	"ipversion_prefer": "For example, if ipversion_prefer is 4 and the domain name has both type A and type AAAA records, the dae will only respond to type A queries and response empty answer to type AAAA queries.",
	"fixed_domain_ttl": "Give a fixed ttl for domains. Zero means that dae will request to upstream every time and not cache DNS results for these domains.",
	"upstream":         "Value can be scheme://host:port, where the scheme can be tcp/udp/tcp+udp.\nIf host is a domain and has both IPv4 and IPv6 record, dae will automatically choose IPv4 or IPv6 to use according to group policy (such as min latency policy).\nPlease make sure DNS traffic will go through and be forwarded by dae, which is REQUIRED for domain routing.\nIf dial_mode is \"ip\", the upstream DNS answer SHOULD NOT be polluted, so domestic public DNS is not recommended.",
	"request": `DNS requests will follow this routing.
Built-in outbound: asis.
Available functions: qname, qtype`,
	"response": `DNS responses will follow this routing.
Built-in outbound: accept, reject.
Available functions: qname, qtype, ip, upstream`,
}
View Source
var (
	ErrCircularInclude = fmt.Errorf("circular include is not allowed")
)
View Source
var GlobalDesc = Desc{
	"tproxy_port":           "tproxy port to listen on. It is NOT a HTTP/SOCKS port, and is just used by eBPF program.\nIn normal case, you do not need to use it.",
	"tproxy_port_protect":   "Set it true to protect tproxy port from unsolicited traffic. Set it false to allow users to use self-managed iptables tproxy rules.",
	"so_mark_from_dae":      "If not zero, traffic sent from dae will be set SO_MARK. It is useful to avoid traffic loop with iptables tproxy rules.",
	"log_level":             "Log level: error, warn, info, debug, trace.",
	"tcp_check_url":         "Node connectivity check.\nHost of URL should have both IPv4 and IPv6 if you have double stack in local.\nConsidering traffic consumption, it is recommended to choose a site with anycast IP and less response.",
	"tcp_check_http_method": "The HTTP request method to `tcp_check_url`. Use 'HEAD' by default because some server implementations bypass accounting for this kind of traffic.",
	"udp_check_dns":         "This DNS will be used to check UDP connectivity of nodes. And if dns_upstream below contains tcp, it also be used to check TCP DNS connectivity of nodes.\nThis DNS should have both IPv4 and IPv6 if you have double stack in local.",
	"check_interval":        "Interval of connectivity check for TCP and UDP",
	"check_tolerance":       "Group will switch node only when new_latency <= old_latency - tolerance.",
	"lan_interface":         "The LAN interface to bind. Use it if you want to proxy LAN.",
	"wan_interface":         "The WAN interface to bind. Use it if you want to proxy localhost. Use \"auto\" to auto detect.",
	"allow_insecure":        "Allow insecure TLS certificates. It is not recommended to turn it on unless you have to.",
	"dial_mode": `Optional values of dial_mode are:
1. "ip". Dial proxy using the IP from DNS directly. This allows your ipv4, ipv6 to choose the optimal path respectively, and makes the IP version requested by the application meet expectations. For example, if you use curl -4 ip.sb, you will request IPv4 via proxy and get a IPv4 echo. And curl -6 ip.sb will request IPv6. This may solve some weird full-cone problem if your are be your node support that.Sniffing will be disabled in this mode.
2. "domain". Dial proxy using the domain from sniffing. This will relieve DNS pollution problem to a great extent if have impure DNS environment. Generally, this mode brings faster proxy response time because proxy will re-resolve the domain in remote, thus get better IP result to connect. This policy does not impact routing. That is to say, domain rewrite will be after traffic split of routing and dae will not re-route it.
3. "domain+". Based on domain mode but do not check the reality of sniffed domain. It is useful for users whose DNS requests do not go through dae but want faster proxy response time. Notice that, if DNS requests do not go through dae, dae cannot split traffic by domain.
4. "domain++". Based on domain+ mode but force to re-route traffic using sniffed domain to partially recover domain based traffic split ability. It doesn't work for direct traffic and consumes more CPU resources.`,
	"disable_waiting_network":      "Disable waiting for network before pulling subscriptions.",
	"auto_config_kernel_parameter": "Automatically configure Linux kernel parameters like ip_forward and send_redirects. Check out https://github.com/daeuniverse/dae/blob/main/docs/en/user-guide/kernel-parameters.md to see what will dae do.",
	"sniffing_timeout":             "Timeout to waiting for first data sending for sniffing. It is always 0 if dial_mode is ip. Set it higher is useful in high latency LAN network.",
	"tls_implementation":           "TLS implementation. \"tls\" is to use Go's crypto/tls. \"utls\" is to use uTLS, which can imitate browser's Client Hello.",
	"utls_imitate":                 "The Client Hello ID for uTLS to imitate. This takes effect only if tls_implementation is utls. See more: https://github.com/daeuniverse/dae/blob/331fa23c16/component/outbound/transport/tls/utls.go#L17",
	"mptcp":                        "Enable Multipath TCP.  If is true, dae will try to use MPTCP to connect all nodes, but it will only take effects when the node supports MPTCP. It can use for load balance and failover to multiple interfaces and IPs.",
}
View Source
var GroupDesc = Desc{
	"filter": `Filter nodes from the global node pool defined by the "subscription" and "node" sections.
Available functions: name, subtag. Not operator is supported.
Available keys in name function: keyword, regex. No key indicates full match.
Available keys in subtag function: regex. No key indicates full match.`,
	"policy": `Dialer selection policy. For each new connection, select a node as dialer from group by this policy.
Available values: random, fixed, min, min_avg10, min_moving_avg.
random: Select randomly.
fixed: Select the fixed node. Connectivity check will be disabled.
min: Select node by the latency of last check.
min_avg10: Select node by the average of latencies of last 10 checks.
min_moving_avg: Select node by the moving average of latencies of checks, which means more recent latencies have higher weight.
`,
	"tcp_check_url":         "Override global config.",
	"tcp_check_http_method": "Override global config.",
	"udp_check_dns":         "Override global config.",
	"check_interval":        "Override global config.",
	"check_tolerance":       "Override global config.",
}
View Source
var SectionDescription = map[string]Desc{
	"GlobalDesc": GlobalDesc,
	"DnsDesc":    DnsDesc,
	"GroupDesc":  GroupDesc,
}
View Source
var SectionSummaryDesc = Desc{
	"subscription": "Subscriptions defined here will be resolved as nodes and merged as a part of the global node pool.\nSupport to give the subscription a tag, and filter nodes from a given subscription in the group section.",
	"node":         "Nodes defined here will be merged as a part of the global node pool.",
	"dns":          "See more at https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/dns.md.",
	"group":        "Node group. Groups defined here can be used as outbounds in section \"routing\".",
	"routing": `Traffic follows this routing. See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples.
Notice: domain traffic split will fail if DNS traffic is not taken over by dae.
Built-in outbound: direct, must_direct, block.
Available functions: domain, sip, dip, sport, dport, ipversion, l4proto, pname, mac.
Available keys in domain function: suffix, keyword, regex, full. No key indicates suffix.
domain: Match domain.
sip: Match source IP. CIDR format is also supported.
dip: Match dest IP. CIDR format is also supported.
sport: Match source port. Range like 8000-9000 is also supported.
dport: Match dest port. Range like 8000-9000 is also supported.
ipversion: Match IP version. Available values: 4, 6.
l4proto: Match level 4 protocol. Available values: tcp, udp.
pname: Match process name. It only works on WAN mode and for localhost programs.
mac: Match source MAC address. It works on LAN mode.`,
}
View Source
var (
	Version string
)

Functions

func ExportOutlineJson

func ExportOutlineJson(version string) string

func FunctionListOrStringToFunctionList

func FunctionListOrStringToFunctionList(fs FunctionListOrString) (f []*config_parser.Function)

func FunctionOrStringToFunction

func FunctionOrStringToFunction(fs FunctionOrString) (f *config_parser.Function)

func ParamParser

func ParamParser(to reflect.Value, section *config_parser.Section, ignoreType []reflect.Type) error

func SectionParser

func SectionParser(to reflect.Value, section *config_parser.Section) error

func StringListParser

func StringListParser(to reflect.Value, section *config_parser.Section) error

Types

type Config

type Config struct {
	Global       Global          `mapstructure:"global" required:"" desc:"GlobalDesc"`
	Subscription []KeyableString `mapstructure:"subscription"`
	Node         []KeyableString `mapstructure:"node"`
	Group        []Group         `mapstructure:"group" desc:"GroupDesc"`
	Routing      Routing         `mapstructure:"routing" required:""`
	Dns          Dns             `mapstructure:"dns" desc:"DnsDesc"`
}

func New

func New(sections []*config_parser.Section) (conf *Config, err error)

New params from sections. This func assumes merging (section "include") and deduplication for section names has been executed.

func (*Config) Marshal

func (c *Config) Marshal(indentSpace int) (b []byte, err error)

Marshal assume all tokens should be legal, and does not prevent injection attacks.

type Desc

type Desc map[string]string

type Dns

type Dns struct {
	IpVersionPrefer int             `mapstructure:"ipversion_prefer"`
	FixedDomainTtl  []KeyableString `mapstructure:"fixed_domain_ttl"`
	Upstream        []KeyableString `mapstructure:"upstream"`
	Routing         DnsRouting      `mapstructure:"routing"`
}

type DnsRequestRouting

type DnsRequestRouting struct {
	Rules    []*config_parser.RoutingRule `mapstructure:"_"`
	Fallback FunctionOrString             `mapstructure:"fallback" required:""`
}

type DnsResponseRouting

type DnsResponseRouting struct {
	Rules    []*config_parser.RoutingRule `mapstructure:"_"`
	Fallback FunctionOrString             `mapstructure:"fallback" required:""`
}

type DnsRouting

type DnsRouting struct {
	Request  DnsRequestRouting  `mapstructure:"request"`
	Response DnsResponseRouting `mapstructure:"response"`
}

type FunctionListOrString

type FunctionListOrString interface{}

type FunctionOrString

type FunctionOrString interface{}

type Global

type Global struct {
	TproxyPort        uint16 `mapstructure:"tproxy_port" default:"12345"`
	TproxyPortProtect bool   `mapstructure:"tproxy_port_protect" default:"true"`
	SoMarkFromDae     uint32 `mapstructure:"so_mark_from_dae"`
	LogLevel          string `mapstructure:"log_level" default:"info"`
	// We use DirectTcpCheckUrl to check (tcp)*(ipv4/ipv6) connectivity for direct.
	//DirectTcpCheckUrl string `mapstructure:"direct_tcp_check_url" default:"http://www.qualcomm.cn/generate_204"`
	TcpCheckUrl                []string      `mapstructure:"tcp_check_url" default:"http://cp.cloudflare.com,1.1.1.1,2606:4700:4700::1111"`
	TcpCheckHttpMethod         string        `mapstructure:"tcp_check_http_method" default:"HEAD"` // Use 'HEAD' because some server implementations bypass accounting for this kind of traffic.
	UdpCheckDns                []string      `mapstructure:"udp_check_dns" default:"dns.google:53,8.8.8.8,2001:4860:4860::8888"`
	CheckInterval              time.Duration `mapstructure:"check_interval" default:"30s"`
	CheckTolerance             time.Duration `mapstructure:"check_tolerance" default:"0"`
	LanInterface               []string      `mapstructure:"lan_interface"`
	WanInterface               []string      `mapstructure:"wan_interface"`
	AllowInsecure              bool          `mapstructure:"allow_insecure" default:"false"`
	DialMode                   string        `mapstructure:"dial_mode" default:"domain"`
	DisableWaitingNetwork      bool          `mapstructure:"disable_waiting_network" default:"false"`
	EnableLocalTcpFastRedirect bool          `mapstructure:"enable_local_tcp_fast_redirect" default:"false"`
	AutoConfigKernelParameter  bool          `mapstructure:"auto_config_kernel_parameter" default:"false"`
	// DEPRECATED: not used as of https://github.com/daeuniverse/dae/pull/458
	AutoConfigFirewallRule bool          `mapstructure:"auto_config_firewall_rule" default:"false"`
	SniffingTimeout        time.Duration `mapstructure:"sniffing_timeout" default:"100ms"`
	TlsImplementation      string        `mapstructure:"tls_implementation" default:"tls"`
	UtlsImitate            string        `mapstructure:"utls_imitate" default:"chrome_auto"`
	PprofPort              uint16        `mapstructure:"pprof_port" default:"0"`
	Mptcp                  bool          `mapstructure:"mptcp" default:"false"`
	BandwidthMaxTx         string        `mapstructure:"bandwidth_max_tx" default:"0"`
	BandwidthMaxRx         string        `mapstructure:"bandwidth_max_rx" default:"0"`
}

type Group

type Group struct {
	Name string `mapstructure:"_"`

	Filter           [][]*config_parser.Function `mapstructure:"filter" repeatable:""`
	FilterAnnotation [][]*config_parser.Param    `mapstructure:"_"`
	Policy           FunctionListOrString        `mapstructure:"policy" required:""`

	TcpCheckUrl        []string      `mapstructure:"tcp_check_url"`
	TcpCheckHttpMethod string        `mapstructure:"tcp_check_http_method"`
	UdpCheckDns        []string      `mapstructure:"udp_check_dns"`
	CheckInterval      time.Duration `mapstructure:"check_interval"`
	CheckTolerance     time.Duration `mapstructure:"check_tolerance"`
}

type KeyableString

type KeyableString string

type Marshaller

type Marshaller struct {
	IndentSpace int
	IgnoreZero  bool
	// contains filtered or unexported fields
}

func (*Marshaller) Bytes

func (m *Marshaller) Bytes() []byte

func (*Marshaller) MarshalSection

func (m *Marshaller) MarshalSection(name string, from reflect.Value, depth int) (err error)

type Merger

type Merger struct {
	// contains filtered or unexported fields
}

func NewMerger

func NewMerger(entry string) *Merger

func (*Merger) Merge

func (m *Merger) Merge() (sections []*config_parser.Section, entries []string, err error)

type Outline

type Outline struct {
	Version   string         `json:"version"`
	Leaves    []string       `json:"leaves"`
	Structure []*OutlineElem `json:"structure"`
}

func ExportOutline

func ExportOutline(version string) *Outline

type OutlineElem

type OutlineElem struct {
	Name         string         `json:"name,omitempty"`
	Mapping      string         `json:"mapping,omitempty"`
	IsArray      bool           `json:"isArray,omitempty"`
	DefaultValue string         `json:"defaultValue,omitempty"`
	Required     bool           `json:"required,omitempty"`
	Type         string         `json:"type,omitempty"`
	Desc         string         `json:"desc,omitempty"`
	Structure    []*OutlineElem `json:"structure,omitempty"`
}

type Routing

type Routing struct {
	Rules    []*config_parser.RoutingRule `mapstructure:"_"`
	Fallback FunctionOrString             `mapstructure:"fallback" default:"direct"`
}

type Utls added in v0.2.0

type Utls struct {
	Imitate string `mapstructure:"imitate"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL