eBPF-based Linux high-performance transparent proxy solution.
AGPL-3.0 License
dae, means goose, is a high-performance transparent proxy solution.
To enhance traffic split performance as much as possible, dae employs the transparent proxy and traffic split suite within the Linux kernel using eBPF. As a result, dae can enable direct traffic to bypass the proxy application's forwarding, facilitating genuine direct traffic passage. Through this remarkable feat, there is minimal performance loss and negligible additional resource consumption for direct traffic.
As a successor of v2rayA, dae abandoned v2ray-core to meet the needs of users more freely.
Real Direct
traffic split (need ipforward on) to achieve high performance.Please refer to Quick Start Guide to start using dae
right away!
l4proto(udp) && sport(your server ports) -> must_direct
rule for your UDP server port. Because states of UDP are hard to maintain, all outgoing UDP packets will potentially be proxied (depends on your routing), including traffic to your client. This behaviour is not what we want to see. must_direct
makes all traffic from this port including DNS traffic direct.ocsp.digicert.cn
is included in geosite:geolocation-!cn
unexpectedly, which will cause some tls handshakes to take a long time. Be careful to use such domain sets in DNS routing.See How it works.
Special thanks goes to all contributors. If you would like to contribute, please see the instructions. Also, it is recommended following the commit-msg-guide.