search

daeuniverse / dae

eBPF-based Linux high-performance transparent proxy solution.
GNU Affero General Public License v3.0
2.62k stars 165 forks source link

[Enhancement] 黑名单 #537

Closed ooroot closed 2 weeks ago

ooroot commented 2 weeks ago

Improvement Suggestion

routing { ... fallback: direct } fallback: direct 无效或者不支持吗

Potential Benefits

希望能够支持fallback: direct,从而避免国外域名全局代理

dae-prow[bot] commented 2 weeks ago

Thanks for opening this issue!

mzz2017 commented 2 weeks ago

本就支持且信息提供太少

ooroot commented 2 weeks ago

信息补充 pve虚拟机debian旁网关 dae v0.6.0

global {
    lan_interface: ens18
    wan_interface: auto
    log_level: info
    auto_config_kernel_parameter: true
    dial_mode: domain
    allow_insecure: false
    so_mark_from_dae: 1234

    tls_implementation: utls
    utls_imitate: chrome_auto
    ##### Node connectivity check.

    # Host of URL should have both IPv4 and IPv6 if you have double stack in local.
    # First is URL, others are IP addresses if given.
    # Considering traffic consumption, it is recommended to choose a site with anycast IP and less response.
    tcp_check_url: 'http://cp.cloudflare.com,1.1.1.1,2606:4700:4700::1111'
    tcp_check_http_method: HEAD

    udp_check_dns: 'dns.google.com:53,8.8.8.8,2001:4860:4860::8888'

    # 网络连通性(节点)检查的间隔
    check_interval: 60s
    # 当有超过这个数值的延迟变化时(更低),触发主动切换节点
    check_tolerance: 100ms
}

subscription {
    sub1: ''
}

group {
    fq {
        filter: !name(keyword: '剩余')
        filter: !name(keyword: '套餐')
        filter: !name(keyword: '最新')
        filter: !name(keyword: '无法')
        filter: !name(keyword: '距离下次')
        policy: min_avg10
    }
    hk_group {
        filter: name(keyword: '香港')
        policy: min_avg10
    }
    tw_group {
        filter: name(keyword: '台湾')
        policy: min_avg10
    }
    us_group {
        filter: name(keyword: '美国')
        policy: min_avg10
    }
    jp_group {
        filter: name(keyword: '日本')
        policy: min_avg10
    }
    sp_group {
        filter: name(keyword: '新加坡')
        policy: min_avg10
    }
    kr_group {
        filter: name(keyword: '韩国')
        policy: min_avg10
    }
}

dns {
    upstream {
        googledns: 'tcp+udp://dns.google.com:53'
        alidns: 'udp://dns.alidns.com:53'
    }

    routing {
        request {
            qname(geosite:category-ads-all) -> reject
            qname(geosite:cn) -> alidns
            fallback: googledns
        }
        response {
            upstream(googledns) -> accept
            fallback: accept

        }
    }
}

routing {
    pname(NetworkManager) -> direct
    domain(geosite:category-ads-all) -> block
    dip(224.0.0.0/3, 'ff00::/8') -> direct
    dip(geoip:private) -> direct
    dscp(0x4) -> direct
    dip(geoip:cn) -> direct
    domain(geosite:cn) -> direct

    domain(geosite:openai) -> us_group
    domain(geosite:youtube) -> tw_group
    domain(geosite:twitter) -> tw_group
    domain(geosite:github) -> fq
    domain(geosite:google) -> hk_group
    domain(geosite:gfw) -> fq
    domain(geosite:geolocation-!cn) -> direct

    fallback:direct 
# fallback:direct所有流量都不经过网关,fallback:fq国外网站正常代理,所有国外域名都走代理,最终目的是想黑名单走代理,其余走直连direct
}
akiooo45 commented 2 weeks ago

@ooroot 麻烦提供下日志

ooroot commented 2 weeks ago

@ooroot 麻烦提供下日志

非常感谢你的热心帮助

以下是fallback:proxy 时输出日志

Jun 13 12:26:22 net2 dae[5275]: level=info msg="192.168.123.20:46512 <-> www.synology.com:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="54.192.18.39:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound=proxy pid=0 pname= policy=min_avg10 sniffed=www.synology.com
Jun 13 12:26:22 net2 dae[5275]: level=info msg="192.168.123.20:50082 <-> gallery.synology.com:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="13.224.163.98:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound=proxy pid=0 pname= policy=min_avg10 sniffed=gallery.synology.com
Jun 13 12:26:22 net2 dae[5275]: level=info msg="192.168.123.20:50084 <-> gallery.synology.com:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="13.224.163.98:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound=proxy pid=0 pname= policy=min_avg10 sniffed=gallery.synology.com
Jun 13 12:26:22 net2 dae[5275]: level=info msg="192.168.123.20:50086 <-> gallery.synology.com:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="13.224.163.98:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound=proxy pid=0 pname= policy=min_avg10 sniffed=gallery.synology.com
Jun 13 12:26:22 net2 dae[5275]: level=info msg="192.168.123.20:43262 <-> cdn.livechatinc.com:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="23.55.47.139:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound=proxy pid=0 pname= policy=min_avg10 sniffed=cdn.livechatinc.com
Jun 13 12:26:22 net2 dae[5275]: level=info msg="192.168.123.20:46732 <-> content-autofill.googleapis.com:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="172.217.24.234:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound="hk_group" pid=0 pname= policy=min_avg10 sniffed=content-autofill.googleapis.com
Jun 13 12:26:22 net2 dae[5275]: level=info msg="192.168.123.20:51424 <-> api.livechatinc.com:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="184.26.91.248:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound=proxy pid=0 pname= policy=min_avg10 sniffed=api.livechatinc.com
Jun 13 12:26:23 net2 dae[5275]: level=info msg="192.168.123.20:46736 <-> content-autofill.googleapis.com:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="172.217.24.234:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound="hk_group" pid=0 pname= policy=min_avg10 sniffed=content-autofill.googleapis.com
Jun 13 12:26:23 net2 dae[5275]: level=info msg="192.168.123.20:45872 <-> 211.23.38.124:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="211.23.38.124:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound=proxy pid=0 pname= policy=min_avg10 sniffed=sy.to
Jun 13 12:26:24 net2 dae[5275]: level=info msg="192.168.123.20:32808 <-> secure-fra.livechatinc.com:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="23.211.15.50:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound=proxy pid=0 pname= policy=min_avg10 sniffed=secure-fra.livechatinc.com
Jun 13 12:26:25 net2 dae[5275]: level=info msg="192.168.123.20:58294 <-> cdn.livechatinc.com:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="23.219.172.174:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound=proxy pid=0 pname= policy=min_avg10 sniffed=cdn.livechatinc.com
Jun 13 12:26:25 net2 dae[5275]: level=info msg="192.168.123.20:58296 <-> cdn.livechatinc.com:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="23.219.172.174:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound=proxy pid=0 pname= policy=min_avg10 sniffed=cdn.livechatinc.com
Jun 13 12:26:25 net2 dae[5275]: level=info msg="192.168.123.20:58298 <-> cdn.livechatinc.com:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="23.219.172.174:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound=proxy pid=0 pname= policy=min_avg10 sniffed=cdn.livechatinc.com
Jun 13 12:26:25 net2 dae[5275]: level=info msg="192.168.123.20:58406 <-> api.livechatinc.com:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="184.51.102.32:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound=proxy pid=0 pname= policy=min_avg10 sniffed=api.livechatinc.com
Jun 13 12:26:26 net2 dae[5275]: level=info msg="192.168.123.20:45096 <-> accounts.livechatinc.com:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="184.26.91.154:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound=proxy pid=0 pname= policy=min_avg10 sniffed=accounts.livechatinc.com
Jun 13 12:26:26 net2 dae[5275]: level=info msg="192.168.123.20:34370 <-> api-fra.livechatinc.com:443" dialer="🇭🇰Ls香港01|三网|1x" dscp=0 ip="184.51.102.122:443" mac="fe:dd:5f:6f:5b:44" network=tcp4 outbound=proxy pid=0 pname= policy=min_avg10 sniffed=api-fra.livechatinc.com

而使用fallback:direct 访问网页没有输出日志,被墙的网站都无法访问,其余正常

Jun 13 12:38:17 net2 dae[6169]:   37. [sub1] 🇺🇸美国ls01|福利路线x0.1: 726ms
Jun 13 12:38:17 net2 dae[6169]:   38. [sub1] 🇺🇸美国ls02|福利路线x0.1: 806ms
Jun 13 12:38:17 net2 dae[6169]:   39. [sub1] 🇰🇭Dx柬埔寨-ss|1x: 809ms
Jun 13 12:38:17 net2 dae[6169]:   40. [sub1] 🇦🇪Dx阿联酋-ss|1x: 909ms
Jun 13 12:38:17 net2 dae[6169]:   41. [sub1] 卢森堡01|防失联&下载专用0.1x: 1.019s
Jun 13 12:38:17 net2 dae[6169]:   42. [sub1] 🇮🇹Dx意大利-ss|1x: 1.113s
Jun 13 12:38:17 net2 dae[6169]:   43. [sub1] 🇭🇰Ls香港04|福利|0.8x: 1.414s
Jun 13 12:38:17 net2 dae[6169]:   44. [sub1] 卢森堡02|防失联&下载专用0.1x: 1.421s
Jun 13 12:38:17 net2 dae[6169]:   45. [sub1] 🇲🇾Dx马来西亚-ss|1x: 1.589s"
Jun 13 12:38:28 net2 dae[6169]: level=info msg="Group re-selects dialer" _new_dialer="🇨🇳Dx台湾|1x" _old_dialer="🇨🇳Ls台湾|1x" group="tw_group" min_avg10=146ms network=tcp4
Jun 13 12:38:28 net2 dae[6169]: level=info msg="Group 'tw_group' [tcp4]:
Jun 13 12:38:28 net2 dae[6169]:    1. [sub1] 🇨🇳Dx台湾|1x: 146ms
Jun 13 12:38:28 net2 dae[6169]:    2. [sub1] 🇨🇳Ls台湾|1x: 339ms"
Jun 13 12:38:59 net2 dae[6169]: level=info msg="[NOT ALIVE --udp4(DNS)-> ALIVE]" dialer="🇭🇰Dx香港01|三网|1x" group=proxy
Jun 13 12:38:59 net2 dae[6169]: level=info msg="[NOT ALIVE --udp4(DNS)-> ALIVE]" dialer="🇭🇰Dx香港01|三网|1x" group="hk_group"
ooroot commented 2 weeks ago

domain(geosite:gfw) -> proxy 只是想仅代理geosite:gfw列表,其余直连,该如何实现