Skip to content

Commit

Permalink
Merge 795bd05 into gray/pprof
Browse files Browse the repository at this point in the history
  • Loading branch information
dae-prow[bot] authored Jun 16, 2024
2 parents 113390b + 795bd05 commit 934b9a2
Show file tree
Hide file tree
Showing 8 changed files with 93 additions and 68 deletions.
76 changes: 19 additions & 57 deletions CHANGELOGS.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,8 @@ curl --silent "https://api.github.com/repos/daeuniverse/dae/releases" | jq -r '.
## Releases

<!-- BEGIN NEW TOC ENTRY -->

- [v0.6.0rc2 (Pre-release)](#v060rc2-pre-release)
- [v0.6.0rc1 (Pre-release)](#v060rc1-pre-release)
- [v0.5.1 (Latest)](#v051-latest)
- [v0.6.0 (Latest)](#v060-latest)
- [v0.5.1](#v051)
- [v0.5.0](#v050)
- [v0.4.0](#v040)
- [v0.3.0](#v030)
Expand All @@ -40,9 +38,9 @@ curl --silent "https://api.github.com/repos/daeuniverse/dae/releases" | jq -r '.
- [v0.1.0](#v010)
<!-- BEGIN NEW CHANGELOGS -->

### v0.6.0rc2 (Pre-release)
### v0.6.0 (Latest)

> Release date: 2024/04/15
> Release date: 2024/06/11
#### Breaking Changes

Expand Down Expand Up @@ -73,6 +71,11 @@ curl --silent "https://api.github.com/repos/daeuniverse/dae/releases" | jq -r '.
- fix: cannot use must in bracket in fallback in [#495](https://github.com/daeuniverse/dae/pull/495) by (@mzz2017)
- fix: Don't enable net.ipv6.conf.all.forwarding in [#496](https://github.com/daeuniverse/dae/pull/496) by (@jschwinger233)
- fix: auto_config_kernel_parameter sets net.ipv6.conf.all.forwarding=1 when binding lan interfaces in [#499](https://github.com/daeuniverse/dae/pull/499) by (@jschwinger233)
- fix/chore: update submodule outbound to fix panic in some edge cases in [#503](https://github.com/daeuniverse/dae/pull/503) by (@mzz2017)
- fix: maintain udp conn direction to fix possible dns leaking in [#505](https://github.com/daeuniverse/dae/pull/505) by (@mzz2017)
- fix: sysctl net.ipv4.conf.dae0peer.accept_local=1 in [#512](https://github.com/daeuniverse/dae/pull/512) by (@jschwinger233)
- fix: Opt out TCP sockmap bypass by default in [#518](https://github.com/daeuniverse/dae/pull/518) by (@jschwinger233)
- fix: set accept_ra=2 to fix missing ipv6 address on WAN interface if necessary in [#504](https://github.com/daeuniverse/dae/pull/504) by (@mzz2017)

#### Others

Expand All @@ -88,65 +91,24 @@ curl --silent "https://api.github.com/repos/daeuniverse/dae/releases" | jq -r '.
- ci(release): draft release v0.6.0rc1 in [#491](https://github.com/daeuniverse/dae/pull/491) by (@dae-prow)
- docs(readme): remove unnecessary lines in [#500](https://github.com/daeuniverse/dae/pull/500) by (@sumire88)
- chore: upgrade quic-go to 0.42.0 and utls to 1.6.4 in [#497](https://github.com/daeuniverse/dae/pull/497) by (@mzz2017)
- ci(release): draft release v0.6.0rc2 in [#502](https://github.com/daeuniverse/dae/pull/502) by (@dae-prow)
- chore(dae.service): set TimeoutStartSec=120 instead of 10 in [#510](https://github.com/daeuniverse/dae/pull/510) by (@hiifeng)
- chore(issue_template): update template params in [#514](https://github.com/daeuniverse/dae/pull/514) by (@sumire88)
- docs: update dae-with-opnsense.md in [#517](https://github.com/daeuniverse/dae/pull/517) by (@linglilongyi)
- chore: right the wrong gateway config in opnsense document in [#520](https://github.com/daeuniverse/dae/pull/520) by (@troubadour-hell)

**Example Config**: https://github.com/daeuniverse/dae/blob/v0.6.0rc2/example.dae
**Example Config**: https://github.com/daeuniverse/dae/blob/v0.6.0/example.dae

**Full Changelog**: https://github.com/daeuniverse/dae/compare/v0.5.1...v0.6.0rc2
**Full Changelog**: https://github.com/daeuniverse/dae/compare/v0.5.1...v0.6.0

#### New Contributors

- @xishang0128 made their first contribution in [#467](https://github.com/daeuniverse/dae/pull/467)
- @akiooo45 made their first contribution in [#488](https://github.com/daeuniverse/dae/pull/488)
- @hiifeng made their first contribution in [#510](https://github.com/daeuniverse/dae/pull/510)
- @linglilongyi made their first contribution in [#517](https://github.com/daeuniverse/dae/pull/517)

### v0.6.0rc1 (Pre-release)

> Release date: 2024/04/02
#### Breaking Changes

> [!NOTE]
> Please read the following PRs for details
- feat(bpf): implement stack bypass in [#458](https://github.com/daeuniverse/dae/pull/458) by (@jschwinger233)
- patch/optimize(bpf): improve lan hijack datapath performance in [#466](https://github.com/daeuniverse/dae/pull/466) by (@jschwinger233)
- patch/optimize(bpf): improve wan tcp hijack datapath performance in [#481](https://github.com/daeuniverse/dae/pull/481) by (@jschwinger233)

#### Features

- feat: dae trace in [#435](https://github.com/daeuniverse/dae/pull/435) by (@jschwinger233)
- feat(bpf): implement stack bypass in [#458](https://github.com/daeuniverse/dae/pull/458) by (@jschwinger233)
- feat: add httpupgrade in [#472](https://github.com/daeuniverse/dae/pull/472) by (@AkinoKaede)
- feat: support reloading progress and error for `dae reload` in [#470](https://github.com/daeuniverse/dae/pull/470) by (@mzz2017)

#### Bug Fixes

- fix: Create DaeNetns instance strictly once on reload in [#446](https://github.com/daeuniverse/dae/pull/446) by (@jschwinger233)
- patch/optimize(bpf): improve lan hijack datapath performance in [#466](https://github.com/daeuniverse/dae/pull/466) by (@jschwinger233)
- fix: Fix bpf CO-RE issue on 6.9 in [#483](https://github.com/daeuniverse/dae/pull/483) by (@jschwinger233)
- fix(bpf): revert using bpf_redirect_peer in [#480](https://github.com/daeuniverse/dae/pull/480) by (@jschwinger233)
- patch/optimize(bpf): improve wan tcp hijack datapath performance in [#481](https://github.com/daeuniverse/dae/pull/481) by (@jschwinger233)

#### Others

- docs(protocols): delete redundant line in [#452](https://github.com/daeuniverse/dae/pull/452) by (@bradfordzhang)
- ci(Makefile): enable trace module by default in [#455](https://github.com/daeuniverse/dae/pull/455) by (@hero-intelligent)
- ci: update actions/checkout@v3 to actions/checkout@v4 in [#461](https://github.com/daeuniverse/dae/pull/461) by (@MarksonHon)
- ci: update ci modules using nodejs to latest in [#465](https://github.com/daeuniverse/dae/pull/465) by (@MarksonHon)
- style: format bpf c code using kernel checkpatch.pl in [#477](https://github.com/daeuniverse/dae/pull/477) by (@jschwinger233)
- chore: bump submodule dae_bpf_headers in [#487](https://github.com/daeuniverse/dae/pull/487) by (@jschwinger233)
- chore: Replace regexp with regexp2 for better filtering in [#467](https://github.com/daeuniverse/dae/pull/467) by (@xishang0128)
- docs(example): add '# Multiple filters indicate 'or' logic.' in [#488](https://github.com/daeuniverse/dae/pull/488) by (@akiooo45)
- ci(generate-changelogs.yml): generate auth token on the fly in [#489](https://github.com/daeuniverse/dae/pull/489) by (@sumire88)

**Example Config**: https://github.com/daeuniverse/dae/blob/v0.6.0rc1/example.dae

**Full Changelog**: https://github.com/daeuniverse/dae/compare/v0.5.1...v0.6.0rc1

#### New Contributors

- @xishang0128 made their first contribution in [#467](https://github.com/daeuniverse/dae/pull/467)

### v0.5.1 (Latest)
### v0.5.1

> Release date: 2024/01/23
Expand Down
9 changes: 8 additions & 1 deletion cmd/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,7 @@ func Run(log *logrus.Logger, conf *config.Config, externGeoDataDirs []string) (e
sigs <- nil
}()
reloading := false
reloadingErr := error(nil)
isSuspend := false
abortConnections := false
loop:
Expand All @@ -179,7 +180,11 @@ loop:
}()
<-readyChan
sdnotify.Ready()
_ = os.WriteFile(SignalProgressFilePath, append([]byte{consts.ReloadDone}, []byte("\nOK")...), 0644)
if reloadingErr == nil {
_ = os.WriteFile(SignalProgressFilePath, append([]byte{consts.ReloadDone}, []byte("\nOK")...), 0644)
} else {
_ = os.WriteFile(SignalProgressFilePath, append([]byte{consts.ReloadError}, []byte("\n"+reloadingErr.Error())...), 0644)
}
log.Warnln("[Reload] Finished")
} else {
// Listening error.
Expand All @@ -197,6 +202,7 @@ loop:
}
sdnotify.Reloading()
_ = os.WriteFile(SignalProgressFilePath, []byte{consts.ReloadProcessing}, 0644)
reloadingErr = nil

// Load new config.
abortConnections = os.Remove(AbortFile) == nil
Expand Down Expand Up @@ -246,6 +252,7 @@ loop:
log.Warnln("[Reload] Load new control plane")
newC, err := newControlPlane(log, obj, dnsCache, newConf, externGeoDataDirs)
if err != nil {
reloadingErr = err
log.WithFields(logrus.Fields{
"err": err,
}).Errorln("[Reload] Failed to reload; try to roll back configuration")
Expand Down
14 changes: 14 additions & 0 deletions control/control_plane.go
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,7 @@ func NewControlPlane(
if len(global.LanInterface) > 0 {
if global.AutoConfigKernelParameter {
_ = SetIpv4forward("1")
_ = setForwarding("all", consts.IpVersionStr_6, "1")
}
global.LanInterface = common.Deduplicate(global.LanInterface)
for _, ifname := range global.LanInterface {
Expand All @@ -227,6 +228,19 @@ func NewControlPlane(
}
}
for _, ifname := range global.WanInterface {
if len(global.LanInterface) > 0 {
// FIXME: Code is not elegant here.
// bindLan setting conf.ipv6.all.forwarding=1 suppresses accept_ra=1,
// thus we set it 2 as a workaround.
// See https://sysctl-explorer.net/net/ipv6/accept_ra/ for more information.
if global.AutoConfigKernelParameter {
acceptRa := sysctl.Keyf("net.ipv6.conf.%v.accept_ra", ifname)
val, _ := acceptRa.Get()
if val == "1" {
_ = acceptRa.Set("2", false)
}
}
}
if err = core.bindWan(ifname, global.AutoConfigKernelParameter); err != nil {
return nil, fmt.Errorf("bindWan: %v: %w", ifname, err)
}
Expand Down
1 change: 0 additions & 1 deletion control/control_plane_core.go
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,6 @@ func (c *controlPlaneCore) bindLan(ifname string, autoConfigKernelParameter bool
if autoConfigKernelParameter {
SetSendRedirects(ifname, "0")
SetForwarding(ifname, "1")
setForwarding("all", consts.IpVersionStr_6, "1")
}
if err := c._bindLan(ifname); err != nil {
var notFoundErr netlink.LinkNotFoundError
Expand Down
10 changes: 5 additions & 5 deletions control/netns_utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -281,11 +281,11 @@ func (ns *DaeNetns) setupNetns() (err error) {

func (ns *DaeNetns) setupSysctl() (err error) {
// sysctl net.ipv6.conf.dae0.disable_ipv6=0
if err = sysctl.Set(fmt.Sprintf("net.ipv6.conf.%s.disable_ipv6", HostVethName), "0", true); err != nil {
if err = sysctl.Keyf("net.ipv6.conf.%s.disable_ipv6", HostVethName).Set("0", true); err != nil {
return fmt.Errorf("failed to set disable_ipv6 for dae0: %v", err)
}
// sysctl net.ipv6.conf.dae0.forwarding=1
if err = sysctl.Set(fmt.Sprintf("net.ipv6.conf.%s.forwarding", HostVethName), "1", true); err != nil {
if err = sysctl.Keyf("net.ipv6.conf.%s.forwarding", HostVethName).Set("1", true); err != nil {
return fmt.Errorf("failed to set forwarding for dae0: %v", err)
}

Expand All @@ -295,12 +295,12 @@ func (ns *DaeNetns) setupSysctl() (err error) {
defer netns.Set(ns.hostNs)

// *_early_demux is not mandatory, but it's recommended to enable it for better performance
sysctl.Set("net.ipv4.tcp_early_demux", "1", false)
sysctl.Set("net.ipv4.ip_early_demux", "1", false)
sysctl.Keyf("net.ipv4.tcp_early_demux").Set("1", false)
sysctl.Keyf("net.ipv4.ip_early_demux").Set("1", false)

// (ip net e daens) sysctl net.ipv4.conf.dae0peer.accept_local=1
// This is to prevent kernel from dropping skb due to "martian source" check: https://elixir.bootlin.com/linux/v6.6/source/net/ipv4/fib_frontend.c#L381
if err = sysctl.Set(fmt.Sprintf("net.ipv4.conf.%s.accept_local", NsVethName), "1", false); err != nil {
if err = sysctl.Keyf("net.ipv4.conf.%s.accept_local", NsVethName).Set("1", false); err != nil {
return fmt.Errorf("failed to set accept_local for dae0peer: %v", err)
}
return
Expand Down
26 changes: 24 additions & 2 deletions control/sysctl.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package control

import (
"fmt"
"os"
"strings"
"sync"
Expand Down Expand Up @@ -76,8 +77,29 @@ func (s *SysctlManager) startWatch() {
}
}

func (s *SysctlManager) Set(key string, value string, watch bool) (err error) {
path := SysctlPrefixPath + strings.Replace(key, ".", "/", -1)
type SysctlKey string

func (s *SysctlManager) Keyf(format string, a ...any) SysctlKey {
return SysctlKey(SysctlPrefixPath + fmt.Sprintf(strings.ReplaceAll(format, ".", "/"), a...))
}

func (k SysctlKey) Get() (value string, err error) {
return sysctl.get(string(k))
}

func (k SysctlKey) Set(value string, watch bool) (err error) {
return sysctl.set(string(k), value, watch)
}

func (s *SysctlManager) get(path string) (value string, err error) {
val, err := os.ReadFile(path)
if err != nil {
return "", err
}
return strings.TrimSpace(string(val)), nil
}

func (s *SysctlManager) set(path string, value string, watch bool) (err error) {
if watch {
s.mux.Lock()
s.expectations[path] = value
Expand Down
19 changes: 18 additions & 1 deletion docs/en/user-guide/kernel-parameters.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ For every LAN interfaces you want to proxy:
```shell
export lan_ifname=docker0

sudo tee /etc/sysctl.d/60-dae-$lan_ifname.conf << EOF
sudo tee /etc/sysctl.d/60-dae-lan-$lan_ifname.conf << EOF
net.ipv4.conf.$lan_ifname.forwarding = 1
net.ipv6.conf.$lan_ifname.forwarding = 1
net.ipv4.conf.$lan_ifname.send_redirects = 0
Expand All @@ -27,3 +27,20 @@ sudo sysctl --system
```

Please modify `docker0` to your LAN interface.

For your WAN interfaces that accept RA:

```shell
export wan_ifname=eth0

if [ "$(cat /proc/sys/net/ipv6/conf/$wan_ifname/accept_ra)" == "1" ]; then
sudo tee /etc/sysctl.d/60-dae-wan-$wan_ifname.conf << EOF
net.ipv6.conf.$wan_ifname.accept_ra = 2
EOF
sudo sysctl --system
fi
```

Please modify `eth0` to your WAN interface.

Setting accept_ra to 2 if it is 1 because `net.ipv6.conf.all.forwarding = 1` will suppress it. See <https://sysctl-explorer.net/net/ipv6/accept_ra/> for more information.
6 changes: 5 additions & 1 deletion pkg/config_parser/section.go
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,11 @@ func (f *Function) String(compact bool, quoteVal bool, omitEmpty bool) string {
if !(omitEmpty && len(f.Params) == 0) {
builder.WriteString("(")
var strParamList []string
for _, p := range f.Params {
for i, p := range f.Params {
if i >= 5 {
strParamList = append(strParamList, "...")
break
}
strParamList = append(strParamList, p.String(compact, quoteVal))
}
if compact {
Expand Down

0 comments on commit 934b9a2

Please sign in to comment.