feat: allow mapping multiple domain names to single ip by LostAttractor · Pull Request #763 · daeuniverse/dae

LostAttractor · 2025-02-21T14:21:03Z

Background

当前dae通过观测dns请求来实现domain的路由，例如观测到google.com的地址为46.82.174.69，则内核部分会将46.82.174.69当作google.com处理，并且用户态会直接计算每条domain规则的匹配结果并直接注入

但假设一种情况，api.bilibili.com和cm.bilibili.com均使用ip 61.240.206.12，dae会将61.240.206.12视为最后一次dns查询时的域名，并通过将ttl设置为0并期待每次产生连接前都产生一次dns查询

不过假如客户端完全不尊重ttl，那么一切就都乱套了，例如希望对api.bilibili.com和cm.bilibili.com应用不同的路由，那么这将完全不工作

本PR设想了一种全新的方法，完全不依赖TTL，即如果api.bilibili.com和cm.bilibili.com具有相同的路由（即，同时匹配同一个domain规则)，则直接路由61.240.206.12，否则则强制跳入用户态依赖sniff进行重新路由

Checklist

目前还非常粗糙，需要充分测试

The Pull Request has been fully tested
There's an entry in the CHANGELOGS
There is a user-facing docs PR against https://github.com/daeuniverse/dae

Full Changelogs

feat: allow mapping multiple domain names to single ip

Issue Reference

Closes #[issue number]

Test Result

jschwinger233

bpf part lgtm.

但我还是更建议使用 bit field

            volatile u8 goodsubrule : 1;
            volatile u8 badrule     : 1;
            volatile u8 must        : 1;
            u8 isdns                : 1;
            unused : 4;

这样有更明确的 padding 而不会造成结构体空洞。空洞 + llvm 优化是大量 bpf verifier 报错之源。

（以及为什么要用 volatile？删掉有影响吗？）

jschwinger233

Lint 挂了，你在混用 tab 和 space。

LostAttractor · 2025-02-25T13:44:12Z

bpf part lgtm.

但我还是更建议使用 bit field
            volatile u8 goodsubrule : 1;
            volatile u8 badrule     : 1;
            volatile u8 must        : 1;
            u8 isdns                : 1;
            unused : 4;
这样有更明确的 padding 而不会造成结构体空洞。空洞 + llvm 优化是大量 bpf verifier 报错之源。

（以及为什么要用 volatile？删掉有影响吗？）

volatile 是因为原本就这么写了，我其实不知道这意味着什么

LostAttractor · 2025-02-25T13:46:59Z

Lint 挂了，你在混用 tab 和 space。

已经修复

dae-prow

🧪 Since the PR has been fully tested, please consider merging it.

jschwinger233

bpf parts lgtm

jschwinger233 · 2025-05-23T13:39:04Z

control/kern/tproxy.c

-		    (domain_routing->bitmap[index / 32] >> (index % 32)) & 1)
-			ctx->isdns_must_goodsubrule_badrule |= 0b10;
+		    (domain_routing->bitmap[index / 32] >> (index % 32)) & 1) {
+			// All domains mapeed by the current IP address are matched.


nit: typo mapeed

jschwinger233

看了一下用户态的代码，有一些小疑问 🙏

jschwinger233 · 2025-05-25T18:30:15Z

control/routing_matcher_userspace.go

 			if !badRule {
+				if outbound == consts.OutboundControlPlaneRouting {
+					continue
+				}


我记得这个函数要和 bpf 的逻辑一致，这个修改在 bpf 里貌似没有？

jschwinger233 · 2025-05-25T18:47:43Z

control/control_plane_core.go

+		if !exists {
+			newBumpMap = make([]uint32, consts.MaxMatchSetLen)
+		}
+		for index := 0; index < consts.MaxMatchSetLen; index++ {


似乎有点浪费 cpu 了，大部分用户的规则都不会超过 100 条吧，这里 MaxMatchSetLen 是 1024，可以做个短路 break

jschwinger233 · 2025-05-25T18:52:06Z

control/kern/tproxy.c

+				// jump to control plane.
+				need_control_plane_routing = true;
+			}
+		}


这一段逻辑也应该更新到 routing_matcher_userspace.go:Match() ?

jschwinger233 · 2025-05-25T18:52:10Z

control/kern/tproxy.c

 				bool must = ctx->must || match_set->must;

-				if (!must && ctx->isdns) {
+				if ((!must && ctx->isdns) || need_control_plane_routing) {


sumire88 · 2025-05-29T14:17:14Z

Any updates?

sumire88 · 2025-06-15T02:44:55Z

Any updates?

ppdragon16 · 2025-07-17T00:25:39Z

求更新

dae-intelligence · 2025-07-17T00:26:03Z

求更新

Note

The following content has been translated from its original language using an automated process powered by a proprietary API. Segments originally written in English have been preserved, while non-English portions have been machine-translated for readability. Please be aware that minor inaccuracies may exist due to the automated nature of the translation.

Request for an update.

gorquan · 2025-09-17T04:06:18Z

Are there any plans for mergers in the future?

LostAttractor requested a review from a team as a code owner February 21, 2025 14:21

dae-prow bot assigned LostAttractor Feb 21, 2025

dae-prow bot added feature not-yet-tested labels Feb 21, 2025

jschwinger233 approved these changes Feb 23, 2025

View reviewed changes

jschwinger233 requested changes Feb 23, 2025

View reviewed changes

LostAttractor force-pushed the domain branch from 2d263ab to ef810b2 Compare February 25, 2025 13:46

LostAttractor force-pushed the domain branch 2 times, most recently from 4dd0103 to 8b8a68a Compare March 14, 2025 15:39

MarksonHon added tested and removed not-yet-tested labels May 23, 2025

dae-prow bot previously approved these changes May 23, 2025

View reviewed changes

MarksonHon previously approved these changes May 23, 2025

View reviewed changes

jschwinger233 previously approved these changes May 23, 2025

View reviewed changes

jschwinger233 reviewed May 25, 2025

View reviewed changes

sumire88 added the do-not-merge label May 29, 2025

LostAttractor force-pushed the domain branch from 14b6919 to 5edaf86 Compare June 5, 2025 07:26

LostAttractor added 2 commits June 5, 2025 15:58

chore: split isdns_must_goodsubrule_badrule

f2525e6

feat: allow manually bump packet to control plane for sniffing

dbaa6f8

LostAttractor force-pushed the domain branch from 5edaf86 to 30f0f6c Compare June 5, 2025 08:03

feat: allow mapping multiple domain names to single ip

23337ce

LostAttractor dismissed stale reviews from jschwinger233, MarksonHon, and dae-prow[bot] via 23337ce July 7, 2025 20:33

LostAttractor force-pushed the domain branch from 30f0f6c to 23337ce Compare July 7, 2025 20:33

LostAttractor mentioned this pull request Jul 8, 2025

[Bug Report] 主路由开启dae后局域网某些IoT设备无法联网 #858

Open

3 tasks

Conversation

LostAttractor commented Feb 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Background

Checklist

Full Changelogs

Issue Reference

Test Result

Uh oh!

jschwinger233 left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

jschwinger233 left a comment

Choose a reason for hiding this comment

Uh oh!

LostAttractor commented Feb 25, 2025

Uh oh!

LostAttractor commented Feb 25, 2025

Uh oh!

dae-prow bot left a comment

Choose a reason for hiding this comment

Uh oh!

jschwinger233 left a comment

Choose a reason for hiding this comment

Uh oh!

jschwinger233 May 23, 2025

Choose a reason for hiding this comment

Uh oh!

jschwinger233 left a comment

Choose a reason for hiding this comment

Uh oh!

jschwinger233 May 25, 2025

Choose a reason for hiding this comment

Uh oh!

jschwinger233 May 25, 2025

Choose a reason for hiding this comment

Uh oh!

jschwinger233 May 25, 2025

Choose a reason for hiding this comment

Uh oh!

jschwinger233 May 25, 2025

Choose a reason for hiding this comment

Uh oh!

sumire88 commented May 29, 2025

Uh oh!

sumire88 commented Jun 15, 2025

Uh oh!

ppdragon16 commented Jul 17, 2025

Uh oh!

dae-intelligence bot commented Jul 17, 2025

Uh oh!

gorquan commented Sep 17, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

LostAttractor commented Feb 21, 2025 •

edited

Loading

jschwinger233 left a comment •

edited

Loading