xdp: Add eXpress Data Path inbound#4020
xdp: Add eXpress Data Path inbound#4020wangdefa770 wants to merge 28 commits intoSagerNet:testingfrom
Conversation
`SecTrustEvaluateWithError` is serial
This reverts commit 62cb06c.
|
I don't see the point of introducing an inferior alternative to TUN: you still need gVisor, its performance is far worse than auto redirect, and it provides no new functionality either. |
You're right. Currently, there aren't many high-performance user-space protocol stacks available for Go. TUN + system stack already performs quite well. However, XDP offers a new approach that doesn't deps on nftables, tun, ip rule, etc., providing a simple, out-of-the-box solution. In the future, it can also be used to implement features like fast DNS cache responses based on the current architecture. |
nekohasekai
force-pushed
the
testing
branch
3 times, most recently
from
43ff669 to
e6427e8
Compare
nekohasekai
force-pushed
the
testing
branch
2 times, most recently
from
ab0c858 to
9c3c93c
Compare
2 participants
Add new inbound type xdp — an AF_XDP (eXpress Data Path) based inbound that intercepts network traffic at the kernel's XDP hook, bypassing most of the kernel network stack for reduced latency and CPU overhead. Suitable for high-throughput transparent proxy scenarios on Linux, transparent proxy can be achieved without configuring nftables rules.
Changes
Example config
{ "inbounds": [ { "type": "xdp", "tag": "xdp-in", "interface": "eth0", "address": ["10.0.0.1/24", "fd00::1/64"], "route_address": ["0.0.0.0/0", "::/0"], "route_exclude_address": ["10.0.0.0/24", "192.168.1.0/24"], "mtu": 1500, "frame_size": 4096, "frame_count": 8192, "udp_timeout": "5m" } ] }Limitations
Because of XDP's operating mechanism, it will not capture traffic actively sent out by the local machine that has Singbox installed.