root@R66S:~# cat /proc/10167/status
Name:   dae-wing
Umask:  0022
State:  S (sleeping)
Tgid:   10167
Ngid:   0
Pid:    10167
PPid:   1
TracerPid:      0
Uid:    0       0       0       0
Gid:    0       0       0       0
FDSize: 2048
Groups:
NStgid: 10167
NSpid:  10167
NSpgid: 1
NSsid:  1
VmPeak:  1649004 kB
VmSize:  1649004 kB
VmLck:         0 kB
VmPin:         0 kB
VmHWM:    169484 kB
VmRSS:    136764 kB
RssAnon:          118888 kB
RssFile:           17876 kB
RssShmem:              0 kB
VmData:   436344 kB
VmStk:       132 kB
VmExe:     25144 kB
VmLib:       720 kB
VmPTE:       904 kB
VmSwap:        0 kB
HugetlbPages:          0 kB
CoreDumping:    0
THP_enabled:    1
Threads:        1774
SigQ:   0/3853
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000000000
SigCgt: fffffffc7fc1feff
CapInh: 0000000000000000
CapPrm: 000001ffffffffff
CapEff: 000001ffffffffff
CapBnd: 000001ffffffffff
CapAmb: 0000000000000000
NoNewPrivs:     0
Seccomp:        0
Seccomp_filters:        0
Speculation_Store_Bypass:       not vulnerable
SpeculationIndirectBranch:      unknown

root@R66S:~# dae-wing --version
daed-next version 2023-10-25-952b1c9

immportalwrt 23.05-rc4

root@R66S:~# uname -a
Linux R66S 5.15.132 #0 SMP PREEMPT Sun Oct 1 02:21:58 2023 aarch64 GNU/Linux

global {
    ##### Software options.

    # tproxy port to listen on. It is NOT a HTTP/SOCKS port, and is just used by eBPF program.
    # In normal case, you do not need to use it.
    tproxy_port: 12345

    # Set it true to protect tproxy port from unsolicited traffic. Set it false to allow users to use self-managed
    # iptables tproxy rules.
    tproxy_port_protect: true

    # If not zero, traffic sent from dae will be set SO_MARK. It is useful to avoid traffic loop with iptables tproxy
    # rules.
    so_mark_from_dae: 0

    # Log level: error, warn, info, debug, trace.
    log_level: warning

    # Disable waiting for network before pulling subscriptions.
    disable_waiting_network: true


    ##### Interface and kernel options.

    # The LAN interface to bind. Use it if you want to proxy LAN.
    # Multiple interfaces split by ",".
    lan_interface: eth0

    # The WAN interface to bind. Use it if you want to proxy localhost.
    # Multiple interfaces split by ",". Use "auto" to auto detect.
    wan_interface: eth1

    # Automatically configure Linux kernel parameters like ip_forward and send_redirects. Check out
    # https://github.com/daeuniverse/dae/blob/main/docs/en/user-guide/kernel-parameters.md to see what will dae do.
    auto_config_kernel_parameter: true


    ##### Node connectivity check.

    # Host of URL should have both IPv4 and IPv6 if you have double stack in local.
    # First is URL, others are IP addresses if given.
    # Considering traffic consumption, it is recommended to choose a site with anycast IP and less response.
    #tcp_check_url: 'http://cp.cloudflare.com'
    tcp_check_url: 'http://cp.cloudflare.com,1.1.1.1'

    # The HTTP request method to `tcp_check_url`. Use 'HEAD' by default because some server implementations bypass
    # accounting for this kind of traffic.
    tcp_check_http_method: HEAD

    # This DNS will be used to check UDP connectivity of nodes. And if dns_upstream below contains tcp, it also be used to check
    # TCP DNS connectivity of nodes.
    # First is URL, others are IP addresses if given.
    # This DNS should have both IPv4 and IPv6 if you have double stack in local.
    #udp_check_dns: 'dns.google.com:53'
    udp_check_dns: 'dns.google.com:53,8.8.8.8,1.1.1.1'

    check_interval: 30s

    # Group will switch node only when new_latency <= old_latency - tolerance.
    check_tolerance: 50ms


    ##### Connecting options.

    # Optional values of dial_mode are:
    # 1. "ip". Dial proxy using the IP from DNS directly. This allows your ipv4, ipv6 to choose the optimal path
    #       respectively, and makes the IP version requested by the application meet expectations. For example, if you
    #       use curl -4 ip.sb, you will request IPv4 via proxy and get a IPv4 echo. And curl -6 ip.sb will request IPv6.
    #       This may solve some wierd full-cone problem if your are be your node support that. Sniffing will be disabled
    #       in this mode.
    # 2. "domain". Dial proxy using the domain from sniffing. This will relieve DNS pollution problem to a great extent
    #       if have impure DNS environment. Generally, this mode brings faster proxy response time because proxy will
    #       re-resolve the domain in remote, thus get better IP result to connect. This policy does not impact routing.
    #       That is to say, domain rewrite will be after traffic split of routing and dae will not re-route it.
    # 3. "domain+". Based on domain mode but do not check the reality of sniffed domain. It is useful for users whose
    #       DNS requests do not go through dae but want faster proxy response time. Notice that, if DNS requests do not
    #       go through dae, dae cannot split traffic by domain.
    # 4. "domain++". Based on domain+ mode but force to re-route traffic using sniffed domain to partially recover
    #       domain based traffic split ability. It doesn't work for direct traffic and consumes more CPU resources.
    dial_mode: domain

    # Allow insecure TLS certificates. It is not recommended to turn it on unless you have to.
    allow_insecure: false

    # Timeout to waiting for first data sending for sniffing. It is always 0 if dial_mode is ip. Set it higher is useful
    # in high latency LAN network.
    sniffing_timeout: 100ms

    # TLS implementation. tls is to use Go's crypto/tls. utls is to use uTLS, which can imitate browser's Client Hello.
    tls_implementation: tls

    # The Client Hello ID for uTLS to imitate. This takes effect only if tls_implementation is utls.
    # See more: https://github.com/daeuniverse/dae/blob/331fa23c16/component/outbound/transport/tls/utls.go#L17
    utls_imitate: chrome_auto
}

# See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/dns.md for full examples.
dns {
    upstream {
         # 这是上游adguardhome
        localdns: 'udp://127.0.0.1:1745'
    }
    routing {
        request {
            fallback: localdns
        }
        response {
            fallback: accept
        }
    }
}

# Node group (outbound).
group {
    proxy {
        # Filter nodes from the global node pool defined by the subscription and node section above.
        #filter: subtag(regex: '^my_', another_sub) && !name(keyword: 'ExpireAt:')

        # Filter nodes from the global node pool defined by tag.
        #filter: name(node1, node2)

        # Filter nodes and give a fixed latency offset to archive latency-based failover.
        # In this example, there is bigger possibility to choose US node even if original latency of US node is higher.
        filter: name(keyword: 'HK')
        #filter: name(US_node) [add_latency: -500ms]

        # Select the node with min average of the last 10 latencies from the group for every connection.
        policy: min_moving_avg
    }
}

# See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples.
routing {
    ### Preset rules.
    l4proto(udp) && dport(443) -> block
    pname(mosdns, dnsmasq) && l4proto(udp) && dport(53) -> must_direct

    dip(224.0.0.0/3, 'ff00::/8') -> direct
    dip(geoip:private) -> direct

    dip(223.5.5.5, 223.6.6.6) -> direct
    dip(8.8.8.8, 8.8.4.4) -> proxy
    domain(full: dns.alidns.com) -> direct
    domain(full: dns.googledns.com) -> proxy
    domain(full: dns.opendns.com) -> proxy
    domain(full: cloudflare-dns.com) -> proxy
    
    
    ########################## Must Direct Start #########################

    # Google GCM
    domain(suffix: mtalk.google.com) -> direct

    ########################## Must Direct End ############################

    ### GeoSite proxy

    # Goole Play
    domain(keyword: googleapis) -> proxy

    domain(geosite: linkedin) -> proxy
    domain(geosite: speedtest) -> proxy
    domain(geosite: yahoo) -> proxy
    domain(geosite: github) -> proxy
    domain(geosite: twitter) -> proxy
    domain(geosite: telegram) -> proxy
    domain(geosite: google) -> proxy
    domain(geosite: category-container) -> proxy
    domain(geosite: category-dev) -> proxy
    domain(geosite: google-scholar) -> proxy
    domain(geosite: category-scholar-!cn) -> proxy
    domain(geosite: category-cryptocurrency) -> proxy
    domain(geosite: geolocation-!cn) -> proxy

    ### GeoSite Direct

    domain(geosite: alibaba) -> direct
    domain(geosite: bilibili) -> direct
    domain(geosite: bilibili2) -> direct
    domain(geosite: tencent) -> direct
    domain(geosite: zhihu) -> direct
    domain(geosite: cloudflare-cn) -> direct
    domain(geosite: category-scholar-cn) -> direct
    domain(geosite: category-media-cn) -> direct
    domain(geosite: category-social-media-cn) -> direct
    domain(geosite: category-dev-cn) -> direct
    domain(geosite: category-bank-cn) -> direct
    domain(geosite: apple) -> direct
    domain(geosite: microsoft) -> direct
    domain(geosite: geolocation-cn) -> direct
    domain(geosite: cn) -> direct

    # GeoIP
    dip(geoip: cn) -> direct

    fallback: proxy
}