Skip to content

optimize: improve vless xudp#52

Open
cubatic45 wants to merge 53 commits into
daeuniverse:mainfrom
cubatic45:main
Open

optimize: improve vless xudp#52
cubatic45 wants to merge 53 commits into
daeuniverse:mainfrom
cubatic45:main

Conversation

@cubatic45

Copy link
Copy Markdown
Contributor

No description provided.

@cubatic45 cubatic45 requested a review from a team as a code owner October 23, 2025 06:34
AkinoKaede and others added 27 commits February 16, 2026 13:38
Co-authored-by: ChaosAttractor <lostattractor@gmail.com>
- Add dedicated subKeyPool sync.Pool for subKey buffer reuse
- Optimize SlidingWindowFilter.shiftWindow with in-place operations
- Replace mutex+map with sync.Map+atomic for replayWindow in udp_conn
- Reduce GC pressure in hot paths for both ss and ss2022 protocols
- Add UDP cipher cache for SS AEAD (6.6x performance improvement)
- Add UDP cipher cache for SS 2022 (20.5x performance improvement)
- Implement zero-copy splice for Linux (1.76x performance improvement)
- Add comprehensive performance benchmarks
- All optimizations are backward compatible

Performance improvements:
- SS AEAD: 6.6x faster UDP encryption, 14x less memory
- SS 2022: 20.5x faster cipher creation, 230x less memory
- TCP relay: 1.76x faster, 119x less memory

Tested: All existing tests pass
Backward compatible: No peer configuration changes required
…erformance improvement

- Replace EncryptUDPFromPool/DecryptUDP with optimized versions
- Achieve 5-10x performance boost for UDP encryption/decryption
- Reduce memory allocations by 14x (2134→152 B/op)
- Reduce allocation count by 7x (21→3 allocs/op)
- Keep legacy code in comments for reference
- Add comprehensive benchmark tests

Performance improvements:
- 64B packets: 9.5x faster
- 512B packets: 7.9x faster
- 1400B (MTU): 5.0x faster
- 4096B packets: 3.3x faster
- 8192B packets: 2.3x faster

No API changes, fully backward compatible
Performance improvement:
- Password hash caching: 4.8x faster (111.5ns → 23.4ns)
- Memory allocation: 100% reduction (32 B/op → 0 B/op)
- Allocations: 100% reduction (1 allocs/op → 0 allocs/op)

Changes:
- Add passwordHashCache sync.Map for caching SHA224 hashes
- Add getPasswordHash() function with cache lookup
- Modify NewConn() to use cached password hash
- Add comprehensive benchmark tests
- Add correctness and consistency tests

Following painless integration principles:
- No peer configuration changes required
- Performance test evidence provided
- No API/interface changes

Benchmarks:
- BenchmarkNewConnComparison/Original: 111.5 ns/op, 32 B/op, 1 allocs/op
- BenchmarkNewConnComparison/OptimizedCached: 23.4 ns/op, 0 B/op, 0 allocs/op

Test results:
- TestPasswordHashConsistency: PASS
- TestPasswordHashCorrectness: PASS
…rmat

The shadowsocks_2022 dialer was missing ParseMagicNetwork call, causing it
to fail when dae passes magic network format (e.g., with SO_MARK or MPTCP).

This fix aligns with the shadowsocks dialer implementation which properly
handles magic network format.

Fixes: unsupported tunnel type error for SS2022 nodes when connectivity
check is enabled.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The utls library v1.8.2 changed the API for accessing ECDHE keys:
- Old (deprecated): HandshakeState.State13.EcdheKey
- New: HandshakeState.State13.KeyShareKeys.Ecdhe

This fix uses the new API with fallback to the deprecated field for
backward compatibility, resolving the 'nil ecdheKey' error when using
Reality protocol with recent utls versions.

Also updates utls dependency from v1.6.4 to v1.8.2.

Co-Authored-By: GitHub Copilot <noreply@github.com>
- Pre-compute BLAKE3 hashes for each PSK during connection initialization
- Avoid redundant hash calculations for every UDP packet
- Add conservative mode (default): cache hashes, send header every packet
- Add aggressive mode (opt-in): send identity header only on first packet
- Reduce CPU overhead by ~50% in conservative mode, ~80% in aggressive mode

Set SS2022_UDP_MULTI_PSK_OPTIMIZATION=1 for aggressive mode.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Refactor UDP cipher caching in shadowsocks_2022 to use atomic timestamps for improved performance and thread safety.
- Introduce a new zeroalloc key package for efficient string key concatenation.
- Enhance VLESS password validation error messages for clarity.
- Replace byte slice joining with a more efficient multi-write function in VMess connection handling.
- Add comprehensive tests for the new zeroalloc key functionalities, including race conditions and memory leak checks.
- Implement extensive tests for optimized encryption and decryption in Juicity protocol, ensuring correctness and performance under concurrent access.
- Introduce race tests for UDP connection handling to ensure thread safety and prevent potential memory leaks.
Update to the latest quic-go fork with test fixes:
- Fix streams_map test signatures (capabilityCallback parameter)
- Fix config_test unknown field handling
- Fix send_conn RemoteAddr nil panic
Update quic-go dependency to include UDP GSO fix for single-segment sends.
This fixes issues with PPPoE and certain network drivers.

Changes:
- quic-go: v0.0.0-20260225054405-33005db9cba0 -> v0.0.0-20260226044315-bb65418d151a
- Includes fix: Only request UDP GSO when payload will actually be segmented

Related: MetaCubeX/quic-go@4df8f0d
… faster)

Optimize error checking in hot paths by using direct comparison instead of
function calls and string matching. This provides significant performance
improvements for high-frequency operations like DNS resolution and stream
management.

Performance improvements:
- DNS timeout check: 122.3 ns → 1.191 ns (102x faster)
- Stream exhausted check: 3.760 ns → 1.191 ns (3.1x faster)
- Stream retry check: 8.744 ns → 1.191 ns (7.3x faster)
- Memory allocation: 16 B → 0 B (eliminated heap allocations)

Changes:
- protocol/direct/dialer.go: Use ErrDNSTimeout direct comparison
- protocol/tuic/client_ring.go: Use ErrTooManyOpenStreams direct comparison
- protocol/tuic/client.go: Use ErrStreamExhausted direct comparison
- protocol/juicity/client_ring.go: Use ErrTooManyOpenStreams direct comparison
- common/errors/: Add unified error handling package with sentinel errors

All optimizations maintain 100% backward compatibility - no semantic or
interface changes. Verified with comprehensive unit tests (93.2% coverage)
and benchmarks.

Based on best practices from Go error handling optimization guide.
- Cleaned up whitespace in multiple files to enhance readability.
- Optimized TCP and UDP benchmark tests for better performance measurement.
- Improved password hashing mechanism in the trojanc protocol by implementing caching.
- Updated comments for clarity and consistency across various functions.
- Refactored obfuscation methods in simpleobfs transport for better maintainability.
- Ensured consistent error handling and logging practices throughout the codebase.
- Removed the optimized encryption and decryption functions from `encrypt_optimized.go` and their associated tests.
- Consolidated encryption and decryption logic in `encrypt.go` to improve code maintainability.
- Added race condition tests for encryption and decryption to ensure thread safety.
- Updated `tcp_conn.go` and `udp_conn.go` to use the standard encryption methods.
- Removed unnecessary logging and comments for cleaner code.
- Enhanced error handling in various functions to improve robustness.
kix and others added 25 commits March 4, 2026 08:14
- Add stickyip package with separate TCP/UDP IP caching
- Verify UDP connectivity before caching to avoid caching non-responsive IPs
- Support multiple IPs from DNS resolution with protocol-specific selection
- Increment health check cycle for IP failover between cycles

This fixes issues where proxy domains resolve to multiple IPs and
some IPs work for TCP but not UDP (or vice versa).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Simplify UDP verification logic to avoid false positives.
The previous attempt to send test packets failed due to missing
RemoteAddr() method. Now we do a basic socket sanity check
and rely on actual protocol usage for final validation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ailover

Add InvalidateProtocolCache method to StickyIpDialer to allow
immediate invalidation of a failed proxy IP when connection refused
is detected. This enables fast failover without waiting for timeout.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…v6, and improve cache invalidation methods
…socks and direct protocols

- Implemented concurrent write tests for direct and shadowsocks UDP connections to validate race conditions.
- Added lazy cache race tests for directPacketConn to ensure thread safety during target resolution.
- Created benchmarks for write performance in both direct and shadowsocks protocols.
- Developed tests for buffer pool concurrent access to verify safe usage under high concurrency.
- Included tests for metadata parsing and validation of potential data corruption in concurrent scenarios.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants