{"id":35788119,"url":"https://github.com/gagansuie/oxidize","last_synced_at":"2026-01-27T22:27:15.702Z","repository":{"id":332003251,"uuid":"1128179842","full_name":"gagansuie/oxidize","owner":"gagansuie","description":"Deep Learning Driven Network Acceleration","archived":false,"fork":false,"pushed_at":"2026-01-19T08:14:02.000Z","size":10423,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-19T08:52:11.435Z","etag":null,"topics":["ai","ml","network","quic"],"latest_commit_sha":null,"homepage":"https://oxd.sh","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gagansuie.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-05T08:59:03.000Z","updated_at":"2026-01-19T08:14:05.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/gagansuie/oxidize","commit_stats":null,"previous_names":["gagansuie/oxidize"],"tags_count":55,"template":false,"template_full_name":null,"purl":"pkg:github/gagansuie/oxidize","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gagansuie%2Foxidize","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gagansuie%2Foxidize/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gagansuie%2Foxidize/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gagansuie%2Foxidize/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gagansuie","download_url":"https://codeload.github.com/gagansuie/oxidize/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gagansuie%2Foxidize/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28642697,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-21T18:04:35.752Z","status":"ssl_error","status_checked_at":"2026-01-21T18:03:55.054Z","response_time":86,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","ml","network","quic"],"created_at":"2026-01-07T07:21:21.361Z","updated_at":"2026-01-23T22:25:55.199Z","avatar_url":"https://github.com/gagansuie.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# Oxidize\n\n### Open Source Deep Learning Driven Network Acceleration\n\n**Neural networks predict packet loss before it happens, optimize routing in real-time, and accelerate your network automatically.**\n\n\u003e 🔥 **0.7µs** per-packet processing • **44%** header compression • **Zero-copy** packet pipeline • **Pure Rust**\n\n[![CI](https://github.com/gagansuie/oxidize/actions/workflows/ci.yml/badge.svg)](https://github.com/gagansuie/oxidize/actions/workflows/ci.yml)\n[![Release](https://github.com/gagansuie/oxidize/actions/workflows/release.yml/badge.svg)](https://github.com/gagansuie/oxidize/actions/workflows/release.yml)\n[![License](https://img.shields.io/badge/license-MIT%2FApache--2.0-blue.svg)](LICENSE)\n[![Rust](https://img.shields.io/badge/rust-1.70%2B-orange.svg)](https://www.rust-lang.org/)\n\n[Website](https://oxd.sh) · [Download](https://oxd.sh/download) · [Documentation](docs/) · [Speed Test](#speed-test)\n\n\u003c/div\u003e\n\n---\n\n## The Problem\n\nYour ISP's routing is suboptimal:\n- **Congested peering points** → packet loss\n- **Cost-optimized routes** → unnecessary latency (+50-200ms)\n- **No QoS guarantees** → inconsistent performance\n\n## The Solution\n\n```\n❌ Direct (Your ISP):     You → Congested ISP routes → Destination     (120ms, 2% loss)\n✅ Via Oxidize:           You → QUIC tunnel → Premium edge → Destination (80ms, 0% loss)\n```\n\n## Architecture\n\n```\n┌─────────────────┐         ┌─────────────────┐\n│   Your Device   │  QUIC   │  Relay Server   │\n│  oxidize-client │ ──────► │  oxidize-server │ ──────► Internet\n└─────────────────┘         └─────────────────┘\n        ↑                           ↑\n   TCP + UDP                   TCP + UDP\n   captured                    forwarded\n```\n\n- **Full traffic tunneling** — ALL TCP and UDP traffic flows through the relay\n- **Dedicated infrastructure** — no peer-to-peer, no bandwidth sharing with strangers\n- **Smart routing** — gaming tunneled, streaming bypassed for zero latency\n\n## Perfect For\n\n| 🎮 Gamers | 📱 Mobile Users | 🏢 Remote Workers | 🚀 Bad ISPs |\n|-----------|-----------------|-------------------|-------------|\n| Reduce jitter \u0026 packet loss | Better than carrier routing | VPN alternative, better perf | Bypass congestion |\n\n## Features\n\n### 🚀 Core Performance\n- **QUIC Protocol** - 0-RTT resumption, stream multiplexing, fast loss recovery\n- **Smart Routing** - Bypass congested ISP routes with optimized paths\n- **Adaptive FEC** - Dynamic Reed-Solomon redundancy based on packet loss rate\n- **Multi-path Support** - WiFi + LTE bandwidth aggregation and seamless failover\n\n### ⚡ High-Performance Pipeline (100x Optimization)\n- **Kernel Bypass** - AF_XDP/XDP for bare metal (10-25 Gbps, no dedicated CPU cores)\n- **Zero-Copy I/O** - Direct packet access via AF_XDP UMEM\n- **UDP GSO/GRO Batching** - 64 packets per syscall, 5-10x throughput\n- **Zero-Copy Buffers** - Buffer pooling eliminates allocation overhead\n- **Ring Buffers** - Lock-free packet queuing\n- **Connection Pooling** - QUIC connection reuse, 10x handshake reduction\n- **SIMD Acceleration** - AVX-512/AVX2/NEON optimized operations (2x faster with AVX-512)\n- **Lock-Free Streams** - No mutex contention on hot path\n- **ACK Batching** - Configurable batching reduces round-trips\n- **Latency Instrumentation** - Built-in µs-level timing for optimization\n- **LZ4 DEFAULT Mode** - ~6 GB/s compression (30x faster than HIGH mode)\n- **Zero-Allocation Hot Path** - Ownership transfer instead of cloning in packet pipeline\n\n### 📱 OxTunnel Protocol (Unified Cross-Platform)\nCustom high-performance tunnel protocol replacing WireGuard with **unified architecture** for all platforms:\n\n```\n┌─────────────────────────────────────────────────────────────────────┐\n│                    OxTunnel Protocol (TCP + UDP)                    │\n├─────────────────────────────────────────────────────────────────────┤\n│  Linux:   App → NFQUEUE → OxTunnel → QUIC Datagrams → Server       │\n│  macOS:   App → PF/Utun → OxTunnel → QUIC Datagrams → Server       │\n│  Windows: App → WinDivert → OxTunnel → QUIC Datagrams → Server     │\n│  Android: App → VpnService → OxTunnel → QUIC Datagrams → Server    │\n│  iOS:     App → NEPacketTunnel → OxTunnel → QUIC Datagrams → Server│\n└─────────────────────────────────────────────────────────────────────┘\n         All platforms: TCP + UDP tunneled, UDP fallback when QUIC blocked\n```\n\n- **Same protocol everywhere** - All platforms use identical OxTunnel encapsulation\n- **Platform-specific capture** - NFQUEUE (Linux), PF (macOS), WinDivert (Windows), VpnService (Android)\n- **QUIC primary transport** - Encrypted, multiplexed, 0-RTT for all platforms\n- **UDP fallback** - For networks that block QUIC\n- **V2 Variable Headers** - 2-7 byte headers (avg 4B) with varint encoding, 55% smaller than V1\n- **64 packets/batch** - Reduces syscalls by 64x\n- **Zero-copy buffer pools** - 128 pre-allocated buffers, no heap allocation per packet\n\n| Feature | WireGuard | OxTunnel |\n|---------|-----------|----------|\n| Header size | 32+ bytes | **4 bytes avg** (V2) |\n| Encryption | Double (WG + TLS) | Single (QUIC TLS 1.3) |\n| Handshake | Multi-round Noise | Single round-trip |\n| Buffer allocation | Per-packet malloc | Zero-copy pool |\n| Batch processing | No | 64 packets/batch |\n| Packet capture | TUN device | NFQUEUE/PF/WinDivert |\n| Transport | UDP only | QUIC + UDP fallback |\n| Cross-platform | Separate implementations | Unified protocol |\n\n### 🎭 MASQUE-Inspired Architecture\nInspired by [Cloudflare's MASQUE/WARP](https://blog.cloudflare.com/zero-trust-warp-with-a-masque/):\n- **QUIC Datagrams** - Real-time traffic (gaming/VoIP) bypasses stream ordering, eliminating head-of-line blocking\n- **0-RTT Session Resumption** - Instant reconnects via cached session tickets\n- **Connection Migration** - Seamless WiFi ↔ cellular transitions without reconnecting\n- **Dual-Path Architecture** - Streams for reliable traffic, datagrams for latency-sensitive traffic\n- **Smart Traffic Detection** - Auto-detects gaming/VoIP ports for optimal routing\n\n### 🧠 Smart Traffic Management\n- **Adaptive ML Congestion Control** - Online learning with continuous improvement\n  - Lookup tables generated from trained ML model (\u003c100ns decisions)\n  - Live ML inference for edge cases (~1µs)\n  - Automatic table refresh (hourly) from real traffic observations\n  - No restart needed - model improves continuously\n- **ECN (Explicit Congestion Notification)** - RFC 9000 compliant\n  - DCTCP-style congestion response\n  - Better signals than loss-based detection\n- **Multipath QUIC** - Aggregate bandwidth across paths\n  - Adaptive path selection (RTT + loss + bandwidth scoring)\n  - Seamless failover on path failure\n  - Round-robin, weighted, or lowest-RTT scheduling\n- **Deep Packet Inspection** - Identifies Discord, Zoom, Valorant, Fortnite by protocol patterns\n- **Application Fingerprinting** - Detect apps on non-standard ports (Discord on 443, etc.)\n- **Traffic Classification** - Auto-detects gaming/streaming/VoIP for optimal handling\n- **Smart Split-Tunneling** - Gaming tunneled for optimization, streaming bypassed for clean IP\n- **Edge Caching** - LRU cache for static content at relay points\n\n\n### 🧠 Deep Learning Engine (Pure Rust, 10x Optimized)\nSelf-improving network optimization using neural networks with **adaptive online learning**:\n\n```\n┌─────────────────────────────────────────────────────────────────────────┐\n│                     AdaptiveMlEngine (Production)                        │\n├─────────────────────────────────────────────────────────────────────────┤\n│  ┌────────────────────┐  ┌────────────────────┐  ┌──────────────────┐  │\n│  │ ML Lookup Tables │  │ Live ML Inference  │  │ Online Learning  │  │\n│  │  - From ML model   │  │ - Candle/SafeTensors│  │ - 100K obs buffer│  │\n│  │  - \u003c100ns lookup   │  │ - \u003c1µs inference  │  │ - Hourly refresh │  │\n│  │  - 90%+ hit rate   │  │ - Edge cases only  │  │ - No restart     │  │\n│  └────────────────────┘  └────────────────────┘  └──────────────────┘  │\n└─────────────────────────────────────────────────────────────────────────┘\n```\n\n**Core Models (Always Active):**\n| Model | Architecture | Latency | Purpose |\n|-------|--------------|---------|----------|\n| **Loss Predictor** | Transformer | \u003c10µs | Predicts packet loss 50-100ms ahead |\n| **Congestion Control** | PPO (continuous) | \u003c1µs | Optimal CWND via lookup + ML fallback |\n| **Compression Oracle** | Entropy heuristics | \u003c1µs | Skip already-compressed data |\n| **Path Selector** | UCB1 bandit | \u003c1µs | Learns best path per traffic type |\n| **FEC Decision** | Lookup table | \u003c100ns | Optimal redundancy ratio |\n\n**Performance Benchmarks:**\n```\n╔════════════════════════════════════════════════════════════════╗\n║                    ML ENGINE BENCHMARKS                         ║\n╠════════════════════════════════════════════════════════════════╣\n║ Lookup Table Hit:      \u003c100ns (90%+ of decisions)                ║\n║ Live ML Inference:     \u003c1µs  (candle optimized)                  ║\n║ Transformer:           \u003c10µs (loss prediction)                  ║\n║ Online Learning:       Continuous (no restart)                  ║\n║ Table Refresh:         Hourly (from observations)               ║\n║ Memory Footprint:      \u003c10MB (all models + tables)              ║\n║ Observation Buffer:    100K samples (circular)                  ║\n╚═════════════════════════════════════════════════════════════════╝\n```\n\n**Advanced ML Features (Scale-Ready):**\n| Feature | Purpose | Latency Impact | When Needed |\n|---------|---------|----------------|-------------|\n| **Federated Learning** | Privacy-preserving aggregation with DP | Async | Multi-server |\n| **Multi-agent RL** | Distributed congestion control | ~50µs/action | Multi-flow |\n| **A/B Testing** | Statistical model deployment experiments | ~1µs | Always |\n\nSee [ADVANCED_ML.md](docs/ADVANCED_ML.md) and [DEEP_LEARNING.md](docs/DEEP_LEARNING.md) for detailed documentation.\n\n**Gaming Ports (QUIC Datagrams):**\n| Platform | Ports |\n|----------|-------|\n| Xbox Live | 3074, 3478-3480 |\n| PlayStation | 3658-3659 |\n| Steam/Valve | 27015-27017 |\n| Unreal Engine | 7777-7779 |\n| VoIP/SIP | 5060-5061 |\n\n**Bypass Domains (Direct, Your IP):**\nNetflix, Disney+, Hulu, Prime Video, HBO Max, Spotify - automatically bypassed so streaming services see your residential IP.\n\n### 📦 Compression (Pure Rust, Enabled by Default)\n- **Parallel LZ4 Compression** - Multi-threaded compression scales with CPU cores (10+ Gbps)\n- **Per-Connection Dictionaries** - Learns per-flow patterns for 20-40% better compression\n- **ROHC Header Compression** - 44% size reduction for UDP/IP headers\n  - UDP, TCP, IP, RTP, ESP, IPv6 profiles\n  - Fast state transitions (IR → FO → SO in 5 packets vs standard 10)\n  - LRU context eviction for inactive flows\n  - W-LSB delta encoding for sequence numbers\n  - **Enabled by default** - no configuration needed\n- **SIMD-Accelerated** - AVX2/NEON when available\n- **Intelligent Selection** - Automatically chooses best compression per packet\n- **Smart Entropy Detection** - Shannon entropy + magic byte detection skips encrypted/compressed data\n  - Detects gzip, ZIP, LZ4, Zstd, TLS records, JPEG, PNG, MP4\n  - Entropy threshold: \u003e7.5 bits/byte = skip compression\n\n**ROHC Performance Impact:**\n| Traffic Type | Without ROHC | With ROHC | Savings |\n|--------------|--------------|-----------|--------|\n| UDP Gaming (64B) | 62% header overhead | 3% | **59%** |\n| VoIP RTP (160B) | 25% header overhead | 1% | **24%** |\n| SSH keystrokes (80B) | 75% header overhead | 10% | **65%** |\n\n### 🔒 Security \u0026 DDoS Protection\n- **TLS 1.3** - Real certificate support with Let's Encrypt\n- **Per-IP Rate Limiting** - Connection, PPS, and bandwidth limits\n- **Auto-blocking** - Automatic IP blocking after violations\n- **QUIC Security** - Stateless retry, address validation, anti-amplification\n- **Connection Multiplexing** - Thousands of concurrent flows\n\n### 🌐 Infrastructure \u0026 Resilience\n- **Connection Migration** - Seamless WiFi ↔ LTE handoff\n- **Multi-Server Ready** - Relay mesh for scaling when needed\n- **Predictive Prefetching** - DNS and connection pre-warming\n- **Health Monitoring** - Automatic failover on relay issues\n\n### 🚀 Server-to-Internet Optimizations\nThe relay server optimizes traffic from server to destination (your game server, websites, etc.):\n\n| Optimization | Benefit | Implementation |\n|--------------|---------|----------------|\n| **BBR Congestion Control** | 2-25x better throughput on lossy links | `tcp_congestion_control = bbr` |\n| **TCP Fast Open** | -1 RTT on repeat connections | `tcp_fastopen = 3` |\n| **UDP GSO/GRO** | 64 packets per syscall | Kernel 4.18+ |\n| **ECN (RFC 9000)** | Congestion signals without loss | DCTCP-style response |\n| **Jumbo Frames** | 9000 MTU on datacenter NICs | Reduces header overhead |\n| **NUMA-Aware** | Memory close to CPU | \u003c100ns memory access |\n| **Peering** | Direct routes to game servers | Latitude.sh Chicago |\n\n**Server Kernel Tuning (Applied Automatically):**\n```\nnet.core.rmem_max = 268MB      # Large receive buffers\nnet.core.wmem_max = 268MB      # Large send buffers  \nnet.core.netdev_max_backlog = 500K  # Handle burst traffic\nnet.ipv4.tcp_congestion_control = bbr  # Google BBR\nnet.ipv4.tcp_fastopen = 3      # Client + server TFO\n```\n\n**Why This Matters:**\n```\nWithout optimization:  Server → 5 hops → ISP peering → 8 hops → Game Server\nWith Oxidize:          Server → 2 hops → Direct peering → Game Server\n                       (Latitude.sh has direct peering with major gaming networks)\n```\n\n### 📊 Observability\n- **Prometheus Metrics** - Latency, throughput, compression ratios\n- **Speed Test** - Built-in benchmarking with JSON output\n\n## Speed Test\n\nTest your connection improvement before committing:\n\n```bash\n# Human-readable results\noxidize-client --server SERVER_IP:4433 --speedtest\n\n# JSON output for scripting\noxidize-client --server SERVER_IP:4433 --speedtest --json\n```\n\nSample output:\n```\n╔════════════════════════════════════════════════════════════════╗\n║              Oxidize Speed Test Results                        ║\n╠════════════════════════════════════════════════════════════════╣\n║                      Direct      Via Relay      Improvement    ║\n╠════════════════════════════════════════════════════════════════╣\n║  Latency (ms):        45.2          38.1           +15.7%      ║\n║  Download (Mbps):     85.2          92.4           +8.5%       ║\n║  Upload (Mbps):       42.1          48.7           +15.7%      ║\n║  Jitter (ms):         12.3           4.2           +65.9%      ║\n╚════════════════════════════════════════════════════════════════╝\n\n✨ Summary: Oxidize provides 16% better latency, 8% better download speed\n```\n\n## Quick Start\n\n### One-Click Client Install\n\n```bash\n# Install and auto-start (defaults to relay.oxd.sh:4433)\ncurl -fsSL https://raw.githubusercontent.com/gagansuie/oxidize/main/install.sh | sudo bash\n```\n\n```bash\n# Or specify a custom server\ncurl -fsSL https://raw.githubusercontent.com/gagansuie/oxidize/main/install.sh | sudo bash -s -- relay.oxd.sh:4433\n```\n\nThe installer handles everything: downloads binary, configures service, and starts automatically.\n\n\u003e **Review the script:** [install.sh](install.sh)\n\n### Build from Source\n\n```bash\n# Build\ncargo build --release\n\n# Run server (on your relay server)\n./target/release/oxidize-server --listen 0.0.0.0:4433\n\n# Run client (defaults to relay.oxd.sh:4433)\n./target/release/oxidize-client\n\n# Or specify a custom server\n./target/release/oxidize-client --server relay.oxd.sh:4433\n\n# Run speed test\n./target/release/oxidize-client --speedtest\n```\n\n## Configuration\n\nCreate `config.toml`:\n\n```toml\nmax_connections = 10000\nenable_compression = true\nenable_tcp_acceleration = true\nrate_limit_per_ip = 100\n\n# ROHC header compression (enabled by default)\nenable_rohc = true\nrohc_max_size = 1400\n\n# Congestion control (adaptive_ml, cubic, gaming)\ncongestion_algorithm = \"adaptive_ml\"\n\n# Priority scheduling\nenable_priority_scheduler = true\n\n# Performance optimizations are always enabled:\n# - Zero-copy buffer pooling\n# - Lock-free stream handling  \n# - ACK batching (8 per batch)\n# - Latency instrumentation\n```\n\n### Feature Interactions\n\n| Feature Combo | Interaction | Status |\n|--------------|-------------|--------|\n| FEC + Compression | FEC adds redundancy before compression | ✅ Auto-adapts |\n| ROHC + Small Packets | ROHC best for \u003c200B packets | ✅ Auto-selects per packet |\n| Zero-copy + Compression | Compression into pooled buffer | ✅ No conflict |\n| Priority Scheduler + ACK Batching | Real-time traffic prioritized | ✅ ACKs respect priority |\n\n\n## Real-World Performance\n\n### 🎯 Relay Overhead: 0.004%\n\n```\n┌────────────────────────────────────────────────────────────────┐\n│                    PERFORMANCE BREAKDOWN                        │\n├────────────────────────────────────────────────────────────────┤\n│  Per-packet processing:     0.7µs (with ML inference)          │\n│  Concurrent users:          10,000 - 50,000 per instance       │\n│  PPS capacity:              ~100K packets/sec                  │\n│  Memory footprint:          \u003c100 MB                            │\n│                                                                │\n│  Verdict: PRODUCTION READY                                     │\n└────────────────────────────────────────────────────────────────┘\n```\n\n### 🎮 Gaming Overhead Analysis\n\n| Workload | Tick Rate | Tick Period | Oxidize Overhead |\n|----------|-----------|-------------|------------------|\n| Competitive FPS | 128 Hz | 7.8ms | **0.009%** |\n| Standard Gaming | 64 Hz | 15.6ms | **0.004%** |\n| VoIP (20ms frames) | 50 Hz | 20ms | **0.0035%** |\n| Video Streaming | 60 Hz | 16.7ms | **0.004%** |\n\n**Why it matters:** Batching and QUIC datagrams eliminate latency *spikes* - the micro-stutters from syscalls and head-of-line blocking that ruin gaming feel.\n\n### When Oxidize Helps\n\n- Mobile networks: +30-50% improvement (packet loss handling)\n- Congested ISPs: +40-60% improvement (better routing)\n- Gaming: +20-40% improvement (stable latency)\n- API-heavy apps: +50-70% improvement (compression + multiplexing)\n\n### When It Won't\n\n- Already-optimal fiber connections\n- Video streaming (already compressed)\n- Local network traffic\n\n**Honest benchmarks, no marketing BS.**\n\n## Production Ready\n\n✅ TLS 1.3 \u0026nbsp;·\u0026nbsp; ✅ Rate limiting \u0026nbsp;·\u0026nbsp; ✅ Prometheus metrics \u0026nbsp;·\u0026nbsp; ✅ DDoS protection \u0026nbsp;·\u0026nbsp; ✅ 230+ tests \u0026nbsp;·\u0026nbsp; ✅ Zero external deps\n\n### ✅ Implemented Features Summary\n\n| Category | Feature | Status |\n|----------|---------|--------|\n| **Protocol** | OxTunnel (unified cross-platform) | ✅ Implemented |\n| **Protocol** | V2 Variable Headers (4B avg) | ✅ Implemented |\n| **Protocol** | QUIC Datagrams (gaming/VoIP) | ✅ Implemented |\n| **Protocol** | 0-RTT Session Resumption | ✅ Implemented |\n| **Transport** | QUIC Primary + UDP Fallback | ✅ Implemented |\n| **Transport** | Connection Migration (WiFi↔LTE) | ✅ Implemented |\n| **Transport** | Multi-path Aggregation | ✅ Implemented |\n| **Kernel Bypass** | AF_XDP/XDP (10-25 Gbps) | ✅ Implemented |\n| **Compression** | LZ4 (~4 GB/s) | ✅ Implemented |\n| **Compression** | ROHC Headers (44% reduction) | ✅ Implemented |\n| **Compression** | Per-Connection Dictionaries | ✅ Implemented |\n| **ML Engine** | Transformer Loss Predictor | ✅ Implemented |\n| **ML Engine** | PPO Congestion Controller | ✅ Implemented |\n| **ML Engine** | Speculative Pre-computation | ✅ Implemented |\n| **ML Engine** | UCB1 Path Selection | ✅ Implemented |\n| **Congestion** | Adaptive ML (online learning) | ✅ Implemented |\n| **Congestion** | ML-Augmented Pacing | ✅ Implemented |\n| **Multipath** | MPTCP-style Redundancy | ✅ Implemented |\n| **Multipath** | ML Handoff Prediction (WiFi→LTE) | ✅ Implemented |\n| **Traffic** | Deep Packet Inspection | ✅ Implemented |\n| **Traffic** | Application Fingerprinting | ✅ Implemented |\n| **Protocol** | Trusted Network Detection | ✅ Implemented |\n| **Protocol** | Dynamic Buffer Pool | ✅ Implemented |\n| **Protocol** | NUMA-Aware Allocation | ✅ Implemented |\n| **SIMD** | AVX-512/AVX2 Packet Parsing | ✅ Implemented |\n| **FEC** | Adaptive Reed-Solomon | ✅ Implemented |\n| **Security** | TLS 1.3 / Let's Encrypt | ✅ Implemented |\n| **Security** | Rate Limiting / DDoS Protection | ✅ Implemented |\n| **Observability** | Prometheus Metrics | ✅ Implemented |\n| **Apps** | Desktop (Linux/macOS/Windows) | ✅ Implemented |\n| **Apps** | Mobile (Android/iOS) | 🚧 Coming Soon |\n\n## Monitoring\n\n```bash\n# Metrics endpoint\ncurl http://localhost:9090/metrics\n```\n\n**Latency Metrics:**\n```\n║ Avg Process Latency: 0.7µs    # Per-packet processing time\n║ Avg Forward Latency: 12.3µs   # Time to forward to destination\n║ Avg Encode Latency:  0.2µs    # Message encoding time\n║ Avg Decode Latency:  0.3µs    # Message decoding time\n```\n\nUse these metrics to identify bottlenecks and tune `ack_batch_size` for your workload.\n\n## Desktop App\n\nThe Oxidize desktop app provides a modern GUI for managing connections.\n\n\u003e **⚠️ Daemon Required**: The desktop app requires the daemon to be installed for full traffic tunneling and IP protection. Install via Settings → Install Daemon.\n\n### Features\n- **Full IP Protection** - All traffic tunneled through relay, your real IP is hidden\n- **Auto-connect** - Automatically connects to closest region on launch (configurable)\n- **Closest Region Detection** - Uses IP geolocation + haversine distance to find optimal server\n- **Server List** - Browse all available regions with status, latency, and server count\n- **Connection Stats** - Real-time bytes sent/received and uptime\n- **Launch at Startup** - Optional system startup integration\n\n### Settings\n| Setting | Description |\n|---------|-------------|\n| Launch at Startup | Start Oxidize when your computer boots |\n| Auto-connect | Automatically connect to closest region on launch |\n| Install Daemon | Required for connection - installs system service |\n\n### macOS Security Prompt\n\nmacOS may show a security warning when opening unsigned apps:\n\n\u003e \"Oxidize.app cannot be opened because the developer cannot be verified\"\n\n**Workaround:** Right-click the app → Select \"Open\" → Click \"Open\" in the dialog.\n\nOr via Terminal: `xattr -cr /Applications/Oxidize.app`\n\n---\n\n## Mobile Apps\n\nNative iOS and Android apps with the same core functionality as desktop.\n\n### Download\n\n| Platform | Store | Status |\n|----------|-------|--------|\n| **Android** | [Google Play Store](https://play.google.com/store/apps/details?id=sh.oxd.app) | Coming Soon |\n| **iOS** | [Apple App Store](https://apps.apple.com/app/oxidize/id0000000000) | Coming Soon |\n\n### Features\n- **Same OxTunnel protocol** - Identical to desktop, unified codebase\n- **VpnService (Android)** / **NEPacketTunnel (iOS)** - Native packet capture\n- **Auto-connect** - Connect on launch (configurable)\n- **Region selection** - Browse and select optimal servers\n- **Connection stats** - Real-time bandwidth and latency\n\n### Mobile-Specific Notes\n- **No daemon required** - Mobile uses native VPN APIs\n- **Battery optimized** - Efficient QUIC transport\n- **Background support** - Stays connected when app is backgrounded\n\n### Development\n\nMobile apps are built with [Tauri](https://tauri.app/) and deploy via [Fastlane](https://fastlane.tools/):\n\n```bash\n# Android (requires Android SDK + NDK)\ncd app \u0026\u0026 npx tauri android build\n\n# iOS (requires macOS + Xcode)\ncd app \u0026\u0026 npx tauri ios init \u0026\u0026 npx tauri ios build\n```\n\nFor deployment setup, see [MOBILE_DEPLOYMENT.md](docs/MOBILE_DEPLOYMENT.md).\n\n---\n\n## Daemon Management\n\nThe daemon runs **OxTunnel** - our unified protocol that captures packets via NFQUEUE and tunnels them over QUIC:\n\n### How OxTunnel Works (Linux)\n```\nApp Traffic → NFQUEUE (kernel) → OxTunnel Batching → QUIC Datagrams → Relay Server\n     ↓                                                                      ↓\n TCP + UDP                                                           TCP: Connection proxy\n captured                                                            UDP: Direct forward\n```\n\n### Features\n- **Full traffic capture** - Intercepts **both TCP and UDP** at kernel level via NFQUEUE\n- **TCP connection pooling** - Server maintains persistent TCP connections to destinations\n- **UDP direct forwarding** - Low-latency UDP packet forwarding\n- **64 packets/batch** - Reduces syscalls, improves throughput\n- **QUIC datagrams** - Zero head-of-line blocking for gaming/VoIP\n- **Pure userspace** - No kernel modules, no TUN devices\n- **Same protocol as mobile** - Unified OxTunnel on all platforms\n\n### Commands\n```bash\n# Check status\nsudo systemctl status oxidize-daemon\n\n# Start/Stop/Restart\nsudo systemctl start oxidize-daemon\nsudo systemctl stop oxidize-daemon\nsudo systemctl restart oxidize-daemon\n\n# View logs\nsudo journalctl -u oxidize-daemon -f\n\n# Manual run (for debugging)\nsudo ./target/release/oxidize-daemon\n```\n\n### NFQUEUE iptables Rules\nWhen connected, the daemon automatically configures rules for **both TCP and UDP**:\n```bash\n# Check active rules\nsudo iptables -L OUTPUT -v -n --line-numbers\n\n# Expected output shows both protocols captured:\n# NFQUEUE udp  -- 0.0.0.0/0  0.0.0.0/0  NFQUEUE num 0 bypass\n# NFQUEUE tcp  -- 0.0.0.0/0  0.0.0.0/0  NFQUEUE num 0 bypass\n```\n\n## Documentation\n\n- [CHANGELOG.md](docs/CHANGELOG.md) - **Recent changes and removed modules**\n- [OXTUNNEL.md](docs/OXTUNNEL.md) - OxTunnel protocol specification (replaces WireGuard)\n- [DEEP_LEARNING.md](docs/DEEP_LEARNING.md) - Deep learning engine (Transformer, PPO, UCB1)\n- [ADVANCED_ML.md](docs/ADVANCED_ML.md) - Scale-ready ML features (Federated Learning, Multi-agent RL, A/B Testing)\n- [SECURITY.md](docs/SECURITY.md) - Security hardening \u0026 DDoS protection\n- [VULTR_DEPLOYMENT.md](docs/vultr/VULTR_DEPLOYMENT.md) - Bare metal deployment guide\n- [LATITUDE_DEPLOYMENT.md](docs/latitude/LATITUDE_DEPLOYMENT.md) - Latitude.sh deployment guide\n- [ZERO-DOWNTIME.md](docs/ZERO-DOWNTIME.md) - Zero-downtime deployment\n\n## Testing\n\n```bash\ncargo test --all\n```\n\n## Benchmarks\n\n```bash\n# Run performance benchmarks\ncargo bench --package oxidize-common\n```\n\n**Sample Results:**\n```\n╔════════════════════════════════════════════════════════════════╗\n║                     KEY BENCHMARKS                             ║\n╠════════════════════════════════════════════════════════════════╣\n║ E2E Pipeline:        0.7µs per packet                          ║\n║ LZ4 Throughput:      ~4 GB/s (native LZ4, 10+ Gbps)            ║\n║ FEC Throughput:      ~4321 MB/s (never a bottleneck)           ║\n║ ROHC Compression:    44% size reduction                        ║\n║ Buffer Pool:         100% hit rate (zero allocs)               ║\n║ Batch Efficiency:    2.6x speedup (fewer syscalls)             ║\n║ Multipath Select:    9M ops/sec                                ║\n║ Sustained Load:      3M+ ops/sec (no degradation)              ║\n║ Concurrent Users:    10,000 - 50,000 per instance              ║\n╚════════════════════════════════════════════════════════════════╝\n```\n\n**ML Engine Benchmarks:**\n```\n╔════════════════════════════════════════════════════════════════╗\n║                   ML INFERENCE BENCHMARKS                       ║\n╠════════════════════════════════════════════════════════════════╣\n║ Transformer:         \u003c10µs inference (loss prediction)          ║\n║ PPO Controller:      \u003c10µs inference (CWND optimization)        ║\n║ Speculative Cache:   \u003c1µs hit (100 decisions pre-computed)      ║\n║ Compression Oracle:  \u003c1µs (entropy-based heuristics)            ║\n║ Path Selection:      \u003c1µs (UCB1 bandit)                        ║\n║ Cache Hit Rate:      \u003e95% (speculative pre-computation)         ║\n║ Memory Footprint:    \u003c10MB (all models embedded)               ║\n╚════════════════════════════════════════════════════════════════╝\n```\n\n**Kernel Bypass Mode (Bare Metal):**\n```\n╔════════════════════════════════════════════════════════════════╗\n║              KERNEL BYPASS BENCHMARKS (AF_XDP)                 ║\n╠════════════════════════════════════════════════════════════════╣\n║ XDP Mode:            10-25 Gbps (event-driven, low power)      ║\n║ Per-Packet Latency:  \u003c300ns (P99)                              ║\n║ Zero-Copy:           No memcpy in hot path                     ║\n║ Lock-Free Rings:     SPSC queues, no contention                ║\n║ Batch Processing:    64 packets per burst                      ║\n║ CPU Pinning:         Dedicated cores per queue                 ║\n║ NUMA Aware:          Memory allocation close to CPU            ║\n║ Huge Pages:          1GB/2MB pages for minimal TLB misses      ║\n╚════════════════════════════════════════════════════════════════╝\n```\n\n\u003e **Note:** AF_XDP kernel bypass requires the `xdp` feature and Linux kernel 5.4+.\n\u003e Event-driven architecture with no dedicated CPU cores needed. See deployment guides for setup.\n\n## Uninstall\n\n### Linux / macOS\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/gagansuie/oxidize/main/scripts/uninstall.sh | sudo bash\n```\n\n### Windows (PowerShell as Admin)\n\n```powershell\nirm https://raw.githubusercontent.com/gagansuie/oxidize/main/scripts/uninstall-windows.ps1 | iex\n```\n\n### Options\n\n```bash\n# Linux/macOS\nsudo ./scripts/uninstall.sh --repo /path/to/oxidize   # Also clean local builds\n./scripts/uninstall.sh --local-only                   # Only clean builds (no sudo)\n```\n\n```powershell\n# Windows\n.\\scripts\\uninstall-windows.ps1 -Repo C:\\path\\to\\oxidize   # Also clean local builds\n.\\scripts\\uninstall-windows.ps1 -LocalOnly                 # Only clean builds\n```\n\n### What Gets Removed\n\n| Component | Linux | macOS | Windows |\n|-----------|-------|-------|---------|\n| **Binaries** | `/usr/local/bin/oxidize-*` | Same | `%ProgramFiles%\\Oxidize\\` |\n| **Services** | systemd units | launchd plist | Windows service |\n| **Config** | `/etc/oxidize/` | Same | `%APPDATA%\\Oxidize\\` |\n| **Desktop entries** | `.desktop` files | N/A | Start menu shortcuts |\n| **App data** | `~/.local/share/com.oxidize.app` | `~/Library/Application Support/` | `%LOCALAPPDATA%\\com.oxidize.app` |\n| **Firewall** | iptables NFQUEUE | PF rules | Firewall rule + WinDivert |\n| **Local builds** | `target/`, `node_modules/`, `gen/` | Same | Same |\n\n\u003e **Review the scripts:** [uninstall.sh](scripts/uninstall.sh) · [uninstall-windows.ps1](scripts/uninstall-windows.ps1)\n\n## License\n\nMIT OR Apache-2.0\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\u003csub\u003eBuilt with 🦀 by \u003ca href=\"https://github.com/gagansuie\"\u003egagansuie\u003c/a\u003e\u003c/sub\u003e\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgagansuie%2Foxidize","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgagansuie%2Foxidize","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgagansuie%2Foxidize/lists"}