├── debian ├── compat ├── source │ └── format ├── libshadowsocks-libev2.install ├── shadowsocks-libev.docs ├── libshadowsocks-libev-dev.install ├── source.lintian-overrides ├── .gitignore ├── tests │ └── control ├── config.json ├── shadowsocks-libev.install ├── watch ├── doc-base ├── shadowsocks-libev.postrm ├── copyright.original ├── rules ├── shadowsocks-libev.default ├── README.Debian ├── shadowsocks-libev-local@.service ├── shadowsocks-libev.service ├── shadowsocks-libev-server@.service ├── shadowsocks-libev-tunnel@.service ├── shadowsocks-libev-redir@.service ├── shadowsocks-libev.postinst ├── control ├── libshadowsocks-libev2.symbols └── shadowsocks-libev.init ├── autogen.sh ├── docker ├── build │ ├── dockerbuild.sh │ └── builder.Dockerfile ├── alpine │ ├── docker-compose.yml │ ├── Dockerfile │ └── README.md └── mingw │ ├── make.bat │ ├── Makefile │ ├── Dockerfile │ ├── deps.sh │ ├── prepare.sh │ └── build.sh ├── acl └── local.acl ├── tests ├── aes-ctr.json ├── aes-gcm.json ├── aes.json ├── rc4-md5.json ├── salsa20.json ├── chacha20.json ├── chacha20-ietf.json ├── chacha20-ietf-poly1305.json ├── test.sh └── test.py ├── shadowsocks-libev.pc.in ├── .gitmodules ├── .dockerignore ├── .copr └── Makefile ├── AUTHORS ├── cmake └── shadowsocks-libev.pc.cmake ├── doc ├── manpage-normal.xsl ├── manpage-bold-literal.xsl ├── asciidoc.conf ├── manpage-base.xsl ├── Makefile.am ├── ss-nat.asciidoc ├── CMakeLists.txt ├── ss-tunnel.asciidoc ├── ss-local.asciidoc └── ss-redir.asciidoc ├── scripts ├── iperf.sh ├── git_version.sh ├── git_archive.sh └── chroot_build.sh ├── Makefile.am ├── .github └── issue_template.md ├── COPYING ├── code-format.bat ├── code-format.sh ├── rpm ├── SOURCES │ ├── systemd │ │ ├── shadowsocks-libev.default │ │ ├── shadowsocks-libev-local.service │ │ ├── shadowsocks-libev-local@.service │ │ ├── shadowsocks-libev-server@.service │ │ ├── shadowsocks-libev-tunnel@.service │ │ ├── shadowsocks-libev.service │ │ └── shadowsocks-libev-redir@.service │ └── etc │ │ └── init.d │ │ └── shadowsocks-libev └── genrpm.sh ├── m4 ├── cares.m4 ├── sodium.m4 ├── inet_ntop.m4 ├── stack-protector.m4 ├── mbedtls.m4 ├── ax_tls.m4 └── pcre.m4 ├── src ├── ppbloom.h ├── tls.h ├── http.h ├── acl.h ├── protocol.h ├── aead.h ├── stream.h ├── socks5.h ├── resolv.h ├── base64.h ├── manager.h ├── tunnel.h ├── rule.h ├── redir.h ├── cache.h ├── udprelay.h ├── common.h ├── jconf.h ├── local.h ├── ppbloom.c ├── plugin.h ├── server.h ├── winsock.h ├── netutils.h ├── shadowsocks.h ├── base64.c ├── Makefile.am ├── rule.c ├── android.c └── crypto.h ├── completions ├── zsh │ ├── _ss-redir │ ├── _ss-tunnel │ ├── _ss-local │ ├── _ss-manager │ └── _ss-server └── bash │ ├── ss-redir │ ├── ss-local │ ├── ss-tunnel │ ├── ss-manager │ └── ss-server ├── .gitignore └── .travis.yml /debian/compat: -------------------------------------------------------------------------------- 1 | 10 2 | -------------------------------------------------------------------------------- /debian/source/format: -------------------------------------------------------------------------------- 1 | 3.0 (quilt) 2 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | autoreconf --install --force 4 | -------------------------------------------------------------------------------- /debian/libshadowsocks-libev2.install: -------------------------------------------------------------------------------- 1 | usr/lib/*/libshadowsocks-libev.so.* 2 | -------------------------------------------------------------------------------- /debian/shadowsocks-libev.docs: -------------------------------------------------------------------------------- 1 | AUTHORS 2 | README.md 3 | debian/copyright.original 4 | scripts 5 | -------------------------------------------------------------------------------- /debian/libshadowsocks-libev-dev.install: -------------------------------------------------------------------------------- 1 | usr/include/ 2 | usr/lib/*/libshadowsocks-libev.so 3 | usr/lib/*/pkgconfig/ 4 | -------------------------------------------------------------------------------- /debian/source.lintian-overrides: -------------------------------------------------------------------------------- 1 | # false positive: #765166 2 | shadowsocks-libev source: license-problem-gfdl-invariants 3 | -------------------------------------------------------------------------------- /debian/.gitignore: -------------------------------------------------------------------------------- 1 | *.substvars 2 | debhelper-build-stamp 3 | libshadowsocks-libev*/ 4 | libshadowsocks-libev-dev/ 5 | tmp/ 6 | -------------------------------------------------------------------------------- /debian/tests/control: -------------------------------------------------------------------------------- 1 | Test-Command: bash tests/test.sh 2 | Depends: @, python, curl, dnsutils 3 | Restrictions: allow-stderr 4 | -------------------------------------------------------------------------------- /docker/build/dockerbuild.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | set -o xtrace 4 | 5 | cmake -DBUILD_STATIC=OFF . && make && make install -------------------------------------------------------------------------------- /acl/local.acl: -------------------------------------------------------------------------------- 1 | [reject_all] 2 | 3 | [white_list] 4 | 127.0.0.1 5 | ::1 6 | 10.0.0.0/8 7 | 172.16.0.0/12 8 | 192.168.0.0/16 9 | fc00::/7 10 | -------------------------------------------------------------------------------- /debian/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "server":"127.0.0.1", 3 | "server_port":8388, 4 | "local_port":1080, 5 | "password":"barfoo!", 6 | "timeout":60, 7 | "method":"chacha20-ietf-poly1305" 8 | } 9 | -------------------------------------------------------------------------------- /debian/shadowsocks-libev.install: -------------------------------------------------------------------------------- 1 | debian/config.json usr/share/shadowsocks-libev 2 | debian/shadowsocks-libev-*.service lib/systemd/system 3 | usr/bin/ 4 | usr/share/man/ 5 | completions/bash/* usr/share/bash-completion/completions/ 6 | -------------------------------------------------------------------------------- /docker/alpine/docker-compose.yml: -------------------------------------------------------------------------------- 1 | shadowsocks: 2 | image: shadowsocks/shadowsocks-libev 3 | ports: 4 | - "8388:8388/tcp" 5 | - "8388:8388/udp" 6 | environment: 7 | - METHOD=aes-256-cfb 8 | - PASSWORD=9MLSpPmNt 9 | restart: always 10 | -------------------------------------------------------------------------------- /tests/aes-ctr.json: -------------------------------------------------------------------------------- 1 | { 2 | "server":"127.0.0.1", 3 | "server_port":8389, 4 | "local_port":1081, 5 | "password":"aes_password", 6 | "timeout":60, 7 | "method":"aes-256-ctr", 8 | "local_address":"127.0.0.1", 9 | "fast_open":false 10 | } 11 | -------------------------------------------------------------------------------- /tests/aes-gcm.json: -------------------------------------------------------------------------------- 1 | { 2 | "server":"127.0.0.1", 3 | "server_port":8389, 4 | "local_port":1081, 5 | "password":"aes_password", 6 | "timeout":60, 7 | "method":"aes-256-gcm", 8 | "local_address":"127.0.0.1", 9 | "fast_open":false 10 | } 11 | -------------------------------------------------------------------------------- /tests/aes.json: -------------------------------------------------------------------------------- 1 | { 2 | "server":"127.0.0.1", 3 | "server_port":8389, 4 | "local_port":1081, 5 | "password":"aes_password", 6 | "timeout":60, 7 | "method":"aes-256-cfb", 8 | "local_address":"127.0.0.1", 9 | "fast_open":false 10 | } 11 | -------------------------------------------------------------------------------- /tests/rc4-md5.json: -------------------------------------------------------------------------------- 1 | { 2 | "server":"127.0.0.1", 3 | "server_port":8389, 4 | "local_port":1081, 5 | "password":"aes_password", 6 | "timeout":60, 7 | "method":"rc4-md5", 8 | "local_address":"127.0.0.1", 9 | "fast_open":false 10 | } 11 | -------------------------------------------------------------------------------- /tests/salsa20.json: -------------------------------------------------------------------------------- 1 | { 2 | "server":"127.0.0.1", 3 | "server_port":8389, 4 | "local_port":1081, 5 | "password":"salsa20_password", 6 | "timeout":60, 7 | "method":"salsa20", 8 | "local_address":"127.0.0.1", 9 | "fast_open":false 10 | } 11 | -------------------------------------------------------------------------------- /tests/chacha20.json: -------------------------------------------------------------------------------- 1 | { 2 | "server":"127.0.0.1", 3 | "server_port":8389, 4 | "local_port":1081, 5 | "password":"chacha20_password", 6 | "timeout":60, 7 | "method":"chacha20", 8 | "local_address":"127.0.0.1", 9 | "fast_open":false 10 | } 11 | -------------------------------------------------------------------------------- /tests/chacha20-ietf.json: -------------------------------------------------------------------------------- 1 | { 2 | "server":"127.0.0.1", 3 | "server_port":8389, 4 | "local_port":1081, 5 | "password":"salsa20_password", 6 | "timeout":60, 7 | "method":"chacha20-ietf", 8 | "local_address":"127.0.0.1", 9 | "fast_open":false 10 | } 11 | -------------------------------------------------------------------------------- /tests/chacha20-ietf-poly1305.json: -------------------------------------------------------------------------------- 1 | { 2 | "server":"127.0.0.1", 3 | "server_port":8389, 4 | "local_port":1081, 5 | "password":"salsa20_password", 6 | "timeout":60, 7 | "method":"chacha20-ietf-poly1305", 8 | "local_address":"127.0.0.1", 9 | "fast_open":false 10 | } 11 | -------------------------------------------------------------------------------- /debian/watch: -------------------------------------------------------------------------------- 1 | version=4 2 | 3 | opts="repack,compression=xz, \ 4 | dversionmangle=s/\+ds\d*$//,repacksuffix=+ds, \ 5 | filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%shadowsocks-libev_$1.orig.tar.gz%" \ 6 | https://github.com/shadowsocks/shadowsocks-libev/tags \ 7 | (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate 8 | -------------------------------------------------------------------------------- /docker/build/builder.Dockerfile: -------------------------------------------------------------------------------- 1 | # Alpine with China mirror 2 | FROM alpine 3 | MAINTAINER wener 4 | 5 | # Better for cache and dev 6 | RUN apk add --no-cache --virtual .build-deps \ 7 | alpine-sdk cmake \ 8 | linux-headers libev-dev libsodium-dev mbedtls-static mbedtls-dev pcre-dev udns-dev 9 | -------------------------------------------------------------------------------- /shadowsocks-libev.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | libdir=@libdir@ 4 | includedir=@includedir@ 5 | 6 | Name: shadowsocks-libev 7 | Description: a lightweight secured socks5 proxy 8 | URL: https://shadowsocks.org 9 | Version: @VERSION@ 10 | Requires: 11 | Cflags: -I${includedir} 12 | Libs: -L${libdir} -lshadowsocks-libev -lcrypto 13 | -------------------------------------------------------------------------------- /debian/doc-base: -------------------------------------------------------------------------------- 1 | Document: shadowsocks-libev 2 | Title: shadowsocks-libev documentation 3 | Author: Max Lv 4 | Abstract: This is the documentation of shadowsocks-libev 5 | Section: Network/Communication 6 | 7 | Format: HTML 8 | Index: /usr/share/doc/shadowsocks-libev/shadowsocks-libev.html 9 | Files: /usr/share/doc/shadowsocks-libev/*.html 10 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "libcork"] 2 | path = libcork 3 | url = https://github.com/shadowsocks/libcork.git 4 | ignore = dirty 5 | [submodule "libipset"] 6 | path = libipset 7 | url = https://github.com/shadowsocks/ipset.git 8 | ignore = dirty 9 | [submodule "libbloom"] 10 | path = libbloom 11 | url = https://github.com/shadowsocks/libbloom.git 12 | ignore = dirty 13 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | # General 2 | .dockerignore 3 | .git 4 | .gitmodules 5 | .gitignore 6 | .github 7 | AUTHORS 8 | Changes 9 | COPYING 10 | INSTALL 11 | LICENSE 12 | README.md 13 | 14 | # Code formatting 15 | .uncrustify.cfg 16 | code-format.bat 17 | code-format.sh 18 | 19 | # CI & CD 20 | .travis.yml 21 | tests 22 | 23 | # OS-specific packaging, etc. 24 | debian 25 | scripts/build_deb.sh 26 | rpm 27 | completions 28 | -------------------------------------------------------------------------------- /.copr/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: deps srpm 2 | .DEFAULT_GOAL := srpm 3 | 4 | DOT_COPR := $(dir $(firstword $(MAKEFILE_LIST))) 5 | TOP_DIR := $(realpath $(DOT_COPR)/../) 6 | 7 | RPM_DIR := $(TOP_DIR)/rpm 8 | outdir ?= $(RPM_DIR)/SRPMS 9 | 10 | HAS_GIT := $(shell command -v git 2> /dev/null) 11 | ifndef HAS_GIT 12 | deps: 13 | dnf -y install git 14 | else 15 | deps: 16 | endif 17 | 18 | srpm: deps 19 | $(TOP_DIR)/rpm/genrpm.sh -o $(outdir) 20 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Shadowsocks-libev was originally created in late 2013, by 2 | Clowwindy , then rewritten and maintained by 3 | Max Lv . 4 | 5 | Here is an inevitably incomplete list of MUCH-APPRECIATED CONTRIBUTORS -- 6 | people who have submitted patches, fixed bugs, added translations, and 7 | generally made shadowsocks-libev that much better: 8 | 9 | https://github.com/shadowsocks/shadowsocks-libev/graphs/contributors 10 | -------------------------------------------------------------------------------- /docker/mingw/make.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | pushd %~dp0 3 | set "REPO=shadowsocks" 4 | set "REV=master" 5 | set "PLUGIN=true" 6 | set "IMAGE=ss-build-mingw" 7 | set "DIST=ss-libev-win-dist.tar.gz" 8 | docker build --force-rm -t %IMAGE% ^ 9 | --build-arg REV=%REV% --build-arg REPO=%REPO% ^ 10 | --build-arg REBUILD=%RANDOM% ^ 11 | --build-arg PLUGIN=%PLUGIN% . 12 | docker run --rm --entrypoint cat %IMAGE% /bin.tgz > %DIST% 13 | pause 14 | -------------------------------------------------------------------------------- /debian/shadowsocks-libev.postrm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | case "$1" in 6 | purge) 7 | rm -f /etc/shadowsocks-libev/config.json 8 | test -f /etc/shadowsocks-libev/* \ 9 | || rm -r /etc/shadowsocks-libev/ 10 | ;; 11 | remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) 12 | exit 0 13 | ;; 14 | *) 15 | echo "postrm called with unknown argument \`$1'" >&2 16 | exit 0 17 | ;; 18 | esac 19 | 20 | #DEBHELPER# 21 | 22 | exit 0 23 | -------------------------------------------------------------------------------- /debian/copyright.original: -------------------------------------------------------------------------------- 1 | This work was packaged for Debian by: 2 | 3 | Max Lv on Sat, 06 Apr 2013 16:59:15 +0800 4 | 5 | It was downloaded from: 6 | 7 | https://github.com/madeye/shadowsocks-libev 8 | 9 | Upstream Author(s): 10 | 11 | clowwindy 12 | 13 | Copyright: 14 | 15 | Copyright (C) 2013 Max Lv 16 | 17 | License: 18 | 19 | GPLv3 20 | 21 | The Debian packaging is: 22 | 23 | Copyright (C) 2013 Max Lv 24 | -------------------------------------------------------------------------------- /cmake/shadowsocks-libev.pc.cmake: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=${prefix}/@CMAKE_INSTALL_BINDIR@ 3 | libdir=${exec_prefix}/@CMAKE_INSTALL_FULL_LIBDIR@ 4 | includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ 5 | sharedir=${prefix}/@CMAKE_INSTALL_DATAROOTDIR@ 6 | mandir=${prefix}/@CMAKE_INSTALL_MANDIR@ 7 | 8 | Name: @PROJECT_NAME@ 9 | Description: @PROJECT_DESC@ 10 | URL: @PROJECT_URL@ 11 | Version: @PROJECT_VERSION@ 12 | Requires: 13 | Cflags: -I${includedir} 14 | Libs: -L${libdir} -lshadowsocks-libev -lcrypto 15 | -------------------------------------------------------------------------------- /doc/manpage-normal.xsl: -------------------------------------------------------------------------------- 1 | 4 | 6 | 7 | 8 | 9 | 10 | \ 11 | . 12 | 13 | 14 | -------------------------------------------------------------------------------- /scripts/iperf.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | number=$1 4 | method=$2 5 | 6 | ss-tunnel -k test -m $method -l 8387 -L 127.0.0.1:8388 -s 127.0.0.1 -p 8389 & 7 | ss_tunnel_pid=$! 8 | ss-server -k test -m $method -s 127.0.0.1 -p 8389 & 9 | ss_server_pid=$! 10 | 11 | iperf -s -p 8388 & 12 | iperf_pid=$! 13 | 14 | sleep 1 15 | 16 | iperf -c 127.0.0.1 -p 8387 -n $number 17 | 18 | # Wait for iperf server to receive all data. 19 | # One second should be enough in most cases. 20 | sleep 1 21 | 22 | kill $ss_tunnel_pid 23 | kill $ss_server_pid 24 | kill $iperf_pid 25 | 26 | sleep 1 27 | echo "Test Finished" 28 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | if USE_SYSTEM_SHARED_LIB 2 | SUBDIRS = src 3 | else 4 | SUBDIRS = libcork libipset libbloom src 5 | endif 6 | 7 | if ENABLE_DOCUMENTATION 8 | SUBDIRS += doc 9 | endif 10 | 11 | ACLOCAL_AMFLAGS = -I m4 12 | 13 | pkgconfiglibdir = $(libdir)/pkgconfig 14 | pkgconfiglib_DATA = shadowsocks-libev.pc 15 | 16 | EXTRA_DIST = acl Changes completions debian docker rpm scripts README.md 17 | EXTRA_DIST += libbloom 18 | EXTRA_DIST += libcork/include libipset/include 19 | EXTRA_DIST += libipset/src/libipset/map/inspection-template.c.in 20 | EXTRA_DIST += libipset/src/libipset/set/inspection-template.c.in 21 | -------------------------------------------------------------------------------- /.github/issue_template.md: -------------------------------------------------------------------------------- 1 | Please answer these questions before submitting your issue. Thanks! 2 | 3 | (Please mention that if the issue you filed is solved, you may wish to close it by yourself. Thanks again.) 4 | 5 | (PS, you can remove 3 lines above, including this one, before post your issue.) 6 | 7 | ### What version of shadowsocks-libev are you using? 8 | 9 | 10 | ### What operating system are you using? 11 | 12 | 13 | ### What did you do? 14 | 15 | 16 | ### What did you expect to see? 17 | 18 | 19 | ### What did you see instead? 20 | 21 | 22 | ### What is your config in detail (with all sensitive info masked)? 23 | -------------------------------------------------------------------------------- /scripts/git_version.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | # determine version and release number 5 | GIT_DESCRIBE=$(git describe --tags --match 'v*' --long) 6 | # GIT_DESCRIBE is like v3.0.3-11-g1e3f35c-dirty 7 | if [[ ! "$GIT_DESCRIBE" =~ ^v([^-]+)-([0-9]+)-g([0-9a-f]+)$ ]]; then 8 | >&2 echo 'ERROR - unrecognized `git describe` output: '"$GIT_DESCRIBE" 9 | exit 1 10 | fi 11 | 12 | version=${BASH_REMATCH[1]} 13 | commits=${BASH_REMATCH[2]} 14 | short_hash=${BASH_REMATCH[3]} 15 | 16 | release=1 17 | if [ "${commits}" -gt 0 ] ; then 18 | release+=.${commits}.git${short_hash} 19 | fi 20 | 21 | echo "${version} ${release}" 22 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | This program is free software: you can redistribute it and/or modify 2 | it under the terms of the GNU General Public License as published by 3 | the Free Software Foundation, either version 3 of the License, or 4 | (at your option) any later version. 5 | 6 | This program is distributed in the hope that it will be useful, 7 | but WITHOUT ANY WARRANTY; without even the implied warranty of 8 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 9 | GNU General Public License for more details. 10 | 11 | You should have received a copy of the GNU General Public License 12 | along with this program. If not, see . 13 | -------------------------------------------------------------------------------- /doc/manpage-bold-literal.xsl: -------------------------------------------------------------------------------- 1 | 3 | 5 | 6 | 9 | 10 | 11 | fB 12 | 13 | 14 | fR 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | # See debhelper(7) (uncomment to enable) 3 | # output every command that modifies files on the build system. 4 | #export DH_VERBOSE = 1 5 | 6 | # Security Hardening 7 | export DEB_BUILD_MAINT_OPTIONS = hardening=+all 8 | 9 | override_dh_auto_install: 10 | find src/ -name '*.la' -delete 11 | dh_auto_install 12 | 13 | override_dh_auto_configure: 14 | # Whether to have stack-protector is decided by dpkg-buildflags. 15 | # So --disable-ssp here should be safe. See Bug#829498 16 | dh_auto_configure -- \ 17 | --enable-shared \ 18 | --disable-ssp 19 | 20 | override_dh_installchangelogs: 21 | dh_installchangelogs -XChanges 22 | 23 | %: 24 | dh $@ 25 | -------------------------------------------------------------------------------- /code-format.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | set root=%~dp0 4 | set source=%root%src 5 | 6 | goto start 7 | 8 | :format 9 | set filelist=%1 10 | for /r "%filelist%" %%f in (*) do ( 11 | if "%%~xf" equ ".h" ( 12 | call :format_file %%f 13 | ) else if "%%~xf" equ ".c" ( 14 | call :format_file %%f 15 | ) 16 | ) 17 | goto end 18 | 19 | :format_file 20 | set f=%1 21 | if "%~n1" neq "base64" ( 22 | if "%~n1" neq "json" ( 23 | if "%~n1" neq "uthash" ( 24 | echo 'format file "%f%"' 25 | uncrustify -c %root%\.uncrustify.cfg -l C --replace --no-backup %f% 26 | DEL %~dp1*.uncrustify >nul 2>nul 27 | ) 28 | ) 29 | ) 30 | goto end 31 | 32 | :start 33 | call :format %source% 34 | 35 | :end 36 | -------------------------------------------------------------------------------- /debian/shadowsocks-libev.default: -------------------------------------------------------------------------------- 1 | # Defaults for shadowsocks initscript 2 | # sourced by /etc/init.d/shadowsocks-libev 3 | # installed at /etc/default/shadowsocks-libev by the maintainer scripts 4 | 5 | # 6 | # This is a POSIX shell fragment 7 | # 8 | # Note: `START', `GROUP' and `MAXFD' options are not recognized by systemd. 9 | # Please change those settings in the corresponding systemd unit file. 10 | 11 | # Enable during startup? 12 | START=yes 13 | 14 | # Configuration file 15 | CONFFILE="/etc/shadowsocks-libev/config.json" 16 | 17 | # Extra command line arguments 18 | DAEMON_ARGS="-u" 19 | 20 | # User and group to run the server as 21 | USER=nobody 22 | GROUP=nogroup 23 | 24 | # Number of maximum file descriptors 25 | MAXFD=32768 26 | -------------------------------------------------------------------------------- /code-format.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | root=$(pwd) 4 | source="$root"/src 5 | 6 | function format() { 7 | filelist=$(ls "$1") 8 | pushd "$1" 9 | for file in $filelist; do 10 | if test -d "$file"; then 11 | echo "format directory $file" 12 | format "$file" 13 | else 14 | if ([ "${file%%.*}" != "base64" ] && 15 | [ "${file%%.*}" != "json" ] && 16 | [ "${file%%.*}" != "uthash" ]) && 17 | ([ "${file##*.}" = "h" ] || [ "${file##*.}" = "c" ]); then 18 | echo "format file $file" 19 | uncrustify -c "$root"/.uncrustify.cfg -l C --replace --no-backup "$file" 20 | rm ./*.uncrustify >/dev/null 2>&1 21 | fi 22 | fi 23 | done 24 | popd 25 | } 26 | 27 | format "$source" 28 | -------------------------------------------------------------------------------- /rpm/SOURCES/systemd/shadowsocks-libev.default: -------------------------------------------------------------------------------- 1 | # Defaults for shadowsocks initscript 2 | # sourced by /etc/init.d/shadowsocks-libev 3 | # installed at /etc/sysconfig/shadowsocks-libev by the maintainer scripts 4 | 5 | # 6 | # This is a POSIX shell fragment 7 | # 8 | # Note: `START', `GROUP' and `MAXFD' options are not recognized by systemd. 9 | # Please change those settings in the corresponding systemd unit file. 10 | 11 | # Enable during startup? 12 | START=yes 13 | 14 | # Configuration file 15 | CONFFILE="/etc/shadowsocks-libev/config.json" 16 | 17 | # Extra command line arguments 18 | DAEMON_ARGS="-u" 19 | 20 | # User and group to run the server as 21 | USER=nobody 22 | GROUP=nobody 23 | 24 | # Number of maximum file descriptors 25 | MAXFD=32768 26 | -------------------------------------------------------------------------------- /debian/README.Debian: -------------------------------------------------------------------------------- 1 | shadowsocks-libev for Debian 2 | ---------------------------- 3 | 4 | The Debian package has added systemd support. A default server service which 5 | reads the default configuration in /etc/default/shadowsocks-libev is installed 6 | and enabled by default, plus some other service templates placed in 7 | /lib/systemd/system, which can be used by users later. 8 | 9 | The systemd service templates accept one parameter to determine the 10 | configuration json file that is used by this instance. For example, 11 | if the user starts a service called "shadowsocks-libev-local@foobar.service", 12 | This service instance will start the "ss-local" client and read 13 | /etc/shadowsocks-libev/foobar.json as its configuration file. 14 | 15 | -- Boyuan Yang <073plan@gmail.com> Thu, 08 Sep 2016 19:01:20 +0800 16 | -------------------------------------------------------------------------------- /debian/shadowsocks-libev-local@.service: -------------------------------------------------------------------------------- 1 | # This file is part of shadowsocks-libev. 2 | # 3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation; either version 3 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # This is a template unit file. Users may copy and rename the file into 9 | # config directories to make new service instances. See systemd.unit(5) 10 | # for details. 11 | 12 | [Unit] 13 | Description=Shadowsocks-Libev Custom Client Service for %I 14 | Documentation=man:ss-local(1) 15 | After=network.target 16 | 17 | [Service] 18 | Type=simple 19 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE 20 | ExecStart=/usr/bin/ss-local -c /etc/shadowsocks-libev/%i.json 21 | 22 | [Install] 23 | WantedBy=multi-user.target 24 | 25 | -------------------------------------------------------------------------------- /debian/shadowsocks-libev.service: -------------------------------------------------------------------------------- 1 | # This file is part of shadowsocks-libev. 2 | # 3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation; either version 3 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # This file is default for Debian packaging. See also 9 | # /etc/default/shadowsocks-libev for environment variables. 10 | 11 | [Unit] 12 | Description=Shadowsocks-libev Default Server Service 13 | Documentation=man:shadowsocks-libev(8) 14 | After=network.target 15 | 16 | [Service] 17 | Type=simple 18 | EnvironmentFile=/etc/default/shadowsocks-libev 19 | User=nobody 20 | Group=nogroup 21 | LimitNOFILE=32768 22 | ExecStart=/usr/bin/ss-server -c $CONFFILE $DAEMON_ARGS 23 | 24 | [Install] 25 | WantedBy=multi-user.target 26 | 27 | -------------------------------------------------------------------------------- /debian/shadowsocks-libev-server@.service: -------------------------------------------------------------------------------- 1 | # This file is part of shadowsocks-libev. 2 | # 3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation; either version 3 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # This is a template unit file. Users may copy and rename the file into 9 | # config directories to make new service instances. See systemd.unit(5) 10 | # for details. 11 | 12 | [Unit] 13 | Description=Shadowsocks-Libev Custom Server Service for %I 14 | Documentation=man:ss-server(1) 15 | After=network.target 16 | 17 | [Service] 18 | Type=simple 19 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE 20 | ExecStart=/usr/bin/ss-server -c /etc/shadowsocks-libev/%i.json 21 | 22 | [Install] 23 | WantedBy=multi-user.target 24 | 25 | -------------------------------------------------------------------------------- /debian/shadowsocks-libev-tunnel@.service: -------------------------------------------------------------------------------- 1 | # This file is part of shadowsocks-libev. 2 | # 3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation; either version 3 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # This is a template unit file. Users may copy and rename the file into 9 | # config directories to make new service instances. See systemd.unit(5) 10 | # for details. 11 | 12 | [Unit] 13 | Description=Shadowsocks-Libev Custom Client Service Tunnel Mode for %I 14 | Documentation=man:ss-tunnel(1) 15 | After=network.target 16 | 17 | [Service] 18 | Type=simple 19 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE 20 | ExecStart=/usr/bin/ss-tunnel -c /etc/shadowsocks-libev/%i.json 21 | 22 | [Install] 23 | WantedBy=multi-user.target 24 | 25 | -------------------------------------------------------------------------------- /debian/shadowsocks-libev-redir@.service: -------------------------------------------------------------------------------- 1 | # This file is part of shadowsocks-libev. 2 | # 3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation; either version 3 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # This is a template unit file. Users may copy and rename the file into 9 | # config directories to make new service instances. See systemd.unit(5) 10 | # for details. 11 | 12 | [Unit] 13 | Description=Shadowsocks-Libev Custom Client Service Redir Mode for %I 14 | Documentation=man:ss-redir(1) 15 | After=network.target 16 | 17 | [Service] 18 | Type=simple 19 | CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE 20 | ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks-libev/%i.json 21 | 22 | [Install] 23 | WantedBy=multi-user.target 24 | 25 | -------------------------------------------------------------------------------- /rpm/SOURCES/systemd/shadowsocks-libev-local.service: -------------------------------------------------------------------------------- 1 | # This file is part of shadowsocks-libev. 2 | # 3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation; either version 3 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # This file is default for RPM packaging. See also 9 | # /etc/sysconfig/shadowsocks-libev for environment variables. 10 | 11 | [Unit] 12 | Description=Shadowsocks-libev Default Local Service 13 | Documentation=man:shadowsocks-libev(8) 14 | After=network.target 15 | 16 | [Service] 17 | Type=simple 18 | EnvironmentFile=/etc/sysconfig/shadowsocks-libev 19 | User=nobody 20 | Group=nobody 21 | LimitNOFILE=32768 22 | ExecStart=/usr/bin/ss-local -c "$CONFFILE" $DAEMON_ARGS 23 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE 24 | 25 | [Install] 26 | WantedBy=multi-user.target 27 | 28 | -------------------------------------------------------------------------------- /rpm/SOURCES/systemd/shadowsocks-libev-local@.service: -------------------------------------------------------------------------------- 1 | # This file is part of shadowsocks-libev. 2 | # 3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation; either version 3 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # This is a template unit file. Users may copy and rename the file into 9 | # config directories to make new service instances. See systemd.unit(5) 10 | # for details. 11 | 12 | [Unit] 13 | Description=Shadowsocks-Libev Custom Client Service for %I 14 | Documentation=man:ss-local(1) 15 | After=network.target 16 | 17 | [Service] 18 | Type=simple 19 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE 20 | ExecStart=/usr/bin/ss-local -c /etc/shadowsocks-libev/%i.json 21 | User=nobody 22 | Group=nobody 23 | LimitNOFILE=32768 24 | 25 | [Install] 26 | WantedBy=multi-user.target 27 | 28 | -------------------------------------------------------------------------------- /doc/asciidoc.conf: -------------------------------------------------------------------------------- 1 | [tags] 2 | bracket-emphasis={1?[{1}]}<|> 3 | 4 | [quotes] 5 | <|>=#bracket-emphasis 6 | 7 | [attributes] 8 | asterisk=* 9 | plus=+ 10 | caret=^ 11 | startsb=[ 12 | endsb=] 13 | backslash=\ 14 | tilde=~ 15 | apostrophe=' 16 | backtick=` 17 | litdd=-- 18 | 19 | ifdef::doctype-manpage[] 20 | ifdef::backend-docbook[] 21 | [header] 22 | template::[header-declarations] 23 | 24 | 25 | {mantitle} 26 | {manvolnum} 27 | Shadowsocks-libev 28 | {version} 29 | Shadowsocks-libev Manual 30 | 31 | 32 | {manname} 33 | {manpurpose} 34 | 35 | endif::backend-docbook[] 36 | endif::doctype-manpage[] 37 | -------------------------------------------------------------------------------- /rpm/SOURCES/systemd/shadowsocks-libev-server@.service: -------------------------------------------------------------------------------- 1 | # This file is part of shadowsocks-libev. 2 | # 3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation; either version 3 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # This is a template unit file. Users may copy and rename the file into 9 | # config directories to make new service instances. See systemd.unit(5) 10 | # for details. 11 | 12 | [Unit] 13 | Description=Shadowsocks-Libev Custom Server Service for %I 14 | Documentation=man:ss-server(1) 15 | After=network.target 16 | 17 | [Service] 18 | Type=simple 19 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE 20 | ExecStart=/usr/bin/ss-server -c /etc/shadowsocks-libev/%i.json 21 | User=nobody 22 | Group=nobody 23 | LimitNOFILE=32768 24 | 25 | [Install] 26 | WantedBy=multi-user.target 27 | 28 | -------------------------------------------------------------------------------- /m4/cares.m4: -------------------------------------------------------------------------------- 1 | dnl Check to find the libcares headers/libraries 2 | 3 | AC_DEFUN([ss_CARES], 4 | [ 5 | 6 | AC_ARG_WITH(cares, 7 | AS_HELP_STRING([--with-cares=DIR], [The c-ares library base directory, or:]), 8 | [cares="$withval" 9 | CFLAGS="$CFLAGS -I$withval/include" 10 | LDFLAGS="$LDFLAGS -L$withval/lib"] 11 | ) 12 | 13 | AC_ARG_WITH(cares-include, 14 | AS_HELP_STRING([--with-cares-include=DIR], [The c-ares library headers directory (without trailing /cares)]), 15 | [cares_include="$withval" 16 | CFLAGS="$CFLAGS -I$withval"] 17 | ) 18 | 19 | AC_ARG_WITH(cares-lib, 20 | AS_HELP_STRING([--with-cares-lib=DIR], [The c-ares library library directory]), 21 | [cares_lib="$withval" 22 | LDFLAGS="$LDFLAGS -L$withval"] 23 | ) 24 | 25 | AC_CHECK_LIB(cares, ares_library_init, 26 | [LIBS="-lcares $LIBS"], 27 | [AC_MSG_ERROR([The c-ares library libraries not found.])] 28 | ) 29 | 30 | ]) 31 | -------------------------------------------------------------------------------- /rpm/SOURCES/systemd/shadowsocks-libev-tunnel@.service: -------------------------------------------------------------------------------- 1 | # This file is part of shadowsocks-libev. 2 | # 3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation; either version 3 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # This is a template unit file. Users may copy and rename the file into 9 | # config directories to make new service instances. See systemd.unit(5) 10 | # for details. 11 | 12 | [Unit] 13 | Description=Shadowsocks-Libev Custom Client Service Tunnel Mode for %I 14 | Documentation=man:ss-tunnel(1) 15 | After=network.target 16 | 17 | [Service] 18 | Type=simple 19 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE 20 | ExecStart=/usr/bin/ss-tunnel -c /etc/shadowsocks-libev/%i.json 21 | User=nobody 22 | Group=nobody 23 | LimitNOFILE=32768 24 | 25 | [Install] 26 | WantedBy=multi-user.target 27 | 28 | -------------------------------------------------------------------------------- /rpm/SOURCES/systemd/shadowsocks-libev.service: -------------------------------------------------------------------------------- 1 | # This file is part of shadowsocks-libev. 2 | # 3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation; either version 3 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # This file is default for RPM packaging. See also 9 | # /etc/sysconfig/shadowsocks-libev for environment variables. 10 | 11 | [Unit] 12 | Description=Shadowsocks-libev Default Server Service 13 | Documentation=man:shadowsocks-libev(8) 14 | After=network.target network-online.target 15 | 16 | [Service] 17 | Type=simple 18 | EnvironmentFile=/etc/sysconfig/shadowsocks-libev 19 | User=nobody 20 | Group=nobody 21 | LimitNOFILE=32768 22 | ExecStart=/usr/bin/ss-server -c "$CONFFILE" $DAEMON_ARGS 23 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE 24 | 25 | [Install] 26 | WantedBy=multi-user.target 27 | 28 | -------------------------------------------------------------------------------- /rpm/SOURCES/systemd/shadowsocks-libev-redir@.service: -------------------------------------------------------------------------------- 1 | # This file is part of shadowsocks-libev. 2 | # 3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation; either version 3 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # This is a template unit file. Users may copy and rename the file into 9 | # config directories to make new service instances. See systemd.unit(5) 10 | # for details. 11 | 12 | [Unit] 13 | Description=Shadowsocks-Libev Custom Client Service Redir Mode for %I 14 | Documentation=man:ss-redir(1) 15 | After=network.target 16 | 17 | [Service] 18 | Type=simple 19 | CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE 20 | ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks-libev/%i.json 21 | User=nobody 22 | Group=nobody 23 | LimitNOFILE=32768 24 | 25 | [Install] 26 | WantedBy=multi-user.target 27 | 28 | -------------------------------------------------------------------------------- /tests/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | result=0 4 | 5 | function run_test { 6 | printf '\e[0;36m' 7 | echo "running test: $command $@" 8 | printf '\e[0m' 9 | 10 | $command "$@" 11 | status=$? 12 | if [ $status -ne 0 ]; then 13 | printf '\e[0;31m' 14 | echo "test failed: $command $@" 15 | printf '\e[0m' 16 | echo 17 | result=1 18 | else 19 | printf '\e[0;32m' 20 | echo OK 21 | printf '\e[0m' 22 | echo 23 | fi 24 | return 0 25 | } 26 | 27 | [ -d src -a -x src/ss-local ] && 28 | BIN="--bin src/" 29 | 30 | run_test python tests/test.py $BIN -c tests/aes.json 31 | run_test python tests/test.py $BIN -c tests/aes-gcm.json 32 | run_test python tests/test.py $BIN -c tests/aes-ctr.json 33 | run_test python tests/test.py $BIN -c tests/rc4-md5.json 34 | run_test python tests/test.py $BIN -c tests/salsa20.json 35 | run_test python tests/test.py $BIN -c tests/chacha20.json 36 | run_test python tests/test.py $BIN -c tests/chacha20-ietf.json 37 | run_test python tests/test.py $BIN -c tests/chacha20-ietf-poly1305.json 38 | 39 | exit $result 40 | -------------------------------------------------------------------------------- /src/ppbloom.h: -------------------------------------------------------------------------------- 1 | /* 2 | * ppbloom.h - Define the Ping-Pong Bloom Filter interface 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _PPBLOOM_ 24 | #define _PPBLOOM_ 25 | 26 | int ppbloom_init(int entries, double error); 27 | int ppbloom_check(const void *buffer, int len); 28 | int ppbloom_add(const void *buffer, int len); 29 | void ppbloom_free(void); 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /completions/zsh/_ss-redir: -------------------------------------------------------------------------------- 1 | #compdef ss-redir 2 | 3 | local ciphers 4 | ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)' 5 | 6 | _arguments "-h::" \ 7 | "-s:server host:_hosts" \ 8 | "-p:server port:" \ 9 | "-l:local port:" \ 10 | "-k:password:" \ 11 | "-m:encrypt method:$ciphers" \ 12 | "-a:run as user:_users" \ 13 | "-f:pid file:_files" \ 14 | "-t:timeout:" \ 15 | "-c:configure file:_files" \ 16 | "-n:nofile:" \ 17 | "-b:local address:(127.0.0.1 \:\:1 0.0.0.0 \:\:)" \ 18 | "-u:enable udp:" \ 19 | "-U:udp only:" \ 20 | "-v:verbose mode:" \ 21 | "--reuse-port::" \ 22 | "--fast-open::" \ 23 | "--acl:acl file:_files" \ 24 | "--mtu::" \ 25 | "--mptcp::" \ 26 | "--no-delay::" \ 27 | "--key:key in base64:" \ 28 | "--plugin:plugin name:" \ 29 | "--plugin-opts:plugin options:" \ 30 | "--help::" 31 | 32 | -------------------------------------------------------------------------------- /completions/zsh/_ss-tunnel: -------------------------------------------------------------------------------- 1 | #compdef ss-tunnel 2 | 3 | local ciphers 4 | ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)' 5 | 6 | _arguments "-h::" \ 7 | "-s:server host:_hosts" \ 8 | "-p:server port:" \ 9 | "-l:local port:" \ 10 | "-k:password:" \ 11 | "-m:encrypt method:$ciphers" \ 12 | "-a:run as user:_users" \ 13 | "-f:pid file:_files" \ 14 | "-t:timeout:" \ 15 | "-c:configure file:_files" \ 16 | "-n:nofile:" \ 17 | "-i:bind interface:_net_interfaces" \ 18 | "-b:local address:(127.0.0.1 \:\:1 0.0.0.0 \:\:)" \ 19 | "-u:enable udp:" \ 20 | "-U:udp only:" \ 21 | "-v:verbose mode:" \ 22 | "-L:destination server address and port:" \ 23 | "--reuse-port::" \ 24 | "--acl:acl file:_files" \ 25 | "--mtu::" \ 26 | "--key:key in base64:" \ 27 | "--plugin:plugin name:" \ 28 | "--plugin-opts:plugin options:" \ 29 | "--help::" 30 | 31 | -------------------------------------------------------------------------------- /completions/bash/ss-redir: -------------------------------------------------------------------------------- 1 | _ss_redir() 2 | { 3 | local cur prev opts ciphers 4 | opts='-s -p -l -k -m -a -f -t -c -n -b -u -U -v -h --reuse-port --mtu --mptcp --key --plugin --plugin-opts --help' 5 | ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf' 6 | cur=${COMP_WORDS[COMP_CWORD]} 7 | prev="${COMP_WORDS[COMP_CWORD-1]}" 8 | case "$prev" in 9 | -f|-c) 10 | _filedir || COMPREPLY=( $(compgen -o plusdirs -f ${cur}) ) 11 | ;; 12 | -s|-b) 13 | _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) ) 14 | ;; 15 | -m) 16 | COMPREPLY=( $(compgen -W "$ciphers" -- ${cur}) ) 17 | ;; 18 | -a) 19 | _allowed_users || COMPREPLY=( $(compgen -u -- ${cur}) ) 20 | ;; 21 | -p|-l|-k|-t|-n|--mtu|--key|--plugin|--plugin-opts) 22 | ;; 23 | *) 24 | COMPREPLY+=( $(compgen -W "${opts}" -- ${cur}) ) 25 | ;; 26 | esac 27 | return 0 28 | } 29 | 30 | complete -F _ss_redir ss-redir 31 | -------------------------------------------------------------------------------- /completions/zsh/_ss-local: -------------------------------------------------------------------------------- 1 | #compdef ss-local 2 | 3 | local ciphers 4 | ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)' 5 | 6 | _arguments "-h::" \ 7 | "-s:server host:_hosts" \ 8 | "-p:server port:" \ 9 | "-l:local port:" \ 10 | "-k:password:" \ 11 | "-m:encrypt method:$ciphers" \ 12 | "-a:run as user:_users" \ 13 | "-f:pid file:_files" \ 14 | "-t:timeout:" \ 15 | "-c:configure file:_files" \ 16 | "-n:max number of open files:" \ 17 | "-i:bind interface:_net_interfaces" \ 18 | "-b:local address:(127.0.0.1 \:\:1 0.0.0.0 \:\:)" \ 19 | "-u:enable udp:" \ 20 | "-U:udp only:" \ 21 | "-v:verbose mode:" \ 22 | "--reuse-port::" \ 23 | "--fast-open::" \ 24 | "--acl:acl file:_files" \ 25 | "--mtu::" \ 26 | "--mptcp::" \ 27 | "--no-delay::" \ 28 | "--key:key in base64:" \ 29 | "--plugin:plugin name:" \ 30 | "--plugin-opts:plugin options:" \ 31 | "--help::" 32 | 33 | -------------------------------------------------------------------------------- /completions/zsh/_ss-manager: -------------------------------------------------------------------------------- 1 | #compdef ss-manager 2 | 3 | local ciphers 4 | ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)' 5 | 6 | _arguments "-h::" \ 7 | "-s:server host:_hosts" \ 8 | "-p:server port:" \ 9 | "-l:local port:" \ 10 | "-k:password:" \ 11 | "-m:encrypt method:$ciphers" \ 12 | "-a:run as user:_users" \ 13 | "-f:pid file:_files" \ 14 | "-t:timeout:" \ 15 | "-c:configure file:_files" \ 16 | "-n:max number of open files:" \ 17 | "-i:bind interface:_net_interfaces" \ 18 | "-b:local address:(127.0.0.1 \:\:1 0.0.0.0 \:\:)" \ 19 | "-u:enable udp:" \ 20 | "-U:udp only:" \ 21 | "-v:verbose mode:" \ 22 | "--executable:path to ss-server:_files" \ 23 | "--manager-address:manager address:" \ 24 | "--reuse-port::" \ 25 | "--acl:acl file:_files" \ 26 | "--mtu::" \ 27 | "--key:key in base64:" \ 28 | "--plugin:plugin name:" \ 29 | "--plugin-opts:plugin options:" \ 30 | "--help::" 31 | 32 | -------------------------------------------------------------------------------- /doc/manpage-base.xsl: -------------------------------------------------------------------------------- 1 | 3 | 5 | 6 | 7 | 8 | 9 | 10 | 13 | 14 | 18 | 19 | 20 | 21 | sp 22 | 23 | 24 | 25 | 26 | 30 | 31 | 32 | br 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /docker/mingw/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Makefile for building MinGW port 3 | # 4 | # This file is part of the shadowsocks-libev. 5 | # 6 | # shadowsocks-libev is free software; you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation; either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # shadowsocks-libev is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with shadowsocks-libev; see the file COPYING. If not, see 18 | # . 19 | # 20 | 21 | REPO=shadowsocks 22 | REV=master 23 | PLUGIN=true 24 | IMAGE=ss-build-mingw 25 | DIST=ss-libev-win-dist.tar.gz 26 | 27 | all: build 28 | 29 | build: 30 | docker build --force-rm -t $(IMAGE) \ 31 | --build-arg REV=$(REV) --build-arg REPO=$(REPO) \ 32 | --build-arg REBUILD="$$(date +%Y-%m-%d-%H-%M-%S)" \ 33 | --build-arg PLUGIN=$(PLUGIN) . 34 | docker run --rm --entrypoint cat $(IMAGE) /bin.tgz > $(DIST) 35 | 36 | clean: 37 | rm -f $(DIST) 38 | docker rmi $(IMAGE) || true 39 | 40 | .PHONY: all clean build 41 | -------------------------------------------------------------------------------- /completions/bash/ss-local: -------------------------------------------------------------------------------- 1 | _ss_local() 2 | { 3 | local cur prev opts ciphers 4 | opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -v -h --reuse-port --fast-open --acl --mtu --mptcp --no-delay --key --plugin --plugin-opts --help' 5 | ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf' 6 | cur=${COMP_WORDS[COMP_CWORD]} 7 | prev="${COMP_WORDS[COMP_CWORD-1]}" 8 | case "$prev" in 9 | -f|-c|--acl) 10 | _filedir || COMPREPLY=( $(compgen -o plusdirs -f ${cur}) ) 11 | ;; 12 | -s|-b) 13 | _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) ) 14 | ;; 15 | -m) 16 | COMPREPLY=( $(compgen -W "$ciphers" -- ${cur}) ) 17 | ;; 18 | -a) 19 | _allowed_users || COMPREPLY=( $(compgen -u -- ${cur}) ) 20 | ;; 21 | -p|-l|-k|-t|-n|--mtu|--key|--plugin|--plugin-opts) 22 | ;; 23 | -i) 24 | _available_interfaces -a || true 25 | ;; 26 | *) 27 | COMPREPLY+=( $(compgen -W "${opts}" -- ${cur}) ) 28 | ;; 29 | esac 30 | return 0 31 | } 32 | 33 | complete -F _ss_local ss-local 34 | -------------------------------------------------------------------------------- /debian/shadowsocks-libev.postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | # POSIX-compliant maint function recommend by devref 6 | # to check for the existence of a command 7 | # https://www.debian.org/doc/manuals/developers-reference/ch06.html#bpp-debian-maint-scripts 8 | pathfind() { 9 | OLDIFS="$IFS" 10 | IFS=: 11 | for p in $PATH; do 12 | if [ -x "$p/$*" ]; then 13 | IFS="$OLDIFS" 14 | return 0 15 | fi 16 | done 17 | IFS="$OLDIFS" 18 | return 1 19 | } 20 | 21 | case "$1" in 22 | configure|reconfigure) 23 | pathfind setcap && setcap \ 24 | cap_net_bind_service+ep /usr/bin/ss-local \ 25 | cap_net_bind_service,cap_net_admin+ep /usr/bin/ss-redir \ 26 | cap_net_bind_service+ep /usr/bin/ss-server \ 27 | cap_net_bind_service+ep /usr/bin/ss-tunnel 28 | if [ ! -f /etc/shadowsocks-libev/config.json ]; then 29 | set +e 30 | pathfind apg 31 | if [ $? -eq 0 ]; then 32 | passwd=$(apg -n 1 -M ncl) 33 | else 34 | passwd=$(pwgen 12 1) 35 | fi 36 | set -e 37 | mkdir -p /etc/shadowsocks-libev 38 | sed "s/barfoo!/$passwd/" /usr/share/shadowsocks-libev/config.json \ 39 | > /etc/shadowsocks-libev/config.json 40 | fi 41 | ;; 42 | abort-upgrade|abort-remove|abort-deconfigure) 43 | exit 0 44 | ;; 45 | *) 46 | echo "postinst called with unknown argument \`$1'" >&2 47 | exit 0 48 | ;; 49 | esac 50 | 51 | #DEBHELPER# 52 | 53 | exit 0 54 | -------------------------------------------------------------------------------- /m4/sodium.m4: -------------------------------------------------------------------------------- 1 | dnl Check to find the libsodium headers/libraries 2 | 3 | AC_DEFUN([ss_SODIUM], 4 | [ 5 | 6 | AC_ARG_WITH(sodium, 7 | AS_HELP_STRING([--with-sodium=DIR], [The Sodium crypto library base directory, or:]), 8 | [sodium="$withval" 9 | CFLAGS="$CFLAGS -I$withval/include" 10 | LDFLAGS="$LDFLAGS -L$withval/lib"] 11 | ) 12 | 13 | AC_ARG_WITH(sodium-include, 14 | AS_HELP_STRING([--with-sodium-include=DIR], [The Sodium crypto library headers directory (without trailing /sodium)]), 15 | [sodium_include="$withval" 16 | CFLAGS="$CFLAGS -I$withval"] 17 | ) 18 | 19 | AC_ARG_WITH(sodium-lib, 20 | AS_HELP_STRING([--with-sodium-lib=DIR], [The Sodium crypto library library directory]), 21 | [sodium_lib="$withval" 22 | LDFLAGS="$LDFLAGS -L$withval"] 23 | ) 24 | 25 | AC_CHECK_LIB(sodium, sodium_init, 26 | [LIBS="-lsodium $LIBS"], 27 | [AC_MSG_ERROR([The Sodium crypto library libraries not found.])] 28 | ) 29 | 30 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ 31 | #include 32 | ], [ 33 | #if SODIUM_LIBRARY_VERSION_MAJOR < 7 || SODIUM_LIBRARY_VERSION_MAJOR ==7 && SODIUM_LIBRARY_VERSION_MINOR < 6 34 | # error 35 | #endif 36 | ])], 37 | [AC_MSG_RESULT([checking for version of libsodium... yes])], 38 | [AC_MSG_ERROR([Wrong libsodium: version >= 1.0.4 required])]) 39 | 40 | ]) 41 | -------------------------------------------------------------------------------- /m4/inet_ntop.m4: -------------------------------------------------------------------------------- 1 | # inet_ntop.m4 serial 19 2 | dnl Copyright (C) 2005-2006, 2008-2013 Free Software Foundation, Inc. 3 | dnl This file is free software; the Free Software Foundation 4 | dnl gives unlimited permission to copy and/or distribute it, 5 | dnl with or without modifications, as long as this notice is preserved. 6 | 7 | AC_DEFUN([ss_FUNC_INET_NTOP], 8 | [ 9 | AC_REQUIRE([AC_C_RESTRICT]) 10 | 11 | dnl Most platforms that provide inet_ntop define it in libc. 12 | dnl Solaris 8..10 provide inet_ntop in libnsl instead. 13 | dnl Solaris 2.6..7 provide inet_ntop in libresolv instead. 14 | HAVE_INET_NTOP=1 15 | INET_NTOP_LIB= 16 | ss_save_LIBS=$LIBS 17 | AC_SEARCH_LIBS([inet_ntop], [nsl resolv], [], 18 | [AC_CHECK_FUNCS([inet_ntop]) 19 | if test $ac_cv_func_inet_ntop = no; then 20 | HAVE_INET_NTOP=0 21 | fi 22 | ]) 23 | LIBS=$ss_save_LIBS 24 | 25 | if test "$ac_cv_search_inet_ntop" != "no" \ 26 | && test "$ac_cv_search_inet_ntop" != "none required"; then 27 | INET_NTOP_LIB="$ac_cv_search_inet_ntop" 28 | fi 29 | 30 | AC_CHECK_HEADERS_ONCE([netdb.h]) 31 | AC_CHECK_DECLS([inet_ntop],,, 32 | [[#include 33 | #if HAVE_NETDB_H 34 | # include 35 | #endif 36 | ]]) 37 | if test $ac_cv_have_decl_inet_ntop = no; then 38 | HAVE_DECL_INET_NTOP=0 39 | fi 40 | AC_SUBST([INET_NTOP_LIB]) 41 | ]) 42 | -------------------------------------------------------------------------------- /docker/mingw/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Dockerfile for building MinGW port 3 | # 4 | # This file is part of the shadowsocks-libev. 5 | # 6 | # shadowsocks-libev is free software; you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation; either version 3 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # shadowsocks-libev is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with shadowsocks-libev; see the file COPYING. If not, see 18 | # . 19 | # 20 | 21 | FROM debian:testing 22 | 23 | ARG REPO=shadowsocks 24 | ARG REV=master 25 | 26 | ADD prepare.sh / 27 | 28 | RUN \ 29 | /bin/bash -c "source /prepare.sh && dk_prepare" && \ 30 | apt-get clean && \ 31 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /build 32 | 33 | RUN /bin/bash -c "source /prepare.sh && dk_download" 34 | 35 | ADD deps.sh / 36 | RUN /bin/bash -c "source /deps.sh && dk_deps" 37 | 38 | ADD build.sh / 39 | 40 | ARG REBUILD=0 41 | ARG PLUGIN=true 42 | 43 | RUN /bin/bash -c "source /build.sh && dk_build && dk_package" 44 | -------------------------------------------------------------------------------- /completions/zsh/_ss-server: -------------------------------------------------------------------------------- 1 | #compdef ss-server 2 | 3 | local ciphers 4 | ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)' 5 | 6 | _arguments "-h::" \ 7 | "-s:server host:_hosts" \ 8 | "-p:server port:" \ 9 | "-l:local port:" \ 10 | "-k:password:" \ 11 | "-m:encrypt method:$ciphers" \ 12 | "-a:run as user:_users" \ 13 | "-f:pid file:_files" \ 14 | "-t:timeout:" \ 15 | "-c:configure file:_files" \ 16 | "-n:max number of open files:" \ 17 | "-i:bind interface:_net_interfaces" \ 18 | "-b:local address:(127.0.0.1 \:\:1 0.0.0.0 \:\:)" \ 19 | "-u:enable udp:" \ 20 | "-U:udp only:" \ 21 | "-v:verbose mode:" \ 22 | "-6:ipv6 first:" \ 23 | "-d:nameserver for internal dns:" \ 24 | "--manager-address:manager address:" \ 25 | "--reuse-port::" \ 26 | "--fast-open::" \ 27 | "--acl:acl file:_files" \ 28 | "--mtu::" \ 29 | "--mptcp::" \ 30 | "--no-delay::" \ 31 | "--key:key in base64:" \ 32 | "--plugin:plugin name:" \ 33 | "--plugin-opts:plugin options:" \ 34 | "--help::" 35 | 36 | -------------------------------------------------------------------------------- /docker/alpine/Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # Dockerfile for shadowsocks-libev 3 | # 4 | 5 | FROM alpine 6 | LABEL maintainer="kev , Sah " 7 | 8 | ENV SERVER_ADDR 0.0.0.0 9 | ENV SERVER_PORT 8388 10 | ENV PASSWORD= 11 | ENV METHOD aes-256-cfb 12 | ENV TIMEOUT 300 13 | ENV DNS_ADDR 8.8.8.8 14 | ENV DNS_ADDR_2 8.8.4.4 15 | ENV ARGS= 16 | 17 | COPY . /tmp/repo 18 | RUN set -ex \ 19 | # Build environment setup 20 | && apk add --no-cache --virtual .build-deps \ 21 | autoconf \ 22 | automake \ 23 | build-base \ 24 | c-ares-dev \ 25 | libev-dev \ 26 | libtool \ 27 | libsodium-dev \ 28 | linux-headers \ 29 | mbedtls-dev \ 30 | pcre-dev \ 31 | # Build & install 32 | && cd /tmp/repo \ 33 | && ./autogen.sh \ 34 | && ./configure --prefix=/usr --disable-documentation \ 35 | && make install \ 36 | && apk del .build-deps \ 37 | # Runtime dependencies setup 38 | && apk add --no-cache \ 39 | rng-tools \ 40 | $(scanelf --needed --nobanner /usr/bin/ss-* \ 41 | | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \ 42 | | sort -u) \ 43 | && rm -rf /tmp/repo 44 | 45 | USER nobody 46 | 47 | CMD exec ss-server \ 48 | -s $SERVER_ADDR \ 49 | -p $SERVER_PORT \ 50 | -k ${PASSWORD:-$(hostname)} \ 51 | -m $METHOD \ 52 | -t $TIMEOUT \ 53 | --fast-open \ 54 | -d $DNS_ADDR \ 55 | -d $DNS_ADDR_2 \ 56 | -u \ 57 | $ARGS 58 | -------------------------------------------------------------------------------- /completions/bash/ss-tunnel: -------------------------------------------------------------------------------- 1 | _ss_tunnel() 2 | { 3 | local cur prev opts ciphers 4 | opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -L -v -h --reuse-port --mtu --mptcp --key --plugin --plugin-opts --help' 5 | ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf' 6 | cur=${COMP_WORDS[COMP_CWORD]} 7 | prev="${COMP_WORDS[COMP_CWORD-1]}" 8 | compopt +o nospace 9 | case "$prev" in 10 | -f|-c) 11 | _filedir || COMPREPLY=( $(compgen -o plusdirs -f ${cur}) ) 12 | ;; 13 | -s|-b) 14 | _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) ) 15 | ;; 16 | -L) 17 | compopt -o nospace 18 | _known_hosts_real -c -- "${cur}" || OMPREPLY=( $(compgen -A hostname -S : -- ${cur}) ) 19 | ;; 20 | -m) 21 | COMPREPLY=( $(compgen -W "$ciphers" -- ${cur}) ) 22 | ;; 23 | -a) 24 | _allowed_users || COMPREPLY=( $(compgen -u -- ${cur}) ) 25 | ;; 26 | -p|-l|-k|-t|-n|--mtu|--key|--plugin|--plugin-opts) 27 | ;; 28 | -i) 29 | _available_interfaces -a || true 30 | ;; 31 | *) 32 | COMPREPLY+=( $(compgen -W "${opts}" -- ${cur}) ) 33 | ;; 34 | esac 35 | return 0 36 | } 37 | 38 | complete -F _ss_tunnel ss-tunnel 39 | -------------------------------------------------------------------------------- /scripts/git_archive.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | archive() { 5 | export TARBALL_NAME=$1 6 | export TARBALL_OUTDIR=$2 7 | 8 | # archive this repo 9 | cd "$(git rev-parse --show-toplevel)" 10 | git archive HEAD --format=tar --prefix="${TARBALL_NAME}/" \ 11 | -o "${TARBALL_OUTDIR}/${TARBALL_NAME}.tar" 12 | # archive submodules 13 | git submodule update --init 14 | git submodule foreach --quiet 'git archive HEAD --format=tar \ 15 | --prefix="${TARBALL_NAME}/${path}/" \ 16 | -o "${TARBALL_OUTDIR}/${TARBALL_NAME}-submodule-${path}-${sha1}.tar" 17 | tar -n --concatenate --file="${TARBALL_OUTDIR}/${TARBALL_NAME}.tar" \ 18 | "${TARBALL_OUTDIR}/${TARBALL_NAME}-submodule-${path}-${sha1}.tar"' 19 | gzip -c "${TARBALL_OUTDIR}/${TARBALL_NAME}.tar" > "${TARBALL_OUTDIR}/${TARBALL_NAME}.tar.gz" 20 | 21 | # clean-up 22 | git submodule foreach --quiet 'rm ${TARBALL_OUTDIR}/${TARBALL_NAME}-submodule-${path}-${sha1}.tar' 23 | rm "${TARBALL_OUTDIR}/${TARBALL_NAME}.tar" 24 | } 25 | 26 | TARGET_TARBALL_NAME=shadowsocks-libev 27 | TARGET_TARBALL_DIR=$(git rev-parse --show-toplevel) 28 | 29 | while getopts "n:o:" opt 30 | do 31 | case ${opt} in 32 | o) 33 | TARGET_TARBALL_DIR=$(readlink -f -- $OPTARG) 34 | ;; 35 | n) 36 | TARGET_TARBALL_NAME=$OPTARG 37 | ;; 38 | \?) 39 | exit 1 40 | ;; 41 | esac 42 | done 43 | 44 | archive "${TARGET_TARBALL_NAME}" "${TARGET_TARBALL_DIR}" 45 | -------------------------------------------------------------------------------- /completions/bash/ss-manager: -------------------------------------------------------------------------------- 1 | _ss_manager() 2 | { 3 | local cur prev opts ciphers 4 | opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -v -h --reuse-port --manager-address --executable --mtu --mptcp --plugin --plugin-opts --help' 5 | ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf' 6 | cur=${COMP_WORDS[COMP_CWORD]} 7 | prev="${COMP_WORDS[COMP_CWORD-1]}" 8 | case "$prev" in 9 | -f|-c|--executable) 10 | _filedir || COMPREPLY=( $(compgen -o plusdirs -f ${cur}) ) 11 | ;; 12 | -s|-b) 13 | _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) ) 14 | ;; 15 | -m) 16 | COMPREPLY=( $(compgen -W "$ciphers" -- ${cur}) ) 17 | ;; 18 | -a) 19 | _allowed_users || COMPREPLY=( $(compgen -u -- ${cur}) ) 20 | ;; 21 | -p|-l|-k|-t|-n|--mtu|--plugin|--plugin-opts) 22 | ;; 23 | -i) 24 | _available_interfaces -a || true 25 | ;; 26 | --manager-address) 27 | _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) ) 28 | _filedir || COMPREPLY+=( $(compgen -o plusdirs -f ${cur}) ) 29 | ;; 30 | *) 31 | COMPREPLY+=( $(compgen -W "${opts}" -- ${cur}) ) 32 | ;; 33 | esac 34 | return 0 35 | } 36 | 37 | complete -F _ss_manager ss-manager 38 | -------------------------------------------------------------------------------- /completions/bash/ss-server: -------------------------------------------------------------------------------- 1 | _ss_server() 2 | { 3 | local cur prev opts ciphers 4 | opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -6 -d -v -h --reuse-port --fast-open --acl --manager-address --mtu --mptcp --no-delay --key --plugin --plugin-opts --help' 5 | ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf' 6 | COMPREPLY=() 7 | cur=${COMP_WORDS[COMP_CWORD]} 8 | prev="${COMP_WORDS[COMP_CWORD-1]}" 9 | case "$prev" in 10 | -f|-c|--acl) 11 | _filedir || COMPREPLY=( $(compgen -o plusdirs -f ${cur}) ) 12 | ;; 13 | -s|-b) 14 | _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) ) 15 | ;; 16 | -m) 17 | COMPREPLY=( $(compgen -W "$ciphers" -- ${cur}) ) 18 | ;; 19 | -a) 20 | _allowed_users || COMPREPLY=( $(compgen -u -- ${cur}) ) 21 | ;; 22 | -p|-l|-k|-t|-n|-d|--mtu|--key|--plugin|--plugin-opts) 23 | ;; 24 | --manager-address) 25 | _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) ) 26 | _filedir || COMPREPLY+=( $(compgen -o plusdirs -f ${cur}) ) 27 | ;; 28 | -i) 29 | _available_interfaces -a || true 30 | ;; 31 | *) 32 | COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) 33 | ;; 34 | esac 35 | } 36 | 37 | complete -F _ss_server ss-server 38 | -------------------------------------------------------------------------------- /src/tls.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2011 and 2012, Dustin Lundquist 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright notice, 9 | * this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 18 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 21 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 22 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 23 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24 | * POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | #ifndef TLS_H 27 | #define TLS_H 28 | 29 | #include "protocol.h" 30 | 31 | const protocol_t *const tls_protocol; 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /src/http.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2011 and 2012, Dustin Lundquist 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright notice, 9 | * this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 18 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 21 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 22 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 23 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24 | * POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | #ifndef HTTP_H 27 | #define HTTP_H 28 | 29 | #include 30 | #include "protocol.h" 31 | 32 | const protocol_t *const http_protocol; 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore files generated by autoconf 2 | Makefile.in 3 | aclocal.m4 4 | auto/ 5 | config.h.in 6 | configure 7 | doc/Makefile.in 8 | m4/libtool.m4 9 | m4/ltoptions.m4 10 | m4/ltsugar.m4 11 | m4/ltversion.m4 12 | m4/lt~obsolete.m4 13 | src/Makefile.in 14 | src/config.h 15 | 16 | # Ignore files generated by configure 17 | build/ 18 | .deps/ 19 | /Makefile 20 | src/Makefile 21 | libev/Makefile 22 | libudns/Makefile 23 | libcork/Makefile 24 | libipset/Makefile 25 | doc/Makefile 26 | autom4te.cache/ 27 | /config.h 28 | config.log 29 | config.status 30 | libtool 31 | pid 32 | src/ss-* 33 | !src/ss-nat 34 | stamp-h1 35 | .libs 36 | .pc 37 | debian/shadowsocks-libev/ 38 | debian/patches/ 39 | debian/files 40 | debian/shadowsocks-libev.substvars 41 | debian/*.debhelper* 42 | .dirstamp 43 | shadowsocks-libev.pc 44 | debian/libshadowsocks-libev*.symbols 45 | libsodium/src/libsodium/include/sodium/version.h 46 | rpm/SPECS/shadowsocks-libev.spec 47 | rpm/SRPMS/ 48 | rpm/RPMS/ 49 | rpm/BUILD/ 50 | rpm/BUILDROOT/ 51 | *.rpm 52 | *.deb 53 | 54 | # Ignore per-project vim config 55 | .vimrc 56 | 57 | # Ignore garbage of OS X 58 | *.DS_Store 59 | 60 | # Ignore vim cache 61 | *.swp 62 | 63 | # Documentation files 64 | doc/*.1 65 | doc/*.8 66 | doc/*.gz 67 | doc/*.xml 68 | doc/*.html 69 | 70 | # Do not edit the following section 71 | # Edit Compile Debug Document Distribute 72 | *~ 73 | *.bak 74 | *.bin 75 | *.dll 76 | *.exe 77 | *-ISO*.bdf 78 | *-JIS*.bdf 79 | *-KOI8*.bdf 80 | *.kld 81 | *.ko 82 | *.ko.cmd 83 | *.lai 84 | *.l[oa] 85 | *.[oa] 86 | *.obj 87 | *.patch 88 | *.so 89 | *.pcf.gz 90 | *.pdb 91 | *.tar 92 | *.tar.bz2 93 | *.tar.gz 94 | *.tgz 95 | # 96 | 97 | # Visual Studio Code 98 | .vscode/* 99 | -------------------------------------------------------------------------------- /doc/Makefile.am: -------------------------------------------------------------------------------- 1 | ASCIIDOC = @ASCIIDOC@ 2 | ASCIIDOC_EXTRA = 3 | MANPAGE_XSL = manpage-normal.xsl 4 | XMLTO = @XMLTO@ 5 | XMLTO_EXTRA = -m manpage-bold-literal.xsl 6 | GZIPCMD = @GZIP@ 7 | INSTALL = @INSTALL@ 8 | RM = @RM@ 9 | MV = @MV@ 10 | SED = @SED@ 11 | VERSION = `$(SED) -n 's/.*PACKAGE_VERSION "\(.*\)"/\1/p'\ 12 | ../config.h` 13 | 14 | # Guard against environment variables 15 | MAN1_DOC = 16 | MAN1_DOC += ss-local.1 17 | MAN1_DOC += ss-manager.1 18 | MAN1_DOC += ss-nat.1 19 | MAN1_DOC += ss-redir.1 20 | MAN1_DOC += ss-server.1 21 | MAN1_DOC += ss-tunnel.1 22 | 23 | MAN8_DOC = 24 | MAN8_DOC += shadowsocks-libev.8 25 | 26 | MAN8_XML = $(MAN8_DOC:%.8=%.xml) 27 | MAN1_XML = $(MAN1_DOC:%.1=%.xml) 28 | MAN_XML = $(MAN8_XML) $(MAN1_XML) 29 | 30 | MAN8_HTML = $(MAN8_DOC:%.8=%.html) 31 | MAN1_HTML = $(MAN1_DOC:%.1=%.html) 32 | MAN_HTML = $(MAN8_HTML) $(MAN1_HTML) 33 | 34 | MAN8_TXT = $(MAN8_DOC:%.8=%.asciidoc) 35 | MAN1_TXT = $(MAN1_DOC:%.1=%.asciidoc) 36 | MAN_TXT = $(MAN8_TXT) $(MAN1_TXT) 37 | 38 | man_MANS = $(MAN8_DOC) $(MAN1_DOC) 39 | 40 | html-local: $(MAN_HTML) 41 | 42 | %.1: %.xml 43 | $(AM_V_GEN)$(XMLTO) -m $(MANPAGE_XSL) $(XMLTO_EXTRA) man $< 44 | 45 | %.8: %.xml 46 | $(AM_V_GEN)$(XMLTO) -m $(MANPAGE_XSL) $(XMLTO_EXTRA) man $< 47 | 48 | %.xml: %.asciidoc 49 | $(AM_V_GEN)$(ASCIIDOC) -b docbook -d manpage -f asciidoc.conf \ 50 | -aversion=$(VERSION) $(ASCIIDOC_EXTRA) -o $@ $< 51 | 52 | %.html: %.asciidoc 53 | $(AM_V_GEN)$(ASCIIDOC) -b html4 -d article -f asciidoc.conf \ 54 | -aversion=$(VERSION) $(ASCIIDOC_EXTRA) -o $@ $< 55 | 56 | doc_DATA = $(MAN_HTML) 57 | 58 | CLEANFILES = $(MAN_XML) $(man_MANS) $(MAN_HTML) 59 | 60 | EXTRA_DIST = *.asciidoc asciidoc.conf *.xsl 61 | -------------------------------------------------------------------------------- /src/acl.h: -------------------------------------------------------------------------------- 1 | /* 2 | * acl.h - Define the ACL interface 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _ACL_H 24 | #define _ACL_H 25 | 26 | #define BLACK_LIST 0 27 | #define WHITE_LIST 1 28 | 29 | #define MAX_TRIES 256 30 | #define MALICIOUS 8 31 | #define SUSPICIOUS 4 32 | #define BAD 2 33 | #define MALFORMED 1 34 | 35 | int init_acl(const char *path); 36 | void free_acl(void); 37 | void clear_block_list(void); 38 | 39 | int acl_match_host(const char *ip); 40 | int acl_add_ip(const char *ip); 41 | int acl_remove_ip(const char *ip); 42 | 43 | int get_acl_mode(void); 44 | 45 | void init_block_list(); 46 | void free_block_list(); 47 | int check_block_list(char *addr); 48 | int update_block_list(char *addr, int err_level); 49 | int remove_from_block_list(char *addr); 50 | 51 | int outbound_block_match_host(const char *host); 52 | 53 | #endif // _ACL_H 54 | -------------------------------------------------------------------------------- /src/protocol.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2014, Dustin Lundquist 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright notice, 9 | * this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 18 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 21 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 22 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 23 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24 | * POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | #ifndef PROTOCOL_H 27 | #define PROTOCOL_H 28 | 29 | typedef struct protocol { 30 | const int default_port; 31 | int(*const parse_packet)(const char *, size_t, char **); 32 | } protocol_t; 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /src/aead.h: -------------------------------------------------------------------------------- 1 | /* 2 | * aead.h - Define the AEAD interface 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _AEAD_H 24 | #define _AEAD_H 25 | 26 | #include "crypto.h" 27 | 28 | // currently, XCHACHA20POLY1305IETF is not released yet 29 | // XCHACHA20POLY1305 is removed in upstream 30 | #ifdef FS_HAVE_XCHACHA20IETF 31 | #define AEAD_CIPHER_NUM 5 32 | #else 33 | #define AEAD_CIPHER_NUM 4 34 | #endif 35 | 36 | int aead_encrypt_all(buffer_t *, cipher_t *, size_t); 37 | int aead_decrypt_all(buffer_t *, cipher_t *, size_t); 38 | 39 | int aead_encrypt(buffer_t *, cipher_ctx_t *, size_t); 40 | int aead_decrypt(buffer_t *, cipher_ctx_t *, size_t); 41 | 42 | void aead_ctx_init(cipher_t *, cipher_ctx_t *, int); 43 | void aead_ctx_release(cipher_ctx_t *); 44 | 45 | cipher_t *aead_init(const char *pass, const char *key, const char *method); 46 | 47 | #endif // _AEAD_H 48 | -------------------------------------------------------------------------------- /src/stream.h: -------------------------------------------------------------------------------- 1 | /* 2 | * encrypt.h - Define the enryptor's interface 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _STREAM_H 24 | #define _STREAM_H 25 | 26 | #ifndef __MINGW32__ 27 | #include 28 | #endif 29 | #include 30 | #include 31 | #include 32 | #include 33 | #ifdef HAVE_STDINT_H 34 | #include 35 | #elif HAVE_INTTYPES_H 36 | #include 37 | #endif 38 | 39 | #include 40 | #define STREAM_CIPHER_NUM 21 41 | 42 | #include "crypto.h" 43 | 44 | int stream_encrypt_all(buffer_t *, cipher_t *, size_t); 45 | int stream_decrypt_all(buffer_t *, cipher_t *, size_t); 46 | int stream_encrypt(buffer_t *, cipher_ctx_t *, size_t); 47 | int stream_decrypt(buffer_t *, cipher_ctx_t *, size_t); 48 | 49 | void stream_ctx_init(cipher_t *, cipher_ctx_t *, int); 50 | void stream_ctx_release(cipher_ctx_t *); 51 | 52 | cipher_t *stream_init(const char *pass, const char *key, const char *method); 53 | 54 | #endif // _STREAM_H 55 | -------------------------------------------------------------------------------- /src/socks5.h: -------------------------------------------------------------------------------- 1 | /* 2 | * socks5.h - Define SOCKS5's header 3 | * 4 | * Copyright (C) 2013, clowwindy 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _SOCKS5_H 24 | #define _SOCKS5_H 25 | 26 | #define SVERSION 0x05 27 | #define CONNECT 0x01 28 | #define IPV4 0x01 29 | #define DOMAIN 0x03 30 | #define IPV6 0x04 31 | #define METHOD_NOAUTH 0x00 32 | #define METHOD_UNACCEPTABLE 0xff 33 | #define CMD_NOT_SUPPORTED 0x07 34 | 35 | struct method_select_request { 36 | unsigned char ver; 37 | unsigned char nmethods; 38 | unsigned char methods[0]; 39 | } __attribute__((packed, aligned(1))); 40 | 41 | struct method_select_response { 42 | unsigned char ver; 43 | unsigned char method; 44 | } __attribute__((packed, aligned(1))); 45 | 46 | struct socks5_request { 47 | unsigned char ver; 48 | unsigned char cmd; 49 | unsigned char rsv; 50 | unsigned char atyp; 51 | } __attribute__((packed, aligned(1))); 52 | 53 | struct socks5_response { 54 | unsigned char ver; 55 | unsigned char rep; 56 | unsigned char rsv; 57 | unsigned char atyp; 58 | } __attribute__((packed, aligned(1))); 59 | 60 | #endif // _SOCKS5_H 61 | -------------------------------------------------------------------------------- /src/resolv.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2014, Dustin Lundquist 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright notice, 9 | * this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 18 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 21 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 22 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 23 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24 | * POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | #ifndef RESOLV_H 27 | #define RESOLV_H 28 | 29 | #ifdef HAVE_CONFIG_H 30 | #include "config.h" 31 | #endif 32 | 33 | #include 34 | #ifndef __MINGW32__ 35 | #include 36 | #endif 37 | 38 | struct resolv_query; 39 | 40 | int resolv_init(struct ev_loop *, char *, int); 41 | void resolv_start(const char *hostname, uint16_t port, 42 | void (*client_cb)(struct sockaddr *, void *), 43 | void (*free_cb)(void *), void *data); 44 | void resolv_shutdown(struct ev_loop *); 45 | 46 | #endif 47 | -------------------------------------------------------------------------------- /src/base64.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2006 Ryan Martell. (rdm4@martellventures.com) 3 | * 4 | * This file is part of FFmpeg. 5 | * 6 | * FFmpeg is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU Lesser General Public 8 | * License as published by the Free Software Foundation; either 9 | * version 2.1 of the License, or (at your option) any later version. 10 | * 11 | * FFmpeg is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | * Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public 17 | * License along with FFmpeg; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 19 | */ 20 | 21 | #ifndef BASE64_H 22 | #define BASE64_H 23 | 24 | #include 25 | 26 | /** 27 | * Decode a base64-encoded string. 28 | * 29 | * @param out buffer for decoded data 30 | * @param in null-terminated input string 31 | * @param out_size size in bytes of the out buffer, must be at 32 | * least 3/4 of the length of in 33 | * @return number of bytes written, or a negative value in case of 34 | * invalid input 35 | */ 36 | int base64_decode(uint8_t *out, const char *in, int out_size); 37 | 38 | /** 39 | * Encode data to base64 and null-terminate. 40 | * 41 | * @param out buffer for encoded data 42 | * @param out_size size in bytes of the output buffer, must be at 43 | * least BASE64_SIZE(in_size) 44 | * @param in_size size in bytes of the 'in' buffer 45 | * @return 'out' or NULL in case of error 46 | */ 47 | char *base64_encode(char *out, int out_size, const uint8_t *in, int in_size); 48 | 49 | /** 50 | * Calculate the output size needed to base64-encode x bytes. 51 | */ 52 | #define BASE64_SIZE(x) (((x)+2) / 3 * 4 + 1) 53 | 54 | #endif /* BASE64_H */ 55 | -------------------------------------------------------------------------------- /m4/stack-protector.m4: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2007 Google Inc. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | # GGL_CHECK_STACK_PROTECTOR([ACTION-IF-OK], [ACTION-IF-NOT-OK]) 17 | # Check if c compiler supports -fstack-protector and -fstack-protector-all 18 | # options. 19 | 20 | AC_DEFUN([GGL_CHECK_STACK_PROTECTOR], [ 21 | ggl_check_stack_protector_save_CXXFLAGS="$CXXFLAGS" 22 | ggl_check_stack_protector_save_CFLAGS="$CFLAGS" 23 | 24 | AC_MSG_CHECKING([if -fstack-protector and -fstack-protector-all are supported.]) 25 | 26 | CXXFLAGS="$CXXFLAGS -fstack-protector" 27 | CFLAGS="$CFLAGS -fstack-protector" 28 | AC_COMPILE_IFELSE([AC_LANG_SOURCE([ 29 | int main() { 30 | return 0; 31 | } 32 | ])], 33 | [ggl_check_stack_protector_ok=yes], 34 | [ggl_check_stack_protector_ok=no]) 35 | 36 | CXXFLAGS="$ggl_check_stack_protector_save_CXXFLAGS -fstack-protector-all" 37 | CFLAGS="$ggl_check_stack_protector_save_CFLAGS -fstack-protector-all" 38 | AC_COMPILE_IFELSE([AC_LANG_SOURCE([ 39 | int main() { 40 | return 0; 41 | } 42 | ])], 43 | [ggl_check_stack_protector_all_ok=yes], 44 | [ggl_check_stack_protector_all_ok=no]) 45 | 46 | if test "x$ggl_check_stack_protector_ok" = "xyes" -a \ 47 | "x$ggl_check_stack_protector_all_ok" = "xyes"; then 48 | AC_MSG_RESULT([yes]) 49 | ifelse([$1], , :, [$1]) 50 | else 51 | AC_MSG_RESULT([no]) 52 | ifelse([$2], , :, [$2]) 53 | fi 54 | 55 | CXXFLAGS="$ggl_check_stack_protector_save_CXXFLAGS" 56 | CFLAGS="$ggl_check_stack_protector_save_CFLAGS" 57 | 58 | ]) # GGL_CHECK_STACK_PROTECTOR 59 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | sudo: required 2 | language: c 3 | dist : trusty 4 | compiler: clang 5 | os: 6 | - linux 7 | - osx 8 | env: 9 | global: 10 | - LIBSODIUM_VER=1.0.12 11 | - MBEDTLS_VER=2.4.0 12 | before_install: 13 | - | 14 | if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then 15 | # All dependencies for macOS build. Some packages has been installed by travis so use reinstall. 16 | brew reinstall autoconf automake xmlto c-ares libev mbedtls libsodium asciidoc >> /dev/null 2>&1; 17 | else 18 | wget https://github.com/jedisct1/libsodium/releases/download/$LIBSODIUM_VER/libsodium-$LIBSODIUM_VER.tar.gz; 19 | tar xvf libsodium-$LIBSODIUM_VER.tar.gz; 20 | pushd libsodium-$LIBSODIUM_VER; 21 | ./configure --prefix=/usr && make; 22 | sudo make install; 23 | popd; 24 | wget https://tls.mbed.org/download/mbedtls-$MBEDTLS_VER-gpl.tgz; 25 | tar xvf mbedtls-$MBEDTLS_VER-gpl.tgz; 26 | pushd mbedtls-$MBEDTLS_VER; 27 | make SHARED=1; 28 | sudo make install; 29 | popd; 30 | # Load cached docker images 31 | if [[ -d $HOME/docker ]]; then 32 | ls $HOME/docker/*.tar.gz | xargs -I {file} sh -c "zcat {file} | docker load"; 33 | fi 34 | fi 35 | addons: 36 | apt: 37 | sources: 38 | - george-edison55-precise-backports # cmake 3.2.3 / doxygen 1.8.3 39 | packages: 40 | - libc-ares-dev 41 | - libev-dev 42 | - asciidoc 43 | - xmlto 44 | script: 45 | - ./autogen.sh 46 | - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then 47 | ./configure --disable-documentation --with-mbedtls=/usr/local/opt/mbedtls --with-sodium=/usr/local/opt/libsodium; 48 | else 49 | ./configure; 50 | fi 51 | - make 52 | - cd build && cmake ../ && make 53 | branches: 54 | only: 55 | - master 56 | notifications: 57 | recipients: 58 | - max.c.lv@gmail.com 59 | email: 60 | on_success: change 61 | on_failure: always 62 | -------------------------------------------------------------------------------- /src/manager.h: -------------------------------------------------------------------------------- 1 | /* 2 | * server.h - Define shadowsocks server's buffers and callbacks 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _MANAGER_H 24 | #define _MANAGER_H 25 | 26 | #include 27 | #include 28 | 29 | #ifdef HAVE_LIBEV_EV_H 30 | #include 31 | #else 32 | #include 33 | #endif 34 | 35 | #include "jconf.h" 36 | 37 | #include "common.h" 38 | 39 | struct manager_ctx { 40 | ev_io io; 41 | int fd; 42 | int fast_open; 43 | int no_delay; 44 | int reuse_port; 45 | int verbose; 46 | int mode; 47 | char *password; 48 | char *key; 49 | char *timeout; 50 | char *method; 51 | char *iface; 52 | char *acl; 53 | char *user; 54 | char *plugin; 55 | char *plugin_opts; 56 | char *manager_address; 57 | char **hosts; 58 | int host_num; 59 | char **nameservers; 60 | int nameserver_num; 61 | int mtu; 62 | int ipv6first; 63 | #ifdef HAVE_SETRLIMIT 64 | int nofile; 65 | #endif 66 | }; 67 | 68 | struct server { 69 | char port[8]; 70 | char password[128]; 71 | char fast_open[8]; 72 | char no_delay[8]; 73 | char *mode; 74 | char *method; 75 | char *plugin; 76 | char *plugin_opts; 77 | uint64_t traffic; 78 | }; 79 | 80 | #endif // _MANAGER_H 81 | -------------------------------------------------------------------------------- /src/tunnel.h: -------------------------------------------------------------------------------- 1 | /* 2 | * tunnel.h - Define tunnel's buffers and callbacks 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _TUNNEL_H 24 | #define _TUNNEL_H 25 | 26 | #ifdef HAVE_LIBEV_EV_H 27 | #include 28 | #else 29 | #include 30 | #endif 31 | 32 | #include "crypto.h" 33 | #include "jconf.h" 34 | 35 | #include "common.h" 36 | 37 | typedef struct listen_ctx { 38 | ev_io io; 39 | ss_addr_t tunnel_addr; 40 | char *iface; 41 | int remote_num; 42 | int timeout; 43 | int fd; 44 | int mptcp; 45 | struct sockaddr **remote_addr; 46 | } listen_ctx_t; 47 | 48 | typedef struct server_ctx { 49 | ev_io io; 50 | int connected; 51 | struct server *server; 52 | } server_ctx_t; 53 | 54 | typedef struct server { 55 | int fd; 56 | 57 | buffer_t *buf; 58 | cipher_ctx_t *e_ctx; 59 | cipher_ctx_t *d_ctx; 60 | struct server_ctx *recv_ctx; 61 | struct server_ctx *send_ctx; 62 | struct remote *remote; 63 | ss_addr_t destaddr; 64 | } server_t; 65 | 66 | typedef struct remote_ctx { 67 | ev_io io; 68 | ev_timer watcher; 69 | int connected; 70 | struct remote *remote; 71 | } remote_ctx_t; 72 | 73 | typedef struct remote { 74 | int fd; 75 | buffer_t *buf; 76 | struct remote_ctx *recv_ctx; 77 | struct remote_ctx *send_ctx; 78 | struct server *server; 79 | uint32_t counter; 80 | } remote_t; 81 | 82 | #endif // _TUNNEL_H 83 | -------------------------------------------------------------------------------- /src/rule.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2011 and 2012, Dustin Lundquist 3 | * Copyright (c) 2011 Manuel Kasper 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * 1. Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 | * POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | #ifndef RULE_H 28 | #define RULE_H 29 | 30 | #ifdef HAVE_CONFIG_H 31 | #include "config.h" 32 | #endif 33 | 34 | #include 35 | 36 | #ifdef HAVE_PCRE_H 37 | #include 38 | #elif HAVE_PCRE_PCRE_H 39 | #include 40 | #endif 41 | 42 | typedef struct rule { 43 | char *pattern; 44 | 45 | /* Runtime fields */ 46 | pcre *pattern_re; 47 | 48 | struct cork_dllist_item entries; 49 | } rule_t; 50 | 51 | void add_rule(struct cork_dllist *, rule_t *); 52 | int init_rule(rule_t *); 53 | rule_t *lookup_rule(const struct cork_dllist *, const char *, size_t); 54 | void remove_rule(rule_t *); 55 | rule_t *new_rule(); 56 | int accept_rule_arg(rule_t *, const char *); 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /src/redir.h: -------------------------------------------------------------------------------- 1 | /* * redir.h - Define the redirector's buffers and callbacks 2 | * 3 | * Copyright (C) 2013 - 2018, Max Lv 4 | * 5 | * This file is part of the shadowsocks-libev. 6 | * 7 | * shadowsocks-libev is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * shadowsocks-libev is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with shadowsocks-libev; see the file COPYING. If not, see 19 | * . 20 | */ 21 | 22 | #ifndef _REDIR_H 23 | #define _REDIR_H 24 | 25 | #ifdef HAVE_LIBEV_EV_H 26 | #include 27 | #else 28 | #include 29 | #endif 30 | 31 | #include "crypto.h" 32 | #include "jconf.h" 33 | 34 | typedef struct listen_ctx { 35 | ev_io io; 36 | int remote_num; 37 | int timeout; 38 | int fd; 39 | int mptcp; 40 | int tos; 41 | struct sockaddr **remote_addr; 42 | } listen_ctx_t; 43 | 44 | typedef struct server_ctx { 45 | ev_io io; 46 | int connected; 47 | struct server *server; 48 | } server_ctx_t; 49 | 50 | typedef struct server { 51 | int fd; 52 | 53 | buffer_t *buf; 54 | 55 | cipher_ctx_t *e_ctx; 56 | cipher_ctx_t *d_ctx; 57 | struct server_ctx *recv_ctx; 58 | struct server_ctx *send_ctx; 59 | struct remote *remote; 60 | 61 | struct sockaddr_storage destaddr; 62 | ev_timer delayed_connect_watcher; 63 | } server_t; 64 | 65 | typedef struct remote_ctx { 66 | ev_io io; 67 | ev_timer watcher; 68 | int connected; 69 | struct remote *remote; 70 | } remote_ctx_t; 71 | 72 | typedef struct remote { 73 | int fd; 74 | buffer_t *buf; 75 | struct remote_ctx *recv_ctx; 76 | struct remote_ctx *send_ctx; 77 | struct server *server; 78 | uint32_t counter; 79 | struct sockaddr *addr; 80 | } remote_t; 81 | 82 | #endif // _REDIR_H 83 | -------------------------------------------------------------------------------- /docker/mingw/deps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Functions for building MinGW port in Docker 4 | # 5 | # This file is part of the shadowsocks-libev. 6 | # 7 | # shadowsocks-libev is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 3 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # shadowsocks-libev is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with shadowsocks-libev; see the file COPYING. If not, see 19 | # . 20 | # 21 | 22 | # Exit on error 23 | set -e 24 | 25 | . /prepare.sh 26 | 27 | build_deps() { 28 | arch=$1 29 | host=$arch-w64-mingw32 30 | prefix=${PREFIX}/$arch 31 | args="--host=${host} --prefix=${prefix} --disable-shared --enable-static" 32 | 33 | # libev 34 | cd "$SRC/$LIBEV_SRC" 35 | ./configure $args 36 | make clean 37 | make install 38 | 39 | # mbedtls 40 | cd "$SRC/$MBEDTLS_SRC" 41 | make clean 42 | make lib WINDOWS=1 CC="${host}-gcc" AR="${host}-ar" 43 | ## "make install" command from mbedtls 44 | DESTDIR="${prefix}" 45 | mkdir -p "${DESTDIR}"/include/mbedtls 46 | cp -r include/mbedtls "${DESTDIR}"/include 47 | mkdir -p "${DESTDIR}"/lib 48 | cp -RP library/libmbedtls.* "${DESTDIR}"/lib 49 | cp -RP library/libmbedx509.* "${DESTDIR}"/lib 50 | cp -RP library/libmbedcrypto.* "${DESTDIR}"/lib 51 | unset DESTDIR 52 | 53 | # sodium 54 | cd "$SRC/$SODIUM_SRC" 55 | ./configure $args 56 | make clean 57 | make install 58 | 59 | # pcre 60 | cd "$SRC/$PCRE_SRC" 61 | ./configure $args \ 62 | --enable-jit --disable-cpp \ 63 | --enable-unicode-properties 64 | make clean 65 | make install 66 | 67 | # c-ares 68 | cd "$SRC/$CARES_SRC" 69 | ./configure $args 70 | make clean 71 | make install 72 | } 73 | 74 | dk_deps() { 75 | for arch in i686 x86_64; do 76 | build_deps $arch 77 | done 78 | } 79 | -------------------------------------------------------------------------------- /rpm/genrpm.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | NAME=shadowsocks-libev 5 | 6 | SELF=$(readlink -f -- "$0") 7 | HERE=$(dirname -- "$SELF") 8 | 9 | SOURCES="${HERE}"/SOURCES 10 | SPEC_TEMPLATE="${HERE}"/SPECS/${NAME}.spec.in 11 | SPEC_FILE="${SPEC_TEMPLATE%%.in}" 12 | 13 | GIT_VERSION=$("${HERE}"/../scripts/git_version.sh) 14 | 15 | OPT_OUTDIR="${HERE}/SRPMS" 16 | OPT_USE_SYSTEM_LIB=0 17 | OUT_BUILD_RPM=0 18 | 19 | version=$(echo ${GIT_VERSION} | cut -d' ' -f1) 20 | release=$(echo ${GIT_VERSION} | cut -d' ' -f2) 21 | 22 | name_version=${NAME}-${version}-${release} 23 | source_name=${name_version}.tar.gz 24 | 25 | archive() 26 | { 27 | "${HERE}"/../scripts/git_archive.sh -o "${SOURCES}" -n ${name_version} 28 | } 29 | 30 | build_src_rpm() 31 | { 32 | rpmbuild -bs "${SPEC_FILE}" \ 33 | --undefine "dist" \ 34 | --define "%_topdir ${HERE}" \ 35 | --define "%_srcrpmdir ${OPT_OUTDIR}" 36 | } 37 | 38 | build_rpm() 39 | { 40 | rpmbuild --rebuild "${OPT_OUTDIR}"/${name_version}.src.rpm \ 41 | --define "%_topdir ${HERE}" \ 42 | --define "%use_system_lib ${OPT_USE_SYSTEM_LIB}" 43 | } 44 | 45 | create_spec() 46 | { 47 | sed -e "s/@NAME@/${NAME}/g" \ 48 | -e "s/@VERSION@/${version}/g" \ 49 | -e "s/@RELEASE@/${release}/g" \ 50 | -e "s/@SOURCE@/${source_name}/g" \ 51 | -e "s/@NAME_VERSION@/${name_version}/g" \ 52 | "${SPEC_TEMPLATE}" > "${SPEC_FILE}" 53 | } 54 | 55 | show_help() 56 | { 57 | echo -e "$(basename $0) [OPTION...]" 58 | echo -e "Create and build shadowsocks-libev SRPM" 59 | echo 60 | echo -e "Options:" 61 | echo -e " -h show this help." 62 | echo -e " -b use rpmbuld to build resulting SRPM" 63 | echo -e " -s use system shared libraries (RPM only)" 64 | echo -e " -o output directory" 65 | } 66 | 67 | while getopts "hbso:" opt 68 | do 69 | case ${opt} in 70 | h) 71 | show_help 72 | exit 0 73 | ;; 74 | b) 75 | OPT_BUILD_RPM=1 76 | ;; 77 | s) 78 | OPT_USE_SYSTEM_LIB=1 79 | ;; 80 | o) 81 | OPT_OUTDIR=$(readlink -f -- $OPTARG) 82 | ;; 83 | *) 84 | show_help 85 | exit 1 86 | ;; 87 | esac 88 | done 89 | 90 | create_spec 91 | archive 92 | build_src_rpm 93 | if [ "${OPT_BUILD_RPM}" = "1" ] ; then 94 | build_rpm 95 | fi 96 | -------------------------------------------------------------------------------- /src/cache.h: -------------------------------------------------------------------------------- 1 | /* 2 | * cache.h - Define the cache manager interface 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | /* 24 | * Original Author: Oliver Lorenz (ol), olli@olorenz.org, https://olorenz.org 25 | * License: This is licensed under the same terms as uthash itself 26 | */ 27 | 28 | #ifndef _CACHE_ 29 | #define _CACHE_ 30 | 31 | #include "uthash.h" 32 | 33 | #ifdef HAVE_LIBEV_EV_H 34 | #include 35 | #else 36 | #include 37 | #endif 38 | 39 | /** 40 | * A cache entry 41 | */ 42 | struct cache_entry { 43 | char *key; /**] [-S ] [-l ] 13 | [-L ] [-i ] [-a ] 14 | [-b ] [-w ] [-e ] 15 | 16 | DESCRIPTION 17 | ----------- 18 | *Shadowsocks-libev* is a lightweight and secure socks5 proxy. 19 | It is a port of the original shadowsocks created by clowwindy. 20 | *Shadowsocks-libev* is written in pure C and takes advantage of libev to 21 | achieve both high performance and low resource consumption. 22 | 23 | `ss-nat`(1) sets up NAT rules for `ss-redir`(1) to provide traffic redirection. 24 | It requires netfilter's NAT module and `iptables`(8). 25 | For more information, check out `shadowsocks-libev`(8) and the following 26 | 'EXAMPLE' section. 27 | 28 | OPTIONS 29 | ------- 30 | -s :: 31 | IP address of shadowsocks remote server 32 | 33 | -l :: 34 | Port number of shadowsocks local server 35 | 36 | -S :: 37 | IP address of shadowsocks remote UDP server 38 | 39 | -L :: 40 | Port number of shadowsocks local UDP server 41 | 42 | -i :: 43 | a file whose content is bypassed ip list 44 | 45 | -a :: 46 | LAN IP of access control, need a prefix to define access control mode 47 | 48 | -b :: 49 | WAN IP of will be bypassed 50 | 51 | -w :: 52 | WAN IP of will be forwarded 53 | 54 | -e :: 55 | Extra options for iptables 56 | 57 | -o:: 58 | Apply the rules to the OUTPUT chain 59 | 60 | -u:: 61 | Enable udprelay mode, TPROXY is required 62 | 63 | -U:: 64 | Enable udprelay mode, using different IP and ports for TCP and UDP 65 | 66 | -f:: 67 | Flush the rules 68 | 69 | -h:: 70 | Show this help message and exit 71 | 72 | EXAMPLE 73 | ------- 74 | `ss-nat` requires `iptables`(8). Here is an example: 75 | 76 | .... 77 | # Enable NAT rules for shadowsocks, 78 | # with both TCP and UDP redirection enabled, 79 | # and applied for both PREROUTING and OUTPUT chains 80 | root@Wrt:~# ss-nat -s 192.168.1.100 -l 1080 -u -o 81 | 82 | # Disable and flush all NAT rules for shadowsocks 83 | root@Wrt:~# ss-nat -f 84 | .... 85 | 86 | SEE ALSO 87 | -------- 88 | `ss-local`(1), 89 | `ss-server`(1), 90 | `ss-tunnel`(1), 91 | `ss-manager`(1), 92 | `shadowsocks-libev`(8), 93 | `iptables`(8), 94 | /etc/shadowsocks-libev/config.json 95 | 96 | -------------------------------------------------------------------------------- /src/udprelay.h: -------------------------------------------------------------------------------- 1 | /* 2 | * udprelay.h - Define UDP relay's buffers and callbacks 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _UDPRELAY_H 24 | #define _UDPRELAY_H 25 | 26 | #include 27 | 28 | #ifdef HAVE_LIBEV_EV_H 29 | #include 30 | #else 31 | #include 32 | #endif 33 | 34 | #include "crypto.h" 35 | #include "jconf.h" 36 | 37 | #ifdef MODULE_REMOTE 38 | #include "resolv.h" 39 | #endif 40 | 41 | #include "cache.h" 42 | 43 | #include "common.h" 44 | 45 | #define MAX_UDP_PACKET_SIZE (65507) 46 | 47 | #define PACKET_HEADER_SIZE (1 + 28 + 2 + 64) 48 | #define DEFAULT_PACKET_SIZE 1397 // 1492 - PACKET_HEADER_SIZE = 1397, the default MTU for UDP relay 49 | 50 | typedef struct server_ctx { 51 | ev_io io; 52 | int fd; 53 | crypto_t *crypto; 54 | int timeout; 55 | const char *iface; 56 | struct cache *conn_cache; 57 | #ifdef MODULE_LOCAL 58 | const struct sockaddr *remote_addr; 59 | int remote_addr_len; 60 | #ifdef MODULE_TUNNEL 61 | ss_addr_t tunnel_addr; 62 | #endif 63 | #endif 64 | #ifdef MODULE_REMOTE 65 | struct ev_loop *loop; 66 | #endif 67 | } server_ctx_t; 68 | 69 | #ifdef MODULE_REMOTE 70 | typedef struct query_ctx { 71 | struct sockaddr_storage src_addr; 72 | buffer_t *buf; 73 | int addr_header_len; 74 | char addr_header[384]; 75 | struct server_ctx *server_ctx; 76 | struct remote_ctx *remote_ctx; 77 | } query_ctx_t; 78 | #endif 79 | 80 | typedef struct remote_ctx { 81 | ev_io io; 82 | ev_timer watcher; 83 | int af; 84 | int fd; 85 | int addr_header_len; 86 | char addr_header[384]; 87 | struct sockaddr_storage src_addr; 88 | #ifdef MODULE_REMOTE 89 | struct sockaddr_storage dst_addr; 90 | #endif 91 | struct server_ctx *server_ctx; 92 | } remote_ctx_t; 93 | 94 | #endif // _UDPRELAY_H 95 | -------------------------------------------------------------------------------- /debian/control: -------------------------------------------------------------------------------- 1 | Source: shadowsocks-libev 2 | Section: net 3 | Priority: optional 4 | Maintainer: Roger Shimizu 5 | Uploaders: Max Lv , Boyuan Yang <073plan@gmail.com> 6 | Build-Depends: 7 | asciidoc-base | asciidoc, 8 | debhelper (>= 10), 9 | libc-ares-dev, 10 | libev-dev, 11 | libmbedtls-dev, 12 | libpcre3-dev, 13 | libsodium-dev (>= 1.0.12), 14 | pkg-config, 15 | xmlto 16 | Standards-Version: 4.1.1 17 | Homepage: https://www.shadowsocks.org 18 | Vcs-Git: https://github.com/shadowsocks/shadowsocks-libev.git 19 | Vcs-Browser: https://github.com/shadowsocks/shadowsocks-libev 20 | 21 | Package: shadowsocks-libev 22 | Replaces: shadowsocks (<< 1.5.3-2) 23 | Breaks: shadowsocks (<< 1.5.3-2) 24 | Architecture: any 25 | Depends: 26 | apg | pwgen, 27 | libcap2-bin [linux-any], 28 | lsb-base (>= 3.0-6), 29 | ${misc:Depends}, 30 | ${shlibs:Depends} 31 | Suggests: 32 | haveged, 33 | kcptun, 34 | simple-obfs 35 | Description: lightweight and secure socks5 proxy 36 | Shadowsocks-libev is a lightweight and secure socks5 proxy for 37 | embedded devices and low end boxes. 38 | . 39 | Shadowsocks-libev was inspired by Shadowsock (in Python). It's rewritten 40 | in pure C and only depends on libev, mbedTLS and a few other tiny 41 | libraries. 42 | 43 | Package: libshadowsocks-libev-dev 44 | Architecture: any 45 | Multi-Arch: same 46 | Section: libdevel 47 | Breaks: shadowsocks-libev (<< 2.4.0) 48 | Depends: 49 | libshadowsocks-libev2 (= ${binary:Version}), 50 | ${misc:Depends} 51 | Description: lightweight and secure socks5 proxy (development files) 52 | Shadowsocks-libev is a lightweight and secure socks5 proxy for 53 | embedded devices and low end boxes. 54 | . 55 | Shadowsocks-libev was inspired by Shadowsock (in Python). It's rewritten 56 | in pure C and only depends on libev, mbedTLS and a few other tiny 57 | libraries. 58 | . 59 | This package provides C header files for the libraries. 60 | 61 | Package: libshadowsocks-libev2 62 | Architecture: any 63 | Multi-Arch: same 64 | Section: libs 65 | Replaces: libshadowsocks-libev1 66 | Breaks: 67 | libshadowsocks-libev1, 68 | shadowsocks-libev (<< 2.4.0) 69 | Pre-Depends: ${misc:Pre-Depends} 70 | Depends: 71 | ${misc:Depends}, 72 | ${shlibs:Depends} 73 | Description: lightweight and secure socks5 proxy (shared library) 74 | Shadowsocks-libev is a lightweight and secure socks5 proxy for 75 | embedded devices and low end boxes. 76 | . 77 | Shadowsocks-libev was inspired by Shadowsock (in Python). It's rewritten 78 | in pure C and only depends on libev, mbedTLS and a few other tiny 79 | libraries. 80 | . 81 | This package provides shared libraries. 82 | -------------------------------------------------------------------------------- /docker/mingw/prepare.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Functions for building MinGW port in Docker 4 | # 5 | # This file is part of the shadowsocks-libev. 6 | # 7 | # shadowsocks-libev is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 3 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # shadowsocks-libev is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with shadowsocks-libev; see the file COPYING. If not, see 19 | # . 20 | # 21 | 22 | # Exit on error 23 | set -e 24 | 25 | # Build options 26 | BASE="/build" 27 | PREFIX="$BASE/stage" 28 | SRC="$BASE/src" 29 | DIST="$BASE/dist" 30 | 31 | # Project URL 32 | PROJ_SITE=$REPO # Change REPO in Makefile 33 | PROJ_REV=$REV # Change REV in Makefile 34 | PROJ_URL=https://github.com/${PROJ_SITE}/shadowsocks-libev.git 35 | 36 | # Libraries from project 37 | 38 | ## libev for MinGW 39 | LIBEV_VER=mingw 40 | LIBEV_SRC=libev-${LIBEV_VER} 41 | LIBEV_URL=https://github.com/${PROJ_SITE}/libev/archive/${LIBEV_VER}.tar.gz 42 | 43 | # Public libraries 44 | 45 | ## mbedTLS 46 | MBEDTLS_VER=2.7.0 47 | MBEDTLS_SRC=mbedtls-${MBEDTLS_VER} 48 | MBEDTLS_URL=https://tls.mbed.org/download/mbedtls-${MBEDTLS_VER}-apache.tgz 49 | 50 | ## Sodium 51 | SODIUM_VER=1.0.16 52 | SODIUM_SRC=libsodium-${SODIUM_VER} 53 | SODIUM_URL=https://download.libsodium.org/libsodium/releases/${SODIUM_SRC}.tar.gz 54 | 55 | ## PCRE 56 | PCRE_VER=8.41 57 | PCRE_SRC=pcre-${PCRE_VER} 58 | PCRE_URL=https://ftp.pcre.org/pub/pcre/${PCRE_SRC}.tar.gz 59 | 60 | ## c-ares 61 | CARES_VER=1.14.0 62 | CARES_SRC=c-ares-${CARES_VER} 63 | CARES_URL=https://c-ares.haxx.se/download/${CARES_SRC}.tar.gz 64 | 65 | # Build steps 66 | 67 | dk_prepare() { 68 | apt-get update -y 69 | apt-get install --no-install-recommends -y \ 70 | mingw-w64 aria2 git make automake autoconf libtool ca-certificates 71 | } 72 | 73 | dk_download() { 74 | mkdir -p "${SRC}" 75 | cd "${SRC}" 76 | DOWN="aria2c --file-allocation=trunc -s10 -x10 -j10 -c" 77 | for pkg in LIBEV SODIUM MBEDTLS PCRE CARES; do 78 | src=${pkg}_SRC 79 | url=${pkg}_URL 80 | out="${!src}".tar.gz 81 | $DOWN ${!url} -o "${out}" 82 | echo "Unpacking ${out}..." 83 | tar zxf ${out} 84 | done 85 | } 86 | -------------------------------------------------------------------------------- /src/common.h: -------------------------------------------------------------------------------- 1 | /* 2 | * common.h - Provide global definitions 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * shadowsocks-libev is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * shadowsocks-libev is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with shadowsocks-libev; see the file COPYING. If not, see 19 | * . 20 | */ 21 | 22 | #ifndef _COMMON_H 23 | #define _COMMON_H 24 | 25 | #ifndef SOL_TCP 26 | #define SOL_TCP IPPROTO_TCP 27 | #endif 28 | 29 | #if defined(MODULE_TUNNEL) || defined(MODULE_REDIR) 30 | #define MODULE_LOCAL 31 | #endif 32 | 33 | #include "crypto.h" 34 | 35 | int init_udprelay(const char *server_host, const char *server_port, 36 | #ifdef MODULE_LOCAL 37 | const struct sockaddr *remote_addr, const int remote_addr_len, 38 | #ifdef MODULE_TUNNEL 39 | const ss_addr_t tunnel_addr, 40 | #endif 41 | #endif 42 | int mtu, crypto_t *crypto, int timeout, const char *iface); 43 | 44 | void free_udprelay(void); 45 | 46 | #ifdef __ANDROID__ 47 | int protect_socket(int fd); 48 | int send_traffic_stat(uint64_t tx, uint64_t rx); 49 | #endif 50 | 51 | #define STAGE_ERROR -1 /* Error detected */ 52 | #define STAGE_INIT 0 /* Initial stage */ 53 | #define STAGE_HANDSHAKE 1 /* Handshake with client */ 54 | #define STAGE_PARSE 2 /* Parse the SOCKS5 header */ 55 | #define STAGE_SNI 3 /* Parse HTTP/SNI header */ 56 | #define STAGE_RESOLVE 4 /* Resolve the hostname */ 57 | #define STAGE_STREAM 5 /* Stream between client and server */ 58 | 59 | /* Vals for long options */ 60 | enum { 61 | GETOPT_VAL_HELP = 257, 62 | GETOPT_VAL_REUSE_PORT, 63 | GETOPT_VAL_FAST_OPEN, 64 | GETOPT_VAL_NODELAY, 65 | GETOPT_VAL_ACL, 66 | GETOPT_VAL_MTU, 67 | GETOPT_VAL_MPTCP, 68 | GETOPT_VAL_PLUGIN, 69 | GETOPT_VAL_PLUGIN_OPTS, 70 | GETOPT_VAL_PASSWORD, 71 | GETOPT_VAL_KEY, 72 | GETOPT_VAL_MANAGER_ADDRESS, 73 | GETOPT_VAL_EXECUTABLE 74 | }; 75 | 76 | #endif // _COMMON_H 77 | -------------------------------------------------------------------------------- /src/jconf.h: -------------------------------------------------------------------------------- 1 | /* 2 | * jconf.h - Define the config data structure 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * shadowsocks-libev is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * shadowsocks-libev is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with shadowsocks-libev; see the file COPYING. If not, see 19 | * . 20 | */ 21 | 22 | #ifndef _JCONF_H 23 | #define _JCONF_H 24 | 25 | #define MAX_PORT_NUM 1024 26 | #define MAX_REMOTE_NUM 10 27 | #define MAX_DSCP_NUM 64 28 | #define MAX_CONF_SIZE 128 * 1024 29 | #define MAX_DNS_NUM 4 30 | #define MAX_CONNECT_TIMEOUT 10 31 | #define MAX_REQUEST_TIMEOUT 60 32 | #define MIN_UDP_TIMEOUT 10 33 | 34 | #define DSCP_EF 0x2E 35 | #define DSCP_MIN 0x0 36 | #define DSCP_MAX 0x3F 37 | #define DSCP_DEFAULT 0x0 38 | #define DSCP_MIN_LEN 2 39 | #define DSCP_MAX_LEN 4 40 | #define DSCP_CS_LEN 3 41 | #define DSCP_AF_LEN 4 42 | 43 | #define TCP_ONLY 0 44 | #define TCP_AND_UDP 1 45 | #define UDP_ONLY 3 46 | 47 | typedef struct { 48 | char *host; 49 | char *port; 50 | } ss_addr_t; 51 | 52 | typedef struct { 53 | char *port; 54 | char *password; 55 | } ss_port_password_t; 56 | 57 | typedef struct { 58 | char *port; 59 | int dscp; 60 | } ss_dscp_t; 61 | 62 | typedef struct { 63 | int remote_num; 64 | ss_addr_t remote_addr[MAX_REMOTE_NUM]; 65 | int port_password_num; 66 | ss_port_password_t port_password[MAX_PORT_NUM]; 67 | char *remote_port; 68 | char *local_addr; 69 | char *local_port; 70 | char *password; 71 | char *key; 72 | char *method; 73 | char *timeout; 74 | char *user; 75 | char *plugin; 76 | char *plugin_opts; 77 | int fast_open; 78 | int reuse_port; 79 | int nofile; 80 | char *nameserver; 81 | int dscp_num; 82 | ss_dscp_t dscp[MAX_DSCP_NUM]; 83 | char *tunnel_address; 84 | int mode; 85 | int mtu; 86 | int mptcp; 87 | int ipv6_first; 88 | int no_delay; 89 | } jconf_t; 90 | 91 | jconf_t *read_jconf(const char *file); 92 | void parse_addr(const char *str, ss_addr_t *addr); 93 | void free_addr(ss_addr_t *addr); 94 | 95 | #endif // _JCONF_H 96 | -------------------------------------------------------------------------------- /src/local.h: -------------------------------------------------------------------------------- 1 | /* 2 | * local.h - Define the client's buffers and callbacks 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _LOCAL_H 24 | #define _LOCAL_H 25 | 26 | #include 27 | 28 | #ifdef HAVE_LIBEV_EV_H 29 | #include 30 | #else 31 | #include 32 | #endif 33 | 34 | #ifdef __MINGW32__ 35 | #include "winsock.h" 36 | #endif 37 | 38 | #include "crypto.h" 39 | #include "jconf.h" 40 | #include "protocol.h" 41 | 42 | #include "common.h" 43 | 44 | typedef struct listen_ctx { 45 | ev_io io; 46 | char *iface; 47 | int remote_num; 48 | int timeout; 49 | int fd; 50 | int mptcp; 51 | struct sockaddr **remote_addr; 52 | } listen_ctx_t; 53 | 54 | typedef struct server_ctx { 55 | ev_io io; 56 | int connected; 57 | struct server *server; 58 | } server_ctx_t; 59 | 60 | typedef struct server { 61 | int fd; 62 | int stage; 63 | 64 | cipher_ctx_t *e_ctx; 65 | cipher_ctx_t *d_ctx; 66 | struct server_ctx *recv_ctx; 67 | struct server_ctx *send_ctx; 68 | struct listen_ctx *listener; 69 | struct remote *remote; 70 | 71 | buffer_t *buf; 72 | buffer_t *abuf; 73 | 74 | ev_timer delayed_connect_watcher; 75 | 76 | struct cork_dllist_item entries; 77 | } server_t; 78 | 79 | typedef struct remote_ctx { 80 | ev_io io; 81 | ev_timer watcher; 82 | 83 | int connected; 84 | struct remote *remote; 85 | } remote_ctx_t; 86 | 87 | typedef struct remote { 88 | int fd; 89 | int direct; 90 | int addr_len; 91 | uint32_t counter; 92 | #ifdef TCP_FASTOPEN_WINSOCK 93 | OVERLAPPED olap; 94 | int connect_ex_done; 95 | #endif 96 | 97 | buffer_t *buf; 98 | 99 | struct remote_ctx *recv_ctx; 100 | struct remote_ctx *send_ctx; 101 | struct server *server; 102 | struct sockaddr_storage addr; 103 | } remote_t; 104 | 105 | #endif // _LOCAL_H 106 | -------------------------------------------------------------------------------- /src/ppbloom.c: -------------------------------------------------------------------------------- 1 | /* 2 | * ppbloom.c - Ping-Pong Bloom Filter for nonce reuse detection 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #include 24 | #include 25 | 26 | #include "bloom.h" 27 | #include "ppbloom.h" 28 | #include "utils.h" 29 | 30 | #define PING 0 31 | #define PONG 1 32 | 33 | static struct bloom ppbloom[2]; 34 | static int bloom_count[2]; 35 | static int current; 36 | static int entries; 37 | static double error; 38 | 39 | int 40 | ppbloom_init(int n, double e) 41 | { 42 | int err; 43 | entries = n / 2; 44 | error = e; 45 | 46 | err = bloom_init(ppbloom + PING, entries, error); 47 | if (err) 48 | return err; 49 | 50 | err = bloom_init(ppbloom + PONG, entries, error); 51 | if (err) 52 | return err; 53 | 54 | bloom_count[PING] = 0; 55 | bloom_count[PONG] = 0; 56 | 57 | current = PING; 58 | 59 | return 0; 60 | } 61 | 62 | int 63 | ppbloom_check(const void *buffer, int len) 64 | { 65 | int ret; 66 | 67 | ret = bloom_check(ppbloom + PING, buffer, len); 68 | if (ret) 69 | return ret; 70 | 71 | ret = bloom_check(ppbloom + PONG, buffer, len); 72 | if (ret) 73 | return ret; 74 | 75 | return 0; 76 | } 77 | 78 | int 79 | ppbloom_add(const void *buffer, int len) 80 | { 81 | int err; 82 | err = bloom_add(ppbloom + current, buffer, len); 83 | if (err == -1) 84 | return err; 85 | 86 | bloom_count[current]++; 87 | 88 | if (bloom_count[current] >= entries) { 89 | bloom_count[current] = 0; 90 | current = current == PING ? PONG : PING; 91 | bloom_free(ppbloom + current); 92 | bloom_init(ppbloom + current, entries, error); 93 | } 94 | 95 | return 0; 96 | } 97 | 98 | void 99 | ppbloom_free() 100 | { 101 | bloom_free(ppbloom + PING); 102 | bloom_free(ppbloom + PONG); 103 | } 104 | -------------------------------------------------------------------------------- /m4/mbedtls.m4: -------------------------------------------------------------------------------- 1 | dnl Check to find the mbed TLS headers/libraries 2 | 3 | AC_DEFUN([ss_MBEDTLS], 4 | [ 5 | 6 | AC_ARG_WITH(mbedtls, 7 | AS_HELP_STRING([--with-mbedtls=DIR], [mbed TLS base directory, or:]), 8 | [mbedtls="$withval" 9 | CFLAGS="$CFLAGS -I$withval/include" 10 | LDFLAGS="$LDFLAGS -L$withval/lib"] 11 | ) 12 | 13 | AC_ARG_WITH(mbedtls-include, 14 | AS_HELP_STRING([--with-mbedtls-include=DIR], [mbed TLS headers directory (without trailing /mbedtls)]), 15 | [mbedtls_include="$withval" 16 | CFLAGS="$CFLAGS -I$withval"] 17 | ) 18 | 19 | AC_ARG_WITH(mbedtls-lib, 20 | AS_HELP_STRING([--with-mbedtls-lib=DIR], [mbed TLS library directory]), 21 | [mbedtls_lib="$withval" 22 | LDFLAGS="$LDFLAGS -L$withval"] 23 | ) 24 | 25 | AC_CHECK_LIB(mbedcrypto, mbedtls_cipher_setup, 26 | [LIBS="-lmbedcrypto $LIBS"], 27 | [AC_MSG_ERROR([mbed TLS libraries not found.])] 28 | ) 29 | 30 | AC_MSG_CHECKING([whether mbedtls supports Cipher Feedback mode or not]) 31 | AC_COMPILE_IFELSE( 32 | [AC_LANG_PROGRAM( 33 | [[ 34 | #include 35 | ]], 36 | [[ 37 | #ifndef MBEDTLS_CIPHER_MODE_CFB 38 | #error Cipher Feedback mode a.k.a CFB not supported by your mbed TLS. 39 | #endif 40 | ]] 41 | )], 42 | [AC_MSG_RESULT([ok])], 43 | [AC_MSG_ERROR([MBEDTLS_CIPHER_MODE_CFB required])] 44 | ) 45 | 46 | 47 | AC_MSG_CHECKING([whether mbedtls supports the ARC4 stream cipher or not]) 48 | AC_COMPILE_IFELSE( 49 | [AC_LANG_PROGRAM( 50 | [[ 51 | #include 52 | ]], 53 | [[ 54 | #ifndef MBEDTLS_ARC4_C 55 | #error the ARC4 stream cipher not supported by your mbed TLS. 56 | #endif 57 | ]] 58 | )], 59 | [AC_MSG_RESULT([ok])], 60 | [AC_MSG_WARN([We will continue without ARC4 stream cipher support, MBEDTLS_ARC4_C required])] 61 | ) 62 | 63 | AC_MSG_CHECKING([whether mbedtls supports the Blowfish block cipher or not]) 64 | AC_COMPILE_IFELSE( 65 | [AC_LANG_PROGRAM( 66 | [[ 67 | #include 68 | ]], 69 | [[ 70 | #ifndef MBEDTLS_BLOWFISH_C 71 | #error the Blowfish block cipher not supported by your mbed TLS. 72 | #endif 73 | ]] 74 | )], 75 | [AC_MSG_RESULT([ok])], 76 | [AC_MSG_WARN([We will continue without Blowfish block cipher support, MBEDTLS_BLOWFISH_C required])] 77 | ) 78 | 79 | AC_MSG_CHECKING([whether mbedtls supports the Camellia block cipher or not]) 80 | AC_COMPILE_IFELSE( 81 | [AC_LANG_PROGRAM( 82 | [[ 83 | #include 84 | ]], 85 | [[ 86 | #ifndef MBEDTLS_CAMELLIA_C 87 | #error the Camellia block cipher not supported by your mbed TLS. 88 | #endif 89 | ]] 90 | )], 91 | [AC_MSG_RESULT([ok])], 92 | [AC_MSG_WARN([We will continue without Camellia block cipher support, MBEDTLS_CAMELLIA_C required])] 93 | ) 94 | ]) 95 | -------------------------------------------------------------------------------- /src/plugin.h: -------------------------------------------------------------------------------- 1 | /* 2 | * acl.h - Define the ACL interface 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _PLUGIN_H 24 | #define _PLUGIN_H 25 | 26 | #define PLUGIN_EXIT_ERROR -2 27 | #define PLUGIN_EXIT_NORMAL -1 28 | #define PLUGIN_RUNNING 0 29 | 30 | enum plugin_mode { 31 | MODE_CLIENT, 32 | MODE_SERVER 33 | }; 34 | 35 | /* 36 | * XXX: Since we have SS plugins and obfsproxy support, for now we will 37 | * do extra check against the plugin name. 38 | * For obfsproxy, we will not follow the SS specified protocol and 39 | * do special routine for obfsproxy. 40 | * This may change when the protocol is finally settled 41 | * 42 | * Main function to start a plugin. 43 | * 44 | * @plugin: name of the plugin 45 | * search from PATH and current directory. 46 | * @plugin_opts: Special options for plugin 47 | * @remote_host: 48 | * CLIENT mode: 49 | * The remote server address, which also runs corresponding plugin 50 | * SERVER mode: 51 | * The real listen address, which plugin will listen to 52 | * @remote_port: 53 | * CLIENT mode: 54 | * The remote server port, which corresponding plugin is listening to 55 | * SERVER mode: 56 | * The real listen port, which plugin will listen to 57 | * @local_host: 58 | * Where ss-libev will connect/listen to. 59 | * Normally localhost for both modes. 60 | * @local_port: 61 | * Where ss-libev will connect/listen to. 62 | * Internal user port. 63 | * @mode: 64 | * Indicates which mode the plugin should run at. 65 | */ 66 | int start_plugin(const char *plugin, 67 | const char *plugin_opts, 68 | const char *remote_host, 69 | const char *remote_port, 70 | const char *local_host, 71 | const char *local_port, 72 | #ifdef __MINGW32__ 73 | uint16_t control_port, 74 | #endif 75 | enum plugin_mode mode); 76 | uint16_t get_local_port(); 77 | void stop_plugin(); 78 | int is_plugin_running(); 79 | 80 | #endif // _PLUGIN_H 81 | -------------------------------------------------------------------------------- /rpm/SOURCES/etc/init.d/shadowsocks-libev: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Script to run Shadowsocks in daemon mode at boot time. 4 | # ScriptAuthor: icyboy 5 | # Revision 1.0 - 14th Sep 2013 6 | #==================================================================== 7 | # Run level information: 8 | # chkconfig: 2345 99 99 9 | # Description: lightweight secured socks5 proxy 10 | # processname: ss-server 11 | # Author: Max Lv ; 12 | # Run "/sbin/chkconfig --add shadowsocks" to add the Run levels. 13 | #==================================================================== 14 | 15 | #==================================================================== 16 | # Paths and variables and system checks. 17 | 18 | # Source function library 19 | . /etc/rc.d/init.d/functions 20 | 21 | # Check that networking is up. 22 | # 23 | [ ${NETWORKING} ="yes" ] || exit 0 24 | 25 | # Daemon 26 | NAME=shadowsocks-server 27 | DAEMON=/usr/bin/ss-server 28 | 29 | # Path to the configuration file. 30 | # 31 | CONF=/etc/shadowsocks-libev/config.json 32 | 33 | #USER="nobody" 34 | #GROUP="nobody" 35 | 36 | # Take care of pidfile permissions 37 | mkdir /var/run/$NAME 2>/dev/null || true 38 | #chown "$USER:$GROUP" /var/run/$NAME 39 | 40 | # Check the configuration file exists. 41 | # 42 | if [ ! -f $CONF ] ; then 43 | echo "The configuration file cannot be found!" 44 | exit 0 45 | fi 46 | 47 | # Path to the lock file. 48 | # 49 | LOCK_FILE=/var/lock/subsys/shadowsocks 50 | 51 | # Path to the pid file. 52 | # 53 | PID=/var/run/$NAME/pid 54 | 55 | 56 | #==================================================================== 57 | 58 | #==================================================================== 59 | # Run controls: 60 | 61 | RETVAL=0 62 | 63 | # Start shadowsocks as daemon. 64 | # 65 | start() { 66 | if [ -f $LOCK_FILE ]; then 67 | echo "$NAME is already running!" 68 | exit 0 69 | else 70 | echo -n $"Starting ${NAME}: " 71 | #daemon --check $DAEMON --user $USER "$DAEMON -f $PID -c $CONF > /dev/null" 72 | daemon $DAEMON -u -c $CONF -f $PID 73 | fi 74 | 75 | RETVAL=$? 76 | [ $RETVAL -eq 0 ] && success 77 | echo 78 | [ $RETVAL -eq 0 ] && touch $LOCK_FILE 79 | return $RETVAL 80 | } 81 | 82 | 83 | # Stop shadowsocks. 84 | # 85 | stop() { 86 | echo -n $"Shutting down ${NAME}: " 87 | killproc -p ${PID} 88 | RETVAL=$? 89 | [ $RETVAL -eq 0 ] 90 | rm -f $LOCK_FILE 91 | rm -f ${PID} 92 | echo 93 | return $RETVAL 94 | } 95 | 96 | # See how we were called. 97 | case "$1" in 98 | start) 99 | start 100 | ;; 101 | stop) 102 | stop 103 | ;; 104 | restart) 105 | stop 106 | start 107 | ;; 108 | condrestart) 109 | if [ -f $LOCK_FILE ]; then 110 | stop 111 | start 112 | RETVAL=$? 113 | fi 114 | ;; 115 | status) 116 | status $DAEMON 117 | RETVAL=$? 118 | ;; 119 | *) 120 | echo $"Usage: $0 {start|stop|restart|condrestart|status}" 121 | RETVAL=1 122 | esac 123 | 124 | exit $RETVAL 125 | -------------------------------------------------------------------------------- /src/server.h: -------------------------------------------------------------------------------- 1 | /* 2 | * server.h - Define shadowsocks server's buffers and callbacks 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _SERVER_H 24 | #define _SERVER_H 25 | 26 | #include 27 | #include 28 | 29 | #ifdef HAVE_LIBEV_EV_H 30 | #include 31 | #else 32 | #include 33 | #endif 34 | 35 | #ifdef __MINGW32__ 36 | #include "winsock.h" 37 | #endif 38 | 39 | #include "crypto.h" 40 | #include "jconf.h" 41 | #include "resolv.h" 42 | 43 | #include "common.h" 44 | 45 | typedef struct listen_ctx { 46 | ev_io io; 47 | int fd; 48 | int timeout; 49 | char *iface; 50 | struct ev_loop *loop; 51 | } listen_ctx_t; 52 | 53 | typedef struct server_ctx { 54 | ev_io io; 55 | ev_timer watcher; 56 | int connected; 57 | struct server *server; 58 | } server_ctx_t; 59 | 60 | #ifdef USE_NFCONNTRACK_TOS 61 | 62 | #include 63 | #include 64 | 65 | struct dscptracker { 66 | struct nf_conntrack *ct; 67 | long unsigned int mark; 68 | unsigned int dscp; 69 | unsigned int packet_count; 70 | }; 71 | 72 | #endif 73 | 74 | struct query; 75 | 76 | typedef struct server { 77 | int fd; 78 | int stage; 79 | int frag; 80 | 81 | buffer_t *buf; 82 | 83 | cipher_ctx_t *e_ctx; 84 | cipher_ctx_t *d_ctx; 85 | struct server_ctx *recv_ctx; 86 | struct server_ctx *send_ctx; 87 | struct listen_ctx *listen_ctx; 88 | struct remote *remote; 89 | 90 | struct query *query; 91 | 92 | struct cork_dllist_item entries; 93 | #ifdef USE_NFCONNTRACK_TOS 94 | struct dscptracker *tracker; 95 | #endif 96 | } server_t; 97 | 98 | typedef struct query { 99 | server_t *server; 100 | char hostname[257]; 101 | } query_t; 102 | 103 | typedef struct remote_ctx { 104 | ev_io io; 105 | int connected; 106 | struct remote *remote; 107 | } remote_ctx_t; 108 | 109 | typedef struct remote { 110 | int fd; 111 | #ifdef TCP_FASTOPEN_WINSOCK 112 | OVERLAPPED olap; 113 | int connect_ex_done; 114 | #endif 115 | buffer_t *buf; 116 | struct remote_ctx *recv_ctx; 117 | struct remote_ctx *send_ctx; 118 | struct server *server; 119 | } remote_t; 120 | 121 | #endif // _SERVER_H 122 | -------------------------------------------------------------------------------- /m4/ax_tls.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # http://www.gnu.org/software/autoconf-archive/ax_tls.html 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_TLS([action-if-found], [action-if-not-found]) 8 | # 9 | # DESCRIPTION 10 | # 11 | # Provides a test for the compiler support of thread local storage (TLS) 12 | # extensions. Defines TLS if it is found. Currently knows about GCC/ICC 13 | # and MSVC. I think SunPro uses the same as GCC, and Borland apparently 14 | # supports either. 15 | # 16 | # LICENSE 17 | # 18 | # Copyright (c) 2008 Alan Woodland 19 | # Copyright (c) 2010 Diego Elio Petteno` 20 | # 21 | # This program is free software: you can redistribute it and/or modify it 22 | # under the terms of the GNU General Public License as published by the 23 | # Free Software Foundation, either version 3 of the License, or (at your 24 | # option) any later version. 25 | # 26 | # This program is distributed in the hope that it will be useful, but 27 | # WITHOUT ANY WARRANTY; without even the implied warranty of 28 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General 29 | # Public License for more details. 30 | # 31 | # You should have received a copy of the GNU General Public License along 32 | # with this program. If not, see . 33 | # 34 | # As a special exception, the respective Autoconf Macro's copyright owner 35 | # gives unlimited permission to copy, distribute and modify the configure 36 | # scripts that are the output of Autoconf when processing the Macro. You 37 | # need not follow the terms of the GNU General Public License when using 38 | # or distributing such scripts, even though portions of the text of the 39 | # Macro appear in them. The GNU General Public License (GPL) does govern 40 | # all other use of the material that constitutes the Autoconf Macro. 41 | # 42 | # This special exception to the GPL applies to versions of the Autoconf 43 | # Macro released by the Autoconf Archive. When you make and distribute a 44 | # modified version of the Autoconf Macro, you may extend this special 45 | # exception to the GPL to apply to your modified version as well. 46 | 47 | #serial 11 48 | 49 | AC_DEFUN([AX_TLS], [ 50 | AC_MSG_CHECKING([for thread local storage (TLS) class]) 51 | AC_CACHE_VAL([ac_cv_tls], 52 | [for ax_tls_keyword in __thread '__declspec(thread)' none; do 53 | AS_CASE([$ax_tls_keyword], 54 | [none], [ac_cv_tls=none ; break], 55 | [AC_TRY_COMPILE( 56 | [#include 57 | static void 58 | foo(void) { 59 | static ] $ax_tls_keyword [ int bar; 60 | exit(1); 61 | }], 62 | [], 63 | [ac_cv_tls=$ax_tls_keyword ; break], 64 | ac_cv_tls=none 65 | )]) 66 | done 67 | ]) 68 | AC_MSG_RESULT([$ac_cv_tls]) 69 | 70 | AS_IF([test "$ac_cv_tls" != "none"], 71 | [AC_DEFINE_UNQUOTED([TLS],[$ac_cv_tls],[If the compiler supports a TLS storage class define it to that here]) 72 | m4_ifnblank([$1],[$1])], 73 | [m4_ifnblank([$2],[$2])]) 74 | ]) 75 | -------------------------------------------------------------------------------- /doc/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | find_program(XMLTO_EXECUTABLE NAMES xmlto) 2 | find_program(ASCIIDOC_EXECUTABLE NAMES asciidoc asciidoc.py) 3 | 4 | # Opt-in doc build option 5 | if (NOT XMLTO_EXECUTABLE OR NOT ASCIIDOC_EXECUTABLE) 6 | option(WITH_DOC_MAN "Build manpage doc" OFF) 7 | else () 8 | option(WITH_DOC_MAN "Build manpage doc" ON) 9 | endif () 10 | 11 | if (NOT ASCIIDOC_EXECUTABLE) 12 | option(WITH_DOC_HTML "Build html doc" OFF) 13 | else () 14 | option(WITH_DOC_HTML "Build html doc" ON) 15 | endif () 16 | 17 | # NOTE For brew user, we have to setup this env var. see `brew info asciidoc' 18 | set(XMLTO_ENV) 19 | set(XMLTO_CATALOG_DIR_MACOS /usr/local/etc/xml/catalog) 20 | if (EXISTS ${XMLTO_CATALOG_DIR_MACOS}) 21 | set(XMLTO_ENV XML_CATALOG_FILES=${XMLTO_CATALOG_DIR_MACOS}) 22 | message(STATUS "Detect xmlto catalog dir ${XMLTO_CATALOG_DIR_MACOS}") 23 | endif () 24 | 25 | set(CMAKE_MANPAGE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/man) 26 | 27 | set(DOC_DIR ${CMAKE_SOURCE_DIR}/doc) 28 | set(XMLTO_OPTS -m ${DOC_DIR}/manpage-normal.xsl -m ${DOC_DIR}/manpage-bold-literal.xsl man) 29 | set(ASCIIDOC_XML_OPTS -b docbook -d manpage -f ${DOC_DIR}/asciidoc.conf -aversion=${PROJECT_VERSION}) 30 | set(ASCIIDOC_HTML_OPTS -b html4 -d article -f ${DOC_DIR}/asciidoc.conf -aversion=${PROJECT_VERSION}) 31 | 32 | 33 | set(MAN_NAMES ss-local.1 ss-manager.1 ss-nat.1 ss-redir.1 ss-server.1 ss-tunnel.1 shadowsocks-libev.8) 34 | set(MAN_FILES) 35 | set(HTML_FILES) 36 | 37 | foreach (manfile IN LISTS MAN_NAMES) 38 | string(REGEX REPLACE \\.. .xml xmlfile ${manfile}) 39 | string(REGEX REPLACE \\.. .asciidoc docfile ${manfile}) 40 | string(REGEX REPLACE \\.. .html htmlfile ${manfile}) 41 | 42 | set(docfile ${DOC_DIR}/${docfile}) 43 | 44 | add_custom_command(OUTPUT ${manfile} 45 | COMMAND ${ASCIIDOC_EXECUTABLE} ${ASCIIDOC_XML_OPTS} -o ${xmlfile} ${docfile} 46 | COMMAND ${CMAKE_COMMAND} -E env ${XMLTO_ENV} ${XMLTO_EXECUTABLE} ${XMLTO_OPTS} ${xmlfile} 47 | # After we built the manpage, the xmlfile is nolongger needed 48 | COMMAND ${CMAKE_COMMAND} -E remove ${xmlfile} 49 | DEPENDS ${docfile} 50 | WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/man 51 | COMMENT "Building manpage ${manfile}" 52 | VERBATIM) 53 | list(APPEND MAN_FILES ${manfile}) 54 | 55 | add_custom_command(OUTPUT ${htmlfile} 56 | COMMAND ${ASCIIDOC_EXECUTABLE} ${ASCIIDOC_HTML_OPTS} -o ${htmlfile} ${docfile} 57 | DEPENDS ${docfile} 58 | WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/html 59 | COMMENT "Building htmlfile ${htmlfile}" 60 | VERBATIM) 61 | list(APPEND HTML_FILES ${htmlfile}) 62 | endforeach () 63 | 64 | add_custom_target(doc-man ALL DEPENDS ${MAN_FILES}) 65 | add_custom_target(doc-html ALL DEPENDS ${HTML_FILES}) 66 | 67 | 68 | if (NOT WITH_DOC_MAN) 69 | set_target_properties(doc-man PROPERTIES EXCLUDE_FROM_ALL TRUE) 70 | else () 71 | install(DIRECTORY ${CMAKE_BINARY_DIR}/man/ 72 | DESTINATION man) 73 | endif () 74 | if (NOT WITH_DOC_HTML) 75 | set_target_properties(doc-html PROPERTIES EXCLUDE_FROM_ALL TRUE) 76 | else () 77 | install(DIRECTORY ${CMAKE_BINARY_DIR}/html/ 78 | DESTINATION doc/html) 79 | endif () 80 | 81 | # This is required for custom command 82 | file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/man) 83 | file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/html) 84 | -------------------------------------------------------------------------------- /src/winsock.h: -------------------------------------------------------------------------------- 1 | /* 2 | * winsock.h - Windows socket compatibility layer 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _WINSOCK_H 24 | #define _WINSOCK_H 25 | 26 | #ifdef __MINGW32__ 27 | 28 | // Target NT6 29 | #ifndef WIN32_LEAN_AND_MEAN 30 | #define WIN32_LEAN_AND_MEAN 31 | #endif 32 | 33 | #if defined(_WIN32_WINNT) && _WIN32_WINNT < 0x0600 34 | #undef _WIN32_WINNT 35 | #endif 36 | 37 | #ifndef _WIN32_WINNT 38 | #define _WIN32_WINNT 0x0600 39 | #endif 40 | 41 | // Winsock headers 42 | #include 43 | #include 44 | #include 45 | #include 46 | 47 | // Override POSIX error number 48 | #ifdef errno 49 | #undef errno 50 | #endif 51 | #define errno WSAGetLastError() 52 | 53 | #ifdef EWOULDBLOCK 54 | #undef EWOULDBLOCK 55 | #endif 56 | #define EWOULDBLOCK WSAEWOULDBLOCK 57 | 58 | #ifdef CONNECT_IN_PROGRESS 59 | #undef CONNECT_IN_PROGRESS 60 | #endif 61 | #define CONNECT_IN_PROGRESS WSAEWOULDBLOCK 62 | 63 | #ifdef EOPNOTSUPP 64 | #undef EOPNOTSUPP 65 | #endif 66 | #define EOPNOTSUPP WSAEOPNOTSUPP 67 | 68 | #ifdef EPROTONOSUPPORT 69 | #undef EPROTONOSUPPORT 70 | #endif 71 | #define EPROTONOSUPPORT WSAEPROTONOSUPPORT 72 | 73 | #ifdef ENOPROTOOPT 74 | #undef ENOPROTOOPT 75 | #endif 76 | #define ENOPROTOOPT WSAENOPROTOOPT 77 | 78 | // Check if ConnectEx supported in header 79 | #ifdef WSAID_CONNECTEX 80 | // Hardcode TCP fast open option 81 | #ifndef TCP_FASTOPEN 82 | #define TCP_FASTOPEN 15 83 | #endif 84 | // Enable TFO support 85 | #define TCP_FASTOPEN_WINSOCK 1 86 | #endif 87 | 88 | // Override close function 89 | #define close(fd) closesocket(fd) 90 | 91 | // Override MinGW functions 92 | #define setsockopt(a,b,c,d,e) setsockopt(a,b,c,(const char *)(d),e) 93 | #define inet_ntop(a,b,c,d) inet_ntop(a,(void *)(b),c,d) 94 | 95 | // Override Windows built-in functions 96 | #ifdef ERROR 97 | #undef ERROR 98 | #endif 99 | #define ERROR(s) ss_error(s) 100 | 101 | #ifdef gai_strerror 102 | #undef gai_strerror 103 | #endif 104 | #define gai_strerror(e) ss_gai_strerror(e) 105 | char *ss_gai_strerror(int ecode); 106 | 107 | // Missing Unix functions 108 | #define sleep(x) Sleep((x) * 1000) 109 | #define bzero(s,n) memset(s,0,n) 110 | #define strndup(s,n) ss_strndup(s,n) 111 | 112 | // Winsock compatibility functions 113 | int setnonblocking(SOCKET socket); 114 | void winsock_init(void); 115 | void winsock_cleanup(void); 116 | #ifdef TCP_FASTOPEN_WINSOCK 117 | LPFN_CONNECTEX winsock_getconnectex(void); 118 | int winsock_dummybind(SOCKET fd, struct sockaddr *sa); 119 | #endif 120 | 121 | #endif // __MINGW32__ 122 | 123 | #endif // _WINSOCK_H 124 | -------------------------------------------------------------------------------- /src/netutils.h: -------------------------------------------------------------------------------- 1 | /* 2 | * netutils.h - Network utilities 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _NETUTILS_H 24 | #define _NETUTILS_H 25 | 26 | #ifdef __MINGW32__ 27 | #include "winsock.h" 28 | #else 29 | #include 30 | #endif 31 | 32 | #ifdef HAVE_LINUX_TCP_H 33 | #include 34 | #elif defined(HAVE_NETINET_TCP_H) 35 | #include 36 | #endif 37 | 38 | #ifdef HAVE_NETDB_H 39 | #include 40 | #endif 41 | 42 | /* Hard coded defines for TCP fast open on Android */ 43 | #ifdef __ANDROID__ 44 | #ifndef TCP_FASTOPEN 45 | #define TCP_FASTOPEN 23 46 | #endif 47 | #ifndef MSG_FASTOPEN 48 | #define MSG_FASTOPEN 0x20000000 49 | #endif 50 | #ifdef TCP_FASTOPEN_CONNECT 51 | #undef TCP_FASTOPEN_CONNECT 52 | #endif 53 | #endif 54 | 55 | /* MPTCP_ENABLED setsockopt values for kernel 4 & 3, best behaviour to be independant of kernel version is to test from newest to the latest values */ 56 | #ifndef MPTCP_ENABLED 57 | static const char mptcp_enabled_values[] = { 42, 26, 0 }; 58 | #else 59 | static const char mptcp_enabled_values[] = { MPTCP_ENABLED, 0 }; 60 | #endif 61 | 62 | #ifndef UPDATE_INTERVAL 63 | #define UPDATE_INTERVAL 5 64 | #endif 65 | 66 | /** byte size of ip4 address */ 67 | #define INET_SIZE 4 68 | /** byte size of ip6 address */ 69 | #define INET6_SIZE 16 70 | 71 | size_t get_sockaddr_len(struct sockaddr *addr); 72 | ssize_t get_sockaddr(char *host, char *port, 73 | struct sockaddr_storage *storage, int block, 74 | int ipv6first); 75 | int set_reuseport(int socket); 76 | 77 | #ifdef SET_INTERFACE 78 | int setinterface(int socket_fd, const char *interface_name); 79 | #endif 80 | 81 | int bind_to_address(int socket_fd, const char *address); 82 | 83 | /** 84 | * Compare two sockaddrs. Imposes an ordering on the addresses. 85 | * Compares address and port. 86 | * @param addr1: address 1. 87 | * @param addr2: address 2. 88 | * @param len: lengths of addr. 89 | * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger. 90 | */ 91 | int sockaddr_cmp(struct sockaddr_storage *addr1, 92 | struct sockaddr_storage *addr2, socklen_t len); 93 | 94 | /** 95 | * Compare two sockaddrs. Compares address, not the port. 96 | * @param addr1: address 1. 97 | * @param addr2: address 2. 98 | * @param len: lengths of addr. 99 | * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger. 100 | */ 101 | int sockaddr_cmp_addr(struct sockaddr_storage *addr1, 102 | struct sockaddr_storage *addr2, socklen_t len); 103 | 104 | int validate_hostname(const char *hostname, const int hostname_len); 105 | 106 | #endif 107 | -------------------------------------------------------------------------------- /docker/mingw/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Functions for building MinGW port in Docker 4 | # 5 | # This file is part of the shadowsocks-libev. 6 | # 7 | # shadowsocks-libev is free software; you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation; either version 3 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # shadowsocks-libev is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with shadowsocks-libev; see the file COPYING. If not, see 19 | # . 20 | # 21 | 22 | # Exit on error 23 | set -e 24 | 25 | . /prepare.sh 26 | 27 | build_proj() { 28 | arch=$1 29 | host=$arch-w64-mingw32 30 | prefix=${DIST}/$arch 31 | dep=${PREFIX}/$arch 32 | 33 | cd "$SRC" 34 | if ! [ -d proj ]; then 35 | git clone ${PROJ_URL} proj 36 | cd proj 37 | git checkout ${PROJ_REV} 38 | git submodule update --init 39 | ./autogen.sh 40 | else 41 | cd proj 42 | fi 43 | ./configure --host=${host} --prefix=${prefix} \ 44 | --disable-documentation \ 45 | --with-ev="$dep" \ 46 | --with-mbedtls="$dep" \ 47 | --with-sodium="$dep" \ 48 | --with-pcre="$dep" \ 49 | --with-cares="$dep" \ 50 | CFLAGS="-DCARES_STATICLIB -DPCRE_STATIC" 51 | make clean 52 | make LDFLAGS="-all-static -L${dep}/lib" 53 | make install-strip 54 | 55 | # Reference SIP003 plugin (Experimental) 56 | [[ "${PLUGIN}" != "true" ]] && return 0 57 | 58 | PLUGIN_URL=https://github.com/${PROJ_SITE}/simple-obfs.git 59 | PLUGIN_REV=master 60 | 61 | cd "$SRC" 62 | if ! [ -d plugin ]; then 63 | git clone ${PLUGIN_URL} plugin 64 | cd plugin 65 | git checkout ${PLUGIN_REV} 66 | git submodule update --init 67 | ./autogen.sh 68 | else 69 | cd plugin 70 | fi 71 | ./configure --host=${host} --prefix=${prefix} \ 72 | --disable-documentation \ 73 | --with-ev="$dep" 74 | make clean 75 | make LDFLAGS="-all-static -L${dep}/lib" 76 | make install-strip 77 | } 78 | 79 | dk_build() { 80 | for arch in i686 x86_64; do 81 | build_proj $arch 82 | done 83 | } 84 | 85 | dk_package() { 86 | rm -rf "$BASE/pack" 87 | mkdir -p "$BASE/pack" 88 | cd "$BASE/pack" 89 | mkdir -p ss-libev-${PROJ_REV} 90 | cd ss-libev-${PROJ_REV} 91 | for bin in local server tunnel; do 92 | cp ${DIST}/i686/bin/ss-${bin}.exe ss-${bin}-x86.exe 93 | cp ${DIST}/x86_64/bin/ss-${bin}.exe ss-${bin}-x64.exe 94 | done 95 | for bin in local server; do 96 | cp ${DIST}/i686/bin/obfs-${bin}.exe obfs-${bin}-x86.exe || true 97 | cp ${DIST}/x86_64/bin/obfs-${bin}.exe obfs-${bin}-x64.exe || true 98 | done 99 | pushd "$SRC/proj" 100 | GIT_REV="$(git rev-parse --short HEAD)" 101 | popd 102 | echo "SHA1 checksum for build $(date +"%y%m%d")-${GIT_REV}" > checksum 103 | for f in *.exe; do 104 | echo " $f:" >> checksum 105 | echo " $(sha1sum $f | cut -d ' ' -f 1)" >> checksum 106 | done 107 | sed -e 's/$/\r/' checksum > checksum.txt 108 | rm -f checksum 109 | cd .. 110 | tar zcf /bin.tgz ss-libev-${PROJ_REV} 111 | } 112 | -------------------------------------------------------------------------------- /src/shadowsocks.h: -------------------------------------------------------------------------------- 1 | /* 2 | * shadowsocks.h - Header files of library interfaces 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * shadowsocks-libev is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * shadowsocks-libev is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with shadowsocks-libev; see the file COPYING. If not, see 19 | * . 20 | */ 21 | 22 | #ifndef _SHADOWSOCKS_H 23 | #define _SHADOWSOCKS_H 24 | 25 | typedef struct { 26 | /* Required */ 27 | char *remote_host; // hostname or ip of remote server 28 | char *local_addr; // local ip to bind 29 | char *method; // encryption method 30 | char *password; // password of remote server 31 | int remote_port; // port number of remote server 32 | int local_port; // port number of local server 33 | int timeout; // connection timeout 34 | 35 | /* Optional, set NULL if not valid */ 36 | char *acl; // file path to acl 37 | char *log; // file path to log 38 | int fast_open; // enable tcp fast open 39 | int mode; // enable udp relay 40 | int mtu; // MTU of interface 41 | int mptcp; // enable multipath TCP 42 | int verbose; // verbose mode 43 | } profile_t; 44 | 45 | /* An example profile 46 | * 47 | * const profile_t EXAMPLE_PROFILE = { 48 | * .remote_host = "example.com", 49 | * .local_addr = "127.0.0.1", 50 | * .method = "bf-cfb", 51 | * .password = "barfoo!", 52 | * .remote_port = 8338, 53 | * .local_port = 1080, 54 | * .timeout = 600; 55 | * .acl = NULL, 56 | * .log = NULL, 57 | * .fast_open = 0, 58 | * .mode = 0, 59 | * .verbose = 0 60 | * }; 61 | */ 62 | 63 | #ifdef __cplusplus 64 | extern "C" { 65 | #endif 66 | 67 | typedef void (*ss_local_callback) (int socks_fd, int udp_fd, void *data); 68 | 69 | /* 70 | * Create and start a shadowsocks local server. 71 | * 72 | * Calling this function will block the current thread forever if the server 73 | * starts successfully. 74 | * 75 | * Make sure start the server in a separate process to avoid any potential 76 | * memory and socket leak. 77 | * 78 | * If failed, -1 is returned. Errors will output to the log file. 79 | */ 80 | int start_ss_local_server(profile_t profile); 81 | 82 | /* 83 | * Create and start a shadowsocks local server, specifying a callback. 84 | * 85 | * The callback is invoked when the local server has started successfully. It passes the SOCKS 86 | * server and UDP relay file descriptors, along with any supplied user data. 87 | * 88 | * Returns -1 on failure. 89 | */ 90 | int start_ss_local_server_with_callback(profile_t profile, ss_local_callback callback, void *udata); 91 | 92 | #ifdef __cplusplus 93 | } 94 | #endif 95 | 96 | // To stop the service on posix system, just kill the daemon process 97 | // kill(pid, SIGKILL); 98 | // Otherwise, If you start the service in a thread, you may need to send a signal SIGUSER1 to the thread. 99 | // pthread_kill(pthread_t, SIGUSR1); 100 | 101 | #endif // _SHADOWSOCKS_H 102 | -------------------------------------------------------------------------------- /src/base64.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2006 Ryan Martell. (rdm4@martellventures.com) 3 | * 4 | * This file is part of FFmpeg. 5 | * 6 | * FFmpeg is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU Lesser General Public 8 | * License as published by the Free Software Foundation; either 9 | * version 2.1 of the License, or (at your option) any later version. 10 | * 11 | * FFmpeg is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | * Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public 17 | * License along with FFmpeg; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 19 | */ 20 | 21 | /** 22 | * @file 23 | * @brief Base64 encode/decode 24 | * @author Ryan Martell (with lots of Michael) 25 | */ 26 | 27 | #ifdef HAVE_CONFIG_H 28 | #include "config.h" 29 | #endif 30 | 31 | #include 32 | #include 33 | 34 | #include "base64.h" 35 | 36 | /* ---------------- private code */ 37 | static const uint8_t map2[] = 38 | { 39 | 0xff, 0xff, 0x3e, 0xff, 0xff, 0x34, 0x35, 0x36, 40 | 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 41 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x01, 42 | 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 43 | 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 44 | 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 45 | 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0x1a, 0x1b, 46 | 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 47 | 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 48 | 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33 49 | }; 50 | 51 | int base64_decode(uint8_t *out, const char *in, int out_size) 52 | { 53 | int i, v; 54 | uint8_t *dst = out; 55 | 56 | v = 0; 57 | for (i = 0; in[i] && in[i] != '='; i++) { 58 | unsigned int index = in[i] - 43; 59 | if (index >= sizeof(map2) || map2[index] == 0xff) 60 | return -1; 61 | v = (v << 6) + map2[index]; 62 | if (i & 3) { 63 | if (dst - out < out_size) { 64 | *dst++ = v >> (6 - 2 * (i & 3)); 65 | } 66 | } 67 | } 68 | 69 | return dst - out; 70 | } 71 | 72 | /***************************************************************************** 73 | * b64_encode: Stolen from VLC's http.c. 74 | * Simplified by Michael. 75 | * Fixed edge cases and made it work from data (vs. strings) by Ryan. 76 | *****************************************************************************/ 77 | 78 | char *base64_encode(char *out, int out_size, const uint8_t *in, int in_size) 79 | { 80 | static const char b64[] = 81 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; 82 | char *ret, *dst; 83 | unsigned i_bits = 0; 84 | int i_shift = 0; 85 | int bytes_remaining = in_size; 86 | 87 | if (in_size >= UINT_MAX / 4 || 88 | out_size < BASE64_SIZE(in_size)) 89 | return NULL; 90 | ret = dst = out; 91 | while (bytes_remaining) { 92 | i_bits = (i_bits << 8) + *in++; 93 | bytes_remaining--; 94 | i_shift += 8; 95 | 96 | do { 97 | *dst++ = b64[(i_bits << 6 >> i_shift) & 0x3f]; 98 | i_shift -= 6; 99 | } while (i_shift > 6 || (bytes_remaining == 0 && i_shift > 0)); 100 | } 101 | while ((dst - ret) & 3) 102 | *dst++ = '='; 103 | *dst = '\0'; 104 | 105 | return ret; 106 | } 107 | -------------------------------------------------------------------------------- /debian/libshadowsocks-libev2.symbols: -------------------------------------------------------------------------------- 1 | libshadowsocks-libev.so.2 libshadowsocks-libev2 #MINVER# 2 | ERROR@Base 2.4.7 3 | FATAL@Base 2.4.7 4 | accept_rule_arg@Base 2.5.6 5 | acl_add_ip@Base 2.4.8 6 | acl_match_host@Base 2.5.6 7 | acl_remove_ip@Base 2.4.7 8 | add_rule@Base 2.5.6 9 | aead_ctx_init@Base 3.0.2 10 | aead_ctx_release@Base 3.0.2 11 | aead_decrypt@Base 3.0.2 12 | aead_decrypt_all@Base 3.0.2 13 | aead_encrypt@Base 3.0.2 14 | aead_encrypt_all@Base 3.0.2 15 | aead_get_cipher_type@Base 3.0.2 16 | aead_init@Base 3.0.2 17 | aead_key_init@Base 3.0.2 18 | balloc@Base 2.4.7 19 | base64_decode@Base 3.0.2 20 | base64_encode@Base 3.0.2 21 | bfree@Base 2.4.7 22 | bind_to_address@Base 2.4.7 23 | bprepend@Base 3.0.2 24 | brealloc@Base 2.4.7 25 | cache_clear@Base 2.5.6 26 | cache_create@Base 2.4.7 27 | cache_delete@Base 2.4.7 28 | cache_insert@Base 2.4.7 29 | cache_key_exist@Base 2.4.7 30 | cache_lookup@Base 2.4.7 31 | cache_remove@Base 2.4.7 32 | check_block_list@Base 2.5.6 33 | cipher_ctx_set_nonce@Base 3.0.2 34 | cipher_key_size@Base 2.4.8 35 | cipher_nonce_size@Base 3.0.2 36 | clear_block_list@Base 2.5.6 37 | create_remote_socket@Base 2.4.7 38 | create_server_socket@Base 2.4.7 39 | crypto_derive_key@Base 3.0.2 40 | crypto_hkdf@Base 3.0.2 41 | crypto_hkdf_expand@Base 3.0.2 42 | crypto_hkdf_extract@Base 3.0.2 43 | crypto_init@Base 3.0.2 44 | crypto_md5@Base 3.0.2 45 | crypto_parse_key@Base 3.0.2 46 | daemonize@Base 2.4.7 47 | free_acl@Base 2.4.7 48 | free_addr@Base 2.4.7 49 | free_block_list@Base 2.6.3 50 | free_cb@Base 2.4.7 51 | free_rules@Base 2.5.6 52 | free_udprelay@Base 2.4.7 53 | get_acl_mode@Base 2.5.6 54 | get_local_port@Base 2.6.3 55 | get_sockaddr@Base 2.4.7 56 | get_sockaddr_len@Base 2.4.7 57 | http_protocol@Base 2.5.6 58 | init_acl@Base 2.4.7 59 | init_block_list@Base 2.5.6 60 | init_rule@Base 2.5.6 61 | init_udprelay@Base 2.4.7 62 | is_plugin_running@Base 2.6.3 63 | json_parse@Base 2.4.7 64 | json_parse_ex@Base 2.4.7 65 | json_value_free@Base 2.4.7 66 | json_value_free_ex@Base 2.4.7 67 | json_value_none@Base 2.4.7 68 | keep_resolving@Base 2.4.7 69 | logfile@Base 2.4.7 70 | lookup_rule@Base 2.5.6 71 | new_rule@Base 2.5.6 72 | new_server_ctx@Base 2.4.7 73 | outbound_block_match_host@Base 2.5.6 74 | parse_addr@Base 2.4.7 75 | plugin_log@Base 2.6.3 76 | ppbloom_add@Base 3.0.5 77 | ppbloom_check@Base 3.0.5 78 | ppbloom_free@Base 3.0.5 79 | ppbloom_init@Base 3.0.5 80 | rand_bytes@Base 2.4.7 81 | read_jconf@Base 2.4.7 82 | remove_from_block_list@Base 2.5.6 83 | remove_rule@Base 2.5.6 84 | reuse_port@Base 3.0.2 85 | run_as@Base 2.4.7 86 | set_nofile@Base 2.4.7 87 | set_reuseport@Base 2.4.7 88 | (arch=!hurd-i386 !kfreebsd-amd64 !kfreebsd-i386)setinterface@Base 2.4.7 89 | setnonblocking@Base 2.4.7 90 | sockaddr_cmp@Base 2.4.7 91 | sockaddr_cmp_addr@Base 2.4.7 92 | ss_align@Base 3.0.2 93 | ss_isnumeric@Base 2.6.3 94 | ss_itoa@Base 2.4.7 95 | ss_malloc@Base 2.4.7 96 | ss_realloc@Base 2.4.7 97 | ss_strndup@Base 2.4.7 98 | start_plugin@Base 2.6.3 99 | start_ss_local_server@Base 2.4.7 100 | stop_plugin@Base 2.6.3 101 | stream_cipher_ctx_init@Base 3.0.2 102 | stream_ctx_init@Base 3.0.2 103 | stream_ctx_release@Base 3.0.2 104 | stream_decrypt@Base 3.0.2 105 | stream_decrypt_all@Base 3.0.2 106 | stream_encrypt@Base 3.0.2 107 | stream_encrypt_all@Base 3.0.2 108 | stream_get_cipher_type@Base 3.0.2 109 | stream_init@Base 3.0.2 110 | stream_key_init@Base 3.0.2 111 | supported_aead_ciphers@Base 3.0.2 112 | supported_stream_ciphers@Base 3.0.2 113 | tls_protocol@Base 2.5.6 114 | trimwhitespace@Base 2.5.6 115 | update_block_list@Base 2.6.3 116 | usage@Base 2.4.7 117 | use_tty@Base 2.4.7 118 | validate_hostname@Base 2.5.6 119 | verbose@Base 2.4.7 120 | -------------------------------------------------------------------------------- /scripts/chroot_build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright 2018 Roger Shimizu 3 | # 4 | # This is free software; you can redistribute it and/or modify 5 | # it under the terms of the GNU General Public License as published by 6 | # the Free Software Foundation; either version 3 of the License, or 7 | # (at your option) any later version. 8 | 9 | set -e 10 | 11 | help_usage() { 12 | cat << EOT 13 | 14 | Call build_deb.sh script in a chrooted environment 15 | Usage: 16 | sudo $(basename $0) [--help|-h] [codename] 17 | 18 | --help|-h Show this usage. 19 | [code name] Debian/Ubuntu release codename 20 | e.g. jessie/stretch/trusty/xenial 21 | 22 | EOT 23 | exit 24 | } 25 | 26 | # POSIX-compliant maint function recommend by devref 27 | # to check for the existence of a command 28 | # https://www.debian.org/doc/manuals/developers-reference/ch06.html#bpp-debian-maint-scripts 29 | pathfind() { 30 | OLDIFS="$IFS" 31 | IFS=: 32 | for p in $PATH; do 33 | if [ -x "$p/$*" ]; then 34 | IFS="$OLDIFS" 35 | return 0 36 | fi 37 | done 38 | IFS="$OLDIFS" 39 | return 1 40 | } 41 | 42 | case "$1" in 43 | wheezy|precise) 44 | echo Sorry, the system $1 is not supported. 45 | ;; 46 | jessie|stretch|buster|testing|unstable|sid) 47 | OSID=debian 48 | REPO=http://deb.debian.org/debian 49 | ;; 50 | trusty|yakkety|zesty|xenial|artful|bionic) 51 | OSID=ubuntu 52 | REPO=http://archive.ubuntu.com/ubuntu 53 | ;; 54 | --help|-h|*) 55 | help_usage 56 | esac 57 | 58 | if ! pathfind debootstrap; then 59 | echo Please install debootstrap package. 60 | exit 1 61 | fi 62 | 63 | OSVER=$1 64 | CHROOT=/tmp/${OSVER}-build-$(date +%Y%m%d%H%M) 65 | TIMESTAMP0=$(date) 66 | 67 | mkdir -p ${CHROOT}/etc 68 | echo en_US.UTF-8 UTF-8 > ${CHROOT}/etc/locale.gen 69 | if ! debootstrap --variant=minbase --include=ca-certificates,git,sudo,wget,whiptail --exclude=upstart,systemd $OSVER $CHROOT $REPO; then 70 | echo debootstrap failed. Please kindly check whether proper sudo or not. 71 | exit 1 72 | fi 73 | case "$OSID" in 74 | debian) 75 | echo deb $REPO ${OSVER} main > ${CHROOT}/etc/apt/sources.list 76 | echo deb $REPO ${OSVER}-updates main >> ${CHROOT}/etc/apt/sources.list 77 | echo deb $REPO-security ${OSVER}/updates main >> ${CHROOT}/etc/apt/sources.list 78 | ;; 79 | ubuntu) 80 | echo deb $REPO $OSVER main universe > ${CHROOT}/etc/apt/sources.list 81 | echo deb $REPO ${OSVER}-updates main universe >> ${CHROOT}/etc/apt/sources.list 82 | echo deb $REPO ${OSVER}-security main universe >> ${CHROOT}/etc/apt/sources.list 83 | ;; 84 | esac 85 | 86 | cat << EOL | chroot $CHROOT 87 | apt-get purge -y udev 88 | apt-get update 89 | apt-get -fy install 90 | apt-get -y upgrade 91 | apt-get -y install --no-install-recommends lsb-release 92 | # dh_auto_test of mbedtls (faketime) depends on /dev/shm. https://bugs.debian.org/778462 93 | mkdir -p ~ /dev/shm 94 | mount tmpfs /dev/shm -t tmpfs 95 | 96 | date > /TIMESTAMP1 97 | git config --global user.email "script@example.com" 98 | git config --global user.name "build script" 99 | if [ -n "$http_proxy" ]; then 100 | git config --global proxy.http $http_proxy 101 | echo Acquire::http::Proxy \"$http_proxy\"\; > /etc/apt/apt.conf 102 | export http_proxy=$http_proxy 103 | export https_proxy=$https_proxy 104 | export no_proxy=$no_proxy 105 | fi 106 | cd /tmp 107 | wget https://raw.githubusercontent.com/shadowsocks/shadowsocks-libev/master/scripts/build_deb.sh 108 | chmod 755 build_deb.sh 109 | ./build_deb.sh 110 | date > /TIMESTAMP2 111 | ./build_deb.sh kcp 112 | umount /dev/shm 113 | EOL 114 | 115 | TIMESTAMP1=$(cat ${CHROOT}/TIMESTAMP1) 116 | TIMESTAMP2=$(cat ${CHROOT}/TIMESTAMP2) 117 | TIMESTAMP3=$(date) 118 | 119 | printf \\n"All built deb packages:"\\n 120 | ls -l ${CHROOT}/tmp/*.deb 121 | echo 122 | echo Start-Time: $TIMESTAMP0 123 | echo ChrootDone: $TIMESTAMP1 124 | echo SsDeb-Done: $TIMESTAMP2 125 | echo \ Kcp-Done : $TIMESTAMP3 126 | -------------------------------------------------------------------------------- /src/Makefile.am: -------------------------------------------------------------------------------- 1 | VERSION_INFO = 2:0:0 2 | 3 | AM_CFLAGS = -g -O2 -Wall -Werror -Wno-deprecated-declarations -fno-strict-aliasing -std=gnu99 -D_GNU_SOURCE 4 | AM_CFLAGS += $(PTHREAD_CFLAGS) 5 | if !USE_SYSTEM_SHARED_LIB 6 | AM_CFLAGS += -I$(top_srcdir)/libbloom 7 | AM_CFLAGS += -I$(top_srcdir)/libipset/include 8 | AM_CFLAGS += -I$(top_srcdir)/libcork/include 9 | endif 10 | AM_CFLAGS += $(LIBPCRE_CFLAGS) 11 | 12 | SS_COMMON_LIBS = $(INET_NTOP_LIB) $(LIBPCRE_LIBS) 13 | if !USE_SYSTEM_SHARED_LIB 14 | SS_COMMON_LIBS += $(top_builddir)/libbloom/libbloom.la \ 15 | $(top_builddir)/libipset/libipset.la \ 16 | $(top_builddir)/libcork/libcork.la 17 | else 18 | SS_COMMON_LIBS += -lbloom -lcork -lcorkipset 19 | endif 20 | SS_COMMON_LIBS += -lev -lsodium -lm 21 | 22 | bin_PROGRAMS = ss-local ss-tunnel ss-server 23 | if !BUILD_WINCOMPAT 24 | bin_PROGRAMS += ss-manager 25 | endif 26 | 27 | sni_src = http.c \ 28 | tls.c 29 | 30 | acl_src = rule.c \ 31 | acl.c 32 | 33 | crypto_src = crypto.c \ 34 | aead.c \ 35 | stream.c \ 36 | ppbloom.c \ 37 | base64.c 38 | 39 | plugin_src = plugin.c 40 | 41 | common_src = utils.c \ 42 | jconf.c \ 43 | json.c \ 44 | udprelay.c \ 45 | cache.c \ 46 | netutils.c 47 | 48 | if BUILD_WINCOMPAT 49 | common_src += winsock.c 50 | endif 51 | 52 | ss_local_SOURCES = local.c \ 53 | $(common_src) \ 54 | $(crypto_src) \ 55 | $(plugin_src) \ 56 | $(sni_src) \ 57 | $(acl_src) 58 | 59 | ss_tunnel_SOURCES = tunnel.c \ 60 | $(common_src) \ 61 | $(crypto_src) \ 62 | $(plugin_src) 63 | 64 | ss_server_SOURCES = resolv.c \ 65 | server.c \ 66 | $(common_src) \ 67 | $(crypto_src) \ 68 | $(plugin_src) \ 69 | $(sni_src) \ 70 | ${acl_src} 71 | 72 | ss_manager_SOURCES = utils.c \ 73 | jconf.c \ 74 | json.c \ 75 | netutils.c \ 76 | manager.c 77 | 78 | ss_local_LDADD = $(SS_COMMON_LIBS) 79 | ss_tunnel_LDADD = $(SS_COMMON_LIBS) 80 | ss_server_LDADD = $(SS_COMMON_LIBS) 81 | ss_manager_LDADD = $(SS_COMMON_LIBS) 82 | ss_local_LDADD += -lcares 83 | ss_tunnel_LDADD += -lcares 84 | ss_server_LDADD += -lcares 85 | ss_manager_LDADD += -lcares 86 | 87 | ss_local_CFLAGS = $(AM_CFLAGS) -DMODULE_LOCAL 88 | ss_tunnel_CFLAGS = $(AM_CFLAGS) -DMODULE_TUNNEL 89 | ss_server_CFLAGS = $(AM_CFLAGS) -DMODULE_REMOTE 90 | ss_manager_CFLAGS = $(AM_CFLAGS) -DMODULE_MANAGER 91 | 92 | if BUILD_REDIRECTOR 93 | bin_SCRIPTS = ss-nat 94 | bin_PROGRAMS += ss-redir 95 | ss_redir_SOURCES = utils.c \ 96 | jconf.c \ 97 | json.c \ 98 | netutils.c \ 99 | cache.c \ 100 | udprelay.c \ 101 | redir.c \ 102 | $(crypto_src) \ 103 | $(plugin_src) 104 | 105 | ss_redir_CFLAGS = $(AM_CFLAGS) -DMODULE_REDIR 106 | ss_redir_LDADD = $(SS_COMMON_LIBS) 107 | ss_redir_LDADD += -lcares 108 | endif 109 | 110 | lib_LTLIBRARIES = libshadowsocks-libev.la 111 | libshadowsocks_libev_la_SOURCES = $(ss_local_SOURCES) 112 | libshadowsocks_libev_la_CFLAGS = $(ss_local_CFLAGS) -DLIB_ONLY 113 | libshadowsocks_libev_la_LDFLAGS = -version-info $(VERSION_INFO) 114 | libshadowsocks_libev_la_LIBADD = $(ss_local_LDADD) 115 | include_HEADERS = shadowsocks.h 116 | 117 | noinst_HEADERS = acl.h crypto.h stream.h aead.h json.h netutils.h redir.h server.h tls.h uthash.h \ 118 | cache.h http.h local.h plugin.h resolv.h tunnel.h utils.h base64.h ppbloom.h \ 119 | common.h jconf.h manager.h protocol.h rule.h socks5.h udprelay.h winsock.h 120 | EXTRA_DIST = ss-nat 121 | -------------------------------------------------------------------------------- /src/rule.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2011 and 2012, Dustin Lundquist 3 | * Copyright (c) 2011 Manuel Kasper 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * 1. Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 | * POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | 28 | #ifdef HAVE_CONFIG_H 29 | #include "config.h" 30 | #endif 31 | 32 | #include 33 | #include 34 | 35 | #include "rule.h" 36 | #include "utils.h" 37 | 38 | static void free_rule(rule_t *); 39 | 40 | rule_t * 41 | new_rule() 42 | { 43 | rule_t *rule; 44 | 45 | rule = calloc(1, sizeof(rule_t)); 46 | if (rule == NULL) { 47 | ERROR("malloc"); 48 | return NULL; 49 | } 50 | 51 | return rule; 52 | } 53 | 54 | int 55 | accept_rule_arg(rule_t *rule, const char *arg) 56 | { 57 | if (rule->pattern == NULL) { 58 | rule->pattern = strdup(arg); 59 | if (rule->pattern == NULL) { 60 | ERROR("strdup failed"); 61 | return -1; 62 | } 63 | } else { 64 | LOGE("Unexpected table rule argument: %s", arg); 65 | return -1; 66 | } 67 | 68 | return 1; 69 | } 70 | 71 | void 72 | add_rule(struct cork_dllist *rules, rule_t *rule) 73 | { 74 | cork_dllist_add(rules, &rule->entries); 75 | } 76 | 77 | int 78 | init_rule(rule_t *rule) 79 | { 80 | if (rule->pattern_re == NULL) { 81 | const char *reerr; 82 | int reerroffset; 83 | 84 | rule->pattern_re = 85 | pcre_compile(rule->pattern, 0, &reerr, &reerroffset, NULL); 86 | if (rule->pattern_re == NULL) { 87 | LOGE("Regex compilation of \"%s\" failed: %s, offset %d", 88 | rule->pattern, reerr, reerroffset); 89 | return 0; 90 | } 91 | } 92 | 93 | return 1; 94 | } 95 | 96 | rule_t * 97 | lookup_rule(const struct cork_dllist *rules, const char *name, size_t name_len) 98 | { 99 | struct cork_dllist_item *curr, *next; 100 | 101 | if (name == NULL) { 102 | name = ""; 103 | name_len = 0; 104 | } 105 | 106 | cork_dllist_foreach_void(rules, curr, next) { 107 | rule_t *rule = cork_container_of(curr, rule_t, entries); 108 | if (pcre_exec(rule->pattern_re, NULL, 109 | name, name_len, 0, 0, NULL, 0) >= 0) 110 | return rule; 111 | } 112 | 113 | return NULL; 114 | } 115 | 116 | void 117 | remove_rule(rule_t *rule) 118 | { 119 | cork_dllist_remove(&rule->entries); 120 | free_rule(rule); 121 | } 122 | 123 | static void 124 | free_rule(rule_t *rule) 125 | { 126 | if (rule == NULL) 127 | return; 128 | 129 | ss_free(rule->pattern); 130 | if (rule->pattern_re != NULL) 131 | pcre_free(rule->pattern_re); 132 | ss_free(rule); 133 | } 134 | -------------------------------------------------------------------------------- /src/android.c: -------------------------------------------------------------------------------- 1 | /* 2 | * android.c - Setup IPC for shadowsocks-android 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | 38 | #include 39 | #include 40 | 41 | #ifdef HAVE_CONFIG_H 42 | #include "config.h" 43 | #endif 44 | 45 | #include "netutils.h" 46 | #include "utils.h" 47 | 48 | int 49 | protect_socket(int fd) 50 | { 51 | int sock; 52 | struct sockaddr_un addr; 53 | 54 | if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { 55 | LOGE("[android] socket() failed: %s (socket fd = %d)\n", strerror(errno), sock); 56 | return -1; 57 | } 58 | 59 | // Set timeout to 3s 60 | struct timeval tv; 61 | tv.tv_sec = 3; 62 | tv.tv_usec = 0; 63 | setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, sizeof(struct timeval)); 64 | setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&tv, sizeof(struct timeval)); 65 | 66 | memset(&addr, 0, sizeof(addr)); 67 | addr.sun_family = AF_UNIX; 68 | strncpy(addr.sun_path, "protect_path", sizeof(addr.sun_path) - 1); 69 | 70 | if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) { 71 | LOGE("[android] connect() failed for protect_path: %s (socket fd = %d)\n", 72 | strerror(errno), sock); 73 | close(sock); 74 | return -1; 75 | } 76 | 77 | if (ancil_send_fd(sock, fd)) { 78 | ERROR("[android] ancil_send_fd"); 79 | close(sock); 80 | return -1; 81 | } 82 | 83 | char ret = 0; 84 | 85 | if (recv(sock, &ret, 1, 0) == -1) { 86 | ERROR("[android] recv"); 87 | close(sock); 88 | return -1; 89 | } 90 | 91 | close(sock); 92 | return ret; 93 | } 94 | 95 | int 96 | send_traffic_stat(uint64_t tx, uint64_t rx) 97 | { 98 | int sock; 99 | struct sockaddr_un addr; 100 | 101 | if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { 102 | LOGE("[android] socket() failed: %s (socket fd = %d)\n", strerror(errno), sock); 103 | return -1; 104 | } 105 | 106 | // Set timeout to 1s 107 | struct timeval tv; 108 | tv.tv_sec = 1; 109 | tv.tv_usec = 0; 110 | setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, sizeof(struct timeval)); 111 | setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&tv, sizeof(struct timeval)); 112 | 113 | memset(&addr, 0, sizeof(addr)); 114 | addr.sun_family = AF_UNIX; 115 | strncpy(addr.sun_path, "stat_path", sizeof(addr.sun_path) - 1); 116 | 117 | if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) { 118 | LOGE("[android] connect() failed for stat_path: %s (socket fd = %d)\n", 119 | strerror(errno), sock); 120 | close(sock); 121 | return -1; 122 | } 123 | 124 | uint64_t stat[2] = { tx, rx }; 125 | 126 | if (send(sock, stat, sizeof(stat), 0) == -1) { 127 | ERROR("[android] send"); 128 | close(sock); 129 | return -1; 130 | } 131 | 132 | close(sock); 133 | } 134 | -------------------------------------------------------------------------------- /doc/ss-tunnel.asciidoc: -------------------------------------------------------------------------------- 1 | ss-tunnel(1) 2 | ============ 3 | 4 | NAME 5 | ---- 6 | ss-tunnel - shadowsocks tools for local port forwarding, libev port 7 | 8 | SYNOPSIS 9 | -------- 10 | *ss-tunnel* 11 | [-uUv6] [-h|--help] 12 | [-s ] [-p ] [-l ] 13 | [-k ] [-m ] [-f ] 14 | [-t ] [-c ] [-i ] 15 | [-b ] [-a ] [-n ] 16 | [-L addr:port] [--mtu ] [--mptcp] [--reuse-port] [--no-delay] 17 | [--plugin ] [--plugin-opts ] 18 | [--key ] 19 | 20 | DESCRIPTION 21 | ----------- 22 | *Shadowsocks-libev* is a lightweight and secure socks5 proxy. 23 | It is a port of the original shadowsocks created by clowwindy. 24 | *Shadowsocks-libev* is written in pure C and takes advantage of libev to 25 | achieve both high performance and low resource consumption. 26 | 27 | *Shadowsocks-libev* consists of five components. 28 | `ss-tunnel`(1) is a tool for local port forwarding. 29 | See 'OPTIONS' section for special option needed by `ss-tunnel`(1). 30 | For more information, check out `shadowsocks-libev`(8). 31 | 32 | OPTIONS 33 | ------- 34 | -s :: 35 | Set the server's hostname or IP. 36 | 37 | -p :: 38 | Set the server's port number. 39 | 40 | -l :: 41 | Set the local port number. 42 | 43 | -k :: 44 | --password :: 45 | Set the password. The server and the client should use the same password. 46 | 47 | --key :: 48 | Set the key directly. The key should be encoded with URL-safe Base64. 49 | 50 | -m :: 51 | Set the cipher. 52 | + 53 | *Shadowsocks-libev* accepts 18 different ciphers: 54 | + 55 | aes-128-gcm, aes-192-gcm, aes-256-gcm, 56 | rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, 57 | aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb, 58 | camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, 59 | chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf. 60 | + 61 | The default cipher is 'chacha20-ietf-poly1305'. 62 | + 63 | If built with PolarSSL or custom OpenSSL libraries, some of 64 | these ciphers may not work. 65 | 66 | -a :: 67 | Run as a specific user. 68 | 69 | -f :: 70 | Start shadowsocks as a daemon with specific pid file. 71 | 72 | -t :: 73 | Set the socket timeout in seconds. The default value is 60. 74 | 75 | -c :: 76 | Use a configuration file. 77 | + 78 | Refer to `shadowsocks-libev`(8) 'CONFIG FILE' section for more details. 79 | 80 | -n :: 81 | Specify max number of open files. 82 | + 83 | Only available on Linux. 84 | 85 | -i :: 86 | Send traffic through specific network interface. 87 | + 88 | For example, there are three interfaces in your device, 89 | which is lo (127.0.0.1), eth0 (192.168.0.1) and eth1 (192.168.0.2). 90 | Meanwhile, you configure `ss-tunnel` to listen on 0.0.0.0:8388 and bind to eth1. 91 | That results the traffic go out through eth1, but not lo nor eth0. 92 | This option is useful to control traffic in multi-interface environment. 93 | 94 | -b :: 95 | Specify local address to bind. 96 | 97 | -u:: 98 | Enable UDP relay. 99 | 100 | -U:: 101 | Enable UDP relay and disable TCP relay. 102 | 103 | -6:: 104 | Resovle hostname to IPv6 address first. 105 | 106 | -L :: 107 | Specify destination server address and port for local port forwarding. 108 | + 109 | Only used and available in tunnel mode. 110 | 111 | --mtu :: 112 | Specify the MTU of your network interface. 113 | 114 | --mptcp:: 115 | Enable Multipath TCP. 116 | + 117 | Only available with MPTCP enabled Linux kernel. 118 | 119 | --reuse-port:: 120 | Enable port reuse. 121 | + 122 | Only available with Linux kernel > 3.9.0. 123 | 124 | --no-delay:: 125 | Enable TCP_NODELAY. 126 | 127 | --plugin :: 128 | Enable SIP003 plugin. (Experimental) 129 | 130 | --plugin-opts :: 131 | Set SIP003 plugin options. (Experimental) 132 | 133 | -v:: 134 | Enable verbose mode. 135 | 136 | -h|--help:: 137 | Print help message. 138 | 139 | SEE ALSO 140 | -------- 141 | `ss-local`(1), 142 | `ss-server`(1), 143 | `ss-redir`(1), 144 | `ss-manager`(1), 145 | `shadowsocks-libev`(8), 146 | `iptables`(8), 147 | /etc/shadowsocks-libev/config.json 148 | -------------------------------------------------------------------------------- /doc/ss-local.asciidoc: -------------------------------------------------------------------------------- 1 | ss-local(1) 2 | =========== 3 | 4 | NAME 5 | ---- 6 | ss-local - shadowsocks client as socks5 proxy, libev port 7 | 8 | SYNOPSIS 9 | -------- 10 | *ss-local* 11 | [-uv6] [-h|--help] 12 | [-s ] [-p ] [-l ] 13 | [-k ] [-m ] [-f ] 14 | [-t ] [-c ] [-i ] 15 | [-a ] [-b ] [-n ] 16 | [--fast-open] [--reuse-port] [--acl ] 17 | [--mtu ] [--no-delay] 18 | [--plugin ] [--plugin-opts ] 19 | [--password ] [--key ] 20 | 21 | DESCRIPTION 22 | ----------- 23 | *Shadowsocks-libev* is a lightweight and secure socks5 proxy. 24 | It is a port of the original shadowsocks created by clowwindy. 25 | *Shadowsocks-libev* is written in pure C and takes advantage of libev to 26 | achieve both high performance and low resource consumption. 27 | 28 | *Shadowsocks-libev* consists of five components. `ss-local`(1) works as a standard 29 | socks5 proxy on local machines to proxy TCP traffic. 30 | For more information, check out `shadowsocks-libev`(8). 31 | 32 | OPTIONS 33 | ------- 34 | 35 | -s :: 36 | Set the server's hostname or IP. 37 | 38 | -p :: 39 | Set the server's port number. 40 | 41 | -l :: 42 | Set the local port number. 43 | 44 | -k :: 45 | --password :: 46 | Set the password. The server and the client should use the same password. 47 | 48 | --key :: 49 | Set the key directly. The key should be encoded with URL-safe Base64. 50 | 51 | -m :: 52 | Set the cipher. 53 | + 54 | *Shadowsocks-libev* accepts 18 different ciphers: 55 | + 56 | aes-128-gcm, aes-192-gcm, aes-256-gcm, 57 | rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, 58 | aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb, 59 | camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, 60 | chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf. 61 | + 62 | The default cipher is 'chacha20-ietf-poly1305'. 63 | + 64 | If built with PolarSSL or custom OpenSSL libraries, some of 65 | these ciphers may not work. 66 | 67 | -a :: 68 | Run as a specific user. 69 | 70 | -f :: 71 | Start shadowsocks as a daemon with specific pid file. 72 | 73 | -t :: 74 | Set the socket timeout in seconds. The default value is 60. 75 | 76 | -c :: 77 | Use a configuration file. 78 | + 79 | Refer to `shadowsocks-libev`(8) 'CONFIG FILE' section for more details. 80 | 81 | -n :: 82 | Specify max number of open files. 83 | + 84 | Only available on Linux. 85 | 86 | -i :: 87 | Send traffic through specific network interface. 88 | + 89 | For example, there are three interfaces in your device, 90 | which is lo (127.0.0.1), eth0 (192.168.0.1) and eth1 (192.168.0.2). 91 | Meanwhile, you configure `ss-local` to listen on 0.0.0.0:8388 and bind to eth1. 92 | That results the traffic go out through eth1, but not lo nor eth0. 93 | This option is useful to control traffic in multi-interface environment. 94 | 95 | -b :: 96 | Specify local address to bind. 97 | 98 | -u:: 99 | Enable UDP relay. 100 | 101 | -U:: 102 | Enable UDP relay and disable TCP relay. 103 | 104 | -6:: 105 | Resovle hostname to IPv6 address first. 106 | 107 | --fast-open:: 108 | Enable TCP fast open. 109 | + 110 | Only available with Linux kernel > 3.7.0. 111 | 112 | --reuse-port:: 113 | Enable port reuse. 114 | + 115 | Only available with Linux kernel > 3.9.0. 116 | 117 | --acl :: 118 | Enable ACL (Access Control List) and specify config file. 119 | 120 | --mtu :: 121 | Specify the MTU of your network interface. 122 | 123 | --mptcp:: 124 | Enable Multipath TCP. 125 | + 126 | Only available with MPTCP enabled Linux kernel. 127 | 128 | --no-delay:: 129 | Enable TCP_NODELAY. 130 | 131 | --plugin :: 132 | Enable SIP003 plugin. (Experimental) 133 | 134 | --plugin-opts :: 135 | Set SIP003 plugin options. (Experimental) 136 | 137 | -v:: 138 | Enable verbose mode. 139 | 140 | -h|--help:: 141 | Print help message. 142 | 143 | EXAMPLE 144 | ------- 145 | `ss-local`(1) can be started from command line and run in foreground. 146 | Here is an example: 147 | .... 148 | # Start ss-local with given parameters 149 | ss-local -s example.com -p 12345 -l 1080 -k foobar -m aes-256-cfb 150 | .... 151 | 152 | SEE ALSO 153 | -------- 154 | `ss-server`(1), 155 | `ss-tunnel`(1), 156 | `ss-redir`(1), 157 | `ss-manager`(1), 158 | `shadowsocks-libev`(8), 159 | `iptables`(8), 160 | /etc/shadowsocks-libev/config.json 161 | 162 | -------------------------------------------------------------------------------- /debian/shadowsocks-libev.init: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ### BEGIN INIT INFO 3 | # Provides: shadowsocks-libev 4 | # Required-Start: $network $local_fs $remote_fs 5 | # Required-Stop: $remote_fs 6 | # Default-Start: 2 3 4 5 7 | # Default-Stop: 0 1 6 8 | # Short-Description: lightweight secured socks5 proxy 9 | # Description: Shadowsocks-libev is a lightweight secured 10 | # socks5 proxy for embedded devices and low end boxes. 11 | ### END INIT INFO 12 | 13 | # Author: Max Lv 14 | 15 | # PATH should only include /usr/ if it runs after the mountnfs.sh script 16 | PATH=/sbin:/usr/sbin:/bin:/usr/bin 17 | DESC=shadowsocks-libev # Introduce a short description here 18 | NAME=shadowsocks-libev # Introduce the short server's name here 19 | DAEMON=/usr/bin/ss-server # Introduce the server's location here 20 | DAEMON_ARGS="" # Arguments to run the daemon with 21 | PIDFILE=/var/run/$NAME/$NAME.pid 22 | SCRIPTNAME=/etc/init.d/$NAME 23 | 24 | # Exit if the package is not installed 25 | [ -x $DAEMON ] || exit 0 26 | 27 | # Read configuration variable file if it is present 28 | [ -r /etc/default/$NAME ] && . /etc/default/$NAME 29 | 30 | [ "$START" = "yes" ] || exit 0 31 | 32 | : ${USER:="nobody"} 33 | : ${GROUP:="nogroup"} 34 | 35 | # Load the VERBOSE setting and other rcS variables 36 | . /lib/init/vars.sh 37 | 38 | # Define LSB log_* functions. 39 | # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. 40 | . /lib/lsb/init-functions 41 | 42 | # 43 | # Function that starts the daemon/service 44 | # 45 | do_start() 46 | { 47 | # Modify the file descriptor limit 48 | ulimit -n ${MAXFD} 49 | 50 | # Take care of pidfile permissions 51 | mkdir /var/run/$NAME 2>/dev/null || true 52 | chown "$USER:$GROUP" /var/run/$NAME 53 | 54 | # Return 55 | # 0 if daemon has been started 56 | # 1 if daemon was already running 57 | # 2 if daemon could not be started 58 | start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid $USER:$GROUP --exec $DAEMON --test > /dev/null \ 59 | || return 1 60 | start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid $USER:$GROUP --exec $DAEMON -- \ 61 | -c "$CONFFILE" -u -f $PIDFILE $DAEMON_ARGS \ 62 | || return 2 63 | } 64 | 65 | # 66 | # Function that stops the daemon/service 67 | # 68 | do_stop() 69 | { 70 | # Return 71 | # 0 if daemon has been stopped 72 | # 1 if daemon was already stopped 73 | # 2 if daemon could not be stopped 74 | # other if a failure occurred 75 | start-stop-daemon --stop --quiet --retry=TERM/5 --pidfile $PIDFILE --exec $DAEMON 76 | RETVAL="$?" 77 | [ "$RETVAL" = 2 ] && return 2 78 | # Wait for children to finish too if this is a daemon that forks 79 | # and if the daemon is only ever run from this initscript. 80 | # If the above conditions are not satisfied then add some other code 81 | # that waits for the process to drop all resources that could be 82 | # needed by services started subsequently. A last resort is to 83 | # sleep for some time. 84 | start-stop-daemon --stop --quiet --oknodo --retry=KILL/5 --exec $DAEMON 85 | [ "$?" = 2 ] && return 2 86 | # Many daemons don't delete their pidfiles when they exit. 87 | rm -f $PIDFILE 88 | return "$RETVAL" 89 | } 90 | 91 | 92 | case "$1" in 93 | start) 94 | [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" 95 | do_start 96 | case "$?" in 97 | 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 98 | 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; 99 | esac 100 | ;; 101 | stop) 102 | [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" 103 | do_stop 104 | case "$?" in 105 | 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 106 | 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; 107 | esac 108 | ;; 109 | status) 110 | status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? 111 | ;; 112 | restart|force-reload) 113 | log_daemon_msg "Restarting $DESC" "$NAME" 114 | do_stop 115 | case "$?" in 116 | 0|1) 117 | do_start 118 | case "$?" in 119 | 0) log_end_msg 0 ;; 120 | 1) log_end_msg 1 ;; # Old process is still running 121 | *) log_end_msg 1 ;; # Failed to start 122 | esac 123 | ;; 124 | *) 125 | # Failed to stop 126 | log_end_msg 1 127 | ;; 128 | esac 129 | ;; 130 | *) 131 | echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 132 | exit 3 133 | ;; 134 | esac 135 | 136 | : 137 | -------------------------------------------------------------------------------- /docker/alpine/README.md: -------------------------------------------------------------------------------- 1 | # Shadowsocks-libev Docker Image 2 | 3 | [shadowsocks-libev][1] is a lightweight secured socks5 proxy for embedded 4 | devices and low end boxes. It is a port of [shadowsocks][2] created by 5 | @clowwindy maintained by @madeye and @linusyang. 6 | 7 | Docker images are built for quick deployment in various computing cloud providers. For more information on docker and containerization technologies, refer to [official document][9]. 8 | 9 | ## Prepare the host 10 | 11 | Many cloud providers offer docker-ready environments, for instance the [CoreOS Droplet in DigitalOcean][10] or the [Container-Optimized OS in Google Cloud][11]. 12 | 13 | If you need to install docker yourself, follow the [official installation guide][12]. 14 | 15 | ## Pull the image 16 | 17 | ```bash 18 | $ docker pull shadowsocks/shadowsocks-libev 19 | ``` 20 | This pulls the latest release of shadowsocks-libev. 21 | 22 | You can also choose to pull a previous release or to try the bleeding edge build: 23 | ```bash 24 | $ docker pull shadowsocks/shadowsocks-libev: 25 | $ docker pull shadowsocks/shadowsocks-libev:edge 26 | ``` 27 | > A list of supported tags can be found at [Docker Hub][13]. 28 | 29 | ## Start a container 30 | 31 | ```bash 32 | $ docker run -p 8388:8388 -p 8388:8388/udp -d --restart always shadowsocks/shadowsocks-libev:latest 33 | ``` 34 | This starts a container of the latest release with all the default settings, which is equivalent to 35 | ```bash 36 | $ ss-server -s 0.0.0.0 -p 8388 -k "$(hostname)" -m aes-256-cfb -t 300 --fast-open -d 8.8.8.8 -d 8.8.4.4 -u 37 | ``` 38 | > **Note**: It's the hostname in the container that is used as the password, not that of the host. 39 | 40 | ### With custom port 41 | 42 | In most cases you'll want to change a thing or two, for instance the port which the server listens on. This is done by changing the `-p` arguments. 43 | 44 | Here's an example to start a container that listens on `28388` (both TCP and UDP): 45 | ```bash 46 | $ docker run -p 28388:8388 -p 28388:8388/udp -d --restart always shadowsocks/shadowsocks-libev 47 | ``` 48 | 49 | ### With custom password 50 | 51 | Another thing you may want to change is the password. To change that, you can pass your own password as an environment variable when starting the container. 52 | 53 | Here's an example to start a container with `9MLSpPmNt` as the password: 54 | ```bash 55 | $ docker run -e PASSWORD=9MLSpPmNt -p 8388:8388 -p 8388:8388/udp -d --restart always shadowsocks/shadowsocks-libev 56 | ``` 57 | > :warning: Click [here][6] to generate a strong password to protect your server. 58 | 59 | ### With other customizations 60 | Besides `PASSWORD`, the image also defines the following environment variables that you can customize: 61 | * `SERVER_ADDR`: the IP/domain to bind to, defaults to `0.0.0.0` 62 | * `METHOD`: encryption method to use, defaults to `aes-256-cfb` 63 | * `TIMEOUT`: defaults to `300` 64 | * `DNS_ADDR`, `DNS_ADDR_2`: DNS servers to redirect NS lookup requests to, defaults to `8.8.8.8` and `8.8.4.4` 65 | 66 | Additional arguments supported by `ss-server` can be passed with the environment variable `ARGS`, for instance to start in verbose mode: 67 | ```bash 68 | $ docker run -e ARGS=-v -p 8388:8388 -p 8388:8388/udp -d --restart always shadowsocks/shadowsocks-libev:latest 69 | ``` 70 | 71 | ## Use docker-compose to manage (optional) 72 | 73 | It is very handy to use [docker-compose][7] to manage docker containers. 74 | You can download the binary at . 75 | 76 | This is a sample `docker-compose.yml` file. 77 | 78 | ```yaml 79 | shadowsocks: 80 | image: shadowsocks/shadowsocks-libev 81 | ports: 82 | - "8388:8388" 83 | environment: 84 | - METHOD=aes-256-cfb 85 | - PASSWORD=9MLSpPmNt 86 | restart: always 87 | ``` 88 | 89 | It is highly recommended that you setup a directory tree to make things easy to manage. 90 | 91 | ```bash 92 | $ mkdir -p ~/fig/shadowsocks/ 93 | $ cd ~/fig/shadowsocks/ 94 | $ curl -sSLO https://github.com/shadowsocks/shadowsocks-libev/raw/master/docker/alpine/docker-compose.yml 95 | $ docker-compose up -d 96 | $ docker-compose ps 97 | ``` 98 | 99 | ## Finish 100 | 101 | At last, download shadowsocks client [here][8]. 102 | Don't forget to share internet with your friends. 103 | 104 | ```yaml 105 | { 106 | "server": "your-vps-ip", 107 | "server_port": 8388, 108 | "local_address": "0.0.0.0", 109 | "local_port": 1080, 110 | "password": "9MLSpPmNt", 111 | "timeout": 600, 112 | "method": "aes-256-cfb" 113 | } 114 | ``` 115 | 116 | [1]: https://github.com/shadowsocks/shadowsocks-libev 117 | [2]: https://shadowsocks.org/en/index.html 118 | [6]: https://duckduckgo.com/?q=password+12&t=ffsb&ia=answer 119 | [7]: https://github.com/docker/compose 120 | [8]: https://shadowsocks.org/en/download/clients.html 121 | [9]: https://docs.docker.com/ 122 | [10]: https://www.digitalocean.com/products/linux-distribution/coreos/ 123 | [11]: https://cloud.google.com/container-optimized-os/ 124 | [12]: https://docs.docker.com/install/ 125 | [13]: https://hub.docker.com/r/shadowsocks/shadowsocks-libev/tags/ 126 | -------------------------------------------------------------------------------- /m4/pcre.m4: -------------------------------------------------------------------------------- 1 | dnl -------------------------------------------------------- -*- autoconf -*- 2 | dnl Licensed to the Apache Software Foundation (ASF) under one or more 3 | dnl contributor license agreements. See the NOTICE file distributed with 4 | dnl this work for additional information regarding copyright ownership. 5 | dnl The ASF licenses this file to You under the Apache License, Version 2.0 6 | dnl (the "License"); you may not use this file except in compliance with 7 | dnl the License. You may obtain a copy of the License at 8 | dnl 9 | dnl http://www.apache.org/licenses/LICENSE-2.0 10 | dnl 11 | dnl Unless required by applicable law or agreed to in writing, software 12 | dnl distributed under the License is distributed on an "AS IS" BASIS, 13 | dnl WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | dnl See the License for the specific language governing permissions and 15 | dnl limitations under the License. 16 | 17 | dnl 18 | dnl TS_ADDTO(variable, value) 19 | dnl 20 | dnl Add value to variable 21 | dnl 22 | AC_DEFUN([TS_ADDTO], [ 23 | if test "x$$1" = "x"; then 24 | test "x$verbose" = "xyes" && echo " setting $1 to \"$2\"" 25 | $1="$2" 26 | else 27 | ats_addto_bugger="$2" 28 | for i in $ats_addto_bugger; do 29 | ats_addto_duplicate="0" 30 | for j in $$1; do 31 | if test "x$i" = "x$j"; then 32 | ats_addto_duplicate="1" 33 | break 34 | fi 35 | done 36 | if test $ats_addto_duplicate = "0"; then 37 | test "x$verbose" = "xyes" && echo " adding \"$i\" to $1" 38 | $1="$$1 $i" 39 | fi 40 | done 41 | fi 42 | ])dnl 43 | 44 | dnl 45 | dnl TS_ADDTO_RPATH(path) 46 | dnl 47 | dnl Adds path to variable with the '-rpath' directive. 48 | dnl 49 | AC_DEFUN([TS_ADDTO_RPATH], [ 50 | AC_MSG_NOTICE([adding $1 to RPATH]) 51 | TS_ADDTO(LIBTOOL_LINK_FLAGS, [-R$1]) 52 | ])dnl 53 | 54 | dnl 55 | dnl pcre.m4: Trafficserver's pcre autoconf macros 56 | dnl 57 | 58 | dnl 59 | dnl TS_CHECK_PCRE: look for pcre libraries and headers 60 | dnl 61 | AC_DEFUN([TS_CHECK_PCRE], [ 62 | enable_pcre=no 63 | AC_ARG_WITH(pcre, [AC_HELP_STRING([--with-pcre=DIR],[use a specific pcre library])], 64 | [ 65 | if test "x$withval" != "xyes" && test "x$withval" != "x"; then 66 | pcre_base_dir="$withval" 67 | if test "$withval" != "no"; then 68 | enable_pcre=yes 69 | case "$withval" in 70 | *":"*) 71 | pcre_include="`echo $withval |sed -e 's/:.*$//'`" 72 | pcre_ldflags="`echo $withval |sed -e 's/^.*://'`" 73 | AC_MSG_CHECKING(checking for pcre includes in $pcre_include libs in $pcre_ldflags ) 74 | ;; 75 | *) 76 | pcre_include="$withval/include" 77 | pcre_ldflags="$withval/lib" 78 | AC_MSG_CHECKING(checking for pcre includes in $withval) 79 | ;; 80 | esac 81 | fi 82 | fi 83 | ], 84 | [ 85 | AC_CHECK_PROG(PCRE_CONFIG, pcre-config, pcre-config) 86 | if test "x$PCRE_CONFIG" != "x"; then 87 | enable_pcre=yes 88 | pcre_base_dir="`$PCRE_CONFIG --prefix`" 89 | pcre_include="`$PCRE_CONFIG --cflags | sed -es/-I//`" 90 | pcre_ldflags="`$PCRE_CONFIG --libs | sed -es/-lpcre// -es/-L//`" 91 | fi 92 | ]) 93 | 94 | if test "x$pcre_base_dir" = "x"; then 95 | AC_MSG_CHECKING([for pcre location]) 96 | AC_CACHE_VAL(ats_cv_pcre_dir,[ 97 | for dir in /usr/local /usr ; do 98 | if test -d $dir && ( test -f $dir/include/pcre.h || test -f $dir/include/pcre/pcre.h ); then 99 | ats_cv_pcre_dir=$dir 100 | break 101 | fi 102 | done 103 | ]) 104 | pcre_base_dir=$ats_cv_pcre_dir 105 | if test "x$pcre_base_dir" = "x"; then 106 | enable_pcre=no 107 | AC_MSG_RESULT([not found]) 108 | else 109 | enable_pcre=yes 110 | pcre_include="$pcre_base_dir/include" 111 | pcre_ldflags="$pcre_base_dir/lib" 112 | AC_MSG_RESULT([$pcre_base_dir]) 113 | fi 114 | else 115 | AC_MSG_CHECKING(for pcre headers in $pcre_include) 116 | if test -d $pcre_include && test -d $pcre_ldflags && ( test -f $pcre_include/pcre.h || test -f $pcre_include/pcre/pcre.h ); then 117 | AC_MSG_RESULT([ok]) 118 | else 119 | AC_MSG_RESULT([not found]) 120 | fi 121 | fi 122 | 123 | pcreh=0 124 | pcre_pcreh=0 125 | if test "$enable_pcre" != "no"; then 126 | saved_ldflags=$LDFLAGS 127 | saved_cppflags=$CFLAGS 128 | pcre_have_headers=0 129 | pcre_have_libs=0 130 | if test "$pcre_base_dir" != "/usr"; then 131 | TS_ADDTO(CFLAGS, [-I${pcre_include}]) 132 | TS_ADDTO(CFLAGS, [-DPCRE_STATIC]) 133 | TS_ADDTO(LDFLAGS, [-L${pcre_ldflags}]) 134 | TS_ADDTO_RPATH(${pcre_ldflags}) 135 | fi 136 | AC_SEARCH_LIBS([pcre_exec], [pcre], [pcre_have_libs=1]) 137 | if test "$pcre_have_libs" != "0"; then 138 | AC_CHECK_HEADERS(pcre.h, [pcre_have_headers=1]) 139 | AC_CHECK_HEADERS(pcre/pcre.h, [pcre_have_headers=1]) 140 | fi 141 | if test "$pcre_have_headers" != "0"; then 142 | AC_DEFINE(HAVE_LIBPCRE,1,[Compiling with pcre support]) 143 | AC_SUBST(LIBPCRE, [-lpcre]) 144 | else 145 | enable_pcre=no 146 | CFLAGS=$saved_cppflags 147 | LDFLAGS=$saved_ldflags 148 | fi 149 | fi 150 | AC_SUBST(pcreh) 151 | AC_SUBST(pcre_pcreh) 152 | ]) 153 | -------------------------------------------------------------------------------- /src/crypto.h: -------------------------------------------------------------------------------- 1 | /* 2 | * crypto.h - Define the enryptor's interface 3 | * 4 | * Copyright (C) 2013 - 2018, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have recenonceed a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _CRYPTO_H 24 | #define _CRYPTO_H 25 | 26 | #ifndef __MINGW32__ 27 | #include 28 | #endif 29 | #include 30 | #include 31 | #include 32 | 33 | #ifdef HAVE_STDINT_H 34 | #include 35 | #elif HAVE_INTTYPES_H 36 | #include 37 | #endif 38 | 39 | /* Definations for mbedTLS */ 40 | #include 41 | #include 42 | typedef mbedtls_cipher_info_t cipher_kt_t; 43 | typedef mbedtls_cipher_context_t cipher_evp_t; 44 | typedef mbedtls_md_info_t digest_type_t; 45 | #define MAX_KEY_LENGTH 64 46 | #define MAX_NONCE_LENGTH 32 47 | #define MAX_MD_SIZE MBEDTLS_MD_MAX_SIZE 48 | /* we must have MBEDTLS_CIPHER_MODE_CFB defined */ 49 | #if !defined(MBEDTLS_CIPHER_MODE_CFB) 50 | #error Cipher Feedback mode a.k.a CFB not supported by your mbed TLS. 51 | #endif 52 | #ifndef MBEDTLS_GCM_C 53 | #error No GCM support detected 54 | #endif 55 | #ifdef crypto_aead_xchacha20poly1305_ietf_ABYTES 56 | #define FS_HAVE_XCHACHA20IETF 57 | #endif 58 | 59 | #define ADDRTYPE_MASK 0xF 60 | 61 | #define CRYPTO_ERROR -2 62 | #define CRYPTO_NEED_MORE -1 63 | #define CRYPTO_OK 0 64 | 65 | #define min(a, b) (((a) < (b)) ? (a) : (b)) 66 | #define max(a, b) (((a) > (b)) ? (a) : (b)) 67 | 68 | #define SUBKEY_INFO "ss-subkey" 69 | #define IV_INFO "ss-iv" 70 | 71 | #ifndef BF_NUM_ENTRIES_FOR_SERVER 72 | #define BF_NUM_ENTRIES_FOR_SERVER 1e6 73 | #endif 74 | 75 | #ifndef BF_NUM_ENTRIES_FOR_CLIENT 76 | #define BF_NUM_ENTRIES_FOR_CLIENT 1e4 77 | #endif 78 | 79 | #ifndef BF_ERROR_RATE_FOR_SERVER 80 | #define BF_ERROR_RATE_FOR_SERVER 1e-6 81 | #endif 82 | 83 | #ifndef BF_ERROR_RATE_FOR_CLIENT 84 | #define BF_ERROR_RATE_FOR_CLIENT 1e-15 85 | #endif 86 | 87 | typedef struct buffer { 88 | size_t idx; 89 | size_t len; 90 | size_t capacity; 91 | char *data; 92 | } buffer_t; 93 | 94 | typedef struct { 95 | int method; 96 | int skey; 97 | cipher_kt_t *info; 98 | size_t nonce_len; 99 | size_t key_len; 100 | size_t tag_len; 101 | uint8_t key[MAX_KEY_LENGTH]; 102 | } cipher_t; 103 | 104 | typedef struct { 105 | uint32_t init; 106 | uint64_t counter; 107 | cipher_evp_t *evp; 108 | cipher_t *cipher; 109 | buffer_t *chunk; 110 | uint8_t salt[MAX_KEY_LENGTH]; 111 | uint8_t skey[MAX_KEY_LENGTH]; 112 | uint8_t nonce[MAX_NONCE_LENGTH]; 113 | } cipher_ctx_t; 114 | 115 | typedef struct crypto { 116 | cipher_t *cipher; 117 | 118 | int(*const encrypt_all)(buffer_t *, cipher_t *, size_t); 119 | int(*const decrypt_all)(buffer_t *, cipher_t *, size_t); 120 | int(*const encrypt)(buffer_t *, cipher_ctx_t *, size_t); 121 | int(*const decrypt)(buffer_t *, cipher_ctx_t *, size_t); 122 | 123 | void(*const ctx_init)(cipher_t *, cipher_ctx_t *, int); 124 | void(*const ctx_release)(cipher_ctx_t *); 125 | } crypto_t; 126 | 127 | int balloc(buffer_t *, size_t); 128 | int brealloc(buffer_t *, size_t, size_t); 129 | int bprepend(buffer_t *, buffer_t *, size_t); 130 | void bfree(buffer_t *); 131 | int rand_bytes(void *, int); 132 | 133 | crypto_t *crypto_init(const char *, const char *, const char *); 134 | unsigned char *crypto_md5(const unsigned char *, size_t, unsigned char *); 135 | 136 | int crypto_derive_key(const char *, uint8_t *, size_t); 137 | int crypto_parse_key(const char *, uint8_t *, size_t); 138 | int crypto_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt, 139 | int salt_len, const unsigned char *ikm, int ikm_len, 140 | const unsigned char *info, int info_len, unsigned char *okm, 141 | int okm_len); 142 | int crypto_hkdf_extract(const mbedtls_md_info_t *md, const unsigned char *salt, 143 | int salt_len, const unsigned char *ikm, int ikm_len, 144 | unsigned char *prk); 145 | int crypto_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk, 146 | int prk_len, const unsigned char *info, int info_len, 147 | unsigned char *okm, int okm_len); 148 | #ifdef SS_DEBUG 149 | void dump(char *tag, char *text, int len); 150 | #endif 151 | 152 | extern struct cache *nonce_cache; 153 | extern const char *supported_stream_ciphers[]; 154 | extern const char *supported_aead_ciphers[]; 155 | 156 | #endif // _CRYPTO_H 157 | -------------------------------------------------------------------------------- /tests/test.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | # 4 | # Copyright 2015 clowwindy 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); you may 7 | # not use this file except in compliance with the License. You may obtain 8 | # a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 14 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 15 | # License for the specific language governing permissions and limitations 16 | # under the License. 17 | 18 | from __future__ import absolute_import, division, print_function, \ 19 | with_statement 20 | 21 | import sys 22 | import os 23 | import signal 24 | import select 25 | import time 26 | import argparse 27 | from subprocess import Popen, PIPE 28 | 29 | default_url = 'http://www.google.com/' 30 | 31 | parser = argparse.ArgumentParser(description='test Shadowsocks') 32 | parser.add_argument('-c', '--client-conf', type=str, default=None) 33 | parser.add_argument('-s', '--server-conf', type=str, default=None) 34 | parser.add_argument('-a', '--client-args', type=str, default=None) 35 | parser.add_argument('-b', '--server-args', type=str, default=None) 36 | parser.add_argument('--should-fail', action='store_true', default=None) 37 | parser.add_argument('--url', type=str, default=default_url) 38 | parser.add_argument('--dns', type=str, default='8.8.8.8') 39 | parser.add_argument('--bin', type=str, default='') 40 | 41 | config = parser.parse_args() 42 | 43 | client_args = ['%s%s' % (config.bin, 'ss-local'), '-v'] 44 | server_args = ['%s%s' % (config.bin, 'ss-server'), '-v', '-u'] 45 | tunnel_args = ['%s%s' % (config.bin, 'ss-tunnel'), '-v', '-u', '-l1082', '-L%s:53' % config.dns] 46 | 47 | if config.client_conf: 48 | client_args.extend(['-c', config.client_conf]) 49 | tunnel_args.extend(['-c', config.client_conf]) 50 | if config.server_conf: 51 | server_args.extend(['-c', config.server_conf]) 52 | else: 53 | server_args.extend(['-c', config.client_conf]) 54 | 55 | if config.client_args: 56 | client_args.extend(config.client_args.split()) 57 | tunnel_args.extend(config.client_args.split()) 58 | if config.server_args: 59 | server_args.extend(config.server_args.split()) 60 | else: 61 | server_args.extend(config.client_args.split()) 62 | 63 | p1 = Popen(server_args, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True) 64 | p2 = Popen(client_args, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True) 65 | p5 = Popen(tunnel_args, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True) 66 | p3 = None 67 | p4 = None 68 | p3_fin = False 69 | p4_fin = False 70 | 71 | # 1 shadowsocks started 72 | # 2 curl started 73 | # 3 curl finished 74 | # 4 dig started 75 | # 5 dig finished 76 | stage = 1 77 | 78 | try: 79 | fdset = [] 80 | time.sleep(2) 81 | 82 | p3 = Popen(['curl', config.url, '-v', '-L', 83 | '--socks5-hostname', '127.0.0.1:1081', 84 | '-m', '15', '--connect-timeout', '10'], 85 | stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True) 86 | if p3 is not None: 87 | fdset.append(p3.stdout) 88 | fdset.append(p3.stderr) 89 | stage = 2 90 | else: 91 | sys.exit(1) 92 | 93 | while True: 94 | r, w, e = select.select(fdset, [], fdset) 95 | if e: 96 | break 97 | 98 | for fd in r: 99 | line = fd.readline() 100 | if not line: 101 | if stage == 2 and fd == p3.stdout: 102 | stage = 3 103 | if stage == 4 and fd == p4.stdout: 104 | stage = 5 105 | if bytes != str: 106 | line = str(line, 'utf8') 107 | sys.stderr.write(line) 108 | 109 | if stage == 3 and p3 is not None: 110 | fdset.remove(p3.stdout) 111 | fdset.remove(p3.stderr) 112 | r = p3.wait() 113 | if config.should_fail: 114 | if r == 0: 115 | sys.exit(1) 116 | else: 117 | if r != 0: 118 | sys.exit(1) 119 | p4 = Popen(['dig', '@127.0.0.1', '-p1082', 120 | 'www.google.com'], 121 | stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True) 122 | if p4 is not None: 123 | fdset.append(p4.stdout) 124 | fdset.append(p4.stderr) 125 | stage = 4 126 | else: 127 | sys.exit(1) 128 | 129 | if stage == 5: 130 | r = p4.wait() 131 | if config.should_fail: 132 | if r == 0: 133 | sys.exit(1) 134 | print('test passed (expecting failure)') 135 | else: 136 | if r != 0: 137 | sys.exit(1) 138 | print('test passed') 139 | break 140 | finally: 141 | for p in [p1, p2, p5]: 142 | try: 143 | os.kill(p.pid, signal.SIGINT) 144 | os.waitpid(p.pid, 0) 145 | except OSError: 146 | pass 147 | -------------------------------------------------------------------------------- /doc/ss-redir.asciidoc: -------------------------------------------------------------------------------- 1 | ss-redir(1) 2 | =========== 3 | 4 | NAME 5 | ---- 6 | ss-redir - shadowsocks client as transparent proxy, libev port 7 | 8 | SYNOPSIS 9 | -------- 10 | *ss-redir* 11 | [-uUv6] [-h|--help] 12 | [-s ] [-p ] [-l ] 13 | [-k ] [-m ] [-f ] 14 | [-t ] [-c ] [-b ] 15 | [-a ] [-n ] [--mtu ] [--no-delay] 16 | [--plugin ] [--plugin-opts ] 17 | [--password ] [--key ] 18 | 19 | DESCRIPTION 20 | ----------- 21 | *Shadowsocks-libev* is a lightweight and secure socks5 proxy. 22 | It is a port of the original shadowsocks created by clowwindy. 23 | *Shadowsocks-libev* is written in pure C and takes advantage of libev to 24 | achieve both high performance and low resource consumption. 25 | 26 | *Shadowsocks-libev* consists of five components. 27 | `ss-redir`(1) works as a transparent proxy on local machines to proxy TCP 28 | traffic and requires netfilter's NAT module. 29 | For more information, check out `shadowsocks-libev`(8) and the following 30 | 'EXAMPLE' section. 31 | 32 | OPTIONS 33 | ------- 34 | -s :: 35 | Set the server's hostname or IP. 36 | 37 | -p :: 38 | Set the server's port number. 39 | 40 | -l :: 41 | Set the local port number. 42 | 43 | -k :: 44 | --password :: 45 | Set the password. The server and the client should use the same password. 46 | 47 | --key :: 48 | Set the key directly. The key should be encoded with URL-safe Base64. 49 | 50 | -m :: 51 | Set the cipher. 52 | + 53 | *Shadowsocks-libev* accepts 18 different ciphers: 54 | + 55 | aes-128-gcm, aes-192-gcm, aes-256-gcm, 56 | rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, 57 | aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb, 58 | camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, 59 | chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf. 60 | + 61 | The default cipher is 'chacha20-ietf-poly1305'. 62 | + 63 | If built with PolarSSL or custom OpenSSL libraries, some of 64 | these ciphers may not work. 65 | 66 | -a :: 67 | Run as a specific user. 68 | 69 | -f :: 70 | Start shadowsocks as a daemon with specific pid file. 71 | 72 | -t :: 73 | Set the socket timeout in seconds. The default value is 60. 74 | 75 | -c :: 76 | Use a configuration file. 77 | + 78 | Refer to `shadowsocks-libev`(8) 'CONFIG FILE' section for more details. 79 | 80 | -n :: 81 | Specify max number of open files. 82 | + 83 | Only available on Linux. 84 | 85 | -b :: 86 | Specify local address to bind. 87 | 88 | -u:: 89 | Enable UDP relay. 90 | + 91 | TPROXY is required in redir mode. You may need root permission. 92 | 93 | -U:: 94 | Enable UDP relay and disable TCP relay. 95 | 96 | -6:: 97 | Resovle hostname to IPv6 address first. 98 | 99 | --mtu :: 100 | Specify the MTU of your network interface. 101 | 102 | --mptcp:: 103 | Enable Multipath TCP. 104 | + 105 | Only available with MPTCP enabled Linux kernel. 106 | 107 | --reuse-port:: 108 | Enable port reuse. 109 | + 110 | Only available with Linux kernel > 3.9.0. 111 | 112 | --no-delay:: 113 | Enable TCP_NODELAY. 114 | 115 | --plugin :: 116 | Enable SIP003 plugin. (Experimental) 117 | 118 | --plugin-opts :: 119 | Set SIP003 plugin options. (Experimental) 120 | 121 | -v:: 122 | Enable verbose mode. 123 | 124 | -h|--help:: 125 | Print help message. 126 | 127 | EXAMPLE 128 | ------- 129 | ss-redir requires netfilter's NAT function. Here is an example: 130 | 131 | .... 132 | # Create new chain 133 | iptables -t nat -N SHADOWSOCKS 134 | iptables -t mangle -N SHADOWSOCKS 135 | 136 | # Ignore your shadowsocks server's addresses 137 | # It's very IMPORTANT, just be careful. 138 | iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN 139 | 140 | # Ignore LANs and any other addresses you'd like to bypass the proxy 141 | # See Wikipedia and RFC5735 for full list of reserved networks. 142 | # See ashi009/bestroutetb for a highly optimized CHN route list. 143 | iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN 144 | iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN 145 | iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN 146 | iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN 147 | iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN 148 | iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN 149 | iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN 150 | iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN 151 | 152 | # Anything else should be redirected to shadowsocks's local port 153 | iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345 154 | 155 | # Add any UDP rules 156 | ip route add local default dev lo table 100 157 | ip rule add fwmark 1 lookup 100 158 | iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01 159 | 160 | # Apply the rules 161 | iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS 162 | iptables -t mangle -A PREROUTING -j SHADOWSOCKS 163 | 164 | # Start the shadowsocks-redir 165 | ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid 166 | .... 167 | 168 | SEE ALSO 169 | -------- 170 | `ss-local`(1), 171 | `ss-server`(1), 172 | `ss-tunnel`(1), 173 | `ss-manager`(1), 174 | `shadowsocks-libev`(8), 175 | `iptables`(8), 176 | /etc/shadowsocks-libev/config.json 177 | --------------------------------------------------------------------------------