├── .copr
└── Makefile
├── .dockerignore
├── .github
├── FUNDING.yml
├── dependabot.yml
├── issue_template.md
└── workflows
│ └── build.yml
├── .gitignore
├── .gitmodules
├── .travis.yml
├── .uncrustify.cfg
├── AUTHORS
├── CMakeLists.txt
├── COPYING
├── Changes
├── INSTALL
├── LICENSE
├── Makefile.am
├── README.md
├── README_pt_BR.md
├── acl
├── chn.acl
├── gfwlist.acl
├── local.acl
├── server_block_chn.acl
└── server_block_local.acl
├── autogen.sh
├── build
└── .gitkeep
├── cmake
├── config.h.cmake
├── configure.cmake
└── shadowsocks-libev.pc.cmake
├── completions
├── bash
│ ├── ss-local
│ ├── ss-manager
│ ├── ss-redir
│ ├── ss-server
│ └── ss-tunnel
└── zsh
│ ├── _ss-local
│ ├── _ss-manager
│ ├── _ss-redir
│ ├── _ss-server
│ └── _ss-tunnel
├── configure.ac
├── debian
├── .gitignore
├── README.Debian
├── changelog
├── compat
├── config.json
├── control
├── copyright
├── copyright.original
├── libshadowsocks-libev-dev.install
├── libshadowsocks-libev2.install
├── rules
├── shadowsocks-libev-local@.service
├── shadowsocks-libev-redir@.service
├── shadowsocks-libev-server@.service
├── shadowsocks-libev-tunnel@.service
├── shadowsocks-libev.NEWS
├── shadowsocks-libev.default
├── shadowsocks-libev.doc-base
├── shadowsocks-libev.docs
├── shadowsocks-libev.init
├── shadowsocks-libev.install
├── shadowsocks-libev.lintian-overrides
├── shadowsocks-libev.postinst
├── shadowsocks-libev.postrm
├── shadowsocks-libev.service
├── source
│ └── format
├── tests
│ └── control
├── upstream
│ └── metadata
└── watch
├── doc
├── CMakeLists.txt
├── Makefile.am
├── asciidoc.conf
├── manpage-base.xsl
├── manpage-bold-literal.xsl
├── manpage-normal.xsl
├── shadowsocks-libev.asciidoc
├── ss-local.asciidoc
├── ss-manager.asciidoc
├── ss-nat.asciidoc
├── ss-redir.asciidoc
├── ss-server.asciidoc
└── ss-tunnel.asciidoc
├── docker
├── alpine
│ ├── Dockerfile
│ ├── README.md
│ ├── docker-compose.yml
│ └── entrypoint.sh
├── build
│ ├── builder.Dockerfile
│ └── dockerbuild.sh
└── mingw
│ ├── Dockerfile
│ ├── Makefile
│ ├── apt.sh
│ ├── build.sh
│ ├── deps.sh
│ ├── make.bat
│ └── prepare.sh
├── m4
├── ax_pthread.m4
├── ax_tls.m4
├── cares.m4
├── inet_ntop.m4
├── mbedtls.m4
├── pcre.m4
├── sodium.m4
└── stack-protector.m4
├── rpm
├── SOURCES
│ ├── etc
│ │ └── init.d
│ │ │ └── shadowsocks-libev
│ └── systemd
│ │ ├── shadowsocks-libev-local.service
│ │ ├── shadowsocks-libev-local@.service
│ │ ├── shadowsocks-libev-redir@.service
│ │ ├── shadowsocks-libev-server@.service
│ │ ├── shadowsocks-libev-tunnel@.service
│ │ ├── shadowsocks-libev.default
│ │ └── shadowsocks-libev.service
├── SPECS
│ └── shadowsocks-libev.spec.in
└── genrpm.sh
├── scripts
├── build_deb.sh
├── chroot_build.sh
├── code-format.bat
├── code-format.sh
├── git_archive.sh
├── git_version.sh
└── iperf.sh
├── shadowsocks-libev.pc.in
├── snap
└── snapcraft.yaml
├── src
├── CMakeLists.txt
├── Makefile.am
├── acl.c
├── acl.h
├── aead.c
├── aead.h
├── android.c
├── base64.c
├── base64.h
├── cache.c
├── cache.h
├── common.h
├── crypto.c
├── crypto.h
├── jconf.c
├── jconf.h
├── json.c
├── json.h
├── local.c
├── local.h
├── manager.c
├── manager.h
├── netutils.c
├── netutils.h
├── plugin.c
├── plugin.h
├── ppbloom.c
├── ppbloom.h
├── redir.c
├── redir.h
├── resolv.c
├── resolv.h
├── rule.c
├── rule.h
├── server.c
├── server.h
├── shadowsocks.h
├── socks5.h
├── ss-nat
├── stream.c
├── stream.h
├── tunnel.c
├── tunnel.h
├── udprelay.c
├── udprelay.h
├── uthash.h
├── utils.c
├── utils.h
├── winsock.c
└── winsock.h
└── tests
├── aes-ctr.json
├── aes-gcm.json
├── aes.json
├── chacha20-ietf-poly1305.json
├── chacha20-ietf.json
├── chacha20.json
├── rc4-md5.json
├── salsa20.json
├── test.py
└── test.sh
/.copr/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: deps srpm
2 | .DEFAULT_GOAL := srpm
3 |
4 | DOT_COPR := $(dir $(firstword $(MAKEFILE_LIST)))
5 | TOP_DIR := $(realpath $(DOT_COPR)/../)
6 |
7 | RPM_DIR := $(TOP_DIR)/rpm
8 | outdir ?= $(RPM_DIR)/SRPMS
9 |
10 | HAS_GIT := $(shell command -v git 2> /dev/null)
11 | ifndef HAS_GIT
12 | deps:
13 | dnf -y install git
14 | else
15 | deps:
16 | endif
17 |
18 | srpm: deps
19 | git config --global --add safe.directory $(TOP_DIR)
20 | git config --global --add safe.directory $(TOP_DIR)/libbloom
21 | git config --global --add safe.directory $(TOP_DIR)/libcork
22 | git config --global --add safe.directory $(TOP_DIR)/libipset
23 | $(RPM_DIR)/genrpm.sh -o $(outdir)
24 |
--------------------------------------------------------------------------------
/.dockerignore:
--------------------------------------------------------------------------------
1 | # General
2 | .dockerignore
3 | .git
4 | .gitmodules
5 | .gitignore
6 | .github
7 | AUTHORS
8 | Changes
9 | COPYING
10 | INSTALL
11 | LICENSE
12 | README.md
13 |
14 | # Code formatting
15 | .uncrustify.cfg
16 | code-format.bat
17 | code-format.sh
18 |
19 | # CI & CD
20 | .travis.yml
21 | tests
22 |
23 | # OS-specific packaging, etc.
24 | debian
25 | scripts/build_deb.sh
26 | rpm
27 | completions
28 |
--------------------------------------------------------------------------------
/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | custom: ['https://crowdfunding.lfx.linuxfoundation.org/projects/shadowsocks']
2 |
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 | updates:
3 | - package-ecosystem: "github-actions"
4 | directory: "/"
5 | schedule:
6 | interval: "daily"
--------------------------------------------------------------------------------
/.github/issue_template.md:
--------------------------------------------------------------------------------
1 | Please answer these questions before submitting your issue. Thanks!
2 |
3 | (Please mention that if the issue you filed is solved, you may wish to close it by yourself. Thanks again.)
4 |
5 | (PS, you can remove 3 lines above, including this one, before post your issue.)
6 |
7 | ### What version of shadowsocks-libev are you using?
8 |
9 |
10 | ### What operating system are you using?
11 |
12 |
13 | ### What did you do?
14 |
15 |
16 | ### What did you expect to see?
17 |
18 |
19 | ### What did you see instead?
20 |
21 |
22 | ### What is your config in detail (with all sensitive info masked)?
23 |
--------------------------------------------------------------------------------
/.github/workflows/build.yml:
--------------------------------------------------------------------------------
1 | name: build
2 |
3 | on:
4 | push:
5 | push:
6 | branches:
7 | - master
8 | tags:
9 | - v*
10 | - latest
11 |
12 | jobs:
13 | build:
14 | runs-on: ubuntu-latest
15 | steps:
16 | - uses: actions/checkout@v2.3.4
17 | with:
18 | submodules: true
19 |
20 | - uses: docker/setup-qemu-action@v1.1.0
21 | - uses: docker/setup-buildx-action@v1.3.0
22 | - uses: docker/login-action@v1.9.0
23 | with:
24 | password: ${{ secrets.DOCKER_PASSWORD }}
25 | username: ${{ secrets.DOCKER_USERNAME }}
26 |
27 | - name: check and set image version
28 | id: prepare
29 | run: |
30 | case ${{ github.ref }} in
31 | refs/heads/master)
32 | echo ::set-output name=version::edge
33 | echo ::set-output name=push::true
34 | ;;
35 | refs/tags/*)
36 | echo ::set-output name=version::$(echo ${{ github.ref }} | sed -E 's|refs/tags/||')
37 | echo ::set-output name=push::true
38 | ;;
39 | *)
40 | echo ::set-output name=version::${{ github.sha }}
41 | echo ::set-output name=push::false
42 | ;;
43 | esac;
44 |
45 | - name: build & push image
46 | uses: docker/build-push-action@v2.4.0
47 | with:
48 | context: .
49 | file: docker/alpine/Dockerfile
50 | platforms: linux/amd64,linux/arm64
51 | push: ${{ steps.prepare.outputs.push }}
52 | tags: ${{ github.repository }}:${{ steps.prepare.outputs.version }}
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Ignore files generated by autoconf
2 | /Makefile.in
3 | /aclocal.m4
4 | /auto/
5 | /config.h.in
6 | /configure
7 | /doc/Makefile.in
8 | /m4/libtool.m4
9 | /m4/ltoptions.m4
10 | /m4/ltsugar.m4
11 | /m4/ltversion.m4
12 | /m4/lt~obsolete.m4
13 | /src/Makefile.in
14 | /src/config.h
15 |
16 | # Ignore files generated by configure
17 | build/
18 | .deps/
19 | /Makefile
20 | src/Makefile
21 | libev/Makefile
22 | libudns/Makefile
23 | libcork/Makefile
24 | libipset/Makefile
25 | doc/Makefile
26 | autom4te.cache/
27 | /config.h
28 | config.log
29 | config.status
30 | libtool
31 | pid
32 | src/ss-*
33 | !src/ss-nat
34 | stamp-h1
35 | .libs
36 | .pc
37 | debian/shadowsocks-libev/
38 | debian/patches/
39 | debian/files
40 | debian/shadowsocks-libev.substvars
41 | debian/*.debhelper*
42 | .dirstamp
43 | shadowsocks-libev.pc
44 | debian/libshadowsocks-libev*.symbols
45 | libsodium/src/libsodium/include/sodium/version.h
46 | rpm/SPECS/shadowsocks-libev.spec
47 | rpm/SRPMS/
48 | rpm/RPMS/
49 | rpm/BUILD/
50 | rpm/BUILDROOT/
51 | *.rpm
52 | *.deb
53 |
54 | # Ignore per-project vim config
55 | .vimrc
56 |
57 | # Ignore garbage of OS X
58 | *.DS_Store
59 |
60 | # Ignore vim cache
61 | *.swp
62 |
63 | # Documentation files
64 | doc/*.1
65 | doc/*.8
66 | doc/*.gz
67 | doc/*.xml
68 | doc/*.html
69 |
70 | # Do not edit the following section
71 | # Edit Compile Debug Document Distribute
72 | *~
73 | *.bak
74 | *.bin
75 | *.dll
76 | *.exe
77 | *-ISO*.bdf
78 | *-JIS*.bdf
79 | *-KOI8*.bdf
80 | *.kld
81 | *.ko
82 | *.ko.cmd
83 | *.lai
84 | *.l[oa]
85 | *.[oa]
86 | *.obj
87 | *.patch
88 | *.so
89 | *.pcf.gz
90 | *.pdb
91 | *.tar
92 | *.tar.bz2
93 | *.tar.gz
94 | *.tgz
95 | *.snap
96 | #
97 |
98 | # Visual Studio Code
99 | .vscode/*
100 | .devcontainer/*
101 |
--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "libcork"]
2 | path = libcork
3 | url = https://github.com/shadowsocks/libcork.git
4 | ignore = dirty
5 | [submodule "libipset"]
6 | path = libipset
7 | url = https://github.com/shadowsocks/ipset.git
8 | ignore = dirty
9 | [submodule "libbloom"]
10 | path = libbloom
11 | url = https://github.com/shadowsocks/libbloom.git
12 | ignore = dirty
13 |
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | sudo: required
2 | language: c
3 | dist : trusty
4 | compiler:
5 | - clang
6 | - gcc
7 | os:
8 | - linux
9 | - osx
10 | env:
11 | global:
12 | - LIBSODIUM_VER=1.0.12
13 | - MBEDTLS_VER=2.4.0
14 | before_install:
15 | - |
16 | if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then
17 | # All dependencies for macOS build. Some packages has been installed by travis so use reinstall.
18 | brew reinstall autoconf automake xmlto c-ares libev mbedtls libsodium asciidoc >> /dev/null 2>&1;
19 | else
20 | wget https://github.com/jedisct1/libsodium/releases/download/$LIBSODIUM_VER/libsodium-$LIBSODIUM_VER.tar.gz;
21 | tar xvf libsodium-$LIBSODIUM_VER.tar.gz;
22 | pushd libsodium-$LIBSODIUM_VER;
23 | ./configure --prefix=/usr && make;
24 | sudo make install;
25 | popd;
26 | wget https://tls.mbed.org/download/mbedtls-$MBEDTLS_VER-gpl.tgz;
27 | tar xvf mbedtls-$MBEDTLS_VER-gpl.tgz;
28 | pushd mbedtls-$MBEDTLS_VER;
29 | make SHARED=1;
30 | sudo make install;
31 | popd;
32 | # Load cached docker images
33 | if [[ -d $HOME/docker ]]; then
34 | ls $HOME/docker/*.tar.gz | xargs -I {file} sh -c "zcat {file} | docker load";
35 | fi
36 | fi
37 | addons:
38 | apt:
39 | sources:
40 | - george-edison55-precise-backports # cmake 3.2.3 / doxygen 1.8.3
41 | packages:
42 | - libc-ares-dev
43 | - libev-dev
44 | - asciidoc
45 | - xmlto
46 | script:
47 | - ./autogen.sh
48 | - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then
49 | ./configure --disable-documentation --with-mbedtls=/usr/local/opt/mbedtls --with-sodium=/usr/local/opt/libsodium;
50 | else
51 | ./configure;
52 | fi
53 | - make
54 | - cd build && cmake ../ && make
55 | branches:
56 | only:
57 | - master
58 | notifications:
59 | recipients:
60 | - max.c.lv@gmail.com
61 | email:
62 | on_success: change
63 | on_failure: always
64 |
--------------------------------------------------------------------------------
/AUTHORS:
--------------------------------------------------------------------------------
1 | Shadowsocks-libev was originally created in late 2013, by
2 | Clowwindy <clowwindy@gmail.com>, then rewritten and maintained by
3 | Max Lv <max.c.lv@gmail.com>.
4 |
5 | Here is an inevitably incomplete list of MUCH-APPRECIATED CONTRIBUTORS --
6 | people who have submitted patches, fixed bugs, added translations, and
7 | generally made shadowsocks-libev that much better:
8 |
9 | https://github.com/shadowsocks/shadowsocks-libev/graphs/contributors
10 |
--------------------------------------------------------------------------------
/COPYING:
--------------------------------------------------------------------------------
1 | This program is free software: you can redistribute it and/or modify
2 | it under the terms of the GNU General Public License as published by
3 | the Free Software Foundation, either version 3 of the License, or
4 | (at your option) any later version.
5 |
6 | This program is distributed in the hope that it will be useful,
7 | but WITHOUT ANY WARRANTY; without even the implied warranty of
8 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9 | GNU General Public License for more details.
10 |
11 | You should have received a copy of the GNU General Public License
12 | along with this program. If not, see <http://www.gnu.org/licenses/>.
13 |
--------------------------------------------------------------------------------
/Makefile.am:
--------------------------------------------------------------------------------
1 | if USE_SYSTEM_SHARED_LIB
2 | SUBDIRS = src
3 | else
4 | SUBDIRS = libcork libipset libbloom src
5 | endif
6 |
7 | if ENABLE_DOCUMENTATION
8 | SUBDIRS += doc
9 | endif
10 |
11 | ACLOCAL_AMFLAGS = -I m4
12 |
13 | pkgconfiglibdir = $(libdir)/pkgconfig
14 | pkgconfiglib_DATA = shadowsocks-libev.pc
15 |
16 | EXTRA_DIST = acl Changes completions debian docker rpm scripts README.md
17 | EXTRA_DIST += libbloom
18 | EXTRA_DIST += libcork/include libipset/include
19 | EXTRA_DIST += libipset/src/libipset/map/inspection-template.c.in
20 | EXTRA_DIST += libipset/src/libipset/set/inspection-template.c.in
21 |
--------------------------------------------------------------------------------
/acl/local.acl:
--------------------------------------------------------------------------------
1 | [reject_all]
2 |
3 | [white_list]
4 | 0.0.0.0/8
5 | 10.0.0.0/8
6 | 100.64.0.0/10
7 | 127.0.0.0/8
8 | 169.254.0.0/16
9 | 172.16.0.0/12
10 | 192.0.0.0/24
11 | 192.0.2.0/24
12 | 192.88.99.0/24
13 | 192.168.0.0/16
14 | 198.18.0.0/15
15 | 198.51.100.0/24
16 | 203.0.113.0/24
17 | 224.0.0.0/4
18 | 240.0.0.0/4
19 | 255.255.255.255/32
20 | ::1/128
21 | fc00::/7
22 | fe80::/10
23 |
--------------------------------------------------------------------------------
/acl/server_block_local.acl:
--------------------------------------------------------------------------------
1 | # All IPs listed here will be blocked while the ss-server try to outbound.
2 | # Only IP is allowed, *NOT* domain name.
3 | #
4 |
5 | [outbound_block_list]
6 | 0.0.0.0/8
7 | 10.0.0.0/8
8 | 100.64.0.0/10
9 | 127.0.0.0/8
10 | 169.254.0.0/16
11 | 172.16.0.0/12
12 | 192.0.0.0/24
13 | 192.0.2.0/24
14 | 192.88.99.0/24
15 | 192.168.0.0/16
16 | 198.18.0.0/15
17 | 198.51.100.0/24
18 | 203.0.113.0/24
19 | 224.0.0.0/4
20 | 240.0.0.0/4
21 | 255.255.255.255/32
22 | ::1/128
23 | ::ffff:127.0.0.1/104
24 | fc00::/7
25 | fe80::/10
26 |
--------------------------------------------------------------------------------
/autogen.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | autoreconf --install --force
4 |
--------------------------------------------------------------------------------
/build/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shadowsocks/shadowsocks-libev/9afa3cacf947f910be46b69fc5a7a1fdd02fd5e6/build/.gitkeep
--------------------------------------------------------------------------------
/cmake/shadowsocks-libev.pc.cmake:
--------------------------------------------------------------------------------
1 | prefix=@prefix@
2 | exec_prefix=${prefix}/@CMAKE_INSTALL_BINDIR@
3 | libdir=${exec_prefix}/@CMAKE_INSTALL_FULL_LIBDIR@
4 | includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
5 | sharedir=${prefix}/@CMAKE_INSTALL_DATAROOTDIR@
6 | mandir=${prefix}/@CMAKE_INSTALL_MANDIR@
7 |
8 | Name: @PROJECT_NAME@
9 | Description: @PROJECT_DESC@
10 | URL: @PROJECT_URL@
11 | Version: @PROJECT_VERSION@
12 | Requires:
13 | Cflags: -I${includedir}
14 | Libs: -L${libdir} -lshadowsocks-libev -lcrypto
15 |
--------------------------------------------------------------------------------
/completions/bash/ss-local:
--------------------------------------------------------------------------------
1 | _ss_local()
2 | {
3 | local cur prev opts ciphers
4 | opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -v -h --reuse-port --fast-open --acl --mtu --mptcp --no-delay --key --plugin --plugin-opts --help'
5 | ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
6 | cur=${COMP_WORDS[COMP_CWORD]}
7 | prev="${COMP_WORDS[COMP_CWORD-1]}"
8 | case "$prev" in
9 | -f|-c|--acl)
10 | _filedir || COMPREPLY=( $(compgen -o plusdirs -f ${cur}) )
11 | ;;
12 | -s|-b)
13 | _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) )
14 | ;;
15 | -m)
16 | COMPREPLY=( $(compgen -W "$ciphers" -- ${cur}) )
17 | ;;
18 | -a)
19 | _allowed_users || COMPREPLY=( $(compgen -u -- ${cur}) )
20 | ;;
21 | -p|-l|-k|-t|-n|--mtu|--key|--plugin|--plugin-opts)
22 | ;;
23 | -i)
24 | _available_interfaces -a || true
25 | ;;
26 | *)
27 | COMPREPLY+=( $(compgen -W "${opts}" -- ${cur}) )
28 | ;;
29 | esac
30 | return 0
31 | }
32 |
33 | complete -F _ss_local ss-local
34 |
--------------------------------------------------------------------------------
/completions/bash/ss-manager:
--------------------------------------------------------------------------------
1 | _ss_manager()
2 | {
3 | local cur prev opts ciphers
4 | opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -v -h --reuse-port --manager-address --executable --mtu --mptcp --plugin --plugin-opts --help'
5 | ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
6 | cur=${COMP_WORDS[COMP_CWORD]}
7 | prev="${COMP_WORDS[COMP_CWORD-1]}"
8 | case "$prev" in
9 | -f|-c|--executable)
10 | _filedir || COMPREPLY=( $(compgen -o plusdirs -f ${cur}) )
11 | ;;
12 | -s|-b)
13 | _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) )
14 | ;;
15 | -m)
16 | COMPREPLY=( $(compgen -W "$ciphers" -- ${cur}) )
17 | ;;
18 | -a)
19 | _allowed_users || COMPREPLY=( $(compgen -u -- ${cur}) )
20 | ;;
21 | -p|-l|-k|-t|-n|--mtu|--plugin|--plugin-opts)
22 | ;;
23 | -i)
24 | _available_interfaces -a || true
25 | ;;
26 | --manager-address)
27 | _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) )
28 | _filedir || COMPREPLY+=( $(compgen -o plusdirs -f ${cur}) )
29 | ;;
30 | *)
31 | COMPREPLY+=( $(compgen -W "${opts}" -- ${cur}) )
32 | ;;
33 | esac
34 | return 0
35 | }
36 |
37 | complete -F _ss_manager ss-manager
38 |
--------------------------------------------------------------------------------
/completions/bash/ss-redir:
--------------------------------------------------------------------------------
1 | _ss_redir()
2 | {
3 | local cur prev opts ciphers
4 | opts='-s -p -l -k -m -a -f -t -c -n -b -u -U -T -v -h --reuse-port --mtu --mptcp --key --plugin --plugin-opts --help'
5 | ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
6 | cur=${COMP_WORDS[COMP_CWORD]}
7 | prev="${COMP_WORDS[COMP_CWORD-1]}"
8 | case "$prev" in
9 | -f|-c)
10 | _filedir || COMPREPLY=( $(compgen -o plusdirs -f ${cur}) )
11 | ;;
12 | -s|-b)
13 | _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) )
14 | ;;
15 | -m)
16 | COMPREPLY=( $(compgen -W "$ciphers" -- ${cur}) )
17 | ;;
18 | -a)
19 | _allowed_users || COMPREPLY=( $(compgen -u -- ${cur}) )
20 | ;;
21 | -p|-l|-k|-t|-n|--mtu|--key|--plugin|--plugin-opts)
22 | ;;
23 | *)
24 | COMPREPLY+=( $(compgen -W "${opts}" -- ${cur}) )
25 | ;;
26 | esac
27 | return 0
28 | }
29 |
30 | complete -F _ss_redir ss-redir
31 |
--------------------------------------------------------------------------------
/completions/bash/ss-server:
--------------------------------------------------------------------------------
1 | _ss_server()
2 | {
3 | local cur prev opts ciphers
4 | opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -6 -d -v -h --reuse-port --fast-open --acl --manager-address --mtu --mptcp --no-delay --key --plugin --plugin-opts --help'
5 | ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
6 | COMPREPLY=()
7 | cur=${COMP_WORDS[COMP_CWORD]}
8 | prev="${COMP_WORDS[COMP_CWORD-1]}"
9 | case "$prev" in
10 | -f|-c|--acl)
11 | _filedir || COMPREPLY=( $(compgen -o plusdirs -f ${cur}) )
12 | ;;
13 | -s|-b)
14 | _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) )
15 | ;;
16 | -m)
17 | COMPREPLY=( $(compgen -W "$ciphers" -- ${cur}) )
18 | ;;
19 | -a)
20 | _allowed_users || COMPREPLY=( $(compgen -u -- ${cur}) )
21 | ;;
22 | -p|-l|-k|-t|-n|-d|--mtu|--key|--plugin|--plugin-opts)
23 | ;;
24 | --manager-address)
25 | _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) )
26 | _filedir || COMPREPLY+=( $(compgen -o plusdirs -f ${cur}) )
27 | ;;
28 | -i)
29 | _available_interfaces -a || true
30 | ;;
31 | *)
32 | COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
33 | ;;
34 | esac
35 | }
36 |
37 | complete -F _ss_server ss-server
38 |
--------------------------------------------------------------------------------
/completions/bash/ss-tunnel:
--------------------------------------------------------------------------------
1 | _ss_tunnel()
2 | {
3 | local cur prev opts ciphers
4 | opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -L -v -h --reuse-port --mtu --mptcp --key --plugin --plugin-opts --help'
5 | ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
6 | cur=${COMP_WORDS[COMP_CWORD]}
7 | prev="${COMP_WORDS[COMP_CWORD-1]}"
8 | compopt +o nospace
9 | case "$prev" in
10 | -f|-c)
11 | _filedir || COMPREPLY=( $(compgen -o plusdirs -f ${cur}) )
12 | ;;
13 | -s|-b)
14 | _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) )
15 | ;;
16 | -L)
17 | compopt -o nospace
18 | _known_hosts_real -c -- "${cur}" || OMPREPLY=( $(compgen -A hostname -S : -- ${cur}) )
19 | ;;
20 | -m)
21 | COMPREPLY=( $(compgen -W "$ciphers" -- ${cur}) )
22 | ;;
23 | -a)
24 | _allowed_users || COMPREPLY=( $(compgen -u -- ${cur}) )
25 | ;;
26 | -p|-l|-k|-t|-n|--mtu|--key|--plugin|--plugin-opts)
27 | ;;
28 | -i)
29 | _available_interfaces -a || true
30 | ;;
31 | *)
32 | COMPREPLY+=( $(compgen -W "${opts}" -- ${cur}) )
33 | ;;
34 | esac
35 | return 0
36 | }
37 |
38 | complete -F _ss_tunnel ss-tunnel
39 |
--------------------------------------------------------------------------------
/completions/zsh/_ss-local:
--------------------------------------------------------------------------------
1 | #compdef ss-local
2 |
3 | local ciphers
4 | ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
5 |
6 | _arguments "-h::" \
7 | "-s:server host:_hosts" \
8 | "-p:server port:" \
9 | "-l:local port:" \
10 | "-k:password:" \
11 | "-m:encrypt method:$ciphers" \
12 | "-a:run as user:_users" \
13 | "-f:pid file:_files" \
14 | "-t:timeout:" \
15 | "-c:configure file:_files" \
16 | "-n:max number of open files:" \
17 | "-i:bind interface:_net_interfaces" \
18 | "-b:local address:(127.0.0.1 \:\:1 0.0.0.0 \:\:)" \
19 | "-u:enable udp:" \
20 | "-U:udp only:" \
21 | "-v:verbose mode:" \
22 | "--reuse-port::" \
23 | "--fast-open::" \
24 | "--acl:acl file:_files" \
25 | "--mtu::" \
26 | "--mptcp::" \
27 | "--no-delay::" \
28 | "--key:key in base64:" \
29 | "--plugin:plugin name:" \
30 | "--plugin-opts:plugin options:" \
31 | "--help::"
32 |
33 |
--------------------------------------------------------------------------------
/completions/zsh/_ss-manager:
--------------------------------------------------------------------------------
1 | #compdef ss-manager
2 |
3 | local ciphers
4 | ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
5 |
6 | _arguments "-h::" \
7 | "-s:server host:_hosts" \
8 | "-p:server port:" \
9 | "-l:local port:" \
10 | "-k:password:" \
11 | "-m:encrypt method:$ciphers" \
12 | "-a:run as user:_users" \
13 | "-f:pid file:_files" \
14 | "-t:timeout:" \
15 | "-c:configure file:_files" \
16 | "-n:max number of open files:" \
17 | "-i:bind interface:_net_interfaces" \
18 | "-b:local address:(127.0.0.1 \:\:1 0.0.0.0 \:\:)" \
19 | "-u:enable udp:" \
20 | "-U:udp only:" \
21 | "-v:verbose mode:" \
22 | "--executable:path to ss-server:_files" \
23 | "--manager-address:manager address:" \
24 | "--reuse-port::" \
25 | "--acl:acl file:_files" \
26 | "--mtu::" \
27 | "--key:key in base64:" \
28 | "--plugin:plugin name:" \
29 | "--plugin-opts:plugin options:" \
30 | "--help::"
31 |
32 |
--------------------------------------------------------------------------------
/completions/zsh/_ss-redir:
--------------------------------------------------------------------------------
1 | #compdef ss-redir
2 |
3 | local ciphers
4 | ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
5 |
6 | _arguments "-h::" \
7 | "-s:server host:_hosts" \
8 | "-p:server port:" \
9 | "-l:local port:" \
10 | "-k:password:" \
11 | "-m:encrypt method:$ciphers" \
12 | "-a:run as user:_users" \
13 | "-f:pid file:_files" \
14 | "-t:timeout:" \
15 | "-c:configure file:_files" \
16 | "-n:nofile:" \
17 | "-b:local address:(127.0.0.1 \:\:1 0.0.0.0 \:\:)" \
18 | "-u:enable udp:" \
19 | "-U:udp only:" \
20 | "-v:verbose mode:" \
21 | "-T:tcp tproxy mode:" \
22 | "--reuse-port::" \
23 | "--fast-open::" \
24 | "--acl:acl file:_files" \
25 | "--mtu::" \
26 | "--mptcp::" \
27 | "--no-delay::" \
28 | "--key:key in base64:" \
29 | "--plugin:plugin name:" \
30 | "--plugin-opts:plugin options:" \
31 | "--help::"
32 |
33 |
--------------------------------------------------------------------------------
/completions/zsh/_ss-server:
--------------------------------------------------------------------------------
1 | #compdef ss-server
2 |
3 | local ciphers
4 | ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
5 |
6 | _arguments "-h::" \
7 | "-s:server host:_hosts" \
8 | "-p:server port:" \
9 | "-l:local port:" \
10 | "-k:password:" \
11 | "-m:encrypt method:$ciphers" \
12 | "-a:run as user:_users" \
13 | "-f:pid file:_files" \
14 | "-t:timeout:" \
15 | "-c:configure file:_files" \
16 | "-n:max number of open files:" \
17 | "-i:bind interface:_net_interfaces" \
18 | "-b:local address:(127.0.0.1 \:\:1 0.0.0.0 \:\:)" \
19 | "-u:enable udp:" \
20 | "-U:udp only:" \
21 | "-v:verbose mode:" \
22 | "-6:ipv6 first:" \
23 | "-d:nameserver for internal dns:" \
24 | "--manager-address:manager address:" \
25 | "--reuse-port::" \
26 | "--fast-open::" \
27 | "--acl:acl file:_files" \
28 | "--mtu::" \
29 | "--mptcp::" \
30 | "--no-delay::" \
31 | "--key:key in base64:" \
32 | "--plugin:plugin name:" \
33 | "--plugin-opts:plugin options:" \
34 | "--help::"
35 |
36 |
--------------------------------------------------------------------------------
/completions/zsh/_ss-tunnel:
--------------------------------------------------------------------------------
1 | #compdef ss-tunnel
2 |
3 | local ciphers
4 | ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
5 |
6 | _arguments "-h::" \
7 | "-s:server host:_hosts" \
8 | "-p:server port:" \
9 | "-l:local port:" \
10 | "-k:password:" \
11 | "-m:encrypt method:$ciphers" \
12 | "-a:run as user:_users" \
13 | "-f:pid file:_files" \
14 | "-t:timeout:" \
15 | "-c:configure file:_files" \
16 | "-n:nofile:" \
17 | "-i:bind interface:_net_interfaces" \
18 | "-b:local address:(127.0.0.1 \:\:1 0.0.0.0 \:\:)" \
19 | "-u:enable udp:" \
20 | "-U:udp only:" \
21 | "-v:verbose mode:" \
22 | "-L:destination server address and port:" \
23 | "--reuse-port::" \
24 | "--acl:acl file:_files" \
25 | "--mtu::" \
26 | "--key:key in base64:" \
27 | "--plugin:plugin name:" \
28 | "--plugin-opts:plugin options:" \
29 | "--help::"
30 |
31 |
--------------------------------------------------------------------------------
/debian/.gitignore:
--------------------------------------------------------------------------------
1 | *.substvars
2 | debhelper-build-stamp
3 | libshadowsocks-libev*/
4 | libshadowsocks-libev-dev/
5 | tmp/
6 |
--------------------------------------------------------------------------------
/debian/README.Debian:
--------------------------------------------------------------------------------
1 | shadowsocks-libev for Debian
2 | ----------------------------
3 |
4 | The Debian package has added systemd support. A default server service which
5 | reads the default configuration in /etc/default/shadowsocks-libev is installed
6 | and enabled by default, plus some other service templates placed in
7 | /lib/systemd/system, which can be used by users later.
8 |
9 | The systemd service templates accept one parameter to determine the
10 | configuration json file that is used by this instance. For example,
11 | if the user starts a service called "shadowsocks-libev-local@foobar.service",
12 | This service instance will start the "ss-local" client and read
13 | /etc/shadowsocks-libev/foobar.json as its configuration file.
14 |
15 | -- Boyuan Yang <byang@debian.org> Thu, 08 Sep 2016 19:01:20 +0800
16 |
--------------------------------------------------------------------------------
/debian/compat:
--------------------------------------------------------------------------------
1 | 10
2 |
--------------------------------------------------------------------------------
/debian/config.json:
--------------------------------------------------------------------------------
1 | {
2 | "server":["::1", "127.0.0.1"],
3 | "mode":"tcp_and_udp",
4 | "server_port":8388,
5 | "local_port":1080,
6 | "password":"barfoo!",
7 | "timeout":86400,
8 | "method":"chacha20-ietf-poly1305"
9 | }
10 |
--------------------------------------------------------------------------------
/debian/control:
--------------------------------------------------------------------------------
1 | Source: shadowsocks-libev
2 | Section: net
3 | Priority: optional
4 | Maintainer: Debian Bridges Team <team+bridges@tracker.debian.org>
5 | Uploaders:
6 | Max Lv <max.c.lv@gmail.com>,
7 | Boyuan Yang <byang@debian.org>,
8 | Roger Shimizu <rosh@debian.org>
9 | Build-Depends:
10 | asciidoc-base | asciidoc,
11 | debhelper (>= 10),
12 | libc-ares-dev,
13 | libev-dev,
14 | libmbedtls-dev,
15 | libpcre3-dev,
16 | libsodium-dev (>= 1.0.12),
17 | pkg-config,
18 | xmlto
19 | Standards-Version: 4.1.1
20 | Rules-Requires-Root: no
21 | Homepage: https://www.shadowsocks.org
22 | Vcs-Git: https://github.com/shadowsocks/shadowsocks-libev.git
23 | Vcs-Browser: https://github.com/shadowsocks/shadowsocks-libev
24 |
25 | Package: shadowsocks-libev
26 | Replaces: shadowsocks (<< 1.5.3-2)
27 | Breaks: shadowsocks (<< 1.5.3-2)
28 | Architecture: any
29 | Pre-Depends: ${misc:Pre-Depends}
30 | Depends:
31 | libcap2-bin [linux-any],
32 | lsb-base (>= 3.0-6),
33 | ${misc:Depends},
34 | ${shlibs:Depends}
35 | Suggests:
36 | haveged,
37 | kcptun,
38 | simple-obfs
39 | Description: lightweight and secure socks5 proxy
40 | Shadowsocks-libev is a lightweight and secure socks5 proxy for
41 | embedded devices and low end boxes.
42 | .
43 | Shadowsocks-libev was inspired by Shadowsocks (in Python). It's rewritten
44 | in pure C and only depends on libev, mbedTLS and a few other tiny
45 | libraries.
46 |
47 | Package: libshadowsocks-libev-dev
48 | Architecture: any
49 | Multi-Arch: same
50 | Section: libdevel
51 | Breaks: shadowsocks-libev (<< 2.4.0)
52 | Depends:
53 | libshadowsocks-libev2 (= ${binary:Version}),
54 | ${misc:Depends}
55 | Description: lightweight and secure socks5 proxy (development files)
56 | Shadowsocks-libev is a lightweight and secure socks5 proxy for
57 | embedded devices and low end boxes.
58 | .
59 | Shadowsocks-libev was inspired by Shadowsocks (in Python). It's rewritten
60 | in pure C and only depends on libev, mbedTLS and a few other tiny
61 | libraries.
62 | .
63 | This package provides C header files for the libraries.
64 |
65 | Package: libshadowsocks-libev2
66 | Architecture: any
67 | Multi-Arch: same
68 | Section: libs
69 | Replaces: libshadowsocks-libev1
70 | Breaks:
71 | libshadowsocks-libev1,
72 | shadowsocks-libev (<< 2.4.0)
73 | Pre-Depends: ${misc:Pre-Depends}
74 | Depends:
75 | ${misc:Depends},
76 | ${shlibs:Depends}
77 | Description: lightweight and secure socks5 proxy (shared library)
78 | Shadowsocks-libev is a lightweight and secure socks5 proxy for
79 | embedded devices and low end boxes.
80 | .
81 | Shadowsocks-libev was inspired by Shadowsocks (in Python). It's rewritten
82 | in pure C and only depends on libev, mbedTLS and a few other tiny
83 | libraries.
84 | .
85 | This package provides shared libraries.
86 |
--------------------------------------------------------------------------------
/debian/copyright.original:
--------------------------------------------------------------------------------
1 | This work was packaged for Debian by:
2 |
3 | Max Lv <max.c.lv@gmail.com> on Sat, 06 Apr 2013 16:59:15 +0800
4 |
5 | It was downloaded from:
6 |
7 | https://github.com/madeye/shadowsocks-libev
8 |
9 | Upstream Author(s):
10 |
11 | clowwindy <clowwindy42@gmail.com>
12 |
13 | Copyright:
14 |
15 | Copyright (C) 2013 Max Lv
16 |
17 | License:
18 |
19 | GPLv3
20 |
21 | The Debian packaging is:
22 |
23 | Copyright (C) 2013 Max Lv <max.c.lv@gmail.com>
24 |
--------------------------------------------------------------------------------
/debian/libshadowsocks-libev-dev.install:
--------------------------------------------------------------------------------
1 | usr/include/
2 | usr/lib/*/libshadowsocks-libev.so
3 | usr/lib/*/pkgconfig/
4 |
--------------------------------------------------------------------------------
/debian/libshadowsocks-libev2.install:
--------------------------------------------------------------------------------
1 | usr/lib/*/libshadowsocks-libev.so.*
2 |
--------------------------------------------------------------------------------
/debian/rules:
--------------------------------------------------------------------------------
1 | #!/usr/bin/make -f
2 | # See debhelper(7) (uncomment to enable)
3 | # output every command that modifies files on the build system.
4 | #export DH_VERBOSE = 1
5 |
6 | # Security Hardening
7 | export DEB_BUILD_MAINT_OPTIONS = hardening=+all
8 |
9 | override_dh_auto_install:
10 | find src/ -name '*.la' -delete
11 | dh_auto_install
12 |
13 | override_dh_auto_configure:
14 | # Whether to have stack-protector is decided by dpkg-buildflags.
15 | # So --disable-ssp here should be safe. See Bug#829498
16 | dh_auto_configure -- \
17 | --enable-shared \
18 | --disable-ssp
19 |
20 | override_dh_installchangelogs:
21 | dh_installchangelogs -XChanges
22 |
23 | %:
24 | dh $@
25 |
--------------------------------------------------------------------------------
/debian/shadowsocks-libev-local@.service:
--------------------------------------------------------------------------------
1 | # This file is part of shadowsocks-libev.
2 | #
3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify
4 | # it under the terms of the GNU General Public License as published by
5 | # the Free Software Foundation; either version 3 of the License, or
6 | # (at your option) any later version.
7 | #
8 | # This is a template unit file. Users may copy and rename the file into
9 | # config directories to make new service instances. See systemd.unit(5)
10 | # for details.
11 |
12 | [Unit]
13 | Description=Shadowsocks-Libev Custom Client Service for %I
14 | Documentation=man:ss-local(1)
15 | After=network-online.target
16 |
17 | [Service]
18 | Type=simple
19 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE
20 | AmbientCapabilities=CAP_NET_BIND_SERVICE
21 | DynamicUser=true
22 | ExecStart=/usr/bin/ss-local -c /etc/shadowsocks-libev/%i.json
23 |
24 | [Install]
25 | WantedBy=multi-user.target
26 |
--------------------------------------------------------------------------------
/debian/shadowsocks-libev-redir@.service:
--------------------------------------------------------------------------------
1 | # This file is part of shadowsocks-libev.
2 | #
3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify
4 | # it under the terms of the GNU General Public License as published by
5 | # the Free Software Foundation; either version 3 of the License, or
6 | # (at your option) any later version.
7 | #
8 | # This is a template unit file. Users may copy and rename the file into
9 | # config directories to make new service instances. See systemd.unit(5)
10 | # for details.
11 |
12 | [Unit]
13 | Description=Shadowsocks-Libev Custom Client Service Redir Mode for %I
14 | Documentation=man:ss-redir(1)
15 | After=network-online.target
16 |
17 | [Service]
18 | Type=simple
19 | CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
20 | AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
21 | DynamicUser=true
22 | ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks-libev/%i.json
23 |
24 | [Install]
25 | WantedBy=multi-user.target
26 |
--------------------------------------------------------------------------------
/debian/shadowsocks-libev-server@.service:
--------------------------------------------------------------------------------
1 | # This file is part of shadowsocks-libev.
2 | #
3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify
4 | # it under the terms of the GNU General Public License as published by
5 | # the Free Software Foundation; either version 3 of the License, or
6 | # (at your option) any later version.
7 | #
8 | # This is a template unit file. Users may copy and rename the file into
9 | # config directories to make new service instances. See systemd.unit(5)
10 | # for details.
11 |
12 | [Unit]
13 | Description=Shadowsocks-Libev Custom Server Service for %I
14 | Documentation=man:ss-server(1)
15 | After=network-online.target
16 |
17 | [Service]
18 | Type=simple
19 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE
20 | AmbientCapabilities=CAP_NET_BIND_SERVICE
21 | DynamicUser=true
22 | ExecStart=/usr/bin/ss-server -c /etc/shadowsocks-libev/%i.json
23 |
24 | [Install]
25 | WantedBy=multi-user.target
26 |
--------------------------------------------------------------------------------
/debian/shadowsocks-libev-tunnel@.service:
--------------------------------------------------------------------------------
1 | # This file is part of shadowsocks-libev.
2 | #
3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify
4 | # it under the terms of the GNU General Public License as published by
5 | # the Free Software Foundation; either version 3 of the License, or
6 | # (at your option) any later version.
7 | #
8 | # This is a template unit file. Users may copy and rename the file into
9 | # config directories to make new service instances. See systemd.unit(5)
10 | # for details.
11 |
12 | [Unit]
13 | Description=Shadowsocks-Libev Custom Client Service Tunnel Mode for %I
14 | Documentation=man:ss-tunnel(1)
15 | After=network-online.target
16 |
17 | [Service]
18 | Type=simple
19 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE
20 | AmbientCapabilities=CAP_NET_BIND_SERVICE
21 | DynamicUser=true
22 | ExecStart=/usr/bin/ss-tunnel -c /etc/shadowsocks-libev/%i.json
23 |
24 | [Install]
25 | WantedBy=multi-user.target
26 |
--------------------------------------------------------------------------------
/debian/shadowsocks-libev.NEWS:
--------------------------------------------------------------------------------
1 | shadowsocks-libev (3.2.0+ds-5) unstable; urgency=medium
2 |
3 | There is a mode setting to choose whether to enable both TCP and
4 | UDP, or only one of them. This setting was set to "tcp_and_udp" in
5 | /etc/default/shadowsocks-libev, /etc/init.d/shadowsocks-libev
6 | (for init system only), and maybe also in config.json added by user,
7 | which is quite confusing.
8 |
9 | So we moved this setting to config.json. Since we won't update
10 | config.json on package upgrade, please add the following to your
11 | /etc/shadowsocks-libev/config.json.
12 |
13 | "mode":"tcp_and_udp",
14 |
15 | Otherwise you setting will be TCP only.
16 | For more about TCP/UDP mode, please refer the ticket upstream:
17 |
18 | - https://github.com/shadowsocks/shadowsocks-libev/issues/1870
19 |
20 | -- Roger Shimizu <rosh@debian.org> Sun, 07 Oct 2018 00:48:07 +0900
21 |
--------------------------------------------------------------------------------
/debian/shadowsocks-libev.default:
--------------------------------------------------------------------------------
1 | # Defaults for shadowsocks initscript
2 | # sourced by /etc/init.d/shadowsocks-libev
3 | # installed at /etc/default/shadowsocks-libev by the maintainer scripts
4 |
5 | #
6 | # This is a POSIX shell fragment
7 | #
8 | # Note: `START', `GROUP' and `MAXFD' options are not recognized by systemd.
9 | # Please change those settings in the corresponding systemd unit file.
10 |
11 | # Enable during startup?
12 | START=yes
13 |
14 | # Configuration file
15 | CONFFILE="/etc/shadowsocks-libev/config.json"
16 |
17 | # Extra command line arguments
18 | DAEMON_ARGS=
19 |
20 | # User and group to run the server as
21 | USER=nobody
22 | GROUP=nogroup
23 |
24 | # Number of maximum file descriptors
25 | MAXFD=32768
26 |
--------------------------------------------------------------------------------
/debian/shadowsocks-libev.doc-base:
--------------------------------------------------------------------------------
1 | Document: shadowsocks-libev
2 | Title: shadowsocks-libev documentation
3 | Author: Max Lv <max.c.lv@gmail.com>
4 | Abstract: This is the documentation of shadowsocks-libev
5 | Section: Network/Communication
6 |
7 | Format: HTML
8 | Index: /usr/share/doc/shadowsocks-libev/shadowsocks-libev.html
9 | Files: /usr/share/doc/shadowsocks-libev/*.html
10 |
--------------------------------------------------------------------------------
/debian/shadowsocks-libev.docs:
--------------------------------------------------------------------------------
1 | AUTHORS
2 | README.md
3 | debian/copyright.original
4 | scripts
5 | doc/*.html
6 |
--------------------------------------------------------------------------------
/debian/shadowsocks-libev.init:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | ### BEGIN INIT INFO
3 | # Provides: shadowsocks-libev
4 | # Required-Start: $network $local_fs $remote_fs
5 | # Required-Stop: $remote_fs
6 | # Default-Start: 2 3 4 5
7 | # Default-Stop: 0 1 6
8 | # Short-Description: lightweight secured socks5 proxy
9 | # Description: Shadowsocks-libev is a lightweight secured
10 | # socks5 proxy for embedded devices and low end boxes.
11 | ### END INIT INFO
12 |
13 | # Author: Max Lv <max.c.lv@gmail.com>
14 |
15 | # PATH should only include /usr/ if it runs after the mountnfs.sh script
16 | PATH=/sbin:/usr/sbin:/bin:/usr/bin
17 | DESC=shadowsocks-libev # Introduce a short description here
18 | NAME=shadowsocks-libev # Introduce the short server's name here
19 | DAEMON=/usr/bin/ss-server # Introduce the server's location here
20 | DAEMON_ARGS="" # Arguments to run the daemon with
21 | PIDFILE=/var/run/$NAME/$NAME.pid
22 | SCRIPTNAME=/etc/init.d/$NAME
23 |
24 | # Exit if the package is not installed
25 | [ -x $DAEMON ] || exit 0
26 |
27 | # Read configuration variable file if it is present
28 | [ -r /etc/default/$NAME ] && . /etc/default/$NAME
29 |
30 | [ "$START" = "yes" ] || exit 0
31 |
32 | : ${USER:="nobody"}
33 | : ${GROUP:="nogroup"}
34 |
35 | # Load the VERBOSE setting and other rcS variables
36 | . /lib/init/vars.sh
37 |
38 | # Define LSB log_* functions.
39 | # Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
40 | . /lib/lsb/init-functions
41 |
42 | #
43 | # Function that starts the daemon/service
44 | #
45 | do_start()
46 | {
47 | # Modify the file descriptor limit
48 | ulimit -n ${MAXFD}
49 |
50 | # Take care of pidfile permissions
51 | mkdir /var/run/$NAME 2>/dev/null || true
52 | chown "$USER:$GROUP" /var/run/$NAME
53 |
54 | # Return
55 | # 0 if daemon has been started
56 | # 1 if daemon was already running
57 | # 2 if daemon could not be started
58 | start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid $USER:$GROUP --exec $DAEMON --test > /dev/null \
59 | || return 1
60 | start-stop-daemon --start --quiet --pidfile $PIDFILE --chuid $USER:$GROUP --exec $DAEMON -- \
61 | -c "$CONFFILE" -f $PIDFILE $DAEMON_ARGS \
62 | || return 2
63 | }
64 |
65 | #
66 | # Function that stops the daemon/service
67 | #
68 | do_stop()
69 | {
70 | # Return
71 | # 0 if daemon has been stopped
72 | # 1 if daemon was already stopped
73 | # 2 if daemon could not be stopped
74 | # other if a failure occurred
75 | start-stop-daemon --stop --quiet --retry=TERM/5 --pidfile $PIDFILE --exec $DAEMON
76 | RETVAL="$?"
77 | [ "$RETVAL" = 2 ] && return 2
78 | # Wait for children to finish too if this is a daemon that forks
79 | # and if the daemon is only ever run from this initscript.
80 | # If the above conditions are not satisfied then add some other code
81 | # that waits for the process to drop all resources that could be
82 | # needed by services started subsequently. A last resort is to
83 | # sleep for some time.
84 | start-stop-daemon --stop --quiet --oknodo --retry=KILL/5 --exec $DAEMON
85 | [ "$?" = 2 ] && return 2
86 | # Many daemons don't delete their pidfiles when they exit.
87 | rm -f $PIDFILE
88 | return "$RETVAL"
89 | }
90 |
91 |
92 | case "$1" in
93 | start)
94 | [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME"
95 | do_start
96 | case "$?" in
97 | 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
98 | 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
99 | esac
100 | ;;
101 | stop)
102 | [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
103 | do_stop
104 | case "$?" in
105 | 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
106 | 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
107 | esac
108 | ;;
109 | status)
110 | status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
111 | ;;
112 | restart|force-reload)
113 | log_daemon_msg "Restarting $DESC" "$NAME"
114 | do_stop
115 | case "$?" in
116 | 0|1)
117 | do_start
118 | case "$?" in
119 | 0) log_end_msg 0 ;;
120 | 1) log_end_msg 1 ;; # Old process is still running
121 | *) log_end_msg 1 ;; # Failed to start
122 | esac
123 | ;;
124 | *)
125 | # Failed to stop
126 | log_end_msg 1
127 | ;;
128 | esac
129 | ;;
130 | *)
131 | echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
132 | exit 3
133 | ;;
134 | esac
135 |
136 | :
137 |
--------------------------------------------------------------------------------
/debian/shadowsocks-libev.install:
--------------------------------------------------------------------------------
1 | completions/bash/* usr/share/bash-completion/completions/
2 | completions/zsh/* usr/share/zsh/vendor-completions/
3 | debian/config.json usr/share/shadowsocks-libev
4 | debian/shadowsocks-libev-*.service lib/systemd/system
5 | usr/bin/
6 | usr/share/man/
7 | usr/share/doc/shadowsocks-libev/
8 |
--------------------------------------------------------------------------------
/debian/shadowsocks-libev.lintian-overrides:
--------------------------------------------------------------------------------
1 | # False positive: systemd service templates cannot fallback to sysvinit script
2 | package-supports-alternative-init-but-no-init.d-script lib/systemd/system/shadowsocks-libev-local@.service
3 | package-supports-alternative-init-but-no-init.d-script lib/systemd/system/shadowsocks-libev-redir@.service
4 | package-supports-alternative-init-but-no-init.d-script lib/systemd/system/shadowsocks-libev-server@.service
5 | package-supports-alternative-init-but-no-init.d-script lib/systemd/system/shadowsocks-libev-tunnel@.service
6 |
--------------------------------------------------------------------------------
/debian/shadowsocks-libev.postinst:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | set -e
4 |
5 | # POSIX-compliant maint function recommend by devref
6 | # to check for the existence of a command
7 | # https://www.debian.org/doc/manuals/developers-reference/ch06.html#bpp-debian-maint-scripts
8 | pathfind() {
9 | OLDIFS="$IFS"
10 | IFS=:
11 | for p in $PATH; do
12 | if [ -x "$p/$*" ]; then
13 | IFS="$OLDIFS"
14 | return 0
15 | fi
16 | done
17 | IFS="$OLDIFS"
18 | return 1
19 | }
20 |
21 | case "$1" in
22 | configure|reconfigure)
23 | if pathfind setcap; then
24 | if ! setcap \
25 | cap_net_bind_service+ep /usr/bin/ss-local \
26 | cap_net_bind_service,cap_net_admin+ep /usr/bin/ss-redir \
27 | cap_net_bind_service+ep /usr/bin/ss-server \
28 | cap_net_bind_service+ep /usr/bin/ss-tunnel; then
29 | echo "Failed to set capabilities; ss-* will only be runnable by root."
30 | fi
31 | else
32 | echo "setcap not installed; ss-* will only be runnable by root."
33 | fi
34 | if [ ! -f /etc/shadowsocks-libev/config.json ]; then
35 | set +e
36 | passwd=$(perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..12)')
37 | set -e
38 | mkdir -p /etc/shadowsocks-libev
39 | sed "s/barfoo!/$passwd/" /usr/share/shadowsocks-libev/config.json \
40 | > /etc/shadowsocks-libev/config.json
41 | fi
42 | ;;
43 | abort-upgrade|abort-remove|abort-deconfigure)
44 | exit 0
45 | ;;
46 | *)
47 | echo "postinst called with unknown argument \`$1'" >&2
48 | exit 0
49 | ;;
50 | esac
51 |
52 | #DEBHELPER#
53 |
54 | exit 0
55 |
--------------------------------------------------------------------------------
/debian/shadowsocks-libev.postrm:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | set -e
4 |
5 | case "$1" in
6 | purge)
7 | rm -f /etc/shadowsocks-libev/config.json
8 | if test ! -e /etc/shadowsocks-libev ; then
9 | # If the config directory does not exist, do nothing
10 | :
11 | else
12 | if test -d /etc/shadowsocks-libev ; then
13 | # If it is an empty directory, remove it
14 | rmdir /etc/shadowsocks-libev || true
15 | fi
16 | fi
17 | ;;
18 | remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
19 | exit 0
20 | ;;
21 | *)
22 | echo "postrm called with unknown argument \`$1'" >&2
23 | exit 0
24 | ;;
25 | esac
26 |
27 | #DEBHELPER#
28 |
29 | exit 0
30 |
--------------------------------------------------------------------------------
/debian/shadowsocks-libev.service:
--------------------------------------------------------------------------------
1 | # This file is part of shadowsocks-libev.
2 | #
3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify
4 | # it under the terms of the GNU General Public License as published by
5 | # the Free Software Foundation; either version 3 of the License, or
6 | # (at your option) any later version.
7 | #
8 | # This file is default for Debian packaging. See also
9 | # /etc/default/shadowsocks-libev for environment variables.
10 |
11 | [Unit]
12 | Description=Shadowsocks-libev Default Server Service
13 | Documentation=man:shadowsocks-libev(8)
14 | After=network-online.target
15 | Wants=network-online.target
16 |
17 | [Service]
18 | Type=simple
19 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE
20 | AmbientCapabilities=CAP_NET_BIND_SERVICE
21 | DynamicUser=true
22 | EnvironmentFile=/etc/default/shadowsocks-libev
23 | LimitNOFILE=32768
24 | ExecStart=/usr/bin/ss-server -c $CONFFILE $DAEMON_ARGS
25 |
26 | [Install]
27 | WantedBy=multi-user.target
28 |
--------------------------------------------------------------------------------
/debian/source/format:
--------------------------------------------------------------------------------
1 | 3.0 (quilt)
2 |
--------------------------------------------------------------------------------
/debian/tests/control:
--------------------------------------------------------------------------------
1 | Test-Command: bash tests/test.sh
2 | Depends: @, python3, curl, dnsutils
3 | Restrictions: allow-stderr
4 |
--------------------------------------------------------------------------------
/debian/upstream/metadata:
--------------------------------------------------------------------------------
1 | Name: shadowsocks-libev
2 | Homepage: https://shadowsocks.org
3 | Repository: https://github.com/shadowsocks/shadowsocks-libev.git
4 | Repository-Browse: https://github.com/shadowsocks/shadowsocks-libev
5 | Bug-Database: https://github.com/shadowsocks/shadowsocks-libev/issues
6 | Contact: Max Lv <max.c.lv@gmail.com>
7 |
--------------------------------------------------------------------------------
/debian/watch:
--------------------------------------------------------------------------------
1 | version=4
2 |
3 | opts="repack,compression=xz, \
4 | dversionmangle=s/\+ds\d*$//,repacksuffix=+ds, \
5 | filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%shadowsocks-libev_$1.orig.tar.gz%" \
6 | https://github.com/shadowsocks/shadowsocks-libev/tags \
7 | (?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
8 |
--------------------------------------------------------------------------------
/doc/CMakeLists.txt:
--------------------------------------------------------------------------------
1 | find_program(XMLTO_EXECUTABLE NAMES xmlto)
2 | find_program(ASCIIDOC_EXECUTABLE NAMES asciidoc asciidoc.py)
3 |
4 | # Opt-in doc build option
5 | if (NOT XMLTO_EXECUTABLE OR NOT ASCIIDOC_EXECUTABLE)
6 | option(WITH_DOC_MAN "Build manpage doc" OFF)
7 | else ()
8 | option(WITH_DOC_MAN "Build manpage doc" ON)
9 | endif ()
10 |
11 | if (NOT ASCIIDOC_EXECUTABLE)
12 | option(WITH_DOC_HTML "Build html doc" OFF)
13 | else ()
14 | option(WITH_DOC_HTML "Build html doc" ON)
15 | endif ()
16 |
17 | # NOTE For brew user, we have to setup this env var. see `brew info asciidoc'
18 | set(XMLTO_ENV)
19 | set(XMLTO_CATALOG_DIR_MACOS /usr/local/etc/xml/catalog)
20 | if (EXISTS ${XMLTO_CATALOG_DIR_MACOS})
21 | set(XMLTO_ENV XML_CATALOG_FILES=${XMLTO_CATALOG_DIR_MACOS})
22 | message(STATUS "Detect xmlto catalog dir ${XMLTO_CATALOG_DIR_MACOS}")
23 | endif ()
24 |
25 | set(CMAKE_MANPAGE_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/man)
26 | set(CMAKE_HTML_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/html)
27 |
28 | set(DOC_DIR ${PROJECT_SOURCE_DIR}/doc)
29 | set(XMLTO_OPTS -m ${DOC_DIR}/manpage-normal.xsl -m ${DOC_DIR}/manpage-bold-literal.xsl man)
30 | set(ASCIIDOC_XML_OPTS -b docbook -d manpage -f ${DOC_DIR}/asciidoc.conf -aversion=${PROJECT_VERSION})
31 | set(ASCIIDOC_HTML_OPTS -b html4 -d article -f ${DOC_DIR}/asciidoc.conf -aversion=${PROJECT_VERSION})
32 |
33 |
34 | set(MAN_NAMES ss-local.1 ss-manager.1 ss-nat.1 ss-redir.1 ss-server.1 ss-tunnel.1 shadowsocks-libev.8)
35 | set(MAN_FILES)
36 | set(HTML_FILES)
37 |
38 | foreach (manfile IN LISTS MAN_NAMES)
39 | string(REGEX REPLACE \\.. .xml xmlfile ${manfile})
40 | string(REGEX REPLACE \\.. .asciidoc docfile ${manfile})
41 | string(REGEX REPLACE \\.. .html htmlfile ${manfile})
42 |
43 | set(manfile ${CMAKE_MANPAGE_OUTPUT_DIRECTORY}/${manfile})
44 | set(htmlfile ${CMAKE_HTML_OUTPUT_DIRECTORY}/${htmlfile})
45 | set(docfile ${DOC_DIR}/${docfile})
46 |
47 | add_custom_command(OUTPUT ${manfile}
48 | COMMAND ${ASCIIDOC_EXECUTABLE} ${ASCIIDOC_XML_OPTS} -o ${xmlfile} ${docfile}
49 | COMMAND ${CMAKE_COMMAND} -E env ${XMLTO_ENV} ${XMLTO_EXECUTABLE} ${XMLTO_OPTS} ${xmlfile}
50 | # After we built the manpage, the xmlfile is nolongger needed
51 | COMMAND ${CMAKE_COMMAND} -E remove ${xmlfile}
52 | DEPENDS ${docfile}
53 | WORKING_DIRECTORY ${PROJECT_BINARY_DIR}/man
54 | COMMENT "Building manpage ${manfile}"
55 | VERBATIM)
56 | list(APPEND MAN_FILES ${manfile})
57 |
58 | add_custom_command(OUTPUT ${htmlfile}
59 | COMMAND ${ASCIIDOC_EXECUTABLE} ${ASCIIDOC_HTML_OPTS} -o ${htmlfile} ${docfile}
60 | DEPENDS ${docfile}
61 | WORKING_DIRECTORY ${PROJECT_BINARY_DIR}/html
62 | COMMENT "Building htmlfile ${htmlfile}"
63 | VERBATIM)
64 | list(APPEND HTML_FILES ${htmlfile})
65 | endforeach ()
66 |
67 | add_custom_target(doc-man ALL DEPENDS ${MAN_FILES})
68 | add_custom_target(doc-html ALL DEPENDS ${HTML_FILES})
69 |
70 |
71 | if (NOT WITH_DOC_MAN)
72 | set_target_properties(doc-man PROPERTIES EXCLUDE_FROM_ALL TRUE)
73 | else ()
74 | install(DIRECTORY ${PROJECT_BINARY_DIR}/man/
75 | DESTINATION share/man/man1
76 | FILES_MATCHING PATTERN "*.1"
77 | )
78 | install(DIRECTORY ${PROJECT_BINARY_DIR}/man/
79 | DESTINATION share/man/man8
80 | FILES_MATCHING PATTERN "*.8"
81 | )
82 | endif ()
83 | if (NOT WITH_DOC_HTML)
84 | set_target_properties(doc-html PROPERTIES EXCLUDE_FROM_ALL TRUE)
85 | else ()
86 | install(DIRECTORY ${PROJECT_BINARY_DIR}/html/
87 | DESTINATION share/doc/${PROJECT_NAME})
88 | endif ()
89 |
90 | # This is required for custom command
91 | file(MAKE_DIRECTORY ${PROJECT_BINARY_DIR}/man)
92 | file(MAKE_DIRECTORY ${PROJECT_BINARY_DIR}/html)
93 |
--------------------------------------------------------------------------------
/doc/Makefile.am:
--------------------------------------------------------------------------------
1 | ASCIIDOC = @ASCIIDOC@
2 | ASCIIDOC_EXTRA =
3 | MANPAGE_XSL = $(srcdir)/manpage-normal.xsl
4 | XMLTO = @XMLTO@
5 | XMLTO_EXTRA = -m $(srcdir)/manpage-bold-literal.xsl
6 | GZIPCMD = @GZIP@
7 | INSTALL = @INSTALL@
8 | RM = @RM@
9 | MV = @MV@
10 | SED = @SED@
11 | VERSION = `$(SED) -n 's/.*PACKAGE_VERSION "\(.*\)"/\1/p'\
12 | ../config.h`
13 |
14 | # Guard against environment variables
15 | MAN1_DOC =
16 | MAN1_DOC += ss-local.1
17 | MAN1_DOC += ss-manager.1
18 | MAN1_DOC += ss-nat.1
19 | MAN1_DOC += ss-redir.1
20 | MAN1_DOC += ss-server.1
21 | MAN1_DOC += ss-tunnel.1
22 |
23 | MAN8_DOC =
24 | MAN8_DOC += shadowsocks-libev.8
25 |
26 | MAN8_XML = $(MAN8_DOC:%.8=%.xml)
27 | MAN1_XML = $(MAN1_DOC:%.1=%.xml)
28 | MAN_XML = $(MAN8_XML) $(MAN1_XML)
29 |
30 | MAN8_HTML = $(MAN8_DOC:%.8=%.html)
31 | MAN1_HTML = $(MAN1_DOC:%.1=%.html)
32 | MAN_HTML = $(MAN8_HTML) $(MAN1_HTML)
33 |
34 | MAN8_TXT = $(MAN8_DOC:%.8=%.asciidoc)
35 | MAN1_TXT = $(MAN1_DOC:%.1=%.asciidoc)
36 | MAN_TXT = $(MAN8_TXT) $(MAN1_TXT)
37 |
38 | man_MANS = $(MAN8_DOC) $(MAN1_DOC)
39 |
40 | html-local: $(MAN_HTML)
41 |
42 | %.1: %.xml
43 | $(AM_V_GEN)$(XMLTO) -m $(MANPAGE_XSL) $(XMLTO_EXTRA) man lt;
44 |
45 | %.8: %.xml
46 | $(AM_V_GEN)$(XMLTO) -m $(MANPAGE_XSL) $(XMLTO_EXTRA) man lt;
47 |
48 | %.xml: %.asciidoc
49 | $(AM_V_GEN)$(ASCIIDOC) -b docbook -d manpage -f $(srcdir)/asciidoc.conf \
50 | -aversion=$(VERSION) $(ASCIIDOC_EXTRA) -o $@ lt;
51 |
52 | %.html: %.asciidoc
53 | $(AM_V_GEN)$(ASCIIDOC) -b html4 -d article -f $(srcdir)/asciidoc.conf \
54 | -aversion=$(VERSION) $(ASCIIDOC_EXTRA) -o $@ lt;
55 |
56 | doc_DATA = $(MAN_HTML)
57 |
58 | CLEANFILES = $(MAN_XML) $(man_MANS) $(MAN_HTML)
59 |
60 | EXTRA_DIST = *.asciidoc asciidoc.conf *.xsl
61 |
--------------------------------------------------------------------------------
/doc/asciidoc.conf:
--------------------------------------------------------------------------------
1 | [tags]
2 | bracket-emphasis={1?[{1}]}<emphasis><|></emphasis>
3 |
4 | [quotes]
5 | <|>=#bracket-emphasis
6 |
7 | [attributes]
8 | asterisk=*
9 | plus=+
10 | caret=^
11 | startsb=[
12 | endsb=]
13 | backslash=\
14 | tilde=~
15 | apostrophe='
16 | backtick=`
17 | litdd=--
18 |
19 | ifdef::doctype-manpage[]
20 | ifdef::backend-docbook[]
21 | [header]
22 | template::[header-declarations]
23 | <refentry>
24 | <refmeta>
25 | <refentrytitle>{mantitle}</refentrytitle>
26 | <manvolnum>{manvolnum}</manvolnum>
27 | <refmiscinfo class="source">Shadowsocks-libev</refmiscinfo>
28 | <refmiscinfo class="version">{version}</refmiscinfo>
29 | <refmiscinfo class="manual">Shadowsocks-libev Manual</refmiscinfo>
30 | </refmeta>
31 | <refnamediv>
32 | <refname>{manname}</refname>
33 | <refpurpose>{manpurpose}</refpurpose>
34 | </refnamediv>
35 | endif::backend-docbook[]
36 | endif::doctype-manpage[]
37 |
--------------------------------------------------------------------------------
/doc/manpage-base.xsl:
--------------------------------------------------------------------------------
1 | <!-- manpage-base.xsl:
2 | special formatting for manpages rendered from asciidoc+docbook -->
3 | <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
4 | version="1.0">
5 |
6 | <!-- these params silence some output from xmlto -->
7 | <xsl:param name="man.output.quietly" select="1"/>
8 | <xsl:param name="refentry.meta.get.quietly" select="1"/>
9 |
10 | <!-- convert asciidoc callouts to man page format;
11 | git.docbook.backslash and git.docbook.dot params
12 | must be supplied by another XSL file or other means -->
13 | <xsl:template match="co">
14 | <xsl:value-of select="concat(
15 | $git.docbook.backslash,'fB(',
16 | substring-after(@id,'-'),')',
17 | $git.docbook.backslash,'fR')"/>
18 | </xsl:template>
19 | <xsl:template match="calloutlist">
20 | <xsl:value-of select="$git.docbook.dot"/>
21 | <xsl:text>sp </xsl:text>
22 | <xsl:apply-templates/>
23 | <xsl:text> </xsl:text>
24 | </xsl:template>
25 | <xsl:template match="callout">
26 | <xsl:value-of select="concat(
27 | $git.docbook.backslash,'fB',
28 | substring-after(@arearefs,'-'),
29 | '. ',$git.docbook.backslash,'fR')"/>
30 | <xsl:apply-templates/>
31 | <xsl:value-of select="$git.docbook.dot"/>
32 | <xsl:text>br </xsl:text>
33 | </xsl:template>
34 |
35 | </xsl:stylesheet>
36 |
--------------------------------------------------------------------------------
/doc/manpage-bold-literal.xsl:
--------------------------------------------------------------------------------
1 | <!-- manpage-bold-literal.xsl:
2 | special formatting for manpages rendered from asciidoc+docbook -->
3 | <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
4 | version="1.0">
5 |
6 | <!-- render literal text as bold (instead of plain or monospace);
7 | this makes literal text easier to distinguish in manpages
8 | viewed on a tty -->
9 | <xsl:template match="literal">
10 | <xsl:value-of select="$git.docbook.backslash"/>
11 | <xsl:text>fB</xsl:text>
12 | <xsl:apply-templates/>
13 | <xsl:value-of select="$git.docbook.backslash"/>
14 | <xsl:text>fR</xsl:text>
15 | </xsl:template>
16 |
17 | </xsl:stylesheet>
18 |
--------------------------------------------------------------------------------
/doc/manpage-normal.xsl:
--------------------------------------------------------------------------------
1 | <!-- manpage-normal.xsl:
2 | special settings for manpages rendered from asciidoc+docbook
3 | handles anything we want to keep away from docbook-xsl 1.72.0 -->
4 | <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
5 | version="1.0">
6 |
7 | <xsl:import href="manpage-base.xsl"/>
8 |
9 | <!-- these are the normal values for the roff control characters -->
10 | <xsl:param name="git.docbook.backslash">\</xsl:param>
11 | <xsl:param name="git.docbook.dot" >.</xsl:param>
12 |
13 | </xsl:stylesheet>
14 |
--------------------------------------------------------------------------------
/doc/ss-local.asciidoc:
--------------------------------------------------------------------------------
1 | ss-local(1)
2 | ===========
3 |
4 | NAME
5 | ----
6 | ss-local - shadowsocks client as socks5 proxy, libev port
7 |
8 | SYNOPSIS
9 | --------
10 | *ss-local*
11 | [-uv6] [-h|--help]
12 | [-s <server_host>] [-p <server_port>] [-l <local_port>]
13 | [-k <password>] [-m <encrypt_method>] [-f <pid_file>]
14 | [-t <timeout>] [-c <config_file>] [-i <interface>]
15 | [-a <user_name>] [-b <local_address>] [-n <nofile>]
16 | [--fast-open] [--reuse-port] [--acl <acl_config>]
17 | [--mtu <MTU>] [--no-delay]
18 | [--plugin <plugin_name>] [--plugin-opts <plugin_options>]
19 | [--password <password>] [--key <key_in_base64>]
20 |
21 | DESCRIPTION
22 | -----------
23 | *Shadowsocks-libev* is a lightweight and secure socks5 proxy.
24 | It is a port of the original shadowsocks created by clowwindy.
25 | *Shadowsocks-libev* is written in pure C and takes advantage of libev to
26 | achieve both high performance and low resource consumption.
27 |
28 | *Shadowsocks-libev* consists of five components. `ss-local`(1) works as a standard
29 | socks5 proxy on local machines to proxy TCP traffic.
30 | For more information, check out `shadowsocks-libev`(8).
31 |
32 | OPTIONS
33 | -------
34 |
35 | -s <server_host>::
36 | Set the server's hostname or IP.
37 |
38 | -p <server_port>::
39 | Set the server's port number.
40 |
41 | -l <local_port>::
42 | Set the local port number.
43 |
44 | -k <password>::
45 | --password <password>::
46 | Set the password. The server and the client should use the same password.
47 |
48 | --key <key_in_base64>::
49 | Set the key directly. The key should be encoded with URL-safe Base64.
50 |
51 | -m <encrypt_method>::
52 | Set the cipher.
53 | +
54 | *Shadowsocks-libev* accepts 19 different ciphers:
55 | +
56 | aes-128-gcm, aes-192-gcm, aes-256-gcm,
57 | rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
58 | aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
59 | camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
60 | chacha20-ietf-poly1305, xchacha20-ietf-poly1305,
61 | salsa20, chacha20 and chacha20-ietf.
62 | +
63 | The default cipher is 'chacha20-ietf-poly1305'.
64 | +
65 | If built with PolarSSL or custom OpenSSL libraries, some of
66 | these ciphers may not work.
67 |
68 | -a <user_name>::
69 | Run as a specific user.
70 |
71 | -f <pid_file>::
72 | Start shadowsocks as a daemon with specific pid file.
73 |
74 | -t <timeout>::
75 | Set the socket timeout in seconds. The default value is 60.
76 |
77 | -c <config_file>::
78 | Use a configuration file.
79 | +
80 | Refer to `shadowsocks-libev`(8) 'CONFIG FILE' section for more details.
81 |
82 | -n <number>::
83 | Specify max number of open files.
84 | +
85 | Only available on Linux.
86 |
87 | -i <interface>::
88 | Send traffic through specific network interface.
89 | +
90 | For example, there are three interfaces in your device,
91 | which is lo (127.0.0.1), eth0 (192.168.0.1) and eth1 (192.168.0.2).
92 | Meanwhile, you configure `ss-local` to listen on 0.0.0.0:8388 and bind to eth1.
93 | That results the traffic go out through eth1, but not lo nor eth0.
94 | This option is useful to control traffic in multi-interface environment.
95 |
96 | -b <local_address>::
97 | Specify the local address to use while this client is making outbound
98 | connections to the server.
99 |
100 | -u::
101 | Enable UDP relay.
102 |
103 | -U::
104 | Enable UDP relay and disable TCP relay.
105 |
106 | -6::
107 | Resovle hostname to IPv6 address first.
108 |
109 | --fast-open::
110 | Enable TCP fast open.
111 | +
112 | Only available with Linux kernel > 3.7.0.
113 |
114 | --reuse-port::
115 | Enable port reuse.
116 | +
117 | Only available with Linux kernel > 3.9.0.
118 |
119 | --acl <acl_config>::
120 | Enable ACL (Access Control List) and specify config file.
121 |
122 | --mtu <MTU>::
123 | Specify the MTU of your network interface.
124 |
125 | --mptcp::
126 | Enable Multipath TCP.
127 | +
128 | Only available with MPTCP enabled Linux kernel.
129 |
130 | --no-delay::
131 | Enable TCP_NODELAY.
132 |
133 | --plugin <plugin_name>::
134 | Enable SIP003 plugin. (Experimental)
135 |
136 | --plugin-opts <plugin_options>::
137 | Set SIP003 plugin options. (Experimental)
138 |
139 | -v::
140 | Enable verbose mode.
141 |
142 | -h|--help::
143 | Print help message.
144 |
145 | EXAMPLE
146 | -------
147 | `ss-local`(1) can be started from command line and run in foreground.
148 | Here is an example:
149 | ....
150 | # Start ss-local with given parameters
151 | ss-local -s example.com -p 12345 -l 1080 -k foobar -m aes-256-cfb
152 | ....
153 |
154 | SEE ALSO
155 | --------
156 | `ss-server`(1),
157 | `ss-tunnel`(1),
158 | `ss-redir`(1),
159 | `ss-manager`(1),
160 | `shadowsocks-libev`(8),
161 | `iptables`(8),
162 | /etc/shadowsocks-libev/config.json
163 |
164 |
--------------------------------------------------------------------------------
/doc/ss-nat.asciidoc:
--------------------------------------------------------------------------------
1 | ss-nat(1)
2 | =========
3 |
4 | NAME
5 | ----
6 | ss-nat - helper script to setup NAT rules for transparent proxy
7 |
8 | SYNOPSIS
9 | --------
10 | *ss-nat*
11 | [-ouUfh]
12 | [-s <server_ip>] [-S <server_ip>] [-l <local_port>]
13 | [-L <local_port>] [-i <ip_list_file>] [-a <lan_ips>]
14 | [-b <wan_ips>] [-w <wan_ips>] [-e <extra_options>]
15 |
16 | DESCRIPTION
17 | -----------
18 | *Shadowsocks-libev* is a lightweight and secure socks5 proxy.
19 | It is a port of the original shadowsocks created by clowwindy.
20 | *Shadowsocks-libev* is written in pure C and takes advantage of libev to
21 | achieve both high performance and low resource consumption.
22 |
23 | `ss-nat`(1) sets up NAT rules for `ss-redir`(1) to provide traffic redirection.
24 | It requires netfilter's NAT module and `iptables`(8).
25 | For more information, check out `shadowsocks-libev`(8) and the following
26 | 'EXAMPLE' section.
27 |
28 | OPTIONS
29 | -------
30 | -s <server_ip>::
31 | IP address of shadowsocks remote server
32 |
33 | -l <local_port>::
34 | Port number of shadowsocks local server
35 |
36 | -S <server_ip>::
37 | IP address of shadowsocks remote UDP server
38 |
39 | -L <local_port>::
40 | Port number of shadowsocks local UDP server
41 |
42 | -i <ip_list_file>::
43 | a file whose content is bypassed ip list
44 |
45 | -a <lan_ips>::
46 | LAN IP of access control, need a prefix to define access control mode
47 |
48 | -b <wan_ips>::
49 | WAN IP of will be bypassed
50 |
51 | -w <wan_ips>::
52 | WAN IP of will be forwarded
53 |
54 | -e <extra_options>::
55 | Extra options for iptables
56 |
57 | -o::
58 | Apply the rules to the OUTPUT chain
59 |
60 | -u::
61 | Enable udprelay mode, TPROXY is required
62 |
63 | -U::
64 | Enable udprelay mode, using different IP and ports for TCP and UDP
65 |
66 | -f::
67 | Flush the rules
68 |
69 | -h::
70 | Show this help message and exit
71 |
72 | EXAMPLE
73 | -------
74 | `ss-nat` requires `iptables`(8). Here is an example:
75 |
76 | ....
77 | # Enable NAT rules for shadowsocks,
78 | # with both TCP and UDP redirection enabled,
79 | # and applied for both PREROUTING and OUTPUT chains
80 | root@Wrt:~# ss-nat -s 192.168.1.100 -l 1080 -u -o
81 |
82 | # Disable and flush all NAT rules for shadowsocks
83 | root@Wrt:~# ss-nat -f
84 | ....
85 |
86 | SEE ALSO
87 | --------
88 | `ss-local`(1),
89 | `ss-server`(1),
90 | `ss-tunnel`(1),
91 | `ss-manager`(1),
92 | `shadowsocks-libev`(8),
93 | `iptables`(8),
94 | /etc/shadowsocks-libev/config.json
95 |
96 |
--------------------------------------------------------------------------------
/doc/ss-redir.asciidoc:
--------------------------------------------------------------------------------
1 | ss-redir(1)
2 | ===========
3 |
4 | NAME
5 | ----
6 | ss-redir - shadowsocks client as transparent proxy, libev port
7 |
8 | SYNOPSIS
9 | --------
10 | *ss-redir*
11 | [-uUv6] [-h|--help]
12 | [-s <server_host>] [-p <server_port>] [-l <local_port>]
13 | [-k <password>] [-m <encrypt_method>] [-f <pid_file>]
14 | [-t <timeout>] [-c <config_file>] [-b <local_address>]
15 | [-a <user_name>] [-n <nofile>] [--mtu <MTU>] [--no-delay]
16 | [--plugin <plugin_name>] [--plugin-opts <plugin_options>]
17 | [--password <password>] [--key <key_in_base64>]
18 |
19 | DESCRIPTION
20 | -----------
21 | *Shadowsocks-libev* is a lightweight and secure socks5 proxy.
22 | It is a port of the original shadowsocks created by clowwindy.
23 | *Shadowsocks-libev* is written in pure C and takes advantage of libev to
24 | achieve both high performance and low resource consumption.
25 |
26 | *Shadowsocks-libev* consists of five components.
27 | `ss-redir`(1) works as a transparent proxy on local machines to proxy TCP
28 | traffic and requires netfilter's NAT module.
29 | For more information, check out `shadowsocks-libev`(8) and the following
30 | 'EXAMPLE' section.
31 |
32 | OPTIONS
33 | -------
34 | -s <server_host>::
35 | Set the server's hostname or IP.
36 |
37 | -p <server_port>::
38 | Set the server's port number.
39 |
40 | -l <local_port>::
41 | Set the local port number.
42 |
43 | -k <password>::
44 | --password <password>::
45 | Set the password. The server and the client should use the same password.
46 |
47 | --key <key_in_base64>::
48 | Set the key directly. The key should be encoded with URL-safe Base64.
49 |
50 | -m <encrypt_method>::
51 | Set the cipher.
52 | +
53 | *Shadowsocks-libev* accepts 19 different ciphers:
54 | +
55 | aes-128-gcm, aes-192-gcm, aes-256-gcm,
56 | rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
57 | aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
58 | camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
59 | chacha20-ietf-poly1305, xchacha20-ietf-poly1305,
60 | salsa20, chacha20 and chacha20-ietf.
61 | +
62 | The default cipher is 'chacha20-ietf-poly1305'.
63 | +
64 | If built with PolarSSL or custom OpenSSL libraries, some of
65 | these ciphers may not work.
66 |
67 | -a <user_name>::
68 | Run as a specific user.
69 |
70 | -f <pid_file>::
71 | Start shadowsocks as a daemon with specific pid file.
72 |
73 | -t <timeout>::
74 | Set the socket timeout in seconds. The default value is 60.
75 |
76 | -c <config_file>::
77 | Use a configuration file.
78 | +
79 | Refer to `shadowsocks-libev`(8) 'CONFIG FILE' section for more details.
80 |
81 | -n <number>::
82 | Specify max number of open files.
83 | +
84 | Only available on Linux.
85 |
86 | -b <local_address>::
87 | Specify the local address to use while this client is making outbound
88 | connections to the server.
89 |
90 | -u::
91 | Enable UDP relay.
92 | +
93 | TPROXY is required in redir mode. You may need root permission.
94 |
95 | -U::
96 | Enable UDP relay and disable TCP relay.
97 |
98 | -T::
99 | Use tproxy instead of redirect. (for tcp)
100 |
101 | -6::
102 | Resovle hostname to IPv6 address first.
103 |
104 | --mtu <MTU>::
105 | Specify the MTU of your network interface.
106 |
107 | --mptcp::
108 | Enable Multipath TCP.
109 | +
110 | Only available with MPTCP enabled Linux kernel.
111 |
112 | --reuse-port::
113 | Enable port reuse.
114 | +
115 | Only available with Linux kernel > 3.9.0.
116 |
117 | --no-delay::
118 | Enable TCP_NODELAY.
119 |
120 | --plugin <plugin_name>::
121 | Enable SIP003 plugin. (Experimental)
122 |
123 | --plugin-opts <plugin_options>::
124 | Set SIP003 plugin options. (Experimental)
125 |
126 | -v::
127 | Enable verbose mode.
128 |
129 | -h|--help::
130 | Print help message.
131 |
132 | EXAMPLE
133 | -------
134 | ss-redir requires netfilter's NAT function. Here is an example:
135 |
136 | ....
137 | # Create new chain
138 | iptables -t nat -N SHADOWSOCKS
139 | iptables -t mangle -N SHADOWSOCKS
140 |
141 | # Ignore your shadowsocks server's addresses
142 | # It's very IMPORTANT, just be careful.
143 | iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
144 |
145 | # Ignore LANs and any other addresses you'd like to bypass the proxy
146 | # See Wikipedia and RFC5735 for full list of reserved networks.
147 | # See ashi009/bestroutetb for a highly optimized CHN route list.
148 | iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
149 | iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
150 | iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
151 | iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
152 | iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
153 | iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
154 | iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
155 | iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
156 |
157 | # Anything else should be redirected to shadowsocks's local port
158 | iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
159 |
160 | # Add any UDP rules
161 | ip route add local default dev lo table 100
162 | ip rule add fwmark 1 lookup 100
163 | iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
164 |
165 | # Apply the rules
166 | iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
167 | iptables -t mangle -A PREROUTING -j SHADOWSOCKS
168 |
169 | # Start the shadowsocks-redir
170 | ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid
171 | ....
172 |
173 | SEE ALSO
174 | --------
175 | `ss-local`(1),
176 | `ss-server`(1),
177 | `ss-tunnel`(1),
178 | `ss-manager`(1),
179 | `shadowsocks-libev`(8),
180 | `iptables`(8),
181 | /etc/shadowsocks-libev/config.json
182 |
--------------------------------------------------------------------------------
/doc/ss-tunnel.asciidoc:
--------------------------------------------------------------------------------
1 | ss-tunnel(1)
2 | ============
3 |
4 | NAME
5 | ----
6 | ss-tunnel - shadowsocks tools for local port forwarding, libev port
7 |
8 | SYNOPSIS
9 | --------
10 | *ss-tunnel*
11 | [-uUv6] [-h|--help]
12 | [-s <server_host>] [-p <server_port>] [-l <local_port>]
13 | [-k <password>] [-m <encrypt_method>] [-f <pid_file>]
14 | [-t <timeout>] [-c <config_file>] [-i <interface>]
15 | [-b <local_address>] [-a <user_name>] [-n <nofile>]
16 | [-L addr:port] [--mtu <MTU>] [--mptcp] [--reuse-port] [--no-delay]
17 | [--plugin <plugin_name>] [--plugin-opts <plugin_options>]
18 | [--key <key_in_base64>]
19 |
20 | DESCRIPTION
21 | -----------
22 | *Shadowsocks-libev* is a lightweight and secure socks5 proxy.
23 | It is a port of the original shadowsocks created by clowwindy.
24 | *Shadowsocks-libev* is written in pure C and takes advantage of libev to
25 | achieve both high performance and low resource consumption.
26 |
27 | *Shadowsocks-libev* consists of five components.
28 | `ss-tunnel`(1) is a tool for local port forwarding.
29 | See 'OPTIONS' section for special option needed by `ss-tunnel`(1).
30 | For more information, check out `shadowsocks-libev`(8).
31 |
32 | OPTIONS
33 | -------
34 | -s <server_host>::
35 | Set the server's hostname or IP.
36 |
37 | -p <server_port>::
38 | Set the server's port number.
39 |
40 | -l <local_port>::
41 | Set the local port number.
42 |
43 | -k <password>::
44 | --password <password>::
45 | Set the password. The server and the client should use the same password.
46 |
47 | --key <key_in_base64>::
48 | Set the key directly. The key should be encoded with URL-safe Base64.
49 |
50 | -m <encrypt_method>::
51 | Set the cipher.
52 | +
53 | *Shadowsocks-libev* accepts 19 different ciphers:
54 | +
55 | aes-128-gcm, aes-192-gcm, aes-256-gcm,
56 | rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
57 | aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
58 | camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
59 | chacha20-ietf-poly1305, xchacha20-ietf-poly1305,
60 | salsa20, chacha20 and chacha20-ietf.
61 | +
62 | The default cipher is 'chacha20-ietf-poly1305'.
63 | +
64 | If built with PolarSSL or custom OpenSSL libraries, some of
65 | these ciphers may not work.
66 |
67 | -a <user_name>::
68 | Run as a specific user.
69 |
70 | -f <pid_file>::
71 | Start shadowsocks as a daemon with specific pid file.
72 |
73 | -t <timeout>::
74 | Set the socket timeout in seconds. The default value is 60.
75 |
76 | -c <config_file>::
77 | Use a configuration file.
78 | +
79 | Refer to `shadowsocks-libev`(8) 'CONFIG FILE' section for more details.
80 |
81 | -n <number>::
82 | Specify max number of open files.
83 | +
84 | Only available on Linux.
85 |
86 | -i <interface>::
87 | Send traffic through specific network interface.
88 | +
89 | For example, there are three interfaces in your device,
90 | which is lo (127.0.0.1), eth0 (192.168.0.1) and eth1 (192.168.0.2).
91 | Meanwhile, you configure `ss-tunnel` to listen on 0.0.0.0:8388 and bind to eth1.
92 | That results the traffic go out through eth1, but not lo nor eth0.
93 | This option is useful to control traffic in multi-interface environment.
94 |
95 | -b <local_address>::
96 | Specify the local address to use while this client is making outbound
97 | connections to the server.
98 |
99 | -u::
100 | Enable UDP relay.
101 |
102 | -U::
103 | Enable UDP relay and disable TCP relay.
104 |
105 | -6::
106 | Resovle hostname to IPv6 address first.
107 |
108 | -L <addr:port>::
109 | Specify destination server address and port for local port forwarding.
110 | +
111 | Only used and available in tunnel mode.
112 |
113 | --mtu <MTU>::
114 | Specify the MTU of your network interface.
115 |
116 | --mptcp::
117 | Enable Multipath TCP.
118 | +
119 | Only available with MPTCP enabled Linux kernel.
120 |
121 | --reuse-port::
122 | Enable port reuse.
123 | +
124 | Only available with Linux kernel > 3.9.0.
125 |
126 | --no-delay::
127 | Enable TCP_NODELAY.
128 |
129 | --plugin <plugin_name>::
130 | Enable SIP003 plugin. (Experimental)
131 |
132 | --plugin-opts <plugin_options>::
133 | Set SIP003 plugin options. (Experimental)
134 |
135 | -v::
136 | Enable verbose mode.
137 |
138 | -h|--help::
139 | Print help message.
140 |
141 | SEE ALSO
142 | --------
143 | `ss-local`(1),
144 | `ss-server`(1),
145 | `ss-redir`(1),
146 | `ss-manager`(1),
147 | `shadowsocks-libev`(8),
148 | `iptables`(8),
149 | /etc/shadowsocks-libev/config.json
150 |
--------------------------------------------------------------------------------
/docker/alpine/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM alpine:3.16
2 | LABEL maintainer="kev <noreply@datageek.info>, Sah <contact@leesah.name>, vndroid <waveworkshop@outlook.com>"
3 |
4 | ENV SERVER_ADDR=0.0.0.0
5 | ENV SERVER_PORT=8388
6 | ENV PASSWORD=
7 | ENV METHOD=aes-256-gcm
8 | ENV TIMEOUT=300
9 | ENV DNS_ADDRS="8.8.8.8,8.8.4.4"
10 | ENV TZ=UTC
11 | ENV ARGS=
12 |
13 | COPY . /tmp/repo
14 | RUN set -x \
15 | # Build environment setup
16 | && apk add --no-cache --virtual .build-deps \
17 | autoconf \
18 | automake \
19 | build-base \
20 | c-ares-dev \
21 | libcap \
22 | libev-dev \
23 | libtool \
24 | libsodium-dev \
25 | linux-headers \
26 | mbedtls-dev \
27 | pcre-dev \
28 | # Build & install
29 | && cd /tmp/repo \
30 | && ./autogen.sh \
31 | && ./configure --prefix=/usr/local --disable-documentation \
32 | && make -j$(getconf _NPROCESSORS_ONLN) \
33 | && make install \
34 | && cd /usr/local/bin \
35 | && ls /usr/local/bin/ss-* | xargs -n1 setcap cap_net_bind_service+ep \
36 | && strip $(ls /usr/local/bin | grep -Ev 'ss-nat') \
37 | && apk del .build-deps \
38 | # Runtime dependencies setup
39 | && apk add --no-cache \
40 | ca-certificates \
41 | rng-tools \
42 | tzdata \
43 | $(scanelf --needed --nobanner /usr/local/bin/ss-* \
44 | | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
45 | | sort -u) \
46 | && rm -rf /tmp/repo
47 |
48 | COPY ./docker/alpine/entrypoint.sh /usr/local/bin/docker-entrypoint.sh
49 | ENTRYPOINT ["docker-entrypoint.sh"]
50 |
51 | EXPOSE 8388
52 |
53 | STOPSIGNAL SIGINT
54 |
55 | CMD ["ss-server"]
56 |
--------------------------------------------------------------------------------
/docker/alpine/docker-compose.yml:
--------------------------------------------------------------------------------
1 | shadowsocks:
2 | image: shadowsocks/shadowsocks-libev
3 | ports:
4 | - "8388:8388/tcp"
5 | - "8388:8388/udp"
6 | environment:
7 | - METHOD=aes-256-gcm
8 | - PASSWORD=9MLSpPmNt
9 | restart: always
10 |
--------------------------------------------------------------------------------
/docker/alpine/entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # vim:sw=4:ts=4:et
3 |
4 | set -e
5 |
6 | if [ "$1" = "ss-server" ]; then
7 | COREVER=$(uname -r | grep -Eo '[0-9].[0-9]+' | sed -n '1,1p')
8 | CMV=$(echo $COREVER | awk -F '.' '{print $1}')
9 | CSV=$(echo $COREVER | awk -F '.' '{print $2}')
10 |
11 | if [[ -f "$PASSWORD_FILE" ]]; then
12 | PASSWORD=$(cat "$PASSWORD_FILE")
13 | fi
14 |
15 | if [[ -f "/var/run/secrets/$PASSWORD_SECRET" ]]; then
16 | PASSWORD=$(cat "/var/run/secrets/$PASSWORD_SECRET")
17 | fi
18 |
19 | if [[ ! -z "$DNS_ADDRS" ]]; then
20 | DNS="-d $DNS_ADDRS"
21 | fi
22 |
23 | if [ $(echo "$CMV >= 3" | bc) ]; then
24 | if [ $(echo "$CSV > 7" | bc) ]; then
25 | TFO='--fast-open'
26 | fi
27 | fi
28 | RT_ARGS="-s $SERVER_ADDR -p $SERVER_PORT -k ${PASSWORD:-$(hostname)} -m $METHOD -a nobody -t $TIMEOUT -u $DNS $TFO $ARGS"
29 | fi
30 |
31 | exec $@ $RT_ARGS
--------------------------------------------------------------------------------
/docker/build/builder.Dockerfile:
--------------------------------------------------------------------------------
1 | # Alpine with China mirror
2 | FROM alpine
3 | MAINTAINER wener <wenermail@gmail.com>
4 |
5 | # Better for cache and dev
6 | RUN apk add --no-cache --virtual .build-deps \
7 | alpine-sdk cmake \
8 | linux-headers libev-dev libsodium-dev mbedtls-static mbedtls-dev pcre-dev udns-dev
9 |
--------------------------------------------------------------------------------
/docker/build/dockerbuild.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | set -e
3 | set -o xtrace
4 |
5 | cmake -DBUILD_STATIC=OFF . && make && make install
--------------------------------------------------------------------------------
/docker/mingw/Dockerfile:
--------------------------------------------------------------------------------
1 | #
2 | # Dockerfile for building MinGW port
3 | #
4 | # This file is part of the shadowsocks-libev.
5 | #
6 | # shadowsocks-libev is free software; you can redistribute it and/or modify
7 | # it under the terms of the GNU General Public License as published by
8 | # the Free Software Foundation; either version 3 of the License, or
9 | # (at your option) any later version.
10 | #
11 | # shadowsocks-libev is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU General Public License
17 | # along with shadowsocks-libev; see the file COPYING. If not, see
18 | # <http://www.gnu.org/licenses/>.
19 | #
20 |
21 | FROM debian:stretch
22 |
23 | ARG REPO=shadowsocks
24 | ARG REV=master
25 |
26 | ADD docker/mingw/apt.sh /
27 |
28 | RUN \
29 | /bin/bash -c "source /apt.sh && dk_prepare" && \
30 | apt-get clean && \
31 | rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /build
32 |
33 | ADD docker/mingw/prepare.sh /
34 |
35 | RUN /bin/bash -c "source /prepare.sh && dk_download"
36 |
37 | ADD docker/mingw/deps.sh /
38 | RUN /bin/bash -c "source /deps.sh && dk_deps"
39 |
40 | ADD docker/mingw/build.sh /
41 |
42 | ARG REBUILD=0
43 |
44 | ADD . /build/src/proj
45 |
46 | RUN /bin/bash -c "source /build.sh && dk_build"
47 |
48 | RUN /bin/bash -c "source /build.sh && dk_package"
49 |
--------------------------------------------------------------------------------
/docker/mingw/Makefile:
--------------------------------------------------------------------------------
1 | #
2 | # Makefile for building MinGW port
3 | #
4 | # This file is part of the shadowsocks-libev.
5 | #
6 | # shadowsocks-libev is free software; you can redistribute it and/or modify
7 | # it under the terms of the GNU General Public License as published by
8 | # the Free Software Foundation; either version 3 of the License, or
9 | # (at your option) any later version.
10 | #
11 | # shadowsocks-libev is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU General Public License
17 | # along with shadowsocks-libev; see the file COPYING. If not, see
18 | # <http://www.gnu.org/licenses/>.
19 | #
20 |
21 | REPO=shadowsocks
22 | REV=master
23 | IMAGE=ss-build-mingw
24 | DIST=ss-libev-win-dist.tar.gz
25 |
26 | all: build
27 |
28 | build:
29 | cd ../../ && docker build -t $(IMAGE) \
30 | -f docker/mingw/Dockerfile \
31 | --build-arg REV=$(REV) --build-arg REPO=$(REPO) \
32 | --build-arg REBUILD="$(date +%Y-%m-%d-%H-%M-%S)" \
33 | .
34 | docker run --rm --entrypoint cat $(IMAGE) /bin.tgz > $(DIST)
35 |
36 | clean:
37 | rm -f $(DIST)
38 | docker rmi $(IMAGE) || true
39 |
40 | .PHONY: all clean build
41 |
--------------------------------------------------------------------------------
/docker/mingw/apt.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Functions for building MinGW port in Docker
4 | #
5 | # This file is part of the shadowsocks-libev.
6 | #
7 | # shadowsocks-libev is free software; you can redistribute it and/or modify
8 | # it under the terms of the GNU General Public License as published by
9 | # the Free Software Foundation; either version 3 of the License, or
10 | # (at your option) any later version.
11 | #
12 | # shadowsocks-libev is distributed in the hope that it will be useful,
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | # GNU General Public License for more details.
16 | #
17 | # You should have received a copy of the GNU General Public License
18 | # along with shadowsocks-libev; see the file COPYING. If not, see
19 | # <http://www.gnu.org/licenses/>.
20 | #
21 |
22 | # Exit on error
23 | set -e
24 |
25 | # Build steps
26 |
27 | dk_prepare() {
28 | apt-get update -y
29 | apt-get install --no-install-recommends -y \
30 | mingw-w64 aria2 git make automake autoconf libtool ca-certificates
31 | }
32 |
--------------------------------------------------------------------------------
/docker/mingw/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Functions for building MinGW port in Docker
4 | #
5 | # This file is part of the shadowsocks-libev.
6 | #
7 | # shadowsocks-libev is free software; you can redistribute it and/or modify
8 | # it under the terms of the GNU General Public License as published by
9 | # the Free Software Foundation; either version 3 of the License, or
10 | # (at your option) any later version.
11 | #
12 | # shadowsocks-libev is distributed in the hope that it will be useful,
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | # GNU General Public License for more details.
16 | #
17 | # You should have received a copy of the GNU General Public License
18 | # along with shadowsocks-libev; see the file COPYING. If not, see
19 | # <http://www.gnu.org/licenses/>.
20 | #
21 |
22 | # Exit on error
23 | set -e
24 |
25 | . /prepare.sh
26 |
27 | build_proj() {
28 | arch=$1
29 | host=$arch-w64-mingw32
30 | prefix=${DIST}/$arch
31 | dep=${PREFIX}/$arch
32 | cpu="$(nproc --all)"
33 |
34 | cd "$SRC"
35 | cd proj
36 |
37 | ./autogen.sh
38 | ./configure --host=${host} --prefix=${prefix} \
39 | --disable-documentation \
40 | --with-ev="$dep" \
41 | --with-mbedtls="$dep" \
42 | --with-sodium="$dep" \
43 | --with-pcre="$dep" \
44 | --with-cares="$dep" \
45 | CFLAGS="-DCARES_STATICLIB -DPCRE_STATIC"
46 |
47 | make clean
48 | make -j$cpu LDFLAGS="-all-static -L${dep}/lib"
49 | make install
50 | }
51 |
52 | dk_build() {
53 | for arch in i686 x86_64; do
54 | build_proj $arch
55 | done
56 | }
57 |
58 | dk_package() {
59 | rm -rf "$BASE/pack"
60 | mkdir -p "$BASE/pack"
61 | cd "$BASE/pack"
62 | mkdir -p ss-libev-${PROJ_REV}
63 | cd ss-libev-${PROJ_REV}
64 | for bin in local server tunnel; do
65 | cp ${DIST}/i686/bin/ss-${bin}.exe ss-${bin}-x86.exe
66 | cp ${DIST}/x86_64/bin/ss-${bin}.exe ss-${bin}-x64.exe
67 | done
68 | cd ..
69 | tar zcf /bin.tgz ss-libev-${PROJ_REV}
70 | }
71 |
--------------------------------------------------------------------------------
/docker/mingw/deps.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Functions for building MinGW port in Docker
4 | #
5 | # This file is part of the shadowsocks-libev.
6 | #
7 | # shadowsocks-libev is free software; you can redistribute it and/or modify
8 | # it under the terms of the GNU General Public License as published by
9 | # the Free Software Foundation; either version 3 of the License, or
10 | # (at your option) any later version.
11 | #
12 | # shadowsocks-libev is distributed in the hope that it will be useful,
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | # GNU General Public License for more details.
16 | #
17 | # You should have received a copy of the GNU General Public License
18 | # along with shadowsocks-libev; see the file COPYING. If not, see
19 | # <http://www.gnu.org/licenses/>.
20 | #
21 |
22 | # Exit on error
23 | set -e
24 |
25 | . /prepare.sh
26 |
27 | build_deps() {
28 | arch=$1
29 | host=$arch-w64-mingw32
30 | prefix=${PREFIX}/$arch
31 | args="--host=${host} --prefix=${prefix} --disable-shared --enable-static"
32 | cpu="$(nproc --all)"
33 |
34 | # libev
35 | cd "$SRC/$LIBEV_SRC"
36 | ./configure $args
37 | make clean
38 | make -j$cpu install
39 |
40 | # mbedtls
41 | cd "$SRC/$MBEDTLS_SRC"
42 | make clean
43 | make -j$cpu lib WINDOWS=1 CC="${host}-gcc" AR="${host}-ar"
44 | ## "make install" command from mbedtls
45 | DESTDIR="${prefix}"
46 | mkdir -p "${DESTDIR}"/include/mbedtls
47 | cp -r include/mbedtls "${DESTDIR}"/include
48 | mkdir -p "${DESTDIR}"/lib
49 | cp -RP library/libmbedtls.* "${DESTDIR}"/lib
50 | cp -RP library/libmbedx509.* "${DESTDIR}"/lib
51 | cp -RP library/libmbedcrypto.* "${DESTDIR}"/lib
52 | unset DESTDIR
53 |
54 | # sodium
55 | cd "$SRC/$SODIUM_SRC"
56 | ./autogen.sh
57 | ./configure $args
58 | make clean
59 | make -j$cpu install
60 |
61 | # pcre
62 | cd "$SRC/$PCRE_SRC"
63 | ./configure $args --disable-cpp \
64 | --enable-unicode-properties
65 | make clean
66 | make -j$cpu install
67 |
68 | # c-ares
69 | cd "$SRC/$CARES_SRC"
70 | ./configure $args
71 | make clean
72 | make -j$cpu install
73 | }
74 |
75 | dk_deps() {
76 | for arch in i686 x86_64; do
77 | build_deps $arch
78 | done
79 | }
80 |
--------------------------------------------------------------------------------
/docker/mingw/make.bat:
--------------------------------------------------------------------------------
1 | @echo off
2 | pushd %~dp0
3 | set "REPO=shadowsocks"
4 | set "REV=master"
5 | set "PLUGIN=true"
6 | set "IMAGE=ss-build-mingw"
7 | set "DIST=ss-libev-win-dist.tar.gz"
8 | docker build --force-rm -t %IMAGE% ^
9 | --build-arg REV=%REV% --build-arg REPO=%REPO% ^
10 | --build-arg REBUILD=%RANDOM% ^
11 | --build-arg PLUGIN=%PLUGIN% .
12 | docker run --rm --entrypoint cat %IMAGE% /bin.tgz > %DIST%
13 | pause
14 |
--------------------------------------------------------------------------------
/docker/mingw/prepare.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Functions for building MinGW port in Docker
4 | #
5 | # This file is part of the shadowsocks-libev.
6 | #
7 | # shadowsocks-libev is free software; you can redistribute it and/or modify
8 | # it under the terms of the GNU General Public License as published by
9 | # the Free Software Foundation; either version 3 of the License, or
10 | # (at your option) any later version.
11 | #
12 | # shadowsocks-libev is distributed in the hope that it will be useful,
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | # GNU General Public License for more details.
16 | #
17 | # You should have received a copy of the GNU General Public License
18 | # along with shadowsocks-libev; see the file COPYING. If not, see
19 | # <http://www.gnu.org/licenses/>.
20 | #
21 |
22 | # Exit on error
23 | set -e
24 |
25 | # Build options
26 | BASE="/build"
27 | PREFIX="$BASE/stage"
28 | SRC="$BASE/src"
29 | DIST="$BASE/dist"
30 |
31 | # Project URL
32 | PROJ_SITE=$REPO # Change REPO in Makefile
33 | PROJ_REV=$REV # Change REV in Makefile
34 | PROJ_URL=https://github.com/${PROJ_SITE}/shadowsocks-libev.git
35 |
36 | # Libraries from project
37 |
38 | ## libev for MinGW
39 | LIBEV_VER=mingw
40 | LIBEV_SRC=libev-${LIBEV_VER}
41 | LIBEV_URL=https://github.com/${PROJ_SITE}/libev/archive/${LIBEV_VER}.tar.gz
42 |
43 | # Public libraries
44 |
45 | ## mbedTLS
46 | MBEDTLS_VER=2.16.5
47 | MBEDTLS_SRC=mbedtls-${MBEDTLS_VER}
48 | MBEDTLS_URL=https://tls.mbed.org/download/mbedtls-${MBEDTLS_VER}-apache.tgz
49 |
50 | ## Sodium
51 | SODIUM_VER=1.0.18
52 | SODIUM_SRC=libsodium-stable
53 | SODIUM_URL=https://download.libsodium.org/libsodium/releases/libsodium-${SODIUM_VER}-stable.tar.gz
54 |
55 | ## PCRE
56 | PCRE_VER=8.44
57 | PCRE_SRC=pcre-${PCRE_VER}
58 | PCRE_URL=https://ftp.pcre.org/pub/pcre/${PCRE_SRC}.tar.gz
59 |
60 | ## c-ares
61 | CARES_VER=1.16.0
62 | CARES_SRC=c-ares-${CARES_VER}
63 | CARES_URL=https://c-ares.haxx.se/download/${CARES_SRC}.tar.gz
64 |
65 | # Build steps
66 |
67 | dk_download() {
68 | mkdir -p "${SRC}"
69 | cd "${SRC}"
70 | DOWN="aria2c --file-allocation=trunc -s10 -x10 -j10 -c"
71 | for pkg in LIBEV SODIUM MBEDTLS PCRE CARES; do
72 | src=${pkg}_SRC
73 | url=${pkg}_URL
74 | out="${!src}".tar.gz
75 | $DOWN ${!url} -o "${out}"
76 | echo "Unpacking ${out}..."
77 | tar zxf ${out}
78 | done
79 | }
80 |
--------------------------------------------------------------------------------
/m4/ax_tls.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_tls.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_TLS([action-if-found], [action-if-not-found])
8 | #
9 | # DESCRIPTION
10 | #
11 | # Provides a test for the compiler support of thread local storage (TLS)
12 | # extensions. Defines TLS if it is found. Currently knows about GCC/ICC
13 | # and MSVC. I think SunPro uses the same as GCC, and Borland apparently
14 | # supports either.
15 | #
16 | # LICENSE
17 | #
18 | # Copyright (c) 2008 Alan Woodland <ajw05@aber.ac.uk>
19 | # Copyright (c) 2010 Diego Elio Petteno` <flameeyes@gmail.com>
20 | #
21 | # This program is free software: you can redistribute it and/or modify it
22 | # under the terms of the GNU General Public License as published by the
23 | # Free Software Foundation, either version 3 of the License, or (at your
24 | # option) any later version.
25 | #
26 | # This program is distributed in the hope that it will be useful, but
27 | # WITHOUT ANY WARRANTY; without even the implied warranty of
28 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
29 | # Public License for more details.
30 | #
31 | # You should have received a copy of the GNU General Public License along
32 | # with this program. If not, see <http://www.gnu.org/licenses/>.
33 | #
34 | # As a special exception, the respective Autoconf Macro's copyright owner
35 | # gives unlimited permission to copy, distribute and modify the configure
36 | # scripts that are the output of Autoconf when processing the Macro. You
37 | # need not follow the terms of the GNU General Public License when using
38 | # or distributing such scripts, even though portions of the text of the
39 | # Macro appear in them. The GNU General Public License (GPL) does govern
40 | # all other use of the material that constitutes the Autoconf Macro.
41 | #
42 | # This special exception to the GPL applies to versions of the Autoconf
43 | # Macro released by the Autoconf Archive. When you make and distribute a
44 | # modified version of the Autoconf Macro, you may extend this special
45 | # exception to the GPL to apply to your modified version as well.
46 |
47 | #serial 11
48 |
49 | AC_DEFUN([AX_TLS], [
50 | AC_MSG_CHECKING([for thread local storage (TLS) class])
51 | AC_CACHE_VAL([ac_cv_tls],
52 | [for ax_tls_keyword in __thread '__declspec(thread)' none; do
53 | AS_CASE([$ax_tls_keyword],
54 | [none], [ac_cv_tls=none ; break],
55 | [AC_TRY_COMPILE(
56 | [#include <stdlib.h>
57 | static void
58 | foo(void) {
59 | static ] $ax_tls_keyword [ int bar;
60 | exit(1);
61 | }],
62 | [],
63 | [ac_cv_tls=$ax_tls_keyword ; break],
64 | ac_cv_tls=none
65 | )])
66 | done
67 | ])
68 | AC_MSG_RESULT([$ac_cv_tls])
69 |
70 | AS_IF([test "$ac_cv_tls" != "none"],
71 | [AC_DEFINE_UNQUOTED([TLS],[$ac_cv_tls],[If the compiler supports a TLS storage class define it to that here])
72 | m4_ifnblank([$1],[$1])],
73 | [m4_ifnblank([$2],[$2])])
74 | ])
75 |
--------------------------------------------------------------------------------
/m4/cares.m4:
--------------------------------------------------------------------------------
1 | dnl Check to find the libcares headers/libraries
2 |
3 | AC_DEFUN([ss_CARES],
4 | [
5 |
6 | AC_ARG_WITH(cares,
7 | AS_HELP_STRING([--with-cares=DIR], [The c-ares library base directory, or:]),
8 | [cares="$withval"
9 | CFLAGS="$CFLAGS -I$withval/include"
10 | LDFLAGS="$LDFLAGS -L$withval/lib"]
11 | )
12 |
13 | AC_ARG_WITH(cares-include,
14 | AS_HELP_STRING([--with-cares-include=DIR], [The c-ares library headers directory (without trailing /cares)]),
15 | [cares_include="$withval"
16 | CFLAGS="$CFLAGS -I$withval"]
17 | )
18 |
19 | AC_ARG_WITH(cares-lib,
20 | AS_HELP_STRING([--with-cares-lib=DIR], [The c-ares library library directory]),
21 | [cares_lib="$withval"
22 | LDFLAGS="$LDFLAGS -L$withval"]
23 | )
24 |
25 | AC_CHECK_LIB(cares, ares_library_init,
26 | [LIBS="-lcares $LIBS"],
27 | [AC_MSG_ERROR([The c-ares library libraries not found.])]
28 | )
29 |
30 | ])
31 |
--------------------------------------------------------------------------------
/m4/inet_ntop.m4:
--------------------------------------------------------------------------------
1 | # inet_ntop.m4 serial 19
2 | dnl Copyright (C) 2005-2006, 2008-2013 Free Software Foundation, Inc.
3 | dnl This file is free software; the Free Software Foundation
4 | dnl gives unlimited permission to copy and/or distribute it,
5 | dnl with or without modifications, as long as this notice is preserved.
6 |
7 | AC_DEFUN([ss_FUNC_INET_NTOP],
8 | [
9 | AC_REQUIRE([AC_C_RESTRICT])
10 |
11 | dnl Most platforms that provide inet_ntop define it in libc.
12 | dnl Solaris 8..10 provide inet_ntop in libnsl instead.
13 | dnl Solaris 2.6..7 provide inet_ntop in libresolv instead.
14 | HAVE_INET_NTOP=1
15 | INET_NTOP_LIB=
16 | ss_save_LIBS=$LIBS
17 | AC_SEARCH_LIBS([inet_ntop], [nsl resolv], [],
18 | [AC_CHECK_FUNCS([inet_ntop])
19 | if test $ac_cv_func_inet_ntop = no; then
20 | HAVE_INET_NTOP=0
21 | fi
22 | ])
23 | LIBS=$ss_save_LIBS
24 |
25 | if test "$ac_cv_search_inet_ntop" != "no" \
26 | && test "$ac_cv_search_inet_ntop" != "none required"; then
27 | INET_NTOP_LIB="$ac_cv_search_inet_ntop"
28 | fi
29 |
30 | AC_CHECK_HEADERS_ONCE([netdb.h])
31 | AC_CHECK_DECLS([inet_ntop],,,
32 | [[#include <arpa/inet.h>
33 | #if HAVE_NETDB_H
34 | # include <netdb.h>
35 | #endif
36 | ]])
37 | if test $ac_cv_have_decl_inet_ntop = no; then
38 | HAVE_DECL_INET_NTOP=0
39 | fi
40 | AC_SUBST([INET_NTOP_LIB])
41 | ])
42 |
--------------------------------------------------------------------------------
/m4/mbedtls.m4:
--------------------------------------------------------------------------------
1 | dnl Check to find the mbed TLS headers/libraries
2 |
3 | AC_DEFUN([ss_MBEDTLS],
4 | [
5 |
6 | AC_ARG_WITH(mbedtls,
7 | AS_HELP_STRING([--with-mbedtls=DIR], [mbed TLS base directory, or:]),
8 | [mbedtls="$withval"
9 | CFLAGS="$CFLAGS -I$withval/include"
10 | LDFLAGS="$LDFLAGS -L$withval/lib"]
11 | )
12 |
13 | AC_ARG_WITH(mbedtls-include,
14 | AS_HELP_STRING([--with-mbedtls-include=DIR], [mbed TLS headers directory (without trailing /mbedtls)]),
15 | [mbedtls_include="$withval"
16 | CFLAGS="$CFLAGS -I$withval"]
17 | )
18 |
19 | AC_ARG_WITH(mbedtls-lib,
20 | AS_HELP_STRING([--with-mbedtls-lib=DIR], [mbed TLS library directory]),
21 | [mbedtls_lib="$withval"
22 | LDFLAGS="$LDFLAGS -L$withval"]
23 | )
24 |
25 | AC_CHECK_LIB(mbedcrypto, mbedtls_cipher_setup,
26 | [LIBS="-lmbedcrypto $LIBS"],
27 | [AC_MSG_ERROR([mbed TLS libraries not found.])]
28 | )
29 |
30 | AC_MSG_CHECKING([whether mbedtls supports Cipher Feedback mode or not])
31 | AC_COMPILE_IFELSE(
32 | [AC_LANG_PROGRAM(
33 | [[
34 | #include <mbedtls/version.h>
35 | #if MBEDTLS_VERSION_NUMBER >= 0x03000000
36 | #include <mbedtls/mbedtls_config.h>
37 | #else
38 | #include <mbedtls/config.h>
39 | #endif
40 | ]],
41 | [[
42 | #ifndef MBEDTLS_CIPHER_MODE_CFB
43 | #error Cipher Feedback mode a.k.a CFB not supported by your mbed TLS.
44 | #endif
45 | ]]
46 | )],
47 | [AC_MSG_RESULT([ok])],
48 | [AC_MSG_ERROR([MBEDTLS_CIPHER_MODE_CFB required])]
49 | )
50 |
51 |
52 | AC_MSG_CHECKING([whether mbedtls supports the ARC4 stream cipher or not])
53 | AC_COMPILE_IFELSE(
54 | [AC_LANG_PROGRAM(
55 | [[
56 | #include <mbedtls/version.h>
57 | #if MBEDTLS_VERSION_NUMBER >= 0x03000000
58 | #include <mbedtls/mbedtls_config.h>
59 | #else
60 | #include <mbedtls/config.h>
61 | #endif
62 | ]],
63 | [[
64 | #ifndef MBEDTLS_ARC4_C
65 | #error the ARC4 stream cipher not supported by your mbed TLS.
66 | #endif
67 | ]]
68 | )],
69 | [AC_MSG_RESULT([ok])],
70 | [AC_MSG_WARN([We will continue without ARC4 stream cipher support, MBEDTLS_ARC4_C required])]
71 | )
72 |
73 | AC_MSG_CHECKING([whether mbedtls supports the Blowfish block cipher or not])
74 | AC_COMPILE_IFELSE(
75 | [AC_LANG_PROGRAM(
76 | [[
77 | #include <mbedtls/version.h>
78 | #if MBEDTLS_VERSION_NUMBER >= 0x03000000
79 | #include <mbedtls/mbedtls_config.h>
80 | #else
81 | #include <mbedtls/config.h>
82 | #endif
83 | ]],
84 | [[
85 | #ifndef MBEDTLS_BLOWFISH_C
86 | #error the Blowfish block cipher not supported by your mbed TLS.
87 | #endif
88 | ]]
89 | )],
90 | [AC_MSG_RESULT([ok])],
91 | [AC_MSG_WARN([We will continue without Blowfish block cipher support, MBEDTLS_BLOWFISH_C required])]
92 | )
93 |
94 | AC_MSG_CHECKING([whether mbedtls supports the Camellia block cipher or not])
95 | AC_COMPILE_IFELSE(
96 | [AC_LANG_PROGRAM(
97 | [[
98 | #include <mbedtls/version.h>
99 | #if MBEDTLS_VERSION_NUMBER >= 0x03000000
100 | #include <mbedtls/mbedtls_config.h>
101 | #else
102 | #include <mbedtls/config.h>
103 | #endif
104 | ]],
105 | [[
106 | #ifndef MBEDTLS_CAMELLIA_C
107 | #error the Camellia block cipher not supported by your mbed TLS.
108 | #endif
109 | ]]
110 | )],
111 | [AC_MSG_RESULT([ok])],
112 | [AC_MSG_WARN([We will continue without Camellia block cipher support, MBEDTLS_CAMELLIA_C required])]
113 | )
114 | ])
115 |
--------------------------------------------------------------------------------
/m4/pcre.m4:
--------------------------------------------------------------------------------
1 | dnl -------------------------------------------------------- -*- autoconf -*-
2 | dnl Licensed to the Apache Software Foundation (ASF) under one or more
3 | dnl contributor license agreements. See the NOTICE file distributed with
4 | dnl this work for additional information regarding copyright ownership.
5 | dnl The ASF licenses this file to You under the Apache License, Version 2.0
6 | dnl (the "License"); you may not use this file except in compliance with
7 | dnl the License. You may obtain a copy of the License at
8 | dnl
9 | dnl http://www.apache.org/licenses/LICENSE-2.0
10 | dnl
11 | dnl Unless required by applicable law or agreed to in writing, software
12 | dnl distributed under the License is distributed on an "AS IS" BASIS,
13 | dnl WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | dnl See the License for the specific language governing permissions and
15 | dnl limitations under the License.
16 |
17 | dnl
18 | dnl TS_ADDTO(variable, value)
19 | dnl
20 | dnl Add value to variable
21 | dnl
22 | AC_DEFUN([TS_ADDTO], [
23 | if test "x$1" = "x"; then
24 | test "x$verbose" = "xyes" && echo " setting $1 to \"$2\""
25 | $1="$2"
26 | else
27 | ats_addto_bugger="$2"
28 | for i in $ats_addto_bugger; do
29 | ats_addto_duplicate="0"
30 | for j in $1; do
31 | if test "x$i" = "x$j"; then
32 | ats_addto_duplicate="1"
33 | break
34 | fi
35 | done
36 | if test $ats_addto_duplicate = "0"; then
37 | test "x$verbose" = "xyes" && echo " adding \"$i\" to $1"
38 | $1="$1 $i"
39 | fi
40 | done
41 | fi
42 | ])dnl
43 |
44 | dnl
45 | dnl TS_ADDTO_RPATH(path)
46 | dnl
47 | dnl Adds path to variable with the '-rpath' directive.
48 | dnl
49 | AC_DEFUN([TS_ADDTO_RPATH], [
50 | AC_MSG_NOTICE([adding $1 to RPATH])
51 | TS_ADDTO(LIBTOOL_LINK_FLAGS, [-R$1])
52 | ])dnl
53 |
54 | dnl
55 | dnl pcre.m4: Trafficserver's pcre autoconf macros
56 | dnl
57 |
58 | dnl
59 | dnl TS_CHECK_PCRE: look for pcre libraries and headers
60 | dnl
61 | AC_DEFUN([TS_CHECK_PCRE], [
62 | enable_pcre=no
63 | AC_ARG_WITH(pcre, [AC_HELP_STRING([--with-pcre=DIR],[use a specific pcre library])],
64 | [
65 | if test "x$withval" != "xyes" && test "x$withval" != "x"; then
66 | pcre_base_dir="$withval"
67 | if test "$withval" != "no"; then
68 | enable_pcre=yes
69 | case "$withval" in
70 | *":"*)
71 | pcre_include="`echo $withval |sed -e 's/:.*$//'`"
72 | pcre_ldflags="`echo $withval |sed -e 's/^.*://'`"
73 | AC_MSG_CHECKING(checking for pcre includes in $pcre_include libs in $pcre_ldflags )
74 | ;;
75 | *)
76 | pcre_include="$withval/include"
77 | pcre_ldflags="$withval/lib"
78 | AC_MSG_CHECKING(checking for pcre includes in $withval)
79 | ;;
80 | esac
81 | fi
82 | fi
83 | ],
84 | [
85 | AC_CHECK_PROG(PCRE_CONFIG, pcre-config, pcre-config)
86 | if test "x$PCRE_CONFIG" != "x"; then
87 | enable_pcre=yes
88 | pcre_base_dir="`$PCRE_CONFIG --prefix`"
89 | pcre_include="`$PCRE_CONFIG --cflags | sed -es/-I//`"
90 | pcre_ldflags="`$PCRE_CONFIG --libs | sed -es/-lpcre// -es/-L//`"
91 | fi
92 | ])
93 |
94 | if test "x$pcre_base_dir" = "x"; then
95 | AC_MSG_CHECKING([for pcre location])
96 | AC_CACHE_VAL(ats_cv_pcre_dir,[
97 | for dir in /usr/local /usr ; do
98 | if test -d $dir && ( test -f $dir/include/pcre.h || test -f $dir/include/pcre/pcre.h ); then
99 | ats_cv_pcre_dir=$dir
100 | break
101 | fi
102 | done
103 | ])
104 | pcre_base_dir=$ats_cv_pcre_dir
105 | if test "x$pcre_base_dir" = "x"; then
106 | enable_pcre=no
107 | AC_MSG_RESULT([not found])
108 | else
109 | enable_pcre=yes
110 | pcre_include="$pcre_base_dir/include"
111 | pcre_ldflags="$pcre_base_dir/lib"
112 | AC_MSG_RESULT([$pcre_base_dir])
113 | fi
114 | else
115 | AC_MSG_CHECKING(for pcre headers in $pcre_include)
116 | if test -d $pcre_include && test -d $pcre_ldflags && ( test -f $pcre_include/pcre.h || test -f $pcre_include/pcre/pcre.h ); then
117 | AC_MSG_RESULT([ok])
118 | else
119 | AC_MSG_RESULT([not found])
120 | fi
121 | fi
122 |
123 | pcreh=0
124 | pcre_pcreh=0
125 | if test "$enable_pcre" != "no"; then
126 | saved_ldflags=$LDFLAGS
127 | saved_cppflags=$CFLAGS
128 | pcre_have_headers=0
129 | pcre_have_libs=0
130 | if test "$pcre_base_dir" != "/usr"; then
131 | TS_ADDTO(CFLAGS, [-I${pcre_include}])
132 | TS_ADDTO(CFLAGS, [-DPCRE_STATIC])
133 | TS_ADDTO(LDFLAGS, [-L${pcre_ldflags}])
134 | TS_ADDTO_RPATH(${pcre_ldflags})
135 | fi
136 | AC_SEARCH_LIBS([pcre_exec], [pcre], [pcre_have_libs=1])
137 | if test "$pcre_have_libs" != "0"; then
138 | AC_CHECK_HEADERS(pcre.h, [pcre_have_headers=1])
139 | AC_CHECK_HEADERS(pcre/pcre.h, [pcre_have_headers=1])
140 | fi
141 | if test "$pcre_have_headers" != "0"; then
142 | AC_DEFINE(HAVE_LIBPCRE,1,[Compiling with pcre support])
143 | AC_SUBST(LIBPCRE, [-lpcre])
144 | else
145 | enable_pcre=no
146 | CFLAGS=$saved_cppflags
147 | LDFLAGS=$saved_ldflags
148 | fi
149 | fi
150 | AC_SUBST(pcreh)
151 | AC_SUBST(pcre_pcreh)
152 | ])
153 |
--------------------------------------------------------------------------------
/m4/sodium.m4:
--------------------------------------------------------------------------------
1 | dnl Check to find the libsodium headers/libraries
2 |
3 | AC_DEFUN([ss_SODIUM],
4 | [
5 |
6 | AC_ARG_WITH(sodium,
7 | AS_HELP_STRING([--with-sodium=DIR], [The Sodium crypto library base directory, or:]),
8 | [sodium="$withval"
9 | CFLAGS="$CFLAGS -I$withval/include"
10 | LDFLAGS="$LDFLAGS -L$withval/lib"]
11 | )
12 |
13 | AC_ARG_WITH(sodium-include,
14 | AS_HELP_STRING([--with-sodium-include=DIR], [The Sodium crypto library headers directory (without trailing /sodium)]),
15 | [sodium_include="$withval"
16 | CFLAGS="$CFLAGS -I$withval"]
17 | )
18 |
19 | AC_ARG_WITH(sodium-lib,
20 | AS_HELP_STRING([--with-sodium-lib=DIR], [The Sodium crypto library library directory]),
21 | [sodium_lib="$withval"
22 | LDFLAGS="$LDFLAGS -L$withval"]
23 | )
24 |
25 | AC_CHECK_LIB(sodium, sodium_init,
26 | [LIBS="-lsodium $LIBS"],
27 | [AC_MSG_ERROR([The Sodium crypto library libraries not found.])]
28 | )
29 |
30 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
31 | #include <sodium.h>
32 | ], [
33 | #if SODIUM_LIBRARY_VERSION_MAJOR < 7 || SODIUM_LIBRARY_VERSION_MAJOR ==7 && SODIUM_LIBRARY_VERSION_MINOR < 6
34 | # error
35 | #endif
36 | ])],
37 | [AC_MSG_RESULT([checking for version of libsodium... yes])],
38 | [AC_MSG_ERROR([Wrong libsodium: version >= 1.0.4 required])])
39 |
40 | ])
41 |
--------------------------------------------------------------------------------
/m4/stack-protector.m4:
--------------------------------------------------------------------------------
1 | #
2 | # Copyright 2007 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # GGL_CHECK_STACK_PROTECTOR([ACTION-IF-OK], [ACTION-IF-NOT-OK])
17 | # Check if c compiler supports -fstack-protector and -fstack-protector-all
18 | # options.
19 |
20 | AC_DEFUN([GGL_CHECK_STACK_PROTECTOR], [
21 | ggl_check_stack_protector_save_CXXFLAGS="$CXXFLAGS"
22 | ggl_check_stack_protector_save_CFLAGS="$CFLAGS"
23 |
24 | AC_MSG_CHECKING([if -fstack-protector and -fstack-protector-all are supported.])
25 |
26 | CXXFLAGS="$CXXFLAGS -fstack-protector"
27 | CFLAGS="$CFLAGS -fstack-protector"
28 | AC_COMPILE_IFELSE([AC_LANG_SOURCE([
29 | int main() {
30 | return 0;
31 | }
32 | ])],
33 | [ggl_check_stack_protector_ok=yes],
34 | [ggl_check_stack_protector_ok=no])
35 |
36 | CXXFLAGS="$ggl_check_stack_protector_save_CXXFLAGS -fstack-protector-all"
37 | CFLAGS="$ggl_check_stack_protector_save_CFLAGS -fstack-protector-all"
38 | AC_COMPILE_IFELSE([AC_LANG_SOURCE([
39 | int main() {
40 | return 0;
41 | }
42 | ])],
43 | [ggl_check_stack_protector_all_ok=yes],
44 | [ggl_check_stack_protector_all_ok=no])
45 |
46 | if test "x$ggl_check_stack_protector_ok" = "xyes" -a \
47 | "x$ggl_check_stack_protector_all_ok" = "xyes"; then
48 | AC_MSG_RESULT([yes])
49 | ifelse([$1], , :, [$1])
50 | else
51 | AC_MSG_RESULT([no])
52 | ifelse([$2], , :, [$2])
53 | fi
54 |
55 | CXXFLAGS="$ggl_check_stack_protector_save_CXXFLAGS"
56 | CFLAGS="$ggl_check_stack_protector_save_CFLAGS"
57 |
58 | ]) # GGL_CHECK_STACK_PROTECTOR
59 |
--------------------------------------------------------------------------------
/rpm/SOURCES/etc/init.d/shadowsocks-libev:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #
3 | # Script to run Shadowsocks in daemon mode at boot time.
4 | # ScriptAuthor: icyboy
5 | # Revision 1.0 - 14th Sep 2013
6 | #====================================================================
7 | # Run level information:
8 | # chkconfig: 2345 99 99
9 | # Description: lightweight secured socks5 proxy
10 | # processname: ss-server
11 | # Author: Max Lv <max.c.lv@gmail.com>;
12 | # Run "/sbin/chkconfig --add shadowsocks" to add the Run levels.
13 | #====================================================================
14 |
15 | #====================================================================
16 | # Paths and variables and system checks.
17 |
18 | # Source function library
19 | . /etc/rc.d/init.d/functions
20 |
21 | # Check that networking is up.
22 | #
23 | [ ${NETWORKING} ="yes" ] || exit 0
24 |
25 | # Daemon
26 | NAME=shadowsocks-server
27 | DAEMON=/usr/bin/ss-server
28 |
29 | # Path to the configuration file.
30 | #
31 | CONF=/etc/shadowsocks-libev/config.json
32 |
33 | #USER="nobody"
34 | #GROUP="nobody"
35 |
36 | # Take care of pidfile permissions
37 | mkdir /var/run/$NAME 2>/dev/null || true
38 | #chown "$USER:$GROUP" /var/run/$NAME
39 |
40 | # Check the configuration file exists.
41 | #
42 | if [ ! -f $CONF ] ; then
43 | echo "The configuration file cannot be found!"
44 | exit 0
45 | fi
46 |
47 | # Path to the lock file.
48 | #
49 | LOCK_FILE=/var/lock/subsys/shadowsocks
50 |
51 | # Path to the pid file.
52 | #
53 | PID=/var/run/$NAME/pid
54 |
55 |
56 | #====================================================================
57 |
58 | #====================================================================
59 | # Run controls:
60 |
61 | RETVAL=0
62 |
63 | # Start shadowsocks as daemon.
64 | #
65 | start() {
66 | if [ -f $LOCK_FILE ]; then
67 | echo "$NAME is already running!"
68 | exit 0
69 | else
70 | echo -n quot;Starting ${NAME}: "
71 | #daemon --check $DAEMON --user $USER "$DAEMON -f $PID -c $CONF > /dev/null"
72 | daemon $DAEMON -c $CONF -f $PID
73 | fi
74 |
75 | RETVAL=$?
76 | [ $RETVAL -eq 0 ] && success
77 | echo
78 | [ $RETVAL -eq 0 ] && touch $LOCK_FILE
79 | return $RETVAL
80 | }
81 |
82 |
83 | # Stop shadowsocks.
84 | #
85 | stop() {
86 | echo -n quot;Shutting down ${NAME}: "
87 | killproc -p ${PID}
88 | RETVAL=$?
89 | [ $RETVAL -eq 0 ]
90 | rm -f $LOCK_FILE
91 | rm -f ${PID}
92 | echo
93 | return $RETVAL
94 | }
95 |
96 | # See how we were called.
97 | case "$1" in
98 | start)
99 | start
100 | ;;
101 | stop)
102 | stop
103 | ;;
104 | restart)
105 | stop
106 | start
107 | ;;
108 | condrestart)
109 | if [ -f $LOCK_FILE ]; then
110 | stop
111 | start
112 | RETVAL=$?
113 | fi
114 | ;;
115 | status)
116 | status $DAEMON
117 | RETVAL=$?
118 | ;;
119 | *)
120 | echo quot;Usage: $0 {start|stop|restart|condrestart|status}"
121 | RETVAL=1
122 | esac
123 |
124 | exit $RETVAL
125 |
--------------------------------------------------------------------------------
/rpm/SOURCES/systemd/shadowsocks-libev-local.service:
--------------------------------------------------------------------------------
1 | # This file is part of shadowsocks-libev.
2 | #
3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify
4 | # it under the terms of the GNU General Public License as published by
5 | # the Free Software Foundation; either version 3 of the License, or
6 | # (at your option) any later version.
7 | #
8 | # This file is default for RPM packaging. See also
9 | # /etc/sysconfig/shadowsocks-libev for environment variables.
10 |
11 | [Unit]
12 | Description=Shadowsocks-libev Default Local Service
13 | Documentation=man:shadowsocks-libev(8)
14 | After=network-online.target
15 |
16 | [Service]
17 | Type=simple
18 | EnvironmentFile=/etc/sysconfig/shadowsocks-libev
19 | User=nobody
20 | Group=nobody
21 | LimitNOFILE=32768
22 | ExecStart=/usr/bin/ss-local -c "$CONFFILE" $DAEMON_ARGS
23 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE
24 |
25 | [Install]
26 | WantedBy=multi-user.target
27 |
28 |
--------------------------------------------------------------------------------
/rpm/SOURCES/systemd/shadowsocks-libev-local@.service:
--------------------------------------------------------------------------------
1 | # This file is part of shadowsocks-libev.
2 | #
3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify
4 | # it under the terms of the GNU General Public License as published by
5 | # the Free Software Foundation; either version 3 of the License, or
6 | # (at your option) any later version.
7 | #
8 | # This is a template unit file. Users may copy and rename the file into
9 | # config directories to make new service instances. See systemd.unit(5)
10 | # for details.
11 |
12 | [Unit]
13 | Description=Shadowsocks-Libev Custom Client Service for %I
14 | Documentation=man:ss-local(1)
15 | After=network-online.target
16 |
17 | [Service]
18 | Type=simple
19 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE
20 | ExecStart=/usr/bin/ss-local -c /etc/shadowsocks-libev/%i.json
21 | User=nobody
22 | Group=nobody
23 | LimitNOFILE=32768
24 |
25 | [Install]
26 | WantedBy=multi-user.target
27 |
28 |
--------------------------------------------------------------------------------
/rpm/SOURCES/systemd/shadowsocks-libev-redir@.service:
--------------------------------------------------------------------------------
1 | # This file is part of shadowsocks-libev.
2 | #
3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify
4 | # it under the terms of the GNU General Public License as published by
5 | # the Free Software Foundation; either version 3 of the License, or
6 | # (at your option) any later version.
7 | #
8 | # This is a template unit file. Users may copy and rename the file into
9 | # config directories to make new service instances. See systemd.unit(5)
10 | # for details.
11 |
12 | [Unit]
13 | Description=Shadowsocks-Libev Custom Client Service Redir Mode for %I
14 | Documentation=man:ss-redir(1)
15 | After=network-online.target
16 |
17 | [Service]
18 | Type=simple
19 | CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
20 | ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks-libev/%i.json
21 | User=nobody
22 | Group=nobody
23 | LimitNOFILE=32768
24 |
25 | [Install]
26 | WantedBy=multi-user.target
27 |
28 |
--------------------------------------------------------------------------------
/rpm/SOURCES/systemd/shadowsocks-libev-server@.service:
--------------------------------------------------------------------------------
1 | # This file is part of shadowsocks-libev.
2 | #
3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify
4 | # it under the terms of the GNU General Public License as published by
5 | # the Free Software Foundation; either version 3 of the License, or
6 | # (at your option) any later version.
7 | #
8 | # This is a template unit file. Users may copy and rename the file into
9 | # config directories to make new service instances. See systemd.unit(5)
10 | # for details.
11 |
12 | [Unit]
13 | Description=Shadowsocks-Libev Custom Server Service for %I
14 | Documentation=man:ss-server(1)
15 | After=network-online.target
16 |
17 | [Service]
18 | Type=simple
19 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE
20 | ExecStart=/usr/bin/ss-server -c /etc/shadowsocks-libev/%i.json
21 | User=nobody
22 | Group=nobody
23 | LimitNOFILE=32768
24 |
25 | [Install]
26 | WantedBy=multi-user.target
27 |
28 |
--------------------------------------------------------------------------------
/rpm/SOURCES/systemd/shadowsocks-libev-tunnel@.service:
--------------------------------------------------------------------------------
1 | # This file is part of shadowsocks-libev.
2 | #
3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify
4 | # it under the terms of the GNU General Public License as published by
5 | # the Free Software Foundation; either version 3 of the License, or
6 | # (at your option) any later version.
7 | #
8 | # This is a template unit file. Users may copy and rename the file into
9 | # config directories to make new service instances. See systemd.unit(5)
10 | # for details.
11 |
12 | [Unit]
13 | Description=Shadowsocks-Libev Custom Client Service Tunnel Mode for %I
14 | Documentation=man:ss-tunnel(1)
15 | After=network-online.target
16 |
17 | [Service]
18 | Type=simple
19 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE
20 | ExecStart=/usr/bin/ss-tunnel -c /etc/shadowsocks-libev/%i.json
21 | User=nobody
22 | Group=nobody
23 | LimitNOFILE=32768
24 |
25 | [Install]
26 | WantedBy=multi-user.target
27 |
28 |
--------------------------------------------------------------------------------
/rpm/SOURCES/systemd/shadowsocks-libev.default:
--------------------------------------------------------------------------------
1 | # Defaults for shadowsocks initscript
2 | # sourced by /etc/init.d/shadowsocks-libev
3 | # installed at /etc/sysconfig/shadowsocks-libev by the maintainer scripts
4 |
5 | #
6 | # This is a POSIX shell fragment
7 | #
8 | # Note: `START', `GROUP' and `MAXFD' options are not recognized by systemd.
9 | # Please change those settings in the corresponding systemd unit file.
10 |
11 | # Enable during startup?
12 | START=yes
13 |
14 | # Configuration file
15 | CONFFILE="/etc/shadowsocks-libev/config.json"
16 |
17 | # Extra command line arguments
18 | DAEMON_ARGS="-u"
19 |
20 | # User and group to run the server as
21 | USER=nobody
22 | GROUP=nobody
23 |
24 | # Number of maximum file descriptors
25 | MAXFD=32768
26 |
--------------------------------------------------------------------------------
/rpm/SOURCES/systemd/shadowsocks-libev.service:
--------------------------------------------------------------------------------
1 | # This file is part of shadowsocks-libev.
2 | #
3 | # Shadowsocks-libev is free software; you can redistribute it and/or modify
4 | # it under the terms of the GNU General Public License as published by
5 | # the Free Software Foundation; either version 3 of the License, or
6 | # (at your option) any later version.
7 | #
8 | # This file is default for RPM packaging. See also
9 | # /etc/sysconfig/shadowsocks-libev for environment variables.
10 |
11 | [Unit]
12 | Description=Shadowsocks-libev Default Server Service
13 | Documentation=man:shadowsocks-libev(8)
14 | After=network-online.target network-online.target
15 |
16 | [Service]
17 | Type=simple
18 | EnvironmentFile=/etc/sysconfig/shadowsocks-libev
19 | User=nobody
20 | Group=nobody
21 | LimitNOFILE=32768
22 | ExecStart=/usr/bin/ss-server -c "$CONFFILE" $DAEMON_ARGS
23 | CapabilityBoundingSet=CAP_NET_BIND_SERVICE
24 |
25 | [Install]
26 | WantedBy=multi-user.target
27 |
28 |
--------------------------------------------------------------------------------
/rpm/genrpm.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | set -e
3 |
4 | NAME=shadowsocks-libev
5 |
6 | SELF=$(readlink -f -- "$0")
7 | HERE=$(dirname -- "$SELF")
8 |
9 | SOURCES="${HERE}"/SOURCES
10 | SPEC_TEMPLATE="${HERE}"/SPECS/${NAME}.spec.in
11 | SPEC_FILE="${SPEC_TEMPLATE%%.in}"
12 |
13 | GIT_VERSION=$("${HERE}"/../scripts/git_version.sh)
14 |
15 | OPT_OUTDIR="${HERE}/SRPMS"
16 | OPT_USE_SYSTEM_LIB=0
17 | OUT_BUILD_RPM=0
18 |
19 | version=$(echo ${GIT_VERSION} | cut -d' ' -f1)
20 | release=$(echo ${GIT_VERSION} | cut -d' ' -f2)
21 |
22 | name_version=${NAME}-${version}-${release}
23 | source_name=${name_version}.tar.gz
24 |
25 | archive()
26 | {
27 | "${HERE}"/../scripts/git_archive.sh -o "${SOURCES}" -n ${name_version}
28 | }
29 |
30 | build_src_rpm()
31 | {
32 | rpmbuild -bs "${SPEC_FILE}" \
33 | --undefine "dist" \
34 | --define "%_topdir ${HERE}" \
35 | --define "%_srcrpmdir ${OPT_OUTDIR}"
36 | }
37 |
38 | build_rpm()
39 | {
40 | rpmbuild --rebuild "${OPT_OUTDIR}"/${name_version}.src.rpm \
41 | --define "%_topdir ${HERE}" \
42 | --define "%use_system_lib ${OPT_USE_SYSTEM_LIB}"
43 | }
44 |
45 | create_spec()
46 | {
47 | sed -e "s/@NAME@/${NAME}/g" \
48 | -e "s/@VERSION@/${version}/g" \
49 | -e "s/@RELEASE@/${release}/g" \
50 | -e "s/@SOURCE@/${source_name}/g" \
51 | -e "s/@NAME_VERSION@/${name_version}/g" \
52 | "${SPEC_TEMPLATE}" > "${SPEC_FILE}"
53 | }
54 |
55 | show_help()
56 | {
57 | echo -e "$(basename $0) [OPTION...]"
58 | echo -e "Create and build shadowsocks-libev SRPM"
59 | echo
60 | echo -e "Options:"
61 | echo -e " -h show this help."
62 | echo -e " -b use rpmbuld to build resulting SRPM"
63 | echo -e " -s use system shared libraries (RPM only)"
64 | echo -e " -o output directory"
65 | }
66 |
67 | while getopts "hbso:" opt
68 | do
69 | case ${opt} in
70 | h)
71 | show_help
72 | exit 0
73 | ;;
74 | b)
75 | OPT_BUILD_RPM=1
76 | ;;
77 | s)
78 | OPT_USE_SYSTEM_LIB=1
79 | ;;
80 | o)
81 | OPT_OUTDIR=$(readlink -f -- $OPTARG)
82 | ;;
83 | *)
84 | show_help
85 | exit 1
86 | ;;
87 | esac
88 | done
89 |
90 | create_spec
91 | archive
92 | build_src_rpm
93 | if [ "${OPT_BUILD_RPM}" = "1" ] ; then
94 | build_rpm
95 | fi
96 |
--------------------------------------------------------------------------------
/scripts/chroot_build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Copyright 2018 Roger Shimizu <rosh@debian.org>
3 | #
4 | # This is free software; you can redistribute it and/or modify
5 | # it under the terms of the GNU General Public License as published by
6 | # the Free Software Foundation; either version 3 of the License, or
7 | # (at your option) any later version.
8 |
9 | set -e
10 |
11 | help_usage() {
12 | cat << EOT
13 |
14 | Call build_deb.sh script in a chrooted environment
15 | Usage:
16 | sudo $(basename $0) [--help|-h] [codename]
17 |
18 | --help|-h Show this usage.
19 | [code name] Debian/Ubuntu release codename
20 | e.g. jessie/stretch/trusty/xenial
21 |
22 | EOT
23 | exit
24 | }
25 |
26 | # POSIX-compliant maint function recommend by devref
27 | # to check for the existence of a command
28 | # https://www.debian.org/doc/manuals/developers-reference/ch06.html#bpp-debian-maint-scripts
29 | pathfind() {
30 | OLDIFS="$IFS"
31 | IFS=:
32 | for p in $PATH; do
33 | if [ -x "$p/$*" ]; then
34 | IFS="$OLDIFS"
35 | return 0
36 | fi
37 | done
38 | IFS="$OLDIFS"
39 | return 1
40 | }
41 |
42 | case "$1" in
43 | wheezy|precise)
44 | echo Sorry, the system $1 is not supported.
45 | ;;
46 | jessie|stretch|buster|testing|unstable|sid)
47 | OSID=debian
48 | REPO=http://deb.debian.org/debian
49 | ;;
50 | trusty|yakkety|zesty|xenial|artful|bionic)
51 | OSID=ubuntu
52 | REPO=http://archive.ubuntu.com/ubuntu
53 | ;;
54 | --help|-h|*)
55 | help_usage
56 | esac
57 |
58 | if ! pathfind debootstrap; then
59 | echo Please install debootstrap package.
60 | exit 1
61 | fi
62 |
63 | OSVER=$1
64 | CHROOT=/tmp/${OSVER}-build-$(date +%Y%m%d%H%M)
65 | TIMESTAMP0=$(date)
66 |
67 | mkdir -p ${CHROOT}/etc
68 | echo en_US.UTF-8 UTF-8 > ${CHROOT}/etc/locale.gen
69 | if ! debootstrap --variant=minbase --include=ca-certificates,git,sudo,wget,whiptail --exclude=upstart,systemd $OSVER $CHROOT $REPO; then
70 | echo debootstrap failed. Please kindly check whether proper sudo or not.
71 | exit 1
72 | fi
73 | case "$OSID" in
74 | debian)
75 | echo deb $REPO ${OSVER} main > ${CHROOT}/etc/apt/sources.list
76 | echo deb $REPO ${OSVER}-updates main >> ${CHROOT}/etc/apt/sources.list
77 | echo deb $REPO-security ${OSVER}/updates main >> ${CHROOT}/etc/apt/sources.list
78 | ;;
79 | ubuntu)
80 | echo deb $REPO $OSVER main universe > ${CHROOT}/etc/apt/sources.list
81 | echo deb $REPO ${OSVER}-updates main universe >> ${CHROOT}/etc/apt/sources.list
82 | echo deb $REPO ${OSVER}-security main universe >> ${CHROOT}/etc/apt/sources.list
83 | ;;
84 | esac
85 |
86 | cat << EOL | chroot $CHROOT
87 | apt-get purge -y udev
88 | apt-get update
89 | apt-get -fy install
90 | apt-get -y upgrade
91 | apt-get -y install --no-install-recommends lsb-release
92 | # dh_auto_test of mbedtls (faketime) depends on /dev/shm. https://bugs.debian.org/778462
93 | mkdir -p ~ /dev/shm
94 | mount tmpfs /dev/shm -t tmpfs
95 |
96 | date > /TIMESTAMP1
97 | git config --global user.email "script@example.com"
98 | git config --global user.name "build script"
99 | if [ -n "$http_proxy" ]; then
100 | git config --global proxy.http $http_proxy
101 | echo Acquire::http::Proxy \"$http_proxy\"\; > /etc/apt/apt.conf
102 | export http_proxy=$http_proxy
103 | export https_proxy=$https_proxy
104 | export no_proxy=$no_proxy
105 | fi
106 | cd /tmp
107 | wget https://raw.githubusercontent.com/shadowsocks/shadowsocks-libev/master/scripts/build_deb.sh
108 | chmod 755 build_deb.sh
109 | ./build_deb.sh
110 | date > /TIMESTAMP2
111 | ./build_deb.sh kcp
112 | umount /dev/shm
113 | EOL
114 |
115 | TIMESTAMP1=$(cat ${CHROOT}/TIMESTAMP1)
116 | TIMESTAMP2=$(cat ${CHROOT}/TIMESTAMP2)
117 | TIMESTAMP3=$(date)
118 |
119 | printf \\n"All built deb packages:"\\n
120 | ls -l ${CHROOT}/tmp/*.deb
121 | echo
122 | echo Start-Time: $TIMESTAMP0
123 | echo ChrootDone: $TIMESTAMP1
124 | echo SsDeb-Done: $TIMESTAMP2
125 | echo \ Kcp-Done : $TIMESTAMP3
126 |
--------------------------------------------------------------------------------
/scripts/code-format.bat:
--------------------------------------------------------------------------------
1 | @echo off
2 |
3 | set root=%~dp0
4 | set source=%root%src
5 |
6 | goto start
7 |
8 | :format
9 | set filelist=%1
10 | for /r "%filelist%" %%f in (*) do (
11 | if "%%~xf" equ ".h" (
12 | call :format_file %%f
13 | ) else if "%%~xf" equ ".c" (
14 | call :format_file %%f
15 | )
16 | )
17 | goto end
18 |
19 | :format_file
20 | set f=%1
21 | if "%~n1" neq "base64" (
22 | if "%~n1" neq "json" (
23 | if "%~n1" neq "uthash" (
24 | echo 'format file "%f%"'
25 | uncrustify -c %root%\.uncrustify.cfg -l C --replace --no-backup %f%
26 | DEL %~dp1*.uncrustify >nul 2>nul
27 | )
28 | )
29 | )
30 | goto end
31 |
32 | :start
33 | call :format %source%
34 |
35 | :end
36 |
--------------------------------------------------------------------------------
/scripts/code-format.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | root=$(pwd)
4 | source="$root"/src
5 |
6 | function format() {
7 | filelist=$(ls "$1")
8 | pushd "$1"
9 | for file in $filelist; do
10 | if test -d "$file"; then
11 | echo "format directory $file"
12 | format "$file"
13 | else
14 | if ([ "${file%%.*}" != "base64" ] &&
15 | [ "${file%%.*}" != "json" ] &&
16 | [ "${file%%.*}" != "uthash" ]) &&
17 | ([ "${file##*.}" = "h" ] || [ "${file##*.}" = "c" ]); then
18 | echo "format file $file"
19 | uncrustify -c "$root"/.uncrustify.cfg -l C --replace --no-backup "$file"
20 | rm ./*.uncrustify >/dev/null 2>&1
21 | fi
22 | fi
23 | done
24 | popd
25 | }
26 |
27 | format "$source"
28 |
--------------------------------------------------------------------------------
/scripts/git_archive.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | set -e
3 |
4 | archive() {
5 | export TARBALL_NAME=$1
6 | export TARBALL_OUTDIR=$2
7 |
8 | # archive this repo
9 | cd "$(git rev-parse --show-toplevel)"
10 | git archive HEAD --format=tar --prefix="${TARBALL_NAME}/" \
11 | -o "${TARBALL_OUTDIR}/${TARBALL_NAME}.tar"
12 | # archive submodules
13 | git submodule update --init
14 | git submodule foreach --quiet 'git archive HEAD --format=tar \
15 | --prefix="${TARBALL_NAME}/${path}/" \
16 | -o "${TARBALL_OUTDIR}/${TARBALL_NAME}-submodule-${path}-${sha1}.tar"
17 | tar -n --concatenate --file="${TARBALL_OUTDIR}/${TARBALL_NAME}.tar" \
18 | "${TARBALL_OUTDIR}/${TARBALL_NAME}-submodule-${path}-${sha1}.tar"'
19 | gzip -c "${TARBALL_OUTDIR}/${TARBALL_NAME}.tar" > "${TARBALL_OUTDIR}/${TARBALL_NAME}.tar.gz"
20 |
21 | # clean-up
22 | git submodule foreach --quiet 'rm ${TARBALL_OUTDIR}/${TARBALL_NAME}-submodule-${path}-${sha1}.tar'
23 | rm "${TARBALL_OUTDIR}/${TARBALL_NAME}.tar"
24 | }
25 |
26 | TARGET_TARBALL_NAME=shadowsocks-libev
27 | TARGET_TARBALL_DIR=$(git rev-parse --show-toplevel)
28 |
29 | while getopts "n:o:" opt
30 | do
31 | case ${opt} in
32 | o)
33 | TARGET_TARBALL_DIR=$(readlink -f -- $OPTARG)
34 | ;;
35 | n)
36 | TARGET_TARBALL_NAME=$OPTARG
37 | ;;
38 | \?)
39 | exit 1
40 | ;;
41 | esac
42 | done
43 |
44 | archive "${TARGET_TARBALL_NAME}" "${TARGET_TARBALL_DIR}"
45 |
--------------------------------------------------------------------------------
/scripts/git_version.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | set -e
3 |
4 | # determine version and release number
5 | GIT_DESCRIBE=$(git describe --tags --match 'v*' --long)
6 | # GIT_DESCRIBE is like v3.0.3-11-g1e3f35c-dirty
7 | if [[ ! "$GIT_DESCRIBE" =~ ^v([^-]+)-([0-9]+)-g([0-9a-f]+)$ ]]; then
8 | >&2 echo 'ERROR - unrecognized `git describe` output: '"$GIT_DESCRIBE"
9 | exit 1
10 | fi
11 |
12 | version=${BASH_REMATCH[1]}
13 | commits=${BASH_REMATCH[2]}
14 | short_hash=${BASH_REMATCH[3]}
15 |
16 | release=1
17 | if [ "${commits}" -gt 0 ] ; then
18 | release+=.${commits}.git${short_hash}
19 | fi
20 |
21 | echo "${version} ${release}"
22 |
--------------------------------------------------------------------------------
/scripts/iperf.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | number=$1
4 | method=$2
5 |
6 | ss-tunnel -k test -m $method -l 8387 -L 127.0.0.1:8388 -s 127.0.0.1 -p 8389 &
7 | ss_tunnel_pid=$!
8 | ss-server -k test -m $method -s 127.0.0.1 -p 8389 &
9 | ss_server_pid=$!
10 |
11 | iperf -s -p 8388 &
12 | iperf_pid=$!
13 |
14 | sleep 1
15 |
16 | iperf -c 127.0.0.1 -p 8387 -n $number
17 |
18 | # Wait for iperf server to receive all data.
19 | # One second should be enough in most cases.
20 | sleep 1
21 |
22 | kill $ss_tunnel_pid
23 | kill $ss_server_pid
24 | kill $iperf_pid
25 |
26 | sleep 1
27 | echo "Test Finished"
28 |
--------------------------------------------------------------------------------
/shadowsocks-libev.pc.in:
--------------------------------------------------------------------------------
1 | prefix=@prefix@
2 | exec_prefix=@exec_prefix@
3 | libdir=@libdir@
4 | includedir=@includedir@
5 |
6 | Name: shadowsocks-libev
7 | Description: a lightweight secured socks5 proxy
8 | URL: https://shadowsocks.org
9 | Version: @VERSION@
10 | Requires:
11 | Cflags: -I${includedir}
12 | Libs: -L${libdir} -lshadowsocks-libev
13 |
--------------------------------------------------------------------------------
/snap/snapcraft.yaml:
--------------------------------------------------------------------------------
1 | base: core18
2 | name: shadowsocks-libev
3 | version: 3.3.5-1
4 | summary: libev port of shadowsocks
5 | description: |
6 | Shadowsocks-libev is a lightweight and secure SOCKS5 proxy for embedded
7 | devices and low-end boxes.
8 |
9 | It is rewritten in pure C and depends on libev, designed to be a
10 | lightweight implementation of the shadowsocks protocol.
11 | grade: stable
12 | confinement: strict
13 |
14 | apps:
15 | ss-local:
16 | command: bin/ss-local
17 | plugs: [network, network-bind]
18 |
19 | ss-local-daemon:
20 | command: bin/ss-local
21 | daemon: simple
22 | plugs: [network, network-bind]
23 |
24 | ss-server:
25 | command: bin/ss-server
26 | plugs: [network, network-bind]
27 |
28 | ss-server-daemon:
29 | command: bin/ss-server
30 | daemon: simple
31 | plugs: [network, network-bind]
32 |
33 | ss-redir:
34 | command: bin/ss-redir
35 | plugs: [network, network-bind]
36 |
37 | ss-tunnel:
38 | command: bin/ss-tunnel
39 | plugs: [network, network-bind]
40 |
41 | ss-manager:
42 | command: bin/ss-manager
43 | plugs: [network]
44 |
45 | passthrough:
46 | layout:
47 | /etc/shadowsocks-libev:
48 | bind: $SNAP_COMMON/etc/shadowsocks-libev
49 |
50 | parts:
51 | shadowsocks-libev:
52 | plugin: autotools
53 | source: https://github.com/shadowsocks/shadowsocks-libev/releases/download/v3.3.5/shadowsocks-libev-3.3.5.tar.gz
54 | build-packages:
55 | - libpcre3-dev
56 | - asciidoc
57 | - xmlto
58 | - libev-dev
59 | - libc-ares-dev
60 | - libmbedtls-dev
61 | - libsodium-dev
62 | stage-packages:
63 | - libc-ares2
64 | - libev4
65 | - libmbedtls10
66 | - libsodium23
67 | override-build: |
68 | snapcraftctl build
69 | rm -rf $SNAPCRAFT_PART_INSTALL/usr/share/doc
70 |
--------------------------------------------------------------------------------
/src/Makefile.am:
--------------------------------------------------------------------------------
1 | VERSION_INFO = 2:0:0
2 |
3 | AM_CFLAGS = -g -O2 -Wall -Werror -Wno-deprecated-declarations -fno-strict-aliasing -std=gnu99 -D_GNU_SOURCE
4 | AM_CFLAGS += $(PTHREAD_CFLAGS)
5 | if !USE_SYSTEM_SHARED_LIB
6 | AM_CFLAGS += -I$(top_srcdir)/libbloom
7 | AM_CFLAGS += -I$(top_srcdir)/libipset/include
8 | AM_CFLAGS += -I$(top_srcdir)/libcork/include
9 | endif
10 | AM_CFLAGS += $(LIBPCRE_CFLAGS)
11 |
12 | SS_COMMON_LIBS = $(INET_NTOP_LIB) $(LIBPCRE_LIBS) $(NETFILTER_CONNTRACK_LIBS) $(NFTABLES_LIBS)
13 | if !USE_SYSTEM_SHARED_LIB
14 | SS_COMMON_LIBS += $(top_builddir)/libbloom/libbloom.la \
15 | $(top_builddir)/libipset/libipset.la \
16 | $(top_builddir)/libcork/libcork.la
17 | else
18 | SS_COMMON_LIBS += -lbloom -lcork -lcorkipset
19 | endif
20 | SS_COMMON_LIBS += -lev -lsodium -lm
21 |
22 | bin_PROGRAMS = ss-local ss-tunnel ss-server
23 | if !BUILD_WINCOMPAT
24 | bin_PROGRAMS += ss-manager
25 | endif
26 |
27 | acl_src = rule.c \
28 | acl.c
29 |
30 | crypto_src = crypto.c \
31 | aead.c \
32 | stream.c \
33 | ppbloom.c \
34 | base64.c
35 |
36 | plugin_src = plugin.c
37 |
38 | common_src = utils.c \
39 | jconf.c \
40 | json.c \
41 | udprelay.c \
42 | cache.c \
43 | netutils.c
44 |
45 | if BUILD_WINCOMPAT
46 | common_src += winsock.c
47 | endif
48 |
49 | ss_local_SOURCES = local.c \
50 | $(common_src) \
51 | $(crypto_src) \
52 | $(plugin_src) \
53 | $(acl_src)
54 |
55 | ss_tunnel_SOURCES = tunnel.c \
56 | $(common_src) \
57 | $(crypto_src) \
58 | $(plugin_src)
59 |
60 | ss_server_SOURCES = resolv.c \
61 | server.c \
62 | $(common_src) \
63 | $(crypto_src) \
64 | $(plugin_src) \
65 | ${acl_src}
66 |
67 | ss_manager_SOURCES = utils.c \
68 | jconf.c \
69 | json.c \
70 | netutils.c \
71 | manager.c
72 |
73 | ss_local_LDADD = $(SS_COMMON_LIBS)
74 | ss_tunnel_LDADD = $(SS_COMMON_LIBS)
75 | ss_server_LDADD = $(SS_COMMON_LIBS)
76 | ss_manager_LDADD = $(SS_COMMON_LIBS)
77 | ss_local_LDADD += -lcares
78 | ss_tunnel_LDADD += -lcares
79 | ss_server_LDADD += -lcares
80 | ss_manager_LDADD += -lcares
81 |
82 | ss_local_CFLAGS = $(AM_CFLAGS) -DMODULE_LOCAL
83 | ss_tunnel_CFLAGS = $(AM_CFLAGS) -DMODULE_TUNNEL
84 | ss_server_CFLAGS = $(AM_CFLAGS) -DMODULE_REMOTE
85 | ss_manager_CFLAGS = $(AM_CFLAGS) -DMODULE_MANAGER
86 |
87 | if BUILD_REDIRECTOR
88 | bin_SCRIPTS = ss-nat
89 | bin_PROGRAMS += ss-redir
90 | ss_redir_SOURCES = utils.c \
91 | jconf.c \
92 | json.c \
93 | netutils.c \
94 | cache.c \
95 | udprelay.c \
96 | redir.c \
97 | $(crypto_src) \
98 | $(plugin_src)
99 |
100 | ss_redir_CFLAGS = $(AM_CFLAGS) -DMODULE_REDIR
101 | ss_redir_LDADD = $(SS_COMMON_LIBS)
102 | ss_redir_LDADD += -lcares
103 | endif
104 |
105 | lib_LTLIBRARIES = libshadowsocks-libev.la
106 | libshadowsocks_libev_la_SOURCES = $(ss_local_SOURCES)
107 | libshadowsocks_libev_la_CFLAGS = $(ss_local_CFLAGS) -DLIB_ONLY
108 | libshadowsocks_libev_la_LDFLAGS = -version-info $(VERSION_INFO)
109 | libshadowsocks_libev_la_LIBADD = $(ss_local_LDADD)
110 | include_HEADERS = shadowsocks.h
111 |
112 | noinst_HEADERS = acl.h crypto.h stream.h aead.h json.h netutils.h redir.h server.h uthash.h \
113 | cache.h local.h plugin.h resolv.h tunnel.h utils.h base64.h ppbloom.h \
114 | common.h jconf.h manager.h rule.h socks5.h udprelay.h winsock.h
115 | EXTRA_DIST = ss-nat
116 |
--------------------------------------------------------------------------------
/src/acl.h:
--------------------------------------------------------------------------------
1 | /*
2 | * acl.h - Define the ACL interface
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #ifndef _ACL_H
24 | #define _ACL_H
25 |
26 | #define BLACK_LIST 0
27 | #define WHITE_LIST 1
28 |
29 | int init_acl(const char *path);
30 | void free_acl(void);
31 |
32 | int acl_match_host(const char *ip);
33 | int acl_add_ip(const char *ip);
34 | int acl_remove_ip(const char *ip);
35 |
36 | int get_acl_mode(void);
37 |
38 | int outbound_block_match_host(const char *host);
39 |
40 | #endif // _ACL_H
41 |
--------------------------------------------------------------------------------
/src/aead.h:
--------------------------------------------------------------------------------
1 | /*
2 | * aead.h - Define the AEAD interface
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #ifndef _AEAD_H
24 | #define _AEAD_H
25 |
26 | #include "crypto.h"
27 |
28 | // currently, XCHACHA20POLY1305IETF is not released yet
29 | // XCHACHA20POLY1305 is removed in upstream
30 | #ifdef FS_HAVE_XCHACHA20IETF
31 | #define AEAD_CIPHER_NUM 5
32 | #else
33 | #define AEAD_CIPHER_NUM 4
34 | #endif
35 |
36 | int aead_encrypt_all(buffer_t *, cipher_t *, size_t);
37 | int aead_decrypt_all(buffer_t *, cipher_t *, size_t);
38 |
39 | int aead_encrypt(buffer_t *, cipher_ctx_t *, size_t);
40 | int aead_decrypt(buffer_t *, cipher_ctx_t *, size_t);
41 |
42 | void aead_ctx_init(cipher_t *, cipher_ctx_t *, int);
43 | void aead_ctx_release(cipher_ctx_t *);
44 |
45 | cipher_t *aead_init(const char *pass, const char *key, const char *method);
46 |
47 | #endif // _AEAD_H
48 |
--------------------------------------------------------------------------------
/src/android.c:
--------------------------------------------------------------------------------
1 | /*
2 | * android.c - Setup IPC for shadowsocks-android
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #include <sys/stat.h>
24 | #include <sys/types.h>
25 | #include <fcntl.h>
26 | #include <locale.h>
27 | #include <signal.h>
28 | #include <string.h>
29 | #include <strings.h>
30 | #include <unistd.h>
31 |
32 | #include <errno.h>
33 | #include <arpa/inet.h>
34 | #include <netdb.h>
35 | #include <netinet/in.h>
36 | #include <netinet/tcp.h>
37 |
38 | #include <sys/un.h>
39 | #include <ancillary.h>
40 |
41 | #ifdef HAVE_CONFIG_H
42 | #include "config.h"
43 | #endif
44 |
45 | #include "netutils.h"
46 | #include "utils.h"
47 |
48 | int
49 | protect_socket(int fd)
50 | {
51 | int sock;
52 | struct sockaddr_un addr;
53 |
54 | if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
55 | LOGE("[android] socket() failed: %s (socket fd = %d)\n", strerror(errno), sock);
56 | return -1;
57 | }
58 |
59 | // Set timeout to 3s
60 | struct timeval tv;
61 | tv.tv_sec = 3;
62 | tv.tv_usec = 0;
63 | setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, sizeof(struct timeval));
64 | setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&tv, sizeof(struct timeval));
65 |
66 | memset(&addr, 0, sizeof(addr));
67 | addr.sun_family = AF_UNIX;
68 | strncpy(addr.sun_path, "protect_path", sizeof(addr.sun_path) - 1);
69 |
70 | if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
71 | LOGE("[android] connect() failed for protect_path: %s (socket fd = %d)\n",
72 | strerror(errno), sock);
73 | close(sock);
74 | return -1;
75 | }
76 |
77 | if (ancil_send_fd(sock, fd)) {
78 | ERROR("[android] ancil_send_fd");
79 | close(sock);
80 | return -1;
81 | }
82 |
83 | char ret = 0;
84 |
85 | if (recv(sock, &ret, 1, 0) == -1) {
86 | ERROR("[android] recv");
87 | close(sock);
88 | return -1;
89 | }
90 |
91 | close(sock);
92 | return ret;
93 | }
94 |
95 | extern char *stat_path;
96 |
97 | int
98 | send_traffic_stat(uint64_t tx, uint64_t rx)
99 | {
100 | if (!stat_path)
101 | return 0;
102 | int sock;
103 | struct sockaddr_un addr;
104 |
105 | if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
106 | LOGE("[android] socket() failed: %s (socket fd = %d)\n", strerror(errno), sock);
107 | return -1;
108 | }
109 |
110 | // Set timeout to 1s
111 | struct timeval tv;
112 | tv.tv_sec = 1;
113 | tv.tv_usec = 0;
114 | setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, sizeof(struct timeval));
115 | setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&tv, sizeof(struct timeval));
116 |
117 | memset(&addr, 0, sizeof(addr));
118 | addr.sun_family = AF_UNIX;
119 | strncpy(addr.sun_path, stat_path, sizeof(addr.sun_path) - 1);
120 |
121 | if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
122 | LOGE("[android] connect() failed for stat_path: %s (socket fd = %d)\n",
123 | strerror(errno), sock);
124 | close(sock);
125 | return -1;
126 | }
127 |
128 | uint64_t stat[2] = { tx, rx };
129 |
130 | if (send(sock, stat, sizeof(stat), 0) == -1) {
131 | ERROR("[android] send");
132 | close(sock);
133 | return -1;
134 | }
135 |
136 | close(sock);
137 | return 0;
138 | }
139 |
--------------------------------------------------------------------------------
/src/base64.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2006 Ryan Martell. (rdm4@martellventures.com)
3 | *
4 | * This file is part of FFmpeg.
5 | *
6 | * FFmpeg is free software; you can redistribute it and/or
7 | * modify it under the terms of the GNU Lesser General Public
8 | * License as published by the Free Software Foundation; either
9 | * version 2.1 of the License, or (at your option) any later version.
10 | *
11 | * FFmpeg is distributed in the hope that it will be useful,
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 | * Lesser General Public License for more details.
15 | *
16 | * You should have received a copy of the GNU Lesser General Public
17 | * License along with FFmpeg; if not, write to the Free Software
18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19 | */
20 |
21 | /**
22 | * @file
23 | * @brief Base64 encode/decode
24 | * @author Ryan Martell <rdm4@martellventures.com> (with lots of Michael)
25 | */
26 |
27 | #ifdef HAVE_CONFIG_H
28 | #include "config.h"
29 | #endif
30 |
31 | #include <limits.h>
32 | #include <stddef.h>
33 |
34 | #include "base64.h"
35 |
36 | /* ---------------- private code */
37 | static const uint8_t map2[] =
38 | {
39 | 0xff, 0xff, 0x3e, 0xff, 0xff, 0x34, 0x35, 0x36,
40 | 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0xff,
41 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x01,
42 | 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
43 | 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11,
44 | 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
45 | 0xff, 0xff, 0xff, 0xff, 0x3f, 0xff, 0x1a, 0x1b,
46 | 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
47 | 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
48 | 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33
49 | };
50 |
51 | int base64_decode(uint8_t *out, const char *in, int out_size)
52 | {
53 | int i, v;
54 | uint8_t *dst = out;
55 |
56 | v = 0;
57 | for (i = 0; in[i] && in[i] != '='; i++) {
58 | unsigned int index = in[i] - 43;
59 | if (index >= sizeof(map2) || map2[index] == 0xff)
60 | return -1;
61 | v = (v << 6) + map2[index];
62 | if (i & 3) {
63 | if (dst - out < out_size) {
64 | *dst++ = v >> (6 - 2 * (i & 3));
65 | }
66 | }
67 | }
68 |
69 | return dst - out;
70 | }
71 |
72 | /*****************************************************************************
73 | * b64_encode: Stolen from VLC's http.c.
74 | * Simplified by Michael.
75 | * Fixed edge cases and made it work from data (vs. strings) by Ryan.
76 | *****************************************************************************/
77 |
78 | char *base64_encode(char *out, int out_size, const uint8_t *in, int in_size)
79 | {
80 | static const char b64[] =
81 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
82 | char *ret, *dst;
83 | unsigned i_bits = 0;
84 | int i_shift = 0;
85 | int bytes_remaining = in_size;
86 |
87 | if (in_size >= UINT_MAX / 4 ||
88 | out_size < BASE64_SIZE(in_size))
89 | return NULL;
90 | ret = dst = out;
91 | while (bytes_remaining) {
92 | i_bits = (i_bits << 8) + *in++;
93 | bytes_remaining--;
94 | i_shift += 8;
95 |
96 | do {
97 | *dst++ = b64[(i_bits << 6 >> i_shift) & 0x3f];
98 | i_shift -= 6;
99 | } while (i_shift > 6 || (bytes_remaining == 0 && i_shift > 0));
100 | }
101 | while ((dst - ret) & 3)
102 | *dst++ = '=';
103 | *dst = '\0';
104 |
105 | return ret;
106 | }
107 |
--------------------------------------------------------------------------------
/src/base64.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2006 Ryan Martell. (rdm4@martellventures.com)
3 | *
4 | * This file is part of FFmpeg.
5 | *
6 | * FFmpeg is free software; you can redistribute it and/or
7 | * modify it under the terms of the GNU Lesser General Public
8 | * License as published by the Free Software Foundation; either
9 | * version 2.1 of the License, or (at your option) any later version.
10 | *
11 | * FFmpeg is distributed in the hope that it will be useful,
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 | * Lesser General Public License for more details.
15 | *
16 | * You should have received a copy of the GNU Lesser General Public
17 | * License along with FFmpeg; if not, write to the Free Software
18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19 | */
20 |
21 | #ifndef BASE64_H
22 | #define BASE64_H
23 |
24 | #include <stdint.h>
25 |
26 | /**
27 | * Decode a base64-encoded string.
28 | *
29 | * @param out buffer for decoded data
30 | * @param in null-terminated input string
31 | * @param out_size size in bytes of the out buffer, must be at
32 | * least 3/4 of the length of in
33 | * @return number of bytes written, or a negative value in case of
34 | * invalid input
35 | */
36 | int base64_decode(uint8_t *out, const char *in, int out_size);
37 |
38 | /**
39 | * Encode data to base64 and null-terminate.
40 | *
41 | * @param out buffer for encoded data
42 | * @param out_size size in bytes of the output buffer, must be at
43 | * least BASE64_SIZE(in_size)
44 | * @param in_size size in bytes of the 'in' buffer
45 | * @return 'out' or NULL in case of error
46 | */
47 | char *base64_encode(char *out, int out_size, const uint8_t *in, int in_size);
48 |
49 | /**
50 | * Calculate the output size needed to base64-encode x bytes.
51 | */
52 | #define BASE64_SIZE(x) (((x)+2) / 3 * 4 + 1)
53 |
54 | #endif /* BASE64_H */
55 |
--------------------------------------------------------------------------------
/src/cache.h:
--------------------------------------------------------------------------------
1 | /*
2 | * cache.h - Define the cache manager interface
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | /*
24 | * Original Author: Oliver Lorenz (ol), olli@olorenz.org, https://olorenz.org
25 | * License: This is licensed under the same terms as uthash itself
26 | */
27 |
28 | #ifndef _CACHE_
29 | #define _CACHE_
30 |
31 | #include "uthash.h"
32 |
33 | #ifdef HAVE_LIBEV_EV_H
34 | #include <libev/ev.h>
35 | #else
36 | #include <ev.h>
37 | #endif
38 |
39 | /**
40 | * A cache entry
41 | */
42 | struct cache_entry {
43 | char *key; /**<The key */
44 | void *data; /**<Payload */
45 | ev_tstamp ts; /**<Timestamp */
46 | UT_hash_handle hh; /**<Hash Handle for uthash */
47 | };
48 |
49 | /**
50 | * A cache object
51 | */
52 | struct cache {
53 | size_t max_entries; /**<Amount of entries this cache object can hold */
54 | struct cache_entry *entries; /**<Head pointer for uthash */
55 | void (*free_cb)(void *key, void *element); /**<Callback function to free cache entries */
56 | };
57 |
58 | int cache_create(struct cache **dst, const size_t capacity,
59 | void (*free_cb)(void *key, void *element));
60 | int cache_delete(struct cache *cache, int keep_data);
61 | int cache_clear(struct cache *cache, ev_tstamp age);
62 | int cache_lookup(struct cache *cache, char *key, size_t key_len, void *result);
63 | int cache_insert(struct cache *cache, char *key, size_t key_len, void *data);
64 | int cache_remove(struct cache *cache, char *key, size_t key_len);
65 | int cache_key_exist(struct cache *cache, char *key, size_t key_len);
66 |
67 | #endif
68 |
--------------------------------------------------------------------------------
/src/common.h:
--------------------------------------------------------------------------------
1 | /*
2 | * common.h - Provide global definitions
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | * shadowsocks-libev is free software; you can redistribute it and/or modify
8 | * it under the terms of the GNU General Public License as published by
9 | * the Free Software Foundation; either version 3 of the License, or
10 | * (at your option) any later version.
11 | *
12 | * shadowsocks-libev is distributed in the hope that it will be useful,
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | * GNU General Public License for more details.
16 | *
17 | * You should have received a copy of the GNU General Public License
18 | * along with shadowsocks-libev; see the file COPYING. If not, see
19 | * <http://www.gnu.org/licenses/>.
20 | */
21 |
22 | #ifndef _COMMON_H
23 | #define _COMMON_H
24 |
25 | #ifndef SOL_TCP
26 | #define SOL_TCP IPPROTO_TCP
27 | #endif
28 |
29 | #if defined(MODULE_TUNNEL) || defined(MODULE_REDIR)
30 | #define MODULE_LOCAL
31 | #endif
32 |
33 | #include "crypto.h"
34 |
35 | int init_udprelay(const char *server_host, const char *server_port,
36 | #ifdef MODULE_LOCAL
37 | const struct sockaddr *remote_addr, const int remote_addr_len,
38 | #ifdef MODULE_TUNNEL
39 | const ss_addr_t tunnel_addr,
40 | #endif
41 | #endif
42 | int mtu, crypto_t *crypto, int timeout, const char *iface);
43 |
44 | void free_udprelay(void);
45 |
46 | #ifdef __ANDROID__
47 | int protect_socket(int fd);
48 | int send_traffic_stat(uint64_t tx, uint64_t rx);
49 | #endif
50 |
51 | #define STAGE_ERROR -1 /* Error detected */
52 | #define STAGE_INIT 0 /* Initial stage */
53 | #define STAGE_HANDSHAKE 1 /* Handshake with client */
54 | #define STAGE_RESOLVE 4 /* Resolve the hostname */
55 | #define STAGE_STREAM 5 /* Stream between client and server */
56 | #define STAGE_STOP 6 /* Server stop to response */
57 |
58 | /* Vals for long options */
59 | enum {
60 | GETOPT_VAL_HELP = 257,
61 | GETOPT_VAL_REUSE_PORT,
62 | GETOPT_VAL_FAST_OPEN,
63 | GETOPT_VAL_NODELAY,
64 | GETOPT_VAL_ACL,
65 | GETOPT_VAL_MTU,
66 | GETOPT_VAL_MPTCP,
67 | GETOPT_VAL_PLUGIN,
68 | GETOPT_VAL_PLUGIN_OPTS,
69 | GETOPT_VAL_PASSWORD,
70 | GETOPT_VAL_KEY,
71 | GETOPT_VAL_MANAGER_ADDRESS,
72 | GETOPT_VAL_EXECUTABLE,
73 | GETOPT_VAL_WORKDIR,
74 | GETOPT_VAL_TCP_INCOMING_SNDBUF,
75 | GETOPT_VAL_TCP_INCOMING_RCVBUF,
76 | GETOPT_VAL_TCP_OUTGOING_SNDBUF,
77 | GETOPT_VAL_TCP_OUTGOING_RCVBUF,
78 | GETOPT_VAL_NFTABLES_SETS
79 | };
80 |
81 | #endif // _COMMON_H
82 |
--------------------------------------------------------------------------------
/src/crypto.h:
--------------------------------------------------------------------------------
1 | /*
2 | * crypto.h - Define the enryptor's interface
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have recenonceed a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #ifndef _CRYPTO_H
24 | #define _CRYPTO_H
25 |
26 | #ifndef __MINGW32__
27 | #include <sys/socket.h>
28 | #endif
29 | #include <string.h>
30 | #include <stdlib.h>
31 | #include <stdio.h>
32 |
33 | #ifdef HAVE_STDINT_H
34 | #include <stdint.h>
35 | #elif HAVE_INTTYPES_H
36 | #include <inttypes.h>
37 | #endif
38 |
39 | /* Definitions for libsodium */
40 | #include <sodium.h>
41 | typedef crypto_aead_aes256gcm_state aes256gcm_ctx;
42 | /* Definitions for mbedTLS */
43 | #include <mbedtls/cipher.h>
44 | #include <mbedtls/md.h>
45 | typedef mbedtls_cipher_info_t cipher_kt_t;
46 | typedef mbedtls_cipher_context_t cipher_evp_t;
47 | typedef mbedtls_md_info_t digest_type_t;
48 | #define MAX_KEY_LENGTH 64
49 | #define MAX_NONCE_LENGTH 32
50 | #define MAX_MD_SIZE MBEDTLS_MD_MAX_SIZE
51 | /* we must have MBEDTLS_CIPHER_MODE_CFB defined */
52 | #if !defined(MBEDTLS_CIPHER_MODE_CFB)
53 | #error Cipher Feedback mode a.k.a CFB not supported by your mbed TLS.
54 | #endif
55 | #ifndef MBEDTLS_GCM_C
56 | #error No GCM support detected
57 | #endif
58 | #ifdef crypto_aead_xchacha20poly1305_ietf_ABYTES
59 | #define FS_HAVE_XCHACHA20IETF
60 | #endif
61 |
62 | #define ADDRTYPE_MASK 0xF
63 |
64 | #define CRYPTO_ERROR -2
65 | #define CRYPTO_NEED_MORE -1
66 | #define CRYPTO_OK 0
67 |
68 | #define min(a, b) (((a) < (b)) ? (a) : (b))
69 | #define max(a, b) (((a) > (b)) ? (a) : (b))
70 |
71 | #define SUBKEY_INFO "ss-subkey"
72 | #define IV_INFO "ss-iv"
73 |
74 | #ifndef BF_NUM_ENTRIES_FOR_SERVER
75 | #define BF_NUM_ENTRIES_FOR_SERVER 1e6
76 | #endif
77 |
78 | #ifndef BF_NUM_ENTRIES_FOR_CLIENT
79 | #define BF_NUM_ENTRIES_FOR_CLIENT 1e4
80 | #endif
81 |
82 | #ifndef BF_ERROR_RATE_FOR_SERVER
83 | #define BF_ERROR_RATE_FOR_SERVER 1e-10
84 | #endif
85 |
86 | #ifndef BF_ERROR_RATE_FOR_CLIENT
87 | #define BF_ERROR_RATE_FOR_CLIENT 1e-15
88 | #endif
89 |
90 | typedef struct buffer {
91 | size_t idx;
92 | size_t len;
93 | size_t capacity;
94 | char *data;
95 | } buffer_t;
96 |
97 | typedef struct {
98 | int method;
99 | int skey;
100 | size_t nonce_len;
101 | size_t key_len;
102 | size_t tag_len;
103 | uint8_t key[MAX_KEY_LENGTH];
104 | } cipher_t;
105 |
106 | typedef struct {
107 | uint32_t init;
108 | uint64_t counter;
109 | cipher_evp_t *evp;
110 | aes256gcm_ctx *aes256gcm_ctx;
111 | cipher_t *cipher;
112 | buffer_t *chunk;
113 | uint8_t salt[MAX_KEY_LENGTH];
114 | uint8_t skey[MAX_KEY_LENGTH];
115 | uint8_t nonce[MAX_NONCE_LENGTH];
116 | } cipher_ctx_t;
117 |
118 | typedef struct crypto {
119 | cipher_t *cipher;
120 |
121 | int(*const encrypt_all) (buffer_t *, cipher_t *, size_t);
122 | int(*const decrypt_all) (buffer_t *, cipher_t *, size_t);
123 | int(*const encrypt) (buffer_t *, cipher_ctx_t *, size_t);
124 | int(*const decrypt) (buffer_t *, cipher_ctx_t *, size_t);
125 |
126 | void(*const ctx_init) (cipher_t *, cipher_ctx_t *, int);
127 | void(*const ctx_release) (cipher_ctx_t *);
128 | } crypto_t;
129 |
130 | int balloc(buffer_t *, size_t);
131 | int brealloc(buffer_t *, size_t, size_t);
132 | int bprepend(buffer_t *, buffer_t *, size_t);
133 | void bfree(buffer_t *);
134 | int rand_bytes(void *, int);
135 |
136 | crypto_t *crypto_init(const char *, const char *, const char *);
137 | unsigned char *crypto_md5(const unsigned char *, size_t, unsigned char *);
138 |
139 | int crypto_derive_key(const char *, uint8_t *, size_t);
140 | int crypto_parse_key(const char *, uint8_t *, size_t);
141 | int crypto_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt,
142 | int salt_len, const unsigned char *ikm, int ikm_len,
143 | const unsigned char *info, int info_len, unsigned char *okm,
144 | int okm_len);
145 | int crypto_hkdf_extract(const mbedtls_md_info_t *md, const unsigned char *salt,
146 | int salt_len, const unsigned char *ikm, int ikm_len,
147 | unsigned char *prk);
148 | int crypto_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk,
149 | int prk_len, const unsigned char *info, int info_len,
150 | unsigned char *okm, int okm_len);
151 | #ifdef SS_DEBUG
152 | void dump(char *tag, char *text, int len);
153 | #endif
154 |
155 | extern struct cache *nonce_cache;
156 | extern const char *supported_stream_ciphers[];
157 | extern const char *supported_aead_ciphers[];
158 |
159 | #endif // _CRYPTO_H
160 |
--------------------------------------------------------------------------------
/src/jconf.h:
--------------------------------------------------------------------------------
1 | /*
2 | * jconf.h - Define the config data structure
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | * shadowsocks-libev is free software; you can redistribute it and/or modify
8 | * it under the terms of the GNU General Public License as published by
9 | * the Free Software Foundation; either version 3 of the License, or
10 | * (at your option) any later version.
11 | *
12 | * shadowsocks-libev is distributed in the hope that it will be useful,
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | * GNU General Public License for more details.
16 | *
17 | * You should have received a copy of the GNU General Public License
18 | * along with shadowsocks-libev; see the file COPYING. If not, see
19 | * <http://www.gnu.org/licenses/>.
20 | */
21 |
22 | #ifndef _JCONF_H
23 | #define _JCONF_H
24 |
25 | #define MAX_PORT_NUM 1024
26 | #define MAX_REMOTE_NUM 10
27 | #define MAX_DSCP_NUM 64
28 | #define MAX_CONF_SIZE (128 * 1024)
29 | #define MAX_CONNECT_TIMEOUT 10
30 | #define MIN_TCP_IDLE_TIMEOUT (24 * 3600)
31 | #define MIN_UDP_TIMEOUT 10
32 |
33 | #define DSCP_EF 0x2E
34 | #define DSCP_MIN 0x0
35 | #define DSCP_MAX 0x3F
36 | #define DSCP_DEFAULT 0x0
37 | #define DSCP_MIN_LEN 2
38 | #define DSCP_MAX_LEN 4
39 | #define DSCP_CS_LEN 3
40 | #define DSCP_AF_LEN 4
41 |
42 | #define TCP_ONLY 0
43 | #define TCP_AND_UDP 1
44 | #define UDP_ONLY 3
45 |
46 | typedef struct {
47 | char *port;
48 | char *password;
49 | } ss_port_password_t;
50 |
51 | typedef struct {
52 | char *port;
53 | int dscp;
54 | } ss_dscp_t;
55 |
56 | typedef struct {
57 | int remote_num;
58 | ss_addr_t remote_addr[MAX_REMOTE_NUM];
59 | int port_password_num;
60 | ss_port_password_t port_password[MAX_PORT_NUM];
61 | char *remote_port;
62 | char *local_addr;
63 | char *local_addr_v4;
64 | char *local_addr_v6;
65 | char *local_port;
66 | char *password;
67 | char *key;
68 | char *method;
69 | char *timeout;
70 | char *user;
71 | char *plugin;
72 | char *plugin_opts;
73 | int fast_open;
74 | int reuse_port;
75 | int tcp_incoming_sndbuf;
76 | int tcp_incoming_rcvbuf;
77 | int tcp_outgoing_sndbuf;
78 | int tcp_outgoing_rcvbuf;
79 | int nofile;
80 | char *nameserver;
81 | int dscp_num;
82 | ss_dscp_t dscp[MAX_DSCP_NUM];
83 | char *tunnel_address;
84 | int mode;
85 | int mtu;
86 | int mptcp;
87 | int ipv6_first;
88 | int no_delay;
89 | int tcp_tproxy;
90 | char *workdir;
91 | char *acl;
92 | char *manager_address;
93 | } jconf_t;
94 |
95 | jconf_t *read_jconf(const char *file);
96 | void parse_addr(const char *str, ss_addr_t *addr);
97 | void free_addr(ss_addr_t *addr);
98 |
99 | #endif // _JCONF_H
100 |
--------------------------------------------------------------------------------
/src/local.h:
--------------------------------------------------------------------------------
1 | /*
2 | * local.h - Define the client's buffers and callbacks
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #ifndef _LOCAL_H
24 | #define _LOCAL_H
25 |
26 | #include <libcork/ds.h>
27 |
28 | #ifdef HAVE_LIBEV_EV_H
29 | #include <libev/ev.h>
30 | #else
31 | #include <ev.h>
32 | #endif
33 |
34 | #ifdef __MINGW32__
35 | #include "winsock.h"
36 | #endif
37 |
38 | #include "crypto.h"
39 | #include "jconf.h"
40 |
41 | #include "common.h"
42 |
43 | typedef struct listen_ctx {
44 | ev_io io;
45 | char *iface;
46 | int remote_num;
47 | int timeout;
48 | int fd;
49 | int mptcp;
50 | struct sockaddr **remote_addr;
51 | } listen_ctx_t;
52 |
53 | typedef struct server_ctx {
54 | ev_io io;
55 | int connected;
56 | struct server *server;
57 | } server_ctx_t;
58 |
59 | typedef struct server {
60 | int fd;
61 | int stage;
62 |
63 | cipher_ctx_t *e_ctx;
64 | cipher_ctx_t *d_ctx;
65 | struct server_ctx *recv_ctx;
66 | struct server_ctx *send_ctx;
67 | struct listen_ctx *listener;
68 | struct remote *remote;
69 |
70 | buffer_t *buf;
71 | buffer_t *abuf;
72 |
73 | ev_timer delayed_connect_watcher;
74 |
75 | struct cork_dllist_item entries;
76 | } server_t;
77 |
78 | typedef struct remote_ctx {
79 | ev_io io;
80 | ev_timer watcher;
81 |
82 | int connected;
83 | struct remote *remote;
84 | } remote_ctx_t;
85 |
86 | typedef struct remote {
87 | int fd;
88 | int direct;
89 | int addr_len;
90 | uint32_t counter;
91 | #ifdef TCP_FASTOPEN_WINSOCK
92 | OVERLAPPED olap;
93 | int connect_ex_done;
94 | #endif
95 |
96 | buffer_t *buf;
97 |
98 | struct remote_ctx *recv_ctx;
99 | struct remote_ctx *send_ctx;
100 | struct server *server;
101 | struct sockaddr_storage addr;
102 | } remote_t;
103 |
104 | #endif // _LOCAL_H
105 |
--------------------------------------------------------------------------------
/src/manager.h:
--------------------------------------------------------------------------------
1 | /*
2 | * server.h - Define shadowsocks server's buffers and callbacks
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #ifndef _MANAGER_H
24 | #define _MANAGER_H
25 |
26 | #include <time.h>
27 | #include <libcork/ds.h>
28 |
29 | #ifdef HAVE_LIBEV_EV_H
30 | #include <libev/ev.h>
31 | #else
32 | #include <ev.h>
33 | #endif
34 |
35 | #include "jconf.h"
36 |
37 | #include "common.h"
38 |
39 | struct manager_ctx {
40 | ev_io io;
41 | int fd;
42 | int fast_open;
43 | int no_delay;
44 | int reuse_port;
45 | int verbose;
46 | int mode;
47 | char *password;
48 | char *key;
49 | char *timeout;
50 | char *method;
51 | char *iface;
52 | char *acl;
53 | char *user;
54 | char *plugin;
55 | char *plugin_opts;
56 | char *manager_address;
57 | char **hosts;
58 | int host_num;
59 | char *nameservers;
60 | int mtu;
61 | int ipv6first;
62 | char *workdir;
63 | #ifdef HAVE_SETRLIMIT
64 | int nofile;
65 | #endif
66 | };
67 |
68 | struct server {
69 | char port[8];
70 | char password[128];
71 | char fast_open[8];
72 | char no_delay[8];
73 | char *mode;
74 | char *method;
75 | char *plugin;
76 | char *plugin_opts;
77 | uint64_t traffic;
78 | };
79 |
80 | #endif // _MANAGER_H
81 |
--------------------------------------------------------------------------------
/src/netutils.h:
--------------------------------------------------------------------------------
1 | /*
2 | * netutils.h - Network utilities
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #ifndef _NETUTILS_H
24 | #define _NETUTILS_H
25 |
26 | #ifdef __MINGW32__
27 | #include "winsock.h"
28 | #else
29 | #include <sys/socket.h>
30 | #endif
31 |
32 | #if defined(HAVE_LINUX_TCP_H)
33 | #include <linux/tcp.h>
34 | #elif defined(HAVE_NETINET_TCP_H)
35 | #include <netinet/tcp.h>
36 | #elif defined(HAVE_NETDB_H)
37 | #include <netdb.h>
38 | #endif
39 |
40 | /* Hard coded defines for TCP fast open on Android */
41 | #ifdef __ANDROID__
42 | #ifndef TCP_FASTOPEN
43 | #define TCP_FASTOPEN 23
44 | #endif
45 | #ifndef MSG_FASTOPEN
46 | #define MSG_FASTOPEN 0x20000000
47 | #endif
48 | #ifdef TCP_FASTOPEN_CONNECT
49 | #undef TCP_FASTOPEN_CONNECT
50 | #endif
51 | #endif
52 |
53 | #define MAX_HOSTNAME_LEN 256 // FQCN <= 255 characters
54 | #define MAX_PORT_STR_LEN 6 // PORT < 65536
55 |
56 | #define SOCKET_BUF_SIZE (16 * 1024 - 1) // 16383 Byte, equals to the max chunk size
57 |
58 | typedef struct {
59 | char *host;
60 | char *port;
61 | } ss_addr_t;
62 |
63 | // Be compatible with older libc.
64 | #ifndef IPPROTO_MPTCP
65 | #define IPPROTO_MPTCP 262
66 | #endif
67 |
68 | /* MPTCP_ENABLED setsockopt values for out-of-tree kernel 4 & 3, best behaviour
69 | * to be independent of kernel version is to test from newest to latest values.
70 | */
71 | #ifndef MPTCP_ENABLED
72 | static const char mptcp_enabled_values[] = { 42, 26, 0 };
73 | #else
74 | static const char mptcp_enabled_values[] = { MPTCP_ENABLED, 0 };
75 | #endif
76 |
77 | #ifndef UPDATE_INTERVAL
78 | #define UPDATE_INTERVAL 5
79 | #endif
80 |
81 | /** byte size of ip4 address */
82 | #define INET_SIZE 4
83 | /** byte size of ip6 address */
84 | #define INET6_SIZE 16
85 |
86 | size_t get_sockaddr_len(struct sockaddr *addr);
87 | ssize_t get_sockaddr(char *host, char *port,
88 | struct sockaddr_storage *storage, int block,
89 | int ipv6first);
90 | int set_reuseport(int socket);
91 |
92 | #ifdef SET_INTERFACE
93 | int setinterface(int socket_fd, const char *interface_name);
94 | #endif
95 |
96 | int parse_local_addr(struct sockaddr_storage *storage_v4,
97 | struct sockaddr_storage *storage_v6,
98 | const char *host);
99 |
100 | int bind_to_addr(struct sockaddr_storage *storage, int socket_fd);
101 |
102 | /**
103 | * Compare two sockaddrs. Imposes an ordering on the addresses.
104 | * Compares address and port.
105 | * @param addr1: address 1.
106 | * @param addr2: address 2.
107 | * @param len: lengths of addr.
108 | * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger.
109 | */
110 | int sockaddr_cmp(struct sockaddr_storage *addr1,
111 | struct sockaddr_storage *addr2, socklen_t len);
112 |
113 | /**
114 | * Compare two sockaddrs. Compares address, not the port.
115 | * @param addr1: address 1.
116 | * @param addr2: address 2.
117 | * @param len: lengths of addr.
118 | * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger.
119 | */
120 | int sockaddr_cmp_addr(struct sockaddr_storage *addr1,
121 | struct sockaddr_storage *addr2, socklen_t len);
122 |
123 | int validate_hostname(const char *hostname, const int hostname_len);
124 |
125 | int is_ipv6only(ss_addr_t *servers, size_t server_num, int ipv6first);
126 |
127 | #endif
128 |
--------------------------------------------------------------------------------
/src/plugin.h:
--------------------------------------------------------------------------------
1 | /*
2 | * acl.h - Define the ACL interface
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #ifndef _PLUGIN_H
24 | #define _PLUGIN_H
25 |
26 | #define PLUGIN_EXIT_ERROR -2
27 | #define PLUGIN_EXIT_NORMAL -1
28 | #define PLUGIN_RUNNING 0
29 |
30 | enum plugin_mode {
31 | MODE_CLIENT,
32 | MODE_SERVER
33 | };
34 |
35 | /*
36 | * XXX: Since we have SS plugins and obfsproxy support, for now we will
37 | * do extra check against the plugin name.
38 | * For obfsproxy, we will not follow the SS specified protocol and
39 | * do special routine for obfsproxy.
40 | * This may change when the protocol is finally settled
41 | *
42 | * Main function to start a plugin.
43 | *
44 | * @plugin: name of the plugin
45 | * search from PATH and current directory.
46 | * @plugin_opts: Special options for plugin
47 | * @remote_host:
48 | * CLIENT mode:
49 | * The remote server address, which also runs corresponding plugin
50 | * SERVER mode:
51 | * The real listen address, which plugin will listen to
52 | * @remote_port:
53 | * CLIENT mode:
54 | * The remote server port, which corresponding plugin is listening to
55 | * SERVER mode:
56 | * The real listen port, which plugin will listen to
57 | * @local_host:
58 | * Where ss-libev will connect/listen to.
59 | * Normally localhost for both modes.
60 | * @local_port:
61 | * Where ss-libev will connect/listen to.
62 | * Internal user port.
63 | * @mode:
64 | * Indicates which mode the plugin should run at.
65 | */
66 | int start_plugin(const char *plugin,
67 | const char *plugin_opts,
68 | const char *remote_host,
69 | const char *remote_port,
70 | const char *local_host,
71 | const char *local_port,
72 | #ifdef __MINGW32__
73 | uint16_t control_port,
74 | #endif
75 | enum plugin_mode mode);
76 | uint16_t get_local_port();
77 | void stop_plugin();
78 | int is_plugin_running();
79 |
80 | #endif // _PLUGIN_H
81 |
--------------------------------------------------------------------------------
/src/ppbloom.c:
--------------------------------------------------------------------------------
1 | /*
2 | * ppbloom.c - Ping-Pong Bloom Filter for nonce reuse detection
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #include <errno.h>
24 | #include <stdlib.h>
25 |
26 | #include "bloom.h"
27 | #include "ppbloom.h"
28 | #include "utils.h"
29 |
30 | #define PING 0
31 | #define PONG 1
32 |
33 | static struct bloom ppbloom[2];
34 | static int bloom_count[2];
35 | static int current;
36 | static int entries;
37 | static double error;
38 |
39 | int
40 | ppbloom_init(int n, double e)
41 | {
42 | int err;
43 | entries = n / 2;
44 | error = e;
45 |
46 | err = bloom_init(ppbloom + PING, entries, error);
47 | if (err)
48 | return err;
49 |
50 | err = bloom_init(ppbloom + PONG, entries, error);
51 | if (err)
52 | return err;
53 |
54 | bloom_count[PING] = 0;
55 | bloom_count[PONG] = 0;
56 |
57 | current = PING;
58 |
59 | return 0;
60 | }
61 |
62 | int
63 | ppbloom_check(const void *buffer, int len)
64 | {
65 | int ret;
66 |
67 | ret = bloom_check(ppbloom + PING, buffer, len);
68 | if (ret)
69 | return ret;
70 |
71 | ret = bloom_check(ppbloom + PONG, buffer, len);
72 | if (ret)
73 | return ret;
74 |
75 | return 0;
76 | }
77 |
78 | int
79 | ppbloom_add(const void *buffer, int len)
80 | {
81 | int err;
82 | err = bloom_add(ppbloom + current, buffer, len);
83 | if (err == -1)
84 | return err;
85 |
86 | bloom_count[current]++;
87 |
88 | if (bloom_count[current] >= entries) {
89 | bloom_count[current] = 0;
90 | current = current == PING ? PONG : PING;
91 | bloom_reset(ppbloom + current);
92 | }
93 |
94 | return 0;
95 | }
96 |
97 | void
98 | ppbloom_free()
99 | {
100 | bloom_free(ppbloom + PING);
101 | bloom_free(ppbloom + PONG);
102 | }
103 |
--------------------------------------------------------------------------------
/src/ppbloom.h:
--------------------------------------------------------------------------------
1 | /*
2 | * ppbloom.h - Define the Ping-Pong Bloom Filter interface
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #ifndef _PPBLOOM_
24 | #define _PPBLOOM_
25 |
26 | int ppbloom_init(int entries, double error);
27 | int ppbloom_check(const void *buffer, int len);
28 | int ppbloom_add(const void *buffer, int len);
29 | void ppbloom_free(void);
30 |
31 | #endif
32 |
--------------------------------------------------------------------------------
/src/redir.h:
--------------------------------------------------------------------------------
1 | /* * redir.h - Define the redirector's buffers and callbacks
2 | *
3 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
4 | *
5 | * This file is part of the shadowsocks-libev.
6 | *
7 | * shadowsocks-libev is free software; you can redistribute it and/or modify
8 | * it under the terms of the GNU General Public License as published by
9 | * the Free Software Foundation; either version 3 of the License, or
10 | * (at your option) any later version.
11 | *
12 | * shadowsocks-libev is distributed in the hope that it will be useful,
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | * GNU General Public License for more details.
16 | *
17 | * You should have received a copy of the GNU General Public License
18 | * along with shadowsocks-libev; see the file COPYING. If not, see
19 | * <http://www.gnu.org/licenses/>.
20 | */
21 |
22 | #ifndef _REDIR_H
23 | #define _REDIR_H
24 |
25 | #ifdef HAVE_LIBEV_EV_H
26 | #include <libev/ev.h>
27 | #else
28 | #include <ev.h>
29 | #endif
30 |
31 | #include "crypto.h"
32 | #include "jconf.h"
33 |
34 | typedef struct listen_ctx {
35 | ev_io io;
36 | int remote_num;
37 | int timeout;
38 | int fd;
39 | int mptcp;
40 | int tos;
41 | struct sockaddr **remote_addr;
42 | } listen_ctx_t;
43 |
44 | typedef struct server_ctx {
45 | ev_io io;
46 | int connected;
47 | struct server *server;
48 | } server_ctx_t;
49 |
50 | typedef struct server {
51 | int fd;
52 |
53 | buffer_t *buf;
54 |
55 | cipher_ctx_t *e_ctx;
56 | cipher_ctx_t *d_ctx;
57 | struct server_ctx *recv_ctx;
58 | struct server_ctx *send_ctx;
59 | struct remote *remote;
60 |
61 | struct sockaddr_storage destaddr;
62 | ev_timer delayed_connect_watcher;
63 | } server_t;
64 |
65 | typedef struct remote_ctx {
66 | ev_io io;
67 | ev_timer watcher;
68 | int connected;
69 | struct remote *remote;
70 | } remote_ctx_t;
71 |
72 | typedef struct remote {
73 | int fd;
74 | buffer_t *buf;
75 | struct remote_ctx *recv_ctx;
76 | struct remote_ctx *send_ctx;
77 | struct server *server;
78 | uint32_t counter;
79 | struct sockaddr *addr;
80 | } remote_t;
81 |
82 | #endif // _REDIR_H
83 |
--------------------------------------------------------------------------------
/src/resolv.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2014, Dustin Lundquist <dustin@null-ptr.net>
3 | * All rights reserved.
4 | *
5 | * Redistribution and use in source and binary forms, with or without
6 | * modification, are permitted provided that the following conditions are met:
7 | *
8 | * 1. Redistributions of source code must retain the above copyright notice,
9 | * this list of conditions and the following disclaimer.
10 | * 2. Redistributions in binary form must reproduce the above copyright
11 | * notice, this list of conditions and the following disclaimer in the
12 | * documentation and/or other materials provided with the distribution.
13 | *
14 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
15 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
18 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
19 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
20 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
22 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
23 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
24 | * POSSIBILITY OF SUCH DAMAGE.
25 | */
26 | #ifndef RESOLV_H
27 | #define RESOLV_H
28 |
29 | #ifdef HAVE_CONFIG_H
30 | #include "config.h"
31 | #endif
32 |
33 | #include <stdint.h>
34 | #ifndef __MINGW32__
35 | #include <sys/socket.h>
36 | #endif
37 |
38 | struct resolv_query;
39 |
40 | int resolv_init(struct ev_loop *, char *, int);
41 | void resolv_start(const char *hostname, uint16_t port,
42 | void (*client_cb)(struct sockaddr *, void *),
43 | void (*free_cb)(void *), void *data);
44 | void resolv_shutdown(struct ev_loop *);
45 |
46 | #endif
47 |
--------------------------------------------------------------------------------
/src/rule.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2011 and 2012, Dustin Lundquist <dustin@null-ptr.net>
3 | * Copyright (c) 2011 Manuel Kasper <mk@neon1.net>
4 | * All rights reserved.
5 | *
6 | * Redistribution and use in source and binary forms, with or without
7 | * modification, are permitted provided that the following conditions are met:
8 | *
9 | * 1. Redistributions of source code must retain the above copyright notice,
10 | * this list of conditions and the following disclaimer.
11 | * 2. Redistributions in binary form must reproduce the above copyright
12 | * notice, this list of conditions and the following disclaimer in the
13 | * documentation and/or other materials provided with the distribution.
14 | *
15 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
16 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
19 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25 | * POSSIBILITY OF SUCH DAMAGE.
26 | */
27 |
28 | #ifdef HAVE_CONFIG_H
29 | #include "config.h"
30 | #endif
31 |
32 | #include <stdio.h>
33 | #include <string.h>
34 |
35 | #include "rule.h"
36 | #include "utils.h"
37 |
38 | static void free_rule(rule_t *);
39 |
40 | rule_t *
41 | new_rule()
42 | {
43 | rule_t *rule;
44 |
45 | rule = calloc(1, sizeof(rule_t));
46 | if (rule == NULL) {
47 | ERROR("malloc");
48 | return NULL;
49 | }
50 |
51 | return rule;
52 | }
53 |
54 | int
55 | accept_rule_arg(rule_t *rule, const char *arg)
56 | {
57 | if (rule->pattern == NULL) {
58 | rule->pattern = strdup(arg);
59 | if (rule->pattern == NULL) {
60 | ERROR("strdup failed");
61 | return -1;
62 | }
63 | } else {
64 | LOGE("Unexpected table rule argument: %s", arg);
65 | return -1;
66 | }
67 |
68 | return 1;
69 | }
70 |
71 | void
72 | add_rule(struct cork_dllist *rules, rule_t *rule)
73 | {
74 | cork_dllist_add(rules, &rule->entries);
75 | }
76 |
77 | int
78 | init_rule(rule_t *rule)
79 | {
80 | if (rule->pattern_re == NULL) {
81 | const char *reerr;
82 | int reerroffset;
83 |
84 | rule->pattern_re =
85 | pcre_compile(rule->pattern, 0, &reerr, &reerroffset, NULL);
86 | if (rule->pattern_re == NULL) {
87 | LOGE("Regex compilation of \"%s\" failed: %s, offset %d",
88 | rule->pattern, reerr, reerroffset);
89 | return 0;
90 | }
91 | }
92 |
93 | return 1;
94 | }
95 |
96 | rule_t *
97 | lookup_rule(const struct cork_dllist *rules, const char *name, size_t name_len)
98 | {
99 | struct cork_dllist_item *curr, *next;
100 |
101 | if (name == NULL) {
102 | name = "";
103 | name_len = 0;
104 | }
105 |
106 | cork_dllist_foreach_void(rules, curr, next) {
107 | rule_t *rule = cork_container_of(curr, rule_t, entries);
108 | if (pcre_exec(rule->pattern_re, NULL,
109 | name, name_len, 0, 0, NULL, 0) >= 0)
110 | return rule;
111 | }
112 |
113 | return NULL;
114 | }
115 |
116 | void
117 | remove_rule(rule_t *rule)
118 | {
119 | cork_dllist_remove(&rule->entries);
120 | free_rule(rule);
121 | }
122 |
123 | static void
124 | free_rule(rule_t *rule)
125 | {
126 | if (rule == NULL)
127 | return;
128 |
129 | ss_free(rule->pattern);
130 | if (rule->pattern_re != NULL)
131 | pcre_free(rule->pattern_re);
132 | ss_free(rule);
133 | }
134 |
--------------------------------------------------------------------------------
/src/rule.h:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2011 and 2012, Dustin Lundquist <dustin@null-ptr.net>
3 | * Copyright (c) 2011 Manuel Kasper <mk@neon1.net>
4 | * All rights reserved.
5 | *
6 | * Redistribution and use in source and binary forms, with or without
7 | * modification, are permitted provided that the following conditions are met:
8 | *
9 | * 1. Redistributions of source code must retain the above copyright notice,
10 | * this list of conditions and the following disclaimer.
11 | * 2. Redistributions in binary form must reproduce the above copyright
12 | * notice, this list of conditions and the following disclaimer in the
13 | * documentation and/or other materials provided with the distribution.
14 | *
15 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
16 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
19 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25 | * POSSIBILITY OF SUCH DAMAGE.
26 | */
27 | #ifndef RULE_H
28 | #define RULE_H
29 |
30 | #ifdef HAVE_CONFIG_H
31 | #include "config.h"
32 | #endif
33 |
34 | #include <libcork/ds.h>
35 |
36 | #ifdef HAVE_PCRE_H
37 | #include <pcre.h>
38 | #elif HAVE_PCRE_PCRE_H
39 | #include <pcre/pcre.h>
40 | #endif
41 |
42 | typedef struct rule {
43 | char *pattern;
44 |
45 | /* Runtime fields */
46 | pcre *pattern_re;
47 |
48 | struct cork_dllist_item entries;
49 | } rule_t;
50 |
51 | void add_rule(struct cork_dllist *, rule_t *);
52 | int init_rule(rule_t *);
53 | rule_t *lookup_rule(const struct cork_dllist *, const char *, size_t);
54 | void remove_rule(rule_t *);
55 | rule_t *new_rule();
56 | int accept_rule_arg(rule_t *, const char *);
57 |
58 | #endif
59 |
--------------------------------------------------------------------------------
/src/server.h:
--------------------------------------------------------------------------------
1 | /*
2 | * server.h - Define shadowsocks server's buffers and callbacks
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #ifndef _SERVER_H
24 | #define _SERVER_H
25 |
26 | #include <time.h>
27 | #include <libcork/ds.h>
28 |
29 | #ifdef HAVE_LIBEV_EV_H
30 | #include <libev/ev.h>
31 | #else
32 | #include <ev.h>
33 | #endif
34 |
35 | #ifdef __MINGW32__
36 | #include "winsock.h"
37 | #endif
38 |
39 | #include "crypto.h"
40 | #include "jconf.h"
41 | #include "netutils.h"
42 |
43 | #include "common.h"
44 |
45 | typedef struct listen_ctx {
46 | ev_io io;
47 | int fd;
48 | int timeout;
49 | char *iface;
50 | struct ev_loop *loop;
51 | } listen_ctx_t;
52 |
53 | typedef struct server_ctx {
54 | ev_io io;
55 | ev_timer watcher;
56 | int connected;
57 | struct server *server;
58 | } server_ctx_t;
59 |
60 | #ifdef USE_NFCONNTRACK_TOS
61 |
62 | #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
63 | #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
64 |
65 | struct dscptracker {
66 | struct nf_conntrack *ct;
67 | long unsigned int mark;
68 | unsigned int dscp;
69 | unsigned int packet_count;
70 | };
71 |
72 | #endif
73 |
74 | struct query;
75 |
76 | typedef struct server {
77 | int fd;
78 | int stage;
79 | int frag;
80 |
81 | buffer_t *buf;
82 |
83 | cipher_ctx_t *e_ctx;
84 | cipher_ctx_t *d_ctx;
85 | struct server_ctx *recv_ctx;
86 | struct server_ctx *send_ctx;
87 | struct listen_ctx *listen_ctx;
88 | struct remote *remote;
89 |
90 | struct query *query;
91 |
92 | struct cork_dllist_item entries;
93 | #ifdef USE_NFCONNTRACK_TOS
94 | struct dscptracker *tracker;
95 | #endif
96 | } server_t;
97 |
98 | typedef struct query {
99 | server_t *server;
100 | char hostname[MAX_HOSTNAME_LEN];
101 | } query_t;
102 |
103 | typedef struct remote_ctx {
104 | ev_io io;
105 | int connected;
106 | struct remote *remote;
107 | } remote_ctx_t;
108 |
109 | typedef struct remote {
110 | int fd;
111 | #ifdef TCP_FASTOPEN_WINSOCK
112 | OVERLAPPED olap;
113 | int connect_ex_done;
114 | #endif
115 | buffer_t *buf;
116 | struct remote_ctx *recv_ctx;
117 | struct remote_ctx *send_ctx;
118 | struct server *server;
119 | } remote_t;
120 |
121 | #endif // _SERVER_H
122 |
--------------------------------------------------------------------------------
/src/shadowsocks.h:
--------------------------------------------------------------------------------
1 | /*
2 | * shadowsocks.h - Header files of library interfaces
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | * shadowsocks-libev is free software; you can redistribute it and/or modify
8 | * it under the terms of the GNU General Public License as published by
9 | * the Free Software Foundation; either version 3 of the License, or
10 | * (at your option) any later version.
11 | *
12 | * shadowsocks-libev is distributed in the hope that it will be useful,
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | * GNU General Public License for more details.
16 | *
17 | * You should have received a copy of the GNU General Public License
18 | * along with shadowsocks-libev; see the file COPYING. If not, see
19 | * <http://www.gnu.org/licenses/>.
20 | */
21 |
22 | #ifndef _SHADOWSOCKS_H
23 | #define _SHADOWSOCKS_H
24 |
25 | typedef struct {
26 | /* Required */
27 | char *remote_host; // hostname or ip of remote server
28 | char *local_addr; // local ip to bind
29 | char *method; // encryption method
30 | char *password; // password of remote server
31 | int remote_port; // port number of remote server
32 | int local_port; // port number of local server
33 | int timeout; // connection timeout
34 |
35 | /* Optional, set NULL if not valid */
36 | char *acl; // file path to acl
37 | char *log; // file path to log
38 | int fast_open; // enable tcp fast open
39 | int mode; // enable udp relay
40 | int mtu; // MTU of interface
41 | int mptcp; // enable multipath TCP
42 | int verbose; // verbose mode
43 | } profile_t;
44 |
45 | /* An example profile
46 | *
47 | * const profile_t EXAMPLE_PROFILE = {
48 | * .remote_host = "example.com",
49 | * .local_addr = "127.0.0.1",
50 | * .method = "bf-cfb",
51 | * .password = "barfoo!",
52 | * .remote_port = 8338,
53 | * .local_port = 1080,
54 | * .timeout = 600;
55 | * .acl = NULL,
56 | * .log = NULL,
57 | * .fast_open = 0,
58 | * .mode = 0,
59 | * .verbose = 0
60 | * };
61 | */
62 |
63 | #ifdef __cplusplus
64 | extern "C" {
65 | #endif
66 |
67 | typedef void (*ss_local_callback)(int socks_fd, int udp_fd, void *data);
68 |
69 | /*
70 | * Create and start a shadowsocks local server.
71 | *
72 | * Calling this function will block the current thread forever if the server
73 | * starts successfully.
74 | *
75 | * Make sure start the server in a separate process to avoid any potential
76 | * memory and socket leak.
77 | *
78 | * If failed, -1 is returned. Errors will output to the log file.
79 | */
80 | int start_ss_local_server(profile_t profile);
81 |
82 | /*
83 | * Create and start a shadowsocks local server, specifying a callback.
84 | *
85 | * The callback is invoked when the local server has started successfully. It passes the SOCKS
86 | * server and UDP relay file descriptors, along with any supplied user data.
87 | *
88 | * Returns -1 on failure.
89 | */
90 | int start_ss_local_server_with_callback(profile_t profile, ss_local_callback callback, void *udata);
91 |
92 | #ifdef __cplusplus
93 | }
94 | #endif
95 |
96 | // To stop the service on posix system, just kill the daemon process
97 | // kill(pid, SIGKILL);
98 | // Otherwise, If you start the service in a thread, you may need to send a signal SIGUSER1 to the thread.
99 | // pthread_kill(pthread_t, SIGUSR1);
100 |
101 | #endif // _SHADOWSOCKS_H
102 |
--------------------------------------------------------------------------------
/src/socks5.h:
--------------------------------------------------------------------------------
1 | /*
2 | * socks5.h - Define SOCKS5's header
3 | *
4 | * Copyright (C) 2013, clowwindy <clowwindy42@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #ifndef _SOCKS5_H
24 | #define _SOCKS5_H
25 |
26 | #define SVERSION 0x05
27 | #define METHOD_NOAUTH 0x00
28 | #define METHOD_UNACCEPTABLE 0xff
29 |
30 | // see also: https://www.ietf.org/rfc/rfc1928.txt
31 | #define SOCKS5_CMD_CONNECT 0x01
32 | #define SOCKS5_CMD_BIND 0x02
33 | #define SOCKS5_CMD_UDP_ASSOCIATE 0x03
34 |
35 | #define SOCKS5_ATYP_IPV4 0x01
36 | #define SOCKS5_ATYP_DOMAIN 0x03
37 | #define SOCKS5_ATYP_IPV6 0x04
38 |
39 | #define SOCKS5_REP_SUCCEEDED 0x00
40 | #define SOCKS5_REP_GENERAL 0x01
41 | #define SOCKS5_REP_CONN_DISALLOWED 0x02
42 | #define SOCKS5_REP_NETWORK_UNREACHABLE 0x03
43 | #define SOCKS5_REP_HOST_UNREACHABLE 0x04
44 | #define SOCKS5_REP_CONN_REFUSED 0x05
45 | #define SOCKS5_REP_TTL_EXPIRED 0x06
46 | #define SOCKS5_REP_CMD_NOT_SUPPORTED 0x07
47 | #define SOCKS5_REP_ADDRTYPE_NOT_SUPPORTED 0x08
48 | #define SOCKS5_REP_FF_UNASSIGNED 0x09
49 |
50 | struct method_select_request {
51 | unsigned char ver;
52 | unsigned char nmethods;
53 | unsigned char methods[0];
54 | } __attribute__((packed, aligned(1)));
55 |
56 | struct method_select_response {
57 | unsigned char ver;
58 | unsigned char method;
59 | } __attribute__((packed, aligned(1)));
60 |
61 | struct socks5_request {
62 | unsigned char ver;
63 | unsigned char cmd;
64 | unsigned char rsv;
65 | unsigned char atyp;
66 | } __attribute__((packed, aligned(1)));
67 |
68 | struct socks5_response {
69 | unsigned char ver;
70 | unsigned char rep;
71 | unsigned char rsv;
72 | unsigned char atyp;
73 | } __attribute__((packed, aligned(1)));
74 |
75 | #endif // _SOCKS5_H
76 |
--------------------------------------------------------------------------------
/src/stream.h:
--------------------------------------------------------------------------------
1 | /*
2 | * encrypt.h - Define the enryptor's interface
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #ifndef _STREAM_H
24 | #define _STREAM_H
25 |
26 | #ifndef __MINGW32__
27 | #include <sys/socket.h>
28 | #endif
29 | #include <string.h>
30 | #include <stdlib.h>
31 | #include <stdio.h>
32 | #include <stdint.h>
33 | #ifdef HAVE_STDINT_H
34 | #include <stdint.h>
35 | #elif HAVE_INTTYPES_H
36 | #include <inttypes.h>
37 | #endif
38 |
39 | #include <sodium.h>
40 | #define STREAM_CIPHER_NUM 21
41 |
42 | #include "crypto.h"
43 |
44 | int stream_encrypt_all(buffer_t *, cipher_t *, size_t);
45 | int stream_decrypt_all(buffer_t *, cipher_t *, size_t);
46 | int stream_encrypt(buffer_t *, cipher_ctx_t *, size_t);
47 | int stream_decrypt(buffer_t *, cipher_ctx_t *, size_t);
48 |
49 | void stream_ctx_init(cipher_t *, cipher_ctx_t *, int);
50 | void stream_ctx_release(cipher_ctx_t *);
51 |
52 | cipher_t *stream_init(const char *pass, const char *key, const char *method);
53 |
54 | #endif // _STREAM_H
55 |
--------------------------------------------------------------------------------
/src/tunnel.h:
--------------------------------------------------------------------------------
1 | /*
2 | * tunnel.h - Define tunnel's buffers and callbacks
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #ifndef _TUNNEL_H
24 | #define _TUNNEL_H
25 |
26 | #ifdef HAVE_LIBEV_EV_H
27 | #include <libev/ev.h>
28 | #else
29 | #include <ev.h>
30 | #endif
31 |
32 | #ifdef __MINGW32__
33 | #include "winsock.h"
34 | #endif
35 |
36 | #include "crypto.h"
37 | #include "jconf.h"
38 |
39 | #include "common.h"
40 |
41 | typedef struct listen_ctx {
42 | ev_io io;
43 | ss_addr_t tunnel_addr;
44 | char *iface;
45 | int remote_num;
46 | int timeout;
47 | int fd;
48 | int mptcp;
49 | struct sockaddr **remote_addr;
50 | } listen_ctx_t;
51 |
52 | typedef struct server_ctx {
53 | ev_io io;
54 | int connected;
55 | struct server *server;
56 | } server_ctx_t;
57 |
58 | typedef struct server {
59 | int fd;
60 |
61 | buffer_t *buf;
62 | cipher_ctx_t *e_ctx;
63 | cipher_ctx_t *d_ctx;
64 | struct server_ctx *recv_ctx;
65 | struct server_ctx *send_ctx;
66 | struct remote *remote;
67 | ss_addr_t destaddr;
68 | } server_t;
69 |
70 | typedef struct remote_ctx {
71 | ev_io io;
72 | ev_timer watcher;
73 | int connected;
74 | struct remote *remote;
75 | } remote_ctx_t;
76 |
77 | typedef struct remote {
78 | int fd;
79 | #ifdef TCP_FASTOPEN_WINSOCK
80 | OVERLAPPED olap;
81 | int connect_ex_done;
82 | #endif
83 | buffer_t *buf;
84 | struct remote_ctx *recv_ctx;
85 | struct remote_ctx *send_ctx;
86 | struct server *server;
87 | struct sockaddr *addr;
88 | uint32_t counter;
89 | } remote_t;
90 |
91 | #endif // _TUNNEL_H
92 |
--------------------------------------------------------------------------------
/src/udprelay.h:
--------------------------------------------------------------------------------
1 | /*
2 | * udprelay.h - Define UDP relay's buffers and callbacks
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #ifndef _UDPRELAY_H
24 | #define _UDPRELAY_H
25 |
26 | #include <time.h>
27 |
28 | #ifdef HAVE_LIBEV_EV_H
29 | #include <libev/ev.h>
30 | #else
31 | #include <ev.h>
32 | #endif
33 |
34 | #include "crypto.h"
35 | #include "jconf.h"
36 |
37 | #ifdef MODULE_REMOTE
38 | #include "resolv.h"
39 | #endif
40 |
41 | #include "cache.h"
42 |
43 | #include "common.h"
44 |
45 | #define MAX_UDP_PACKET_SIZE (65507)
46 |
47 | #define PACKET_HEADER_SIZE (1 + 28 + 2 + 64)
48 | #define DEFAULT_PACKET_SIZE 1397 // 1492 - PACKET_HEADER_SIZE = 1397, the default MTU for UDP relay
49 | #define MAX_ADDR_HEADER_SIZE (1 + 256 + 2) // 1-byte atyp + 256-byte hostname + 2-byte port
50 |
51 | typedef struct server_ctx {
52 | ev_io io;
53 | int fd;
54 | crypto_t *crypto;
55 | int timeout;
56 | const char *iface;
57 | struct cache *conn_cache;
58 | #ifdef MODULE_LOCAL
59 | const struct sockaddr *remote_addr;
60 | int remote_addr_len;
61 | #ifdef MODULE_TUNNEL
62 | ss_addr_t tunnel_addr;
63 | #endif
64 | #endif
65 | #ifdef MODULE_REMOTE
66 | struct ev_loop *loop;
67 | #endif
68 | } server_ctx_t;
69 |
70 | #ifdef MODULE_REMOTE
71 | typedef struct query_ctx {
72 | struct sockaddr_storage src_addr;
73 | buffer_t *buf;
74 | int addr_header_len;
75 | char addr_header[MAX_ADDR_HEADER_SIZE];
76 | struct server_ctx *server_ctx;
77 | struct remote_ctx *remote_ctx;
78 | } query_ctx_t;
79 | #endif
80 |
81 | typedef struct remote_ctx {
82 | ev_io io;
83 | ev_timer watcher;
84 | int af;
85 | int fd;
86 | struct sockaddr_storage src_addr;
87 | #ifdef MODULE_REMOTE
88 | struct sockaddr_storage dst_addr;
89 | #endif
90 | struct server_ctx *server_ctx;
91 | } remote_ctx_t;
92 |
93 | #endif // _UDPRELAY_H
94 |
--------------------------------------------------------------------------------
/src/winsock.h:
--------------------------------------------------------------------------------
1 | /*
2 | * winsock.h - Windows socket compatibility layer
3 | *
4 | * Copyright (C) 2013 - 2019, Max Lv <max.c.lv@gmail.com>
5 | *
6 | * This file is part of the shadowsocks-libev.
7 | *
8 | * shadowsocks-libev is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 3 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * shadowsocks-libev is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with shadowsocks-libev; see the file COPYING. If not, see
20 | * <http://www.gnu.org/licenses/>.
21 | */
22 |
23 | #ifndef _WINSOCK_H
24 | #define _WINSOCK_H
25 |
26 | #ifdef __MINGW32__
27 |
28 | // Target NT6
29 | #ifndef WIN32_LEAN_AND_MEAN
30 | #define WIN32_LEAN_AND_MEAN
31 | #endif
32 |
33 | #if defined(_WIN32_WINNT) && _WIN32_WINNT < 0x0600
34 | #undef _WIN32_WINNT
35 | #endif
36 |
37 | #ifndef _WIN32_WINNT
38 | #define _WIN32_WINNT 0x0600
39 | #endif
40 |
41 | // Winsock headers
42 | #include <windows.h>
43 | #include <winsock2.h>
44 | #include <ws2tcpip.h>
45 | #include <mswsock.h>
46 |
47 | // Override POSIX error number
48 | #ifdef errno
49 | #undef errno
50 | #endif
51 | #define errno WSAGetLastError()
52 |
53 | #ifdef EWOULDBLOCK
54 | #undef EWOULDBLOCK
55 | #endif
56 | #define EWOULDBLOCK WSAEWOULDBLOCK
57 |
58 | #ifdef CONNECT_IN_PROGRESS
59 | #undef CONNECT_IN_PROGRESS
60 | #endif
61 | #define CONNECT_IN_PROGRESS WSAEWOULDBLOCK
62 |
63 | #ifdef EOPNOTSUPP
64 | #undef EOPNOTSUPP
65 | #endif
66 | #define EOPNOTSUPP WSAEOPNOTSUPP
67 |
68 | #ifdef EPROTONOSUPPORT
69 | #undef EPROTONOSUPPORT
70 | #endif
71 | #define EPROTONOSUPPORT WSAEPROTONOSUPPORT
72 |
73 | #ifdef ENOPROTOOPT
74 | #undef ENOPROTOOPT
75 | #endif
76 | #define ENOPROTOOPT WSAENOPROTOOPT
77 |
78 | // Check if ConnectEx supported in header
79 | #ifdef WSAID_CONNECTEX
80 | // Hardcode TCP fast open option
81 | #ifndef TCP_FASTOPEN
82 | #define TCP_FASTOPEN 15
83 | #endif
84 | // Enable TFO support
85 | #define TCP_FASTOPEN_WINSOCK 1
86 | #endif
87 |
88 | // Override close function
89 | #define close(fd) closesocket(fd)
90 |
91 | // Override MinGW functions
92 | #define setsockopt(a, b, c, d, e) setsockopt(a, b, c, (const char *)(d), e)
93 | #define inet_ntop(a, b, c, d) inet_ntop(a, (void *)(b), c, d)
94 |
95 | // Override Windows built-in functions
96 | #ifdef ERROR
97 | #undef ERROR
98 | #endif
99 | #define ERROR(s) ss_error(s)
100 |
101 | #ifdef gai_strerror
102 | #undef gai_strerror
103 | #endif
104 | #define gai_strerror(e) ss_gai_strerror(e)
105 | char *ss_gai_strerror(int ecode);
106 |
107 | // Missing Unix functions
108 | #define sleep(x) Sleep((x) * 1000)
109 | #define bzero(s, n) memset(s, 0, n)
110 | #define strndup(s, n) ss_strndup(s, n)
111 |
112 | // Winsock compatibility functions
113 | int setnonblocking(SOCKET socket);
114 | void winsock_init(void);
115 | void winsock_cleanup(void);
116 | #ifdef TCP_FASTOPEN_WINSOCK
117 | LPFN_CONNECTEX winsock_getconnectex(void);
118 | int winsock_dummybind(SOCKET fd, struct sockaddr *sa);
119 | #endif
120 |
121 | #endif // __MINGW32__
122 |
123 | #endif // _WINSOCK_H
124 |
--------------------------------------------------------------------------------
/tests/aes-ctr.json:
--------------------------------------------------------------------------------
1 | {
2 | "server":"127.0.0.1",
3 | "server_port":8389,
4 | "local_port":1081,
5 | "password":"aes_password",
6 | "timeout":60,
7 | "method":"aes-256-ctr",
8 | "local":"127.0.0.1",
9 | "fast_open":false
10 | }
11 |
--------------------------------------------------------------------------------
/tests/aes-gcm.json:
--------------------------------------------------------------------------------
1 | {
2 | "server":"127.0.0.1",
3 | "server_port":8389,
4 | "local_port":1081,
5 | "password":"aes_password",
6 | "timeout":60,
7 | "method":"aes-256-gcm",
8 | "local":"127.0.0.1",
9 | "fast_open":false
10 | }
11 |
--------------------------------------------------------------------------------
/tests/aes.json:
--------------------------------------------------------------------------------
1 | {
2 | "server":"127.0.0.1",
3 | "server_port":8389,
4 | "local_port":1081,
5 | "password":"aes_password",
6 | "timeout":60,
7 | "method":"aes-256-cfb",
8 | "local":"127.0.0.1",
9 | "fast_open":false
10 | }
11 |
--------------------------------------------------------------------------------
/tests/chacha20-ietf-poly1305.json:
--------------------------------------------------------------------------------
1 | {
2 | "server":"127.0.0.1",
3 | "server_port":8389,
4 | "local_port":1081,
5 | "password":"salsa20_password",
6 | "timeout":60,
7 | "method":"chacha20-ietf-poly1305",
8 | "local":"127.0.0.1",
9 | "fast_open":false
10 | }
11 |
--------------------------------------------------------------------------------
/tests/chacha20-ietf.json:
--------------------------------------------------------------------------------
1 | {
2 | "server":"127.0.0.1",
3 | "server_port":8389,
4 | "local_port":1081,
5 | "password":"salsa20_password",
6 | "timeout":60,
7 | "method":"chacha20-ietf",
8 | "local":"127.0.0.1",
9 | "fast_open":false
10 | }
11 |
--------------------------------------------------------------------------------
/tests/chacha20.json:
--------------------------------------------------------------------------------
1 | {
2 | "server":"127.0.0.1",
3 | "server_port":8389,
4 | "local_port":1081,
5 | "password":"chacha20_password",
6 | "timeout":60,
7 | "method":"chacha20",
8 | "local":"127.0.0.1",
9 | "fast_open":false
10 | }
11 |
--------------------------------------------------------------------------------
/tests/rc4-md5.json:
--------------------------------------------------------------------------------
1 | {
2 | "server":"127.0.0.1",
3 | "server_port":8389,
4 | "local_port":1081,
5 | "password":"aes_password",
6 | "timeout":60,
7 | "method":"rc4-md5",
8 | "local":"127.0.0.1",
9 | "fast_open":false
10 | }
11 |
--------------------------------------------------------------------------------
/tests/salsa20.json:
--------------------------------------------------------------------------------
1 | {
2 | "server":"127.0.0.1",
3 | "server_port":8389,
4 | "local_port":1081,
5 | "password":"salsa20_password",
6 | "timeout":60,
7 | "method":"salsa20",
8 | "local":"127.0.0.1",
9 | "fast_open":false
10 | }
11 |
--------------------------------------------------------------------------------
/tests/test.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 | # -*- coding: utf-8 -*-
3 | #
4 | # Copyright 2015 clowwindy
5 | #
6 | # Licensed under the Apache License, Version 2.0 (the "License"); you may
7 | # not use this file except in compliance with the License. You may obtain
8 | # a copy of the License at
9 | #
10 | # http://www.apache.org/licenses/LICENSE-2.0
11 | #
12 | # Unless required by applicable law or agreed to in writing, software
13 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15 | # License for the specific language governing permissions and limitations
16 | # under the License.
17 |
18 | from __future__ import absolute_import, division, print_function, \
19 | with_statement
20 |
21 | import sys
22 | import os
23 | import signal
24 | import select
25 | import time
26 | import argparse
27 | from subprocess import Popen, PIPE
28 |
29 | default_url = 'http://www.google.com/'
30 |
31 | parser = argparse.ArgumentParser(description='test Shadowsocks')
32 | parser.add_argument('-c', '--client-conf', type=str, default=None)
33 | parser.add_argument('-s', '--server-conf', type=str, default=None)
34 | parser.add_argument('-a', '--client-args', type=str, default=None)
35 | parser.add_argument('-b', '--server-args', type=str, default=None)
36 | parser.add_argument('--should-fail', action='store_true', default=None)
37 | parser.add_argument('--url', type=str, default=default_url)
38 | parser.add_argument('--dns', type=str, default='8.8.8.8')
39 | parser.add_argument('--bin', type=str, default='')
40 |
41 | config = parser.parse_args()
42 |
43 | client_args = ['%s%s' % (config.bin, 'ss-local'), '-v']
44 | server_args = ['%s%s' % (config.bin, 'ss-server'), '-v', '-u']
45 | tunnel_args = ['%s%s' % (config.bin, 'ss-tunnel'), '-v', '-u', '-l1082', '-L%s:53' % config.dns]
46 |
47 | if config.client_conf:
48 | client_args.extend(['-c', config.client_conf])
49 | tunnel_args.extend(['-c', config.client_conf])
50 | if config.server_conf:
51 | server_args.extend(['-c', config.server_conf])
52 | else:
53 | server_args.extend(['-c', config.client_conf])
54 |
55 | if config.client_args:
56 | client_args.extend(config.client_args.split())
57 | tunnel_args.extend(config.client_args.split())
58 | if config.server_args:
59 | server_args.extend(config.server_args.split())
60 | else:
61 | server_args.extend(config.client_args.split())
62 |
63 | p1 = Popen(server_args, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True)
64 | p2 = Popen(client_args, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True)
65 | p5 = Popen(tunnel_args, stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True)
66 | p3 = None
67 | p4 = None
68 | p3_fin = False
69 | p4_fin = False
70 |
71 | # 1 shadowsocks started
72 | # 2 curl started
73 | # 3 curl finished
74 | # 4 dig started
75 | # 5 dig finished
76 | stage = 1
77 |
78 | try:
79 | fdset = []
80 | time.sleep(2)
81 |
82 | p3 = Popen(['curl', config.url, '-v', '-L',
83 | '--socks5-hostname', '127.0.0.1:1081',
84 | '-m', '15', '--connect-timeout', '10'],
85 | stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True)
86 | if p3 is not None:
87 | fdset.append(p3.stdout)
88 | fdset.append(p3.stderr)
89 | stage = 2
90 | else:
91 | sys.exit(1)
92 |
93 | while True:
94 | r, w, e = select.select(fdset, [], fdset)
95 | if e:
96 | break
97 |
98 | for fd in r:
99 | line = fd.readline()
100 | if not line:
101 | if stage == 2 and fd == p3.stdout:
102 | stage = 3
103 | if stage == 4 and fd == p4.stdout:
104 | stage = 5
105 | if bytes != str:
106 | line = bytes(line)
107 | sys.stderr.buffer.write(line)
108 | else:
109 | sys.stderr.write(line)
110 |
111 | if stage == 3 and p3 is not None:
112 | fdset.remove(p3.stdout)
113 | fdset.remove(p3.stderr)
114 | r = p3.wait()
115 | if config.should_fail:
116 | if r == 0:
117 | sys.exit(1)
118 | else:
119 | if r != 0:
120 | sys.exit(1)
121 | p4 = Popen(['dig', '@127.0.0.1', '-p1082',
122 | 'www.google.com'],
123 | stdin=PIPE, stdout=PIPE, stderr=PIPE, close_fds=True)
124 | if p4 is not None:
125 | fdset.append(p4.stdout)
126 | fdset.append(p4.stderr)
127 | stage = 4
128 | else:
129 | sys.exit(1)
130 |
131 | if stage == 5:
132 | r = p4.wait()
133 | if config.should_fail:
134 | if r == 0:
135 | sys.exit(1)
136 | print('test passed (expecting failure)')
137 | else:
138 | if r != 0:
139 | sys.exit(1)
140 | print('test passed')
141 | break
142 | finally:
143 | for p in [p1, p2, p5]:
144 | try:
145 | os.kill(p.pid, signal.SIGINT)
146 | os.waitpid(p.pid, 0)
147 | except OSError:
148 | pass
149 |
--------------------------------------------------------------------------------
/tests/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | result=0
4 |
5 | function run_test {
6 | printf '\e[0;36m'
7 | echo "running test: $command $@"
8 | printf '\e[0m'
9 |
10 | $command "$@"
11 | status=$?
12 | if [ $status -ne 0 ]; then
13 | printf '\e[0;31m'
14 | echo "test failed: $command $@"
15 | printf '\e[0m'
16 | echo
17 | result=1
18 | else
19 | printf '\e[0;32m'
20 | echo OK
21 | printf '\e[0m'
22 | echo
23 | fi
24 | return 0
25 | }
26 |
27 | [ -d src -a -x src/ss-local ] &&
28 | BIN="--bin src/"
29 |
30 | if [ "$http_proxy" ]; then
31 | echo "SKIP: shadowsocks-libev does not support an upstream HTTP proxy"
32 | exit 0
33 | fi
34 |
35 | run_test python tests/test.py $BIN -c tests/aes.json
36 | run_test python tests/test.py $BIN -c tests/aes-gcm.json
37 | run_test python tests/test.py $BIN -c tests/aes-ctr.json
38 | run_test python tests/test.py $BIN -c tests/rc4-md5.json
39 | run_test python tests/test.py $BIN -c tests/salsa20.json
40 | run_test python tests/test.py $BIN -c tests/chacha20.json
41 | run_test python tests/test.py $BIN -c tests/chacha20-ietf.json
42 | run_test python tests/test.py $BIN -c tests/chacha20-ietf-poly1305.json
43 |
44 | exit $result
45 |
--------------------------------------------------------------------------------