richard
/
shadowsocks-libev
mirror of https://github.com/shadowsocks/shadowsocks-libev.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1145 Commits
8 Branches
85 Tags
14 MiB
Tree: 1773111a07
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1773111a07'
${ noResults }
shadowsocks-libev/doc/ss-redir.asciidoc

154 lines
4.2 KiB
Raw Normal View History

Asciidoc man page rework (#699) * Add 'tunnel_address' support for json config parser And allow ss-tunnel to use the newly introduced parser. Signed-off-by: Adam Anonymous <anonymous_temp_user@yahoo.co.jp> * Add "mode" support for jconf Now jconf supports "mode" setting, allowed values are "tcp_only", "tcp_and_udp" and "udp_only". Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Use jconf "mode" for server/local/tunnel/manager Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Add per-project vimrc to gitignore As the coding style differs from kernel and other projects, so such project vimrc should be helpful. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Introduce asciidoc based documentation framework Use asciidoc for new documentation framework, which could not only output man pages, but also htmls. And asciidoc documentation is much more human-readable than roff man pages. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert shadowsocks-libev man page to asciidoc The port to asciidoc has some format change compared to old one. The most obvious one is the options listed in SYNOPSIS. Now the options list is not split into 2/3 columns, or we must use asciidoc tables and introduce table frames. Other small change includes the removal of AUTHOR sector, as it's not an expendable method to update AUTHOR sector every time it gets updated. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-local man page to asciidoc Also modify gitignore, since it use too generic rules to ignore such documentation. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-manager man page to asciidoc Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-nat man page to asciidoc Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-redir man page to asciidoc Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-server man page to asciidoc Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-tunnel man page to asciidoc Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Remove old roff man pages Welcome to the new age of asciidoc. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Add equivalent tables for command line options and config file Now user can get a more clear view of config file and command line options. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>
8 years ago
Add MTU option
8 years ago
Asciidoc man page rework (#699) * Add 'tunnel_address' support for json config parser And allow ss-tunnel to use the newly introduced parser. Signed-off-by: Adam Anonymous <anonymous_temp_user@yahoo.co.jp> * Add "mode" support for jconf Now jconf supports "mode" setting, allowed values are "tcp_only", "tcp_and_udp" and "udp_only". Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Use jconf "mode" for server/local/tunnel/manager Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Add per-project vimrc to gitignore As the coding style differs from kernel and other projects, so such project vimrc should be helpful. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Introduce asciidoc based documentation framework Use asciidoc for new documentation framework, which could not only output man pages, but also htmls. And asciidoc documentation is much more human-readable than roff man pages. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert shadowsocks-libev man page to asciidoc The port to asciidoc has some format change compared to old one. The most obvious one is the options listed in SYNOPSIS. Now the options list is not split into 2/3 columns, or we must use asciidoc tables and introduce table frames. Other small change includes the removal of AUTHOR sector, as it's not an expendable method to update AUTHOR sector every time it gets updated. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-local man page to asciidoc Also modify gitignore, since it use too generic rules to ignore such documentation. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-manager man page to asciidoc Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-nat man page to asciidoc Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-redir man page to asciidoc Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-server man page to asciidoc Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-tunnel man page to asciidoc Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Remove old roff man pages Welcome to the new age of asciidoc. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Add equivalent tables for command line options and config file Now user can get a more clear view of config file and command line options. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>
8 years ago
Add MTU option
8 years ago
Add mptcp option, close #756
8 years ago
Asciidoc man page rework (#699) * Add 'tunnel_address' support for json config parser And allow ss-tunnel to use the newly introduced parser. Signed-off-by: Adam Anonymous <anonymous_temp_user@yahoo.co.jp> * Add "mode" support for jconf Now jconf supports "mode" setting, allowed values are "tcp_only", "tcp_and_udp" and "udp_only". Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Use jconf "mode" for server/local/tunnel/manager Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Add per-project vimrc to gitignore As the coding style differs from kernel and other projects, so such project vimrc should be helpful. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Introduce asciidoc based documentation framework Use asciidoc for new documentation framework, which could not only output man pages, but also htmls. And asciidoc documentation is much more human-readable than roff man pages. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert shadowsocks-libev man page to asciidoc The port to asciidoc has some format change compared to old one. The most obvious one is the options listed in SYNOPSIS. Now the options list is not split into 2/3 columns, or we must use asciidoc tables and introduce table frames. Other small change includes the removal of AUTHOR sector, as it's not an expendable method to update AUTHOR sector every time it gets updated. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-local man page to asciidoc Also modify gitignore, since it use too generic rules to ignore such documentation. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-manager man page to asciidoc Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-nat man page to asciidoc Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-redir man page to asciidoc Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-server man page to asciidoc Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Convert ss-tunnel man page to asciidoc Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Remove old roff man pages Welcome to the new age of asciidoc. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp> * Doc: Add equivalent tables for command line options and config file Now user can get a more clear view of config file and command line options. Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>
8 years ago
  1. ss-redir(1)
  2. ===========
  4. NAME
  5. ----
  6. ss-redir - shadowsocks client as transparent proxy, libev port
  8. SYNOPSIS
  9. --------
  10. *ss-redir*
  11. [-AuUv] [-h|--help]
  12. [-s <server_host>] [-p <server_port>] [-l <local_port>]
  13. [-k <password>] [-m <encrypt_method>] [-f <pid_file>]
  14. [-t <timeout>] [-c <config_file>] [-b <local_address>]
  15. [-a <user_name>] [-n <nofile>] [--mtu <MTU>]
  17. DESCRIPTION
  18. -----------
  19. *Shadowsocks-libev* is a lightweight and secure socks5 proxy.
  20. It is a port of the original shadowsocks created by clowwindy.
  21. *Shadowsocks-libev* is written in pure C and takes advantage of libev to
  22. achieve both high performance and low resource consumption.
  24. *Shadowsocks-libev* consists of five components.
  25. `ss-redir`(1) works as a transparent proxy on local machines to proxy TCP
  26. traffic and requires netfilter's NAT module.
  27. For more information, check out `shadowsocks-libev`(8) and the following
  28. 'EXAMPLE' section.
  30. OPTIONS
  31. -------
  32. -s <server_host>::
  33. Set the server's hostname or IP.
  35. -p <server_port>::
  36. Set the server's port number.
  38. -l <local_port>::
  39. Set the local port number.
  41. -k <password>::
  42. Set the password. The server and the client should use the same
  43. password.
  45. -m <encrypt_method>::
  46. Set the cipher.
  47. +
  48. *Shadowsocks-libev* accepts 18 different ciphers:
  49. +
  50. table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb,
  51. camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
  52. idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
  53. +
  54. The default cipher is 'table'.
  55. +
  56. If built with PolarSSL or custom OpenSSL libraries, some of
  57. these ciphers may not work.
  59. -a <user_name>::
  60. Run as a specific user.
  62. -f <pid_file>::
  63. Start shadowsocks as a daemon with specific pid file.
  65. -t <timeout>::
  66. Set the socket timeout in seconds. The default value is 60.
  68. -c <config_file>::
  69. Use a configuration file.
  70. +
  71. Refer to `shadowsocks-libev`(8) 'CONFIG FILE' section for more details.
  73. -n <number>::
  74. Specify max number of open files.
  75. +
  76. Only available on Linux.
  78. -b <local_address>::
  79. Specify local address to bind.
  81. -u::
  82. Enable UDP relay.
  83. +
  84. TPROXY is required in redir mode. You may need root permission.
  86. -U::
  87. Enable UDP relay and disable TCP relay.
  89. -A::
  90. Enable onetime authentication.
  92. --mtu <MTU>::
  93. Specify the MTU of your network interface.
  95. --mptcp::
  96. Enable Multipath TCP.
  97. +
  98. Only available with MPTCP enabled Linux kernel.
  100. -v::
  101. Enable verbose mode.
  103. -h|--help::
  104. Print help message.
  106. EXAMPLE
  107. -------
  108. ss-redir requires netfilter's NAT function. Here is an example:
  110. ....
  111. # Create new chain
  112. root@Wrt:~# iptables -t nat -N SHADOWSOCKS
  114. # Ignore your shadowsocks server's addresses
  115. # It's very IMPORTANT, just be careful.
  116. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
  118. # Ignore LANs and any other addresses you'd like to bypass the proxy
  119. # See Wikipedia and RFC5735 for full list of reserved networks.
  120. # See ashi009/bestroutetb for a highly optimized CHN route list.
  121. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
  122. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
  123. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
  124. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
  125. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
  126. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
  127. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
  128. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
  130. # Anything else should be redirected to shadowsocks's local port
  131. root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
  133. # Add any UDP rules
  134. root@Wrt:~# ip rule add fwmark 0x01/0x01 table 100
  135. root@Wrt:~# ip route add local 0.0.0.0/0 dev lo table 100
  136. root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
  138. # Apply the rules
  139. root@Wrt:~# iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
  140. root@Wrt:~# iptables -t mangle -A PREROUTING -j SHADOWSOCKS
  142. # Start the shadowsocks-redir
  143. root@Wrt:~# ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid
  144. ....
  146. SEE ALSO
  147. --------
  148. `ss-local`(1),
  149. `ss-server`(1),
  150. `ss-tunnel`(1),
  151. `ss-manager`(1),
  152. `shadowsocks-libev`(8),
  153. `iptables`(8),
  154. /etc/shadowsocks-libev/config.json