shadowsocks-libev/man/ss-manager.1

.ig
. manual page for shadowsocks-libev
.
. Copyright (c) 2012-2016, by: Max Lv
. All rights reserved.
.
. Permission is granted to copy, distribute and/or modify this document
. under the terms of the GNU Free Documentation License, Version 1.1 or
. any later version published by the Free Software Foundation;
. with no Front-Cover Texts, no Back-Cover Texts, and with the following
. Invariant Sections (and any sub-sections therein):
.   all .ig sections, including this one
.   STUPID TRICKS Sampler
.   AUTHOR
.
. A copy of the Free Documentation License is included in the section
. entitled "GNU Free Documentation License".
.
..
\#                          - these two are for chuckles, makes great grammar
.ds Lo  \fBss-local\fR
.ds Re  \fBss-redir\fR
.ds Se  \fBss-server\fR
.ds Tu  \fBss-tunnel\fR
.ds Ma  \fBss-manager\fR
.ds Me  \fBShadowsocks-libev\fR
.
.TH "SS-MANAGER" "1" "April 19, 2016" "SHADOWSOCKS-LIBEV"
.SH NAME
ss-manager \- ss-server controller for multi-user management and traffic
statistics

.SH SYNOPSIS
\*(Ma
    [\fB\-AuUv\fR]          [\fB\-h\fR|\fB\--help\fR]
    [\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR]     [\fB\-l\fR \fIlocal_port\fR]
    [\fB\-k\fR \fIpassword\fR]    [\fB\-m\fR \fIencrypt_method\fR]  [\fB\-f\fR \fIpid_file\fR]
    [\fB\-t\fR \fItimeout\fR]     [\fB\-c\fR \fIconfig_file\fR]     [\fB\-i\fR \fIinterface\fR]
    [\fB\-b\fR \fIlocal_addr\fR]  [\fB\-a\fR \fIuser_name\fR]
    [\fB\-\-manager\-address\fR \fIpath_to_unix_domain\fR]
    [\fB\-\-executable\fR \fIpath_to_server_executable\fR]

.SH DESCRIPTION
\*(Me is a lightweight and secure socks5 proxy. It is a port of the original
shadowsocks created by clowwindy. \*(Me is written in pure C and takes advantage
of \fBlibev\fP to achieve both high performance and low resource consumption.
.PP
\*(Me consists of five components.
\*(Ma(1) is a controller for multi-user management and traffic statistics, using
UNIX domain socket to talk with \*(Se(1). Also, it provides a UNIX domain socket
or IP based API for other software. About the details of this API, please refer
to the following \fBPROTOCOL\fR section.

.SH OPTIONS
.TP
.B \-s \fIserver_host\fP
Set the server's hostname or IP.
.TP
.B \-k \fIpassword\fP
Set the password. The server and the client should use the same password.
.TP
.B \-m \fIencrypt_method\fP
Set the cipher.

\*(Me accepts 18 different ciphers: table, rc4, rc4-md5, aes-128-cfb,
aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb, camellia-192-cfb,
camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, seed-cfb, salsa20,
chacha20 and chacha20-ietf. The default cipher is \fItable\fP.

If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
not work.
.TP
.B \-a \fIuser_name\fP
Run as a specific user.
.TP
.B \-f \fIpid_file\fP
Start shadowsocks as a daemon with specific pid file.
.TP
.B \-t \fItimeout\fP
Set the socket timeout in seconds. The default value is 60.
.TP
.B \-c \fIconfig_file\fP
Use a configuration file.
.TP
.B \-i \fIinterface\fP
Send traffic through specific network interface.

For example, there are three interfaces in your device, which is lo (127.0.0.1),
eth0 (192.168.0.1) and eth1 (192.168.0.2). Meanwhile, you configure \*(Ma to
listen on 0.0.0.0:8388 and bind to eth1. That results the traffic go out through
eth1, but not lo nor eth0. This option is useful to control traffic in
multi-interface environment.
.TP
.B \-u
Enable UDP relay.
.TP
.B \-U
Enable UDP relay and disable TCP relay.
.TP
.B \-A
Enable onetime authentication.
.TP
.B \-d \fIaddr\fP
Setup name servers for internal DNS resolver (libudns). The default server is
fetched from /etc/resolv.conf.
.TP
.B \--fast-open
Enable TCP fast open.

Only available with Linux kernel > 3.7.0.
.TP
.B \--acl \fIacl_config\fP
Enable ACL (Access Control List) and specify config file.
.TP
.B \--manager-address \fIpath_to_unix_domain\fP
Specify UNIX domain socket address for the communication between \*(Ma(1) and
\*(Se(1).

Only available in server and manager mode.
.TP
.B \--executable \fIpath_to_server_executable\fP
Specify the executable path of ss-server.

Only available in manager mode.
.TP
.B \-v
Enable verbose mode.
.TP
.B \-h, --help
Print help message.

.SH PROTOCOL
\*(Ma(1) provides several APIs through UDP protocol:

.in +4n
Send UDP commands in the following format to the manager-address provided to
\*(Ma(1).

    command: [JSON data]

To add a port:

    add: {"server_port": 8001, "password":"7cd308cc059"}

To remove a port:

    remove: {"server_port": 8001}

To receive a pong:

    ping

Then \*(Ma(1) will send back the traffic statistics:

    stat: {"8001":11370}

.SH EXAMPLE
To use \*(Ma(1), First start it and specify necessary information.
Then communicate with \*(Ma(1) through UNIX Domain Socket using UDP protocol:

    # Start the manager. Arguments for ss-server will be passed to generated
    # ss-server process(es) respectively.
    ss-manager --manager-address /tmp/manager.sock --executable \
$(which ss-server) -s example.com -m aes-256-cfb -c /path/to/config.json

    # Connect to the socket. Using netcat-openbsd as an example.
    # You should use scripts or other programs for further management.
    nc -Uu /tmp/manager.sock

After that, you may communicate with \*(Ma(1) as described above in the
\fBPROTOCOL\fR section.

.SH SEE ALSO
.BR \*(Lo (1),
.BR \*(Se (1),
.BR \*(Tu (1),
.BR \*(Re (1),
.BR shadowsocks-libev (8),
.BR iptables (8),
/etc/shadowsocks-libev/config.json
.br
.SH AUTHOR
shadowsocks was created by clowwindy <clowwindy42@gmail.com> and
shadowsocks-libev was maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang
<laokongzi@gmail.com>.
.PP
This manual page was written by Max Lv <max.c.lv@gmail.com>.
.PP
The manual pages were rearranged by hosiet <073plan@gmail.com>.