diff --git a/Makefile.am b/Makefile.am index 260b9343..c8ceea6e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,8 @@ SUBDIRS = libsodium libcork libipset libudns libev src ACLOCAL_AMFLAGS = -I m4 -man_MANS = shadowsocks-libev.8 +man_MANS = shadowsocks-libev.8 ss-server.1 ss-local.1 ss-redir.1\ + ss-manager.1 ss-tunnel.1 pkgconfiglibdir = $(libdir)/pkgconfig pkgconfiglib_DATA = shadowsocks-libev.pc diff --git a/shadowsocks-libev.8 b/shadowsocks-libev.8 index 2bfe08e6..386a0abb 100644 --- a/shadowsocks-libev.8 +++ b/shadowsocks-libev.8 @@ -2,7 +2,7 @@ . manual page for shadowsocks-libev . . Copyright (c) 2012-2015, by: Max Lv -. All rights reserved. +. All rights reserved. . . Permission is granted to copy, distribute and/or modify this document . under the terms of the GNU Free Documentation License, Version 1.1 or @@ -17,41 +17,40 @@ . entitled "GNU Free Documentation License". . .. - \# - these two are for chuckles, makes great grammar .ds Lo \fBss-local\fR .ds Re \fBss-redir\fR .ds Se \fBss-server\fR .ds Tu \fBss-tunnel\fR .ds Ma \fBss-manager\fR -.ds Me \fBShadowsocks\fR - -.TH SHADOWSOCKS-LIBEV 8 "January 7, 2015" +.ds Me \fBShadowsocks-libev\fR +. +.TH "SHADOWSOCKS-LIBEV" "8" "September 10, 2015" "SHADOWSOCKS-LIBEV" .SH NAME shadowsocks-libev \- a lightweight and secure socks5 proxy .SH SYNOPSIS \*(Lo|\*(Re|\*(Se|\*(Tu|\*(Ma - \-s server_host \-p server_port - \-l local_port \-k password - \-m encrypt_method \-f pid_file - \-t timeout \-c config_file + [\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] + [\fB\-l\fR \fIlocal_port\fR] [\fB\-k\fR \fIpassword\fR] + [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR] + [\fB\-t\fR \fItimeout\fR] [\fB\-c\fR \fIconfig_file\fR] .SH DESCRIPTION \*(Me is a lightweight and secure socks5 proxy. It is a port of the original shadowsocks created by clowwindy. \*(Me is written in pure C and takes advantage of \fBlibev\fP to achieve both high performance and low resource consumption. .PP -\*(Me consists of four components. One is \*(Se that runs on a remote server -to provide secured tunnel service. \*(Lo and \*(Re are clients on your local -machines to proxy TCP traffic. \*(Tu is a tool for local port forwarding. +\*(Me consists of five components. One is \*(Se(1) that runs on a remote server +to provide secured tunnel service. \*(Lo(1) and \*(Re(1) are clients on your local +machines to proxy TCP traffic. \*(Tu(1) is a tool for local port forwarding. .PP -While \*(Lo works as a standard socks5 proxy, \*(Re works as a transparent proxy +While \*(Lo(1) works as a standard socks5 proxy, \*(Re(1) works as a transparent proxy and requires netfilter's NAT module. For more information, check out the example section. .PP -\*(Ma is a controller for multi-user management and traffic statistics, using UNIX -domain socket to talk with \*(Se. Also, it provides a UNIX domain socket or IP based +\*(Ma(1) is a controller for multi-user management and traffic statistics, using UNIX +domain socket to talk with \*(Se(1). Also, it provides a UNIX domain socket or IP based API for other software. About the details of this API, please refer to the protocol section. @@ -70,11 +69,14 @@ Set the local port number. Set the password. The server and the client should use the same password. .TP .B \-m \fIencrypt_method\fP -Set the cipher. Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5, +Set the cipher. + +Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, -seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP. If -built with PolarSSL or custom OpenSSL libraries, some of these ciphers may +seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP. + +If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may not work. .TP .B \-f \fIpid_file\fP @@ -86,33 +88,60 @@ Set the socket timeout in seconds. The default value is 10. .B \-c \fIconfig_file\fP Use a configuration file. .TP +.B \-i \fIinterface\fP +Specify network interface to bind. + +Not available in redir mode. +.TP +.B \-b \fIlocal_address\fP +Specify local address to bind. + +Not available in server mode. +.TP .B \-a \fIuser_name\fP Run as a specific user. .TP -.B \-d \fIaddr\fP -Setup the name servers for libudns. The default server is fetched from -/etc/resolv.conf. -.TP .B \-u Enable UDP relay. +TPROXY is required in redir mode. +.TP +.B \-U +Enable UDP relay and disable TCP relay. +Not available in local mode. .TP .B \-A Enable onetime authentication. .TP -.B \-v -Enable verbose mode. +.B \-L \fIaddr\fR:\fIport\fP +Specify destination server address and port for local port forwarding. + +Only available in tunnel mode. +.TP +.B \-d \fIaddr\fP +Setup name servers for internal DNS resolver (libudns). The default server +is fetched from /etc/resolv.conf. + +Only available in server mode. .TP .B \--fast-open Enable TCP fast open. + +Only available in local and server mode, with Linux kernel > 3.7.0. .TP .B \--acl \fIacl_config\fP -Enable ACL (Access Control List). +Enable ACL (Access Control List) and specify config file. +Only available in local and server mode. .TP .B \--manager-address \fIpath_to_unix_domain\fP -Enable manager mode. +Specify UNIX domain socket address. +Only available in server and manager mode. .TP .B \--executable \fIpath_to_server_executable\fP -Specify the executable path of ss-server for manager mode. +Specify the executable path of ss-server. +Only available in manager mode. +.TP +.B \-v +Enable verbose mode. .SH EXAMPLE \*(Re requires netfilter's NAT function. Here is an example: @@ -152,29 +181,34 @@ Specify the executable path of ss-server for manager mode. root@Wrt:~# ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid .SH PROTOCOL -\*(Ma provides several APIs through UDP protocol: +\*(Ma(1) provides several APIs through UDP protocol: - Send UDP commands in the following format to the manager-address provided to \*(Ma. + Send UDP commands in the following format to the manager-address provided to \*(Ma(1). command: [JSON data] To add a port: add: {"server_port": 8001, "password":"7cd308cc059"} - + To remove a port: remove: {"server_port": 8001} - + To receive a pong: ping - - Then \*(Ma will send back the traffic statistics: + + Then \*(Ma(1) will send back the traffic statistics: stat: {"8001":11370} .SH SEE ALSO +.BR \*(Lo (1), +.BR \*(Se (1), +.BR \*(Tu (1), +.BR \*(Re (1), +.BR \*(Ma (1), .BR iptables (8), /etc/shadowsocks-libev/config.json .br @@ -184,3 +218,5 @@ shadowsocks-libev was maintained by Max Lv and Linus Yang . .PP This manual page was written by Max Lv . +.PP +The manual pages were rearranged by hosiet <073plan@gmail.com>. diff --git a/ss-local.1 b/ss-local.1 new file mode 100644 index 00000000..46a49e5d --- /dev/null +++ b/ss-local.1 @@ -0,0 +1,130 @@ +.ig +. manual page for shadowsocks-libev +. +. Copyright (c) 2012-2015, by: Max Lv +. All rights reserved. +. +. Permission is granted to copy, distribute and/or modify this document +. under the terms of the GNU Free Documentation License, Version 1.1 or +. any later version published by the Free Software Foundation; +. with no Front-Cover Texts, no Back-Cover Texts, and with the following +. Invariant Sections (and any sub-sections therein): +. all .ig sections, including this one +. STUPID TRICKS Sampler +. AUTHOR +. +. A copy of the Free Documentation License is included in the section +. entitled "GNU Free Documentation License". +. +.. +\# - these two are for chuckles, makes great grammar +.ds Lo \fBss-local\fR +.ds Re \fBss-redir\fR +.ds Se \fBss-server\fR +.ds Tu \fBss-tunnel\fR +.ds Ma \fBss-manager\fR +.ds Me \fBShadowsocks-libev\fR +. +.TH "SS-LOCAL" "1" "September 10, 2015" "SHADOWSOCKS-LIBEV" +.SH NAME +ss-local \- shadowsocks client as socks5 proxy, libev port + +.SH SYNOPSIS +\*(Lo + [\fB\-Auhv\fR] + [\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] [\fB\-l\fR \fIlocal_port\fR] + [\fB\-k\fR \fIpassword\fR] [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR] [\fB\-t\fR \fItimeout\fR] + [\fB\-c\fR \fIconfig_file\fR] [\fB\-b\fR \fIinterface\fR] [\fB\-a\fR \fIuser_name\fR] + [\fB\-\-fast\-open\fR] [\fB\-\-acl\fR \fIacl_config\fR] + +.SH DESCRIPTION +\*(Me is a lightweight and secure socks5 proxy. It is a port of the original +shadowsocks created by clowwindy. \*(Me is written in pure C and takes advantage +of \fBlibev\fP to achieve both high performance and low resource consumption. +.PP +\*(Me consists of five components. \*(Lo(1) works as a standard socks5 proxy +on local machines to proxy TCP traffic. For more information, check out \fBshadowsocks-libev\fR(8). + +.SH OPTIONS +.TP +.B \-s \fIserver_host\fP +Set the server's hostname or IP. +.TP +.B \-p \fIserver_port\fP +Set the server's port number. +.TP +.B \-l \fIlocal_port\fP +Set the local port number. +.TP +.B \-k \fIpassword\fP +Set the password. The server and the client should use the same password. +.TP +.B \-m \fIencrypt_method\fP +Set the cipher. + +Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5, +aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb, +camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, +seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP. + +If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may +not work. +.TP +.B \-f \fIpid_file\fP +Start shadowsocks as a daemon with specific pid file. +.TP +.B \-t \fItimeout\fP +Set the socket timeout in seconds. The default value is 10. +.TP +.B \-c \fIconfig_file\fP +Use a configuration file. +.TP +.B \-i \fIinterface\fP +Specify network interface to bind. +.TP +.B \-b \fIlocal_address\fP +Specify local address to bind. +.TP +.B \-a \fIuser_name\fP +Run as a specific user. +.TP +.B \-u +Enable UDP relay. +.TP +.B \-A +Enable onetime authentication. +.TP +.B \--fast-open +Enable TCP fast open. + +Only available with Linux kernel > 3.7.0. +.TP +.B \--acl \fIacl_config\fP +Enable ACL (Access Control List) and specify config file. +.TP +.B \-v +Enable verbose mode. + +.SH EXAMPLE +\*(Lo(1) can be started from command line and run in foreground. Here is an example: + + # Start ss-local with given parameters + ss-local -s example.com -p 12345 -l 1080 -k foobar -m aes-256-cfb + +.SH SEE ALSO +.BR \*(Se (1), +.BR \*(Tu (1), +.BR \*(Re (1), +.BR \*(Ma (1), +.BR shadowsocks-libev (8), +.BR iptables (8), +/etc/shadowsocks-libev/config.json +.br +.SH AUTHOR +shadowsocks was created by clowwindy and +shadowsocks-libev was maintained by Max Lv and Linus Yang +. +.PP +This manual page was written by Max Lv . +.PP +The manual pages were rearranged by hosiet <073plan@gmail.com>. diff --git a/ss-manager.1 b/ss-manager.1 new file mode 100644 index 00000000..161bcbb1 --- /dev/null +++ b/ss-manager.1 @@ -0,0 +1,158 @@ +.ig +. manual page for shadowsocks-libev +. +. Copyright (c) 2012-2015, by: Max Lv +. All rights reserved. +. +. Permission is granted to copy, distribute and/or modify this document +. under the terms of the GNU Free Documentation License, Version 1.1 or +. any later version published by the Free Software Foundation; +. with no Front-Cover Texts, no Back-Cover Texts, and with the following +. Invariant Sections (and any sub-sections therein): +. all .ig sections, including this one +. STUPID TRICKS Sampler +. AUTHOR +. +. A copy of the Free Documentation License is included in the section +. entitled "GNU Free Documentation License". +. +.. +\# - these two are for chuckles, makes great grammar +.ds Lo \fBss-local\fR +.ds Re \fBss-redir\fR +.ds Se \fBss-server\fR +.ds Tu \fBss-tunnel\fR +.ds Ma \fBss-manager\fR +.ds Me \fBShadowsocks-libev\fR +. +.TH "SS-MANAGER" "1" "September 10, 2015" "SHADOWSOCKS-LIBEV" +.SH NAME +ss-manager \- ss-server controller for multi-user management and traffic statistics + +.SH SYNOPSIS +\*(Ma + [\fB\-AhuUv\fR] + [\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] [\fB\-l\fR \fIlocal_port\fR] + [\fB\-k\fR \fIpassword\fR] [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR] + [\fB\-t\fR \fItimeout\fR] [\fB\-c\fR \fIconfig_file\fR] [\fB\-i\fR \fIinterface\fR] + [\fB\-b\fR \fIlocal_addr\fR] [\fB\-a\fR \fIuser_name\fR] + [\fB\-\-manager\-address\fR \fIpath_to_unix_domain\fR] + [\fB\-\-executable\fR \fIpath_to_server_executable\fR] + +.SH DESCRIPTION +\*(Me is a lightweight and secure socks5 proxy. It is a port of the original +shadowsocks created by clowwindy. \*(Me is written in pure C and takes advantage +of \fBlibev\fP to achieve both high performance and low resource consumption. +.PP +\*(Me consists of five components. +\*(Ma(1) is a controller for multi-user management and traffic statistics, using UNIX +domain socket to talk with \*(Se(1). Also, it provides a UNIX domain socket or IP based +API for other software. About the details of this API, please refer to the following +\fBPROTOCOL\fR section. + +.SH OPTIONS +.TP +.B \-s \fIserver_host\fP +Set the server's hostname or IP. +.TP +.B \-p \fIserver_port\fP +Set the server's port number. +.TP +.B \-l \fIlocal_port\fP +Set the local port number. +.TP +.B \-k \fIpassword\fP +Set the password. The server and the client should use the same password. +.TP +.B \-m \fIencrypt_method\fP +Set the cipher. + +Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5, +aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb, +camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, +seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP. + +If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may +not work. +.TP +.B \-f \fIpid_file\fP +Start shadowsocks as a daemon with specific pid file. +.TP +.B \-t \fItimeout\fP +Set the socket timeout in seconds. The default value is 10. +.TP +.B \-c \fIconfig_file\fP +Use a configuration file. +.TP +.B \-i \fIinterface\fP +Specify network interface to bind. +.TP +.B \-b \fIlocal_address\fP +Specify local address to bind. +.TP +.B \-a \fIuser_name\fP +Run as a specific user. +.TP +.B \-u +Enable UDP relay. +.TP +.B \-U +Enable UDP relay and disable TCP relay. +.TP +.B \-A +Enable onetime authentication. +.TP +.B \--manager-address \fIpath_to_unix_domain\fP +Specify UNIX domain socket address for the communication between ss-manager and +ss-server. + +Only available in server and manager mode. +.TP +.B \--executable \fIpath_to_server_executable\fP +Specify the executable path of ss-server. + +Only available in manager mode. +.TP +.B \-v +Enable verbose mode. + +.SH PROTOCOL +\*(Ma(1) provides several APIs through UDP protocol: + + Send UDP commands in the following format to the manager-address provided to \*(Ma(1). + + command: [JSON data] + + To add a port: + + add: {"server_port": 8001, "password":"7cd308cc059"} + + To remove a port: + + remove: {"server_port": 8001} + + To receive a pong: + + ping + + Then \*(Ma(1) will send back the traffic statistics: + + stat: {"8001":11370} + +.SH SEE ALSO +.BR \*(Lo (1), +.BR \*(Se (1), +.BR \*(Tu (1), +.BR \*(Re (1), +.BR shadowsocks-libev (8), +.BR iptables (8), +/etc/shadowsocks-libev/config.json +.br +.SH AUTHOR +shadowsocks was created by clowwindy and +shadowsocks-libev was maintained by Max Lv and Linus Yang +. +.PP +This manual page was written by Max Lv . +.PP +The manual pages were rearranged by hosiet <073plan@gmail.com>. diff --git a/ss-redir.1 b/ss-redir.1 new file mode 100644 index 00000000..4f8783f0 --- /dev/null +++ b/ss-redir.1 @@ -0,0 +1,156 @@ +.ig +. manual page for shadowsocks-libev +. +. Copyright (c) 2012-2015, by: Max Lv +. All rights reserved. +. +. Permission is granted to copy, distribute and/or modify this document +. under the terms of the GNU Free Documentation License, Version 1.1 or +. any later version published by the Free Software Foundation; +. with no Front-Cover Texts, no Back-Cover Texts, and with the following +. Invariant Sections (and any sub-sections therein): +. all .ig sections, including this one +. STUPID TRICKS Sampler +. AUTHOR +. +. A copy of the Free Documentation License is included in the section +. entitled "GNU Free Documentation License". +. +.. +\# - these two are for chuckles, makes great grammar +.ds Lo \fBss-local\fR +.ds Re \fBss-redir\fR +.ds Se \fBss-server\fR +.ds Tu \fBss-tunnel\fR +.ds Ma \fBss-manager\fR +.ds Me \fBShadowsocks-libev\fR +. +.TH "SS-REDIR" "1" "September 10, 2015" "SHADOWSOCKS-LIBEV" +.SH NAME +ss-redir \- shadowsocks client as transparent proxy, libev port + +.SH SYNOPSIS +\*(Re + [\fB\-AhuUv\fR] + [\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] [\fB\-l\fR \fIlocal_port\fR] + [\fB\-k\fR \fIpassword\fR] [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR] + [\fB\-t\fR \fItimeout\fR] [\fB\-c\fR \fIconfig_file\fR] [\fB\-b\fR \fIlocal_address\fR] + [\fB\-a\fR \fIuser_name\fR] + +.SH DESCRIPTION +\*(Me is a lightweight and secure socks5 proxy. It is a port of the original +shadowsocks created by clowwindy. \*(Me is written in pure C and takes advantage +of \fBlibev\fP to achieve both high performance and low resource consumption. +.PP +\*(Me consists of five components. \*(Re(1) works as a transparent proxy on local +machines to proxy TCP traffic and requires netfilter's NAT module. For more +information, check out \fBshadowsocks-libev\fR(8) and the following \fBEXAMPLE\fR +section. + +.SH OPTIONS +.TP +.B \-s \fIserver_host\fP +Set the server's hostname or IP. +.TP +.B \-p \fIserver_port\fP +Set the server's port number. +.TP +.B \-l \fIlocal_port\fP +Set the local port number. +.TP +.B \-k \fIpassword\fP +Set the password. The server and the client should use the same password. +.TP +.B \-m \fIencrypt_method\fP +Set the cipher. + +Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5, +aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb, +camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, +seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP. + +If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may +not work. +.TP +.B \-f \fIpid_file\fP +Start shadowsocks as a daemon with specific pid file. +.TP +.B \-t \fItimeout\fP +Set the socket timeout in seconds. The default value is 10. +.TP +.B \-c \fIconfig_file\fP +Use a configuration file. +.TP +.B \-b \fIlocal_address\fP +Specify local address to bind. +.TP +.B \-a \fIuser_name\fP +Run as a specific user. +.TP +.B \-u +Enable UDP relay. +TPROXY is required in redir mode. +.TP +.B \-U +Enable UDP relay and disable TCP relay. +.TP +.B \-A +Enable onetime authentication. +.TP +.B \-v +Enable verbose mode. + +.SH EXAMPLE +\*(Re requires netfilter's NAT function. Here is an example: + + # Create new chain + root@Wrt:~# iptables -t nat -N SHADOWSOCKS + + # Ignore your shadowsocks server's addresses + # It's very IMPORTANT, just be careful. + root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN + + # Ignore LANs and any other addresses you'd like to bypass the proxy + # See Wikipedia and RFC5735 for full list of reserved networks. + # See ashi009/bestroutetb for a highly optimized CHN route list. + root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN + root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN + root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN + root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN + root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN + root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN + root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN + root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN + + # Anything else should be redirected to shadowsocks's local port + root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345 + + # Add any UDP rules + root@Wrt:~# ip rule add fwmark 0x01/0x01 table 100 + root@Wrt:~# ip route add local 0.0.0.0/0 dev lo table 100 + root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01 + + # Apply the rules + root@Wrt:~# iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS + root@Wrt:~# iptables -t mangle -A PREROUTING -j SHADOWSOCKS + + # Start the shadowsocks-redir + root@Wrt:~# ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid + +.SH SEE ALSO +.BR \*(Lo (1), +.BR \*(Se (1), +.BR \*(Tu (1), +.BR \*(Ma (1), +.BR shadowsocks-libev (8), +.BR iptables (8), +/etc/shadowsocks-libev/config.json +.br +.SH AUTHOR +shadowsocks was created by clowwindy and +shadowsocks-libev was maintained by Max Lv and Linus Yang +. +.PP +This manual page was written by Max Lv . +.PP +The manual pages were rearranged by hosiet <073plan@gmail.com>. diff --git a/ss-server.1 b/ss-server.1 new file mode 100644 index 00000000..05ad6181 --- /dev/null +++ b/ss-server.1 @@ -0,0 +1,154 @@ +.ig +. manual page for shadowsocks-libev +. +. Copyright (c) 2012-2015, by: Max Lv +. All rights reserved. +. +. Permission is granted to copy, distribute and/or modify this document +. under the terms of the GNU Free Documentation License, Version 1.1 or +. any later version published by the Free Software Foundation; +. with no Front-Cover Texts, no Back-Cover Texts, and with the following +. Invariant Sections (and any sub-sections therein): +. all .ig sections, including this one +. STUPID TRICKS Sampler +. AUTHOR +. +. A copy of the Free Documentation License is included in the section +. entitled "GNU Free Documentation License". +. +.. +\# - these two are for chuckles, makes great grammar +.ds Lo \fBss-local\fR +.ds Re \fBss-redir\fR +.ds Se \fBss-server\fR +.ds Tu \fBss-tunnel\fR +.ds Ma \fBss-manager\fR +.ds Me \fBShadowsocks-libev\fR +. +.TH "SS-SERVER" "1" "September 10, 2015" "SHADOWSOCKS-LIBEV" +.SH NAME +ss-server \- shadowsocks server, libev port + +.SH SYNOPSIS +\*(Se + [\fB-AhuUv\fR] + [\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] [\fB\-l\fR \fIlocal_port\fR] + [\fB\-k\fR \fIpassword\fR] [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR] + [\fB\-t\fR \fItimeout\fR] [\fB\-c\fR \fIconfig_file\fR] [\fB\-i\fR \fIinterface\fR] + [\fB\-a\fR \fIuser_name\fR] [\fB\-d\fR \fIaddr\fR] + [\fB\-\-fast\-open\fR] [\fB\-\-acl\fR \fIacl_config\fR] + [\fB\-\-manager\-address\fR \fIpath_to_unix_domain\fR] + +.SH DESCRIPTION +\*(Me is a lightweight and secure socks5 proxy. It is a port of the original +shadowsocks created by clowwindy. \*(Me is written in pure C and takes advantage +of \fBlibev\fP to achieve both high performance and low resource consumption. +.PP +\*(Me consists of five components. \*(Se(1) runs on a remote server to provide +secured tunnel service. For more information, check out \fBshadowsocks-libev\fR(8). + +.SH OPTIONS +.TP +.B \-s \fIserver_host\fP +Set the server's hostname or IP. +.TP +.B \-p \fIserver_port\fP +Set the server's port number. +.TP +.B \-l \fIlocal_port\fP +Set the local port number. +.TP +.B \-k \fIpassword\fP +Set the password. The server and the client should use the same password. +.TP +.B \-m \fIencrypt_method\fP +Set the cipher. + +Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5, +aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb, +camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, +seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP. + +If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may +not work. +.TP +.B \-f \fIpid_file\fP +Start shadowsocks as a daemon with specific pid file. +.TP +.B \-t \fItimeout\fP +Set the socket timeout in seconds. The default value is 10. +.TP +.B \-c \fIconfig_file\fP +Use a configuration file. +.TP +.B \-i \fIinterface\fP +Specify network interface to bind. +.TP +.B \-a \fIuser_name\fP +Run as a specific user. +.TP +.B \-u +Enable UDP relay. +.TP +.B \-U +Enable UDP relay and disable TCP relay. +.TP +.B \-A +Enable onetime authentication. +.TP +.B \-d \fIaddr\fP +Setup name servers for internal DNS resolver (libudns). The default server +is fetched from /etc/resolv.conf. +.TP +.B \--fast-open +Enable TCP fast open. + +Only available with Linux kernel > 3.7.0. +.TP +.B \--acl \fIacl_config\fP +Enable ACL (Access Control List) and specify config file. +.TP +.B \--manager-address \fIpath_to_unix_domain\fP +Specify UNIX domain socket address for the communication between ss-manager and +ss-server. + +Only available in server and manager mode. +.TP +.B \-v +Enable verbose mode. + +.SH EXAMPLE +It is recommanded to use a config file when starting \*(Se(1). +The config file is written in JSON and is easy to edit. Check out the +\fBSEE ALSO\fR section for the default path of config file. + + # Start the ss-server + ss-server -c /etc/shadowsocks-libev/config.json + +.SH BUGS +The config file of shadowsocks-libev is slightly different from original +shadowsocks. In order to listen to both ipv4/ipv6 address, use the following +grammar in your config json file: + + { + "server":["[::0]","0.0.0.0"], + ... + } + +.SH SEE ALSO +.BR \*(Lo (1), +.BR \*(Tu (1), +.BR \*(Re (1), +.BR \*(Ma (1), +.BR shadowsocks-libev (8), +.BR iptables (8), +/etc/shadowsocks-libev/config.json +.br +.SH AUTHOR +shadowsocks was created by clowwindy and +shadowsocks-libev was maintained by Max Lv and Linus Yang +. +.PP +This manual page was written by Max Lv . +.PP +The manual pages were rearranged by hosiet <073plan@gmail.com>. diff --git a/ss-tunnel.1 b/ss-tunnel.1 new file mode 100644 index 00000000..42a1a0b4 --- /dev/null +++ b/ss-tunnel.1 @@ -0,0 +1,126 @@ +.ig +. manual page for shadowsocks-libev +. +. Copyright (c) 2012-2015, by: Max Lv +. All rights reserved. +. +. Permission is granted to copy, distribute and/or modify this document +. under the terms of the GNU Free Documentation License, Version 1.1 or +. any later version published by the Free Software Foundation; +. with no Front-Cover Texts, no Back-Cover Texts, and with the following +. Invariant Sections (and any sub-sections therein): +. all .ig sections, including this one +. STUPID TRICKS Sampler +. AUTHOR +. +. A copy of the Free Documentation License is included in the section +. entitled "GNU Free Documentation License". +. +.. +\# - these two are for chuckles, makes great grammar +.ds Lo \fBss-local\fR +.ds Re \fBss-redir\fR +.ds Se \fBss-server\fR +.ds Tu \fBss-tunnel\fR +.ds Ma \fBss-manager\fR +.ds Me \fBShadowsocks-libev\fR +. +.TH "SS-TUNNEL" "1" "September 10, 2015" "SHADOWSOCKS-LIBEV" +.SH NAME +ss-tunnel \- shadowsocks tools for local port forwarding, libev port + +.SH SYNOPSIS +\*(Tu + [\fB-AhuUv\fR] + [\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] [\fB\-l\fR \fIlocal_port\fR] + [\fB\-k\fR \fIpassword\fR] [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR] + [\fB\-t\fR \fItimeout\fR] [\fB\-c\fR \fIconfig_file\fR] [\fB\-i\fR \fIinterface\fR] + [\fB\-b\fR \fIlocal_addr\fR] [\fB\-a\fR \fIuser_name\fR] + [\fB\-L\fR \fIaddr\fR:\fIport\fR] + +.SH DESCRIPTION +\*(Me is a lightweight and secure socks5 proxy. It is a port of the original +shadowsocks created by clowwindy. \*(Me is written in pure C and takes advantage +of \fBlibev\fP to achieve both high performance and low resource consumption. +.PP +\*(Me consists of five components. \*(Tu(1) is a tool for local port forwarding. +See \fBOPTIONS\fR section for special option needed by \*(Tu(1). +For more information, check out \fBshadowsocks-libev\fR(8). + +.SH OPTIONS +.TP +.B \-s \fIserver_host\fP +Set the server's hostname or IP. +.TP +.B \-p \fIserver_port\fP +Set the server's port number. +.TP +.B \-l \fIlocal_port\fP +Set the local port number. +.TP +.B \-k \fIpassword\fP +Set the password. The server and the client should use the same password. +.TP +.B \-m \fIencrypt_method\fP +Set the cipher. + +Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5, +aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb, +camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, +seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP. + +If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may +not work. +.TP +.B \-f \fIpid_file\fP +Start shadowsocks as a daemon with specific pid file. +.TP +.B \-t \fItimeout\fP +Set the socket timeout in seconds. The default value is 10. +.TP +.B \-c \fIconfig_file\fP +Use a configuration file. +.TP +.B \-i \fIinterface\fP +Specify network interface to bind. +.TP +.B \-b \fIlocal_address\fP +Specify local address to bind. +.TP +.B \-a \fIuser_name\fP +Run as a specific user. +.TP +.B \-u +Enable UDP relay. +.TP +.B \-U +Enable UDP relay and disable TCP relay. +.TP +.B \-A +Enable onetime authentication. +.TP +.B \-L \fIaddr\fR:\fIport\fP +Specify destination server address and port for local port forwarding. + +Only used and available in tunnel mode. +.TP +.B \-v +Enable verbose mode. + +.SH SEE ALSO +.BR \*(Lo (1), +.BR \*(Se (1), +.BR \*(Re (1), +.BR \*(Ma (1), +.BR shadowsocks-libev (8), +.BR iptables (8), +/etc/shadowsocks-libev/config.json +.br +.SH AUTHOR +shadowsocks was created by clowwindy and +shadowsocks-libev was maintained by Max Lv and Linus Yang +. +.PP +This manual page was written by Max Lv . +.PP +The manual pages were rearranged by hosiet <073plan@gmail.com>.