From 5446408f4d01344c3141a1e0b4af036dbf01e4e9 Mon Sep 17 00:00:00 2001 From: wener Date: Fri, 17 Feb 2017 15:31:43 +0800 Subject: [PATCH 01/62] Add a compile-able CMakeLists, but still need to generate config.h --- CMakeLists.txt | 217 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 217 insertions(+) create mode 100644 CMakeLists.txt diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 00000000..f49f23ce --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,217 @@ +cmake_minimum_required(VERSION 3.6) + +set(PROJECT_NAME shadowsocks_libev) +set(RELEASE_DATE 2017-2-17) +project(${PROJECT_NAME}) + +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c11") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -c") + +set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib) +set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib) +set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin) +#set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake") +#set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_CURRENT_SOURCE_DIR}/cmake") + +if (NOT CMAKE_BUILD_TYPE) + set(CMAKE_BUILD_TYPE Debug) +endif () +# Detect linux +if (UNIX AND NOT APPLE) + set(LINUX TRUE) +endif () + + +# for config.h +include_directories(.) +add_definitions(-DHAVE_CONFIG_H) + +set(SNI_SOURCE + src/http.c + src/tls.c + src/rule.c + ) + +set(CRYPTO_SOURCE + src/crypto.c + src/aead.c + src/stream.c + src/base64.c + ) + +set(PLUGIN_SOURCE + src/plugin.c + ) + +set(SS_LOCAL_SOURCE + src/utils.c + src/jconf.c + src/json.c + src/netutils.c + src/udprelay.c + src/cache.c + src/acl.c + src/local.c + ${CRYPTO_SOURCE} + ${PLUGIN_SOURCE} + ${SNI_SOURCE} + ) + +set(SS_TUNNEL_SOURCE + src/utils.c + src/jconf.c + src/json.c + src/netutils.c + src/udprelay.c + src/cache.c + src/tunnel.c + ${CRYPTO_SOURCE} + ${PLUGIN_SOURCE} + ) + +set(SS_SERVER_SOURCE + src/utils.c + src/jconf.c + src/json.c + src/netutils.c + src/udprelay.c + src/cache.c + src/acl.c + src/resolv.c + src/server.c + ${CRYPTO_SOURCE} + ${PLUGIN_SOURCE} + ${SNI_SOURCE} + ) + +set(SS_MANAGER_SOURCE + src/utils.c + src/jconf.c + src/json.c + src/netutils.c + src/manager.c + ) + +set(SS_REDIR_SOURCE + src/utils.c + src/jconf.c + src/json.c + src/netutils.c + src/udprelay.c + src/cache.c + src/redir.c + ${CRYPTO_SOURCE} + ${PLUGIN_SOURCE} + ${SNI_SOURCE} + ) + +# We don't care about shared +set(ENABLE_SHARED OFF) +set(ENABLE_SHARED_EXECUTABLES OFF) +set(ENABLE_STATIC ON) +set(ENABLE_STATIC_EXECUTABLES ON) +#set(CMAKE_MACOSX_RPATH TRUE) + +# We need libcork,libipset headers +include_directories(libcork/include) +include_directories(libipset/include) + +# Things we need to build libcork,libipset +#link_directories(libcork/src) +#link_directories(libipset/src) + +#add_subdirectory(libcork EXCLUDE_FROM_ALL) +# So libipset can find cork +#set( ENV{PKG_CONFIG_PATH} "$ENV{PKG_CONFIG_PATH}:libcork/src" ) +#add_subdirectory(libipset EXCLUDE_FROM_ALL) + +add_library( + libcork STATIC + libcork/src/libcork/cli/commands.c + libcork/src/libcork/core/allocator.c + libcork/src/libcork/core/error.c + libcork/src/libcork/core/gc.c + libcork/src/libcork/core/hash.c + libcork/src/libcork/core/ip-address.c + libcork/src/libcork/core/mempool.c + libcork/src/libcork/core/timestamp.c + libcork/src/libcork/core/u128.c + libcork/src/libcork/core/version.c + libcork/src/libcork/ds/array.c + libcork/src/libcork/ds/bitset.c + libcork/src/libcork/ds/buffer.c + libcork/src/libcork/ds/dllist.c + libcork/src/libcork/ds/file-stream.c + libcork/src/libcork/ds/hash-table.c + libcork/src/libcork/ds/managed-buffer.c + libcork/src/libcork/ds/ring-buffer.c + libcork/src/libcork/ds/slice.c + libcork/src/libcork/posix/directory-walker.c + libcork/src/libcork/posix/env.c + libcork/src/libcork/posix/exec.c + libcork/src/libcork/posix/files.c + libcork/src/libcork/posix/process.c + libcork/src/libcork/posix/subprocess.c + libcork/src/libcork/pthreads/thread.c +) + +target_compile_definitions(libcork PUBLIC -DCORK_API=CORK_LOCAL) + + +set(LIBIPSET_SRC + libipset/src/libipset/general.c + libipset/src/libipset/bdd/assignments.c + libipset/src/libipset/bdd/basics.c + libipset/src/libipset/bdd/bdd-iterator.c + libipset/src/libipset/bdd/expanded.c + libipset/src/libipset/bdd/reachable.c + libipset/src/libipset/bdd/read.c + libipset/src/libipset/bdd/write.c + libipset/src/libipset/map/allocation.c + libipset/src/libipset/map/inspection.c + libipset/src/libipset/map/ipv4_map.c + libipset/src/libipset/map/ipv6_map.c + libipset/src/libipset/map/storage.c + libipset/src/libipset/set/allocation.c + libipset/src/libipset/set/inspection.c + libipset/src/libipset/set/ipv4_set.c + libipset/src/libipset/set/ipv6_set.c + libipset/src/libipset/set/iterator.c + libipset/src/libipset/set/storage.c + ) + +add_library(libipset STATIC ${LIBIPSET_SRC}) +set_target_properties(libipset PROPERTIES + OUTPUT_NAME ipset + VERSION 1.1.0 + SOVERSION 1) +target_link_libraries(libipset libcork) + +# Add our targets +add_executable(ss-server ${SS_SERVER_SOURCE}) +add_executable(ss-tunnel ${SS_TUNNEL_SOURCE}) +add_executable(ss-manager ${SS_MANAGER_SOURCE}) +add_executable(ss-local ${SS_LOCAL_SOURCE}) + +target_compile_definitions(ss-server PUBLIC -DMODULE_REMOTE) +target_compile_definitions(ss-tunnel PUBLIC -DMODULE_TUNNEL) +target_compile_definitions(ss-manager PUBLIC -DMODULE_MANAGER) +target_compile_definitions(ss-local PUBLIC -DMODULE_LOCAL) + +# redir need linux/* stuff +if (LINUX) + add_executable(ss-redir ${SS_REDIR_SOURCE}) + target_compile_definitions(ss-redir PUBLIC -DMODULE_REDIR) + target_link_libraries(ss-redir cork ev sodium mbedtls mbedcrypto libipset udns pcre) +endif (LINUX) + +target_link_libraries(ss-server libcork ev sodium mbedtls mbedcrypto libipset udns pcre) +target_link_libraries(ss-tunnel libcork ev sodium mbedtls mbedcrypto libipset udns pcre) +target_link_libraries(ss-manager libcork ev udns) +target_link_libraries(ss-local libcork ev sodium mbedtls mbedcrypto libipset udns pcre) + +install(DIRECTORY DESTINATION ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}) +install(TARGETS ss-server RUNTIME DESTINATION bin) +install(TARGETS ss-tunnel RUNTIME DESTINATION bin) +install(TARGETS ss-manager RUNTIME DESTINATION bin) +install(TARGETS ss-local RUNTIME DESTINATION bin) \ No newline at end of file From c5ac1316aadc2bd15816c8a2abfc764baa9e0b41 Mon Sep 17 00:00:00 2001 From: wener Date: Fri, 17 Feb 2017 18:58:32 +0800 Subject: [PATCH 02/62] Use cmake to generate config.h --- CMakeLists.txt | 211 ++++++++++++++++++++++++++++++++- src/config.h.in | 306 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 514 insertions(+), 3 deletions(-) create mode 100644 src/config.h.in diff --git a/CMakeLists.txt b/CMakeLists.txt index f49f23ce..13d053b1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,9 +1,11 @@ cmake_minimum_required(VERSION 3.6) -set(PROJECT_NAME shadowsocks_libev) +set(PROJECT_NAME shadowsocks-libev) set(RELEASE_DATE 2017-2-17) +set(PROJECT_VERSION 3.0.2) project(${PROJECT_NAME}) + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c11") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -c") @@ -22,10 +24,213 @@ if (UNIX AND NOT APPLE) endif () -# for config.h -include_directories(.) +# ------------------------------------------------------------- +# config.h + +# If we generate config.h by automake +#include_directories(.) + +# Use cmake to generate config.h +include(CheckIncludeFiles) +include(CheckFunctionExists) +include(CheckSymbolExists) +include(CheckLibraryExists) +include(CheckTypeSize) +include(CheckCSourceCompiles) + +# Define if building universal (internal helper macro) +# AC_APPLE_UNIVERSAL_BUILD +set(CONNECT_IN_PROGRESS "EINPROGRESS") +set(CONNECT_IN_PROGRESS "EINPROGRESS" CACHE STRING "") + + +check_include_files(dlfcn.h HAVE_DLFCN_H) +check_include_files(ev.h HAVE_EV_H) +check_include_files(fcntl.h HAVE_FCNTL_H) +check_function_exists(fork HAVE_FORK) +check_function_exists(getpwnam_r HAVE_GETPWNAM_R) +check_function_exists(inet_ntop HAVE_INET_NTOP) +check_include_files(inttypes.h HAVE_INTTYPES_H) +set(HAVE_IPv6 1) +check_include_files(langinfo.h HAVE_LANGINFO_H) +set(HAVE_LIBPCRE 1) +check_library_exists(socket socket "" HAVE_LIBSOCKET) +check_include_files(limits.h HAVE_LIMITS_H) +check_include_files(linux/if.h HAVE_LINUX_IF_H) +check_include_files(linux/netfilter_ipv4.h HAVE_LINUX_NETFILTER_IPV4_H) +check_include_files(linux/netfilter_ipv6/ip6_tables.h HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H) +check_include_files(locale.h HAVE_LOCALE_H) + + +check_function_exists(malloc HAVE_MALLOC) +check_include_files(memory.h HAVE_MEMORY_H) +check_function_exists(memset HAVE_MEMSET) + +check_include_files(netdb.h HAVE_NETDB_H) +check_include_files(netinet/in.h HAVE_NETINET_IN_H) +check_include_files(net/if.h HAVE_NET_IF_H) +check_include_files(pcre.h HAVE_PCRE_H) +check_include_files(pcre/pcre.h HAVE_PCRE_PCRE_H) +check_symbol_exists(PTHREAD_PRIO_INHERIT pthread.h HAVE_PTHREAD_PRIO_INHERIT) + +check_function_exists(select HAVE_SELECT) +check_function_exists(setresuid HAVE_SETRESUID) +check_function_exists(setreuid HAVE_SETREUID) +check_function_exists(setrlimit HAVE_SETRLIMIT) +check_function_exists(socket HAVE_SOCKET) + +check_include_files(stdint.h HAVE_STDINT_H) +check_include_files(stdlib.h HAVE_STDLIB_H) + +check_function_exists(strerror HAVE_STRERROR) + +check_include_files(strings.h HAVE_STRINGS_H) +check_include_files(string.h HAVE_STRING_H) +check_include_files(sys/ioctl.h HAVE_SYS_IOCTL_H) +check_include_files(sys/select.h HAVE_SYS_SELECT_H) +check_include_files(sys/socket.h HAVE_SYS_SOCKET_H) +check_include_files(sys/stat.h HAVE_SYS_STAT_H) +check_include_files(sys/types.h HAVE_SYS_TYPES_H) +check_include_files(sys/wait.h HAVE_SYS_WAIT_H) +check_include_files(udns.h HAVE_UDNS_H) +check_include_files(unistd.h HAVE_UNISTD_H) + +check_function_exists(fork HAVE_FORK) +check_function_exists(vfork HAVE_VFORK) +check_include_files(vfork.h HAVE_VFORK_H) +if (HAVE_VFORK) + set(HAVE_WORKING_VFORK 1) +endif () +if (HAVE_FORK) + set(HAVE_WORKING_FORK 1) +endif () + + +# Define to the sub-directory where libtool stores uninstalled libraries. +set(LT_OBJDIR ".libs/") +set(NDEBUG 1) +set(PACKAGE ${PROJECT_NAME}) +set(PACKAGE_BUGREPORT max.c.lv@gmail.com) +set(PACKAGE_NAME ${PROJECT_NAME}) +#set(PACKAGE_VERSION ${PROJECT_VERSION}) +set(PACKAGE_VERSION 3.0.2) +set(PACKAGE_STRING "${PROJECT_NAME} ${PACKAGE_VERSION}") +set(PACKAGE_TARNAME ${PROJECT_NAME}) +set(PACKAGE_URL "") + +#message(${PACKAGE_NAME} - v${PACKAGE_VERSION} - v${PROJECT_VERSION}) + +# PTHREAD_CREATE_JOINABLE + +# Define as the return type of signal handlers (`int' or `void'). +set(RETSIGTYPE void) + +# Define to the type of arg 1 for `select'. +set(SELECT_TYPE_ARG1 int) + +# Define to the type of args 2, 3 and 4 for `select'. +set(SELECT_TYPE_ARG234 "(fd_set *)") + +# Define to the type of arg 5 for `select'. +set(SELECT_TYPE_ARG5 "(struct timeval *)") + +# Define to 1 if you have the ANSI C header files. +set(STDC_HEADERS 1) + + +check_include_files(sys/time.h time.h TIME_WITH_SYS_TIME) + + +# If the compiler supports a TLS storage class define it to that here +check_c_source_compiles(" + __thread int tls; + int main(void) { return 0; }" + HAVE_GCC_THREAD_LOCAL_STORAGE) +if (HAVE_GCC_THREAD_LOCAL_STORAGE) + set(TLS __thread) +endif () + +set(_ALL_SOURCE 1) +set(_GNU_SOURCE 1) +set(_POSIX_PTHREAD_SEMANTICS 1) +set(_TANDEM_SOURCE 1) +set(__EXTENSIONS__ 1) +# USE_SYSTEM_SHARED_LIB +set(VERSION ${PACKAGE_VERSION}) +# TODO WORDS_BIGENDIAN +# _MINIX +# _POSIX_1_SOURCE +# _POSIX_SOURCE +# _UINT8_T + +# Define to empty if `const' does not conform to ANSI C. +# undef const + +# Define to `__inline__' or `__inline' if that's what the C compiler +# calls it, or to nothing if 'inline' is not supported under any name. +#ifndef __cplusplus +#undef inline +#endif +# TODO Assume we got inline support +# https://cmake.org/Wiki/CMakeTestInline + +# Define to the equivalent of the C99 'restrict' keyword, or to +# nothing if this is not supported. Do not define if restrict is +# supported directly. +#define restrict __restrict +if (NOT "c_restrict" IN_LIST CMAKE_C_COMPILE_FEATURES) + message("No restrict") + set(restrict __restrict) +endif () + +# Define to `int' if does not define. +# undef pid_t +# Define to the type of an unsigned integer type of width exactly 16 bits if +# such a type exists and the standard includes do not define it. +# undef uint16_t +# Define to the type of an unsigned integer type of width exactly 8 bits if +# such a type exists and the standard includes do not define it. +# undef uint8_t +set(CMAKE_EXTRA_INCLUDE_FILES sys/types.h) +check_type_size(pid_t PID_T) +check_type_size(size_t SIZE_T) +check_type_size(ssize_t SSIZE_T) +set(CMAKE_EXTRA_INCLUDE_FILES) + +check_type_size(uint16_t UINT16_T) +check_type_size(uint8_t UINT8_T) + +## Inverse +if (NOT HAVE_PID_T) + set(pid_t int) +endif () +if (NOT HAVE_SIZE_T) + set(size_t "unsigned int") +endif () +if (NOT HAVE_SSIZE_T) + set(ssize_t int) +endif () + +if (NOT HAVE_UINT8_T) + set(uint8_t "unsigned char") +endif () +if (NOT HAVE_UINT16_T) + set(uint16_t "unsigned short") +endif () + + +# Define as `fork' if `vfork' does not work. +if (NOT HAVE_WORKING_VFORK) + set(vfork fork) +endif () + +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/src/config.h.in ${CMAKE_CURRENT_BINARY_DIR}/src/config.h) + add_definitions(-DHAVE_CONFIG_H) +# ------------------------------------------------------------- +# Source + set(SNI_SOURCE src/http.c src/tls.c diff --git a/src/config.h.in b/src/config.h.in new file mode 100644 index 00000000..bfe86a18 --- /dev/null +++ b/src/config.h.in @@ -0,0 +1,306 @@ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* Define if building universal (internal helper macro) */ +#cmakedefine AC_APPLE_UNIVERSAL_BUILD + +/* errno for incomplete non-blocking connect(2) */ +#cmakedefine CONNECT_IN_PROGRESS @CONNECT_IN_PROGRESS@ + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_ARPA_INET_H 1 + +/* Define to 1 if you have the declaration of `inet_ntop', and to 0 if you + don't. */ +#cmakedefine HAVE_DECL_INET_NTOP 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_DLFCN_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_EV_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_FCNTL_H 1 + +/* Define to 1 if you have the `fork' function. */ +#cmakedefine HAVE_FORK 1 + +/* Define to 1 if you have the `getpwnam_r' function. */ +#cmakedefine HAVE_GETPWNAM_R 1 + +/* Define to 1 if you have the `inet_ntop' function. */ +#cmakedefine HAVE_INET_NTOP 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_INTTYPES_H 1 + +/* Enable IPv6 support in libudns */ +#cmakedefine HAVE_IPv6 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_LANGINFO_H 1 + +/* Compiling with pcre support */ +#cmakedefine HAVE_LIBPCRE 1 + +/* Define to 1 if you have the `socket' library (-lsocket). */ +#cmakedefine HAVE_LIBSOCKET 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_LIMITS_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_LINUX_IF_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_LINUX_NETFILTER_IPV4_H 1 + +/* Define to 1 if you have the header + file. */ +#cmakedefine HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_LOCALE_H 1 + +/* Define to 1 if you have the `malloc' function. */ +#cmakedefine HAVE_MALLOC 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_MEMORY_H 1 + +/* Define to 1 if you have the `memset' function. */ +#cmakedefine HAVE_MEMSET 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_NETDB_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_NETINET_IN_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_NET_IF_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_PCRE_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_PCRE_PCRE_H 1 + +/* Have PTHREAD_PRIO_INHERIT. */ +#cmakedefine HAVE_PTHREAD_PRIO_INHERIT 1 + +/* Define to 1 if you have the `select' function. */ +#cmakedefine HAVE_SELECT 1 + +/* Define to 1 if you have the `setresuid' function. */ +#cmakedefine HAVE_SETRESUID 1 + +/* Define to 1 if you have the `setreuid' function. */ +#cmakedefine HAVE_SETREUID 1 + +/* Define to 1 if you have the `setrlimit' function. */ +#cmakedefine HAVE_SETRLIMIT 1 + +/* Define to 1 if you have the `socket' function. */ +#cmakedefine HAVE_SOCKET 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_STDINT_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_STDLIB_H 1 + +/* Define to 1 if you have the `strerror' function. */ +#cmakedefine HAVE_STRERROR 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_STRINGS_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_STRING_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_IOCTL_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_SELECT_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_SOCKET_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_STAT_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_SYS_TYPES_H 1 + +/* Define to 1 if you have that is POSIX.1 compatible. */ +#cmakedefine HAVE_SYS_WAIT_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_UDNS_H 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_UNISTD_H 1 + +/* Define to 1 if you have the `vfork' function. */ +#cmakedefine HAVE_VFORK 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_VFORK_H 1 + +/* Define to 1 if `fork' works. */ +#cmakedefine HAVE_WORKING_FORK 1 + +/* Define to 1 if `vfork' works. */ +#cmakedefine HAVE_WORKING_VFORK 1 + +/* Define to the sub-directory where libtool stores uninstalled libraries. */ +#cmakedefine LT_OBJDIR "@LT_OBJDIR@" + +/* Define to 1 if assertions should be disabled. */ +#cmakedefine NDEBUG 1 + +/* Name of package */ +#define PACKAGE "@PACKAGE@" + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "@PACKAGE_BUGREPORT@" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "@PACKAGE_NAME@" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "@PACKAGE_STRING@" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "@PACKAGE_TARNAME@" + +/* Define to the home page for this package. */ +#define PACKAGE_URL "@PACKAGE_URL@" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "@PACKAGE_VERSION@" + +/* Define to necessary symbol if this constant uses a non-standard name on + your system. */ +#cmakedefine PTHREAD_CREATE_JOINABLE 1 + +/* Define as the return type of signal handlers (`int' or `void'). */ +#cmakedefine RETSIGTYPE @RETSIGTYPE@ + +/* Define to the type of arg 1 for `select'. */ +#cmakedefine SELECT_TYPE_ARG1 @SELECT_TYPE_ARG1@ + +/* Define to the type of args 2, 3 and 4 for `select'. */ +#cmakedefine SELECT_TYPE_ARG234 @SELECT_TYPE_ARG234@ + +/* Define to the type of arg 5 for `select'. */ +#cmakedefine SELECT_TYPE_ARG5 @SELECT_TYPE_ARG5@ + +/* Define to 1 if you have the ANSI C header files. */ +#cmakedefine STDC_HEADERS 1 + +/* Define to 1 if you can safely include both and . */ +#cmakedefine TIME_WITH_SYS_TIME 1 + +/* If the compiler supports a TLS storage class define it to that here */ +#cmakedefine TLS @TLS@ + +/* Enable extensions on AIX 3, Interix. */ +#ifndef _ALL_SOURCE +#cmakedefine _ALL_SOURCE 1 +#endif +/* Enable GNU extensions on systems that have them. */ +#ifndef _GNU_SOURCE +#cmakedefine _GNU_SOURCE 1 +#endif +/* Enable threading extensions on Solaris. */ +#ifndef _POSIX_PTHREAD_SEMANTICS +#cmakedefine _POSIX_PTHREAD_SEMANTICS 1 +#endif +/* Enable extensions on HP NonStop. */ +#ifndef _TANDEM_SOURCE +#cmakedefine _TANDEM_SOURCE 1 +#endif +/* Enable general extensions on Solaris. */ +#ifndef __EXTENSIONS__ +#cmakedefine __EXTENSIONS__ 1 +#endif + + +/* Define if use system shared lib. */ +#cmakedefine USE_SYSTEM_SHARED_LIB 1 + +/* Version number of package */ +#define VERSION "@VERSION@" + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +#cmakedefine WORDS_BIGENDIAN 1 +# endif +#endif + +/* Define to 1 if on MINIX. */ +#cmakedefine _MINIX 1 + +/* Define to 2 if the system does not provide POSIX.1 features except with + this defined. */ +#cmakedefine _POSIX_1_SOURCE 1 + +/* Define to 1 if you need to in order for `stat' and other things to work. */ +#cmakedefine _POSIX_SOURCE 1 + +/* Define for Solaris 2.5.1 so the uint8_t typedef from , + , or is not used. If the typedef were allowed, the + #define below would cause a syntax error. */ +#cmakedefine _UINT8_T 1 + +/* Define to empty if `const' does not conform to ANSI C. */ +#cmakedefine const 1 + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +#cmakedefine inline 1 +#endif + +/* Define to `int' if does not define. */ +#cmakedefine pid_t @pid_t@ + +/* Define to the equivalent of the C99 'restrict' keyword, or to + nothing if this is not supported. Do not define if restrict is + supported directly. */ +#cmakedefine restrict @restrict@ +/* Work around a bug in Sun C++: it does not support _Restrict or + __restrict__, even though the corresponding Sun C compiler ends up with + "#define restrict _Restrict" or "#define restrict __restrict__" in the + previous line. Perhaps some future version of Sun C++ will work with + restrict; if so, hopefully it defines __RESTRICT like Sun C does. */ +#if defined __SUNPRO_CC && !defined __RESTRICT +# define _Restrict +# define __restrict__ +#endif + +/* Define to `unsigned int' if does not define. */ +#cmakedefine size_t unsigned int + +/* Define to `int' if does not define. */ +#cmakedefine ssize_t int + +/* Define to the type of an unsigned integer type of width exactly 16 bits if + such a type exists and the standard includes do not define it. */ +#cmakedefine uint16_t @uint16_t@ + +/* Define to the type of an unsigned integer type of width exactly 8 bits if + such a type exists and the standard includes do not define it. */ +#cmakedefine uint8_t @uint8_t@ + +/* Define as `fork' if `vfork' does not work. */ +#cmakedefine vfork From 111041731fa66cc83bb2c88c29433573252a0e90 Mon Sep 17 00:00:00 2001 From: wener Date: Sat, 18 Feb 2017 00:10:32 +0800 Subject: [PATCH 03/62] link libcork instead cork to ss-redir --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 13d053b1..1c48550e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -407,7 +407,7 @@ target_compile_definitions(ss-local PUBLIC -DMODULE_LOCAL) if (LINUX) add_executable(ss-redir ${SS_REDIR_SOURCE}) target_compile_definitions(ss-redir PUBLIC -DMODULE_REDIR) - target_link_libraries(ss-redir cork ev sodium mbedtls mbedcrypto libipset udns pcre) + target_link_libraries(ss-redir libcork ev sodium mbedtls mbedcrypto libipset udns pcre) endif (LINUX) target_link_libraries(ss-server libcork ev sodium mbedtls mbedcrypto libipset udns pcre) From 00bf648f77191302c3a8f379e025b9822bffaeb7 Mon Sep 17 00:00:00 2001 From: wener Date: Sat, 18 Feb 2017 01:41:24 +0800 Subject: [PATCH 04/62] Allowed to build static linked executable, default ON To build shared executable cmake -DBUILD_STATIC=OFF . && make --- CMakeLists.txt | 45 +++++++++++++++++++++++++++++++++++++++------ 1 file changed, 39 insertions(+), 6 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 1c48550e..5d471550 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -15,6 +15,11 @@ set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin) #set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake") #set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_CURRENT_SOURCE_DIR}/cmake") +# ------------------------------------------------------------- +# Options +option(BUILD_STATIC "Static link library to executable" ON) + + if (NOT CMAKE_BUILD_TYPE) set(CMAKE_BUILD_TYPE Debug) endif () @@ -403,18 +408,46 @@ target_compile_definitions(ss-tunnel PUBLIC -DMODULE_TUNNEL) target_compile_definitions(ss-manager PUBLIC -DMODULE_MANAGER) target_compile_definitions(ss-local PUBLIC -DMODULE_LOCAL) + +if (BUILD_STATIC) + message("Build static linked executable") + set(BUILD_SHARED_LIBS OFF) + find_library(LIBSODIUM libsodium.a) + find_library(LIBMBEDTLS libmbedtls.a) + find_library(LIBMBEDCRYPTO libmbedcrypto.a) + find_library(LIBEV libev.a) + find_library(LIBUDNS libudns.a) + find_library(LIBPCRE libpcre.a) + + # Clang crt0 issues + # https://github.com/skaht/Csu-85 + # https://bugs.llvm.org//show_bug.cgi?id=17801 + # set(CMAKE_EXE_LINKER_FLAGS "-static") +else () + message("Build shared linked executable") + + find_library(LIBSODIUM sodium) + find_library(LIBMBEDTLS mbedtls) + find_library(LIBMBEDCRYPTO mbedcrypto) + find_library(LIBEV ev) + find_library(LIBUDNS udns) + find_library(LIBPCRE pcre) +endif () + +list(APPEND DEPS ${LIBEV} ${LIBUDNS} ${LIBPCRE} ${LIBSODIUM} ${LIBMBEDTLS} ${LIBMBEDCRYPTO}) + +target_link_libraries(ss-server libcork libipset ${DEPS}) +target_link_libraries(ss-tunnel libcork ${DEPS}) +target_link_libraries(ss-manager libcork ${LIBEV} ${LIBUDNS}) +target_link_libraries(ss-local libcork libipset ${DEPS}) + # redir need linux/* stuff if (LINUX) add_executable(ss-redir ${SS_REDIR_SOURCE}) target_compile_definitions(ss-redir PUBLIC -DMODULE_REDIR) - target_link_libraries(ss-redir libcork ev sodium mbedtls mbedcrypto libipset udns pcre) + target_link_libraries(ss-redir libcork libipset ${DEPS}) endif (LINUX) -target_link_libraries(ss-server libcork ev sodium mbedtls mbedcrypto libipset udns pcre) -target_link_libraries(ss-tunnel libcork ev sodium mbedtls mbedcrypto libipset udns pcre) -target_link_libraries(ss-manager libcork ev udns) -target_link_libraries(ss-local libcork ev sodium mbedtls mbedcrypto libipset udns pcre) - install(DIRECTORY DESTINATION ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}) install(TARGETS ss-server RUNTIME DESTINATION bin) install(TARGETS ss-tunnel RUNTIME DESTINATION bin) From 47acac3b8cc3ae47cfd1b4c5c74a1fa7759019a5 Mon Sep 17 00:00:00 2001 From: wener Date: Sat, 18 Feb 2017 02:23:32 +0800 Subject: [PATCH 05/62] Add cmake to ci --- .travis.yml | 21 +++++++++++++++++++++ docker/build/builder.Dockerfile | 8 ++++++++ docker/build/dockerbuild.sh | 5 +++++ 3 files changed, 34 insertions(+) create mode 100644 docker/build/builder.Dockerfile create mode 100755 docker/build/dockerbuild.sh diff --git a/.travis.yml b/.travis.yml index ed2e3a80..eb01c0b2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,6 +20,8 @@ before_install: - make - sudo make install - popd + # Load cached docker images + - if [[ -d $HOME/docker ]]; then ls $HOME/docker/*.tar.gz | xargs -I {file} sh -c "zcat {file} | docker load"; fi addons: apt: packages: @@ -32,6 +34,9 @@ addons: script: - ./autogen.sh - ./configure && make + # Test cmake using our builder + - cd docker/build && docker build -f builder.Dockerfile -t builder . && cd - + - docker run --rm -it -v $PWD:/src -w /src builder sh -c /src/docker/build/dockerbuild.sh && echo yes branches: only: - master @@ -41,3 +46,19 @@ notifications: email: on_success: change on_failure: always + +# Use cache to speedup next build +services: + - docker + +before_cache: + # Save tagged docker images + - > + mkdir -p $HOME/docker && docker images -a --filter='dangling=false' --format '{{.Repository}}:{{.Tag}} {{.ID}}' + | xargs -n 2 -t sh -c 'test -e $HOME/docker/$1.tar.gz || docker save $0 | gzip -2 > $HOME/docker/$1.tar.gz' + +cache: + bundler: true + directories: + - $HOME/docker + diff --git a/docker/build/builder.Dockerfile b/docker/build/builder.Dockerfile new file mode 100644 index 00000000..a1402c57 --- /dev/null +++ b/docker/build/builder.Dockerfile @@ -0,0 +1,8 @@ +# Alpine with China mirror +FROM alpine +MAINTAINER wener + +# Better for cache and dev +RUN apk add --no-cache --virtual .build-deps \ + alpine-sdk cmake \ + linux-headers libev-dev libsodium-dev mbedtls-static mbedtls-dev pcre-dev udns-dev diff --git a/docker/build/dockerbuild.sh b/docker/build/dockerbuild.sh new file mode 100755 index 00000000..2b61cc60 --- /dev/null +++ b/docker/build/dockerbuild.sh @@ -0,0 +1,5 @@ +#!/bin/sh +set -e +set -o xtrace + +cmake -DBUILD_STATIC=OFF . && make && make install \ No newline at end of file From 95a8a4db5055b9f1fd0f21549d16e3310e81e928 Mon Sep 17 00:00:00 2001 From: wener Date: Sat, 18 Feb 2017 02:43:30 +0800 Subject: [PATCH 06/62] Add missing ss-redir install; Remove cmake build success echo. --- .travis.yml | 2 +- CMakeLists.txt | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index eb01c0b2..d635f14a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -36,7 +36,7 @@ script: - ./configure && make # Test cmake using our builder - cd docker/build && docker build -f builder.Dockerfile -t builder . && cd - - - docker run --rm -it -v $PWD:/src -w /src builder sh -c /src/docker/build/dockerbuild.sh && echo yes + - docker run --rm -it -v $PWD:/src -w /src builder sh -c /src/docker/build/dockerbuild.sh branches: only: - master diff --git a/CMakeLists.txt b/CMakeLists.txt index 5d471550..1c3e51be 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -452,4 +452,8 @@ install(DIRECTORY DESTINATION ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}) install(TARGETS ss-server RUNTIME DESTINATION bin) install(TARGETS ss-tunnel RUNTIME DESTINATION bin) install(TARGETS ss-manager RUNTIME DESTINATION bin) -install(TARGETS ss-local RUNTIME DESTINATION bin) \ No newline at end of file +install(TARGETS ss-local RUNTIME DESTINATION bin) + +if (LINUX) + install(TARGETS ss-redir RUNTIME DESTINATION bin) +endif (LINUX) From 0cabdccd9a3d263267135c2d6ae739df71de1f81 Mon Sep 17 00:00:00 2001 From: wener Date: Sat, 18 Feb 2017 13:03:22 +0800 Subject: [PATCH 07/62] Remove confuse comment in config.h.in;Move config.h.in to cmake. --- CMakeLists.txt | 2 +- {src => cmake}/config.h.in | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) rename {src => cmake}/config.h.in (99%) diff --git a/CMakeLists.txt b/CMakeLists.txt index 1c3e51be..eb7e3c7d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -229,7 +229,7 @@ if (NOT HAVE_WORKING_VFORK) set(vfork fork) endif () -configure_file(${CMAKE_CURRENT_SOURCE_DIR}/src/config.h.in ${CMAKE_CURRENT_BINARY_DIR}/src/config.h) +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/config.h.in ${CMAKE_CURRENT_BINARY_DIR}/src/config.h) add_definitions(-DHAVE_CONFIG_H) diff --git a/src/config.h.in b/cmake/config.h.in similarity index 99% rename from src/config.h.in rename to cmake/config.h.in index bfe86a18..3927e61f 100644 --- a/src/config.h.in +++ b/cmake/config.h.in @@ -1,5 +1,3 @@ -/* config.h.in. Generated from configure.ac by autoheader. */ - /* Define if building universal (internal helper macro) */ #cmakedefine AC_APPLE_UNIVERSAL_BUILD From 734092e348b2a8f65eb81dfa527f9eb02b1d9b3f Mon Sep 17 00:00:00 2001 From: wener Date: Mon, 20 Feb 2017 00:04:28 +0800 Subject: [PATCH 08/62] Build shared and static shadowsock-libev and executable. --- CMakeLists.txt | 410 +++----------------------- build/.gitkeep | 0 cmake/{config.h.in => config.h.cmake} | 17 +- cmake/configure.cmake | 200 +++++++++++++ cmake/shadowsocks-libev.pc.cmake | 14 + src/CMakeLists.txt | 188 ++++++++++++ 6 files changed, 449 insertions(+), 380 deletions(-) create mode 100644 build/.gitkeep rename cmake/{config.h.in => config.h.cmake} (96%) create mode 100644 cmake/configure.cmake create mode 100644 cmake/shadowsocks-libev.pc.cmake create mode 100644 src/CMakeLists.txt diff --git a/CMakeLists.txt b/CMakeLists.txt index eb7e3c7d..9ab352eb 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2,23 +2,22 @@ cmake_minimum_required(VERSION 3.6) set(PROJECT_NAME shadowsocks-libev) set(RELEASE_DATE 2017-2-17) -set(PROJECT_VERSION 3.0.2) +set(PROJECT_VERSION "3.0.2") +set(PROJECT_DESC "a lightweight secured socks5 proxy") +set(PROJECT_URL "https://shadowsocks.org") +set(PROJECT_ISSUES_URL "https://github.com/shadowsocks/shadowsocks-libev") project(${PROJECT_NAME}) set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c11") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -c") +#set(CMAKE_BINARY_DIR ${CMAKE_SOURCE_DIR}/out) set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib) set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib) set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin) -#set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake") -#set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_CURRENT_SOURCE_DIR}/cmake") - -# ------------------------------------------------------------- -# Options -option(BUILD_STATIC "Static link library to executable" ON) - +set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_SOURCE_DIR}/cmake) +set(CMAKE_MACOSX_RPATH TRUE) if (NOT CMAKE_BUILD_TYPE) set(CMAKE_BUILD_TYPE Debug) @@ -28,315 +27,32 @@ if (UNIX AND NOT APPLE) set(LINUX TRUE) endif () +message(STATUS "Running cmake version ${CMAKE_VERSION}") -# ------------------------------------------------------------- -# config.h - -# If we generate config.h by automake -#include_directories(.) - -# Use cmake to generate config.h -include(CheckIncludeFiles) -include(CheckFunctionExists) -include(CheckSymbolExists) -include(CheckLibraryExists) -include(CheckTypeSize) -include(CheckCSourceCompiles) - -# Define if building universal (internal helper macro) -# AC_APPLE_UNIVERSAL_BUILD -set(CONNECT_IN_PROGRESS "EINPROGRESS") -set(CONNECT_IN_PROGRESS "EINPROGRESS" CACHE STRING "") - - -check_include_files(dlfcn.h HAVE_DLFCN_H) -check_include_files(ev.h HAVE_EV_H) -check_include_files(fcntl.h HAVE_FCNTL_H) -check_function_exists(fork HAVE_FORK) -check_function_exists(getpwnam_r HAVE_GETPWNAM_R) -check_function_exists(inet_ntop HAVE_INET_NTOP) -check_include_files(inttypes.h HAVE_INTTYPES_H) -set(HAVE_IPv6 1) -check_include_files(langinfo.h HAVE_LANGINFO_H) -set(HAVE_LIBPCRE 1) -check_library_exists(socket socket "" HAVE_LIBSOCKET) -check_include_files(limits.h HAVE_LIMITS_H) -check_include_files(linux/if.h HAVE_LINUX_IF_H) -check_include_files(linux/netfilter_ipv4.h HAVE_LINUX_NETFILTER_IPV4_H) -check_include_files(linux/netfilter_ipv6/ip6_tables.h HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H) -check_include_files(locale.h HAVE_LOCALE_H) - - -check_function_exists(malloc HAVE_MALLOC) -check_include_files(memory.h HAVE_MEMORY_H) -check_function_exists(memset HAVE_MEMSET) - -check_include_files(netdb.h HAVE_NETDB_H) -check_include_files(netinet/in.h HAVE_NETINET_IN_H) -check_include_files(net/if.h HAVE_NET_IF_H) -check_include_files(pcre.h HAVE_PCRE_H) -check_include_files(pcre/pcre.h HAVE_PCRE_PCRE_H) -check_symbol_exists(PTHREAD_PRIO_INHERIT pthread.h HAVE_PTHREAD_PRIO_INHERIT) - -check_function_exists(select HAVE_SELECT) -check_function_exists(setresuid HAVE_SETRESUID) -check_function_exists(setreuid HAVE_SETREUID) -check_function_exists(setrlimit HAVE_SETRLIMIT) -check_function_exists(socket HAVE_SOCKET) - -check_include_files(stdint.h HAVE_STDINT_H) -check_include_files(stdlib.h HAVE_STDLIB_H) - -check_function_exists(strerror HAVE_STRERROR) - -check_include_files(strings.h HAVE_STRINGS_H) -check_include_files(string.h HAVE_STRING_H) -check_include_files(sys/ioctl.h HAVE_SYS_IOCTL_H) -check_include_files(sys/select.h HAVE_SYS_SELECT_H) -check_include_files(sys/socket.h HAVE_SYS_SOCKET_H) -check_include_files(sys/stat.h HAVE_SYS_STAT_H) -check_include_files(sys/types.h HAVE_SYS_TYPES_H) -check_include_files(sys/wait.h HAVE_SYS_WAIT_H) -check_include_files(udns.h HAVE_UDNS_H) -check_include_files(unistd.h HAVE_UNISTD_H) - -check_function_exists(fork HAVE_FORK) -check_function_exists(vfork HAVE_VFORK) -check_include_files(vfork.h HAVE_VFORK_H) -if (HAVE_VFORK) - set(HAVE_WORKING_VFORK 1) -endif () -if (HAVE_FORK) - set(HAVE_WORKING_FORK 1) -endif () - - -# Define to the sub-directory where libtool stores uninstalled libraries. -set(LT_OBJDIR ".libs/") -set(NDEBUG 1) -set(PACKAGE ${PROJECT_NAME}) -set(PACKAGE_BUGREPORT max.c.lv@gmail.com) -set(PACKAGE_NAME ${PROJECT_NAME}) -#set(PACKAGE_VERSION ${PROJECT_VERSION}) -set(PACKAGE_VERSION 3.0.2) -set(PACKAGE_STRING "${PROJECT_NAME} ${PACKAGE_VERSION}") -set(PACKAGE_TARNAME ${PROJECT_NAME}) -set(PACKAGE_URL "") - -#message(${PACKAGE_NAME} - v${PACKAGE_VERSION} - v${PROJECT_VERSION}) - -# PTHREAD_CREATE_JOINABLE - -# Define as the return type of signal handlers (`int' or `void'). -set(RETSIGTYPE void) - -# Define to the type of arg 1 for `select'. -set(SELECT_TYPE_ARG1 int) - -# Define to the type of args 2, 3 and 4 for `select'. -set(SELECT_TYPE_ARG234 "(fd_set *)") - -# Define to the type of arg 5 for `select'. -set(SELECT_TYPE_ARG5 "(struct timeval *)") - -# Define to 1 if you have the ANSI C header files. -set(STDC_HEADERS 1) - - -check_include_files(sys/time.h time.h TIME_WITH_SYS_TIME) - - -# If the compiler supports a TLS storage class define it to that here -check_c_source_compiles(" - __thread int tls; - int main(void) { return 0; }" - HAVE_GCC_THREAD_LOCAL_STORAGE) -if (HAVE_GCC_THREAD_LOCAL_STORAGE) - set(TLS __thread) -endif () - -set(_ALL_SOURCE 1) -set(_GNU_SOURCE 1) -set(_POSIX_PTHREAD_SEMANTICS 1) -set(_TANDEM_SOURCE 1) -set(__EXTENSIONS__ 1) -# USE_SYSTEM_SHARED_LIB -set(VERSION ${PACKAGE_VERSION}) -# TODO WORDS_BIGENDIAN -# _MINIX -# _POSIX_1_SOURCE -# _POSIX_SOURCE -# _UINT8_T - -# Define to empty if `const' does not conform to ANSI C. -# undef const - -# Define to `__inline__' or `__inline' if that's what the C compiler -# calls it, or to nothing if 'inline' is not supported under any name. -#ifndef __cplusplus -#undef inline -#endif -# TODO Assume we got inline support -# https://cmake.org/Wiki/CMakeTestInline - -# Define to the equivalent of the C99 'restrict' keyword, or to -# nothing if this is not supported. Do not define if restrict is -# supported directly. -#define restrict __restrict -if (NOT "c_restrict" IN_LIST CMAKE_C_COMPILE_FEATURES) - message("No restrict") - set(restrict __restrict) -endif () - -# Define to `int' if does not define. -# undef pid_t -# Define to the type of an unsigned integer type of width exactly 16 bits if -# such a type exists and the standard includes do not define it. -# undef uint16_t -# Define to the type of an unsigned integer type of width exactly 8 bits if -# such a type exists and the standard includes do not define it. -# undef uint8_t -set(CMAKE_EXTRA_INCLUDE_FILES sys/types.h) -check_type_size(pid_t PID_T) -check_type_size(size_t SIZE_T) -check_type_size(ssize_t SSIZE_T) -set(CMAKE_EXTRA_INCLUDE_FILES) - -check_type_size(uint16_t UINT16_T) -check_type_size(uint8_t UINT8_T) - -## Inverse -if (NOT HAVE_PID_T) - set(pid_t int) -endif () -if (NOT HAVE_SIZE_T) - set(size_t "unsigned int") -endif () -if (NOT HAVE_SSIZE_T) - set(ssize_t int) -endif () - -if (NOT HAVE_UINT8_T) - set(uint8_t "unsigned char") -endif () -if (NOT HAVE_UINT16_T) - set(uint16_t "unsigned short") -endif () - - -# Define as `fork' if `vfork' does not work. -if (NOT HAVE_WORKING_VFORK) - set(vfork fork) -endif () - -configure_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/config.h.in ${CMAKE_CURRENT_BINARY_DIR}/src/config.h) +# Will set GIT_EXECUTABLE and GIT_FOUND +# find_package(Git) +# Run platform tests +include(${CMAKE_SOURCE_DIR}/cmake/configure.cmake) +configure_file(${CMAKE_SOURCE_DIR}/cmake/config.h.cmake ${CMAKE_SOURCE_DIR}/src/config.h) add_definitions(-DHAVE_CONFIG_H) -# ------------------------------------------------------------- -# Source - -set(SNI_SOURCE - src/http.c - src/tls.c - src/rule.c - ) - -set(CRYPTO_SOURCE - src/crypto.c - src/aead.c - src/stream.c - src/base64.c - ) - -set(PLUGIN_SOURCE - src/plugin.c - ) - -set(SS_LOCAL_SOURCE - src/utils.c - src/jconf.c - src/json.c - src/netutils.c - src/udprelay.c - src/cache.c - src/acl.c - src/local.c - ${CRYPTO_SOURCE} - ${PLUGIN_SOURCE} - ${SNI_SOURCE} - ) - -set(SS_TUNNEL_SOURCE - src/utils.c - src/jconf.c - src/json.c - src/netutils.c - src/udprelay.c - src/cache.c - src/tunnel.c - ${CRYPTO_SOURCE} - ${PLUGIN_SOURCE} - ) - -set(SS_SERVER_SOURCE - src/utils.c - src/jconf.c - src/json.c - src/netutils.c - src/udprelay.c - src/cache.c - src/acl.c - src/resolv.c - src/server.c - ${CRYPTO_SOURCE} - ${PLUGIN_SOURCE} - ${SNI_SOURCE} - ) - -set(SS_MANAGER_SOURCE - src/utils.c - src/jconf.c - src/json.c - src/netutils.c - src/manager.c - ) - -set(SS_REDIR_SOURCE - src/utils.c - src/jconf.c - src/json.c - src/netutils.c - src/udprelay.c - src/cache.c - src/redir.c - ${CRYPTO_SOURCE} - ${PLUGIN_SOURCE} - ${SNI_SOURCE} +# pkg-config +configure_file( + "${CMAKE_SOURCE_DIR}/cmake/shadowsocks-libev.pc.cmake" + "${CMAKE_BINARY_DIR}/pkgconfig/shadowsocks-libev.pc" + @ONLY +) +install(FILES + "${CMAKE_BINARY_DIR}/pkgconfig/shadowsocks-libev.pc" + DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig" ) -# We don't care about shared -set(ENABLE_SHARED OFF) -set(ENABLE_SHARED_EXECUTABLES OFF) -set(ENABLE_STATIC ON) -set(ENABLE_STATIC_EXECUTABLES ON) -#set(CMAKE_MACOSX_RPATH TRUE) - # We need libcork,libipset headers include_directories(libcork/include) include_directories(libipset/include) -# Things we need to build libcork,libipset -#link_directories(libcork/src) -#link_directories(libipset/src) - -#add_subdirectory(libcork EXCLUDE_FROM_ALL) -# So libipset can find cork -#set( ENV{PKG_CONFIG_PATH} "$ENV{PKG_CONFIG_PATH}:libcork/src" ) -#add_subdirectory(libipset EXCLUDE_FROM_ALL) - -add_library( - libcork STATIC +set(LIBCORK_SOURCE libcork/src/libcork/cli/commands.c libcork/src/libcork/core/allocator.c libcork/src/libcork/core/error.c @@ -363,12 +79,16 @@ add_library( libcork/src/libcork/posix/process.c libcork/src/libcork/posix/subprocess.c libcork/src/libcork/pthreads/thread.c -) + ) -target_compile_definitions(libcork PUBLIC -DCORK_API=CORK_LOCAL) +add_library(cork STATIC ${LIBCORK_SOURCE}) +target_compile_definitions(cork PUBLIC -DCORK_API=CORK_LOCAL) +add_library(cork-shared SHARED ${LIBCORK_SOURCE}) +target_compile_definitions(cork-shared PUBLIC -DCORK_API=CORK_EXPORT) +set_target_properties(cork-shared PROPERTIES OUTPUT_NAME cork) -set(LIBIPSET_SRC +set(LIBIPSET_SOURCE libipset/src/libipset/general.c libipset/src/libipset/bdd/assignments.c libipset/src/libipset/bdd/basics.c @@ -390,70 +110,12 @@ set(LIBIPSET_SRC libipset/src/libipset/set/storage.c ) -add_library(libipset STATIC ${LIBIPSET_SRC}) -set_target_properties(libipset PROPERTIES - OUTPUT_NAME ipset - VERSION 1.1.0 - SOVERSION 1) -target_link_libraries(libipset libcork) - -# Add our targets -add_executable(ss-server ${SS_SERVER_SOURCE}) -add_executable(ss-tunnel ${SS_TUNNEL_SOURCE}) -add_executable(ss-manager ${SS_MANAGER_SOURCE}) -add_executable(ss-local ${SS_LOCAL_SOURCE}) - -target_compile_definitions(ss-server PUBLIC -DMODULE_REMOTE) -target_compile_definitions(ss-tunnel PUBLIC -DMODULE_TUNNEL) -target_compile_definitions(ss-manager PUBLIC -DMODULE_MANAGER) -target_compile_definitions(ss-local PUBLIC -DMODULE_LOCAL) - - -if (BUILD_STATIC) - message("Build static linked executable") - set(BUILD_SHARED_LIBS OFF) - find_library(LIBSODIUM libsodium.a) - find_library(LIBMBEDTLS libmbedtls.a) - find_library(LIBMBEDCRYPTO libmbedcrypto.a) - find_library(LIBEV libev.a) - find_library(LIBUDNS libudns.a) - find_library(LIBPCRE libpcre.a) - - # Clang crt0 issues - # https://github.com/skaht/Csu-85 - # https://bugs.llvm.org//show_bug.cgi?id=17801 - # set(CMAKE_EXE_LINKER_FLAGS "-static") -else () - message("Build shared linked executable") - - find_library(LIBSODIUM sodium) - find_library(LIBMBEDTLS mbedtls) - find_library(LIBMBEDCRYPTO mbedcrypto) - find_library(LIBEV ev) - find_library(LIBUDNS udns) - find_library(LIBPCRE pcre) -endif () - -list(APPEND DEPS ${LIBEV} ${LIBUDNS} ${LIBPCRE} ${LIBSODIUM} ${LIBMBEDTLS} ${LIBMBEDCRYPTO}) - -target_link_libraries(ss-server libcork libipset ${DEPS}) -target_link_libraries(ss-tunnel libcork ${DEPS}) -target_link_libraries(ss-manager libcork ${LIBEV} ${LIBUDNS}) -target_link_libraries(ss-local libcork libipset ${DEPS}) +add_library(ipset STATIC ${LIBIPSET_SOURCE}) +target_link_libraries(ipset cork) -# redir need linux/* stuff -if (LINUX) - add_executable(ss-redir ${SS_REDIR_SOURCE}) - target_compile_definitions(ss-redir PUBLIC -DMODULE_REDIR) - target_link_libraries(ss-redir libcork libipset ${DEPS}) -endif (LINUX) +add_library(ipset-shared SHARED ${LIBIPSET_SOURCE}) +target_link_libraries(ipset-shared cork-shared) +set_target_properties(ipset-shared PROPERTIES OUTPUT_NAME ipset) -install(DIRECTORY DESTINATION ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}) -install(TARGETS ss-server RUNTIME DESTINATION bin) -install(TARGETS ss-tunnel RUNTIME DESTINATION bin) -install(TARGETS ss-manager RUNTIME DESTINATION bin) -install(TARGETS ss-local RUNTIME DESTINATION bin) +add_subdirectory(src) -if (LINUX) - install(TARGETS ss-redir RUNTIME DESTINATION bin) -endif (LINUX) diff --git a/build/.gitkeep b/build/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/cmake/config.h.in b/cmake/config.h.cmake similarity index 96% rename from cmake/config.h.in rename to cmake/config.h.cmake index 3927e61f..4e122b79 100644 --- a/cmake/config.h.in +++ b/cmake/config.h.cmake @@ -1,3 +1,6 @@ +#ifndef _SHADOWSOCKS_CONFIG_H +#define _SHADOWSOCKS_CONFIG_H + /* Define if building universal (internal helper macro) */ #cmakedefine AC_APPLE_UNIVERSAL_BUILD @@ -160,25 +163,25 @@ #cmakedefine NDEBUG 1 /* Name of package */ -#define PACKAGE "@PACKAGE@" +#define PACKAGE "@PROJECT_NAME@" /* Define to the address where bug reports for this package should be sent. */ #define PACKAGE_BUGREPORT "@PACKAGE_BUGREPORT@" /* Define to the full name of this package. */ -#define PACKAGE_NAME "@PACKAGE_NAME@" +#define PACKAGE_NAME "@PROJECT_NAME@" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "@PACKAGE_STRING@" +#define PACKAGE_STRING "@PROJECT_NAME@ @PROJECT_VERSION@" /* Define to the one symbol short name of this package. */ -#define PACKAGE_TARNAME "@PACKAGE_TARNAME@" +#define PACKAGE_TARNAME "@PROJECT_NAME@" /* Define to the home page for this package. */ #define PACKAGE_URL "@PACKAGE_URL@" /* Define to the version of this package. */ -#define PACKAGE_VERSION "@PACKAGE_VERSION@" +#define PACKAGE_VERSION "@PROJECT_VERSION@" /* Define to necessary symbol if this constant uses a non-standard name on your system. */ @@ -231,7 +234,7 @@ #cmakedefine USE_SYSTEM_SHARED_LIB 1 /* Version number of package */ -#define VERSION "@VERSION@" +#define VERSION "@PROJECT_VERSION@" /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel). */ @@ -302,3 +305,5 @@ /* Define as `fork' if `vfork' does not work. */ #cmakedefine vfork + +#endif \ No newline at end of file diff --git a/cmake/configure.cmake b/cmake/configure.cmake new file mode 100644 index 00000000..dc376dd2 --- /dev/null +++ b/cmake/configure.cmake @@ -0,0 +1,200 @@ + +# ------------------------------------------------------------- +# config.h + +# If we generate config.h by automake +#include_directories(.) + +# Use cmake to generate config.h +include(CheckIncludeFiles) +include(CheckFunctionExists) +include(CheckSymbolExists) +include(CheckLibraryExists) +include(CheckTypeSize) +include(CheckCSourceCompiles) + +# Define if building universal (internal helper macro) +# AC_APPLE_UNIVERSAL_BUILD +set(CONNECT_IN_PROGRESS "EINPROGRESS") +set(CONNECT_IN_PROGRESS "EINPROGRESS" CACHE STRING "") + + +check_include_files(dlfcn.h HAVE_DLFCN_H) +check_include_files(ev.h HAVE_EV_H) +check_include_files(fcntl.h HAVE_FCNTL_H) +check_function_exists(fork HAVE_FORK) +check_function_exists(getpwnam_r HAVE_GETPWNAM_R) +check_function_exists(inet_ntop HAVE_INET_NTOP) +check_include_files(inttypes.h HAVE_INTTYPES_H) +set(HAVE_IPv6 1) +check_include_files(langinfo.h HAVE_LANGINFO_H) +set(HAVE_LIBPCRE 1) +check_library_exists(socket socket "" HAVE_LIBSOCKET) +check_include_files(limits.h HAVE_LIMITS_H) +check_include_files(linux/if.h HAVE_LINUX_IF_H) +check_include_files(linux/netfilter_ipv4.h HAVE_LINUX_NETFILTER_IPV4_H) +check_include_files(linux/netfilter_ipv6/ip6_tables.h HAVE_LINUX_NETFILTER_IPV6_IP6_TABLES_H) +check_include_files(locale.h HAVE_LOCALE_H) + + +check_function_exists(malloc HAVE_MALLOC) +check_include_files(memory.h HAVE_MEMORY_H) +check_function_exists(memset HAVE_MEMSET) + +check_include_files(netdb.h HAVE_NETDB_H) +check_include_files(netinet/in.h HAVE_NETINET_IN_H) +check_include_files(net/if.h HAVE_NET_IF_H) +check_include_files(pcre.h HAVE_PCRE_H) +check_include_files(pcre/pcre.h HAVE_PCRE_PCRE_H) +check_symbol_exists(PTHREAD_PRIO_INHERIT pthread.h HAVE_PTHREAD_PRIO_INHERIT) + +check_function_exists(select HAVE_SELECT) +check_function_exists(setresuid HAVE_SETRESUID) +check_function_exists(setreuid HAVE_SETREUID) +check_function_exists(setrlimit HAVE_SETRLIMIT) +check_function_exists(socket HAVE_SOCKET) + +check_include_files(stdint.h HAVE_STDINT_H) +check_include_files(stdlib.h HAVE_STDLIB_H) + +check_function_exists(strerror HAVE_STRERROR) + +check_include_files(strings.h HAVE_STRINGS_H) +check_include_files(string.h HAVE_STRING_H) +check_include_files(sys/ioctl.h HAVE_SYS_IOCTL_H) +check_include_files(sys/select.h HAVE_SYS_SELECT_H) +check_include_files(sys/socket.h HAVE_SYS_SOCKET_H) +check_include_files(sys/stat.h HAVE_SYS_STAT_H) +check_include_files(sys/types.h HAVE_SYS_TYPES_H) +check_include_files(sys/wait.h HAVE_SYS_WAIT_H) +check_include_files(udns.h HAVE_UDNS_H) +check_include_files(unistd.h HAVE_UNISTD_H) + +check_function_exists(fork HAVE_FORK) +check_function_exists(vfork HAVE_VFORK) +check_include_files(vfork.h HAVE_VFORK_H) +if (HAVE_VFORK) + set(HAVE_WORKING_VFORK 1) +endif () +if (HAVE_FORK) + set(HAVE_WORKING_FORK 1) +endif () + + +# Define to the sub-directory where libtool stores uninstalled libraries. +set(LT_OBJDIR ".libs/") +set(NDEBUG 1) +set(PACKAGE ${PROJECT_NAME}) +set(PACKAGE_BUGREPORT max.c.lv@gmail.com) +set(PACKAGE_NAME ${PROJECT_NAME}) +#set(PACKAGE_VERSION ${PROJECT_VERSION}) +set(PACKAGE_VERSION 3.0.2) +set(PACKAGE_STRING "${PROJECT_NAME} ${PACKAGE_VERSION}") +set(PACKAGE_TARNAME ${PROJECT_NAME}) +set(PACKAGE_URL "") + +#message(${PACKAGE_NAME} - v${PACKAGE_VERSION} - v${PROJECT_VERSION}) + +# PTHREAD_CREATE_JOINABLE + +# Define as the return type of signal handlers (`int' or `void'). +set(RETSIGTYPE void) + +# Define to the type of arg 1 for `select'. +set(SELECT_TYPE_ARG1 int) + +# Define to the type of args 2, 3 and 4 for `select'. +set(SELECT_TYPE_ARG234 "(fd_set *)") + +# Define to the type of arg 5 for `select'. +set(SELECT_TYPE_ARG5 "(struct timeval *)") + +# Define to 1 if you have the ANSI C header files. +set(STDC_HEADERS 1) + + +check_include_files(sys/time.h time.h TIME_WITH_SYS_TIME) + + +# If the compiler supports a TLS storage class define it to that here +check_c_source_compiles(" + __thread int tls; + int main(void) { return 0; }" + HAVE_GCC_THREAD_LOCAL_STORAGE) +if (HAVE_GCC_THREAD_LOCAL_STORAGE) + set(TLS __thread) +endif () + +set(_ALL_SOURCE 1) +set(_GNU_SOURCE 1) +set(_POSIX_PTHREAD_SEMANTICS 1) +set(_TANDEM_SOURCE 1) +set(__EXTENSIONS__ 1) +# USE_SYSTEM_SHARED_LIB +set(VERSION ${PACKAGE_VERSION}) +# TODO WORDS_BIGENDIAN +# _MINIX +# _POSIX_1_SOURCE +# _POSIX_SOURCE +# _UINT8_T + +# Define to empty if `const' does not conform to ANSI C. +# undef const + +# Define to `__inline__' or `__inline' if that's what the C compiler +# calls it, or to nothing if 'inline' is not supported under any name. +#ifndef __cplusplus +#undef inline +#endif +# TODO Assume we got inline support +# https://cmake.org/Wiki/CMakeTestInline + +# Define to the equivalent of the C99 'restrict' keyword, or to +# nothing if this is not supported. Do not define if restrict is +# supported directly. +#define restrict __restrict +if (NOT "c_restrict" IN_LIST CMAKE_C_COMPILE_FEATURES) + message("No restrict") + set(restrict __restrict) +endif () + +# Define to `int' if does not define. +# undef pid_t +# Define to the type of an unsigned integer type of width exactly 16 bits if +# such a type exists and the standard includes do not define it. +# undef uint16_t +# Define to the type of an unsigned integer type of width exactly 8 bits if +# such a type exists and the standard includes do not define it. +# undef uint8_t +set(CMAKE_EXTRA_INCLUDE_FILES sys/types.h) +check_type_size(pid_t PID_T) +check_type_size(size_t SIZE_T) +check_type_size(ssize_t SSIZE_T) +set(CMAKE_EXTRA_INCLUDE_FILES) + +check_type_size(uint16_t UINT16_T) +check_type_size(uint8_t UINT8_T) + +## Inverse +if (NOT HAVE_PID_T) + set(pid_t int) +endif () +if (NOT HAVE_SIZE_T) + set(size_t "unsigned int") +endif () +if (NOT HAVE_SSIZE_T) + set(ssize_t int) +endif () + +if (NOT HAVE_UINT8_T) + set(uint8_t "unsigned char") +endif () +if (NOT HAVE_UINT16_T) + set(uint16_t "unsigned short") +endif () + + +# Define as `fork' if `vfork' does not work. +if (NOT HAVE_WORKING_VFORK) + set(vfork fork) +endif () \ No newline at end of file diff --git a/cmake/shadowsocks-libev.pc.cmake b/cmake/shadowsocks-libev.pc.cmake new file mode 100644 index 00000000..a8f6f1bd --- /dev/null +++ b/cmake/shadowsocks-libev.pc.cmake @@ -0,0 +1,14 @@ +prefix=@prefix@ +exec_prefix=${prefix}/@CMAKE_INSTALL_BINDIR@ +libdir=${exec_prefix}/@CMAKE_INSTALL_FULL_LIBDIR@ +includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ +sharedir=${prefix}/@CMAKE_INSTALL_DATAROOTDIR@ +mandir=${prefix}/@CMAKE_INSTALL_MANDIR@ + +Name: @PROJECT_NAME@ +Description: @PROJECT_DESC@ +URL: @PROJECT_URL@ +Version: @PROJECT_VERSION@ +Requires: +Cflags: -I${includedir} +Libs: -L${libdir} -lshadowsocks-libev -lcrypto diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt new file mode 100644 index 00000000..0e8b762f --- /dev/null +++ b/src/CMakeLists.txt @@ -0,0 +1,188 @@ +# redir need linux/* stuff +if (LINUX) + option(WITH_SS_REDIR "Build ss-redir" ON) +else () + option(WITH_SS_REDIR "Build ss-redir" OFF) +endif () + + +set(SS_SNI_SOURCE + http.c + tls.c + rule.c + ) + +set(SS_CRYPTO_SOURCE + crypto.c + aead.c + stream.c + base64.c + ) + +set(SS_PLUGIN_SOURCE + plugin.c + ) + +set(SS_SHARED_SOURCES + utils.c + jconf.c + json.c + netutils.c + ) + +set(LIBSHADOWSOCKS_LIBEV_SOURCE + ${SS_SHARED_SOURCES} + udprelay.c + cache.c + acl.c + local.c + ${SS_CRYPTO_SOURCE} + ${SS_PLUGIN_SOURCE} + ${SS_SNI_SOURCE}) + +set(SS_LOCAL_SOURCE + ${LIBSHADOWSOCKS_LIBEV_SOURCE} + + ) + +set(SS_TUNNEL_SOURCE + ${SS_SHARED_SOURCES} + udprelay.c + cache.c + tunnel.c + ${SS_CRYPTO_SOURCE} + ${SS_PLUGIN_SOURCE} + ) + +set(SS_SERVER_SOURCE + ${SS_SHARED_SOURCES} + udprelay.c + cache.c + acl.c + resolv.c + server.c + ${SS_CRYPTO_SOURCE} + ${SS_PLUGIN_SOURCE} + ${SS_SNI_SOURCE} + ) + +set(SS_MANAGER_SOURCE + ${SS_SHARED_SOURCES} + manager.c + ) + +set(SS_REDIR_SOURCE + ${SS_SHARED_SOURCES} + udprelay.c + cache.c + redir.c + ${SS_CRYPTO_SOURCE} + ${SS_PLUGIN_SOURCE} + ${SS_SNI_SOURCE} + ) + + +find_library(LIBSODIUM libsodium.a) +find_library(LIBMBEDTLS libmbedtls.a) +find_library(LIBMBEDCRYPTO libmbedcrypto.a) +find_library(LIBEV libev.a) +find_library(LIBUDNS libudns.a) +find_library(LIBPCRE libpcre.a) + +find_library(LIBSODIUM_SHARED sodium) +find_library(LIBMBEDTLS_SHARED mbedtls) +find_library(LIBMBEDCRYPTO_SHARED mbedcrypto) +find_library(LIBEV_SHARED ev) +find_library(LIBUDNS_SHARED udns) +find_library(LIBPCRE_SHARED pcre) + +list(APPEND DEPS ${LIBEV} ${LIBUDNS} ${LIBPCRE} ${LIBSODIUM} ${LIBMBEDTLS} ${LIBMBEDCRYPTO}) +list(APPEND DEPS_SHARED ${LIBEV_SHARED} ${LIBUDNS_SHARED} ${LIBPCRE_SHARED} ${LIBSODIUM_SHARED} ${LIBMBEDTLS_SHARED} ${LIBMBEDCRYPTO_SHARED}) + +# Add our targets +add_executable(ss-server ${SS_SERVER_SOURCE}) +add_executable(ss-tunnel ${SS_TUNNEL_SOURCE}) +add_executable(ss-manager ${SS_MANAGER_SOURCE}) +add_executable(ss-local ${SS_LOCAL_SOURCE}) +if (WITH_SS_REDIR) + add_executable(ss-redir ${SS_REDIR_SOURCE}) +else () + add_executable(ss-redir EXCLUDE_FROM_ALL ${SS_REDIR_SOURCE}) +endif () +add_library(shadowsocks-libev STATIC ${LIBSHADOWSOCKS_LIBEV_SOURCE}) + + +target_compile_definitions(ss-server PUBLIC -DMODULE_REMOTE) +target_compile_definitions(ss-tunnel PUBLIC -DMODULE_TUNNEL) +target_compile_definitions(ss-manager PUBLIC -DMODULE_MANAGER) +target_compile_definitions(ss-local PUBLIC -DMODULE_LOCAL) +target_compile_definitions(ss-redir PUBLIC -DMODULE_REDIR) +target_compile_definitions(shadowsocks-libev PUBLIC -DMODULE_LOCAL) + +target_link_libraries(ss-server cork ipset ${DEPS}) +target_link_libraries(ss-tunnel cork ${DEPS}) +target_link_libraries(ss-manager cork ${LIBEV} ${LIBUDNS}) +target_link_libraries(ss-local cork ipset ${DEPS}) +target_link_libraries(ss-redir cork ipset ${DEPS}) +target_link_libraries(shadowsocks-libev cork ipset ${DEPS}) + +# ------------------------------------------------------------------ +# Shared +add_executable(ss-server-shared ${SS_SERVER_SOURCE}) +add_executable(ss-tunnel-shared ${SS_TUNNEL_SOURCE}) +add_executable(ss-manager-shared ${SS_MANAGER_SOURCE}) +add_executable(ss-local-shared ${SS_LOCAL_SOURCE}) +if (WITH_SS_REDIR) + add_executable(ss-redir-shared ${SS_REDIR_SOURCE}) +else () + add_executable(ss-redir-shared EXCLUDE_FROM_ALL ${SS_REDIR_SOURCE}) +endif () +add_library(shadowsocks-libev-shared SHARED ${LIBSHADOWSOCKS_LIBEV_SOURCE}) + +target_compile_definitions(ss-server-shared PUBLIC -DMODULE_REMOTE) +target_compile_definitions(ss-tunnel-shared PUBLIC -DMODULE_TUNNEL) +target_compile_definitions(ss-manager-shared PUBLIC -DMODULE_MANAGER) +target_compile_definitions(ss-local-shared PUBLIC -DMODULE_LOCAL) +target_compile_definitions(ss-redir-shared PUBLIC -DMODULE_REDIR) +target_compile_definitions(shadowsocks-libev-shared PUBLIC -DMODULE_LOCAL) + +target_link_libraries(ss-server-shared cork-shared ipset-shared ${DEPS_SHARED}) +target_link_libraries(ss-tunnel-shared cork-shared ${DEPS_SHARED}) +target_link_libraries(ss-manager-shared cork-shared ${LIBEV_SHARED} ${LIBUDNS_SHARED}) +target_link_libraries(ss-local-shared cork-shared ipset-shared ${DEPS_SHARED}) +target_link_libraries(ss-redir-shared cork-shared ipset-shared ${DEPS_SHARED}) +target_link_libraries(shadowsocks-libev-shared cork-shared ipset-shared ${DEPS_SHARED}) + + +set_target_properties(ss-server-shared PROPERTIES OUTPUT_NAME ss-server) +set_target_properties(ss-tunnel-shared PROPERTIES OUTPUT_NAME ss-tunnel) +set_target_properties(ss-manager-shared PROPERTIES OUTPUT_NAME ss-manager) +set_target_properties(ss-local-shared PROPERTIES OUTPUT_NAME ss-local) +set_target_properties(ss-redir-shared PROPERTIES OUTPUT_NAME ss-redir) + +set_target_properties(ss-server-shared ss-tunnel-shared ss-manager-shared ss-local-shared ss-redir-shared + PROPERTIES + RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/shared/bin" + ) + +set_target_properties(shadowsocks-libev-shared PROPERTIES OUTPUT_NAME shadowsocks-libev) +target_compile_definitions(shadowsocks-libev-shared PUBLIC -DMODULE_LOCAL) +target_link_libraries(shadowsocks-libev-shared cork-shared ipset-shared ${DEPS_SHARED}) + + +#install(DIRECTORY DESTINATION ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}) +#install(TARGETS ss-server RUNTIME DESTINATION bin) +#install(TARGETS ss-tunnel RUNTIME DESTINATION bin) +#install(TARGETS ss-manager RUNTIME DESTINATION bin) +#install(TARGETS ss-local RUNTIME DESTINATION bin) + +install(DIRECTORY ${CMAKE_RUNTIME_OUTPUT_DIRECTORY} + DESTINATION bin + FILES_MATCHING PATTERN "ss-*") + + +add_custom_target(distclean + COMMAND ${CMAKE_COMMAND} -E echo WARNING: distclean target is not functional + COMMAND ${CMAKE_COMMAND} -E echo Use 'git clean -fdx' instead + VERBATIM + ) \ No newline at end of file From 825e83534b294e96721d0f2d7c5219d6c2402d10 Mon Sep 17 00:00:00 2001 From: Roger Shimizu Date: Fri, 17 Feb 2017 00:00:11 +0900 Subject: [PATCH 09/62] fix of PATH_MAX for GNU/Hurd Info: - https://www.gnu.org/software/hurd/community/gsoc/project_ideas/maxpath.html - https://www.gnu.org/software/hurd/hurd/porting/guidelines.html#PATH_MAX_tt_MAX_PATH_tt_MAXPATHL --- src/plugin.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/src/plugin.c b/src/plugin.c index 2e47bb9a..0fb4d658 100644 --- a/src/plugin.c +++ b/src/plugin.c @@ -157,8 +157,8 @@ static int start_obfsproxy(const char *plugin, { char *pch; char *opts_dump; - char buf[PATH_MAX]; - int ret; + char *buf = NULL; + int ret, buf_size = 0; opts_dump = strndup(plugin_opts, OBFSPROXY_OPTS_MAX); if (!opts_dump) { @@ -171,7 +171,10 @@ static int start_obfsproxy(const char *plugin, cork_exec_add_param(exec, plugin); cork_exec_add_param(exec, "--data-dir"); - snprintf(buf, PATH_MAX, "/tmp/%s_%s:%s_%s:%s", plugin, + buf_size = 20 + strlen(plugin) + strlen(remote_host) + + strlen(remote_port) + strlen(local_host) + strlen(local_port); + buf = malloc(buf_size); + snprintf(buf, buf_size, "/tmp/%s_%s:%s_%s:%s", plugin, remote_host, remote_port, local_host, local_port); cork_exec_add_param(exec, buf); @@ -188,24 +191,25 @@ static int start_obfsproxy(const char *plugin, if (mode == MODE_CLIENT) { /* Client mode */ cork_exec_add_param(exec, "--dest"); - snprintf(buf, PATH_MAX, "%s:%s", remote_host, remote_port); + snprintf(buf, buf_size, "%s:%s", remote_host, remote_port); cork_exec_add_param(exec, buf); cork_exec_add_param(exec, "client"); - snprintf(buf, PATH_MAX, "%s:%s", local_host, local_port); + snprintf(buf, buf_size, "%s:%s", local_host, local_port); cork_exec_add_param(exec, buf); } else { /* Server mode */ cork_exec_add_param(exec, "--dest"); - snprintf(buf, PATH_MAX, "%s:%s", local_host, local_port); + snprintf(buf, buf_size, "%s:%s", local_host, local_port); cork_exec_add_param(exec, buf); cork_exec_add_param(exec, "server"); - snprintf(buf, PATH_MAX, "%s:%s", remote_host, remote_port); + snprintf(buf, buf_size, "%s:%s", remote_host, remote_port); cork_exec_add_param(exec, buf); } cork_exec_set_env(exec, env); sub = cork_subprocess_new_exec(exec, NULL, NULL, &exit_code); ret = cork_subprocess_start(sub); ss_free(opts_dump); + free(buf); return ret; } @@ -220,7 +224,6 @@ start_plugin(const char *plugin, { char *new_path = NULL; const char *current_path; - char cwd[PATH_MAX]; size_t new_path_len; int ret; @@ -236,10 +239,12 @@ start_plugin(const char *plugin, env = cork_env_clone_current(); current_path = cork_env_get(env, "PATH"); if (current_path != NULL) { - if (!getcwd(cwd, PATH_MAX)) { + char *cwd = get_current_dir_name(); + if (cwd) { new_path_len = strlen(current_path) + strlen(cwd) + 2; new_path = ss_malloc(new_path_len); snprintf(new_path, new_path_len, "%s:%s", cwd, current_path); + free(cwd); } } if (new_path != NULL) From 4c0f33e33d808ab602db6896e20531469e085e01 Mon Sep 17 00:00:00 2001 From: Roger Shimizu Date: Thu, 16 Feb 2017 23:24:42 +0900 Subject: [PATCH 10/62] Update trusty build script - Move Build-Depends dh-autoreconf dh-systemd to debian/control - Also change debian/compat to 9 (debhelper 9) --- scripts/deb4trusty.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/deb4trusty.sh b/scripts/deb4trusty.sh index d25e6691..52b52640 100755 --- a/scripts/deb4trusty.sh +++ b/scripts/deb4trusty.sh @@ -6,7 +6,7 @@ # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -DEPS="git-buildpackage equivs dh-autoreconf dh-systemd" +DEPS="git-buildpackage equivs" sudo apt-get install -y $DEPS gbp_build() { @@ -55,8 +55,9 @@ sudo dpkg -i libsodium*.deb gbp clone --pristine-tar https://anonscm.debian.org/git/collab-maint/shadowsocks-libev.git # Add patch to work with ubuntu trusty (14.04) cd shadowsocks-libev -sed -i s/--with\ systemd/--with\ systemd\ --with\ autoreconf/ debian/rules -sed -i s/debhelper\ \(\>=\ 10\)/debhelper\ \(\>=\ 9\)/ debian/control +sed -i 's/dh $@/dh $@ --with systemd,autoreconf/' debian/rules +sed -i 's/debhelper (>= 10)/debhelper (>= 9), dh-systemd, dh-autoreconf/' debian/control +echo 9 > debian/compat git add -u git commit -m "Patch to work with ubuntu trusty (14.04)" cd - From d20117481c980bd655283d13d2842ae6da6f7d3e Mon Sep 17 00:00:00 2001 From: Roger Shimizu Date: Fri, 17 Feb 2017 08:38:03 +0900 Subject: [PATCH 11/62] Add xenial-backports repository Because user may upgrade from previous LTS version, xenial-backports is better to be added by us for safety. And use debhelper 10 for shadowsocks-libev only. --- scripts/deb4xenial.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/deb4xenial.sh b/scripts/deb4xenial.sh index b7b5e278..13b9d28a 100755 --- a/scripts/deb4xenial.sh +++ b/scripts/deb4xenial.sh @@ -6,13 +6,8 @@ # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# Please add xenial-backports repo to your apt source list -# Because we use debhelper 10 in that repo DEPS="git-buildpackage equivs" -DEPS_BPO="debhelper" -BPO=xenial-backports sudo apt-get install -y $DEPS -sudo apt-get install -y -t $BPO $DEPS_BPO gbp_build() { REPO=$1 @@ -49,6 +44,11 @@ gbp_build https://github.com/rogers0/libcorkipset debian sudo dpkg -i libcorkipset-dev_*.deb libcorkipset1_*.deb # Build shadowsocks-libev +DEPS_BPO="debhelper" +BPO=xenial-backports +sudo sh -c 'printf "deb http://archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse" > /etc/apt/sources.list.d/xenial-backports.list' +sudo apt-get update +sudo apt-get install -y -t $BPO $DEPS_BPO gbp_build https://anonscm.debian.org/git/collab-maint/shadowsocks-libev.git master sudo dpkg -i shadowsocks-libev_*.deb sudo apt-get install -fy From bf23fb6ec492eac7f903129fa37d738446356d53 Mon Sep 17 00:00:00 2001 From: Max Lv Date: Fri, 17 Feb 2017 12:30:10 +0800 Subject: [PATCH 12/62] Fix a memory leak --- src/aead.c | 8 ++++---- src/local.c | 4 ++-- src/redir.c | 4 ++-- src/server.c | 4 ++-- src/stream.c | 18 ++++++------------ src/tunnel.c | 4 ++-- src/utils.c | 13 +++++++++++++ src/utils.h | 1 + 8 files changed, 32 insertions(+), 24 deletions(-) diff --git a/src/aead.c b/src/aead.c index b7f9b34e..a397dd36 100644 --- a/src/aead.c +++ b/src/aead.c @@ -365,16 +365,16 @@ aead_ctx_init(cipher_t *cipher, cipher_ctx_t *cipher_ctx, int enc) void aead_ctx_release(cipher_ctx_t *cipher_ctx) { - if (cipher_ctx->cipher->method >= CHACHA20POLY1305IETF) { - return; - } - if (cipher_ctx->chunk != NULL) { bfree(cipher_ctx->chunk); ss_free(cipher_ctx->chunk); cipher_ctx->chunk = NULL; } + if (cipher_ctx->cipher->method >= CHACHA20POLY1305IETF) { + return; + } + mbedtls_cipher_free(cipher_ctx->evp); ss_free(cipher_ctx->evp); } diff --git a/src/local.c b/src/local.c index 1a409470..346b6ae3 100644 --- a/src/local.c +++ b/src/local.c @@ -1014,8 +1014,8 @@ new_server(int fd) server->recv_ctx->server = server; server->send_ctx->server = server; - server->e_ctx = ss_malloc(sizeof(cipher_ctx_t)); - server->d_ctx = ss_malloc(sizeof(cipher_ctx_t)); + server->e_ctx = ss_align(sizeof(cipher_ctx_t)); + server->d_ctx = ss_align(sizeof(cipher_ctx_t)); crypto->ctx_init(crypto->cipher, server->e_ctx, 1); crypto->ctx_init(crypto->cipher, server->d_ctx, 0); diff --git a/src/redir.c b/src/redir.c index a595ab8e..410b1f94 100644 --- a/src/redir.c +++ b/src/redir.c @@ -618,8 +618,8 @@ new_server(int fd) server->hostname = NULL; server->hostname_len = 0; - server->e_ctx = ss_malloc(sizeof(cipher_ctx_t)); - server->d_ctx = ss_malloc(sizeof(cipher_ctx_t)); + server->e_ctx = ss_align(sizeof(cipher_ctx_t)); + server->d_ctx = ss_align(sizeof(cipher_ctx_t)); crypto->ctx_init(crypto->cipher, server->e_ctx, 1); crypto->ctx_init(crypto->cipher, server->d_ctx, 0); diff --git a/src/server.c b/src/server.c index cd78908d..8a5cef0c 100644 --- a/src/server.c +++ b/src/server.c @@ -1201,8 +1201,8 @@ new_server(int fd, listen_ctx_t *listener) server->listen_ctx = listener; server->remote = NULL; - server->e_ctx = ss_malloc(sizeof(cipher_ctx_t)); - server->d_ctx = ss_malloc(sizeof(cipher_ctx_t)); + server->e_ctx = ss_align(sizeof(cipher_ctx_t)); + server->d_ctx = ss_align(sizeof(cipher_ctx_t)); crypto->ctx_init(crypto->cipher, server->e_ctx, 1); crypto->ctx_init(crypto->cipher, server->d_ctx, 0); diff --git a/src/stream.c b/src/stream.c index 40b7877e..e9aa35d5 100644 --- a/src/stream.c +++ b/src/stream.c @@ -216,13 +216,18 @@ stream_cipher_ctx_init(cipher_ctx_t *ctx, int method, int enc) } void -stream_cipher_ctx_release(cipher_ctx_t *cipher_ctx) +stream_ctx_release(cipher_ctx_t *cipher_ctx) { if (cipher_ctx->chunk != NULL) { bfree(cipher_ctx->chunk); ss_free(cipher_ctx->chunk); cipher_ctx->chunk = NULL; } + + if (cipher_ctx->cipher->method >= SALSA20) { + return; + } + mbedtls_cipher_free(cipher_ctx->evp); ss_free(cipher_ctx->evp); } @@ -574,17 +579,6 @@ stream_ctx_init(cipher_t *cipher, cipher_ctx_t *cipher_ctx, int enc) } } -void -stream_ctx_release(cipher_ctx_t *cipher_ctx) -{ - if (cipher_ctx->cipher->method >= SALSA20) { - return; - } - - mbedtls_cipher_free(cipher_ctx->evp); - ss_free(cipher_ctx->evp); -} - cipher_t * stream_key_init(int method, const char *pass, const char *key) { diff --git a/src/tunnel.c b/src/tunnel.c index 607f251b..79d1216a 100644 --- a/src/tunnel.c +++ b/src/tunnel.c @@ -566,8 +566,8 @@ new_server(int fd) server->send_ctx->server = server; server->send_ctx->connected = 0; - server->e_ctx = ss_malloc(sizeof(cipher_ctx_t)); - server->d_ctx = ss_malloc(sizeof(cipher_ctx_t)); + server->e_ctx = ss_align(sizeof(cipher_ctx_t)); + server->d_ctx = ss_align(sizeof(cipher_ctx_t)); crypto->ctx_init(crypto->cipher, server->e_ctx, 1); crypto->ctx_init(crypto->cipher, server->d_ctx, 0); diff --git a/src/utils.c b/src/utils.c index 26b26418..838e4923 100644 --- a/src/utils.c +++ b/src/utils.c @@ -229,6 +229,19 @@ ss_malloc(size_t size) return tmp; } +void * +ss_align(size_t size) +{ + int err; + void *tmp; + err = posix_memalign(&tmp, sizeof(void *), size); + if (err) { + return ss_malloc(size); + } else { + return tmp; + } +} + void * ss_realloc(void *ptr, size_t new_size) { diff --git a/src/utils.h b/src/utils.h index e3b44175..6ec04073 100644 --- a/src/utils.h +++ b/src/utils.h @@ -175,6 +175,7 @@ int set_nofile(int nofile); #endif void *ss_malloc(size_t size); +void *ss_align(size_t size); void *ss_realloc(void *ptr, size_t new_size); #define ss_free(ptr) \ From f9fe9bccf5d29c93bb3fd9f04209a8e6d209ef36 Mon Sep 17 00:00:00 2001 From: Max Lv Date: Fri, 17 Feb 2017 13:17:13 +0800 Subject: [PATCH 13/62] Fix build on non-GPU targets --- src/plugin.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/plugin.c b/src/plugin.c index 0fb4d658..3564def3 100644 --- a/src/plugin.c +++ b/src/plugin.c @@ -173,7 +173,7 @@ static int start_obfsproxy(const char *plugin, cork_exec_add_param(exec, "--data-dir"); buf_size = 20 + strlen(plugin) + strlen(remote_host) + strlen(remote_port) + strlen(local_host) + strlen(local_port); - buf = malloc(buf_size); + buf = ss_malloc(buf_size); snprintf(buf, buf_size, "/tmp/%s_%s:%s_%s:%s", plugin, remote_host, remote_port, local_host, local_port); cork_exec_add_param(exec, buf); @@ -239,12 +239,19 @@ start_plugin(const char *plugin, env = cork_env_clone_current(); current_path = cork_env_get(env, "PATH"); if (current_path != NULL) { +#ifdef _GNU_SOURCE char *cwd = get_current_dir_name(); if (cwd) { +#else + char cwd[PATH_MAX]; + if (!getcwd(cwd, PATH_MAX)) { +#endif new_path_len = strlen(current_path) + strlen(cwd) + 2; new_path = ss_malloc(new_path_len); snprintf(new_path, new_path_len, "%s:%s", cwd, current_path); +#ifdef _GNU_SOURCE free(cwd); +#endif } } if (new_path != NULL) From a0fd7a1186faa912b3591cf1ec87d9eb6856411e Mon Sep 17 00:00:00 2001 From: Max Lv Date: Fri, 17 Feb 2017 13:29:44 +0800 Subject: [PATCH 14/62] Detect get_current_dir_name in configure --- configure.ac | 2 +- src/plugin.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 95d3f581..bd03c597 100755 --- a/configure.ac +++ b/configure.ac @@ -212,7 +212,7 @@ dnl Checks for library functions. AC_FUNC_FORK AC_FUNC_SELECT_ARGTYPES AC_TYPE_SIGNAL -AC_CHECK_FUNCS([memset select setresuid setreuid strerror getpwnam_r setrlimit]) +AC_CHECK_FUNCS([memset select setresuid setreuid strerror get_current_dir_name getpwnam_r setrlimit]) AC_CHECK_LIB(socket, connect) diff --git a/src/plugin.c b/src/plugin.c index 3564def3..dda57aac 100644 --- a/src/plugin.c +++ b/src/plugin.c @@ -239,7 +239,7 @@ start_plugin(const char *plugin, env = cork_env_clone_current(); current_path = cork_env_get(env, "PATH"); if (current_path != NULL) { -#ifdef _GNU_SOURCE +#ifdef HAVE_GET_CURRENT_DIR_NAME char *cwd = get_current_dir_name(); if (cwd) { #else @@ -249,7 +249,7 @@ start_plugin(const char *plugin, new_path_len = strlen(current_path) + strlen(cwd) + 2; new_path = ss_malloc(new_path_len); snprintf(new_path, new_path_len, "%s:%s", cwd, current_path); -#ifdef _GNU_SOURCE +#ifdef HAVE_GET_CURRENT_DIR_NAME free(cwd); #endif } From dc216391b9cf15c12e61cb5957726720fc4f4f84 Mon Sep 17 00:00:00 2001 From: Max Lv Date: Fri, 17 Feb 2017 15:29:09 +0800 Subject: [PATCH 15/62] Update README.md --- README.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index eea01fd4..31d39850 100644 --- a/README.md +++ b/README.md @@ -15,12 +15,8 @@ Travis CI: [![Travis CI](https://travis-ci.org/shadowsocks/shadowsocks-libev.svg ## Features -Shadowsocks-libev is written in pure C and depends on -[libev](http://software.schmorp.de/pkg/libev.html). - -In normal usage, the memory footprint is about 600KB and the CPU utilization is -no more than 5% on a low-end router (Buffalo WHR-G300N V2 with a 400MHz MIPS CPU, -32MB memory and 4MB flash). +Shadowsocks-libev is written in pure C and depends on [libev](http://software.schmorp.de/pkg/libev.html). It's designed +to be a very simple implementation of shadowsocks protocol, in order to keep the resource usage as low as possible. For a full list of feature comparison between different versions of shadowsocks, refer to the [Wiki page](https://github.com/shadowsocks/shadowsocks/wiki/Feature-Comparison-across-Different-Versions). From 94a9924a780b715a553eaa28a2b6086d27bb123c Mon Sep 17 00:00:00 2001 From: Roger Shimizu Date: Sun, 19 Feb 2017 19:06:03 +0900 Subject: [PATCH 16/62] Update deb build script Now build script is able to auto detect system and choose libraries necessary to build. Also update the README accordingly. --- README.md | 7 +- scripts/build_deb.sh | 160 ++++++++++++++++++++++++++++++++++++++++++ scripts/deb4trusty.sh | 72 ------------------- scripts/deb4xenial.sh | 59 ---------------- 4 files changed, 164 insertions(+), 134 deletions(-) create mode 100755 scripts/build_deb.sh delete mode 100755 scripts/deb4trusty.sh delete mode 100755 scripts/deb4xenial.sh diff --git a/README.md b/README.md index 31d39850..69295937 100644 --- a/README.md +++ b/README.md @@ -132,9 +132,10 @@ Please follow the instructions on [Debian Backports Website](https://backports.d You can build shadowsocks-libev and all its dependencies by script: ```bash -./scripts/deb4trusty.sh # for 14.04 (Trusty) - - or - -./scripts/deb4xenial.sh # for 16.04 (Xenial) +mkdir -p ~/build-area/ +cp ./scripts/build_deb.sh ~/build-area/ +cd ~/build-area +./build_deb.sh ``` Otherwise, try to build and install directly from source. See the [Linux](#linux) diff --git a/scripts/build_deb.sh b/scripts/build_deb.sh new file mode 100755 index 00000000..1ca5663b --- /dev/null +++ b/scripts/build_deb.sh @@ -0,0 +1,160 @@ +#!/bin/sh +# Copyright 2017 Roger Shimizu +# +# This is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +if [ -d .git ]; then + echo Please run this script in a clean place. + echo e.g. + echo " mkdir -p ~/build-area/" + echo " cp $0 ~/build-area/" + echo " cd ~/build-area" + echo " ./$(basename $0)" + exit +fi + +apt_init() { + DEPS="git-buildpackage equivs" + sudo apt-get update + sudo apt-get install -y $DEPS +} + +# Cleanup +apt_clean() { + sudo apt-get purge -y $DEPS $DEPS_BPO shadowsocks-libev-build-deps \ + libcork-dev libcorkipset-dev debhelper + sudo apt-get purge -y libcork-build-deps libcorkipset-build-deps + sudo apt-get purge -y mbedtls-build-deps libmbedtls-dev + sudo apt-get purge -y libsodium-build-deps libsodium-dev + sudo apt-get autoremove -y +} + +gbp_build() { + REPO=$1 + BRANCH=$2 + PROJECT_NAME=$(basename $1|sed s/\.git$//) + gbp clone --pristine-tar $REPO + cd $PROJECT_NAME + git checkout $BRANCH + mk-build-deps --root-cmd sudo --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" + rm ${PROJECT_NAME}-build-deps_*.deb + gbp buildpackage -us -uc --git-ignore-branch --git-pristine-tar + git clean -fdx + git reset --hard HEAD + cd - +} + +dsc_build() { + DSC=$1 + DSC_FILE=$(basename $1) + dget -ux $DSC + PROJECT_NAME=$(grep ^Source: $DSC_FILE|cut -d" " -f2) + echo cd ${PROJECT_NAME}-* + cd ${PROJECT_NAME}-* + mk-build-deps --root-cmd sudo --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" + rm ${PROJECT_NAME}-build-deps_*.deb + dpkg-buildpackage -us -uc + cd - +} + +# Build and install libcork deb +build_install_libcork() { + BRANCH=$1 + gbp_build https://github.com/rogers0/libcork $BRANCH + sudo dpkg -i libcork-dev_*.deb libcork16_*.deb +} + +# Build and install libcorkipset deb +build_install_libcorkipset() { + BRANCH=$1 + gbp_build https://github.com/rogers0/libcorkipset $BRANCH + sudo dpkg -i libcorkipset-dev_*.deb libcorkipset1_*.deb +} + +# Build libmbedtls deb +build_install_libmbedtls() { + gbp_build https://anonscm.debian.org/cgit/collab-maint/mbedtls.git debian/jessie-backports + sudo dpkg -i libmbed*.deb +} + +# Build libsodium deb +build_install_libsodium() { + dsc_build http://httpredir.debian.org/debian/pool/main/libs/libsodium/libsodium_1.0.11-1~bpo8+1.dsc + sudo dpkg -i libsodium*.deb +} + +# Add patch to work on system with debhelper 9 only +patch_sslibev_dh9() { + gbp clone --pristine-tar https://anonscm.debian.org/git/collab-maint/shadowsocks-libev.git + cd shadowsocks-libev + sed -i 's/dh $@/dh $@ --with systemd,autoreconf/' debian/rules + sed -i 's/debhelper (>= 10)/debhelper (>= 9), dh-systemd, dh-autoreconf/' debian/control + echo 9 > debian/compat + git add -u + git commit -m "Patch to work with ubuntu trusty (14.04)" + cd - +} + +# Build and install shadowsocks-libev deb +build_install_sslibev() { + gbp_build https://anonscm.debian.org/git/collab-maint/shadowsocks-libev.git master + sudo dpkg -i shadowsocks-libev_*.deb + sudo apt-get install -fy +} + +OSID=$(grep ^ID= /etc/os-release|cut -d= -f2) +case "$OSID" in +debian) + OSVER=$(grep ^VERSION= /etc/os-release|cut -d\( -f2|cut -d\) -f1) + ;; +ubuntu) + OSVER=$(grep DISTRIB_CODENAME /etc/lsb-release|cut -d= -f2) + ;; +*) + OSVER=unknown + ;; +esac + +case "$OSVER" in +wheezy|precise) + echo Sorry, your system $OSID/$OSVER is not supported. + ;; +jessie) + echo Please install from official backports repository: + echo " apt install -t jessie-backports shadowsocks-libev" + ;; +stretch|unstable|sid|yakkety) + echo Please install from official repository: + echo " apt install shadowsocks-libev" + ;; +trusty) + apt_init + build_install_libcork trusty + build_install_libcorkipset trusty + build_install_libmbedtls + build_install_libsodium + patch_sslibev_dh9 + build_install_sslibev + apt_clean + ;; +xenial) + DEPS_BPO="debhelper" + BPO=xenial-backports + sudo sh -c 'printf "deb http://archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse" > /etc/apt/sources.list.d/xenial-backports.list' + sudo apt-get update + sudo apt-get install -y -t $BPO $DEPS_BPO + apt_init + build_install_libcork debian + build_install_libcorkipset debian + build_install_sslibev + apt_clean + ;; +*) + echo Your system $OSID/$OSVER is not supported yet. + echo Please report issue: + echo " https://github.com/shadowsocks/shadowsocks-libev/issues/new" + ;; +esac diff --git a/scripts/deb4trusty.sh b/scripts/deb4trusty.sh deleted file mode 100755 index 52b52640..00000000 --- a/scripts/deb4trusty.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/sh -# Copyright 2017 Roger Shimizu -# -# This is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. - -DEPS="git-buildpackage equivs" -sudo apt-get install -y $DEPS - -gbp_build() { - REPO=$1 - BRANCH=$2 - PROJECT_NAME=$(basename $1|sed s/\.git$//) - gbp clone --pristine-tar $REPO - cd $PROJECT_NAME - git checkout $BRANCH - mk-build-deps --root-cmd sudo --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" - rm ${PROJECT_NAME}-build-deps_*.deb - gbp buildpackage -us -uc --git-ignore-branch --git-pristine-tar - cd - -} - -dsc_build() { - DSC=$1 - DSC_FILE=$(basename $1) - dget -ux $DSC - PROJECT_NAME=$(grep ^Source: $DSC_FILE|cut -d" " -f2) - echo cd ${PROJECT_NAME}-* - cd ${PROJECT_NAME}-* - mk-build-deps --root-cmd sudo --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" - rm ${PROJECT_NAME}-build-deps_*.deb - dpkg-buildpackage -us -uc - cd - -} - -# Build libcork deb if you don't have -gbp_build https://github.com/rogers0/libcork trusty -sudo dpkg -i libcork-dev_*.deb libcork16_*.deb - -# Build libcorkipset deb if you don't have -gbp_build https://github.com/rogers0/libcorkipset trusty -sudo dpkg -i libcorkipset-dev_*.deb libcorkipset1_*.deb - -# Build libmbedtls deb if you don't have -gbp_build https://anonscm.debian.org/cgit/collab-maint/mbedtls.git debian/jessie-backports -sudo dpkg -i libmbed*.deb - -# Build libsodium deb if you don't have -dsc_build http://httpredir.debian.org/debian/pool/main/libs/libsodium/libsodium_1.0.11-1~bpo8+1.dsc -sudo dpkg -i libsodium*.deb - -# Build shadowsocks-libev -gbp clone --pristine-tar https://anonscm.debian.org/git/collab-maint/shadowsocks-libev.git -# Add patch to work with ubuntu trusty (14.04) -cd shadowsocks-libev -sed -i 's/dh $@/dh $@ --with systemd,autoreconf/' debian/rules -sed -i 's/debhelper (>= 10)/debhelper (>= 9), dh-systemd, dh-autoreconf/' debian/control -echo 9 > debian/compat -git add -u -git commit -m "Patch to work with ubuntu trusty (14.04)" -cd - -gbp_build https://anonscm.debian.org/git/collab-maint/shadowsocks-libev.git master -sudo dpkg -i shadowsocks-libev_*.deb -sudo apt-get install -fy - -# Cleanup -sudo apt-get purge -y libcork-build-deps libcorkipset-build-deps shadowsocks-libev-build-deps \ - mbedtls-build-deps libsodium-build-deps \ - $DEPS libcork-dev libcorkipset-dev libmbedtls-dev libsodium-dev debhelper -sudo apt-get autoremove -y diff --git a/scripts/deb4xenial.sh b/scripts/deb4xenial.sh deleted file mode 100755 index 13b9d28a..00000000 --- a/scripts/deb4xenial.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh -# Copyright 2017 Roger Shimizu -# -# This is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. - -DEPS="git-buildpackage equivs" -sudo apt-get install -y $DEPS - -gbp_build() { - REPO=$1 - BRANCH=$2 - PROJECT_NAME=$(basename $1|sed s/\.git$//) - gbp clone --pristine-tar $REPO - cd $PROJECT_NAME - git checkout $BRANCH - mk-build-deps --root-cmd sudo --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" - rm ${PROJECT_NAME}-build-deps_*.deb - gbp buildpackage -us -uc --git-ignore-branch --git-pristine-tar - cd - -} - -dsc_build() { - DSC=$1 - DSC_FILE=$(basename $1) - dget -ux $DSC - PROJECT_NAME=$(grep ^Source: $DSC_FILE|cut -d" " -f2) - echo cd ${PROJECT_NAME}-* - cd ${PROJECT_NAME}-* - mk-build-deps --root-cmd sudo --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" - rm ${PROJECT_NAME}-build-deps_*.deb - dpkg-buildpackage -us -uc - cd - -} - -# Build libcork deb if you don't have -gbp_build https://github.com/rogers0/libcork debian -sudo dpkg -i libcork-dev_*.deb libcork16_*.deb - -# Build libcorkipset deb if you don't have -gbp_build https://github.com/rogers0/libcorkipset debian -sudo dpkg -i libcorkipset-dev_*.deb libcorkipset1_*.deb - -# Build shadowsocks-libev -DEPS_BPO="debhelper" -BPO=xenial-backports -sudo sh -c 'printf "deb http://archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse" > /etc/apt/sources.list.d/xenial-backports.list' -sudo apt-get update -sudo apt-get install -y -t $BPO $DEPS_BPO -gbp_build https://anonscm.debian.org/git/collab-maint/shadowsocks-libev.git master -sudo dpkg -i shadowsocks-libev_*.deb -sudo apt-get install -fy - -# Cleanup -sudo apt-get purge -y libcork-build-deps libcorkipset-build-deps shadowsocks-libev-build-deps \ - $DEPS $DEPS_BPO libcork-dev libcorkipset-dev -sudo apt-get autoremove -y From d122cd1eed1c31789900492feaf676cf5b44b770 Mon Sep 17 00:00:00 2001 From: Roger Shimizu Date: Mon, 20 Feb 2017 00:03:10 +0900 Subject: [PATCH 17/62] Update build script to enable jessie/stretch etc Also include a few cleanup that simplified pkg installation from backports repository. --- README.md | 4 +++- debian/copyright | 2 +- scripts/build_deb.sh | 39 ++++++++++++++++++++++++++------------- 3 files changed, 30 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 69295937..a6936a7b 100644 --- a/README.md +++ b/README.md @@ -128,7 +128,9 @@ If you insist on building from source, you will need to manually install libsodi from `jessie-backports`, **NOT** libsodium in main repository. Please follow the instructions on [Debian Backports Website](https://backports.debian.org). -**Note for Ubuntu 14.04 (Trusty) / 16.04 (Xenial) users**: +You can also use the same build script for Ubuntu LTS as below. + +**Note for Debian (>=8) / Ubuntu 14.04 (Trusty) / 16.04 (Xenial) users**: You can build shadowsocks-libev and all its dependencies by script: ```bash diff --git a/debian/copyright b/debian/copyright index 9c572701..a9ee2635 100644 --- a/debian/copyright +++ b/debian/copyright @@ -37,7 +37,7 @@ Files: m4/stack-protector.m4 Copyright: 2007 Google Inc. License: Apache-2.0 -Files: scripts/deb4*.sh +Files: scripts/build_deb.sh Copyright: 2017 Roger Shimizu License: GPL-3+ diff --git a/scripts/build_deb.sh b/scripts/build_deb.sh index 1ca5663b..18ff0de6 100755 --- a/scripts/build_deb.sh +++ b/scripts/build_deb.sh @@ -17,8 +17,24 @@ if [ -d .git ]; then fi apt_init() { - DEPS="git-buildpackage equivs" - sudo apt-get update + DEPS="$1" + DEPS_BPO="$2" + if [ -n "$DEPS_BPO" ]; then + BPO=${OSVER}-backports + case "$OSID" in + debian) + REPO=http://httpredir.debian.org/debian + ;; + ubuntu) + REPO=http://archive.ubuntu.com/ubuntu + ;; + esac + sudo sh -c "printf \"deb $REPO ${OSVER}-backports main\" > /etc/apt/sources.list.d/${OSVER}-backports.list" + sudo apt-get update + sudo apt-get install -y -t $BPO $DEPS_BPO + else + sudo apt-get update + fi sudo apt-get install -y $DEPS } @@ -123,15 +139,17 @@ wheezy|precise) echo Sorry, your system $OSID/$OSVER is not supported. ;; jessie) - echo Please install from official backports repository: - echo " apt install -t jessie-backports shadowsocks-libev" + apt_init "git-buildpackage equivs" "debhelper libsodium-dev" + build_install_sslibev + apt_clean ;; stretch|unstable|sid|yakkety) - echo Please install from official repository: - echo " apt install shadowsocks-libev" + apt_init "git-buildpackage equivs" + build_install_sslibev + apt_clean ;; trusty) - apt_init + apt_init "git-buildpackage equivs" build_install_libcork trusty build_install_libcorkipset trusty build_install_libmbedtls @@ -141,12 +159,7 @@ trusty) apt_clean ;; xenial) - DEPS_BPO="debhelper" - BPO=xenial-backports - sudo sh -c 'printf "deb http://archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse" > /etc/apt/sources.list.d/xenial-backports.list' - sudo apt-get update - sudo apt-get install -y -t $BPO $DEPS_BPO - apt_init + apt_init "git-buildpackage equivs" debhelper build_install_libcork debian build_install_libcorkipset debian build_install_sslibev From 3f2f979dacae3855d2d48c9c15e875db7252b33c Mon Sep 17 00:00:00 2001 From: Max Lv Date: Mon, 20 Feb 2017 10:29:32 +0800 Subject: [PATCH 18/62] Replace nonce cache with a ping-pong bloom filter (#1282) * Add Ping-Pong bloom filter * Refine bloom filter insertion * Reduce the error rate to 0.00001 * Avoid alignment issue in murmurhash2 * Fix a memory leak * Fix build on non-GPU targets * Detect get_current_dir_name in configure * Update README.md * Remove redudant bfree() * Reduce the memory usage for local client * Fix #1275 * Refine #1275 * Use IP when bypassing SNI domains * Also apply replay detector on UDP traffic * Update deb build script Now build script is able to auto detect system and choose libraries necessary to build. Also update the README accordingly. * Update build script to enable jessie/stretch etc Also include a few cleanup that simplified pkg installation from backports repository. --- .gitmodules | 4 ++ Makefile.am | 5 ++- configure.ac | 3 +- libbloom | 1 + src/Makefile.am | 5 ++- src/aead.c | 38 ++++++++++--------- src/crypto.c | 12 +++--- src/crypto.h | 2 +- src/jconf.c | 4 +- src/jconf.h | 1 - src/local.c | 9 +++-- src/manager.c | 19 ++-------- src/manager.h | 1 - src/ppbloom.c | 98 +++++++++++++++++++++++++++++++++++++++++++++++++ src/ppbloom.h | 31 ++++++++++++++++ src/redir.c | 5 ++- src/server.c | 5 ++- src/stream.c | 44 +++++++++++----------- src/tunnel.c | 7 +++- 19 files changed, 217 insertions(+), 77 deletions(-) create mode 160000 libbloom create mode 100644 src/ppbloom.c create mode 100644 src/ppbloom.h diff --git a/.gitmodules b/.gitmodules index 77612e09..bf4d6cac 100644 --- a/.gitmodules +++ b/.gitmodules @@ -6,3 +6,7 @@ path = libipset url = https://github.com/shadowsocks/ipset.git ignore = dirty +[submodule "libbloom"] + path = libbloom + url = https://github.com/shadowsocks/libbloom.git + ignore = dirty diff --git a/Makefile.am b/Makefile.am index 06af285c..c836452c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,7 @@ if USE_SYSTEM_SHARED_LIB -SUBDIRS = src +SUBDIRS = src libbloom else -SUBDIRS = libcork libipset src +SUBDIRS = libcork libipset libbloom src endif if ENABLE_DOCUMENTATION @@ -14,6 +14,7 @@ pkgconfiglibdir = $(libdir)/pkgconfig pkgconfiglib_DATA = shadowsocks-libev.pc EXTRA_DIST = acl Changes completions debian docker rpm README.md +EXTRA_DIST += libbloom EXTRA_DIST += libcork/include libipset/include EXTRA_DIST += libipset/src/libipset/map/inspection-template.c.in EXTRA_DIST += libipset/src/libipset/set/inspection-template.c.in diff --git a/configure.ac b/configure.ac index bd03c597..f8fa1de9 100755 --- a/configure.ac +++ b/configure.ac @@ -230,7 +230,8 @@ AC_CHECK_LIB([ev], [ev_loop_destroy], [LIBS="-lev $LIBS"], [AC_MSG_ERROR([Couldn AC_CONFIG_FILES([shadowsocks-libev.pc Makefile - src/Makefile]) + src/Makefile + libbloom/Makefile]) AM_COND_IF([USE_SYSTEM_SHARED_LIB], [AC_DEFINE([USE_SYSTEM_SHARED_LIB], [1], [Define if use system shared lib.])], diff --git a/libbloom b/libbloom new file mode 160000 index 00000000..f6e53fe6 --- /dev/null +++ b/libbloom @@ -0,0 +1 @@ +Subproject commit f6e53fe6486c40b751b58e6e8e516aeb6247e493 diff --git a/src/Makefile.am b/src/Makefile.am index 955fb570..4d383186 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -2,6 +2,7 @@ VERSION_INFO = 2:0:0 AM_CFLAGS = -g -O2 -Wall -Werror -Wno-deprecated-declarations -fno-strict-aliasing -std=gnu99 -D_GNU_SOURCE AM_CFLAGS += $(PTHREAD_CFLAGS) +AM_CFLAGS += -I$(top_srcdir)/libbloom if !USE_SYSTEM_SHARED_LIB AM_CFLAGS += -I$(top_srcdir)/libipset/include AM_CFLAGS += -I$(top_srcdir)/libcork/include @@ -9,6 +10,7 @@ endif AM_CFLAGS += $(LIBPCRE_CFLAGS) SS_COMMON_LIBS = $(INET_NTOP_LIB) $(LIBPCRE_LIBS) +SS_COMMON_LIBS += $(top_builddir)/libbloom/libbloom.la if !USE_SYSTEM_SHARED_LIB SS_COMMON_LIBS += $(top_builddir)/libipset/libipset.la \ $(top_builddir)/libcork/libcork.la @@ -26,6 +28,7 @@ sni_src = http.c \ crypto_src = crypto.c \ aead.c \ stream.c \ + ppbloom.c \ base64.c plugin_src = plugin.c @@ -112,6 +115,6 @@ libshadowsocks_libev_la_LIBADD = $(ss_local_LDADD) include_HEADERS = shadowsocks.h noinst_HEADERS = acl.h crypto.h stream.h aead.h json.h netutils.h redir.h server.h tls.h uthash.h \ - cache.h http.h local.h plugin.h resolv.h tunnel.h utils.h base64.h \ + cache.h http.h local.h plugin.h resolv.h tunnel.h utils.h base64.h ppbloom.h \ common.h jconf.h manager.h protocol.h rule.h socks5.h udprelay.h EXTRA_DIST = ss-nat diff --git a/src/aead.c b/src/aead.c index a397dd36..d32665e2 100644 --- a/src/aead.c +++ b/src/aead.c @@ -33,7 +33,7 @@ #include #include -#include "cache.h" +#include "ppbloom.h" #include "aead.h" #include "utils.h" @@ -405,13 +405,11 @@ aead_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity) (uint8_t *)plaintext->data, plaintext->len, NULL, 0, cipher_ctx.nonce, cipher_ctx.skey); - if (err) { - bfree(plaintext); - aead_ctx_release(&cipher_ctx); + aead_ctx_release(&cipher_ctx); + + if (err) return CRYPTO_ERROR; - } - aead_ctx_release(&cipher_ctx); assert(ciphertext->len == clen); brealloc(plaintext, salt_len + ciphertext->len, capacity); @@ -444,6 +442,11 @@ aead_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity) uint8_t *salt = cipher_ctx.salt; memcpy(salt, ciphertext->data, salt_len); + if (ppbloom_check((void *)salt, salt_len) == 1) { + LOGE("crypto: AEAD: repeat salt detected"); + return CRYPTO_ERROR; + } + aead_cipher_ctx_set_key(&cipher_ctx, 0); size_t plen = plaintext->len; @@ -453,13 +456,12 @@ aead_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity) ciphertext->len - salt_len, NULL, 0, cipher_ctx.nonce, cipher_ctx.skey); - if (err) { - bfree(ciphertext); - aead_ctx_release(&cipher_ctx); + aead_ctx_release(&cipher_ctx); + + if (err) return CRYPTO_ERROR; - } - aead_ctx_release(&cipher_ctx); + ppbloom_add((void *)salt, salt_len); brealloc(ciphertext, plaintext->len, capacity); memcpy(ciphertext->data, plaintext->data, plaintext->len); @@ -488,6 +490,7 @@ aead_chunk_encrypt(cipher_ctx_t *ctx, uint8_t *p, uint8_t *c, NULL, 0, n, ctx->skey); if (err) return CRYPTO_ERROR; + assert(clen == CHUNK_SIZE_LEN + tlen); sodium_increment(n, nlen); @@ -497,6 +500,7 @@ aead_chunk_encrypt(cipher_ctx_t *ctx, uint8_t *p, uint8_t *c, NULL, 0, n, ctx->skey); if (err) return CRYPTO_ERROR; + assert(clen == plen + tlen); sodium_increment(n, nlen); @@ -634,12 +638,9 @@ aead_decrypt(buffer_t *ciphertext, cipher_ctx_t *cipher_ctx, size_t capacity) aead_cipher_ctx_set_key(cipher_ctx, 0); - if (cache_key_exist(nonce_cache, (char *)cipher_ctx->salt, salt_len)) { + if (ppbloom_check((void *)cipher_ctx->salt, salt_len) == 1) { LOGE("crypto: AEAD: repeat salt detected"); - bfree(ciphertext); return CRYPTO_ERROR; - } else { - cache_insert(nonce_cache, (char *)cipher_ctx->salt, salt_len, NULL); } memmove(cipher_ctx->chunk->data, cipher_ctx->chunk->data + salt_len, @@ -647,6 +648,10 @@ aead_decrypt(buffer_t *ciphertext, cipher_ctx_t *cipher_ctx, size_t capacity) cipher_ctx->chunk->len -= salt_len; cipher_ctx->init = 1; + + } else if (cipher_ctx->init == 1) { + ppbloom_add((void *)cipher_ctx->salt, salt_len); + cipher_ctx->init = 2; } size_t plen = 0; @@ -685,9 +690,6 @@ aead_key_init(int method, const char *pass, const char *key) return NULL; } - // Initialize cache - cache_create(&nonce_cache, 1024, NULL); - cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t)); memset(cipher, 0, sizeof(cipher_t)); diff --git a/src/crypto.c b/src/crypto.c index 8ad31943..99a14f9c 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -29,13 +29,11 @@ #include #include "base64.h" -#include "cache.h" #include "crypto.h" #include "stream.h" #include "aead.h" #include "utils.h" - -struct cache *nonce_cache; +#include "ppbloom.h" int balloc(buffer_t *ptr, size_t capacity) @@ -111,8 +109,12 @@ crypto_init(const char *password, const char *key, const char *method) FATAL("Failed to initialize sodium"); } - // Initialize NONCE cache - cache_create(&nonce_cache, 1024, NULL); + // Initialize NONCE bloom filter +#ifdef MODULE_REMOTE + ppbloom_init(1000000, 0.00001); +#else + ppbloom_init(100000, 0.0000001); +#endif if (method != NULL) { for (i = 0; i < STREAM_CIPHER_NUM; i++) diff --git a/src/crypto.h b/src/crypto.h index 2bfad654..2376fcc1 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -84,7 +84,7 @@ typedef struct { } cipher_t; typedef struct { - uint8_t init; + uint32_t init; uint64_t counter; cipher_evp_t *evp; cipher_t *cipher; diff --git a/src/jconf.c b/src/jconf.c index c1b0ca47..f9690826 100644 --- a/src/jconf.c +++ b/src/jconf.c @@ -223,9 +223,7 @@ read_jconf(const char *file) "invalid config file: option 'reuse_port' must be a boolean"); conf.reuse_port = value->u.boolean; } else if (strcmp(name, "auth") == 0) { - check_json_value_type(value, json_boolean, - "invalid config file: option 'auth' must be a boolean"); - conf.auth = value->u.boolean; + FATAL("One time auth has been deprecated. Try AEAD ciphers instead."); } else if (strcmp(name, "nofile") == 0) { check_json_value_type(value, json_integer, "invalid config file: option 'nofile' must be an integer"); diff --git a/src/jconf.h b/src/jconf.h index 89cb1744..891f6168 100644 --- a/src/jconf.h +++ b/src/jconf.h @@ -59,7 +59,6 @@ typedef struct { char *user; char *plugin; char *plugin_opts; - int auth; int fast_open; int reuse_port; int nofile; diff --git a/src/local.c b/src/local.c index 346b6ae3..5e68a891 100644 --- a/src/local.c +++ b/src/local.c @@ -676,7 +676,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents) struct sockaddr_storage storage; memset(&storage, 0, sizeof(struct sockaddr_storage)); #ifndef ANDROID - if (sni_detected || atyp == 3) + if (atyp == 3) err = get_sockaddr(host, port, &storage, 0, ipv6first); else #endif @@ -1211,10 +1211,10 @@ main(int argc, char **argv) USE_TTY(); #ifdef ANDROID - while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:a:n:huUvV6", + while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:a:n:huUvV6A", long_options, NULL)) != -1) { #else - while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:a:n:huUv6", + while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:a:n:huUv6A", long_options, NULL)) != -1) { #endif switch (c) { @@ -1309,6 +1309,9 @@ main(int argc, char **argv) vpn = 1; break; #endif + case 'A': + FATAL("One time auth has been deprecated. Try AEAD ciphers instead."); + break; case '?': // The option character is not recognized. LOGE("Unrecognized option: %s", optarg); diff --git a/src/manager.c b/src/manager.c index f4b61534..eb46b736 100644 --- a/src/manager.c +++ b/src/manager.c @@ -151,10 +151,6 @@ construct_command_line(struct manager_ctx *manager, struct server *server) int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, " -u"); } - if (manager->auth) { - int len = strlen(cmd); - snprintf(cmd + len, BUF_SIZE - len, " -A"); - } if (manager->fast_open) { int len = strlen(cmd); snprintf(cmd + len, BUF_SIZE - len, " --fast-open"); @@ -884,7 +880,6 @@ main(int argc, char **argv) char *plugin = NULL; char *plugin_opts = NULL; - int auth = 0; int fast_open = 0; int reuse_port = 0; int mode = TCP_ONLY; @@ -999,14 +994,14 @@ main(int argc, char **argv) case 'h': usage(); exit(EXIT_SUCCESS); - case 'A': - auth = 1; - break; #ifdef HAVE_SETRLIMIT case 'n': nofile = atoi(optarg); break; #endif + case 'A': + FATAL("One time auth has been deprecated. Try AEAD ciphers instead."); + break; case '?': // The option character is not recognized. LOGE("Unrecognized option: %s", optarg); @@ -1047,9 +1042,6 @@ main(int argc, char **argv) if (conf->nameserver != NULL) { nameservers[nameserver_num++] = conf->nameserver; } - if (auth == 0) { - auth = conf->auth; - } if (mode == TCP_ONLY) { mode = conf->mode; } @@ -1107,10 +1099,6 @@ main(int argc, char **argv) #endif } - if (auth) { - LOGI("onetime authentication enabled"); - } - // ignore SIGPIPE signal(SIGPIPE, SIG_IGN); signal(SIGCHLD, SIG_IGN); @@ -1130,7 +1118,6 @@ main(int argc, char **argv) manager.fast_open = fast_open; manager.verbose = verbose; manager.mode = mode; - manager.auth = auth; manager.password = password; manager.timeout = timeout; manager.method = method; diff --git a/src/manager.h b/src/manager.h index 6ecf6735..978bf37e 100644 --- a/src/manager.h +++ b/src/manager.h @@ -38,7 +38,6 @@ struct manager_ctx { int reuse_port; int verbose; int mode; - int auth; char *password; char *key; char *timeout; diff --git a/src/ppbloom.c b/src/ppbloom.c new file mode 100644 index 00000000..0ef5b95d --- /dev/null +++ b/src/ppbloom.c @@ -0,0 +1,98 @@ +/* + * ppbloom.c - Ping-Pong Bloom Filter for nonce reuse detection + * + * Copyright (C) 2013 - 2017, Max Lv + * + * This file is part of the shadowsocks-libev. + * + * shadowsocks-libev is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * shadowsocks-libev is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with shadowsocks-libev; see the file COPYING. If not, see + * . + */ + +#include +#include + +#include "bloom.h" +#include "ppbloom.h" +#include "utils.h" + +#define PING 0 +#define PONG 1 + +static struct bloom ppbloom[2]; +static int bloom_count[2]; +static int current; +static int entries; +static double error; + +int +ppbloom_init(int n, double e) +{ + int err; + entries = n / 2; + error = e; + + err = bloom_init(ppbloom + PING, entries, error); + if (err) return err; + + err = bloom_init(ppbloom + PONG, entries, error); + if (err) return err; + + bloom_count[PING] = 0; + bloom_count[PONG] = 0; + + current = PING; + + return 0; +} + +int +ppbloom_check(const void *buffer, int len) +{ + int ret; + + ret = bloom_check(ppbloom + PING, buffer, len); + if (ret) return ret; + + ret = bloom_check(ppbloom + PONG, buffer, len); + if (ret) return ret; + + return 0; +} + +int +ppbloom_add(const void *buffer, int len) +{ + int err; + err = bloom_add(ppbloom + current, buffer, len); + if (err == -1) return err; + + bloom_count[current]++; + + if (bloom_count[current] >= entries) { + bloom_count[current] = 0; + current = current == PING ? PONG : PING; + bloom_free(ppbloom + current); + bloom_init(ppbloom + current, entries, error); + } + + return 0; +} + +void +ppbloom_free() +{ + bloom_free(ppbloom + PING); + bloom_free(ppbloom + PONG); +} diff --git a/src/ppbloom.h b/src/ppbloom.h new file mode 100644 index 00000000..855a78d5 --- /dev/null +++ b/src/ppbloom.h @@ -0,0 +1,31 @@ +/* + * ppbloom.h - Define the Ping-Pong Bloom Filter interface + * + * Copyright (C) 2013 - 2017, Max Lv + * + * This file is part of the shadowsocks-libev. + * + * shadowsocks-libev is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * shadowsocks-libev is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with shadowsocks-libev; see the file COPYING. If not, see + * . + */ + +#ifndef _PPBLOOM_ +#define _PPBLOOM_ + +int ppbloom_init(int entries, double error); +int ppbloom_check(const void * buffer, int len); +int ppbloom_add(const void * buffer, int len); +void ppbloom_free(void); + +#endif diff --git a/src/redir.c b/src/redir.c index 410b1f94..84c5969a 100644 --- a/src/redir.c +++ b/src/redir.c @@ -818,7 +818,7 @@ main(int argc, char **argv) USE_TTY(); - while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:c:b:a:n:huUv6", + while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:c:b:a:n:huUv6A", long_options, NULL)) != -1) { switch (c) { case GETOPT_VAL_MTU: @@ -897,6 +897,9 @@ main(int argc, char **argv) case '6': ipv6first = 1; break; + case 'A': + FATAL("One time auth has been deprecated. Try AEAD ciphers instead."); + break; case '?': // The option character is not recognized. LOGE("Unrecognized option: %s", optarg); diff --git a/src/server.c b/src/server.c index 8a5cef0c..e492b167 100644 --- a/src/server.c +++ b/src/server.c @@ -1384,7 +1384,7 @@ main(int argc, char **argv) USE_TTY(); - while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:b:c:i:d:a:n:huUv6", + while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:b:c:i:d:a:n:huUv6A", long_options, NULL)) != -1) { switch (c) { case GETOPT_VAL_FAST_OPEN: @@ -1477,6 +1477,9 @@ main(int argc, char **argv) case '6': ipv6first = 1; break; + case 'A': + FATAL("One time auth has been deprecated. Try AEAD ciphers instead."); + break; case '?': // The option character is not recognized. LOGE("Unrecognized option: %s", optarg); diff --git a/src/stream.c b/src/stream.c index e9aa35d5..5ea30dd4 100644 --- a/src/stream.c +++ b/src/stream.c @@ -31,7 +31,7 @@ #include -#include "cache.h" +#include "ppbloom.h" #include "stream.h" #include "utils.h" @@ -321,11 +321,10 @@ stream_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity) plaintext->len); } - if (err) { - bfree(plaintext); - stream_ctx_release(&cipher_ctx); + stream_ctx_release(&cipher_ctx); + + if (err) return CRYPTO_ERROR; - } #ifdef SS_DEBUG dump("PLAIN", plaintext->data, plaintext->len); @@ -333,8 +332,6 @@ stream_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity) dump("NONCE", ciphertext->data, nonce_len); #endif - stream_ctx_release(&cipher_ctx); - brealloc(plaintext, nonce_len + ciphertext->len, capacity); memcpy(plaintext->data, ciphertext->data, nonce_len + ciphertext->len); plaintext->len = nonce_len + ciphertext->len; @@ -430,6 +427,12 @@ stream_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity) uint8_t *nonce = cipher_ctx.nonce; memcpy(nonce, ciphertext->data, nonce_len); + + if (ppbloom_check((void *)nonce, nonce_len) == 1) { + LOGE("crypto: stream: repeat IV detected"); + return CRYPTO_ERROR; + } + cipher_ctx_set_nonce(&cipher_ctx, nonce, nonce_len, 0); if (cipher->method >= SALSA20) { @@ -443,11 +446,10 @@ stream_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity) ciphertext->len - nonce_len); } - if (err) { - bfree(ciphertext); - stream_ctx_release(&cipher_ctx); + stream_ctx_release(&cipher_ctx); + + if (err) return CRYPTO_ERROR; - } #ifdef SS_DEBUG dump("PLAIN", plaintext->data, plaintext->len); @@ -455,7 +457,7 @@ stream_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity) dump("NONCE", ciphertext->data, nonce_len); #endif - stream_ctx_release(&cipher_ctx); + ppbloom_add((void *)nonce, nonce_len); brealloc(ciphertext, plaintext->len, capacity); memcpy(ciphertext->data, plaintext->data, plaintext->len); @@ -468,7 +470,7 @@ int stream_decrypt(buffer_t *ciphertext, cipher_ctx_t *cipher_ctx, size_t capacity) { if (cipher_ctx == NULL) - return -1; + return CRYPTO_ERROR; cipher_t *cipher = cipher_ctx->cipher; @@ -511,14 +513,16 @@ stream_decrypt(buffer_t *ciphertext, cipher_ctx_t *cipher_ctx, size_t capacity) cipher_ctx->init = 1; if (cipher->method >= RC4_MD5) { - if (cache_key_exist(nonce_cache, (char *)nonce, nonce_len)) { + if (ppbloom_check((void *)nonce, nonce_len) == 1) { LOGE("crypto: stream: repeat IV detected"); - bfree(ciphertext); - return -1; - } else { - cache_insert(nonce_cache, (char *)nonce, nonce_len, NULL); + return CRYPTO_ERROR; } } + } else if (cipher_ctx->init == 1) { + if (cipher->method >= RC4_MD5) { + ppbloom_add((void *)cipher_ctx->nonce, cipher->nonce_len); + cipher_ctx->init = 2; + } } if (ciphertext->len <= 0) @@ -550,10 +554,8 @@ stream_decrypt(buffer_t *ciphertext, cipher_ctx_t *cipher_ctx, size_t capacity) ciphertext->len); } - if (err) { - bfree(ciphertext); + if (err) return CRYPTO_ERROR; - } #ifdef SS_DEBUG dump("PLAIN", plaintext->data, plaintext->len); diff --git a/src/tunnel.c b/src/tunnel.c index 79d1216a..098478a5 100644 --- a/src/tunnel.c +++ b/src/tunnel.c @@ -766,10 +766,10 @@ main(int argc, char **argv) USE_TTY(); #ifdef ANDROID - while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:L:a:n:huUvV6", + while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:L:a:n:huUvV6A", long_options, NULL)) != -1) { #else - while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:L:a:n:huUv6", + while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:i:c:b:L:a:n:huUv6A", long_options, NULL)) != -1) { #endif switch (c) { @@ -860,6 +860,9 @@ main(int argc, char **argv) vpn = 1; break; #endif + case 'A': + FATAL("One time auth has been deprecated. Try AEAD ciphers instead."); + break; case '?': // The option character is not recognized. LOGE("Unrecognized option: %s", optarg); From 557cd91fe0a4f916e366de99a87a471c77a3d812 Mon Sep 17 00:00:00 2001 From: Max Lv Date: Mon, 20 Feb 2017 16:08:17 +0800 Subject: [PATCH 19/62] Make parameters of bloom filter be compiler-time constants --- src/crypto.c | 4 ++-- src/crypto.h | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/src/crypto.c b/src/crypto.c index 99a14f9c..ba8f433d 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -111,9 +111,9 @@ crypto_init(const char *password, const char *key, const char *method) // Initialize NONCE bloom filter #ifdef MODULE_REMOTE - ppbloom_init(1000000, 0.00001); + ppbloom_init(NUM_NONCE_ENTRIES_FOR_SERVER, ERROR_RATE_FOR_SERVER); #else - ppbloom_init(100000, 0.0000001); + ppbloom_init(NUM_NONCE_ENTRIES_FOR_CLIENT, ERROR_RATE_FOR_CLIENT); #endif if (method != NULL) { diff --git a/src/crypto.h b/src/crypto.h index 2376fcc1..06ae7b79 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -66,6 +66,22 @@ typedef mbedtls_md_info_t digest_type_t; #define SUBKEY_INFO "ss-subkey" #define IV_INFO "ss-iv" +#ifndef NUM_NONCE_ENTRIES_FOR_CLIENT +#define NUM_NONCE_ENTRIES_FOR_SERVER 1e6 +#endif + +#ifndef NUM_NONCE_ENTRIES_FOR_CLIENT +#define NUM_NONCE_ENTRIES_FOR_CLIENT 1e4 +#endif + +#ifndef ERROR_RATE_FOR_SERVER +#define ERROR_RATE_FOR_SERVER 1e-6 +#endif + +#ifndef ERROR_RATE_FOR_CLIENT +#define ERROR_RATE_FOR_CLIENT 1e-15 +#endif + typedef struct buffer { size_t idx; size_t len; From 9bf991b23f0f2f77957163be2d068a2c0ee75350 Mon Sep 17 00:00:00 2001 From: Max Lv Date: Mon, 20 Feb 2017 16:22:46 +0800 Subject: [PATCH 20/62] Refine the parameters of bloom filter --- src/crypto.c | 4 ++-- src/crypto.h | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/crypto.c b/src/crypto.c index ba8f433d..58e583d0 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -111,9 +111,9 @@ crypto_init(const char *password, const char *key, const char *method) // Initialize NONCE bloom filter #ifdef MODULE_REMOTE - ppbloom_init(NUM_NONCE_ENTRIES_FOR_SERVER, ERROR_RATE_FOR_SERVER); + ppbloom_init(BF_NUM_ENTRIES_FOR_SERVER, BF_ERROR_RATE_FOR_SERVER); #else - ppbloom_init(NUM_NONCE_ENTRIES_FOR_CLIENT, ERROR_RATE_FOR_CLIENT); + ppbloom_init(BF_NUM_ENTRIES_FOR_CLIENT, BF_ERROR_RATE_FOR_CLIENT); #endif if (method != NULL) { diff --git a/src/crypto.h b/src/crypto.h index 06ae7b79..e3c1f63a 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -66,20 +66,20 @@ typedef mbedtls_md_info_t digest_type_t; #define SUBKEY_INFO "ss-subkey" #define IV_INFO "ss-iv" -#ifndef NUM_NONCE_ENTRIES_FOR_CLIENT -#define NUM_NONCE_ENTRIES_FOR_SERVER 1e6 +#ifndef BF_NUM_ENTRIES_FOR_SERVER +#define BF_NUM_ENTRIES_FOR_SERVER 1e6 #endif -#ifndef NUM_NONCE_ENTRIES_FOR_CLIENT -#define NUM_NONCE_ENTRIES_FOR_CLIENT 1e4 +#ifndef BF_NUM_ENTRIES_FOR_CLIENT +#define BF_NUM_ENTRIES_FOR_CLIENT 1e4 #endif -#ifndef ERROR_RATE_FOR_SERVER -#define ERROR_RATE_FOR_SERVER 1e-6 +#ifndef BF_ERROR_RATE_FOR_SERVER +#define BF_ERROR_RATE_FOR_SERVER 1e-6 #endif -#ifndef ERROR_RATE_FOR_CLIENT -#define ERROR_RATE_FOR_CLIENT 1e-15 +#ifndef BF_ERROR_RATE_FOR_CLIENT +#define BF_ERROR_RATE_FOR_CLIENT 1e-15 #endif typedef struct buffer { From 9acebb4f4f02c173df9b6b6ba59807855b9b1672 Mon Sep 17 00:00:00 2001 From: Kim Date: Mon, 20 Feb 2017 20:52:08 +0800 Subject: [PATCH 21/62] Updated bash completion (#1284) --- completions/bash/ss-local | 8 ++++---- completions/bash/ss-manager | 12 ++++-------- completions/bash/ss-redir | 8 ++++---- completions/bash/ss-server | 8 ++++---- completions/bash/ss-tunnel | 8 ++++---- 5 files changed, 20 insertions(+), 24 deletions(-) diff --git a/completions/bash/ss-local b/completions/bash/ss-local index 96fec2e2..e014af0a 100644 --- a/completions/bash/ss-local +++ b/completions/bash/ss-local @@ -1,12 +1,12 @@ _ss_local() { local cur prev opts ciphers - opts='-s -b -p -k -f -t -m -c -a -n -u -U -v -h -A --fast-open --mtu --help --mptcp -i --acl -l' - ciphers='rc4-md5 table rc4 aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr bf-cfb camellia-128-cfb camellia-192-cfb camellia-256-cfb cast5-cfb des-cfb idea-cfb rc2-cfb seed-cfb salsa20 chacha20 and chacha20-ietf' + opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -v -h --reuse-port --fast-open --acl --mtu --mptcp --key --plugin --plugin-opts --help' + ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf' cur=${COMP_WORDS[COMP_CWORD]} prev="${COMP_WORDS[COMP_CWORD-1]}" case "$prev" in - -c|-f|--acl) + -f|-c|--acl) _filedir || COMPREPLY=( $(compgen -o plusdirs -f ${cur}) ) ;; -s|-b) @@ -18,7 +18,7 @@ _ss_local() -a) _allowed_users || COMPREPLY=( $(compgen -u -- ${cur}) ) ;; - -p|-k|-t|-n|--mtu|-l) + -p|-l|-k|-t|-n|--mtu|--key|--plugin|--plugin-opts) ;; -i) _available_interfaces -a || true diff --git a/completions/bash/ss-manager b/completions/bash/ss-manager index cfe941ed..d3168a3b 100644 --- a/completions/bash/ss-manager +++ b/completions/bash/ss-manager @@ -1,28 +1,24 @@ _ss_manager() { local cur prev opts ciphers - opts='-s -b -p -k -f -t -m -c -a -n -u -U -v -h -A --mtu --help --mptcp -i -l --manager-address --executable' - ciphers='rc4-md5 table rc4 aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr bf-cfb camellia-128-cfb camellia-192-cfb camellia-256-cfb cast5-cfb des-cfb idea-cfb rc2-cfb seed-cfb salsa20 chacha20 and chacha20-ietf' + opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -v -h --reuse-port --manager-address --executable --mtu --mptcp --plugin --plugin-opts --help' + ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf' cur=${COMP_WORDS[COMP_CWORD]} prev="${COMP_WORDS[COMP_CWORD-1]}" case "$prev" in - -c|-f|--executable) + -f|-c|--executable) _filedir || COMPREPLY=( $(compgen -o plusdirs -f ${cur}) ) ;; -s|-b) _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) ) ;; - -L) - compopt -o nospace - _known_hosts_real -c -- "${cur}" || OMPREPLY=( $(compgen -A hostname -S : -- ${cur}) ) - ;; -m) COMPREPLY=( $(compgen -W "$ciphers" -- ${cur}) ) ;; -a) _allowed_users || COMPREPLY=( $(compgen -u -- ${cur}) ) ;; - -p|-k|-t|-n|--mtu|-l) + -p|-l|-k|-t|-n|--mtu|--plugin|--plugin-opts) ;; -i) _available_interfaces -a || true diff --git a/completions/bash/ss-redir b/completions/bash/ss-redir index 86f55001..9a14efe8 100644 --- a/completions/bash/ss-redir +++ b/completions/bash/ss-redir @@ -1,12 +1,12 @@ _ss_redir() { local cur prev opts ciphers - ciphers='rc4-md5 table rc4 aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr bf-cfb camellia-128-cfb camellia-192-cfb camellia-256-cfb cast5-cfb des-cfb idea-cfb rc2-cfb seed-cfb salsa20 chacha20 and chacha20-ietf' - opts='-s -b -p -k -f -t -m -c -a -n -u -U -v -h -A --mtu --help --mptcp -l' + opts='-s -p -l -k -m -a -f -t -c -n -b -u -U -v -h --reuse-port --mtu --mptcp --key --plugin --plugin-opts --help' + ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf' cur=${COMP_WORDS[COMP_CWORD]} prev="${COMP_WORDS[COMP_CWORD-1]}" case "$prev" in - -c|-f) + -f|-c) _filedir || COMPREPLY=( $(compgen -o plusdirs -f ${cur}) ) ;; -s|-b) @@ -18,7 +18,7 @@ _ss_redir() -a) _allowed_users || COMPREPLY=( $(compgen -u -- ${cur}) ) ;; - -p|-k|-t|-n|--mtu|-l) + -p|-l|-k|-t|-n|--mtu|--key|--plugin|--plugin-opts) ;; *) COMPREPLY+=( $(compgen -W "${opts}" -- ${cur}) ) diff --git a/completions/bash/ss-server b/completions/bash/ss-server index 7946a2b5..4d428ccd 100644 --- a/completions/bash/ss-server +++ b/completions/bash/ss-server @@ -1,13 +1,13 @@ _ss_server() { local cur prev opts ciphers - opts='-s -b -p -k -f -t -m -c -a -n -u -U -v -h -A --fast-open --mtu --help --mptcp -i -6 -d --manager-address --acl' - ciphers='rc4-md5 table rc4 aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr bf-cfb camellia-128-cfb camellia-192-cfb camellia-256-cfb cast5-cfb des-cfb idea-cfb rc2-cfb seed-cfb salsa20 chacha20 and chacha20-ietf' + opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -6 -d -v -h --reuse-port --fast-open --acl --manager-address --mtu --mptcp --key --plugin --plugin-opts --help' + ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf' COMPREPLY=() cur=${COMP_WORDS[COMP_CWORD]} prev="${COMP_WORDS[COMP_CWORD-1]}" case "$prev" in - -c|-f|--acl) + -f|-c|--acl) _filedir || COMPREPLY=( $(compgen -o plusdirs -f ${cur}) ) ;; -s|-b) @@ -19,7 +19,7 @@ _ss_server() -a) _allowed_users || COMPREPLY=( $(compgen -u -- ${cur}) ) ;; - -p|-k|-t|-n|--mtu|-d) + -p|-l|-k|-t|-n|-d|--mtu|--key|--plugin|--plugin-opts) ;; --manager-address) _known_hosts_real -- "${cur}" || OMPREPLY=( $(compgen -A hostname -- ${cur}) ) diff --git a/completions/bash/ss-tunnel b/completions/bash/ss-tunnel index b3c16eb7..707dc7a9 100644 --- a/completions/bash/ss-tunnel +++ b/completions/bash/ss-tunnel @@ -1,13 +1,13 @@ _ss_tunnel() { local cur prev opts ciphers - ciphers='rc4-md5 table rc4 aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr bf-cfb camellia-128-cfb camellia-192-cfb camellia-256-cfb cast5-cfb des-cfb idea-cfb rc2-cfb seed-cfb salsa20 chacha20 and chacha20-ietf' - opts='-s -b -p -k -f -t -m -c -a -n -u -U -v -h -A --mtu --help --mptcp -i -l -L' + opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -L -v -h --reuse-port --mtu --mptcp --key --plugin --plugin-opts --help' + ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf' cur=${COMP_WORDS[COMP_CWORD]} prev="${COMP_WORDS[COMP_CWORD-1]}" compopt +o nospace case "$prev" in - -c|-f) + -f|-c) _filedir || COMPREPLY=( $(compgen -o plusdirs -f ${cur}) ) ;; -s|-b) @@ -23,7 +23,7 @@ _ss_tunnel() -a) _allowed_users || COMPREPLY=( $(compgen -u -- ${cur}) ) ;; - -p|-k|-t|-n|--mtu|-l) + -p|-l|-k|-t|-n|--mtu|--key|--plugin|--plugin-opts) ;; -i) _available_interfaces -a || true From 99e08e37b317d3998a92803f0afa55c70aea25ee Mon Sep 17 00:00:00 2001 From: was4444 Date: Wed, 22 Feb 2017 12:19:52 +0800 Subject: [PATCH 22/62] genrpm changes (#1292) * auto select latest version * bash-completion comes with version 2.6.0 * version greater than 2.6.2 need submodules packed * adjust version check order --- rpm/SPECS/shadowsocks-libev.spec.in | 8 ++++++++ rpm/genrpm.sh | 27 +++++++++++++++++++++++---- 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/rpm/SPECS/shadowsocks-libev.spec.in b/rpm/SPECS/shadowsocks-libev.spec.in index c920e084..36168177 100644 --- a/rpm/SPECS/shadowsocks-libev.spec.in +++ b/rpm/SPECS/shadowsocks-libev.spec.in @@ -1,3 +1,6 @@ +%bcond_with completion + + Name: shadowsocks-libev Version: VERSION Release: 1%{?dist} @@ -73,8 +76,11 @@ install -m 644 %{_builddir}/%{buildsubdir}/debian/shadowsocks-libev.service %{bu install -m 644 %{_builddir}/%{buildsubdir}/debian/shadowsocks-libev-*.service %{buildroot}%{_unitdir}/ %endif install -m 644 %{_builddir}/%{buildsubdir}/debian/config.json %{buildroot}%{_sysconfdir}/shadowsocks-libev/config.json + +%if %{with completion} mkdir -p %{buildroot}%{_datadir}/bash-completion/completions/ install -m 644 %{_builddir}/%{buildsubdir}/completions/bash/* %{buildroot}%{_datadir}/bash-completion/completions/ +%endif %pre %if 0%{?use_systemd} && 0%{?suse_version} @@ -126,7 +132,9 @@ fi %{_bindir}/* %{_libdir}/*.so.* %config(noreplace) %{_sysconfdir}/shadowsocks-libev/config.json +%if %{with completion} %{_datadir}/bash-completion/completions/* +%endif %doc %{_mandir}/* %if ! 0%{?use_systemd} %{_initddir}/shadowsocks-libev diff --git a/rpm/genrpm.sh b/rpm/genrpm.sh index 3c10c6c2..27d87d11 100755 --- a/rpm/genrpm.sh +++ b/rpm/genrpm.sh @@ -1,20 +1,28 @@ #!/usr/bin/env bash set -e +g_version=$(git tag -l v* | sort --version-sort | tail -1) +g_version=${g_version#"v"} + show_help() { echo -e "`basename $0` [option] [argument]" echo echo -e "Options:" echo -e " -h show this help." - echo -e " -v with argument version (3.0.2 by default)." - echo -e " -f with argument format (tar.xz by default) used by git archive." + echo -e " -v with argument version (${g_version} by default)." + echo -e " -f with argument format (tar.gz by default) used by git archive." echo echo -e "Examples:" echo -e " to build base on version \`2.4.1' with format \`tar.xz', run:" echo -e " `basename $0` -f tar.xz -v 2.4.1" } +version_greater_equal() +{ + [ "$1" = $(printf "$1\n$2\n" | sort --version-sort | tail -1) ] +} + while getopts "hv:f:" opt do case ${opt} in @@ -38,9 +46,15 @@ do esac done -: ${version:=3.0.2} +: ${version:=${g_version}} : ${format:=tar.gz} +supported_max_version="2.6.2" +if ! version_greater_equal ${supported_max_version} ${version}; then + echo "version(${version}) greater than ${supported_max_version} are not currently supported." + exit 1 +fi + name="shadowsocks-libev" spec_name="shadowsocks-libev.spec" @@ -52,4 +66,9 @@ sed -e "s/^\(Version: \).*$/\1${version}/" \ -e "s/^\(Source0: \).*$/\1${name}-${version}.${format}/" \ SPECS/"${spec_name}".in > SPECS/"${spec_name}" -rpmbuild -bb SPECS/"${spec_name}" --define "%_topdir `pwd`" +completion_min_verion="2.6.0" +version_greater_equal ${version} ${completion_min_verion} \ + && with_completion="--with completion" || : + +rpmbuild -bb SPECS/"${spec_name}" --define "%_topdir `pwd`" \ + ${with_completion} From c809cc0246f7f2052327caee6a03aab6929e112d Mon Sep 17 00:00:00 2001 From: was4444 Date: Wed, 22 Feb 2017 16:57:59 +0800 Subject: [PATCH 23/62] pack submodules for genrpm (#1293) * add option to run autogen before configure * pack submodules for genrpm --- rpm/SPECS/shadowsocks-libev.spec.in | 5 ++ rpm/genrpm.sh | 93 ++++++++++++++++++++--------- 2 files changed, 71 insertions(+), 27 deletions(-) diff --git a/rpm/SPECS/shadowsocks-libev.spec.in b/rpm/SPECS/shadowsocks-libev.spec.in index 36168177..7a3e29b3 100644 --- a/rpm/SPECS/shadowsocks-libev.spec.in +++ b/rpm/SPECS/shadowsocks-libev.spec.in @@ -1,4 +1,5 @@ %bcond_with completion +%bcond_with autogen Name: shadowsocks-libev @@ -54,6 +55,10 @@ shadowsocks-libev is a lightweight secured scoks5 proxy for embedded devices and %build +%if %{with autogen} +./autogen.sh +%endif + %if 0%{?use_system_lib} %configure --enable-shared --enable-system-shared-lib %else diff --git a/rpm/genrpm.sh b/rpm/genrpm.sh index 27d87d11..760cf02b 100755 --- a/rpm/genrpm.sh +++ b/rpm/genrpm.sh @@ -1,8 +1,18 @@ #!/usr/bin/env bash -set -e +set -ex + +g_script_path=$(dirname $(readlink -e $0)) +g_toplevel_path=$(pushd $g_script_path > /dev/null 2>&1; \ + git rev-parse --show-toplevel; \ + popd > /dev/null 2>&1) g_version=$(git tag -l v* | sort --version-sort | tail -1) g_version=${g_version#"v"} +g_format="tar.gz" +g_name="shadowsocks-libev" + +g_rpmbuild_topdir="${g_toplevel_path}/rpm" +g_rpmbuild_conditions= show_help() { @@ -23,6 +33,49 @@ version_greater_equal() [ "$1" = $(printf "$1\n$2\n" | sort --version-sort | tail -1) ] } +verify_options() +{ + local completion_min_verion="2.6.0" + local archive_format_supported_max_version="2.6.2" + + version_greater_equal ${g_version} ${completion_min_verion} \ + && g_rpmbuild_conditions="${g_rpmbuild_conditions} --with completion" || : + + if ! version_greater_equal ${archive_format_supported_max_version} ${g_version}; then + g_rpmbuild_conditions="${g_rpmbuild_conditions} --with autogen" + + if [ "${g_format}" != "tar" ]; then + echo -e "version(${g_version}) greater than ${archive_format_supported_max_version} can only use archive format \`tar'." + echo -e "change format from \`${g_format}' to \`tar'" + g_format="tar" + fi + fi +} + +generate_tarball() +{ + local tarball_name="${g_name}-${g_version}" + local tarball_dir="${g_rpmbuild_topdir}/SOURCES" + pushd ${g_toplevel_path} + git archive "v${g_version}" \ + --format="${g_format}" \ + --prefix="${tarball_name}/" \ + -o "${tarball_dir}/${tarball_name}.${g_format}" + + git ls-tree -dr "v${g_version}" | grep commit \ + | while read eat_mod eat_type mod_sha mod_path; do \ + [ "${mod_path}" = "" ] && continue || :; \ + (pushd ${mod_path=} \ + && git archive ${mod_sha} \ + --prefix="${tarball_name}/${mod_path}/" \ + -o "${tarball_dir}/sub_mod.tar" \ + && tar --concatenate "${tarball_dir}/sub_mod.tar" \ + --file="${tarball_dir}/${tarball_name}.tar" \ + && rm "${tarball_dir}/sub_mod.tar" \ + && popd) \ + done +} + while getopts "hv:f:" opt do case ${opt} in @@ -32,13 +85,13 @@ do ;; v) if [ "${OPTARG}" = v* ]; then - version=${OPTARG#"v"} + g_version=${OPTARG#"v"} else - version=${OPTARG} + g_version=${OPTARG} fi ;; f) - format=${OPTARG} + g_format=${OPTARG} ;; *) exit 1 @@ -46,29 +99,15 @@ do esac done -: ${version:=${g_version}} -: ${format:=tar.gz} - -supported_max_version="2.6.2" -if ! version_greater_equal ${supported_max_version} ${version}; then - echo "version(${version}) greater than ${supported_max_version} are not currently supported." - exit 1 -fi - -name="shadowsocks-libev" -spec_name="shadowsocks-libev.spec" - -pushd `git rev-parse --show-toplevel` -git archive "v${version}" --format="${format}" --prefix="${name}-${version}/" -o rpm/SOURCES/"${name}-${version}.${format}" -pushd rpm +verify_options -sed -e "s/^\(Version: \).*$/\1${version}/" \ - -e "s/^\(Source0: \).*$/\1${name}-${version}.${format}/" \ - SPECS/"${spec_name}".in > SPECS/"${spec_name}" +generate_tarball -completion_min_verion="2.6.0" -version_greater_equal ${version} ${completion_min_verion} \ - && with_completion="--with completion" || : +spec_path="${g_rpmbuild_topdir}/SPECS/shadowsocks-libev.spec" +sed -e "s/^\(Version: \).*$/\1${g_version}/" \ + -e "s/^\(Source0: \).*$/\1${g_name}-${g_version}.${g_format}/" \ + "${spec_path}".in > "${spec_path}" -rpmbuild -bb SPECS/"${spec_name}" --define "%_topdir `pwd`" \ - ${with_completion} +rpmbuild -bb ${spec_path} \ + --define "%_topdir ${g_rpmbuild_topdir}" \ + ${g_rpmbuild_conditions} \ From 91096c6f9875e31ce0814e742431ea3bd96bc571 Mon Sep 17 00:00:00 2001 From: was4444 Date: Wed, 22 Feb 2017 17:26:45 +0800 Subject: [PATCH 24/62] add closure? (#1294) --- rpm/genrpm.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rpm/genrpm.sh b/rpm/genrpm.sh index 760cf02b..b80aa0a3 100755 --- a/rpm/genrpm.sh +++ b/rpm/genrpm.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -set -ex +set -e g_script_path=$(dirname $(readlink -e $0)) g_toplevel_path=$(pushd $g_script_path > /dev/null 2>&1; \ @@ -56,7 +56,9 @@ generate_tarball() { local tarball_name="${g_name}-${g_version}" local tarball_dir="${g_rpmbuild_topdir}/SOURCES" + pushd ${g_toplevel_path} + git archive "v${g_version}" \ --format="${g_format}" \ --prefix="${tarball_name}/" \ @@ -74,6 +76,8 @@ generate_tarball() && rm "${tarball_dir}/sub_mod.tar" \ && popd) \ done + + popd } while getopts "hv:f:" opt From f3d298f0368fcc9e1e64467e7a4d885826fd6501 Mon Sep 17 00:00:00 2001 From: Max Lv Date: Thu, 23 Feb 2017 09:35:12 +0800 Subject: [PATCH 25/62] Fix #1291 --- configure.ac | 3 ++- src/cache.c | 4 ++++ src/cache.h | 7 ++++++- src/local.h | 7 ++++++- src/manager.h | 7 ++++++- src/redir.h | 14 +++++++++----- src/resolv.c | 10 ++++++++-- src/server.h | 7 ++++++- src/tunnel.h | 5 +++++ src/udprelay.h | 7 ++++++- 10 files changed, 58 insertions(+), 13 deletions(-) diff --git a/configure.ac b/configure.ac index f8fa1de9..c5134f48 100755 --- a/configure.ac +++ b/configure.ac @@ -225,7 +225,8 @@ AC_DEFINE([HAVE_IPv6], [1], [Enable IPv6 support in libudns]) AC_CHECK_HEADERS([udns.h], [], [AC_MSG_ERROR([Couldn't find libudns. Try installing libudns-dev or udns-devel.])]) AC_CHECK_LIB([udns], [dns_dnlen], [LIBS="-ludns $LIBS"], [AC_MSG_ERROR([Couldn't find libudns. Try installing libudns-dev or udns-devel.])]) -AC_CHECK_HEADERS([ev.h], [], [AC_MSG_ERROR([Couldn't find libev. Try installing libev-dev@<:@el@:>@.])]) + +AC_CHECK_HEADERS([ev.h libev/ev.h], [], []) AC_CHECK_LIB([ev], [ev_loop_destroy], [LIBS="-lev $LIBS"], [AC_MSG_ERROR([Couldn't find libev. Try installing libev-dev@<:@el@:>@.])]) AC_CONFIG_FILES([shadowsocks-libev.pc diff --git a/src/cache.c b/src/cache.c index c7754e50..cca548d5 100644 --- a/src/cache.c +++ b/src/cache.c @@ -25,6 +25,10 @@ * License: This is licensed under the same terms as uthash itself */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include #include diff --git a/src/cache.h b/src/cache.h index 9fa27486..7b980ce4 100644 --- a/src/cache.h +++ b/src/cache.h @@ -29,7 +29,12 @@ #define _CACHE_ #include "uthash.h" -#include "ev.h" + +#ifdef HAVE_LIBEV_EV_H +#include +#else +#include +#endif /** * A cache entry diff --git a/src/local.h b/src/local.h index 4421a7a1..61eb97b4 100644 --- a/src/local.h +++ b/src/local.h @@ -23,9 +23,14 @@ #ifndef _LOCAL_H #define _LOCAL_H -#include #include +#ifdef HAVE_LIBEV_EV_H +#include +#else +#include +#endif + #include "crypto.h" #include "jconf.h" #include "protocol.h" diff --git a/src/manager.h b/src/manager.h index 978bf37e..fc0ee012 100644 --- a/src/manager.h +++ b/src/manager.h @@ -23,10 +23,15 @@ #ifndef _MANAGER_H #define _MANAGER_H -#include #include #include +#ifdef HAVE_LIBEV_EV_H +#include +#else +#include +#endif + #include "jconf.h" #include "common.h" diff --git a/src/redir.h b/src/redir.h index 22bf5be1..783121d0 100644 --- a/src/redir.h +++ b/src/redir.h @@ -1,5 +1,4 @@ -/* - * redir.h - Define the redirector's buffers and callbacks +/* * redir.h - Define the redirector's buffers and callbacks * * Copyright (C) 2013 - 2017, Max Lv * @@ -20,10 +19,15 @@ * . */ -#ifndef _LOCAL_H -#define _LOCAL_H +#ifndef _REDIR_H +#define _REDIR_H +#ifdef HAVE_LIBEV_EV_H +#include +#else #include +#endif + #include "crypto.h" #include "jconf.h" @@ -75,4 +79,4 @@ typedef struct remote { uint32_t counter; } remote_t; -#endif // _LOCAL_H +#endif // _REDIR_H diff --git a/src/resolv.c b/src/resolv.c index bc3c7bc8..baa3ab9d 100644 --- a/src/resolv.c +++ b/src/resolv.c @@ -32,14 +32,20 @@ #include #include #include -#include -#include #include #include #include #include +#include + +#ifdef HAVE_LIBEV_EV_H +#include +#else +#include +#endif + #include "resolv.h" #include "utils.h" #include "netutils.h" diff --git a/src/server.h b/src/server.h index 8cfff007..a1d74995 100644 --- a/src/server.h +++ b/src/server.h @@ -23,10 +23,15 @@ #ifndef _SERVER_H #define _SERVER_H -#include #include #include +#ifdef HAVE_LIBEV_EV_H +#include +#else +#include +#endif + #include "crypto.h" #include "jconf.h" #include "resolv.h" diff --git a/src/tunnel.h b/src/tunnel.h index 93739a4b..45f0cfd5 100644 --- a/src/tunnel.h +++ b/src/tunnel.h @@ -23,7 +23,12 @@ #ifndef _TUNNEL_H #define _TUNNEL_H +#ifdef HAVE_LIBEV_EV_H +#include +#else #include +#endif + #include "crypto.h" #include "jconf.h" diff --git a/src/udprelay.h b/src/udprelay.h index 02050760..20d9dab2 100644 --- a/src/udprelay.h +++ b/src/udprelay.h @@ -23,9 +23,14 @@ #ifndef _UDPRELAY_H #define _UDPRELAY_H -#include #include +#ifdef HAVE_LIBEV_EV_H +#include +#else +#include +#endif + #include "crypto.h" #include "jconf.h" From 913dfd81e8453c594c46fc8d567ee237af1e35df Mon Sep 17 00:00:00 2001 From: Max Lv Date: Fri, 24 Feb 2017 12:16:20 +0800 Subject: [PATCH 26/62] Bump version --- Changes | 6 ++++++ Makefile.am | 2 +- README.md | 2 +- configure.ac | 2 +- debian/changelog | 6 ++++++ docker/alpine/Dockerfile | 2 +- 6 files changed, 16 insertions(+), 4 deletions(-) diff --git a/Changes b/Changes index fdc52116..1e50b97e 100644 --- a/Changes +++ b/Changes @@ -1,3 +1,9 @@ +shadowsocks-libev (3.0.3-1) unstable; urgency=medium + + * Replace nonce cache with a ping-pong bloom filter. + + -- Max Lv Fri, 24 Feb 2017 12:08:31 +0800 + shadowsocks-libev (3.0.2-1) unstable; urgency=high * Add session key for AEAD. (SIP007) diff --git a/Makefile.am b/Makefile.am index c836452c..dc6ad6b5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -13,7 +13,7 @@ ACLOCAL_AMFLAGS = -I m4 pkgconfiglibdir = $(libdir)/pkgconfig pkgconfiglib_DATA = shadowsocks-libev.pc -EXTRA_DIST = acl Changes completions debian docker rpm README.md +EXTRA_DIST = acl Changes completions debian docker rpm scripts README.md EXTRA_DIST += libbloom EXTRA_DIST += libcork/include libipset/include EXTRA_DIST += libipset/src/libipset/map/inspection-template.c.in diff --git a/README.md b/README.md index a6936a7b..4491d826 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ It is a port of [Shadowsocks](https://github.com/shadowsocks/shadowsocks) created by [@clowwindy](https://github.com/clowwindy), and maintained by [@madeye](https://github.com/madeye) and [@linusyang](https://github.com/linusyang). -Current version: 3.0.2 | [Changelog](debian/changelog) +Current version: 3.0.3 | [Changelog](debian/changelog) Travis CI: [![Travis CI](https://travis-ci.org/shadowsocks/shadowsocks-libev.svg?branch=master)](https://travis-ci.org/shadowsocks/shadowsocks-libev) diff --git a/configure.ac b/configure.ac index c5134f48..c6764db7 100755 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ dnl -*- Autoconf -*- dnl Process this file with autoconf to produce a configure script. AC_PREREQ([2.67]) -AC_INIT([shadowsocks-libev], [3.0.2], [max.c.lv@gmail.com]) +AC_INIT([shadowsocks-libev], [3.0.3], [max.c.lv@gmail.com]) AC_CONFIG_SRCDIR([src/crypto.c]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_AUX_DIR(auto) diff --git a/debian/changelog b/debian/changelog index fdc52116..1e50b97e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +shadowsocks-libev (3.0.3-1) unstable; urgency=medium + + * Replace nonce cache with a ping-pong bloom filter. + + -- Max Lv Fri, 24 Feb 2017 12:08:31 +0800 + shadowsocks-libev (3.0.2-1) unstable; urgency=high * Add session key for AEAD. (SIP007) diff --git a/docker/alpine/Dockerfile b/docker/alpine/Dockerfile index c8c1f9ec..f7e31c56 100644 --- a/docker/alpine/Dockerfile +++ b/docker/alpine/Dockerfile @@ -5,7 +5,7 @@ FROM alpine MAINTAINER kev -ARG SS_VER=3.0.2 +ARG SS_VER=3.0.3 ARG SS_URL=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$SS_VER/shadowsocks-libev-$SS_VER.tar.gz ENV SERVER_ADDR 0.0.0.0 From 908a7fa050d5c1530b3b80556aec341fce080646 Mon Sep 17 00:00:00 2001 From: Max Lv Date: Fri, 24 Feb 2017 15:57:01 +0800 Subject: [PATCH 27/62] Fix #1296 --- src/local.c | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/src/local.c b/src/local.c index 5e68a891..28472901 100644 --- a/src/local.c +++ b/src/local.c @@ -447,6 +447,13 @@ server_recv_cb(EV_P_ ev_io *w, int revents) // all processed return; } else if (server->stage == STAGE_INIT) { + if (buf->len < 3) { + return; + } + int method_len = (buf->data[1] & 0xff) + 2; + if (buf->len < method_len) { + return; + } struct method_select_response response; response.ver = SVERSION; response.method = 0; @@ -454,21 +461,24 @@ server_recv_cb(EV_P_ ev_io *w, int revents) send(server->fd, send_buf, sizeof(response), 0); server->stage = STAGE_HANDSHAKE; - int off = (buf->data[1] & 0xff) + 2; - if (buf->data[0] == 0x05 && off < (int)(buf->len)) { - memmove(buf->data, buf->data + off, buf->len - off); - buf->len -= off; + if (buf->data[0] == 0x05 && method_len < (int)(buf->len)) { + memmove(buf->data, buf->data + method_len , buf->len - method_len); + buf->len -= method_len; continue; } buf->len = 0; - return; } else if (server->stage == STAGE_HANDSHAKE || server->stage == STAGE_PARSE) { struct socks5_request *request = (struct socks5_request *)buf->data; + size_t request_len = sizeof(struct socks5_request); struct sockaddr_in sock_addr; memset(&sock_addr, 0, sizeof(sock_addr)); + if (buf->len < request_len) { + return; + } + int udp_assc = 0; if (request->cmd == 3) { @@ -545,6 +555,9 @@ server_recv_cb(EV_P_ ev_io *w, int revents) if (atyp == 1) { // IP V4 size_t in_addr_len = sizeof(struct in_addr); + if (buf->len < request_len + in_addr_len + 2) { + return; + } memcpy(abuf->data + abuf->len, buf->data + 4, in_addr_len + 2); abuf->len += in_addr_len + 2; @@ -557,6 +570,9 @@ server_recv_cb(EV_P_ ev_io *w, int revents) } else if (atyp == 3) { // Domain name uint8_t name_len = *(uint8_t *)(buf->data + 4); + if (buf->len < request_len + name_len + 2) { + return; + } abuf->data[abuf->len++] = name_len; memcpy(abuf->data + abuf->len, buf->data + 4 + 1, name_len + 2); abuf->len += name_len + 2; @@ -571,6 +587,9 @@ server_recv_cb(EV_P_ ev_io *w, int revents) } else if (atyp == 4) { // IP V6 size_t in6_addr_len = sizeof(struct in6_addr); + if (buf->len < request_len + in6_addr_len + 2) { + return; + } memcpy(abuf->data + abuf->len, buf->data + 4, in6_addr_len + 2); abuf->len += in6_addr_len + 2; From eada394c1faf85709d6afddf6f47651cf9d7afa7 Mon Sep 17 00:00:00 2001 From: Roger Shimizu Date: Fri, 24 Feb 2017 23:15:48 +0900 Subject: [PATCH 28/62] Update build_deb.sh to add libbloom support Also includes fixes for yakkety. --- scripts/build_deb.sh | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/scripts/build_deb.sh b/scripts/build_deb.sh index 18ff0de6..46f902bf 100755 --- a/scripts/build_deb.sh +++ b/scripts/build_deb.sh @@ -102,6 +102,13 @@ build_install_libsodium() { sudo dpkg -i libsodium*.deb } +# Build libbloom deb +build_install_libbloom() { + BRANCH=$1 + gbp_build https://github.com/rogers0/libbloom $BRANCH + sudo dpkg -i libbloom-dev_*.deb libbloom1_*.deb +} + # Add patch to work on system with debhelper 9 only patch_sslibev_dh9() { gbp clone --pristine-tar https://anonscm.debian.org/git/collab-maint/shadowsocks-libev.git @@ -116,7 +123,8 @@ patch_sslibev_dh9() { # Build and install shadowsocks-libev deb build_install_sslibev() { - gbp_build https://anonscm.debian.org/git/collab-maint/shadowsocks-libev.git master + BRANCH=$1 + gbp_build https://anonscm.debian.org/git/collab-maint/shadowsocks-libev.git $BRANCH sudo dpkg -i shadowsocks-libev_*.deb sudo apt-get install -fy } @@ -140,12 +148,14 @@ wheezy|precise) ;; jessie) apt_init "git-buildpackage equivs" "debhelper libsodium-dev" - build_install_sslibev + build_install_libbloom exp1 + build_install_sslibev exp1 apt_clean ;; -stretch|unstable|sid|yakkety) +stretch|unstable|sid) apt_init "git-buildpackage equivs" - build_install_sslibev + build_install_libbloom exp1 + build_install_sslibev exp1 apt_clean ;; trusty) @@ -154,15 +164,25 @@ trusty) build_install_libcorkipset trusty build_install_libmbedtls build_install_libsodium + build_install_libbloom exp1_trusty patch_sslibev_dh9 - build_install_sslibev + build_install_sslibev exp1 apt_clean ;; xenial) apt_init "git-buildpackage equivs" debhelper build_install_libcork debian build_install_libcorkipset debian - build_install_sslibev + build_install_libbloom exp1 + build_install_sslibev exp1 + apt_clean + ;; +yakkety) + apt_init "git-buildpackage equivs" + build_install_libcork debian + build_install_libcorkipset debian + build_install_libbloom exp1 + build_install_sslibev exp1 apt_clean ;; *) From fda287d76f2f500a7d80cc220edf38d50437edd4 Mon Sep 17 00:00:00 2001 From: lqs Date: Sun, 26 Feb 2017 21:31:39 +0800 Subject: [PATCH 29/62] Add tcp-fast-open support for ss-redir --- src/redir.c | 115 ++++++++++++++++++++++++++++++++++++++++++++-------- src/redir.h | 2 + src/utils.c | 2 +- 3 files changed, 102 insertions(+), 17 deletions(-) diff --git a/src/redir.c b/src/redir.c index 84c5969a..7e69eb5a 100644 --- a/src/redir.c +++ b/src/redir.c @@ -97,6 +97,7 @@ static int mode = TCP_ONLY; #ifdef HAVE_SETRLIMIT static int nofile = 0; #endif +static int fast_open = 0; static struct ev_signal sigint_watcher; static struct ev_signal sigterm_watcher; @@ -191,6 +192,8 @@ server_recv_cb(EV_P_ ev_io *w, int revents) server_t *server = server_recv_ctx->server; remote_t *remote = server->remote; + ev_timer_stop(EV_A_ & server->delayed_connect_watcher); + ssize_t r = recv(server->fd, remote->buf->data + remote->buf->len, BUF_SIZE - remote->buf->len, 0); @@ -332,6 +335,28 @@ server_send_cb(EV_P_ ev_io *w, int revents) } } +static void +delayed_connect_cb(EV_P_ ev_timer *watcher, int revents) +{ + server_t *server = cork_container_of(watcher, server_t, + delayed_connect_watcher); + remote_t *remote = server->remote; + + int r = connect(remote->fd, remote->addr, + get_sockaddr_len(remote->addr)); + + if (r == -1 && errno != CONNECT_IN_PROGRESS) { + ERROR("connect"); + close_and_free_remote(EV_A_ remote); + close_and_free_server(EV_A_ server); + return; + } else { + // listen to remote connected event + ev_io_start(EV_A_ & remote->send_ctx->io); + ev_timer_start(EV_A_ & remote->send_ctx->watcher); + } +} + static void remote_timeout_cb(EV_P_ ev_timer *watcher, int revents) { @@ -426,10 +451,13 @@ remote_send_cb(EV_P_ ev_io *w, int revents) server_t *server = remote->server; if (!remote_send_ctx->connected) { - struct sockaddr_storage addr; - memset(&addr, 0, sizeof(struct sockaddr_storage)); - socklen_t len = sizeof addr; - int r = getpeername(remote->fd, (struct sockaddr *)&addr, &len); + int r = 0; + if (remote->addr == NULL) { + struct sockaddr_storage addr; + memset(&addr, 0, sizeof(struct sockaddr_storage)); + socklen_t len = sizeof addr; + r = getpeername(remote->fd, (struct sockaddr *)&addr, &len); + } if (r == 0) { remote_send_ctx->connected = 1; ev_io_stop(EV_A_ & remote_send_ctx->io); @@ -516,8 +544,37 @@ remote_send_cb(EV_P_ ev_io *w, int revents) return; } else { // has data to send - ssize_t s = send(remote->fd, remote->buf->data + remote->buf->idx, - remote->buf->len, 0); + ssize_t s; + if (remote->addr != NULL) { + s = sendto(remote->fd, remote->buf->data + remote->buf->idx, + remote->buf->len, MSG_FASTOPEN, remote->addr, + get_sockaddr_len(remote->addr)); + if (s == -1 && (errno == EOPNOTSUPP || errno == EPROTONOSUPPORT || + errno == ENOPROTOOPT)) { + fast_open = 0; + LOGE("fast open is not supported on this platform"); + s = connect(remote->fd, remote->addr, + get_sockaddr_len(remote->addr)); + } + remote->addr = NULL; + + if (s == -1) { + if (errno == CONNECT_IN_PROGRESS || errno == EAGAIN + || errno == EWOULDBLOCK) { + ev_io_start(EV_A_ & remote_send_ctx->io); + ev_timer_start(EV_A_ & remote_send_ctx->watcher); + return; + } else { + ERROR("connect"); + close_and_free_remote(EV_A_ remote); + close_and_free_server(EV_A_ server); + } + } + } else { + s = send(remote->fd, remote->buf->data + remote->buf->idx, + remote->buf->len, 0); + } + if (s == -1) { if (errno != EAGAIN && errno != EWOULDBLOCK) { ERROR("send"); @@ -626,6 +683,9 @@ new_server(int fd) ev_io_init(&server->recv_ctx->io, server_recv_cb, fd, EV_READ); ev_io_init(&server->send_ctx->io, server_send_cb, fd, EV_WRITE); + ev_timer_init(&server->delayed_connect_watcher, delayed_connect_cb, 0.05, + 0); + return server; } @@ -661,6 +721,7 @@ close_and_free_server(EV_P_ server_t *server) if (server != NULL) { ev_io_stop(EV_A_ & server->send_ctx->io); ev_io_stop(EV_A_ & server->recv_ctx->io); + ev_timer_stop(EV_A_ & server->delayed_connect_watcher); close(server->fd); free_server(server); } @@ -736,18 +797,23 @@ accept_cb(EV_P_ ev_io *w, int revents) remote->server = server; server->destaddr = destaddr; - int r = connect(remotefd, remote_addr, get_sockaddr_len(remote_addr)); + if (fast_open) { + // save remote addr for fast open + remote->addr = remote_addr; + ev_timer_start(EV_A_ & server->delayed_connect_watcher); + } else { + int r = connect(remotefd, remote_addr, get_sockaddr_len(remote_addr)); - if (r == -1 && errno != CONNECT_IN_PROGRESS) { - ERROR("connect"); - close_and_free_remote(EV_A_ remote); - close_and_free_server(EV_A_ server); - return; + if (r == -1 && errno != CONNECT_IN_PROGRESS) { + ERROR("connect"); + close_and_free_remote(EV_A_ remote); + close_and_free_server(EV_A_ server); + return; + } + // listen to remote connected event + ev_io_start(EV_A_ & remote->send_ctx->io); + ev_timer_start(EV_A_ & remote->send_ctx->watcher); } - - // listen to remote connected event - ev_io_start(EV_A_ & remote->send_ctx->io); - ev_timer_start(EV_A_ & remote->send_ctx->watcher); ev_io_start(EV_A_ & server->recv_ctx->io); } @@ -803,6 +869,7 @@ main(int argc, char **argv) char *remote_port = NULL; static struct option long_options[] = { + { "fast-open", no_argument, NULL, GETOPT_VAL_FAST_OPEN }, { "mtu", required_argument, NULL, GETOPT_VAL_MTU }, { "mptcp", no_argument, NULL, GETOPT_VAL_MPTCP }, { "plugin", required_argument, NULL, GETOPT_VAL_PLUGIN }, @@ -821,6 +888,9 @@ main(int argc, char **argv) while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:c:b:a:n:huUv6A", long_options, NULL)) != -1) { switch (c) { + case GETOPT_VAL_FAST_OPEN: + fast_open = 1; + break; case GETOPT_VAL_MTU: mtu = atoi(optarg); LOGI("set MTU to %d", mtu); @@ -968,6 +1038,9 @@ main(int argc, char **argv) if (reuse_port == 0) { reuse_port = conf->reuse_port; } + if (fast_open == 0) { + fast_open = conf->fast_open; + } #ifdef HAVE_SETRLIMIT if (nofile == 0) { nofile = conf->nofile; @@ -1018,6 +1091,16 @@ main(int argc, char **argv) local_addr = "127.0.0.1"; } + + if (fast_open == 1) { +#ifdef TCP_FASTOPEN + LOGI("using tcp fast open"); +#else + LOGE("tcp fast open is not supported by this environment"); + fast_open = 0; +#endif + } + if (pid_flags) { USE_SYSLOG(argv[0]); daemonize(pid_path); diff --git a/src/redir.h b/src/redir.h index 783121d0..697b5405 100644 --- a/src/redir.h +++ b/src/redir.h @@ -61,6 +61,7 @@ typedef struct server { size_t hostname_len; struct sockaddr_storage destaddr; + ev_timer delayed_connect_watcher; } server_t; typedef struct remote_ctx { @@ -77,6 +78,7 @@ typedef struct remote { struct remote_ctx *send_ctx; struct server *server; uint32_t counter; + struct sockaddr *addr; } remote_t; #endif // _REDIR_H diff --git a/src/utils.c b/src/utils.c index 838e4923..ec2d506a 100644 --- a/src/utils.c +++ b/src/utils.c @@ -345,7 +345,7 @@ usage() #endif printf( " [--reuse-port] Enable port reuse.\n"); -#if defined(MODULE_REMOTE) || defined(MODULE_LOCAL) +#if defined(MODULE_REMOTE) || defined(MODULE_LOCAL) || defined(MODULE_REDIR) printf( " [--fast-open] Enable TCP fast open.\n"); printf( From 9e3b5528b44310c822922d4bc953bcd3e8c10983 Mon Sep 17 00:00:00 2001 From: Roger Shimizu Date: Mon, 27 Feb 2017 01:59:48 +0900 Subject: [PATCH 30/62] Add simple-obfs support to build_deb.sh script --- scripts/build_deb.sh | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/scripts/build_deb.sh b/scripts/build_deb.sh index 46f902bf..8209bb23 100755 --- a/scripts/build_deb.sh +++ b/scripts/build_deb.sh @@ -40,11 +40,13 @@ apt_init() { # Cleanup apt_clean() { - sudo apt-get purge -y $DEPS $DEPS_BPO shadowsocks-libev-build-deps \ - libcork-dev libcorkipset-dev debhelper + sudo apt-get purge -y $DEPS $DEPS_BPO debhelper \ + libbloom-dev libcork-dev libcorkipset-dev libmbedtls-dev \ + libsodium-dev libbloom-build-deps simple-obfs-build-deps \ + shadowsocks-libev-build-deps sudo apt-get purge -y libcork-build-deps libcorkipset-build-deps - sudo apt-get purge -y mbedtls-build-deps libmbedtls-dev - sudo apt-get purge -y libsodium-build-deps libsodium-dev + sudo apt-get purge -y libsodium-build-deps + sudo apt-get purge -y mbedtls-build-deps sudo apt-get autoremove -y } @@ -63,6 +65,21 @@ gbp_build() { cd - } +git_build() { + REPO=$1 + BRANCH=$2 + PROJECT_NAME=$(basename $1|sed s/\.git$//) + git clone $REPO + cd $PROJECT_NAME + git checkout $BRANCH + mk-build-deps --root-cmd sudo --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" + rm ${PROJECT_NAME}-build-deps_*.deb + gbp buildpackage -us -uc --git-ignore-branch + git clean -fdx + git reset --hard HEAD + cd - +} + dsc_build() { DSC=$1 DSC_FILE=$(basename $1) @@ -129,6 +146,14 @@ build_install_sslibev() { sudo apt-get install -fy } +# Build and install simple-obfs +build_install_simpleobfs() { + BRANCH=$1 + git_build https://github.com/rogers0/simple-obfs $BRANCH + sudo dpkg -i simple-obfs_*.deb + sudo apt-get install -fy +} + OSID=$(grep ^ID= /etc/os-release|cut -d= -f2) case "$OSID" in debian) @@ -150,12 +175,14 @@ jessie) apt_init "git-buildpackage equivs" "debhelper libsodium-dev" build_install_libbloom exp1 build_install_sslibev exp1 + build_install_simpleobfs exp1 apt_clean ;; stretch|unstable|sid) apt_init "git-buildpackage equivs" build_install_libbloom exp1 build_install_sslibev exp1 + build_install_simpleobfs exp1 apt_clean ;; trusty) @@ -167,6 +194,7 @@ trusty) build_install_libbloom exp1_trusty patch_sslibev_dh9 build_install_sslibev exp1 + build_install_simpleobfs exp1_trusty apt_clean ;; xenial) @@ -175,6 +203,7 @@ xenial) build_install_libcorkipset debian build_install_libbloom exp1 build_install_sslibev exp1 + build_install_simpleobfs exp1 apt_clean ;; yakkety) @@ -183,6 +212,7 @@ yakkety) build_install_libcorkipset debian build_install_libbloom exp1 build_install_sslibev exp1 + build_install_simpleobfs exp1 apt_clean ;; *) From 71ff3cff1d598c2f6871393cf1e5cdc4171e108c Mon Sep 17 00:00:00 2001 From: Max Lv Date: Mon, 27 Feb 2017 13:37:07 +0800 Subject: [PATCH 31/62] Fix #1306 --- configure.ac | 2 +- src/utils.c | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index c6764db7..d4dfd434 100755 --- a/configure.ac +++ b/configure.ac @@ -217,7 +217,7 @@ AC_CHECK_FUNCS([memset select setresuid setreuid strerror get_current_dir_name g AC_CHECK_LIB(socket, connect) dnl Checks for library functions. -AC_CHECK_FUNCS([malloc memset socket]) +AC_CHECK_FUNCS([malloc memset posix_memalign socket]) dnl Add define for libudns to enable IPv6 support dnl This is an option defined in the origin configure script diff --git a/src/utils.c b/src/utils.c index ec2d506a..5ebd3672 100644 --- a/src/utils.c +++ b/src/utils.c @@ -234,7 +234,11 @@ ss_align(size_t size) { int err; void *tmp; +#ifdef HAVE_POSIX_MEMALIGN err = posix_memalign(&tmp, sizeof(void *), size); +#else + err = -1; +#endif if (err) { return ss_malloc(size); } else { From 529b226d188e9c9a60f0c135928ac1786631b81a Mon Sep 17 00:00:00 2001 From: Roger Shimizu Date: Mon, 27 Feb 2017 21:27:39 +0900 Subject: [PATCH 32/62] Cleanup build_deb.sh script - Use "lsb_release -cs" command to get distro info. - Limit xz memory usage to 128MiB. - Other minor fixes. --- scripts/build_deb.sh | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/scripts/build_deb.sh b/scripts/build_deb.sh index 8209bb23..14b9004c 100755 --- a/scripts/build_deb.sh +++ b/scripts/build_deb.sh @@ -109,7 +109,8 @@ build_install_libcorkipset() { # Build libmbedtls deb build_install_libmbedtls() { - gbp_build https://anonscm.debian.org/cgit/collab-maint/mbedtls.git debian/jessie-backports + BRANCH=$1 + gbp_build https://anonscm.debian.org/git/collab-maint/mbedtls.git $BRANCH sudo dpkg -i libmbed*.deb } @@ -128,8 +129,10 @@ build_install_libbloom() { # Add patch to work on system with debhelper 9 only patch_sslibev_dh9() { + BRANCH=$1 gbp clone --pristine-tar https://anonscm.debian.org/git/collab-maint/shadowsocks-libev.git cd shadowsocks-libev + git checkout $BRANCH sed -i 's/dh $@/dh $@ --with systemd,autoreconf/' debian/rules sed -i 's/debhelper (>= 10)/debhelper (>= 9), dh-systemd, dh-autoreconf/' debian/control echo 9 > debian/compat @@ -154,18 +157,10 @@ build_install_simpleobfs() { sudo apt-get install -fy } +export XZ_DEFAULTS=--memlimit=128MiB + OSID=$(grep ^ID= /etc/os-release|cut -d= -f2) -case "$OSID" in -debian) - OSVER=$(grep ^VERSION= /etc/os-release|cut -d\( -f2|cut -d\) -f1) - ;; -ubuntu) - OSVER=$(grep DISTRIB_CODENAME /etc/lsb-release|cut -d= -f2) - ;; -*) - OSVER=unknown - ;; -esac +OSVER=$(lsb_release -cs) case "$OSVER" in wheezy|precise) @@ -189,10 +184,10 @@ trusty) apt_init "git-buildpackage equivs" build_install_libcork trusty build_install_libcorkipset trusty - build_install_libmbedtls + build_install_libmbedtls debian/jessie-backports build_install_libsodium build_install_libbloom exp1_trusty - patch_sslibev_dh9 + patch_sslibev_dh9 exp1 build_install_sslibev exp1 build_install_simpleobfs exp1_trusty apt_clean From af7ea5c400f3ef31cc1c1e89beea3bbfb553546b Mon Sep 17 00:00:00 2001 From: cuckoo Date: Mon, 27 Feb 2017 22:07:51 +0800 Subject: [PATCH 33/62] use system lib --- rpm/genrpm.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rpm/genrpm.sh b/rpm/genrpm.sh index b80aa0a3..d44c02bf 100755 --- a/rpm/genrpm.sh +++ b/rpm/genrpm.sh @@ -67,7 +67,7 @@ generate_tarball() git ls-tree -dr "v${g_version}" | grep commit \ | while read eat_mod eat_type mod_sha mod_path; do \ [ "${mod_path}" = "" ] && continue || :; \ - (pushd ${mod_path=} \ + (pushd ${mod_path} \ && git archive ${mod_sha} \ --prefix="${tarball_name}/${mod_path}/" \ -o "${tarball_dir}/sub_mod.tar" \ @@ -114,4 +114,5 @@ sed -e "s/^\(Version: \).*$/\1${g_version}/" \ rpmbuild -bb ${spec_path} \ --define "%_topdir ${g_rpmbuild_topdir}" \ - ${g_rpmbuild_conditions} \ + --define "%use_system_lib 1" \ + ${g_rpmbuild_conditions} From 15a01d581ea44f839507b1f6c029d5b2f1154206 Mon Sep 17 00:00:00 2001 From: Jian Chang Date: Tue, 28 Feb 2017 14:13:45 +0800 Subject: [PATCH 34/62] update README.md On Linux, you need to run `ldconfig` after installing a new library. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4491d826..f3afe183 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,7 @@ pushd mbedtls-$MBEDTLS_VER make SHARED=1 CFLAGS=-fPIC sudo make DESTDIR=/usr install popd +sudo ldconfig ``` ## Installation From 28b3d0a99ea66185d12bf9b77d2483c5538ef0eb Mon Sep 17 00:00:00 2001 From: Max Lv Date: Tue, 28 Feb 2017 22:24:49 +0800 Subject: [PATCH 35/62] Fix #1312 --- libbloom | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libbloom b/libbloom index f6e53fe6..7a9deb89 160000 --- a/libbloom +++ b/libbloom @@ -1 +1 @@ -Subproject commit f6e53fe6486c40b751b58e6e8e516aeb6247e493 +Subproject commit 7a9deb893fc1646c0b9186b50d46358379953d4b From 1b2559478df2bd8c5812ebd7570890c0ca65086b Mon Sep 17 00:00:00 2001 From: Roger Shimizu Date: Wed, 1 Mar 2017 00:18:41 +0900 Subject: [PATCH 36/62] Make build_deb.sh script to build libraries and binaries separately Also add usage help and a few code cleanup --- scripts/build_deb.sh | 155 +++++++++++++++++++++++++++++++------------ 1 file changed, 114 insertions(+), 41 deletions(-) diff --git a/scripts/build_deb.sh b/scripts/build_deb.sh index 14b9004c..f2f1f6ac 100755 --- a/scripts/build_deb.sh +++ b/scripts/build_deb.sh @@ -6,15 +6,44 @@ # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -if [ -d .git ]; then - echo Please run this script in a clean place. - echo e.g. - echo " mkdir -p ~/build-area/" - echo " cp $0 ~/build-area/" - echo " cd ~/build-area" - echo " ./$(basename $0)" - exit -fi +help_usage() { +cat << EOT + +Build shadowsocks-libev and its dependencies +Usage: + $(basename $0) [--help|-h] [lib|bin|all] + + --help|-h Show this usage. + lib Build library packages only. + bin Build binary packages only. + However, you need the libraries built previously, in current working directory. + For advanced user only. + all Build both binary and library packages (default). + The safe choice for everyone. + +Please run this script in a clean place. +e.g. + mkdir -p ~/build-area + cd ~/build-area + ln -s $(readlink -f $0) . + ./$(basename $0) + +EOT +exit +} + +help_lib() { +cat << EOT + +Failed to install required library: + $1 +You can try to fix it by: + + $0 lib + +EOT +exit +} apt_init() { DEPS="$1" @@ -41,12 +70,10 @@ apt_init() { # Cleanup apt_clean() { sudo apt-get purge -y $DEPS $DEPS_BPO debhelper \ - libbloom-dev libcork-dev libcorkipset-dev libmbedtls-dev \ - libsodium-dev libbloom-build-deps simple-obfs-build-deps \ - shadowsocks-libev-build-deps - sudo apt-get purge -y libcork-build-deps libcorkipset-build-deps - sudo apt-get purge -y libsodium-build-deps - sudo apt-get purge -y mbedtls-build-deps + libbloom-dev libcork-dev libcorkipset-dev libmbedtls-dev libsodium-dev + sudo apt-get purge -y libcork-build-deps libcorkipset-build-deps \ + libbloom-build-deps libsodium-build-deps mbedtls-build-deps + sudo apt-get purge -y simple-obfs-build-deps shadowsocks-libev-build-deps sudo apt-get autoremove -y } @@ -96,39 +123,65 @@ dsc_build() { # Build and install libcork deb build_install_libcork() { BRANCH=$1 - gbp_build https://github.com/rogers0/libcork $BRANCH + if [ $BUILD_LIB -eq 1 ]; then + gbp_build https://github.com/rogers0/libcork $BRANCH + else + ls libcork-dev_*.deb libcork16_*.deb 2>&1 > /dev/null || + help_lib "libcork-dev libcork16" + fi sudo dpkg -i libcork-dev_*.deb libcork16_*.deb } # Build and install libcorkipset deb build_install_libcorkipset() { BRANCH=$1 - gbp_build https://github.com/rogers0/libcorkipset $BRANCH + if [ $BUILD_LIB -eq 1 ]; then + gbp_build https://github.com/rogers0/libcorkipset $BRANCH + else + ls libcorkipset-dev_*.deb libcorkipset1_*.deb 2>&1 > /dev/null || + help_lib "libcorkipset-dev libcorkipset1" + fi sudo dpkg -i libcorkipset-dev_*.deb libcorkipset1_*.deb } # Build libmbedtls deb build_install_libmbedtls() { BRANCH=$1 - gbp_build https://anonscm.debian.org/git/collab-maint/mbedtls.git $BRANCH + if [ $BUILD_LIB -eq 1 ]; then + gbp_build https://anonscm.debian.org/git/collab-maint/mbedtls.git $BRANCH + else + ls libmbed*.deb 2>&1 > /dev/null || + help_lib libmbedtls + fi sudo dpkg -i libmbed*.deb } # Build libsodium deb build_install_libsodium() { - dsc_build http://httpredir.debian.org/debian/pool/main/libs/libsodium/libsodium_1.0.11-1~bpo8+1.dsc + if [ $BUILD_LIB -eq 1 ]; then + dsc_build http://httpredir.debian.org/debian/pool/main/libs/libsodium/libsodium_1.0.11-1~bpo8+1.dsc + else + ls libsodium*.deb 2>&1 > /dev/null || + help_lib libsodium + fi sudo dpkg -i libsodium*.deb } # Build libbloom deb build_install_libbloom() { BRANCH=$1 - gbp_build https://github.com/rogers0/libbloom $BRANCH + if [ $BUILD_LIB -eq 1 ]; then + gbp_build https://github.com/rogers0/libbloom $BRANCH + else + ls libbloom-dev_*.deb libbloom1_*.deb 2>&1 > /dev/null || + help_lib "libbloom-dev libbloom1" + fi sudo dpkg -i libbloom-dev_*.deb libbloom1_*.deb } # Add patch to work on system with debhelper 9 only patch_sslibev_dh9() { +if [ $BUILD_BIN -eq 1 ]; then BRANCH=$1 gbp clone --pristine-tar https://anonscm.debian.org/git/collab-maint/shadowsocks-libev.git cd shadowsocks-libev @@ -139,49 +192,79 @@ patch_sslibev_dh9() { git add -u git commit -m "Patch to work with ubuntu trusty (14.04)" cd - +fi } # Build and install shadowsocks-libev deb build_install_sslibev() { +if [ $BUILD_BIN -eq 1 ]; then BRANCH=$1 gbp_build https://anonscm.debian.org/git/collab-maint/shadowsocks-libev.git $BRANCH sudo dpkg -i shadowsocks-libev_*.deb sudo apt-get install -fy +fi } # Build and install simple-obfs build_install_simpleobfs() { +if [ $BUILD_BIN -eq 1 ]; then BRANCH=$1 git_build https://github.com/rogers0/simple-obfs $BRANCH sudo dpkg -i simple-obfs_*.deb sudo apt-get install -fy +fi } export XZ_DEFAULTS=--memlimit=128MiB OSID=$(grep ^ID= /etc/os-release|cut -d= -f2) OSVER=$(lsb_release -cs) +BUILD_LIB=0 +BUILD_BIN=0 + +case "$1" in +--help|-h) + help_usage + ;; +lib) + BUILD_LIB=1 + ;; +bin) + BUILD_BIN=1 + ;; +all|"") + BUILD_LIB=1 + BUILD_BIN=1 + ;; +*) + echo Parameter error, exiting ... + exit +esac + +# Exit if in a git repo +[ -d .git ] && help_usage + +case "$OSVER" in +jessie) + BPO="debhelper libsodium-dev" + ;; +xenial) + BPO=debhelper + ;; +esac +apt_init "git-buildpackage equivs" "$BPO" case "$OSVER" in wheezy|precise) echo Sorry, your system $OSID/$OSVER is not supported. ;; -jessie) - apt_init "git-buildpackage equivs" "debhelper libsodium-dev" - build_install_libbloom exp1 - build_install_sslibev exp1 - build_install_simpleobfs exp1 - apt_clean - ;; -stretch|unstable|sid) - apt_init "git-buildpackage equivs" +jessie|stretch|unstable|sid|zesty) build_install_libbloom exp1 build_install_sslibev exp1 build_install_simpleobfs exp1 apt_clean ;; trusty) - apt_init "git-buildpackage equivs" build_install_libcork trusty build_install_libcorkipset trusty build_install_libmbedtls debian/jessie-backports @@ -192,17 +275,7 @@ trusty) build_install_simpleobfs exp1_trusty apt_clean ;; -xenial) - apt_init "git-buildpackage equivs" debhelper - build_install_libcork debian - build_install_libcorkipset debian - build_install_libbloom exp1 - build_install_sslibev exp1 - build_install_simpleobfs exp1 - apt_clean - ;; -yakkety) - apt_init "git-buildpackage equivs" +xenial|yakkety) build_install_libcork debian build_install_libcorkipset debian build_install_libbloom exp1 From 27860045e6423b102e4fbe6ae45e58b9a55c9afb Mon Sep 17 00:00:00 2001 From: Rayson zhu Date: Fri, 3 Mar 2017 13:03:17 +0800 Subject: [PATCH 37/62] Rewrite genrpm.sh to build RPM from current Git workspace Here are the problems existing in the old RPM packaging scripts: 1. The old `genrpm.sh` is designed to build RPMs for all versions of shadowsocks-libev with an option '-v'. This increases the complexity because we need to keep it compatible with old versions. 2. I have to modify the script manually in order to build RPMs from non-release commit or dirty workspace. The new script will only build RPMs and SRPMs from current workspace, not commit. The version-release number will be determined automatically from the `git describe` command. --- rpm/SPECS/shadowsocks-libev.spec.in | 14 +-- rpm/genrpm.sh | 156 +++++++++++----------------- 2 files changed, 64 insertions(+), 106 deletions(-) diff --git a/rpm/SPECS/shadowsocks-libev.spec.in b/rpm/SPECS/shadowsocks-libev.spec.in index 7a3e29b3..97715971 100644 --- a/rpm/SPECS/shadowsocks-libev.spec.in +++ b/rpm/SPECS/shadowsocks-libev.spec.in @@ -1,7 +1,3 @@ -%bcond_with completion -%bcond_with autogen - - Name: shadowsocks-libev Version: VERSION Release: 1%{?dist} @@ -55,9 +51,7 @@ shadowsocks-libev is a lightweight secured scoks5 proxy for embedded devices and %build -%if %{with autogen} ./autogen.sh -%endif %if 0%{?use_system_lib} %configure --enable-shared --enable-system-shared-lib @@ -82,17 +76,15 @@ install -m 644 %{_builddir}/%{buildsubdir}/debian/shadowsocks-libev-*.service %{ %endif install -m 644 %{_builddir}/%{buildsubdir}/debian/config.json %{buildroot}%{_sysconfdir}/shadowsocks-libev/config.json -%if %{with completion} mkdir -p %{buildroot}%{_datadir}/bash-completion/completions/ install -m 644 %{_builddir}/%{buildsubdir}/completions/bash/* %{buildroot}%{_datadir}/bash-completion/completions/ -%endif %pre %if 0%{?use_systemd} && 0%{?suse_version} %service_add_pre shadowsocks-libev.service %endif -%post +%post -p /sbin/ldconfig %if ! 0%{?use_systemd} /sbin/chkconfig --add shadowsocks-libev > /dev/null 2>&1 || : %else @@ -117,7 +109,7 @@ fi %endif %endif -%postun +%postun -p /sbin/ldconfig %if 0%{?use_systemd} %if 0%{?suse_version} %service_del_postun shadowsocks-libev.service @@ -137,9 +129,7 @@ fi %{_bindir}/* %{_libdir}/*.so.* %config(noreplace) %{_sysconfdir}/shadowsocks-libev/config.json -%if %{with completion} %{_datadir}/bash-completion/completions/* -%endif %doc %{_mandir}/* %if ! 0%{?use_systemd} %{_initddir}/shadowsocks-libev diff --git a/rpm/genrpm.sh b/rpm/genrpm.sh index d44c02bf..23a0f4a2 100755 --- a/rpm/genrpm.sh +++ b/rpm/genrpm.sh @@ -1,118 +1,86 @@ #!/usr/bin/env bash set -e -g_script_path=$(dirname $(readlink -e $0)) -g_toplevel_path=$(pushd $g_script_path > /dev/null 2>&1; \ - git rev-parse --show-toplevel; \ - popd > /dev/null 2>&1) - -g_version=$(git tag -l v* | sort --version-sort | tail -1) -g_version=${g_version#"v"} -g_format="tar.gz" -g_name="shadowsocks-libev" - -g_rpmbuild_topdir="${g_toplevel_path}/rpm" -g_rpmbuild_conditions= +SELF=$(readlink -f -- "$0") +HERE=$(dirname -- "$SELF") show_help() { - echo -e "`basename $0` [option] [argument]" + echo -e "`basename $0` [OPTION...]" echo echo -e "Options:" echo -e " -h show this help." - echo -e " -v with argument version (${g_version} by default)." - echo -e " -f with argument format (tar.gz by default) used by git archive." - echo - echo -e "Examples:" - echo -e " to build base on version \`2.4.1' with format \`tar.xz', run:" - echo -e " `basename $0` -f tar.xz -v 2.4.1" -} - -version_greater_equal() -{ - [ "$1" = $(printf "$1\n$2\n" | sort --version-sort | tail -1) ] -} - -verify_options() -{ - local completion_min_verion="2.6.0" - local archive_format_supported_max_version="2.6.2" - - version_greater_equal ${g_version} ${completion_min_verion} \ - && g_rpmbuild_conditions="${g_rpmbuild_conditions} --with completion" || : - - if ! version_greater_equal ${archive_format_supported_max_version} ${g_version}; then - g_rpmbuild_conditions="${g_rpmbuild_conditions} --with autogen" - - if [ "${g_format}" != "tar" ]; then - echo -e "version(${g_version}) greater than ${archive_format_supported_max_version} can only use archive format \`tar'." - echo -e "change format from \`${g_format}' to \`tar'" - g_format="tar" - fi - fi + echo -e " -s use system shared libraries" } -generate_tarball() -{ - local tarball_name="${g_name}-${g_version}" - local tarball_dir="${g_rpmbuild_topdir}/SOURCES" - - pushd ${g_toplevel_path} - - git archive "v${g_version}" \ - --format="${g_format}" \ - --prefix="${tarball_name}/" \ - -o "${tarball_dir}/${tarball_name}.${g_format}" - - git ls-tree -dr "v${g_version}" | grep commit \ - | while read eat_mod eat_type mod_sha mod_path; do \ - [ "${mod_path}" = "" ] && continue || :; \ - (pushd ${mod_path} \ - && git archive ${mod_sha} \ - --prefix="${tarball_name}/${mod_path}/" \ - -o "${tarball_dir}/sub_mod.tar" \ - && tar --concatenate "${tarball_dir}/sub_mod.tar" \ - --file="${tarball_dir}/${tarball_name}.tar" \ - && rm "${tarball_dir}/sub_mod.tar" \ - && popd) \ - done - - popd -} +OPT_USE_SYSTEM_LIB=0 -while getopts "hv:f:" opt +while getopts "hs" opt do case ${opt} in h) show_help exit 0 ;; - v) - if [ "${OPTARG}" = v* ]; then - g_version=${OPTARG#"v"} - else - g_version=${OPTARG} - fi - ;; - f) - g_format=${OPTARG} - ;; + + s) + OPT_USE_SYSTEM_LIB=1 + ;; *) + show_help exit 1 ;; esac done -verify_options - -generate_tarball - -spec_path="${g_rpmbuild_topdir}/SPECS/shadowsocks-libev.spec" -sed -e "s/^\(Version: \).*$/\1${g_version}/" \ - -e "s/^\(Source0: \).*$/\1${g_name}-${g_version}.${g_format}/" \ - "${spec_path}".in > "${spec_path}" - -rpmbuild -bb ${spec_path} \ - --define "%_topdir ${g_rpmbuild_topdir}" \ - --define "%use_system_lib 1" \ - ${g_rpmbuild_conditions} +# determine version and release number +GIT_DESCRIBE=$(git describe --tags --match 'v*' --long --dirty) +# GIT_DESCRIBE is like v3.0.3-11-g1e3f35c-dirty + +if [[ ! "$GIT_DESCRIBE" =~ ^v([^-]+)-([0-9]+)-g([0-9a-f]+)(-dirty)?$ ]]; then + >&2 echo 'ERROR - unrecognized `git describe` output: '"$GIT_DESCRIBE" + exit 1 +fi + +TARGET_VERSION=${BASH_REMATCH[1]} +TARGET_COMMITS=${BASH_REMATCH[2]} +TARGET_SHA1=${BASH_REMATCH[3]} +TARGET_DIRTY=${BASH_REMATCH[4]} + +TARGET_RELEASE=1 +if [ "$TARGET_COMMITS" -gt 0 ]; then + TARGET_RELEASE+=".$TARGET_COMMITS.git$TARGET_SHA1" +fi +if [ -n "$TARGET_DIRTY" ]; then + TARGET_RELEASE+=.dirty +fi + +TARGET_VERREL=$TARGET_VERSION-$TARGET_RELEASE +>&2 echo "INFO - RPM version-release is $TARGET_VERREL." + + +# archive tarball from Git workspace +TARGET_TARBALL_NAME=shadowsocks-libev-$TARGET_VERSION +TARGET_TARBALL_DIR=$HERE/SOURCES +mkdir -p -- "$TARGET_TARBALL_DIR" +#git archive HEAD --format=tar --prefix="$TARGET_TARBALL_NAME/" \ +# -o "$TARGET_TARBALL_DIR/$TARGET_TARBALL_NAME.tar" +pushd "$HERE"/.. +pwd +tar --exclude './rpm' --exclude '.[^/]*' --transform "s,^\.,$TARGET_TARBALL_NAME," \ + -cvf "$TARGET_TARBALL_DIR/$TARGET_TARBALL_NAME.tar" . +popd + +# generate spec file +TARGET_SPEC_DIR=$HERE/SPECS +mkdir -p -- "$TARGET_SPEC_DIR" +TARGET_SPEC_PATH=$TARGET_SPEC_DIR/shadowsocks-libev.spec +sed -e "s/^\(Version:\).*$/\1 ${TARGET_VERSION}/" \ + -e "s/^\(Release:\).*$/\1 ${TARGET_RELEASE}%{?dist}/" \ + -e "s/^\(Source0:\).*$/\1 ${TARGET_TARBALL_NAME}.tar/" \ + "${TARGET_SPEC_PATH}".in > "${TARGET_SPEC_PATH}" + +# build rpms +rpmbuild -ba "$TARGET_SPEC_PATH" \ + --define "%_topdir $HERE" \ + --define "%use_system_lib $OPT_USE_SYSTEM_LIB" From ea947db74da9dcfb76c80c75ba2c3a99e3a9b82c Mon Sep 17 00:00:00 2001 From: Rayson zhu Date: Fri, 3 Mar 2017 14:02:46 +0800 Subject: [PATCH 38/62] fix rpm SPEC file 1. add missing build and runtime dependencies 2. change minimal version requirement for libsodium to 1.0.4, which should work fine with ss-libev and EPEL7 users will not have to compile a later version. 3. add more entries to .gitignore --- .gitignore | 5 +++++ m4/sodium.m4 | 4 ++-- rpm/SPECS/shadowsocks-libev.spec.in | 17 ++++++++--------- rpm/genrpm.sh | 2 +- 4 files changed, 16 insertions(+), 12 deletions(-) diff --git a/.gitignore b/.gitignore index 10239ef6..84079e1d 100644 --- a/.gitignore +++ b/.gitignore @@ -43,6 +43,11 @@ shadowsocks-libev.pc debian/libshadowsocks-libev*.symbols libsodium/src/libsodium/include/sodium/version.h rpm/SPECS/shadowsocks-libev.spec +rpm/SRPMS +rpm/RPMS/ +rpm/SOURCES/ +!rpm/SOURCES/etc/init.d/shadowsocks-libev +rpm/BUILD # Ignore per-project vim config .vimrc diff --git a/m4/sodium.m4 b/m4/sodium.m4 index c3a5f3fd..b4c254e6 100644 --- a/m4/sodium.m4 +++ b/m4/sodium.m4 @@ -30,11 +30,11 @@ AC_DEFUN([ss_SODIUM], AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ #include ], [ - #if SODIUM_LIBRARY_VERSION_MAJOR < 8 + #if SODIUM_LIBRARY_VERSION_MAJOR < 7 || SODIUM_LIBRARY_VERSION_MAJOR ==7 && SODIUM_LIBRARY_VERSION_MINOR < 6 # error #endif ])], [AC_MSG_RESULT([checking for version of libsodium... yes])], - [AC_MSG_ERROR([Wrong libsodium: version >= 1.0.8 required])]) + [AC_MSG_ERROR([Wrong libsodium: version >= 1.0.4 required])]) ]) diff --git a/rpm/SPECS/shadowsocks-libev.spec.in b/rpm/SPECS/shadowsocks-libev.spec.in index 97715971..4b28e780 100644 --- a/rpm/SPECS/shadowsocks-libev.spec.in +++ b/rpm/SPECS/shadowsocks-libev.spec.in @@ -10,8 +10,10 @@ Source0: %{url}/archive/v%{version}.tar.gz AutoReq: no Conflicts: python-shadowsocks python3-shadowsocks -BuildRequires: make gcc pcre-devel asciidoc xmlto -Requires: pcre +BuildRequires: make gcc pcre-devel asciidoc xmlto automake libtool mbedtls-devel libsodium-devel >= 1.0.4 libev-devel udns-devel +Requires: pcre mbedtls libsodium >= 1.0.4 +Requires: libev udns + %if 0%{?suse_version} Requires: libopenssl1_0_0 @@ -36,11 +38,6 @@ BuildRequires: systemd %endif %endif -%if 0%{?use_system_lib} -BuildRequires: libev-devel libsodium-devel >= 1.0.4 udns-devel -Requires: libev libsodium >= 1.0.4 udns -%endif - %description shadowsocks-libev is a lightweight secured scoks5 proxy for embedded devices and low end boxes. @@ -84,7 +81,8 @@ install -m 644 %{_builddir}/%{buildsubdir}/completions/bash/* %{buildroot}%{_dat %service_add_pre shadowsocks-libev.service %endif -%post -p /sbin/ldconfig +%post +/sbin/ldconfig %if ! 0%{?use_systemd} /sbin/chkconfig --add shadowsocks-libev > /dev/null 2>&1 || : %else @@ -109,7 +107,8 @@ fi %endif %endif -%postun -p /sbin/ldconfig +%postun +/sbin/ldconfig %if 0%{?use_systemd} %if 0%{?suse_version} %service_del_postun shadowsocks-libev.service diff --git a/rpm/genrpm.sh b/rpm/genrpm.sh index 23a0f4a2..8e5190e3 100755 --- a/rpm/genrpm.sh +++ b/rpm/genrpm.sh @@ -66,7 +66,7 @@ mkdir -p -- "$TARGET_TARBALL_DIR" #git archive HEAD --format=tar --prefix="$TARGET_TARBALL_NAME/" \ # -o "$TARGET_TARBALL_DIR/$TARGET_TARBALL_NAME.tar" pushd "$HERE"/.. -pwd +make clean tar --exclude './rpm' --exclude '.[^/]*' --transform "s,^\.,$TARGET_TARBALL_NAME," \ -cvf "$TARGET_TARBALL_DIR/$TARGET_TARBALL_NAME.tar" . popd From efbd48889014cf526ecd8104f681df2aa3c66fce Mon Sep 17 00:00:00 2001 From: Sebastien DUPONCHEEL Date: Thu, 2 Mar 2017 17:19:40 +0100 Subject: [PATCH 39/62] mptcp: make shadowsocks kernel independant --- src/local.c | 16 ++++++++++++++-- src/netutils.h | 8 +++----- src/redir.c | 16 ++++++++++++++-- src/server.c | 11 +++++++++-- src/tunnel.c | 16 ++++++++++++++-- 5 files changed, 54 insertions(+), 13 deletions(-) diff --git a/src/local.c b/src/local.c index 28472901..76076354 100644 --- a/src/local.c +++ b/src/local.c @@ -1112,11 +1112,23 @@ create_remote(listen_ctx_t *listener, setsockopt(remotefd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt)); #endif - if (listener->mptcp == 1) { - int err = setsockopt(remotefd, SOL_TCP, MPTCP_ENABLED, &opt, sizeof(opt)); + if (listener->mptcp > 1) { + int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt)); if (err == -1) { ERROR("failed to enable multipath TCP"); } + } else if (listener->mptcp == 1) { + int i = 0; + while((listener->mptcp = mptcp_enabled_values[i]) > 0) { + int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt)); + if (err != -1) { + break; + } + i++; + } + if (listener->mptcp == 0) { + ERROR("failed to enable multipath TCP"); + } } // Setup diff --git a/src/netutils.h b/src/netutils.h index 95451fa1..e7dc07dc 100644 --- a/src/netutils.h +++ b/src/netutils.h @@ -46,13 +46,11 @@ #endif #endif -/* Backward compatibility for MPTCP_ENABLED between kernel 3 & 4 */ +/* MPTCP_ENABLED setsockopt values for kernel 4 & 3, best behaviour to be independant of kernel version is to test from newest to the latest values */ #ifndef MPTCP_ENABLED -#ifdef TCP_CC_INFO -#define MPTCP_ENABLED 42 +static const char mptcp_enabled_values[] = { 42, 26, 0 }; #else -#define MPTCP_ENABLED 26 -#endif +static const char mptcp_enabled_values[] = { MPTCP_ENABLED, 0 }; #endif #ifndef UPDATE_INTERVAL diff --git a/src/redir.c b/src/redir.c index 7e69eb5a..35b29116 100644 --- a/src/redir.c +++ b/src/redir.c @@ -784,11 +784,23 @@ accept_cb(EV_P_ ev_io *w, int revents) setnonblocking(remotefd); // Enable MPTCP - if (listener->mptcp == 1) { - int err = setsockopt(remotefd, SOL_TCP, MPTCP_ENABLED, &opt, sizeof(opt)); + if (listener->mptcp > 1) { + int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt)); if (err == -1) { ERROR("failed to enable multipath TCP"); } + } else if (listener->mptcp == 1) { + int i = 0; + while((listener->mptcp = mptcp_enabled_values[i]) > 0) { + int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt)); + if (err != -1) { + break; + } + i++; + } + if (listener->mptcp == 0) { + ERROR("failed to enable multipath TCP"); + } } server_t *server = new_server(serverfd); diff --git a/src/server.c b/src/server.c index e492b167..ff24b217 100644 --- a/src/server.c +++ b/src/server.c @@ -388,8 +388,15 @@ create_and_bind(const char *host, const char *port, int mptcp) } if (mptcp == 1) { - int err = setsockopt(listen_sock, SOL_TCP, MPTCP_ENABLED, &opt, sizeof(opt)); - if (err == -1) { + int i = 0; + while((mptcp = mptcp_enabled_values[i]) > 0) { + int err = setsockopt(listen_sock, IPPROTO_TCP, mptcp, &opt, sizeof(opt)); + if (err != -1) { + break; + } + i++; + } + if (mptcp == 0) { ERROR("failed to enable multipath TCP"); } } diff --git a/src/tunnel.c b/src/tunnel.c index 098478a5..9c792f84 100644 --- a/src/tunnel.c +++ b/src/tunnel.c @@ -659,11 +659,23 @@ accept_cb(EV_P_ ev_io *w, int revents) setsockopt(remotefd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt)); #endif - if (listener->mptcp == 1) { - int err = setsockopt(remotefd, SOL_TCP, MPTCP_ENABLED, &opt, sizeof(opt)); + if (listener->mptcp > 1) { + int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt)); if (err == -1) { ERROR("failed to enable multipath TCP"); } + } else if (listener->mptcp == 1) { + int i = 0; + while((listener->mptcp = mptcp_enabled_values[i]) > 0) { + int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt)); + if (err != -1) { + break; + } + i++; + } + if (listener->mptcp == 0) { + ERROR("failed to enable multipath TCP"); + } } // Setup From 495722f2bebb135c7e095ebfccac09ec5048a9de Mon Sep 17 00:00:00 2001 From: Max Lv Date: Sat, 4 Mar 2017 09:25:12 +0800 Subject: [PATCH 40/62] Listening at 0.0.0.0 by default --- src/server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/server.c b/src/server.c index ff24b217..59659a84 100644 --- a/src/server.c +++ b/src/server.c @@ -1566,7 +1566,7 @@ main(int argc, char **argv) } if (server_num == 0) { - server_host[server_num++] = NULL; + server_host[server_num++] = "0.0.0.0"; } if (server_num == 0 || server_port == NULL @@ -1725,7 +1725,7 @@ main(int argc, char **argv) if (host && strcmp(host, ":") > 0) LOGI("tcp server listening at [%s]:%s", host, server_port); else - LOGI("tcp server listening at %s:%s", host ? host : "*", server_port); + LOGI("tcp server listening at %s:%s", host ? host : "0.0.0.0", server_port); if (plugin != NULL) break; } @@ -1743,7 +1743,7 @@ main(int argc, char **argv) if (host && strcmp(host, ":") > 0) LOGI("udp server listening at [%s]:%s", host, port); else - LOGI("udp server listening at %s:%s", host ? host : "*", port); + LOGI("udp server listening at %s:%s", host ? host : "0.0.0.0", port); } } From 5b9d7ccce5dfb8884951f6e0504312aab04d65ba Mon Sep 17 00:00:00 2001 From: hang Date: Fri, 3 Mar 2017 19:23:37 +0800 Subject: [PATCH 41/62] add Linux build dependencies: libsodium-dev --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f3afe183..ca6fba76 100644 --- a/README.md +++ b/README.md @@ -246,7 +246,7 @@ e.g. Ubuntu, Debian or Linux Mint, you might install build dependencies like thi ```bash # Debian / Ubuntu -sudo apt-get install --no-install-recommends gettext build-essential autoconf libtool libpcre3-dev asciidoc xmlto libev-dev libudns-dev automake libmbedtls-dev +sudo apt-get install --no-install-recommends gettext build-essential autoconf libtool libpcre3-dev asciidoc xmlto libev-dev libudns-dev automake libmbedtls-dev libsodium-dev # CentOS / Fedora / RHEL sudo yum install gettext gcc autoconf libtool automake make asciidoc xmlto udns-devel libev-devel # Arch From 05f97abbb23a3b7f54ff4c242621fa16577a126e Mon Sep 17 00:00:00 2001 From: Max Lv Date: Sun, 5 Mar 2017 15:58:59 +0800 Subject: [PATCH 42/62] Don't apply ACL on DNS port on Android --- src/local.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/local.c b/src/local.c index 76076354..53888f3e 100644 --- a/src/local.c +++ b/src/local.c @@ -660,7 +660,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents) LOGI("connect to [%s]:%s", ip, port); } - if (acl) { + if (acl && !(vpn && strcmp(port, "53") == 0)) { int host_match = acl_match_host(host); int bypass = 0; if (host_match > 0) From 1af0625d017ac60e104554a670436649846d4dae Mon Sep 17 00:00:00 2001 From: Max Lv Date: Sun, 5 Mar 2017 16:07:10 +0800 Subject: [PATCH 43/62] Fix a building issue --- src/local.c | 6 +++++- src/utils.c | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/local.c b/src/local.c index 53888f3e..8fbca925 100644 --- a/src/local.c +++ b/src/local.c @@ -660,7 +660,11 @@ server_recv_cb(EV_P_ ev_io *w, int revents) LOGI("connect to [%s]:%s", ip, port); } - if (acl && !(vpn && strcmp(port, "53") == 0)) { + if (acl +#ifdef ANDROID + && !(vpn && strcmp(port, "53") == 0) +#endif + ) { int host_match = acl_match_host(host); int bypass = 0; if (host_match > 0) diff --git a/src/utils.c b/src/utils.c index 5ebd3672..784c7b53 100644 --- a/src/utils.c +++ b/src/utils.c @@ -233,7 +233,7 @@ void * ss_align(size_t size) { int err; - void *tmp; + void *tmp = NULL; #ifdef HAVE_POSIX_MEMALIGN err = posix_memalign(&tmp, sizeof(void *), size); #else From 91fc89af884dbddb19f6d614f9901df5f0b5a011 Mon Sep 17 00:00:00 2001 From: Heiybb Date: Sun, 5 Mar 2017 11:49:20 -0600 Subject: [PATCH 44/62] Update README.md Add manager option --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ca6fba76..7e62b2bc 100644 --- a/README.md +++ b/README.md @@ -304,7 +304,7 @@ For a detailed and complete list of all supported arguments, you may refer to th man pages of the applications, respectively. ``` - ss-[local|redir|server|tunnel] +    ss-[local|redir|server|tunnel|manager] -s host name or ip address of your remote server From 3041a87a2f73897274f6543735b9ec29d5da726c Mon Sep 17 00:00:00 2001 From: Max Lv Date: Tue, 7 Mar 2017 10:33:49 +0800 Subject: [PATCH 45/62] Fix #1334 --- src/udprelay.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/udprelay.c b/src/udprelay.c index 3f64558f..98334f11 100644 --- a/src/udprelay.c +++ b/src/udprelay.c @@ -459,13 +459,14 @@ create_server_socket(const char *host, const char *port) close(server_sock); } + if (result) + freeaddrinfo(result); + if (rp == NULL) { LOGE("[udp] cannot bind"); return -1; } - freeaddrinfo(result); - return server_sock; } From b25c0718225916574bbfa26db15a5e9093f69cd6 Mon Sep 17 00:00:00 2001 From: Max Lv Date: Tue, 7 Mar 2017 10:56:48 +0800 Subject: [PATCH 46/62] Refine the error handling --- src/udprelay.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/udprelay.c b/src/udprelay.c index 98334f11..781fbc14 100644 --- a/src/udprelay.c +++ b/src/udprelay.c @@ -391,6 +391,11 @@ create_server_socket(const char *host, const char *port) rp = result; + if (rp == NULL) { + LOGE("[udp] cannot bind"); + return -1; + } + /* * On Linux, with net.ipv6.bindv6only = 0 (the default), getaddrinfo(NULL) with * AI_PASSIVE returns 0.0.0.0 and :: (in this order). AI_PASSIVE was meant to @@ -459,13 +464,7 @@ create_server_socket(const char *host, const char *port) close(server_sock); } - if (result) - freeaddrinfo(result); - - if (rp == NULL) { - LOGE("[udp] cannot bind"); - return -1; - } + freeaddrinfo(result); return server_sock; } From 1af027270297c29579151df2fc326b3a205e27f9 Mon Sep 17 00:00:00 2001 From: Max Lv Date: Tue, 7 Mar 2017 12:05:07 +0800 Subject: [PATCH 47/62] Refine port binding --- src/local.c | 13 ++++++++----- src/redir.c | 13 ++++++++----- src/server.c | 13 ++++++++----- src/tunnel.c | 13 ++++++++----- src/udprelay.c | 7 ++++--- 5 files changed, 36 insertions(+), 23 deletions(-) diff --git a/src/local.c b/src/local.c index 8fbca925..0553e710 100644 --- a/src/local.c +++ b/src/local.c @@ -156,13 +156,20 @@ create_and_bind(const char *addr, const char *port) memset(&hints, 0, sizeof(struct addrinfo)); hints.ai_family = AF_UNSPEC; /* Return IPv4 and IPv6 choices */ hints.ai_socktype = SOCK_STREAM; /* We want a TCP socket */ + result = NULL; s = getaddrinfo(addr, port, &hints, &result); + if (s != 0) { LOGI("getaddrinfo: %s", gai_strerror(s)); return -1; } + if (result == NULL) { + LOGE("Could not bind"); + return -1; + } + for (rp = result; rp != NULL; rp = rp->ai_next) { listen_sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); if (listen_sock == -1) { @@ -190,11 +197,7 @@ create_and_bind(const char *addr, const char *port) } close(listen_sock); - } - - if (rp == NULL) { - LOGE("Could not bind"); - return -1; + listen_sock = -1; } freeaddrinfo(result); diff --git a/src/redir.c b/src/redir.c index 35b29116..2a97d324 100644 --- a/src/redir.c +++ b/src/redir.c @@ -140,12 +140,19 @@ create_and_bind(const char *addr, const char *port) hints.ai_family = AF_UNSPEC; /* Return IPv4 and IPv6 choices */ hints.ai_socktype = SOCK_STREAM; /* We want a TCP socket */ + result = NULL; + s = getaddrinfo(addr, port, &hints, &result); if (s != 0) { LOGI("getaddrinfo: %s", gai_strerror(s)); return -1; } + if (result == NULL) { + LOGE("Could not bind"); + return -1; + } + for (rp = result; rp != NULL; rp = rp->ai_next) { listen_sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); if (listen_sock == -1) { @@ -173,11 +180,7 @@ create_and_bind(const char *addr, const char *port) } close(listen_sock); - } - - if (rp == NULL) { - LOGE("Could not bind"); - return -1; + listen_sock = -1; } freeaddrinfo(result); diff --git a/src/server.c b/src/server.c index 59659a84..23c5bb9d 100644 --- a/src/server.c +++ b/src/server.c @@ -328,6 +328,8 @@ create_and_bind(const char *host, const char *port, int mptcp) hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG; /* For wildcard IP address */ hints.ai_protocol = IPPROTO_TCP; + result = NULL; + for (int i = 1; i < 8; i++) { s = getaddrinfo(host, port, &hints, &result); if (s == 0) { @@ -343,6 +345,11 @@ create_and_bind(const char *host, const char *port, int mptcp) return -1; } + if (result == NULL) { + LOGE("Could not bind"); + return -1; + } + rp = result; /* @@ -410,11 +417,7 @@ create_and_bind(const char *host, const char *port, int mptcp) } close(listen_sock); - } - - if (rp == NULL) { - LOGE("Could not bind"); - return -1; + listen_sock = -1; } freeaddrinfo(result); diff --git a/src/tunnel.c b/src/tunnel.c index 9c792f84..40d8047b 100644 --- a/src/tunnel.c +++ b/src/tunnel.c @@ -121,12 +121,19 @@ create_and_bind(const char *addr, const char *port) hints.ai_family = AF_UNSPEC; /* Return IPv4 and IPv6 choices */ hints.ai_socktype = SOCK_STREAM; /* We want a TCP socket */ + result = NULL; + s = getaddrinfo(addr, port, &hints, &result); if (s != 0) { LOGI("getaddrinfo: %s", gai_strerror(s)); return -1; } + if (result == NULL) { + LOGE("Could not bind"); + return -1; + } + for (rp = result; rp != NULL; rp = rp->ai_next) { listen_sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); if (listen_sock == -1) { @@ -154,11 +161,7 @@ create_and_bind(const char *addr, const char *port) } close(listen_sock); - } - - if (rp == NULL) { - LOGE("Could not bind"); - return -1; + listen_sock = -1; } freeaddrinfo(result); diff --git a/src/udprelay.c b/src/udprelay.c index 781fbc14..3c26eda4 100644 --- a/src/udprelay.c +++ b/src/udprelay.c @@ -389,13 +389,13 @@ create_server_socket(const char *host, const char *port) return -1; } - rp = result; - - if (rp == NULL) { + if (result == NULL) { LOGE("[udp] cannot bind"); return -1; } + rp = result; + /* * On Linux, with net.ipv6.bindv6only = 0 (the default), getaddrinfo(NULL) with * AI_PASSIVE returns 0.0.0.0 and :: (in this order). AI_PASSIVE was meant to @@ -462,6 +462,7 @@ create_server_socket(const char *host, const char *port) } close(server_sock); + server_sock = -1; } freeaddrinfo(result); From 9a98c805bae322e29ccf619f3a6a87e295521b11 Mon Sep 17 00:00:00 2001 From: Patrick Li Date: Tue, 7 Mar 2017 21:22:15 +1300 Subject: [PATCH 48/62] Allow the use of pwgen to generate passwords --- debian/control | 2 +- debian/shadowsocks-libev.postinst | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index a3e3efcc..7686e2ff 100644 --- a/debian/control +++ b/debian/control @@ -23,7 +23,7 @@ Replaces: shadowsocks (<< 1.5.3-2) Breaks: shadowsocks (<< 1.5.3-2) Architecture: any Depends: - apg, + apg | pwgen, libcap2-bin [linux-any], lsb-base (>= 3.0-6), ${misc:Depends}, diff --git a/debian/shadowsocks-libev.postinst b/debian/shadowsocks-libev.postinst index 23461cbd..f66eee0c 100755 --- a/debian/shadowsocks-libev.postinst +++ b/debian/shadowsocks-libev.postinst @@ -26,7 +26,12 @@ case "$1" in cap_net_bind_service+ep /usr/bin/ss-server \ cap_net_bind_service+ep /usr/bin/ss-tunnel if [ ! -f /etc/shadowsocks-libev/config.json ]; then - passwd=$(apg -n 1 -M ncl) + pathfind apg + if [ $? -eq 0 ]; then + passwd=$(apg -n 1 -M ncl) + else + passwd=$(pwgen 12 1) + fi mkdir -p /etc/shadowsocks-libev sed "s/barfoo!/$passwd/" /usr/share/shadowsocks-libev/config.json \ > /etc/shadowsocks-libev/config.json From e636e81d9f85b3868bd65005a174c82164808116 Mon Sep 17 00:00:00 2001 From: Sebastien DUPONCHEEL Date: Fri, 3 Mar 2017 15:04:19 +0100 Subject: [PATCH 49/62] ss-server: allows you to set a TOS/DSCP value to the outgoing ciphered connection to the client from a netfilter mark setted on the (re)comming connection from the outside world. --- src/server.c | 113 +++++++++++++++++++++++++++++++++++++++++++++++++++ src/server.h | 17 ++++++++ 2 files changed, 130 insertions(+) diff --git a/src/server.c b/src/server.c index 23c5bb9d..6310084c 100644 --- a/src/server.c +++ b/src/server.c @@ -78,6 +78,18 @@ #define MAX_FRAG 1 #endif +#ifdef USE_NFCONNTRACK_TOS + +#ifndef MARK_MAX_PACKET +#define MARK_MAX_PACKET 10 +#endif + +#ifndef MARK_MASK_PREFIX +#define MARK_MASK_PREFIX 0xDC00 +#endif + +#endif + static void signal_cb(EV_P_ ev_signal *w, int revents); static void accept_cb(EV_P_ ev_io *w, int revents); static void server_send_cb(EV_P_ ev_io *w, int revents); @@ -551,6 +563,93 @@ connect_to_remote(EV_P_ struct addrinfo *res, return remote; } +#ifdef USE_NFCONNTRACK_TOS +int setMarkDscpCallback(enum nf_conntrack_msg_type type, struct nf_conntrack *ct, void *data) +{ + server_t* server = (server_t*) data; + struct dscptracker* tracker = server->tracker; + + tracker->mark = nfct_get_attr_u32(ct, ATTR_MARK); + if ((tracker->mark & 0xff00) == MARK_MASK_PREFIX) { + // Extract DSCP value from mark value + tracker->dscp = tracker->mark & 0x00ff; + int tos = (tracker->dscp) << 2; + if (setsockopt(server->fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) != 0) { + ERROR("iptable setsockopt IP_TOS"); + }; + } + return NFCT_CB_CONTINUE; +} + +void conntrackQuery(server_t* server) { + struct dscptracker* tracker = server->tracker; + if(tracker && tracker->ct) { + // Trying query mark from nf conntrack + struct nfct_handle *h = nfct_open(CONNTRACK, 0); + if (h) { + nfct_callback_register(h, NFCT_T_ALL, setMarkDscpCallback, (void*) server); + int x = nfct_query(h, NFCT_Q_GET, tracker->ct); + if (x == -1) { + LOGE("QOS: Failed to retrieve connection mark %s", strerror(errno)); + } + nfct_close(h); + } else { + LOGE("QOS: Failed to open conntrack handle for upstream netfilter mark retrieval."); + } + } +} + +void setTosFromConnmark(remote_t* remote, server_t* server) +{ + if(server->tracker && server->tracker->ct) { + if(server->tracker->mark == 0 && server->tracker->packet_count < MARK_MAX_PACKET) { + server->tracker->packet_count++; + conntrackQuery(server); + } + } else { + socklen_t len; + struct sockaddr_storage sin; + len = sizeof(sin); + if (getsockname(remote->fd, (struct sockaddr *)&sin, &len) == 0) { + struct sockaddr_storage from_addr; + len = sizeof from_addr; + if(getpeername(remote->fd, (struct sockaddr*)&from_addr, &len) == 0) { + if((server->tracker = (struct dscptracker*) malloc(sizeof(struct dscptracker)))) + { + if ((server->tracker->ct = nfct_new())) { + // Build conntrack query SELECT + if (from_addr.ss_family == AF_INET) { + struct sockaddr_in *src = (struct sockaddr_in *)&from_addr; + struct sockaddr_in *dst = (struct sockaddr_in *)&sin; + + nfct_set_attr_u8(server->tracker->ct, ATTR_L3PROTO, AF_INET); + nfct_set_attr_u32(server->tracker->ct, ATTR_IPV4_DST, dst->sin_addr.s_addr); + nfct_set_attr_u32(server->tracker->ct, ATTR_IPV4_SRC, src->sin_addr.s_addr); + nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_DST, dst->sin_port); + nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_SRC, src->sin_port); + } else if (from_addr.ss_family == AF_INET6) { + struct sockaddr_in6 *src = (struct sockaddr_in6 *)&from_addr; + struct sockaddr_in6 *dst = (struct sockaddr_in6 *)&sin; + + nfct_set_attr_u8(server->tracker->ct, ATTR_L3PROTO, AF_INET6); + nfct_set_attr(server->tracker->ct, ATTR_IPV6_DST, dst->sin6_addr.s6_addr); + nfct_set_attr(server->tracker->ct, ATTR_IPV6_SRC, src->sin6_addr.s6_addr); + nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_DST, dst->sin6_port); + nfct_set_attr_u16(server->tracker->ct, ATTR_PORT_SRC, src->sin6_port); + } + nfct_set_attr_u8(server->tracker->ct, ATTR_L4PROTO, IPPROTO_TCP); + conntrackQuery(server); + } else { + LOGE("Failed to allocate new conntrack for upstream netfilter mark retrieval."); + server->tracker->ct=NULL; + }; + } + } + } + } +} +#endif + static void server_recv_cb(EV_P_ ev_io *w, int revents) { @@ -1004,6 +1103,9 @@ remote_recv_cb(EV_P_ ev_io *w, int revents) return; } +#ifdef USE_NFCONNTRACK_TOS + setTosFromConnmark(remote, server); +#endif int s = send(server->fd, server->buf->data, server->buf->len, 0); if (s == -1) { @@ -1232,6 +1334,17 @@ new_server(int fd, listen_ctx_t *listener) static void free_server(server_t *server) { +#ifdef USE_NFCONNTRACK_TOS + if(server->tracker) { + struct dscptracker* tracker = server->tracker; + struct nf_conntrack* ct = server->tracker->ct; + server->tracker = NULL; + if (ct) { + nfct_destroy(ct); + } + free(tracker); + }; +#endif cork_dllist_remove(&server->entries); if (server->remote != NULL) { diff --git a/src/server.h b/src/server.h index a1d74995..90cf051d 100644 --- a/src/server.h +++ b/src/server.h @@ -53,6 +53,20 @@ typedef struct server_ctx { struct server *server; } server_ctx_t; +#ifdef USE_NFCONNTRACK_TOS + +#include +#include + +struct dscptracker { + struct nf_conntrack *ct; + long unsigned int mark; + unsigned int dscp; + unsigned int packet_count; +}; + +#endif + typedef struct server { int fd; int stage; @@ -70,6 +84,9 @@ typedef struct server { struct ResolvQuery *query; struct cork_dllist_item entries; +#ifdef USE_NFCONNTRACK_TOS + struct dscptracker* tracker; +#endif } server_t; typedef struct query { From 8d2918b5cb15e573c386878886f9146d87c751cb Mon Sep 17 00:00:00 2001 From: Sebastien DUPONCHEEL Date: Fri, 3 Mar 2017 19:52:26 +0100 Subject: [PATCH 50/62] ss-server: append --enable-connmarktos option to configure and check for libnetfilter-conntrack dependency if enabled --- configure.ac | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/configure.ac b/configure.ac index d4dfd434..92b567d1 100755 --- a/configure.ac +++ b/configure.ac @@ -242,4 +242,35 @@ AM_COND_IF([ENABLE_DOCUMENTATION], [AC_CONFIG_FILES([doc/Makefile]) ]) +AC_ARG_ENABLE(connmarktos, +[AS_HELP_STRING(--enable-connmarktos, Enable saved connmark to IP TOS QoS feature)], +[ + enable_connmarktos="yes" +], +[ + enable_connmarktos="no" +]) + +if test x"$enable_connmarktos" = "xyes" ; then + AC_MSG_NOTICE([Linux Netfilter Conntrack support requested by --enable-connmarktos: ${enable_connmarktos}]) + if test "x$enable_connmarktos" != "xno"; then + AC_SEARCH_LIBS([nfct_query], [netfilter_conntrack],,[ + if test x"$enable_connmarktos" = "xyes"; then + AC_MSG_ERROR([--enable-connmarktos specified but libnetfilter-conntrack library not found]) + fi + with_netfilter_conntrack=no]) + AC_CHECK_HEADERS([libnetfilter_conntrack/libnetfilter_conntrack.h \ + libnetfilter_conntrack/libnetfilter_conntrack_tcp.h],,[ + if test x"$enable_connmarktos" = "xyes"; then + AC_MSG_ERROR([--enable-connmarktos specified but libnetfilter-conntrack headers not found]) + fi + with_netfilter_conntrack=no]) + # If nothing is broken; enable the libraries usage. + if test "x$with_netfilter_conntrack" != "xno"; then + with_netfilter_conntrack=yes + AC_DEFINE(USE_NFCONNTRACK_TOS, 1, [Enable support for QOS netfilter mark preservation]) + fi + fi +fi + AC_OUTPUT From 51afa5e548bbc20801827bfaefb0b34dcdb99405 Mon Sep 17 00:00:00 2001 From: Martin Wetterwald Date: Fri, 3 Mar 2017 17:28:42 +0100 Subject: [PATCH 51/62] ss-redir: allow you to define additionals listenings ports to set a TOS/DSCP on the outgoings ciphered connections --- src/jconf.c | 52 +++++++++++++++++++++++++++++++ src/jconf.h | 17 ++++++++++ src/redir.c | 90 ++++++++++++++++++++++++++++++++++------------------- src/redir.h | 1 + 4 files changed, 128 insertions(+), 32 deletions(-) diff --git a/src/jconf.c b/src/jconf.c index f9690826..43716a36 100644 --- a/src/jconf.c +++ b/src/jconf.c @@ -109,6 +109,41 @@ parse_addr(const char *str_in, ss_addr_t *addr) free(str); } +static int +parse_dscp(char *str) +{ + size_t str_len = strlen(str); + + // Pre-defined values (EF, CSx, AFxy) + if (str_len == 2 && strcasecmp(str, "EF") == 0) { + return DSCP_EF; + } + + if (str_len == DSCP_CS_LEN && strncasecmp(str, "CS", 2) == 0) { + if (str[2] >= '0' && str[2] <= '7') { + // CSx = 8x + return (str[2] - '0') << 3; + } + } + + if (str_len == DSCP_AF_LEN && strncasecmp(str, "AF", 2) == 0) { + if (str[2] >= '1' && str[2] <= '4' && str[3] >= '1' && str[3] <= '3') { + // AFxy = 8x + 2y + return ((str[2] - '0') << 3) | ((str[3] - '0') << 1); + } + } + + // Manual hexadecimal mode (0xYZ) + char *endptr; + int dscp = (int)strtol(str, &endptr, 0); + if (*endptr == '\0' && dscp >= DSCP_MIN && dscp <= DSCP_MAX) { + return dscp; + } + + LOGE("Invalid DSCP value (%s)", str); + return DSCP_DEFAULT; +} + jconf_t * read_jconf(const char *file) { @@ -230,6 +265,23 @@ read_jconf(const char *file) conf.nofile = value->u.integer; } else if (strcmp(name, "nameserver") == 0) { conf.nameserver = to_string(value); + } else if (strcmp(name, "dscp") == 0) { + if (value->type == json_object) { + for (j = 0; j < value->u.object.length; j++) { + if (j >= MAX_DSCP_NUM) { + break; + } + json_value *v = value->u.object.values[j].value; + if (v->type == json_string) { + int dscp = parse_dscp(to_string(v)); + char *port = ss_strndup(value->u.object.values[j].name, + value->u.object.values[j].name_length); + conf.dscp[j].port = port; + conf.dscp[j].dscp = dscp; + conf.dscp_num = j + 1; + } + } + } } else if (strcmp(name, "tunnel_address") == 0) { conf.tunnel_address = to_string(value); } else if (strcmp(name, "mode") == 0) { diff --git a/src/jconf.h b/src/jconf.h index 891f6168..314d8236 100644 --- a/src/jconf.h +++ b/src/jconf.h @@ -24,12 +24,22 @@ #define MAX_PORT_NUM 1024 #define MAX_REMOTE_NUM 10 +#define MAX_DSCP_NUM 64 #define MAX_CONF_SIZE 128 * 1024 #define MAX_DNS_NUM 4 #define MAX_CONNECT_TIMEOUT 10 #define MAX_REQUEST_TIMEOUT 60 #define MIN_UDP_TIMEOUT 10 +#define DSCP_EF 0x2E +#define DSCP_MIN 0x0 +#define DSCP_MAX 0x3F +#define DSCP_DEFAULT 0x0 +#define DSCP_MIN_LEN 2 +#define DSCP_MAX_LEN 4 +#define DSCP_CS_LEN 3 +#define DSCP_AF_LEN 4 + #define TCP_ONLY 0 #define TCP_AND_UDP 1 #define UDP_ONLY 3 @@ -44,6 +54,11 @@ typedef struct { char *password; } ss_port_password_t; +typedef struct { + char *port; + int dscp; +} ss_dscp_t; + typedef struct { int remote_num; ss_addr_t remote_addr[MAX_REMOTE_NUM]; @@ -63,6 +78,8 @@ typedef struct { int reuse_port; int nofile; char *nameserver; + int dscp_num; + ss_dscp_t dscp[MAX_DSCP_NUM]; char *tunnel_address; int mode; int mtu; diff --git a/src/redir.c b/src/redir.c index 2a97d324..2a25cd35 100644 --- a/src/redir.c +++ b/src/redir.c @@ -786,6 +786,12 @@ accept_cb(EV_P_ ev_io *w, int revents) // Set non blocking setnonblocking(remotefd); + if (listener->tos >= 0) { + if (setsockopt(remotefd, IPPROTO_IP, IP_TOS, &listener->tos, sizeof(listener->tos)) != 0) { + ERROR("setsockopt IP_TOS"); + } + } + // Enable MPTCP if (listener->mptcp > 1) { int err = setsockopt(remotefd, SOL_TCP, listener->mptcp, &opt, sizeof(opt)); @@ -883,6 +889,9 @@ main(int argc, char **argv) ss_addr_t remote_addr[MAX_REMOTE_NUM]; char *remote_port = NULL; + int dscp_num = 0; + ss_dscp_t * dscp = NULL; + static struct option long_options[] = { { "fast-open", no_argument, NULL, GETOPT_VAL_FAST_OPEN }, { "mtu", required_argument, NULL, GETOPT_VAL_MTU }, @@ -1061,6 +1070,8 @@ main(int argc, char **argv) nofile = conf->nofile; } #endif + dscp_num = conf->dscp_num; + dscp = conf->dscp; } if (remote_num == 0 || remote_port == NULL || local_port == NULL @@ -1187,44 +1198,59 @@ main(int argc, char **argv) struct ev_loop *loop = EV_DEFAULT; - if (mode != UDP_ONLY) { - // Setup socket - int listenfd; - listenfd = create_and_bind(local_addr, local_port); - if (listenfd == -1) { - FATAL("bind() error"); - } - if (listen(listenfd, SOMAXCONN) == -1) { - FATAL("listen() error"); - } - setnonblocking(listenfd); + listen_ctx_t* listen_ctx_current = &listen_ctx; + do { + if (mode != UDP_ONLY) { + // Setup socket + int listenfd; + listenfd = create_and_bind(local_addr, local_port); + if (listenfd == -1) { + FATAL("bind() error"); + } + if (listen(listenfd, SOMAXCONN) == -1) { + FATAL("listen() error"); + } + setnonblocking(listenfd); - listen_ctx.fd = listenfd; + listen_ctx_current->fd = listenfd; - ev_io_init(&listen_ctx.io, accept_cb, listenfd, EV_READ); - ev_io_start(loop, &listen_ctx.io); - } + ev_io_init(&listen_ctx_current->io, accept_cb, listenfd, EV_READ); + ev_io_start(loop, &listen_ctx_current->io); + } - // Setup UDP - if (mode != TCP_ONLY) { - LOGI("UDP relay enabled"); - char *host = remote_addr[0].host; - char *port = remote_addr[0].port == NULL ? remote_port : remote_addr[0].port; - struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage)); - memset(storage, 0, sizeof(struct sockaddr_storage)); - if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) { - FATAL("failed to resolve the provided hostname"); + // Setup UDP + if (mode != TCP_ONLY) { + LOGI("UDP relay enabled"); + char *host = remote_addr[0].host; + char *port = remote_addr[0].port == NULL ? remote_port : remote_addr[0].port; + struct sockaddr_storage *storage = ss_malloc(sizeof(struct sockaddr_storage)); + memset(storage, 0, sizeof(struct sockaddr_storage)); + if (get_sockaddr(host, port, storage, 1, ipv6first) == -1) { + FATAL("failed to resolve the provided hostname"); + } + struct sockaddr *addr = (struct sockaddr *)storage; + init_udprelay(local_addr, local_port, addr, + get_sockaddr_len(addr), mtu, crypto, listen_ctx_current->timeout, NULL); } - struct sockaddr *addr = (struct sockaddr *)storage; - init_udprelay(local_addr, local_port, addr, - get_sockaddr_len(addr), mtu, crypto, listen_ctx.timeout, NULL); - } - if (mode == UDP_ONLY) { - LOGI("TCP relay disabled"); - } + if (mode == UDP_ONLY) { + LOGI("TCP relay disabled"); + } - LOGI("listening at %s:%s", local_addr, local_port); + if(listen_ctx_current->tos) { + LOGI("listening at %s:%s (TOS/DSCP 0x%x)", local_addr, local_port, listen_ctx_current->tos); + } else { + LOGI("listening at %s:%s", local_addr, local_port); + } + + // Handle additionals TOS/DSCP listening ports + if (dscp_num > 0) { + listen_ctx_current = (listen_ctx_t*) malloc(sizeof(listen_ctx_t)); + listen_ctx_current = memcpy(listen_ctx_current, &listen_ctx, sizeof(listen_ctx_t)); + local_port = dscp[dscp_num-1].port; + listen_ctx_current->tos = dscp[dscp_num-1].dscp; + } + } while (dscp_num-- > 0); // setuid if (user != NULL && !run_as(user)) { diff --git a/src/redir.h b/src/redir.h index 697b5405..d9d59177 100644 --- a/src/redir.h +++ b/src/redir.h @@ -37,6 +37,7 @@ typedef struct listen_ctx { int timeout; int fd; int mptcp; + int tos; struct sockaddr **remote_addr; } listen_ctx_t; From 1c67496a1c7f0f99909477030b2d4ea74d72a5b8 Mon Sep 17 00:00:00 2001 From: lqs Date: Wed, 8 Mar 2017 21:24:14 +0800 Subject: [PATCH 52/62] fix bugs --- src/redir.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/redir.c b/src/redir.c index 2a25cd35..86958885 100644 --- a/src/redir.c +++ b/src/redir.c @@ -566,12 +566,12 @@ remote_send_cb(EV_P_ ev_io *w, int revents) || errno == EWOULDBLOCK) { ev_io_start(EV_A_ & remote_send_ctx->io); ev_timer_start(EV_A_ & remote_send_ctx->watcher); - return; } else { ERROR("connect"); close_and_free_remote(EV_A_ remote); close_and_free_server(EV_A_ server); } + return; } } else { s = send(remote->fd, remote->buf->data + remote->buf->idx, @@ -590,6 +590,7 @@ remote_send_cb(EV_P_ ev_io *w, int revents) // partly sent, move memory, wait for the next time to send remote->buf->len -= s; remote->buf->idx += s; + ev_io_start(EV_A_ & remote_send_ctx->io); return; } else { // all sent out, wait for reading From a10e92ea22661297223451e42ceb6c419b8604ef Mon Sep 17 00:00:00 2001 From: Max Lv Date: Thu, 9 Mar 2017 11:15:36 +0800 Subject: [PATCH 53/62] Refine assertion --- src/aead.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aead.c b/src/aead.c index d32665e2..d49b349d 100644 --- a/src/aead.c +++ b/src/aead.c @@ -477,7 +477,7 @@ aead_chunk_encrypt(cipher_ctx_t *ctx, uint8_t *p, uint8_t *c, size_t nlen = ctx->cipher->nonce_len; size_t tlen = ctx->cipher->tag_len; - assert(plen + tlen < CHUNK_SIZE_MASK); + assert(plen <= CHUNK_SIZE_MASK); int err; size_t clen; From 172b43074071fd1d134de6d36653518c4e487a34 Mon Sep 17 00:00:00 2001 From: zhou0 Date: Tue, 7 Mar 2017 20:16:04 +0800 Subject: [PATCH 54/62] remove AC_PROG_LIBTOOL with LT_INIT, AC_PROG_LIBTOOL is not needed. --- configure.ac | 1 - 1 file changed, 1 deletion(-) diff --git a/configure.ac b/configure.ac index 92b567d1..f8cc986d 100755 --- a/configure.ac +++ b/configure.ac @@ -59,7 +59,6 @@ AC_PROG_CC AM_PROG_CC_C_O AC_PROG_INSTALL AC_PROG_LN_S -AC_PROG_LIBTOOL AC_PROG_MAKE_SET AC_LANG_SOURCE From 13842ea56627af51030c489105cd8c095d325a65 Mon Sep 17 00:00:00 2001 From: zhou0 Date: Wed, 8 Mar 2017 00:54:20 +0800 Subject: [PATCH 55/62] fix wrong version_info --- src/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Makefile.am b/src/Makefile.am index 4d383186..c83f3881 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,4 +1,4 @@ -VERSION_INFO = 2:0:0 +VERSION_INFO = 3:0:3 AM_CFLAGS = -g -O2 -Wall -Werror -Wno-deprecated-declarations -fno-strict-aliasing -std=gnu99 -D_GNU_SOURCE AM_CFLAGS += $(PTHREAD_CFLAGS) From 74167f3688317162f59326b01e83d1a205b4b304 Mon Sep 17 00:00:00 2001 From: zhou0 Date: Wed, 8 Mar 2017 14:30:30 +0800 Subject: [PATCH 56/62] restore version_info to 2.0.0 --- src/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Makefile.am b/src/Makefile.am index c83f3881..4d383186 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,4 +1,4 @@ -VERSION_INFO = 3:0:3 +VERSION_INFO = 2:0:0 AM_CFLAGS = -g -O2 -Wall -Werror -Wno-deprecated-declarations -fno-strict-aliasing -std=gnu99 -D_GNU_SOURCE AM_CFLAGS += $(PTHREAD_CFLAGS) From abba443ca5a8ad3042d63e103cdf043a763b018a Mon Sep 17 00:00:00 2001 From: Rick Lei Date: Thu, 9 Mar 2017 12:21:31 +0800 Subject: [PATCH 57/62] Turn off errexit option when detecting the apg command Commit https://github.com/shadowsocks/shadowsocks-libev/commit/f32ac38c2f7aab09ec25131209954957518de42a allows to use pwgen to generate the initial password at the first installation. However it won't work when apg isn't installed because: * the postinst script has errexit option set ("set -e") * at the first installation of ss-libev, apg or pwgen will be called to generate the initial password in config.json * when apg isn't installed, "pathfind apg" would return 1 * and the postinst script will immediately exit due to "set -e" This commit temporarily turn off the errexit option for pathfind() --- debian/shadowsocks-libev.postinst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/shadowsocks-libev.postinst b/debian/shadowsocks-libev.postinst index f66eee0c..d6051d3d 100755 --- a/debian/shadowsocks-libev.postinst +++ b/debian/shadowsocks-libev.postinst @@ -26,12 +26,14 @@ case "$1" in cap_net_bind_service+ep /usr/bin/ss-server \ cap_net_bind_service+ep /usr/bin/ss-tunnel if [ ! -f /etc/shadowsocks-libev/config.json ]; then + set +e pathfind apg if [ $? -eq 0 ]; then passwd=$(apg -n 1 -M ncl) else passwd=$(pwgen 12 1) fi + set -e mkdir -p /etc/shadowsocks-libev sed "s/barfoo!/$passwd/" /usr/share/shadowsocks-libev/config.json \ > /etc/shadowsocks-libev/config.json From 3b9ac7e81e97fb24eb9bd5dd2e6d12dec4eb477b Mon Sep 17 00:00:00 2001 From: Felix Yan Date: Thu, 9 Mar 2017 12:40:36 +0800 Subject: [PATCH 58/62] Use system libbloom on USE_SYSTEM_SHARED_LIB --- Makefile.am | 2 +- configure.ac | 9 ++++----- src/Makefile.am | 8 ++++---- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/Makefile.am b/Makefile.am index dc6ad6b5..12a0b0bd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,5 @@ if USE_SYSTEM_SHARED_LIB -SUBDIRS = src libbloom +SUBDIRS = src else SUBDIRS = libcork libipset libbloom src endif diff --git a/configure.ac b/configure.ac index f8cc986d..03572329 100755 --- a/configure.ac +++ b/configure.ac @@ -46,9 +46,9 @@ AM_CONDITIONAL([ENABLE_DOCUMENTATION], [test x$disable_documentation = xfalse]) AM_COND_IF([ENABLE_DOCUMENTATION], [ AC_PATH_PROG([ASCIIDOC], [asciidoc]) - test x"${ASCIIDOC}" != x || AC_MSG_ERROR([Cannot find `asciidoc` in PATH.]) + test x"${ASCIIDOC}" != x || AC_MSG_ERROR([Cannot find `asciidoc` in PATH.]) AC_PATH_PROG([XMLTO], [xmlto]) - test x"$XMLTO" != x || AC_MSG_ERROR([Cannot find `xmlto` in PATH.]) + test x"$XMLTO" != x || AC_MSG_ERROR([Cannot find `xmlto` in PATH.]) AC_PATH_PROG([GZIP], [gzip], [gzip]) AC_PATH_PROG([MV], [mv], [mv]) AC_PROG_SED @@ -230,12 +230,11 @@ AC_CHECK_LIB([ev], [ev_loop_destroy], [LIBS="-lev $LIBS"], [AC_MSG_ERROR([Couldn AC_CONFIG_FILES([shadowsocks-libev.pc Makefile - src/Makefile - libbloom/Makefile]) + src/Makefile]) AM_COND_IF([USE_SYSTEM_SHARED_LIB], [AC_DEFINE([USE_SYSTEM_SHARED_LIB], [1], [Define if use system shared lib.])], - [AC_CONFIG_FILES([libcork/Makefile libipset/Makefile])]) + [AC_CONFIG_FILES([libbloom/Makefile libcork/Makefile libipset/Makefile])]) AM_COND_IF([ENABLE_DOCUMENTATION], [AC_CONFIG_FILES([doc/Makefile]) diff --git a/src/Makefile.am b/src/Makefile.am index 4d383186..1b77974b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -2,20 +2,20 @@ VERSION_INFO = 2:0:0 AM_CFLAGS = -g -O2 -Wall -Werror -Wno-deprecated-declarations -fno-strict-aliasing -std=gnu99 -D_GNU_SOURCE AM_CFLAGS += $(PTHREAD_CFLAGS) -AM_CFLAGS += -I$(top_srcdir)/libbloom if !USE_SYSTEM_SHARED_LIB +AM_CFLAGS += -I$(top_srcdir)/libbloom AM_CFLAGS += -I$(top_srcdir)/libipset/include AM_CFLAGS += -I$(top_srcdir)/libcork/include endif AM_CFLAGS += $(LIBPCRE_CFLAGS) SS_COMMON_LIBS = $(INET_NTOP_LIB) $(LIBPCRE_LIBS) -SS_COMMON_LIBS += $(top_builddir)/libbloom/libbloom.la if !USE_SYSTEM_SHARED_LIB -SS_COMMON_LIBS += $(top_builddir)/libipset/libipset.la \ +SS_COMMON_LIBS += $(top_builddir)/libbloom/libbloom.la \ + $(top_builddir)/libipset/libipset.la \ $(top_builddir)/libcork/libcork.la else -SS_COMMON_LIBS += -lcork -lcorkipset +SS_COMMON_LIBS += -lbloom -lcork -lcorkipset endif SS_COMMON_LIBS += -lev -lsodium -lm From 88007b403e7d2225797720b7a29b571477db8277 Mon Sep 17 00:00:00 2001 From: Max Lv Date: Sat, 11 Mar 2017 09:21:28 +0800 Subject: [PATCH 59/62] Add delayed connecting in ss-tunnel --- src/tunnel.c | 53 +++++++++++++++++++++++++++++++++++++--------------- src/tunnel.h | 3 +++ 2 files changed, 41 insertions(+), 15 deletions(-) diff --git a/src/tunnel.c b/src/tunnel.c index 40d8047b..b40096dd 100644 --- a/src/tunnel.c +++ b/src/tunnel.c @@ -169,6 +169,17 @@ create_and_bind(const char *addr, const char *port) return listen_sock; } +static void +delayed_connect_cb(EV_P_ ev_timer *watcher, int revents) +{ + server_t *server = cork_container_of(watcher, server_t, + delayed_connect_watcher); + remote_t *remote = server->remote; + + if (server->abuf != NULL) + remote_send_cb(EV_A_ & remote->send_ctx->io, revents); +} + static void server_recv_cb(EV_P_ ev_io *w, int revents) { @@ -212,6 +223,14 @@ server_recv_cb(EV_P_ ev_io *w, int revents) return; } + if (server->abuf != NULL) { + ev_timer_stop(EV_A_ & server->delayed_connect_watcher); + bprepend(remote->buf, server->abuf, BUF_SIZE); + bfree(server->abuf); + ss_free(server->abuf); + server->abuf = NULL; + } + int s = send(remote->fd, remote->buf->data, remote->buf->len, 0); if (s == -1) { @@ -384,8 +403,8 @@ remote_send_cb(EV_P_ ev_io *w, int revents) ev_io_stop(EV_A_ & remote_send_ctx->io); ev_timer_stop(EV_A_ & remote_send_ctx->watcher); - buffer_t ss_addr_to_send; - buffer_t *abuf = &ss_addr_to_send; + server->abuf = (buffer_t *)ss_malloc(sizeof(buffer_t)); + buffer_t *abuf = server->abuf; balloc(abuf, BUF_SIZE); ss_addr_t *sa = &server->destaddr; @@ -442,17 +461,7 @@ remote_send_cb(EV_P_ ev_io *w, int revents) return; } - int s = send(remote->fd, abuf->data, abuf->len, 0); - - bfree(abuf); - - if (s < abuf->len) { - LOGE("failed to send addr"); - close_and_free_remote(EV_A_ remote); - close_and_free_server(EV_A_ server); - return; - } - + ev_timer_start(EV_A_ & server->delayed_connect_watcher); ev_io_start(EV_A_ & remote->recv_ctx->io); ev_io_start(EV_A_ & server->recv_ctx->io); @@ -465,15 +474,22 @@ remote_send_cb(EV_P_ ev_io *w, int revents) return; } } else { - if (remote->buf->len == 0) { + if (remote->buf->len == 0 && server->abuf->len == 0) { // close and free close_and_free_remote(EV_A_ remote); close_and_free_server(EV_A_ server); return; } else { // has data to send + if (server->abuf != NULL) { + assert(remote->buf->len == 0); + bprepend(remote->buf, server->abuf, BUF_SIZE); + bfree(server->abuf); + ss_free(server->abuf); + server->abuf = NULL; + } ssize_t s = send(remote->fd, remote->buf->data + remote->buf->idx, - remote->buf->len, 0); + remote->buf->len, 0); if (s == -1) { if (errno != EAGAIN && errno != EWOULDBLOCK) { ERROR("send"); @@ -577,6 +593,9 @@ new_server(int fd) ev_io_init(&server->recv_ctx->io, server_recv_cb, fd, EV_READ); ev_io_init(&server->send_ctx->io, server_send_cb, fd, EV_WRITE); + ev_timer_init(&server->delayed_connect_watcher, + delayed_connect_cb, 0.05, 0); + return server; } @@ -594,6 +613,10 @@ free_server(server_t *server) crypto->ctx_release(server->d_ctx); ss_free(server->d_ctx); } + if (server->abuf != NULL) { + bfree(server->abuf); + ss_free(server->abuf); + } if (server->buf != NULL) { bfree(server->buf); ss_free(server->buf); diff --git a/src/tunnel.h b/src/tunnel.h index 45f0cfd5..9cd86c21 100644 --- a/src/tunnel.h +++ b/src/tunnel.h @@ -55,12 +55,15 @@ typedef struct server { int fd; buffer_t *buf; + buffer_t *abuf; cipher_ctx_t *e_ctx; cipher_ctx_t *d_ctx; struct server_ctx *recv_ctx; struct server_ctx *send_ctx; struct remote *remote; ss_addr_t destaddr; + + ev_timer delayed_connect_watcher; } server_t; typedef struct remote_ctx { From 8fe8baf4e02612ace9ac6b269284c39e092e2da8 Mon Sep 17 00:00:00 2001 From: Roger Shimizu Date: Tue, 14 Mar 2017 00:49:47 +0900 Subject: [PATCH 60/62] Add kcptun package build support to build_deb.sh script Confirmed under xenial and jessie-backports. Other distro still need some work, but should be similar. --- scripts/build_deb.sh | 166 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 163 insertions(+), 3 deletions(-) diff --git a/scripts/build_deb.sh b/scripts/build_deb.sh index f2f1f6ac..2c686749 100755 --- a/scripts/build_deb.sh +++ b/scripts/build_deb.sh @@ -14,6 +14,7 @@ Usage: $(basename $0) [--help|-h] [lib|bin|all] --help|-h Show this usage. + kcp Build kcptun package (and its dependencies) only. lib Build library packages only. bin Build binary packages only. However, you need the libraries built previously, in current working directory. @@ -74,6 +75,18 @@ apt_clean() { sudo apt-get purge -y libcork-build-deps libcorkipset-build-deps \ libbloom-build-deps libsodium-build-deps mbedtls-build-deps sudo apt-get purge -y simple-obfs-build-deps shadowsocks-libev-build-deps + sudo apt-get purge -y dh-golang-build-deps golang-check.v1-build-deps \ + golang-github-golang-snappy-build-deps \ + golang-github-klauspost-reedsolomon-build-deps \ + golang-github-pkg-errors-build-deps golang-github-urfave-cli-build-deps \ + golang-github-xtaci-kcp-build-deps golang-github-xtaci-smux-build-deps \ + golang-toml-build-deps golang-yaml.v2-build-deps kcptun-build-deps + sudo apt-get purge -y dh-golang golang-github-pkg-errors-dev \ + golang-github-klauspost-reedsolomon-dev \ + golang-github-burntsushi-toml-dev golang-gopkg-check.v1-dev \ + golang-gopkg-yaml.v2-dev golang-github-urfave-cli-dev \ + golang-github-golang-snappy-dev golang-github-xtaci-kcp-dev \ + golang-github-xtaci-smux-dev sudo apt-get autoremove -y } @@ -84,9 +97,10 @@ gbp_build() { gbp clone --pristine-tar $REPO cd $PROJECT_NAME git checkout $BRANCH - mk-build-deps --root-cmd sudo --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" - rm ${PROJECT_NAME}-build-deps_*.deb - gbp buildpackage -us -uc --git-ignore-branch --git-pristine-tar + [ -n "$DEPS_BPO" ] && BPO_REPO="-t ${OSVER}-backports" + mk-build-deps --root-cmd sudo --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y $BPO_REPO" + rm -f ${PROJECT_NAME}-build-deps_*.deb + gbp buildpackage -us -uc --git-ignore-branch --git-pristine-tar --git-export-dir=../ git clean -fdx git reset --hard HEAD cd - @@ -122,6 +136,7 @@ dsc_build() { # Build and install libcork deb build_install_libcork() { +if [ $BUILD_LIB -eq 1 -o $BUILD_BIN -eq 1 ]; then BRANCH=$1 if [ $BUILD_LIB -eq 1 ]; then gbp_build https://github.com/rogers0/libcork $BRANCH @@ -130,10 +145,12 @@ build_install_libcork() { help_lib "libcork-dev libcork16" fi sudo dpkg -i libcork-dev_*.deb libcork16_*.deb +fi } # Build and install libcorkipset deb build_install_libcorkipset() { +if [ $BUILD_LIB -eq 1 -o $BUILD_BIN -eq 1 ]; then BRANCH=$1 if [ $BUILD_LIB -eq 1 ]; then gbp_build https://github.com/rogers0/libcorkipset $BRANCH @@ -142,10 +159,12 @@ build_install_libcorkipset() { help_lib "libcorkipset-dev libcorkipset1" fi sudo dpkg -i libcorkipset-dev_*.deb libcorkipset1_*.deb +fi } # Build libmbedtls deb build_install_libmbedtls() { +if [ $BUILD_LIB -eq 1 -o $BUILD_BIN -eq 1 ]; then BRANCH=$1 if [ $BUILD_LIB -eq 1 ]; then gbp_build https://anonscm.debian.org/git/collab-maint/mbedtls.git $BRANCH @@ -154,10 +173,12 @@ build_install_libmbedtls() { help_lib libmbedtls fi sudo dpkg -i libmbed*.deb +fi } # Build libsodium deb build_install_libsodium() { +if [ $BUILD_LIB -eq 1 -o $BUILD_BIN -eq 1 ]; then if [ $BUILD_LIB -eq 1 ]; then dsc_build http://httpredir.debian.org/debian/pool/main/libs/libsodium/libsodium_1.0.11-1~bpo8+1.dsc else @@ -165,10 +186,12 @@ build_install_libsodium() { help_lib libsodium fi sudo dpkg -i libsodium*.deb +fi } # Build libbloom deb build_install_libbloom() { +if [ $BUILD_LIB -eq 1 -o $BUILD_BIN -eq 1 ]; then BRANCH=$1 if [ $BUILD_LIB -eq 1 ]; then gbp_build https://github.com/rogers0/libbloom $BRANCH @@ -177,6 +200,7 @@ build_install_libbloom() { help_lib "libbloom-dev libbloom1" fi sudo dpkg -i libbloom-dev_*.deb libbloom1_*.deb +fi } # Add patch to work on system with debhelper 9 only @@ -215,10 +239,121 @@ if [ $BUILD_BIN -eq 1 ]; then fi } +# Build and install dh-golang deb +build_install_dhgolang() { +if [ $BUILD_KCP -eq 1 ]; then + BRANCH=$1 + gbp_build https://anonscm.debian.org/cgit/pkg-go/packages/dh-golang.git $BRANCH + sudo dpkg -i dh-golang_*.deb + sudo apt-get install -fy +fi +} + +# Build and install golang-github-klauspost-reedsolomon deb +build_install_reedsolomondev() { +if [ $BUILD_KCP -eq 1 ]; then + BRANCH=$1 + gbp_build https://anonscm.debian.org/git/pkg-go/packages/golang-github-klauspost-reedsolomon.git $BRANCH + sudo dpkg -i golang-github-klauspost-reedsolomon-dev_*.deb + sudo apt-get install -fy +fi +} + +# Build and install golang-github-pkg-errors deb +build_install_errorsdev() { +if [ $BUILD_KCP -eq 1 ]; then + BRANCH=$1 + gbp_build https://anonscm.debian.org/git/pkg-go/packages/golang-github-pkg-errors.git $BRANCH + sudo dpkg -i golang-github-pkg-errors-dev_*.deb + sudo apt-get install -fy +fi +} + +# Build and install golang-toml deb +build_install_tomldev() { +if [ $BUILD_KCP -eq 1 ]; then + BRANCH=$1 + gbp_build https://anonscm.debian.org/git/pkg-go/packages/golang-toml.git $BRANCH + sudo dpkg -i golang-github-burntsushi-toml-dev_*.deb + sudo apt-get install -fy +fi +} + +# Build and install golang-check.v1 deb +build_install_checkdev() { +if [ $BUILD_KCP -eq 1 ]; then + BRANCH=$1 + gbp_build https://anonscm.debian.org/git/pkg-go/packages/golang-check.v1.git $BRANCH + sudo dpkg -i golang-gopkg-check.v1-dev_*.deb + sudo apt-get install -fy +fi +} + +# Build and install golang-yaml.v2 deb +build_install_yamldev() { +if [ $BUILD_KCP -eq 1 ]; then + BRANCH=$1 + gbp_build https://anonscm.debian.org/git/pkg-go/packages/golang-yaml.v2.git $BRANCH + sudo dpkg -i golang-gopkg-yaml.v2-dev_*.deb + sudo apt-get install -fy +fi +} + +# Build and install golang-github-urfave-cli-dev deb +build_install_urfaveclidev() { +if [ $BUILD_KCP -eq 1 ]; then + BRANCH=$1 + gbp_build https://anonscm.debian.org/git/pkg-go/packages/golang-github-urfave-cli.git $BRANCH + sudo dpkg -i golang-github-urfave-cli-dev_*.deb + sudo apt-get install -fy +fi +} + +# Build and install golang-github-golang-snappy deb +build_install_snappydev() { +if [ $BUILD_KCP -eq 1 ]; then + BRANCH=$1 + gbp_build https://anonscm.debian.org/git/pkg-go/packages/golang-github-golang-snappy.git $BRANCH + sudo dpkg -i golang-github-golang-snappy-dev_*.deb + sudo apt-get install -fy +fi +} + +# Build and install golang-github-xtaci-kcp deb +build_install_kcpdev() { +if [ $BUILD_KCP -eq 1 ]; then + BRANCH=$1 + gbp_build https://anonscm.debian.org/git/pkg-go/packages/golang-github-xtaci-kcp.git $BRANCH + sudo dpkg -i golang-github-xtaci-kcp-dev_*.deb + sudo apt-get install -fy +fi +} + +# Build and install golang-github-xtaci-smux deb +build_install_smuxdev() { +if [ $BUILD_KCP -eq 1 ]; then + BRANCH=$1 + gbp_build https://anonscm.debian.org/git/pkg-go/packages/golang-github-xtaci-smux.git $BRANCH + sudo dpkg -i golang-github-xtaci-smux-dev_*.deb + sudo apt-get install -fy +fi +} + +# Build and install kcptun deb +build_install_kcptun() { +if [ $BUILD_KCP -eq 1 ]; then + BRANCH=$1 + gbp_build https://anonscm.debian.org/git/pkg-go/packages/kcptun.git $BRANCH + sudo dpkg -i kcptun_*.deb + sudo apt-get install -fy +fi +} + export XZ_DEFAULTS=--memlimit=128MiB OSID=$(grep ^ID= /etc/os-release|cut -d= -f2) OSVER=$(lsb_release -cs) +BUILD_KCP=0 BUILD_LIB=0 BUILD_BIN=0 @@ -226,6 +361,9 @@ case "$1" in --help|-h) help_usage ;; +kcp) + BUILD_KCP=1 + ;; lib) BUILD_LIB=1 ;; @@ -262,6 +400,17 @@ jessie|stretch|unstable|sid|zesty) build_install_libbloom exp1 build_install_sslibev exp1 build_install_simpleobfs exp1 + build_install_dhgolang debian/jessie-backports + build_install_reedsolomondev master + build_install_errorsdev master + build_install_tomldev master + build_install_checkdev master + build_install_yamldev master + build_install_urfaveclidev master + build_install_snappydev debian/jessie-backports + build_install_kcpdev master + build_install_smuxdev master + build_install_kcptun master apt_clean ;; trusty) @@ -281,6 +430,17 @@ xenial|yakkety) build_install_libbloom exp1 build_install_sslibev exp1 build_install_simpleobfs exp1 + build_install_dhgolang debian/jessie-backports + build_install_reedsolomondev master + build_install_errorsdev master + build_install_tomldev master + build_install_checkdev master + build_install_yamldev master + build_install_urfaveclidev master + build_install_snappydev debian/jessie-backports + build_install_kcpdev master + build_install_smuxdev master + build_install_kcptun master apt_clean ;; *) From af57095cc6f0e35932772a8947612a2255419a5d Mon Sep 17 00:00:00 2001 From: Simon Shi Date: Wed, 15 Mar 2017 22:49:18 +0800 Subject: [PATCH 61/62] Readme refine (#1360) * Readme refine 1. update libsodium version 2. remove some duplicate information 3. move some building suggestion to other part of document Signed-off-by: Simon * mbedtls * fix 1. distributions 2. usage 3. typo --- README.md | 119 +++++++++++++++++++++++++++--------------------------- 1 file changed, 59 insertions(+), 60 deletions(-) diff --git a/README.md b/README.md index 7e62b2bc..bbac94b5 100644 --- a/README.md +++ b/README.md @@ -33,34 +33,9 @@ cd shadowsocks-libev git submodule update --init --recursive ``` -### Build and install with recent mbedTLS and libsodium +### Build and install with recent libsodium -You have to install libsodium 1.0.8 or later before building. - -If your system is too old to provide libmbedtls and libsodium (later than **v1.0.8**), -you will need to either install those libraries manually or upgrade your system. - -If your system provides with those libraries, you **should** **not** install them -from source. You should jump this section and install them from distribution -repository instead. - -```bash -export LIBSODIUM_VER=1.0.11 -export MBEDTLS_VER=2.4.0 -wget https://github.com/jedisct1/libsodium/releases/download/1.0.11/libsodium-$LIBSODIUM_VER.tar.gz -tar xvf libsodium-$LIBSODIUM_VER.tar.gz -pushd libsodium-$LIBSODIUM_VER -./configure --prefix=/usr && make -sudo make install -popd -wget https://tls.mbed.org/download/mbedtls-$MBEDTLS_VER-gpl.tgz -tar xvf mbedtls-$MBEDTLS_VER-gpl.tgz -pushd mbedtls-$MBEDTLS_VER -make SHARED=1 CFLAGS=-fPIC -sudo make DESTDIR=/usr install -popd -sudo ldconfig -``` +You have to install libsodium 1.0.8 or later before building. See [Directly build and install on UNIX-like system](#Linux). ## Installation @@ -93,16 +68,21 @@ try `configure --help`. #### Install from repository -**Note: The repositories doesn't always contain the latest version. Please build from source if you want the latest version (see below)** +**Note: The repositories doesn't always contain the latest version. Please build from source if you want the latest version. (see below)** + +Shadowsocks-libev is available in the official repository for following distributions: -Shadowsocks-libev is available in the official repository for Debian 9("Stretch"), unstable, Ubuntu 16.10 and later derivatives: +* Debian 9 or higher (including testing and unstable/sid) +* Ubuntu 16.10 or higher ```bash sudo apt update sudo apt install shadowsocks-libev ``` -For Debian Jessie users, please install it from `jessie-backports`: +For **Debian 8 (Jessie)** users, please install it from `jessie-backports`: +We strongly encourage you to install shadowsocks-libev from `jessie-backports`. +Please follow instructions on [Debian Backports](https://backports.debian.org). ```bash sudo sh -c 'printf "deb http://httpredir.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/jessie-backports.list' @@ -112,26 +92,13 @@ sudo apt -t jessie-backports install shadowsocks-libev #### Build deb package from source -Supported Platforms: - -* Debian 8 (see below), 9, unstable -* Ubuntu 16.04 or higher - -For older systems, building `.deb` packages is not supported. -Please directly install from source. -You may need to resolve library dependencies by yourself. +Supported distributions: -**Note for Debian 8.x users**: -We strongly encourage you to install shadowsocks-libev from `jessie-backports`. -Please follow instructions on [Debian Backports](https://backports.debian.org). +* Debian 8, 9 or higher +* Ubuntu 14.04 LTS, 16.04 LTS, 16.10 or higher -If you insist on building from source, you will need to manually install libsodium -from `jessie-backports`, **NOT** libsodium in main repository. -Please follow the instructions on [Debian Backports Website](https://backports.debian.org). +For older systems, building `.deb` packages is not supported. Please directly install it from source. -You can also use the same build script for Ubuntu LTS as below. - -**Note for Debian (>=8) / Ubuntu 14.04 (Trusty) / 16.04 (Xenial) users**: You can build shadowsocks-libev and all its dependencies by script: ```bash @@ -141,8 +108,13 @@ cd ~/build-area ./build_deb.sh ``` -Otherwise, try to build and install directly from source. See the [Linux](#linux) -section below. +Otherwise, try to build and install directly from source. See the [Linux](#linux) section below. + +**Note for Debian 8 (Jessie) users**: + +We strongly encourage you to install shadowsocks-libev from `jessie-backports`. If you insist on building from source, you will need to manually install libsodium from `jessie-backports`, **NOT** libsodium in main repository. + +Please follow the instructions on [Debian Backports Website](https://backports.debian.org). ``` bash cd shadowsocks-libev @@ -169,13 +141,14 @@ sudo systemctl start shadowsocks-libev # for systemd ### Fedora & RHEL -Supported distributions include -- Fedora 22, 23, 24 -- RHEL 6, 7 and derivatives (including CentOS, Scientific Linux) +Supported distributions: + +* Fedora 22, 23, 24 +* RHEL 6, 7 and derivatives (including CentOS, Scientific Linux) #### Build from source with centos -If you are using CentOS 7, you need to install these prequirement to build from source code +If you are using CentOS 7, you need to install these prequirement to build from source code: ```bash yum install epel-release -y @@ -241,16 +214,42 @@ In general, you need the following build dependencies: * asciidoc (for documentation only) * xmlto (for documentation only) -For Unix-like systems, especially Debian-based systems, -e.g. Ubuntu, Debian or Linux Mint, you might install build dependencies like this: +If your system is too old to provide libmbedtls and libsodium (later than **v1.0.8**), you will need to either install those libraries manually or upgrade your system. + +If your system provides with those libraries, you **should not** install them from source. You should jump this section and install them from distribution repository instead. + +For some of the distributions, you might install build dependencies like this: ```bash -# Debian / Ubuntu +# Installation of basic build dependencies +## Debian / Ubuntu sudo apt-get install --no-install-recommends gettext build-essential autoconf libtool libpcre3-dev asciidoc xmlto libev-dev libudns-dev automake libmbedtls-dev libsodium-dev -# CentOS / Fedora / RHEL +## CentOS / Fedora / RHEL sudo yum install gettext gcc autoconf libtool automake make asciidoc xmlto udns-devel libev-devel -# Arch +## Arch sudo pacman -S gettext gcc autoconf libtool automake make asciidoc xmlto udns libev + +# Installation of Libsodium +export LIBSODIUM_VER=1.0.12 +wget https://download.libsodium.org/libsodium/releases/libsodium-$LIBSODIUM_VER.tar.gz +tar xvf libsodium-$LIBSODIUM_VER.tar.gz +pushd libsodium-$LIBSODIUM_VER +./configure --prefix=/usr && make +sudo make install +popd +sudo ldconfig + +# Installation of MbedTLS +export MBEDTLS_VER=2.4.2 +wget https://tls.mbed.org/download/mbedtls-$MBEDTLS_VER-gpl.tgz +tar xvf mbedtls-$MBEDTLS_VER-gpl.tgz +pushd mbedtls-$MBEDTLS_VER +make SHARED=1 CFLAGS=-fPIC +sudo make DESTDIR=/usr install +popd +sudo ldconfig + +# Start building ./autogen.sh && ./configure && make sudo make install ``` @@ -300,8 +299,8 @@ brew install shadowsocks-libev ## Usage -For a detailed and complete list of all supported arguments, you may refer to the -man pages of the applications, respectively. +For a detailed and complete list of all supported arguments, +you may refer to the man pages of the applications, respectively. ```    ss-[local|redir|server|tunnel|manager] From fb53630b202fe3cb37c4ce782afd6bf01afa8e2e Mon Sep 17 00:00:00 2001 From: Max Lv Date: Thu, 16 Mar 2017 14:04:05 +0800 Subject: [PATCH 62/62] Fix some building issues --- .gitignore | 1 + CMakeLists.txt | 22 ++++++++++++++++------ cmake/config.h.cmake | 16 +--------------- cmake/configure.cmake | 11 +---------- src/CMakeLists.txt | 21 +++++++++------------ 5 files changed, 28 insertions(+), 43 deletions(-) diff --git a/.gitignore b/.gitignore index 84079e1d..6e0a48ab 100644 --- a/.gitignore +++ b/.gitignore @@ -11,6 +11,7 @@ m4/ltsugar.m4 m4/ltversion.m4 m4/lt~obsolete.m4 src/Makefile.in +src/config.h # Ignore files generated by configure build/ diff --git a/CMakeLists.txt b/CMakeLists.txt index 9ab352eb..6de7bd6c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.6) +cmake_minimum_required(VERSION 2.8) set(PROJECT_NAME shadowsocks-libev) set(RELEASE_DATE 2017-2-17) @@ -8,9 +8,7 @@ set(PROJECT_URL "https://shadowsocks.org") set(PROJECT_ISSUES_URL "https://github.com/shadowsocks/shadowsocks-libev") project(${PROJECT_NAME}) - -set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c11") -set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -c") +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu99") #set(CMAKE_BINARY_DIR ${CMAKE_SOURCE_DIR}/out) set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib) @@ -51,6 +49,8 @@ install(FILES # We need libcork,libipset headers include_directories(libcork/include) include_directories(libipset/include) +include_directories(libbloom/murmur2) +include_directories(libbloom) set(LIBCORK_SOURCE libcork/src/libcork/cli/commands.c @@ -111,11 +111,21 @@ set(LIBIPSET_SOURCE ) add_library(ipset STATIC ${LIBIPSET_SOURCE}) -target_link_libraries(ipset cork) add_library(ipset-shared SHARED ${LIBIPSET_SOURCE}) -target_link_libraries(ipset-shared cork-shared) set_target_properties(ipset-shared PROPERTIES OUTPUT_NAME ipset) +set(LIBBLOOM_SOURCE + libbloom/bloom.c + libbloom/murmur2/MurmurHash2.c + ) + +add_library(bloom STATIC ${LIBBLOOM_SOURCE}) +target_link_libraries(ipset cork bloom) + +add_library(bloom-shared SHARED ${LIBBLOOM_SOURCE}) +target_link_libraries(ipset-shared cork-shared bloom-shared) +set_target_properties(bloom-shared PROPERTIES OUTPUT_NAME bloom) + add_subdirectory(src) diff --git a/cmake/config.h.cmake b/cmake/config.h.cmake index 4e122b79..3b7b6ff3 100644 --- a/cmake/config.h.cmake +++ b/cmake/config.h.cmake @@ -275,20 +275,6 @@ /* Define to `int' if does not define. */ #cmakedefine pid_t @pid_t@ -/* Define to the equivalent of the C99 'restrict' keyword, or to - nothing if this is not supported. Do not define if restrict is - supported directly. */ -#cmakedefine restrict @restrict@ -/* Work around a bug in Sun C++: it does not support _Restrict or - __restrict__, even though the corresponding Sun C compiler ends up with - "#define restrict _Restrict" or "#define restrict __restrict__" in the - previous line. Perhaps some future version of Sun C++ will work with - restrict; if so, hopefully it defines __RESTRICT like Sun C does. */ -#if defined __SUNPRO_CC && !defined __RESTRICT -# define _Restrict -# define __restrict__ -#endif - /* Define to `unsigned int' if does not define. */ #cmakedefine size_t unsigned int @@ -306,4 +292,4 @@ /* Define as `fork' if `vfork' does not work. */ #cmakedefine vfork -#endif \ No newline at end of file +#endif diff --git a/cmake/configure.cmake b/cmake/configure.cmake index dc376dd2..693b1e57 100644 --- a/cmake/configure.cmake +++ b/cmake/configure.cmake @@ -149,15 +149,6 @@ set(VERSION ${PACKAGE_VERSION}) # TODO Assume we got inline support # https://cmake.org/Wiki/CMakeTestInline -# Define to the equivalent of the C99 'restrict' keyword, or to -# nothing if this is not supported. Do not define if restrict is -# supported directly. -#define restrict __restrict -if (NOT "c_restrict" IN_LIST CMAKE_C_COMPILE_FEATURES) - message("No restrict") - set(restrict __restrict) -endif () - # Define to `int' if does not define. # undef pid_t # Define to the type of an unsigned integer type of width exactly 16 bits if @@ -197,4 +188,4 @@ endif () # Define as `fork' if `vfork' does not work. if (NOT HAVE_WORKING_VFORK) set(vfork fork) -endif () \ No newline at end of file +endif () diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 0e8b762f..c9aae696 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -24,6 +24,7 @@ set(SS_PLUGIN_SOURCE ) set(SS_SHARED_SOURCES + ppbloom.c utils.c jconf.c json.c @@ -96,8 +97,11 @@ find_library(LIBEV_SHARED ev) find_library(LIBUDNS_SHARED udns) find_library(LIBPCRE_SHARED pcre) -list(APPEND DEPS ${LIBEV} ${LIBUDNS} ${LIBPCRE} ${LIBSODIUM} ${LIBMBEDTLS} ${LIBMBEDCRYPTO}) -list(APPEND DEPS_SHARED ${LIBEV_SHARED} ${LIBUDNS_SHARED} ${LIBPCRE_SHARED} ${LIBSODIUM_SHARED} ${LIBMBEDTLS_SHARED} ${LIBMBEDCRYPTO_SHARED}) +list(APPEND DEPS bloom m ${LIBEV} ${LIBUDNS} ${LIBPCRE} ${LIBSODIUM} ${LIBMBEDTLS} ${LIBMBEDCRYPTO}) +list(APPEND DEPS_SHARED bloom-shared m ${LIBEV_SHARED} ${LIBUDNS_SHARED} ${LIBPCRE_SHARED} ${LIBSODIUM_SHARED} +${LIBMBEDTLS_SHARED} ${LIBMBEDCRYPTO_SHARED}) + +find_package (Threads) # Add our targets add_executable(ss-server ${SS_SERVER_SOURCE}) @@ -121,7 +125,7 @@ target_compile_definitions(shadowsocks-libev PUBLIC -DMODULE_LOCAL) target_link_libraries(ss-server cork ipset ${DEPS}) target_link_libraries(ss-tunnel cork ${DEPS}) -target_link_libraries(ss-manager cork ${LIBEV} ${LIBUDNS}) +target_link_libraries(ss-manager m bloom cork ${LIBEV} ${LIBUDNS}) target_link_libraries(ss-local cork ipset ${DEPS}) target_link_libraries(ss-redir cork ipset ${DEPS}) target_link_libraries(shadowsocks-libev cork ipset ${DEPS}) @@ -148,12 +152,11 @@ target_compile_definitions(shadowsocks-libev-shared PUBLIC -DMODULE_LOCAL) target_link_libraries(ss-server-shared cork-shared ipset-shared ${DEPS_SHARED}) target_link_libraries(ss-tunnel-shared cork-shared ${DEPS_SHARED}) -target_link_libraries(ss-manager-shared cork-shared ${LIBEV_SHARED} ${LIBUDNS_SHARED}) +target_link_libraries(ss-manager-shared m bloom-shared cork-shared ${CMAKE_THREAD_LIBS_INIT} ${LIBEV_SHARED} ${LIBUDNS_SHARED}) target_link_libraries(ss-local-shared cork-shared ipset-shared ${DEPS_SHARED}) target_link_libraries(ss-redir-shared cork-shared ipset-shared ${DEPS_SHARED}) target_link_libraries(shadowsocks-libev-shared cork-shared ipset-shared ${DEPS_SHARED}) - set_target_properties(ss-server-shared PROPERTIES OUTPUT_NAME ss-server) set_target_properties(ss-tunnel-shared PROPERTIES OUTPUT_NAME ss-tunnel) set_target_properties(ss-manager-shared PROPERTIES OUTPUT_NAME ss-manager) @@ -170,12 +173,6 @@ target_compile_definitions(shadowsocks-libev-shared PUBLIC -DMODULE_LOCAL) target_link_libraries(shadowsocks-libev-shared cork-shared ipset-shared ${DEPS_SHARED}) -#install(DIRECTORY DESTINATION ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}) -#install(TARGETS ss-server RUNTIME DESTINATION bin) -#install(TARGETS ss-tunnel RUNTIME DESTINATION bin) -#install(TARGETS ss-manager RUNTIME DESTINATION bin) -#install(TARGETS ss-local RUNTIME DESTINATION bin) - install(DIRECTORY ${CMAKE_RUNTIME_OUTPUT_DIRECTORY} DESTINATION bin FILES_MATCHING PATTERN "ss-*") @@ -185,4 +182,4 @@ add_custom_target(distclean COMMAND ${CMAKE_COMMAND} -E echo WARNING: distclean target is not functional COMMAND ${CMAKE_COMMAND} -E echo Use 'git clean -fdx' instead VERBATIM - ) \ No newline at end of file + )