richard
/
shadowsocks-libev
mirror of https://github.com/shadowsocks/shadowsocks-libev.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch 'master' of github.com:shadowsocks/shadowsocks-libev

pull/498/head
Max Lv 9 years ago
parent
5ddf786c19 2178c409f6
commit
bc91533c60
7 changed files with 122 additions and 37 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 100
      README.md
  2. 9
      man/shadowsocks-libev.8
  3. 11
      man/ss-local.1
  4. 6
      man/ss-manager.1
  5. 11
      man/ss-redir.1
  6. 11
      man/ss-server.1
  7. 11
      man/ss-tunnel.1

100
README.md
View File

@ -2,11 +2,11 @@
## Intro
[Shadowsocks-libev](http://shadowsocks.org) is a lightweight secured SOCKS5
[Shadowsocks-libev](http://shadowsocks.org) is a lightweight secured SOCKS5
proxy for embedded devices and low-end boxes.
It is a port of [Shadowsocks](https://github.com/shadowsocks/shadowsocks)
created by [@clowwindy](https://github.com/clowwindy), which is maintained by
It is a port of [Shadowsocks](https://github.com/shadowsocks/shadowsocks)
created by [@clowwindy](https://github.com/clowwindy), which is maintained by
[@madeye](https://github.com/madeye) and [@linusyang](https://github.com/linusyang).
Current version: 2.4.3 | [Changelog](debian/changelog)
@ -16,24 +16,76 @@ Travis CI: [![Travis CI](https://travis-ci.org/shadowsocks/shadowsocks-libev.svg
## Features
Shadowsocks-libev is written in pure C and only depends on
[libev](http://software.schmorp.de/pkg/libev.html) and
[libev](http://software.schmorp.de/pkg/libev.html) and
[OpenSSL](http://www.openssl.org/) or [PolarSSL](https://polarssl.org/).
The use of [mbedTLS](https://tls.mbed.org/) is added but still for testing, and
it is not officially supported yet.
In normal usage, the memory footprint is about 600KB and the CPU utilization is
no more than 5% on a low-end router (Buffalo WHR-G300N V2 with a 400MHz MIPS CPU,
In normal usage, the memory footprint is about 600KB and the CPU utilization is
no more than 5% on a low-end router (Buffalo WHR-G300N V2 with a 400MHz MIPS CPU,
32MB memory and 4MB flash).
For a full list of feature comparison between different versions of shadowsocks,
refer to the [Wiki page](https://github.com/shadowsocks/shadowsocks/wiki/Feature-Comparison-across-Different-Versions).
## Installation
**Notes about PolarSSL**
### Distribution-specific guide
- [Debian & Ubuntu](#debian--ubuntu)
+ [Install from repository](#install-from-repository)
+ [Build deb package from source](#build-deb-package-from-source)
+ [Configure and start the service](#configure-and-start-the-service)
- [Fedora & RHEL](#fedora--rhel)
+ [Install from repository](#install-from-repository-1)
- [Archlinux](#archlinux)
- [Directly build and install on UNIX-like system](#linux)
- [FreeBSD](#freebsd)
- [OpenWRT](#openwrt)
- [OS X](#os-x)
- [Windows](#windows)
* * *
### Pre-build configure guide
For a complete list of avaliable configure-time option,
try `configure --help`.
#### Using alternative crypto library
There are three crypto libraries available:
- OpenSSL (**default**)
- PolarSSL
- mbedTLS (__NOT__ officially supported)
##### PolarSSL
* The default crypto library is OpenSSL. To build against PolarSSL,
specify `--with-crypto-library=polarssl` and `--with-polarssl=/path/to/polarssl`
when running `./configure`.
* PolarSSL __1.2.5 or newer__ is required. Currently, PolarSSL does __NOT__ support
To build against PolarSSL, specify `--with-crypto-library=polarssl`
and `--with-polarssl=/path/to/polarssl` when running `./configure`.
* PolarSSL __1.2.5 or newer__ is required. Currently, PolarSSL does __NOT__ support
CAST5-CFB, DES-CFB, IDEA-CFB, RC2-CFB and SEED-CFB.
* RC4 is only support by PolarSSL __1.3.0 or above__.
##### mbedTLS
To build against mbedTLS, specify `--with-crypto-library=mbedtls`
and `--with-mbedtls=/path/to/mbedtls` when running `./configure`.
Please note that we do **NOT** officially support mbedTLS right now,
and you should use it at your own risk.
Windows users will need extra work when compiling mbedTLS library,
see [this issue](https://github.com/shadowsocks/shadowsocks-libev/issues/422) for detail info.
#### Using shared library from system
Please specify `--enable-system-shared-lib`. This will replace the bundled
`libev`, `libsodium` and `libudns` with the corresponding libraries installed
in the system during compilation and linking.
### Debian & Ubuntu
#### Install from repository
@ -82,7 +134,7 @@ Please follow the instructions on [Debian Backports](http://backports.debian.org
This also means that you can only install those built packages on systems that have
`init-system-helpers` installed.
Otherwise, try to build and install directly from source. See the **Linux**
Otherwise, try to build and install directly from source. See the [Linux](#linux)
section below.
``` bash
@ -144,11 +196,12 @@ su -c 'yum install shadowsocks-libev'
sudo pacman -S shadowsocks-libev
```
Please refer to downstream `PKGBUILD` file for any extra modifications.
Please refer to downstream [PKGBUILD](https://projects.archlinux.org/svntogit/community.git/tree/trunk?h=packages/shadowsocks-libev)
script for extra modifications and distribution-specific bugs.
### Linux
For Unix-like systems, especially Debian-based systems,
For Unix-like systems, especially Debian-based systems,
e.g. Ubuntu, Debian or Linux Mint, you can build the binary like this:
```bash
@ -181,13 +234,16 @@ service shadowsocks_libev start
### OpenWRT
**Note**: You may want to use [openwrt-shadowsocks](https://github.com/shadowsocks/openwrt-shadowsocks)
, which is developed specifically for OpenWRT.
```bash
# At OpenWRT build root
pushd package
git clone https://github.com/shadowsocks/shadowsocks-libev.git
popd
# Enable shadowsocks-libev in network category
# Enable shadowsocks-libev in network category
make menuconfig
# Optional
@ -237,7 +293,7 @@ make lib WINDOWS=1
make install DESTDIR="$HOME/prebuilt"
```
Then, build the binary using the commands below, and all `.exe` files
Then, build the binary using the commands below, and all `.exe` files
will be built at `$HOME/ss/bin`:
#### OpenSSL
@ -256,6 +312,9 @@ make && make install
## Usage
For a detailed and complete list of all supported arguments, you may refer to the
man pages of the applications, respectively.
```
ss-[local|redir|server|tunnel]
@ -271,7 +330,8 @@ make && make install
aes-128-cfb, aes-192-cfb, aes-256-cfb,
bf-cfb, camellia-128-cfb, camellia-192-cfb,
camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb,
rc2-cfb, seed-cfb, salsa20 and chacha20
rc2-cfb, seed-cfb, salsa20 ,chacha20 and
chacha20-ietf
[-f <pid_file>] the file path to store pid
@ -317,7 +377,7 @@ make && make install
notes:
ss-redir provides a transparent proxy function and only works on the
ss-redir provides a transparent proxy function and only works on the
Linux platform with iptables.
```
@ -329,7 +389,7 @@ The latest shadowsocks-libev has provided a *redir* mode. You can configure your
# Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS
root@Wrt:~# iptables -t mangle -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
@ -353,7 +413,7 @@ The latest shadowsocks-libev has provided a *redir* mode. You can configure your
root@Wrt:~# ip rule add fwmark 0x01/0x01 table 100
root@Wrt:~# ip route add local 0.0.0.0/0 dev lo table 100
root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
# Apply the rules
root@Wrt:~# iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
root@Wrt:~# iptables -t mangle -A PREROUTING -j SHADOWSOCKS

9
man/shadowsocks-libev.8
View File

@ -71,10 +71,10 @@ Set the password. The server and the client should use the same password.
.B \-m \fIencrypt_method\fP
Set the cipher.
Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5,
\*(Me accepts 18 different ciphers: table, rc4, rc4-md5,
aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,
camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb,
seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP.
seed-cfb, salsa20, chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
not work.
@ -88,6 +88,11 @@ Set the socket timeout in seconds. The default value is 10.
.B \-c \fIconfig_file\fP
Use a configuration file.
.TP
.B \-n \fInofile\fP
Specify max number of open files.
Only available on Linux.
.TP
.B \-i \fIinterface\fP
Specify network interface to bind.

11
man/ss-local.1
View File

@ -35,7 +35,7 @@ ss-local \- shadowsocks client as socks5 proxy, libev port
[\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] [\fB\-l\fR \fIlocal_port\fR]
[\fB\-k\fR \fIpassword\fR] [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR] [\fB\-t\fR \fItimeout\fR]
[\fB\-c\fR \fIconfig_file\fR] [\fB\-b\fR \fIinterface\fR] [\fB\-a\fR \fIuser_name\fR]
[\fB\-\-fast\-open\fR] [\fB\-\-acl\fR \fIacl_config\fR]
[\fB\-n\fR \fInofile\fR] [\fB\-\-fast\-open\fR] [\fB\-\-acl\fR \fIacl_config\fR]
.SH DESCRIPTION
\*(Me is a lightweight and secure socks5 proxy. It is a port of the original
@ -62,10 +62,10 @@ Set the password. The server and the client should use the same password.
.B \-m \fIencrypt_method\fP
Set the cipher.
Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5,
\*(Me accepts 18 different ciphers: table, rc4, rc4-md5,
aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,
camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb,
seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP.
seed-cfb, salsa20, chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
not work.
@ -79,6 +79,11 @@ Set the socket timeout in seconds. The default value is 10.
.B \-c \fIconfig_file\fP
Use a configuration file.
.TP
.B \-n \fInofile\fP
Specify max number of open files.
Only avaliable on Linux.
.TP
.B \-i \fIinterface\fP
Specify network interface to bind.
.TP

6
man/ss-manager.1
View File

@ -67,10 +67,10 @@ Set the password. The server and the client should use the same password.
.B \-m \fIencrypt_method\fP
Set the cipher.
Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5,
\*(Me accepts 18 different ciphers: table, rc4, rc4-md5,
aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,
camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb,
seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP.
seed-cfb, salsa20, chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
not work.
@ -150,7 +150,7 @@ $(which ss-server) -s example.com -m aes-256-cfb -c /path/to/config.json
# Connect to the socket. Using netcat-openbsd as an example.
# You should use scripts or other programs for further management.
nc -Uu /tmp/ss.socket
nc -Uu /tmp/manager.sock
After that, you may communicate with \*(Ma(1) as described above in the
\fBPROTOCOL\fR section.

11
man/ss-redir.1
View File

@ -35,7 +35,7 @@ ss-redir \- shadowsocks client as transparent proxy, libev port
[\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] [\fB\-l\fR \fIlocal_port\fR]
[\fB\-k\fR \fIpassword\fR] [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR]
[\fB\-t\fR \fItimeout\fR] [\fB\-c\fR \fIconfig_file\fR] [\fB\-b\fR \fIlocal_address\fR]
[\fB\-a\fR \fIuser_name\fR]
[\fB\-a\fR \fIuser_name\fR] [\fB\-n\fR \fInofile\fR]
.SH DESCRIPTION
\*(Me is a lightweight and secure socks5 proxy. It is a port of the original
@ -64,10 +64,10 @@ Set the password. The server and the client should use the same password.
.B \-m \fIencrypt_method\fP
Set the cipher.
Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5,
\*(Me accepts 18 different ciphers: table, rc4, rc4-md5,
aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,
camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb,
seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP.
seed-cfb, salsa20, chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
not work.
@ -81,6 +81,11 @@ Set the socket timeout in seconds. The default value is 10.
.B \-c \fIconfig_file\fP
Use a configuration file.
.TP
.B \-n \fInofile\fP
Specify max number of open files.
Only avaliable on Linux.
.TP
.B \-b \fIlocal_address\fP
Specify local address to bind.
.TP

11
man/ss-server.1
View File

@ -35,7 +35,7 @@ ss-server \- shadowsocks server, libev port
[\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] [\fB\-l\fR \fIlocal_port\fR]
[\fB\-k\fR \fIpassword\fR] [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR]
[\fB\-t\fR \fItimeout\fR] [\fB\-c\fR \fIconfig_file\fR] [\fB\-i\fR \fIinterface\fR]
[\fB\-a\fR \fIuser_name\fR] [\fB\-d\fR \fIaddr\fR]
[\fB\-a\fR \fIuser_name\fR] [\fB\-d\fR \fIaddr\fR] [\fB\-n\fR \fInofile\fR]
[\fB\-\-fast\-open\fR] [\fB\-\-acl\fR \fIacl_config\fR]
[\fB\-\-manager\-address\fR \fIpath_to_unix_domain\fR]
@ -64,10 +64,10 @@ Set the password. The server and the client should use the same password.
.B \-m \fIencrypt_method\fP
Set the cipher.
Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5,
\*(Me accepts 18 different ciphers: table, rc4, rc4-md5,
aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,
camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb,
seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP.
seed-cfb, salsa20, chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
not work.
@ -81,6 +81,11 @@ Set the socket timeout in seconds. The default value is 10.
.B \-c \fIconfig_file\fP
Use a configuration file.
.TP
.B \-n \fInofile\fP
Specify max number of open files.
Only avaliable on Linux.
.TP
.B \-i \fIinterface\fP
Specify network interface to bind.
.TP

11
man/ss-tunnel.1
View File

@ -35,7 +35,7 @@ ss-tunnel \- shadowsocks tools for local port forwarding, libev port
[\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] [\fB\-l\fR \fIlocal_port\fR]
[\fB\-k\fR \fIpassword\fR] [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR]
[\fB\-t\fR \fItimeout\fR] [\fB\-c\fR \fIconfig_file\fR] [\fB\-i\fR \fIinterface\fR]
[\fB\-b\fR \fIlocal_addr\fR] [\fB\-a\fR \fIuser_name\fR]
[\fB\-b\fR \fIlocal_addr\fR] [\fB\-a\fR \fIuser_name\fR] [\fB\-n\fR \fInofile\fR]
[\fB\-L\fR \fIaddr\fR:\fIport\fR]
.SH DESCRIPTION
@ -64,10 +64,10 @@ Set the password. The server and the client should use the same password.
.B \-m \fIencrypt_method\fP
Set the cipher.
Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5,
\*(Me accepts 18 different ciphers: table, rc4, rc4-md5,
aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,
camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb,
seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP.
seed-cfb, salsa20, chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
not work.
@ -81,6 +81,11 @@ Set the socket timeout in seconds. The default value is 10.
.B \-c \fIconfig_file\fP
Use a configuration file.
.TP
.B \-n \fInofile\fP
Specify max number of open files.
Only avaliable on Linux.
.TP
.B \-i \fIinterface\fP
Specify network interface to bind.
.TP

Write Preview
Loading…
Cancel
Save