Merge branch 'master' of github.com:shadowsocks/shadowsocks-libev

9 years ago · bc91533c60
7 changed files with 122 additions and 37 deletions
--- a/README.md
+++ b/README.md
@ -2,11 +2,11 @@
 ## Intro
 [Shadowsocks-libev](http://shadowsocks.org) is a lightweight secured SOCKS5 
 [Shadowsocks-libev](http://shadowsocks.org) is a lightweight secured SOCKS5
 proxy for embedded devices and low-end boxes.
 It is a port of [Shadowsocks](https://github.com/shadowsocks/shadowsocks) 
 created by [@clowwindy](https://github.com/clowwindy), which is maintained by 
 It is a port of [Shadowsocks](https://github.com/shadowsocks/shadowsocks)
 created by [@clowwindy](https://github.com/clowwindy), which is maintained by
 [@madeye](https://github.com/madeye) and [@linusyang](https://github.com/linusyang).
 Current version: 2.4.3 | [Changelog](debian/changelog)
@ -16,24 +16,76 @@ Travis CI: [![Travis CI](https://travis-ci.org/shadowsocks/shadowsocks-libev.svg
 ## Features
 Shadowsocks-libev is written in pure C and only depends on
 [libev](http://software.schmorp.de/pkg/libev.html) and 
 [libev](http://software.schmorp.de/pkg/libev.html) and
 [OpenSSL](http://www.openssl.org/) or [PolarSSL](https://polarssl.org/).
 The use of [mbedTLS](https://tls.mbed.org/) is added but still for testing, and
 it is not officially supported yet.
 In normal usage, the memory footprint is about 600KB and the CPU utilization is 
 no more than 5% on a low-end router (Buffalo WHR-G300N V2 with a 400MHz MIPS CPU, 
 In normal usage, the memory footprint is about 600KB and the CPU utilization is
 no more than 5% on a low-end router (Buffalo WHR-G300N V2 with a 400MHz MIPS CPU,
 32MB memory and 4MB flash).
 For a full list of feature comparison between different versions of shadowsocks,
 refer to the [Wiki page](https://github.com/shadowsocks/shadowsocks/wiki/Feature-Comparison-across-Different-Versions).
 ## Installation
 **Notes about PolarSSL**
 ### Distribution-specific guide
 - [Debian & Ubuntu](#debian--ubuntu)
    + [Install from repository](#install-from-repository)
    + [Build deb package from source](#build-deb-package-from-source)
    + [Configure and start the service](#configure-and-start-the-service)
 - [Fedora & RHEL](#fedora--rhel)
    + [Install from repository](#install-from-repository-1)
 - [Archlinux](#archlinux)
 - [Directly build and install on UNIX-like system](#linux)
 - [FreeBSD](#freebsd)
 - [OpenWRT](#openwrt)
 - [OS X](#os-x)
 - [Windows](#windows)
 * * *
 ### Pre-build configure guide
 For a complete list of avaliable configure-time option,
 try `configure --help`.
 #### Using alternative crypto library
 There are three crypto libraries available:
 - OpenSSL (**default**)
 - PolarSSL
 - mbedTLS (__NOT__ officially supported)
 ##### PolarSSL
 * The default crypto library is OpenSSL. To build against PolarSSL,
 specify `--with-crypto-library=polarssl` and  `--with-polarssl=/path/to/polarssl`
 when running `./configure`.
 * PolarSSL __1.2.5 or newer__ is required. Currently, PolarSSL does __NOT__ support 
 To build against PolarSSL, specify `--with-crypto-library=polarssl`
 and `--with-polarssl=/path/to/polarssl` when running `./configure`.
 * PolarSSL __1.2.5 or newer__ is required. Currently, PolarSSL does __NOT__ support
 CAST5-CFB, DES-CFB, IDEA-CFB, RC2-CFB and SEED-CFB.
 * RC4 is only support by PolarSSL __1.3.0 or above__.
 ##### mbedTLS
 To build against mbedTLS, specify `--with-crypto-library=mbedtls`
 and `--with-mbedtls=/path/to/mbedtls` when running `./configure`.
 Please note that we do **NOT** officially support mbedTLS right now,
 and you should use it at your own risk.
 Windows users will need extra work when compiling mbedTLS library,
 see [this issue](https://github.com/shadowsocks/shadowsocks-libev/issues/422) for detail info.
 #### Using shared library from system
 Please specify `--enable-system-shared-lib`. This will replace the bundled
 `libev`, `libsodium` and `libudns` with the corresponding libraries installed
 in the system during compilation and linking.
 ### Debian & Ubuntu
 #### Install from repository
@ -82,7 +134,7 @@ Please follow the instructions on [Debian Backports](http://backports.debian.org
 This also means that you can only install those built packages on systems that have
 `init-system-helpers` installed.
 Otherwise, try to build and install directly from source. See the **Linux**
 Otherwise, try to build and install directly from source. See the [Linux](#linux)
 section below.
 ``` bash
@ -144,11 +196,12 @@ su -c 'yum install shadowsocks-libev'
 sudo pacman -S shadowsocks-libev
 ```
 Please refer to downstream `PKGBUILD` file for any extra modifications.
 Please refer to downstream [PKGBUILD](https://projects.archlinux.org/svntogit/community.git/tree/trunk?h=packages/shadowsocks-libev)
 script for extra modifications and distribution-specific bugs.
 ### Linux
 For Unix-like systems, especially Debian-based systems, 
 For Unix-like systems, especially Debian-based systems,
 e.g. Ubuntu, Debian or Linux Mint, you can build the binary like this:
 ```bash
@ -181,13 +234,16 @@ service shadowsocks_libev start
 ### OpenWRT
 **Note**: You may want to use [openwrt-shadowsocks](https://github.com/shadowsocks/openwrt-shadowsocks)
 , which is developed specifically for OpenWRT.
 ```bash
 # At OpenWRT build root
 pushd package
 git clone https://github.com/shadowsocks/shadowsocks-libev.git
 popd
 # Enable shadowsocks-libev in network category 
 # Enable shadowsocks-libev in network category
 make menuconfig
 # Optional
@ -237,7 +293,7 @@ make lib WINDOWS=1
 make install DESTDIR="$HOME/prebuilt"
 ```
 Then, build the binary using the commands below, and all `.exe` files 
 Then, build the binary using the commands below, and all `.exe` files
 will be built at `$HOME/ss/bin`:
 #### OpenSSL
@ -256,6 +312,9 @@ make && make install
 ## Usage
 For a detailed and complete list of all supported arguments, you may refer to the
 man pages of the applications, respectively.
 ```
    ss-[local|redir|server|tunnel]
@ -271,7 +330,8 @@ make && make install
                                  aes-128-cfb, aes-192-cfb, aes-256-cfb,
                                  bf-cfb, camellia-128-cfb, camellia-192-cfb,
                                  camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb,
                                  rc2-cfb, seed-cfb, salsa20 and chacha20
                                  rc2-cfb, seed-cfb, salsa20 ,chacha20 and
                                  chacha20-ietf
       [-f <pid_file>]            the file path to store pid
@ -317,7 +377,7 @@ make && make install
 notes:
    ss-redir provides a transparent proxy function and only works on the 
    ss-redir provides a transparent proxy function and only works on the
    Linux platform with iptables.
 ```
@ -329,7 +389,7 @@ The latest shadowsocks-libev has provided a *redir* mode. You can configure your
    # Create new chain
    root@Wrt:~# iptables -t nat -N SHADOWSOCKS
    root@Wrt:~# iptables -t mangle -N SHADOWSOCKS
    # Ignore your shadowsocks server's addresses
    # It's very IMPORTANT, just be careful.
    root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
@ -353,7 +413,7 @@ The latest shadowsocks-libev has provided a *redir* mode. You can configure your
    root@Wrt:~# ip rule add fwmark 0x01/0x01 table 100
    root@Wrt:~# ip route add local 0.0.0.0/0 dev lo table 100
    root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
    # Apply the rules
    root@Wrt:~# iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
    root@Wrt:~# iptables -t mangle -A PREROUTING -j SHADOWSOCKS
--- a/man/shadowsocks-libev.8
+++ b/man/shadowsocks-libev.8
@ -71,10 +71,10 @@ Set the password. The server and the client should use the same password.
 .B \-m \fIencrypt_method\fP
 Set the cipher.
 Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5,
 \*(Me accepts 18 different ciphers: table, rc4, rc4-md5,
 aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,
 camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb,
 seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP.
 seed-cfb, salsa20, chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
 If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
 not work.
@ -88,6 +88,11 @@ Set the socket timeout in seconds. The default value is 10.
 .B \-c \fIconfig_file\fP
 Use a configuration file.
 .TP
 .B \-n \fInofile\fP
 Specify max number of open files.
 Only available on Linux.
 .TP
 .B \-i \fIinterface\fP
 Specify network interface to bind.
--- a/man/ss-local.1
+++ b/man/ss-local.1
@ -35,7 +35,7 @@ ss-local \- shadowsocks client as socks5 proxy, libev port
    [\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR]    [\fB\-l\fR \fIlocal_port\fR]
    [\fB\-k\fR \fIpassword\fR]    [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR]   [\fB\-t\fR \fItimeout\fR]
    [\fB\-c\fR \fIconfig_file\fR] [\fB\-b\fR \fIinterface\fR]      [\fB\-a\fR \fIuser_name\fR]
    [\fB\-\-fast\-open\fR]    [\fB\-\-acl\fR \fIacl_config\fR]
    [\fB\-n\fR \fInofile\fR]      [\fB\-\-fast\-open\fR]    [\fB\-\-acl\fR \fIacl_config\fR]
 .SH DESCRIPTION
 \*(Me is a lightweight and secure socks5 proxy. It is a port of the original
@ -62,10 +62,10 @@ Set the password. The server and the client should use the same password.
 .B \-m \fIencrypt_method\fP
 Set the cipher.
 Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5,
 \*(Me accepts 18 different ciphers: table, rc4, rc4-md5,
 aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,
 camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb,
 seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP.
 seed-cfb, salsa20, chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
 If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
 not work.
@ -79,6 +79,11 @@ Set the socket timeout in seconds. The default value is 10.
 .B \-c \fIconfig_file\fP
 Use a configuration file.
 .TP
 .B \-n \fInofile\fP
 Specify max number of open files.
 Only avaliable on Linux.
 .TP
 .B \-i \fIinterface\fP
 Specify network interface to bind.
 .TP
--- a/man/ss-manager.1
+++ b/man/ss-manager.1
@ -67,10 +67,10 @@ Set the password. The server and the client should use the same password.
 .B \-m \fIencrypt_method\fP
 Set the cipher.
 Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5,
 \*(Me accepts 18 different ciphers: table, rc4, rc4-md5,
 aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,
 camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb,
 seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP.
 seed-cfb, salsa20, chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
 If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
 not work.
@ -150,7 +150,7 @@ $(which ss-server) -s example.com -m aes-256-cfb -c /path/to/config.json
    # Connect to the socket. Using netcat-openbsd as an example.
    # You should use scripts or other programs for further management.
    nc -Uu /tmp/ss.socket
    nc -Uu /tmp/manager.sock
 After that, you may communicate with \*(Ma(1) as described above in the
 \fBPROTOCOL\fR section.
--- a/man/ss-redir.1
+++ b/man/ss-redir.1
@ -35,7 +35,7 @@ ss-redir \- shadowsocks client as transparent proxy, libev port
    [\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR]    [\fB\-l\fR \fIlocal_port\fR]
    [\fB\-k\fR \fIpassword\fR]    [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR]
    [\fB\-t\fR \fItimeout\fR]     [\fB\-c\fR \fIconfig_file\fR]    [\fB\-b\fR \fIlocal_address\fR]
    [\fB\-a\fR \fIuser_name\fR]
    [\fB\-a\fR \fIuser_name\fR]   [\fB\-n\fR \fInofile\fR]
 .SH DESCRIPTION
 \*(Me is a lightweight and secure socks5 proxy. It is a port of the original
@ -64,10 +64,10 @@ Set the password. The server and the client should use the same password.
 .B \-m \fIencrypt_method\fP
 Set the cipher.
 Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5,
 \*(Me accepts 18 different ciphers: table, rc4, rc4-md5,
 aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,
 camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb,
 seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP.
 seed-cfb, salsa20, chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
 If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
 not work.
@ -81,6 +81,11 @@ Set the socket timeout in seconds. The default value is 10.
 .B \-c \fIconfig_file\fP
 Use a configuration file.
 .TP
 .B \-n \fInofile\fP
 Specify max number of open files.
 Only avaliable on Linux.
 .TP
 .B \-b \fIlocal_address\fP
 Specify local address to bind.
 .TP
--- a/man/ss-server.1
+++ b/man/ss-server.1
@ -35,7 +35,7 @@ ss-server \- shadowsocks server, libev port
    [\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR]    [\fB\-l\fR \fIlocal_port\fR]
    [\fB\-k\fR \fIpassword\fR]    [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR]
    [\fB\-t\fR \fItimeout\fR]     [\fB\-c\fR \fIconfig_file\fR]    [\fB\-i\fR \fIinterface\fR]
    [\fB\-a\fR \fIuser_name\fR]   [\fB\-d\fR \fIaddr\fR]
    [\fB\-a\fR \fIuser_name\fR]   [\fB\-d\fR \fIaddr\fR]           [\fB\-n\fR \fInofile\fR]
    [\fB\-\-fast\-open\fR]    [\fB\-\-acl\fR \fIacl_config\fR]
    [\fB\-\-manager\-address\fR \fIpath_to_unix_domain\fR]
@ -64,10 +64,10 @@ Set the password. The server and the client should use the same password.
 .B \-m \fIencrypt_method\fP
 Set the cipher.
 Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5,
 \*(Me accepts 18 different ciphers: table, rc4, rc4-md5,
 aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,
 camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb,
 seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP.
 seed-cfb, salsa20, chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
 If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
 not work.
@ -81,6 +81,11 @@ Set the socket timeout in seconds. The default value is 10.
 .B \-c \fIconfig_file\fP
 Use a configuration file.
 .TP
 .B \-n \fInofile\fP
 Specify max number of open files.
 Only avaliable on Linux.
 .TP
 .B \-i \fIinterface\fP
 Specify network interface to bind.
 .TP
--- a/man/ss-tunnel.1
+++ b/man/ss-tunnel.1
@ -35,7 +35,7 @@ ss-tunnel \- shadowsocks tools for local port forwarding, libev port
    [\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR]    [\fB\-l\fR \fIlocal_port\fR]
    [\fB\-k\fR \fIpassword\fR]    [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR]
    [\fB\-t\fR \fItimeout\fR]     [\fB\-c\fR \fIconfig_file\fR]    [\fB\-i\fR \fIinterface\fR]
    [\fB\-b\fR \fIlocal_addr\fR]  [\fB\-a\fR \fIuser_name\fR]
    [\fB\-b\fR \fIlocal_addr\fR]  [\fB\-a\fR \fIuser_name\fR]      [\fB\-n\fR \fInofile\fR]
    [\fB\-L\fR \fIaddr\fR:\fIport\fR]
 .SH DESCRIPTION
@ -64,10 +64,10 @@ Set the password. The server and the client should use the same password.
 .B \-m \fIencrypt_method\fP
 Set the cipher.
 Shadowsocks accepts 16 different ciphers: table, rc4, rc4-md5,
 \*(Me accepts 18 different ciphers: table, rc4, rc4-md5,
 aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb,
 camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb,
 seed-cfb, salsa20 and chacha20. The default cipher is \fItable\fP.
 seed-cfb, salsa20, chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
 If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
 not work.
@ -81,6 +81,11 @@ Set the socket timeout in seconds. The default value is 10.
 .B \-c \fIconfig_file\fP
 Use a configuration file.
 .TP
 .B \-n \fInofile\fP
 Specify max number of open files.
 Only avaliable on Linux.
 .TP
 .B \-i \fIinterface\fP
 Specify network interface to bind.
 .TP