richard
/
shadowsocks-libev
mirror of https://github.com/shadowsocks/shadowsocks-libev.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Refine ACL support

pull/524/head
Max Lv 9 years ago
parent
c5155e4a59
commit
eccc91d711
10 changed files with 426 additions and 229 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      src/Makefile.am
  2. 295
      src/Makefile.in
  3. 60
      src/acl.c
  4. 10
      src/acl.h
  5. 8
      src/common.h
  6. 6
      src/local.c
  7. 80
      src/server.c
  8. 64
      src/udprelay.c
  9. 10
      src/udprelay.h
  10. 113
      src/utils.c

9
src/Makefile.am
View File

@ -77,9 +77,10 @@ ss_tunnel_LDADD += $(top_builddir)/libudns/libudns.la
ss_server_LDADD += $(top_builddir)/libudns/libudns.la
endif
ss_local_CFLAGS = $(AM_CFLAGS) -DUDPRELAY_LOCAL
ss_tunnel_CFLAGS = $(AM_CFLAGS) -DUDPRELAY_LOCAL -DUDPRELAY_TUNNEL
ss_server_CFLAGS = $(AM_CFLAGS) -DUDPRELAY_REMOTE
ss_local_CFLAGS = $(AM_CFLAGS) -DMODULE_LOCAL
ss_tunnel_CFLAGS = $(AM_CFLAGS) -DMODULE_TUNNEL
ss_server_CFLAGS = $(AM_CFLAGS) -DMODULE_REMOTE
ss_manager_CFLAGS = $(AM_CFLAGS) -DMODULE_MANAGER
if BUILD_WINCOMPAT
ss_local_SOURCES += win32.c
@ -97,7 +98,7 @@ ss_redir_SOURCES = utils.c \
udprelay.c \
hmac-sha1.c \
redir.c
ss_redir_CFLAGS = $(AM_CFLAGS) -DUDPRELAY_REDIR -DUDPRELAY_LOCAL
ss_redir_CFLAGS = $(AM_CFLAGS) -DMODULE_REDIR
ss_redir_LDADD = $(SS_COMMON_LIBS)
if USE_SYSTEM_SHARED_LIB
ss_redir_LDADD += -ludns

295
src/Makefile.in
View File

@ -1,9 +1,8 @@
# Makefile.in generated by automake 1.11.6 from Makefile.am.
# Makefile.in generated by automake 1.14.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
# Foundation, Inc.
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -18,23 +17,51 @@
VPATH = @srcdir@
am__make_dryrun = \
{ \
am__dry=no; \
am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
| grep '^AM OK$$' >/dev/null || am__dry=yes;; \
*) \
for am__flg in $$MAKEFLAGS; do \
case $$am__flg in \
*=*|--*) ;; \
*n*) am__dry=yes; break;; \
esac; \
done;; \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
test $$am__dry = yes; \
}
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@ -75,8 +102,8 @@ bin_PROGRAMS = ss-local$(EXEEXT) ss-tunnel$(EXEEXT) $(am__EXEEXT_1) \
@BUILD_REDIRECTOR_TRUE@@USE_SYSTEM_SHARED_LIB_TRUE@am__append_14 = -ludns
@BUILD_REDIRECTOR_TRUE@@USE_SYSTEM_SHARED_LIB_FALSE@am__append_15 = $(top_builddir)/libudns/libudns.la
subdir = src
DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in
DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
$(top_srcdir)/auto/depcomp $(include_HEADERS)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/acx_pthread.m4 \
$(top_srcdir)/m4/ax_tls.m4 $(top_srcdir)/m4/inet_ntop.m4 \
@ -144,6 +171,7 @@ libshadowsocks_la_OBJECTS = $(am_libshadowsocks_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
libshadowsocks_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
$(libshadowsocks_la_CFLAGS) $(CFLAGS) \
@ -168,10 +196,14 @@ ss_local_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
ss_local_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(ss_local_CFLAGS) \
$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
am_ss_manager_OBJECTS = utils.$(OBJEXT) jconf.$(OBJEXT) json.$(OBJEXT) \
manager.$(OBJEXT)
am_ss_manager_OBJECTS = ss_manager-utils.$(OBJEXT) \
ss_manager-jconf.$(OBJEXT) ss_manager-json.$(OBJEXT) \
ss_manager-manager.$(OBJEXT)
ss_manager_OBJECTS = $(am_ss_manager_OBJECTS)
ss_manager_DEPENDENCIES = $(am__DEPENDENCIES_2)
ss_manager_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(ss_manager_CFLAGS) \
$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
am__ss_redir_SOURCES_DIST = utils.c jconf.c json.c encrypt.c \
netutils.c cache.c udprelay.c hmac-sha1.c redir.c
@BUILD_REDIRECTOR_TRUE@am_ss_redir_OBJECTS = ss_redir-utils.$(OBJEXT) \
@ -216,6 +248,18 @@ ss_tunnel_DEPENDENCIES = $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \
ss_tunnel_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(ss_tunnel_CFLAGS) \
$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/auto/depcomp
am__depfiles_maybe = depfiles
@ -228,20 +272,16 @@ LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(AM_CFLAGS) $(CFLAGS)
AM_V_CC = $(am__v_CC_@AM_V@)
am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
am__v_CC_0 = @echo " CC " $@;
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_CC_0 = @echo " CC " $@;
am__v_CC_1 =
CCLD = $(CC)
LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
SOURCES = $(libshadowsocks_la_SOURCES) $(ss_local_SOURCES) \
$(ss_manager_SOURCES) $(ss_redir_SOURCES) $(ss_server_SOURCES) \
$(ss_tunnel_SOURCES)
@ -255,6 +295,23 @@ am__can_run_installinfo = \
*) (install-info --version) >/dev/null 2>&1;; \
esac
HEADERS = $(include_HEADERS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
BEGIN { nonempty = 0; } \
{ items[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in items) print i; }; } \
'
# Make sure the list of sources is unique. This is necessary because,
# e.g., the same source file might be shared among _SOURCES variables
# for different programs/libraries.
am__define_uniq_tagged_files = \
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@ -413,9 +470,10 @@ ss_local_LDADD = $(SS_COMMON_LIBS) $(am__append_5) $(am__append_8)
ss_tunnel_LDADD = $(SS_COMMON_LIBS) $(am__append_6) $(am__append_9)
ss_server_LDADD = $(SS_COMMON_LIBS) $(am__append_7) $(am__append_10)
ss_manager_LDADD = $(SS_COMMON_LIBS)
ss_local_CFLAGS = $(AM_CFLAGS) -DUDPRELAY_LOCAL
ss_tunnel_CFLAGS = $(AM_CFLAGS) -DUDPRELAY_LOCAL -DUDPRELAY_TUNNEL
ss_server_CFLAGS = $(AM_CFLAGS) -DUDPRELAY_REMOTE
ss_local_CFLAGS = $(AM_CFLAGS) -DMODULE_LOCAL
ss_tunnel_CFLAGS = $(AM_CFLAGS) -DMODULE_TUNNEL
ss_server_CFLAGS = $(AM_CFLAGS) -DMODULE_REMOTE
ss_manager_CFLAGS = $(AM_CFLAGS) -DMODULE_MANAGER
@BUILD_REDIRECTOR_TRUE@ss_redir_SOURCES = utils.c \
@BUILD_REDIRECTOR_TRUE@ jconf.c \
@BUILD_REDIRECTOR_TRUE@ json.c \
@ -426,7 +484,7 @@ ss_server_CFLAGS = $(AM_CFLAGS) -DUDPRELAY_REMOTE
@BUILD_REDIRECTOR_TRUE@ hmac-sha1.c \
@BUILD_REDIRECTOR_TRUE@ redir.c
@BUILD_REDIRECTOR_TRUE@ss_redir_CFLAGS = $(AM_CFLAGS) -DUDPRELAY_REDIR -DUDPRELAY_LOCAL
@BUILD_REDIRECTOR_TRUE@ss_redir_CFLAGS = $(AM_CFLAGS) -DMODULE_REDIR
@BUILD_REDIRECTOR_TRUE@ss_redir_LDADD = $(SS_COMMON_LIBS) \
@BUILD_REDIRECTOR_TRUE@ $(am__append_14) $(am__append_15)
lib_LTLIBRARIES = libshadowsocks.la
@ -469,6 +527,7 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
install-libLTLIBRARIES: $(lib_LTLIBRARIES)
@$(NORMAL_INSTALL)
@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
@ -495,12 +554,15 @@ uninstall-libLTLIBRARIES:
clean-libLTLIBRARIES:
-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
test "$$dir" != "$$p" || dir=.; \
echo "rm -f \"$${dir}/so_locations\""; \
rm -f "$${dir}/so_locations"; \
done
@list='$(lib_LTLIBRARIES)'; \
locs=`for p in $$list; do echo $$p; done | \
sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
sort -u`; \
test -z "$$locs" || { \
echo rm -f $${locs}; \
rm -f $${locs}; \
}
libshadowsocks.la: $(libshadowsocks_la_OBJECTS) $(libshadowsocks_la_DEPENDENCIES) $(EXTRA_libshadowsocks_la_DEPENDENCIES)
$(AM_V_CCLD)$(libshadowsocks_la_LINK) -rpath $(libdir) $(libshadowsocks_la_OBJECTS) $(libshadowsocks_la_LIBADD) $(LIBS)
install-binPROGRAMS: $(bin_PROGRAMS)
@ -512,10 +574,12 @@ install-binPROGRAMS: $(bin_PROGRAMS)
fi; \
for p in $$list; do echo "$$p $$p"; done | \
sed 's/$(EXEEXT)$$//' | \
while read p p1; do if test -f $$p || test -f $$p1; \
then echo "$$p"; echo "$$p"; else :; fi; \
while read p p1; do if test -f $$p \
|| test -f $$p1 \
; then echo "$$p"; echo "$$p"; else :; fi; \
done | \
sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
sed -e 'p;s,.*/,,;n;h' \
-e 's|.*|.|' \
-e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
sed 'N;N;N;s,\n, ,g' | \
$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
@ -536,7 +600,8 @@ uninstall-binPROGRAMS:
@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
files=`for p in $$list; do echo "$$p"; done | \
sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
-e 's/$$/$(EXEEXT)/' `; \
-e 's/$$/$(EXEEXT)/' \
`; \
test -n "$$list" || exit 0; \
echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
cd "$(DESTDIR)$(bindir)" && rm -f $$files
@ -549,18 +614,23 @@ clean-binPROGRAMS:
list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
echo " rm -f" $$list; \
rm -f $$list
ss-local$(EXEEXT): $(ss_local_OBJECTS) $(ss_local_DEPENDENCIES) $(EXTRA_ss_local_DEPENDENCIES)
@rm -f ss-local$(EXEEXT)
$(AM_V_CCLD)$(ss_local_LINK) $(ss_local_OBJECTS) $(ss_local_LDADD) $(LIBS)
ss-manager$(EXEEXT): $(ss_manager_OBJECTS) $(ss_manager_DEPENDENCIES) $(EXTRA_ss_manager_DEPENDENCIES)
@rm -f ss-manager$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(ss_manager_OBJECTS) $(ss_manager_LDADD) $(LIBS)
$(AM_V_CCLD)$(ss_manager_LINK) $(ss_manager_OBJECTS) $(ss_manager_LDADD) $(LIBS)
ss-redir$(EXEEXT): $(ss_redir_OBJECTS) $(ss_redir_DEPENDENCIES) $(EXTRA_ss_redir_DEPENDENCIES)
@rm -f ss-redir$(EXEEXT)
$(AM_V_CCLD)$(ss_redir_LINK) $(ss_redir_OBJECTS) $(ss_redir_LDADD) $(LIBS)
ss-server$(EXEEXT): $(ss_server_OBJECTS) $(ss_server_DEPENDENCIES) $(EXTRA_ss_server_DEPENDENCIES)
@rm -f ss-server$(EXEEXT)
$(AM_V_CCLD)$(ss_server_LINK) $(ss_server_OBJECTS) $(ss_server_LDADD) $(LIBS)
ss-tunnel$(EXEEXT): $(ss_tunnel_OBJECTS) $(ss_tunnel_DEPENDENCIES) $(EXTRA_ss_tunnel_DEPENDENCIES)
@rm -f ss-tunnel$(EXEEXT)
$(AM_V_CCLD)$(ss_tunnel_LINK) $(ss_tunnel_OBJECTS) $(ss_tunnel_LDADD) $(LIBS)
@ -571,8 +641,6 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jconf.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/json.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadowsocks_la-acl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadowsocks_la-cache.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadowsocks_la-encrypt.Plo@am__quote@
@ -584,7 +652,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadowsocks_la-udprelay.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadowsocks_la-utils.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libshadowsocks_la-win32.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/manager.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_local-acl.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_local-cache.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_local-encrypt.Po@am__quote@
@ -596,6 +663,10 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_local-udprelay.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_local-utils.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_local-win32.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_manager-jconf.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_manager-json.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_manager-manager.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_manager-utils.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_redir-cache.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_redir-encrypt.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_redir-hmac-sha1.Po@am__quote@
@ -626,7 +697,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_tunnel-udprelay.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_tunnel-utils.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ss_tunnel-win32.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utils.Po@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@ -883,6 +953,62 @@ ss_local-win32.obj: win32.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_local_CFLAGS) $(CFLAGS) -c -o ss_local-win32.obj `if test -f 'win32.c'; then $(CYGPATH_W) 'win32.c'; else $(CYGPATH_W) '$(srcdir)/win32.c'; fi`
ss_manager-utils.o: utils.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -MT ss_manager-utils.o -MD -MP -MF $(DEPDIR)/ss_manager-utils.Tpo -c -o ss_manager-utils.o `test -f 'utils.c' || echo '$(srcdir)/'`utils.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ss_manager-utils.Tpo $(DEPDIR)/ss_manager-utils.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils.c' object='ss_manager-utils.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -c -o ss_manager-utils.o `test -f 'utils.c' || echo '$(srcdir)/'`utils.c
ss_manager-utils.obj: utils.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -MT ss_manager-utils.obj -MD -MP -MF $(DEPDIR)/ss_manager-utils.Tpo -c -o ss_manager-utils.obj `if test -f 'utils.c'; then $(CYGPATH_W) 'utils.c'; else $(CYGPATH_W) '$(srcdir)/utils.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ss_manager-utils.Tpo $(DEPDIR)/ss_manager-utils.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils.c' object='ss_manager-utils.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -c -o ss_manager-utils.obj `if test -f 'utils.c'; then $(CYGPATH_W) 'utils.c'; else $(CYGPATH_W) '$(srcdir)/utils.c'; fi`
ss_manager-jconf.o: jconf.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -MT ss_manager-jconf.o -MD -MP -MF $(DEPDIR)/ss_manager-jconf.Tpo -c -o ss_manager-jconf.o `test -f 'jconf.c' || echo '$(srcdir)/'`jconf.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ss_manager-jconf.Tpo $(DEPDIR)/ss_manager-jconf.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='jconf.c' object='ss_manager-jconf.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -c -o ss_manager-jconf.o `test -f 'jconf.c' || echo '$(srcdir)/'`jconf.c
ss_manager-jconf.obj: jconf.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -MT ss_manager-jconf.obj -MD -MP -MF $(DEPDIR)/ss_manager-jconf.Tpo -c -o ss_manager-jconf.obj `if test -f 'jconf.c'; then $(CYGPATH_W) 'jconf.c'; else $(CYGPATH_W) '$(srcdir)/jconf.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ss_manager-jconf.Tpo $(DEPDIR)/ss_manager-jconf.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='jconf.c' object='ss_manager-jconf.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -c -o ss_manager-jconf.obj `if test -f 'jconf.c'; then $(CYGPATH_W) 'jconf.c'; else $(CYGPATH_W) '$(srcdir)/jconf.c'; fi`
ss_manager-json.o: json.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -MT ss_manager-json.o -MD -MP -MF $(DEPDIR)/ss_manager-json.Tpo -c -o ss_manager-json.o `test -f 'json.c' || echo '$(srcdir)/'`json.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ss_manager-json.Tpo $(DEPDIR)/ss_manager-json.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='json.c' object='ss_manager-json.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -c -o ss_manager-json.o `test -f 'json.c' || echo '$(srcdir)/'`json.c
ss_manager-json.obj: json.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -MT ss_manager-json.obj -MD -MP -MF $(DEPDIR)/ss_manager-json.Tpo -c -o ss_manager-json.obj `if test -f 'json.c'; then $(CYGPATH_W) 'json.c'; else $(CYGPATH_W) '$(srcdir)/json.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ss_manager-json.Tpo $(DEPDIR)/ss_manager-json.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='json.c' object='ss_manager-json.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -c -o ss_manager-json.obj `if test -f 'json.c'; then $(CYGPATH_W) 'json.c'; else $(CYGPATH_W) '$(srcdir)/json.c'; fi`
ss_manager-manager.o: manager.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -MT ss_manager-manager.o -MD -MP -MF $(DEPDIR)/ss_manager-manager.Tpo -c -o ss_manager-manager.o `test -f 'manager.c' || echo '$(srcdir)/'`manager.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ss_manager-manager.Tpo $(DEPDIR)/ss_manager-manager.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='manager.c' object='ss_manager-manager.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -c -o ss_manager-manager.o `test -f 'manager.c' || echo '$(srcdir)/'`manager.c
ss_manager-manager.obj: manager.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -MT ss_manager-manager.obj -MD -MP -MF $(DEPDIR)/ss_manager-manager.Tpo -c -o ss_manager-manager.obj `if test -f 'manager.c'; then $(CYGPATH_W) 'manager.c'; else $(CYGPATH_W) '$(srcdir)/manager.c'; fi`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ss_manager-manager.Tpo $(DEPDIR)/ss_manager-manager.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='manager.c' object='ss_manager-manager.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_manager_CFLAGS) $(CFLAGS) -c -o ss_manager-manager.obj `if test -f 'manager.c'; then $(CYGPATH_W) 'manager.c'; else $(CYGPATH_W) '$(srcdir)/manager.c'; fi`
ss_redir-utils.o: utils.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(ss_redir_CFLAGS) $(CFLAGS) -MT ss_redir-utils.o -MD -MP -MF $(DEPDIR)/ss_redir-utils.Tpo -c -o ss_redir-utils.o `test -f 'utils.c' || echo '$(srcdir)/'`utils.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ss_redir-utils.Tpo $(DEPDIR)/ss_redir-utils.Po
@ -1330,26 +1456,15 @@ uninstall-includeHEADERS:
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir)
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-am
TAGS: tags
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
$(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
@ -1361,15 +1476,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$$unique; \
fi; \
fi
ctags: CTAGS
CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
ctags: ctags-am
CTAGS: ctags
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
$(am__define_uniq_tagged_files); \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
@ -1378,6 +1489,21 @@ GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
cscopelist: cscopelist-am
cscopelist-am: $(am__tagged_files)
list='$(am__tagged_files)'; \
case "$(srcdir)" in \
[\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
*) sdir=$(subdir)/$(srcdir) ;; \
esac; \
for i in $$list; do \
if test -f "$$i"; then \
echo "$(subdir)/$$i"; \
else \
echo "$$sdir/$$i"; \
fi; \
done >> $(top_builddir)/cscope.files
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
@ -1525,20 +1651,21 @@ uninstall-am: uninstall-binPROGRAMS uninstall-includeHEADERS \
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \
clean-generic clean-libLTLIBRARIES clean-libtool ctags \
distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-binPROGRAMS \
install-data install-data-am install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \
clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \
clean-libtool cscopelist-am ctags ctags-am distclean \
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am html html-am info info-am \
install install-am install-binPROGRAMS install-data \
install-data-am install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am \
install-includeHEADERS install-info install-info-am \
install-libLTLIBRARIES install-man install-pdf install-pdf-am \
install-ps install-ps-am install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags uninstall uninstall-am uninstall-binPROGRAMS \
tags tags-am uninstall uninstall-am uninstall-binPROGRAMS \
uninstall-includeHEADERS uninstall-libLTLIBRARIES

60
src/acl.c
View File

@ -23,10 +23,13 @@
#include <ipset/ipset.h>
#include "utils.h"
#include "acl.h"
static struct ip_set acl_ipv4_set;
static struct ip_set acl_ipv6_set;
static int acl_mode = BLACK_LIST;
static void parse_addr_cidr(const char *str, char *host, int *cidr)
{
int ret = -1, n = 0;
@ -48,8 +51,10 @@ static void parse_addr_cidr(const char *str, char *host, int *cidr)
}
}
int init_acl(const char *path)
int init_acl(const char *path, int mode)
{
acl_mode = mode;
// initialize ipset
ipset_init_library();
ipset_init(&acl_ipv4_set);
@ -104,18 +109,61 @@ void free_acl(void)
ipset_done(&acl_ipv6_set);
}
int acl_contains_ip(const char *host)
int acl_get_mode(void)
{
return acl_mode;
}
int acl_match_ip(const char *ip)
{
struct cork_ip addr;
int err = cork_ip_init(&addr, host);
if (err) {
int ret = cork_ip_init(&addr, ip);
if (ret) {
return 0;
}
if (addr.version == 4) {
return ipset_contains_ipv4(&acl_ipv4_set, &(addr.ip.v4));
ret = ipset_contains_ipv4(&acl_ipv4_set, &(addr.ip.v4));
} else if (addr.version == 6) {
ret = ipset_contains_ipv6(&acl_ipv6_set, &(addr.ip.v6));
}
if (acl_mode == WHITE_LIST) {
ret = !ret;
}
return ret;
}
int acl_add_ip(const char *ip)
{
struct cork_ip addr;
int err = cork_ip_init(&addr, ip);
if (err) {
return -1;
}
if (addr.version == 4) {
ipset_ipv4_add(&acl_ipv4_set, &(addr.ip.v4));
} else if (addr.version == 6) {
ipset_ipv6_add(&acl_ipv6_set, &(addr.ip.v6));
}
return 0;
}
int acl_remove_ip(const char *ip)
{
struct cork_ip addr;
int err = cork_ip_init(&addr, ip);
if (err) {
return -1;
}
if (addr.version == 4) {
ipset_ipv4_remove(&acl_ipv4_set, &(addr.ip.v4));
} else if (addr.version == 6) {
return ipset_contains_ipv6(&acl_ipv6_set, &(addr.ip.v6));
ipset_ipv6_remove(&acl_ipv6_set, &(addr.ip.v6));
}
return 0;

10
src/acl.h
View File

@ -23,9 +23,15 @@
#ifndef _ACL_H
#define _ACL_H
int init_acl(const char *path);
#define BLACK_LIST 0
#define WHITE_LIST 1
int init_acl(const char *path, int mode);
void free_acl(void);
int acl_contains_ip(const char *ip);
int acl_get_mode(void);
int acl_match_ip(const char *ip);
int acl_add_ip(const char *ip);
int acl_remove_ip(const char *ip);
#endif // _ACL_H

8
src/common.h
View File

@ -53,10 +53,14 @@
#define TCP_AND_UDP 1
#define UDP_ONLY 3
#if defined(MODULE_TUNNEL) || defined(MODULE_REDIR)
#define MODULE_LOCAL
#endif
int init_udprelay(const char *server_host, const char *server_port,
#ifdef UDPRELAY_LOCAL
#ifdef MODULE_LOCAL
const struct sockaddr *remote_addr, const int remote_addr_len,
#ifdef UDPRELAY_TUNNEL
#ifdef MODULE_TUNNEL
const ss_addr_t tunnel_addr,
#endif
#endif

6
src/local.c
View File

@ -467,7 +467,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
LOGI("connect to %s:%s", host, port);
}
if ((acl && (request->atyp == 1 || request->atyp == 4) && acl_contains_ip(host))) {
if ((acl && (request->atyp == 1 || request->atyp == 4) && acl_match_ip(host))) {
if (verbose) {
LOGI("bypass %s:%s", host, port);
}
@ -990,7 +990,7 @@ int main(int argc, char **argv)
fast_open = 1;
} else if (option_index == 1) {
LOGI("initialize acl...");
acl = !init_acl(optarg);
acl = !init_acl(optarg, BLACK_LIST);
}
break;
case 's':
@ -1266,7 +1266,7 @@ int start_ss_local_server(profile_t profile)
USE_LOGFILE(log);
if (profile.acl != NULL) {
acl = !init_acl(profile.acl);
acl = !init_acl(profile.acl, BLACK_LIST);
}
if (local_addr == NULL) {

80
src/server.c
View File

@ -107,6 +107,7 @@ static void server_resolve_cb(struct sockaddr *addr, void *data);
int verbose = 0;
static int white_list = 0;
static int acl = 0;
static int mode = TCP_ONLY;
static int auth = 0;
@ -214,14 +215,14 @@ static void free_connections(struct ev_loop *loop)
}
}
static void report_addr(int fd)
static char *get_peer_name(int fd)
{
static char peer_name[INET6_ADDRSTRLEN] = { 0 };
struct sockaddr_storage addr;
socklen_t len = sizeof addr;
memset(&addr, 0, len);
int err = getpeername(fd, (struct sockaddr *)&addr, &len);
if (err == 0) {
char peer_name[INET6_ADDRSTRLEN] = { 0 };
if (addr.ss_family == AF_INET) {
struct sockaddr_in *s = (struct sockaddr_in *)&addr;
dns_ntop(AF_INET, &s->sin_addr, peer_name, INET_ADDRSTRLEN);
@ -229,6 +230,17 @@ static void report_addr(int fd)
struct sockaddr_in6 *s = (struct sockaddr_in6 *)&addr;
dns_ntop(AF_INET6, &s->sin6_addr, peer_name, INET6_ADDRSTRLEN);
}
} else {
return NULL;
}
return peer_name;
}
static void report_addr(int fd)
{
char *peer_name;
peer_name = get_peer_name(fd);
if (peer_name != NULL) {
LOGE("failed to handshake with %s", peer_name);
}
}
@ -650,14 +662,6 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
return;
}
if (acl && !need_query && acl_contains_ip(host)) {
if (verbose) {
LOGI("Access denied to %s", host);
}
close_and_free_server(EV_A_ server);
return;
}
port = (*(uint16_t *)(server->buf->array + offset));
offset += 2;
@ -671,8 +675,19 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
size_t len = server->buf->len;
server->buf->len = offset + ONETIMEAUTH_BYTES;
if (ss_onetimeauth_verify(server->buf, server->d_ctx->evp.iv)) {
LOGE("authentication error %d", atyp);
report_addr(server->fd);
char *peer_name = get_peer_name(server->fd);
if (peer_name) {
LOGE("authentication error from %s", peer_name);
if (acl) {
if (acl_get_mode() == BLACK_LIST) {
acl_add_ip(peer_name);
LOGE("add %s to the black list", peer_name);
} else {
acl_remove_ip(peer_name);
LOGE("remove %s from the white list", peer_name);
}
}
}
close_and_free_server(EV_A_ server);
return;
}
@ -825,25 +840,6 @@ static void server_resolve_cb(struct sockaddr *addr, void *data)
LOGI("udns resolved");
}
if (acl) {
char host[INET6_ADDRSTRLEN] = { 0 };
if (addr->sa_family == AF_INET) {
struct sockaddr_in *s = (struct sockaddr_in *)addr;
dns_ntop(AF_INET, &s->sin_addr, host, INET_ADDRSTRLEN);
} else if (addr->sa_family == AF_INET6) {
struct sockaddr_in6 *s = (struct sockaddr_in6 *)addr;
dns_ntop(AF_INET6, &s->sin6_addr, host, INET6_ADDRSTRLEN);
}
if (acl_contains_ip(host)) {
if (verbose) {
LOGI("Access denied to %s", host);
}
close_and_free_server(EV_A_ server);
return;
}
}
struct addrinfo info;
memset(&info, 0, sizeof(struct addrinfo));
info.ai_socktype = SOCK_STREAM;
@ -1218,13 +1214,22 @@ static void accept_cb(EV_P_ ev_io *w, int revents)
ERROR("accept");
return;
}
setnonblocking(serverfd);
if (acl) {
char *peer_name = get_peer_name(serverfd);
if (peer_name != NULL && acl_match_ip(peer_name)) {
if (verbose) LOGI("Access denied from %s", peer_name);
close(serverfd);
return;
}
}
int opt = 1;
setsockopt(serverfd, SOL_TCP, TCP_NODELAY, &opt, sizeof(opt));
#ifdef SO_NOSIGPIPE
setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt));
#endif
setnonblocking(serverfd);
if (verbose) {
LOGI("accept a connection");
@ -1245,6 +1250,7 @@ int main(int argc, char **argv)
char *method = NULL;
char *pid_path = NULL;
char *conf_path = NULL;
char *acl_path = NULL;
char *iface = NULL;
int server_num = 0;
@ -1265,7 +1271,7 @@ int main(int argc, char **argv)
USE_TTY();
while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:c:i:d:a:uUvA",
while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:c:i:d:a:uUvAw",
long_options, &option_index)) != -1)
switch (c) {
case 0:
@ -1273,7 +1279,8 @@ int main(int argc, char **argv)
fast_open = 1;
} else if (option_index == 1) {
LOGI("initialize acl...");
acl = !init_acl(optarg);
acl = 1;
acl_path = optarg;
} else if (option_index == 2) {
manager_address = optarg;
}
@ -1325,6 +1332,9 @@ int main(int argc, char **argv)
case 'A':
auth = 1;
break;
case 'w':
white_list = 1;
break;
}
if (opterr) {
@ -1332,6 +1342,8 @@ int main(int argc, char **argv)
exit(EXIT_FAILURE);
}
acl = acl ? !init_acl(acl_path, white_list) : 0;
if (argc == 1) {
if (conf_path == NULL) {
conf_path = DEFAULT_CONF_PATH;

64
src/udprelay.c
View File

@ -61,15 +61,15 @@
#include "cache.h"
#include "udprelay.h"
#ifdef UDPRELAY_REMOTE
#ifdef MODULE_REMOTE
#define MAX_UDP_CONN_NUM 512
#else
#define MAX_UDP_CONN_NUM 256
#endif
#ifdef UDPRELAY_REMOTE
#ifdef UDPRELAY_LOCAL
#error "UDPRELAY_REMOTE and UDPRELAY_LOCAL should not be both defined"
#ifdef MODULE_REMOTE
#ifdef MODULE_
#error "MODULE_REMOTE and MODULE_LOCAL should not be both defined"
#endif
#endif
@ -88,7 +88,7 @@ static void remote_recv_cb(EV_P_ ev_io *w, int revents);
static void remote_timeout_cb(EV_P_ ev_timer *watcher, int revents);
static char *hash_key(const int af, const struct sockaddr_storage *addr);
#ifdef UDPRELAY_REMOTE
#ifdef MODULE_REMOTE
static void query_resolve_cb(struct sockaddr *addr, void *data);
#endif
static void close_and_free_remote(EV_P_ remote_ctx_t *ctx);
@ -96,7 +96,7 @@ static remote_ctx_t *new_remote(int fd, server_ctx_t *server_ctx);
extern int verbose;
extern int vpn;
#ifdef UDPRELAY_REMOTE
#ifdef MODULE_REMOTE
extern uint64_t tx;
extern uint64_t rx;
#endif
@ -129,7 +129,7 @@ static int setinterface(int socket_fd, const char *interface_name)
#endif
#if defined(UDPRELAY_REMOTE) && defined(SO_BROADCAST)
#if defined(MODULE_REMOTE) && defined(SO_BROADCAST)
static int set_broadcast(int socket_fd)
{
int opt = 1;
@ -147,7 +147,7 @@ static int set_nosigpipe(int socket_fd)
#endif
#ifdef UDPRELAY_REDIR
#ifdef MODULE_REDIR
#ifndef IP_TRANSPARENT
#define IP_TRANSPARENT 19
@ -191,7 +191,7 @@ static char *hash_key(const int af, const struct sockaddr_storage *addr)
return key;
}
#if defined(UDPRELAY_REDIR) || defined(UDPRELAY_REMOTE)
#if defined(MODULE_REDIR) || defined(MODULE_REMOTE)
static int construct_udprealy_header(const struct sockaddr_storage *in_addr,
char *addr_header)
{
@ -439,7 +439,7 @@ int create_server_socket(const char *host, const char *port)
set_nosigpipe(server_sock);
#endif
#ifdef UDPRELAY_REDIR
#ifdef MODULE_REDIR
if (setsockopt(server_sock, SOL_IP, IP_TRANSPARENT, &opt, sizeof(opt))) {
FATAL("[udp] setsockopt IP_TRANSPARENT");
}
@ -496,7 +496,7 @@ server_ctx_t *new_server_ctx(int fd)
return ctx;
}
#ifdef UDPRELAY_REMOTE
#ifdef MODULE_REMOTE
struct query_ctx *new_query_ctx(char *buf, size_t len)
{
struct query_ctx *ctx = malloc(sizeof(struct query_ctx));
@ -548,7 +548,7 @@ static void remote_timeout_cb(EV_P_ ev_timer *watcher, int revents)
cache_remove(remote_ctx->server_ctx->conn_cache, key, HASH_KEY_LEN);
}
#ifdef UDPRELAY_REMOTE
#ifdef MODULE_REMOTE
static void query_resolve_cb(struct sockaddr *addr, void *data)
{
struct query_ctx *query_ctx = (struct query_ctx *)data;
@ -666,14 +666,14 @@ static void remote_recv_cb(EV_P_ ev_io *w, int revents)
LOGE("[udp] possible ip fragment, size: %d", (int)buf->len);
}
#ifdef UDPRELAY_LOCAL
#ifdef MODULE_LOCAL
int err = ss_decrypt_all(buf, server_ctx->method, 0);
if (err) {
// drop the packet silently
goto CLEAN_UP;
}
#ifdef UDPRELAY_REDIR
#ifdef MODULE_REDIR
struct sockaddr_storage dst_addr;
memset(&dst_addr, 0, sizeof(struct sockaddr_storage));
int len = parse_udprealy_header(buf->array, buf->len, NULL, NULL, NULL, &dst_addr);
@ -695,7 +695,7 @@ static void remote_recv_cb(EV_P_ ev_io *w, int revents)
// server may return using a different address type other than the type we
// have used during sending
#if defined(UDPRELAY_TUNNEL) || defined(UDPRELAY_REDIR)
#if defined(MODULE_TUNNEL) || defined(MODULE_REDIR)
// Construct packet
buf->len -= len;
memmove(buf->array, buf->array + len, buf->len);
@ -708,7 +708,7 @@ static void remote_recv_cb(EV_P_ ev_io *w, int revents)
#endif
#endif
#ifdef UDPRELAY_REMOTE
#ifdef MODULE_REMOTE
rx += buf->len;
@ -736,7 +736,7 @@ static void remote_recv_cb(EV_P_ ev_io *w, int revents)
size_t remote_src_addr_len = get_sockaddr_len((struct sockaddr *)&remote_ctx->src_addr);
#ifdef UDPRELAY_REDIR
#ifdef MODULE_REDIR
size_t remote_dst_addr_len = get_sockaddr_len((struct sockaddr *)&dst_addr);
int src_fd = socket(remote_ctx->src_addr.ss_family, SOCK_DGRAM, 0);
@ -801,7 +801,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
socklen_t src_addr_len = sizeof(struct sockaddr_storage);
unsigned int offset = 0;
#ifdef UDPRELAY_REDIR
#ifdef MODULE_REDIR
char control_buffer[64] = { 0 };
struct msghdr msg;
struct iovec iov[1];
@ -846,7 +846,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
LOGI("[udp] server receive a packet");
}
#ifdef UDPRELAY_REMOTE
#ifdef MODULE_REMOTE
tx += buf->len;
@ -857,8 +857,8 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
}
#endif
#ifdef UDPRELAY_LOCAL
#if !defined(UDPRELAY_TUNNEL) && !defined(UDPRELAY_REDIR)
#ifdef MODULE_LOCAL
#if !defined(MODULE_TUNNEL) && !defined(MODULE_REDIR)
uint8_t frag = *(uint8_t *)(buf->array + 2);
offset += 3;
#endif
@ -913,7 +913,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
*
*/
#ifdef UDPRELAY_REDIR
#ifdef MODULE_REDIR
char addr_header[256] = { 0 };
int addr_header_len = construct_udprealy_header(&dst_addr, addr_header);
@ -930,7 +930,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
char *key = hash_key(dst_addr.ss_family, &src_addr);
#elif UDPRELAY_TUNNEL
#elif MODULE_TUNNEL
char addr_header[256] = { 0 };
char *host = server_ctx->tunnel_addr.host;
@ -1023,7 +1023,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
if (remote_ctx == NULL) {
if (verbose) {
#ifdef UDPRELAY_REDIR
#ifdef MODULE_REDIR
char src[SS_ADDRSTRLEN];
char dst[SS_ADDRSTRLEN];
strcpy(src, get_addr_str((struct sockaddr *)&src_addr));
@ -1036,7 +1036,7 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
}
} else {
if (verbose) {
#ifdef UDPRELAY_REDIR
#ifdef MODULE_REDIR
char src[SS_ADDRSTRLEN];
char dst[SS_ADDRSTRLEN];
strcpy(src, get_addr_str((struct sockaddr *)&src_addr));
@ -1049,9 +1049,9 @@ static void server_recv_cb(EV_P_ ev_io *w, int revents)
}
}
#ifdef UDPRELAY_LOCAL
#ifdef MODULE_LOCAL
#if !defined(UDPRELAY_TUNNEL) && !defined(UDPRELAY_REDIR)
#if !defined(MODULE_TUNNEL) && !defined(MODULE_REDIR)
if (frag) {
LOGE("[udp] drop a message since frag is not 0, but %d", frag);
goto CLEAN_UP;
@ -1236,9 +1236,9 @@ void free_cb(void *element)
}
int init_udprelay(const char *server_host, const char *server_port,
#ifdef UDPRELAY_LOCAL
#ifdef MODULE_LOCAL
const struct sockaddr *remote_addr, const int remote_addr_len,
#ifdef UDPRELAY_TUNNEL
#ifdef MODULE_TUNNEL
const ss_addr_t tunnel_addr,
#endif
#endif
@ -1262,7 +1262,7 @@ int init_udprelay(const char *server_host, const char *server_port,
setnonblocking(serverfd);
server_ctx_t *server_ctx = new_server_ctx(serverfd);
#ifdef UDPRELAY_REMOTE
#ifdef MODULE_REMOTE
server_ctx->loop = loop;
#endif
server_ctx->auth = auth;
@ -1270,10 +1270,10 @@ int init_udprelay(const char *server_host, const char *server_port,
server_ctx->method = method;
server_ctx->iface = iface;
server_ctx->conn_cache = conn_cache;
#ifdef UDPRELAY_LOCAL
#ifdef MODULE_LOCAL
server_ctx->remote_addr = remote_addr;
server_ctx->remote_addr_len = remote_addr_len;
#ifdef UDPRELAY_TUNNEL
#ifdef MODULE_TUNNEL
server_ctx->tunnel_addr = tunnel_addr;
#endif
#endif

10
src/udprelay.h
View File

@ -29,7 +29,7 @@
#include "encrypt.h"
#include "jconf.h"
#ifdef UDPRELAY_REMOTE
#ifdef MODULE_REMOTE
#include "resolv.h"
#endif
@ -49,19 +49,19 @@ typedef struct server_ctx {
int timeout;
const char *iface;
struct cache *conn_cache;
#ifdef UDPRELAY_LOCAL
#ifdef MODULE_LOCAL
const struct sockaddr *remote_addr;
int remote_addr_len;
#ifdef UDPRELAY_TUNNEL
#ifdef MODULE_TUNNEL
ss_addr_t tunnel_addr;
#endif
#endif
#ifdef UDPRELAY_REMOTE
#ifdef MODULE_REMOTE
struct ev_loop *loop;
#endif
} server_ctx_t;
#ifdef UDPRELAY_REMOTE
#ifdef MODULE_REMOTE
typedef struct query_ctx {
struct ResolvQuery *query;
struct sockaddr_storage src_addr;

113
src/utils.c
View File

@ -192,22 +192,28 @@ void usage()
printf(
" maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang <laokongzi@gmail.com>\n\n");
printf(" usage:\n\n");
printf(" ss-[local|redir|server|tunnel|manager]\n");
#ifdef MODULE_LOCAL
printf(" ss-local\n");
#elif MODULE_REMOTE
printf(" ss-server\n");
#elif MODULE_TUNNEl
printf(" ss-tunnel\n");
#elif MODULE_REDIR
printf(" ss-redir\n");
#elif MODULE_MANAGER
printf(" ss-manager\n");
#endif
printf("\n");
printf(
" -s <server_host> host name or ip address of your remote server\n");
printf("\n");
" -s <server_host> Host name or ip address of your remote server.\n");
printf(
" -p <server_port> port number of your remote server\n");
printf("\n");
" -p <server_port> Port number of your remote server.\n");
printf(
" -l <local_port> port number of your local server\n");
printf("\n");
" -l <local_port> Port number of your local server.\n");
printf(
" -k <password> password of your remote server\n");
printf("\n");
" -k <password> Password of your remote server.\n");
printf(
" [-m <encrypt_method>] encrypt method: table, rc4, rc4-md5,\n");
" -m <encrypt_method> Encrypt method: table, rc4, rc4-md5,\n");
printf(
" aes-128-cfb, aes-192-cfb, aes-256-cfb,\n");
printf(
@ -215,76 +221,69 @@ void usage()
printf(
" camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb,\n");
printf(
" rc2-cfb, seed-cfb, salsa20 and chacha20\n");
printf("\n");
printf(
" [-f <pid_file>] the file path to store pid\n");
printf("\n");
printf(
" [-t <timeout>] socket timeout in seconds\n");
printf("\n");
printf(
" [-c <config_file>] the path to config file\n");
printf("\n");
printf(
" [-i <interface>] network interface to bind,\n");
printf(
" not available in redir mode\n");
printf("\n");
printf(
" [-b <local_address>] local address to bind,\n");
printf(
" not available in server mode\n");
" rc2-cfb, seed-cfb, salsa20 and chacha20.\n");
printf("\n");
printf(
" [-u] enable UDP relay,\n");
" [-f <pid_file>] The file path to store pid.\n");
printf(
" TPROXY is required in redir mode\n");
printf("\n");
" [-t <timeout>] Socket timeout in seconds.\n");
printf(
" [-U] enable UDP relay and disable TCP relay,\n");
" [-c <config_file>] The path to config file.\n");
#ifndef MODULE_REDIR
printf(
" not available in local mode\n");
printf("\n");
" [-i <interface>] Network interface to bind.\n");
#endif
#ifndef MODULE_REMOTE
printf(
" [-A] enable onetime authentication\n");
" [-b <local_address>] Local address to bind.\n");
#endif
printf("\n");
printf(
" [-L <addr>:<port>] specify destination server address and port\n");
" [-u] Enable UDP relay,\n");
#ifdef MODULE_REDIR
printf(
" for local port forwarding,\n");
" TPROXY is required in redir mode.\n");
#endif
#ifndef MODULE_LOCAL
printf(
" only available in tunnel mode\n");
printf("\n");
" [-U] Enable UDP relay and disable TCP relay.\n");
#endif
printf(
" [-d <addr>] setup name servers for internal DNS resolver,\n");
" [-A] Enable onetime authentication.\n");
#ifdef MODULE_REMOTE
printf(
" only available in server mode\n");
" [-w] Enable white list mode (when ACL enabled).\n");
#endif
printf("\n");
#ifdef MODULE_TUNNEl
printf(
" [--fast-open] enable TCP fast open,\n");
printf(
" only available in local and server mode,\n");
" [-L <addr>:<port>] Destination server address and port\n");
printf(
" with Linux kernel > 3.7.0\n");
printf("\n");
" for local port forwarding.\n");
#endif
#ifdef MODULE_REMOTE
printf(
" [--acl <acl_file>] config file of ACL (Access Control List)\n");
" [-d <addr>] Name servers for internal DNS resolver.\n");
#endif
#if defined(MODULE_REMOTE) || defined(MODULE_LOCAL)
printf(
" only available in local and server mode\n");
printf("\n");
" [--fast-open] Enable TCP fast open.\n");
printf(
" [--manager-address <addr>] UNIX domain socket address\n");
" with Linux kernel > 3.7.0.\n");
printf(
" only available in server and manager mode\n");
printf("\n");
" [--acl <acl_file>] Path to ACL (Access Control List).\n");
#endif
#if defined(MODULE_REMOTE) || defined(MODULE_MANAGER)
printf(
" [--executable <path>] path to the executable of ss-server\n");
" [--manager-address <addr>] UNIX domain socket address.\n");
#endif
#ifdef MODULE_MANAGER
printf(
" only available in manager mode\n");
" [--executable <path>] Path to the executable of ss-server.\n");
#endif
printf("\n");
printf(
" [-v] verbose mode\n");
" [-v] Verbose mode\n");
printf("\n");
}

Write Preview
Loading…
Cancel
Save