richard
/
shadowsocks-libev
mirror of https://github.com/shadowsocks/shadowsocks-libev.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Asciidoc man page rework (#699) 

* Add 'tunnel_address' support for json config parser

And allow ss-tunnel to use the newly introduced parser.

Signed-off-by: Adam Anonymous <anonymous_temp_user@yahoo.co.jp>

* Add "mode" support for jconf

Now jconf supports "mode" setting, allowed values are "tcp_only",
"tcp_and_udp" and "udp_only".

Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>

* Use jconf "mode" for server/local/tunnel/manager

Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>

* Add per-project vimrc to gitignore

As the coding style differs from kernel and other projects, so such
project vimrc should be helpful.

Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>

* Doc: Introduce asciidoc based documentation framework

Use asciidoc for new documentation framework, which could not only
output man pages, but also htmls.

And asciidoc documentation is much more human-readable than roff man
pages.

Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>

* Doc: Convert shadowsocks-libev man page to asciidoc

The port to asciidoc has some format change compared to old one.

The most obvious one is the options listed in SYNOPSIS.
Now the options list is not split into 2/3 columns, or we must use
asciidoc tables and introduce table frames.

Other small change includes the removal of AUTHOR sector, as it's not
an expendable method to update AUTHOR sector every time it gets updated.

Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>

* Doc: Convert ss-local man page to asciidoc

Also modify gitignore, since it use too generic rules to ignore such
documentation.

Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>

* Doc: Convert ss-manager man page to asciidoc

Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>

* Doc: Convert ss-nat man page to asciidoc

Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>

* Doc: Convert ss-redir man page to asciidoc

Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>

* Doc: Convert ss-server man page to asciidoc

Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>

* Doc: Convert ss-tunnel man page to asciidoc

Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>

* Doc: Remove old roff man pages

Welcome to the new age of asciidoc.

Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>

* Doc: Add equivalent tables for command line options and config file

Now user can get a more clear view of config file and command line
options.

Signed-off-by: Adam Anonymous <anonymous_temp_mail@yahoo.co.jp>
pull/700/head
anonymous-contributor 8 years ago
committed by Max Lv
parent
d4aabcb40b
commit
f793d2666c
22 changed files with 1285 additions and 1177 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      .gitignore
  2. 105
      Doc/Makefile.in
  3. 36
      Doc/asciidoc.conf
  4. 35
      Doc/manpage-base.xsl
  5. 17
      Doc/manpage-bold-literal.xsl
  6. 13
      Doc/manpage-normal.xsl
  7. 250
      Doc/shadowsocks-libev.asciidoc
  8. 126
      Doc/ss-local.asciidoc
  9. 161
      Doc/ss-manager.asciidoc
  10. 95
      Doc/ss-nat.asciidoc
  11. 146
      Doc/ss-redir.asciidoc
  12. 157
      Doc/ss-server.asciidoc
  13. 117
      Doc/ss-tunnel.asciidoc
  14. 6
      Makefile.am
  15. 19
      configure.ac
  16. 254
      man/shadowsocks-libev.8
  17. 142
      man/ss-local.1
  18. 185
      man/ss-manager.1
  19. 119
      man/ss-nat.1
  20. 163
      man/ss-redir.1
  21. 172
      man/ss-server.1
  22. 136
      man/ss-tunnel.1

8
.gitignore
View File

@ -6,6 +6,7 @@ libev/Makefile
libudns/Makefile
libcork/Makefile
libipset/Makefile
Doc/Makefile
autom4te.cache/
/config.h
config.log
@ -13,7 +14,7 @@ config.status
libtool
pid
ss.*
ss-*
src/ss-*
stamp-h1
.libs
.pc
@ -36,6 +37,11 @@ libsodium/src/libsodium/include/sodium/version.h
# Ignore vim cache
*.swp
# Documentation files
Doc/*.gz
Doc/*.xml
Doc/*.html
# Do not edit the following section
# Edit Compile Debug Document Distribute
*~

105
Doc/Makefile.in
View File

@ -0,0 +1,105 @@
ASCIIDOC = @ASCIIDOC@
ASCIIDOC_EXTRA =
MANPAGE_XSL = manpage-normal.xsl
XMLTO = @XMLTO@
XMLTO_EXTRA = -m manpage-bold-literal.xsl
GZIPCMD = @GZIP@
INSTALL = @INSTALL@
RM = @RM@
MV = @MV@
SED = @SED@
VERSION = $(shell $(SED) -n 's/.*PACKAGE_VERSION "\(.*\)"/\1/p'\
../config.h)
# Guard against environment variables
MAN1_TXT =
MAN1_TXT += ss-local.asciidoc
MAN1_TXT += ss-manager.asciidoc
MAN1_TXT += ss-nat.asciidoc
MAN1_TXT += ss-redir.asciidoc
MAN1_TXT += ss-server.asciidoc
MAN1_TXT += ss-tunnel.asciidoc
MAN8_TXT =
MAN8_TXT += shadowsocks-libev.asciidoc
ifeq ($(DISABLE_DOCUMENTATION),1)
MAN1_TXT =
MAN8_TXT =
endif
MAN_TXT = $(MAN8_TXT) $(MAN1_TXT)
MAN_XML = $(patsubst %.asciidoc,%.xml,$(MAN_TXT))
MAN_HTML = $(patsubst %.asciidoc,%.html,$(MAN_TXT))
DOC_MAN1 = $(patsubst %.asciidoc,%.1,$(MAN1_TXT))
GZ_MAN1 = $(patsubst %.asciidoc,%.1.gz,$(MAN1_TXT))
DOC_MAN8 = $(patsubst %.asciidoc,%.8,$(MAN8_TXT))
GZ_MAN8 = $(patsubst %.asciidoc,%.8.gz,$(MAN8_TXT))
prefix = @prefix@
mandir ?= $(prefix)/share/man
man1dir = $(mandir)/man1
man8dir = $(mandir)/man8
ifneq ($(findstring $(MAKEFLAGS),s),s)
ifndef V
QUIET_RM = @
QUIET_ASCIIDOC = @echo " [ASCII] $@";
QUIET_XMLTO = @echo " [XMLTO] $@";
QUIET_GZIP = @echo " [GZ] $@";
QUIET_STDERR = 2> /dev/null
QUIET_SUBDIR0 = +@subdir=
QUIET_SUBDIR1 = ;$(NO_SUBDIR) echo ' ' SUBDIR $$subdir; \
$(MAKE) $(PRINT_DIR) -C $$subdir
export V
endif
endif
all: man
man: man1 man8
man1: $(GZ_MAN1)
man8: $(GZ_MAN8)
html: $(MAN_HTML)
install: install-man
install-man: man
$(INSTALL) -d -m 755 $(DESTDIR)$(man1dir)
$(INSTALL) -d -m 755 $(DESTDIR)$(man8dir)
ifdef GZ_MAN1
$(INSTALL) -m 644 $(GZ_MAN1) $(DESTDIR)$(man1dir)
endif
ifdef GZ_MAN8
$(INSTALL) -m 644 $(GZ_MAN8) $(DESTDIR)$(man8dir)
endif
clean:
$(QUIET_RM)$(RM) -f *.xml *.xml+ *.1 *.1.gz *.8 *.8.gz *.html
%.1.gz : %.1
$(QUIET_GZIP)$(GZIPCMD) -n -c $< > $@
%.8.gz : %.8
$(QUIET_GZIP)$(GZIPCMD) -n -c $< > $@
%.1 : %.xml
$(QUIET_XMLTO)$(RM) -f $@ && \
$(XMLTO) -m $(MANPAGE_XSL) $(XMLTO_EXTRA) man $<
%.8 : %.xml
$(QUIET_XMLTO)$(RM) -f $@ && \
$(XMLTO) -m $(MANPAGE_XSL) $(XMLTO_EXTRA) man $<
%.xml : %.asciidoc asciidoc.conf
$(QUIET_ASCIIDOC)$(RM) -f $@+ $@ && \
$(ASCIIDOC) -b docbook -d manpage -f asciidoc.conf \
-aversion=$(VERSION) $(ASCIIDOC_EXTRA) -o $@+ $< && \
$(MV) $@+ $@
%.html : %.asciidoc asciidoc.conf
$(QUIET_ASCIIDOC)$(RM) -f $@+ $@ && \
$(ASCIIDOC) -b html -d article -f asciidoc.conf \
-aversion=$(VERSION) $(ASCIIDOC_EXTRA) -o $@+ $< && \
$(MV) $@+ $@

36
Doc/asciidoc.conf
View File

@ -0,0 +1,36 @@
[tags]
bracket-emphasis={1?[{1}]}<emphasis>&lt;|&gt;</emphasis>
[quotes]
&lt;|&gt;=#bracket-emphasis
[attributes]
asterisk=&#42;
plus=&#43;
caret=&#94;
startsb=&#91;
endsb=&#93;
backslash=&#92;
tilde=&#126;
apostrophe=&#39;
backtick=&#96;
litdd=&#45;&#45;
ifdef::doctype-manpage[]
ifdef::backend-docbook[]
[header]
template::[header-declarations]
<refentry>
<refmeta>
<refentrytitle>{mantitle}</refentrytitle>
<manvolnum>{manvolnum}</manvolnum>
<refmiscinfo class="source">Shadowsocks-libev</refmiscinfo>
<refmiscinfo class="version">{version}</refmiscinfo>
<refmiscinfo class="manual">Shadowsocks-libev Manual</refmiscinfo>
</refmeta>
<refnamediv>
<refname>{manname}</refname>
<refpurpose>{manpurpose}</refpurpose>
</refnamediv>
endif::backend-docbook[]
endif::doctype-manpage[]

35
Doc/manpage-base.xsl
View File

@ -0,0 +1,35 @@
<!-- manpage-base.xsl:
special formatting for manpages rendered from asciidoc+docbook -->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
version="1.0">
<!-- these params silence some output from xmlto -->
<xsl:param name="man.output.quietly" select="1"/>
<xsl:param name="refentry.meta.get.quietly" select="1"/>
<!-- convert asciidoc callouts to man page format;
git.docbook.backslash and git.docbook.dot params
must be supplied by another XSL file or other means -->
<xsl:template match="co">
<xsl:value-of select="concat(
$git.docbook.backslash,'fB(',
substring-after(@id,'-'),')',
$git.docbook.backslash,'fR')"/>
</xsl:template>
<xsl:template match="calloutlist">
<xsl:value-of select="$git.docbook.dot"/>
<xsl:text>sp&#10;</xsl:text>
<xsl:apply-templates/>
<xsl:text>&#10;</xsl:text>
</xsl:template>
<xsl:template match="callout">
<xsl:value-of select="concat(
$git.docbook.backslash,'fB',
substring-after(@arearefs,'-'),
'. ',$git.docbook.backslash,'fR')"/>
<xsl:apply-templates/>
<xsl:value-of select="$git.docbook.dot"/>
<xsl:text>br&#10;</xsl:text>
</xsl:template>
</xsl:stylesheet>

17
Doc/manpage-bold-literal.xsl
View File

@ -0,0 +1,17 @@
<!-- manpage-bold-literal.xsl:
special formatting for manpages rendered from asciidoc+docbook -->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
version="1.0">
<!-- render literal text as bold (instead of plain or monospace);
this makes literal text easier to distinguish in manpages
viewed on a tty -->
<xsl:template match="literal">
<xsl:value-of select="$git.docbook.backslash"/>
<xsl:text>fB</xsl:text>
<xsl:apply-templates/>
<xsl:value-of select="$git.docbook.backslash"/>
<xsl:text>fR</xsl:text>
</xsl:template>
</xsl:stylesheet>

13
Doc/manpage-normal.xsl
View File

@ -0,0 +1,13 @@
<!-- manpage-normal.xsl:
special settings for manpages rendered from asciidoc+docbook
handles anything we want to keep away from docbook-xsl 1.72.0 -->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
version="1.0">
<xsl:import href="manpage-base.xsl"/>
<!-- these are the normal values for the roff control characters -->
<xsl:param name="git.docbook.backslash">\</xsl:param>
<xsl:param name="git.docbook.dot" >.</xsl:param>
</xsl:stylesheet>

250
Doc/shadowsocks-libev.asciidoc
View File

@ -0,0 +1,250 @@
shadowsocks-libev(8)
====================
NAME
----
shadowsocks-libev - a lightweight and secure socks5 proxy
SYNOPSIS
--------
*ss-local*|*ss-redir*|*ss-server*|*ss-tunnel*|*ss-manager*
[-s <server_host>] [-p <server_port>] [-l <local_port>] [-k <password>]
[-m <encrypt_method>] [-f <pid_file>] [-t <timeout>] [-c <config_file>]
DESCRIPTION
-----------
*Shadowsocks-libev* is a lightweight and secure socks5 proxy.
It is a port of the original shadowsocks created by clowwindy.
*Shadowsocks-libev* is written in pure C and takes advantage of *libev*
to achieve both high performance and low resource consumption.
*Shadowsocks-libev* consists of five components. One is `ss-server`(1)
that runs on a remote server to provide secured tunnel service.
`ss-local`(1) and `ss-redir`(1) are clients on your local machines to proxy
traffic(TCP/UDP or both).
`ss-tunnel`(1) is a tool for local port forwarding.
While `ss-local`(1) works as a standard socks5 proxy, `ss-redir`(1) works
as a transparent proxy and requires netfilter's NAT module. For more
information, check out the 'EXAMPLE' section.
`ss-manager`(1) is a controller for multi-user management and traffic
statistics, using UNIX domain socket to talk with `ss-server`(1).
Also, it provides a UNIX domain socket or IP based API for other software.
About the details of this API, please refer to the 'PROTOCOL' section.
OPTIONS
-------
-s <server_host>::
Set the server's hostname or IP.
-l <local_port>::
Set the local port number.
+
Not available in server nor manager mode.
-k <password>::
Set the password. The server and the client should use the same password.
-m <encrypt_method>::
Set the cipher.
+
*Shadowsocks-libev* accepts 18 different ciphers:
+
table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb,
camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
+
The default cipher is 'table'.
+
If built with PolarSSL or custom OpenSSL libraries, some of
these ciphers may not work.
-a <user_name>::
Run as a specific user.
-f <pid_file>::
Start shadowsocks as a daemon with specific pid file.
-t <timeout>::
Set the socket timeout in seconds. The default value is 60.
-c <config_file>::
Use a configuration file.
-n <number>::
Specify max number of open files.
+
Not available in manager mode.
+
Only available on Linux.
-i <interface>::
Send traffic through specific network interface.
+
For example, there are three interfaces in your device, which is
lo (127.0.0.1), eth0 (192.168.0.1) and eth1 (192.168.0.2).
Meanwhile, you configure *shadowsocks-libev* to listen on 0.0.0.0:8388
and bind to eth1. That results the traffic go out through eth1,
but not lo nor eth0. This option is useful to control traffic in
multi-interface environment.
+
Not available in redir mode.
-b <local_address>::
Specify local address to bind.
+
Not available in server nor manager mode.
-u::
Enable UDP relay.
+
TPROXY is required in redir mode. You may need root permission.
-U::
Enable UDP relay and disable TCP relay.
+
Not available in local mode.
-A::
Enable onetime authentication.
-w::
Enable white list mode (when ACL enabled).
+
Only available in server mode.
-L <addr:port>::
Specify destination server address and port for local port forwarding.
+
Only available in tunnel mode.
-d <addr>::
Setup name servers for internal DNS resolver (libudns).
The default server is fetched from /etc/resolv.conf.
+
Only available in server and manager mode.
--fast-open::
Enable TCP fast open.
+
Not available in redir nor tunnel mode, with Linux kernel > 3.7.0.
--acl <acl_config>::
Enable ACL (Access Control List) and specify config file.
+
Not available in redir nor tunnel mode.
--manager-address <path_to_unix_domain>::
Specify UNIX domain socket address.
+
Only available in server and manager mode.
--executable <path_to_server_executable>::
Specify the executable path of `ss-server`.
+
Only available in manager mode.
-v::
Enable verbose mode.
-h|--help::
Print help message.
CONFIG FILE
-----------
The config file is written in JSON and easy to edit.
The config file equivalent of command line options is listed as example below.
[frame="topbot",options="header"]
|==========================================================================
| Command line | JSON
| -s some.server.net | "server":"some.server.net"
| -s some.server.net -p 1234 (client) | "server":"some.server.net:1234"
| -p 1234 -k "PasSworD" (server) | "port_password":{"1234":"PasSworD"}
| -p 1234 | "server_port":"1234"
| -b 0.0.0.0 | "local_adress":"0.0.0.0"
| -l 4321 | "local_port":"4321"
| -k "PasSworD" | "password":"PasSworD"
| -m "aes-256-cfb" | "method":"aes-256-cfb"
| -t 60 | "timeout":60
| --fast-open | "fast_open":true
| -A | "auth":true
| -n "/etc/nofile" | "nofile":"/etc/nofile"
| -d "8.8.8.8" | "nameserver":"8.8.8.8"
| -L "somedns.net:53" | "tunnel_address":"somedns.net:53"
| -u | "mode":"tcp_and_udp"
| -U | "mode":"udp_only"
| no "-u" nor "-U" options (default) | "mode":"tcp_only"
|============================================================================
EXAMPLE
-------
`ss-redir` requires netfilter's NAT function. Here is an example:
....
# Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS
root@Wrt:~# iptables -t mangle -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
# Add any UDP rules
root@Wrt:~# ip rule add fwmark 0x01/0x01 table 100
root@Wrt:~# ip route add local 0.0.0.0/0 dev lo table 100
root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
# Apply the rules
root@Wrt:~# iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
root@Wrt:~# iptables -t mangle -A PREROUTING -j SHADOWSOCKS
# Start the shadowsocks-redir
root@Wrt:~# ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid
....
PROTOCOL
--------
`ss-manager`(1) provides several APIs through UDP protocol::
Send UDP commands in the following format to the manager-address provided to ss-manager(1): ::::
command: [JSON data]
To add a port: ::::
add: {"server_port": 8001, "password":"7cd308cc059"}
To remove a port: ::::
remove: {"server_port": 8001}
To receive a pong: ::::
ping
Then `ss-manager`(1) will send back the traffic statistics: ::::
stat: {"8001":11370}
SEE ALSO
--------
`ss-local`(1),
`ss-server`(1),
`ss-tunnel`(1),
`ss-redir`(1),
`ss-manager`(1),
`iptables`(8),
/etc/shadowsocks-libev/config.json

126
Doc/ss-local.asciidoc
View File

@ -0,0 +1,126 @@
ss-local(1)
===========
NAME
----
ss-local - shadowsocks client as socks5 proxy, libev port
SYNOPSIS
--------
*ss-local*
[-Auv] [-h|--help]
[-s <server_host>] [-p <server_port>] [-l <local_port>]
[-k <password>] [-m <encrypt_method>] [-f <pid_file>] [-t <timeout>]
[-c <config_file>] [-b <interface>] [-a <user_name>]
[-n <nofile>] [--fast-open] [--acl <acl_config>]
DESCRIPTION
-----------
*Shadowsocks-libev* is a lightweight and secure socks5 proxy.
It is a port of the original shadowsocks created by clowwindy.
*Shadowsocks-libev* is written in pure C and takes advantage of libev to
achieve both high performance and low resource consumption.
*Shadowsocks-libev* consists of five components. `ss-local`(1) works as a standard
socks5 proxy on local machines to proxy TCP traffic.
For more information, check out `shadowsocks-libev`(8).
OPTIONS
-------
-s <server_host>::
Set the server's hostname or IP.
-p <server_port>::
Set the server's port number.
-l <local_port>::
Set the local port number.
-k <password>::
Set the password. The server and the client should use the same password.
-m <encrypt_method>::
Set the cipher.
+
*Shadowsocks-libev* accepts 18 different ciphers:
+
table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb,
camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
+
The default cipher is 'table'.
+
If built with PolarSSL or custom OpenSSL libraries, some of
these ciphers may not work.
-a <user_name>::
Run as a specific user.
-f <pid_file>::
Start shadowsocks as a daemon with specific pid file.
-t <timeout>::
Set the socket timeout in seconds. The default value is 60.
-c <config_file>::
Use a configuration file.
+
Refer to `shadowsocks-libev`(8) 'CONFIG FILE' section for more details.
-n <number>::
Specify max number of open files.
+
Only available on Linux.
-i <interface>::
Send traffic through specific network interface.
+
For example, there are three interfaces in your device,
which is lo (127.0.0.1), eth0 (192.168.0.1) and eth1 (192.168.0.2).
Meanwhile, you configure `ss-local` to listen on 0.0.0.0:8388 and bind to eth1.
That results the traffic go out through eth1, but not lo nor eth0.
This option is useful to control traffic in multi-interface environment.
-b <local_address>::
Specify local address to bind.
-u::
Enable UDP relay.
-A::
Enable onetime authentication.
--fast-open::
Enable TCP fast open.
+
Only available with Linux kernel > 3.7.0.
--acl <acl_config>::
Enable ACL (Access Control List) and specify config file.
-v::
Enable verbose mode.
-h|--help::
Print help message.
EXAMPLE
-------
`ss-local`(1) can be started from command line and run in foreground.
Here is an example:
....
# Start ss-local with given parameters
ss-local -s example.com -p 12345 -l 1080 -k foobar -m aes-256-cfb
....
SEE ALSO
--------
`ss-server`(1),
`ss-tunnel`(1),
`ss-redir`(1),
`ss-manager`(1),
`shadowsocks-libev`(8),
`iptables`(8),
/etc/shadowsocks-libev/config.json

161
Doc/ss-manager.asciidoc
View File

@ -0,0 +1,161 @@
ss-manager(1)
=============
NAME
----
ss-manager - ss-server controller for multi-user management and traffic statistics
SYNOPSIS
--------
*ss-manager*
[-AuUv] [-h|--help]
[-s <server_host>] [-p <server_port>] [-l <local_port>]
[-k <password>] [-m <encrypt_method>] [-f <pid_file>]
[-t <timeout>] [-c <config_file>] [-i <interface>]
[-b <local_addr>] [-a <user_name>]
[--manager-address <path_to_unix_domain>]
[--executable <path_to_server_executable>]
DESCRIPTION
-----------
*Shadowsocks-libev* is a lightweight and secure socks5 proxy.
It is a port of the original shadowsocks created by clowwindy.
*Shadowsocks-libev* is written in pure C and takes advantage of libev to
achieve both high performance and low resource consumption.
*Shadowsocks-libev* consists of five components.
`ss-manager`(1) is a controller for multi-user management and
traffic statistics, using UNIX domain socket to talk with `ss-server`(1).
Also, it provides a UNIX domain socket or IP based API for other software.
About the details of this API, please refer to the following 'PROTOCOL'
section.
OPTIONS
-------
-s <server_host>::
Set the server's hostname or IP.
-k <password>::
Set the password. The server and the client should use the same password.
-m <encrypt_method>::
Set the cipher.
+
*Shadowsocks-libev* accepts 18 different ciphers:
+
table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb,
camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
+
The default cipher is 'table'.
+
If built with PolarSSL or custom OpenSSL libraries, some of
these ciphers may not work.
-a <user_name>::
Run as a specific user.
-f <pid_file>::
Start shadowsocks as a daemon with specific pid file.
-t <timeout>::
Set the socket timeout in seconds. The default value is 60.
-c <config_file>::
Use a configuration file.
-i <interface>::
Send traffic through specific network interface.
+
For example, there are three interfaces in your device,
which is lo (127.0.0.1), eth0 (192.168.0.1) and eth1 (192.168.0.2).
Meanwhile, you configure `ss-local` to listen on 0.0.0.0:8388 and bind to eth1.
That results the traffic go out through eth1, but not lo nor eth0.
This option is useful to control traffic in multi-interface environment.
-u::
Enable UDP relay.
-U::
Enable UDP relay and disable TCP relay.
-A::
Enable onetime authentication.
-d <addr>::
Setup name servers for internal DNS resolver (libudns).
The default server is fetched from `/etc/resolv.conf`.
--fast-open::
Enable TCP fast open.
+
Only available with Linux kernel > 3.7.0.
--acl <acl_config>::
Enable ACL (Access Control List) and specify config file.
--manager-address <path_to_unix_domain>::
Specify UNIX domain socket address for the communication between ss-manager(1) and ss-server(1).
+
Only available in server and manager mode.
--executable <path_to_server_executable>::
Specify the executable path of ss-server.
+
Only available in manager mode.
-v::
Enable verbose mode.
-h|--help::
Print help message.
PROTOCOL
--------
`ss-manager`(1) provides several APIs through UDP protocol:
Send UDP commands in the following format to the manager-address provided to ss-manager(1): ::::
command: [JSON data]
To add a port: ::::
add: {"server_port": 8001, "password":"7cd308cc059"}
To remove a port: ::::
remove: {"server_port": 8001}
To receive a pong: ::::
ping
Then `ss-manager`(1) will send back the traffic statistics: ::::
stat: {"8001":11370}
EXAMPLE
-------
To use `ss-manager`(1), First start it and specify necessary information.
Then communicate with `ss-manager`(1) through UNIX Domain Socket using UDP
protocol:
....
# Start the manager. Arguments for ss-server will be passed to generated
# ss-server process(es) respectively.
ss-manager --manager-address /tmp/manager.sock --executable $(which ss-server) -s example.com -m aes-256-cfb -c /path/to/config.json
# Connect to the socket. Using netcat-openbsd as an example.
# You should use scripts or other programs for further management.
nc -Uu /tmp/manager.sock
....
After that, you may communicate with `ss-manager`(1) as described above in the
'PROTOCOL' section.
SEE ALSO
--------
`ss-local`(1),
`ss-server`(1),
`ss-tunnel`(1),
`ss-redir`(1),
`shadowsocks-libev`(8),
`iptables`(8),
/etc/shadowsocks-libev/config.json

95
Doc/ss-nat.asciidoc
View File

@ -0,0 +1,95 @@
ss-nat(1)
=========
NAME
----
ss-nat - helper script to setup NAT rules for transparent proxy
SYNOPSIS
--------
*ss-nat*
[-ouUfh]
[-s <server_ip>] [-S <server_ip>] [-l <local_port>]
[-L <local_port>] [-i <ip_list_file>] [-a <lan_ips>]
[-b <wan_ips>] [-w <wan_ips>] [-e <extra_options>]
DESCRIPTION
-----------
*Shadowsocks-libev* is a lightweight and secure socks5 proxy.
It is a port of the original shadowsocks created by clowwindy.
*Shadowsocks-libev* is written in pure C and takes advantage of libev to
achieve both high performance and low resource consumption.
`ss-nat`(1) sets up NAT rules for `ss-redir`(1) to provide traffic redirection.
It requires netfilter's NAT module and `iptables`(8).
For more information, check out `shadowsocks-libev`(8) and the following
'EXAMPLE' section.
OPTIONS
-------
-s <server_ip>::
IP address of shadowsocks remote server
-l <local_port>::
Port number of shadowsocks local server
-S <server_ip>::
IP address of shadowsocks remote UDP server
-L <local_port>::
Port number of shadowsocks local UDP server
-i <ip_list_file>::
a file whose content is bypassed ip list
-a <lan_ips>::
LAN IP of access control, need a prefix to define access control mode
-b <wan_ips>::
WAN IP of will be bypassed
-w <wan_ips>::
WAN IP of will be forwarded
-e <extra_options>::
Extra options for iptables
-o::
Apply the rules to the OUTPUT chain
-u::
Enable udprelay mode, TPROXY is required
-U::
Enable udprelay mode, using different IP and ports for TCP and UDP
-f::
Flush the rules
-h::
Show this help message and exit
EXAMPLE
-------
`ss-nat` requires `iptables`(8). Here is an example:
....
# Enable NAT rules for shadowsocks,
# with both TCP and UDP redirection enabled,
# and applied for both PREROUTING and OUTPUT chains
root@Wrt:~# ss-nat -s 192.168.1.100 -l 1080 -u -o
# Disable and flush all NAT rules for shadowsocks
root@Wrt:~# ss-nat -f
....
SEE ALSO
--------
`ss-local`(1),
`ss-server`(1),
`ss-tunnel`(1),
`ss-manager`(1),
`shadowsocks-libev`(8),
`iptables`(8),
/etc/shadowsocks-libev/config.json

146
Doc/ss-redir.asciidoc
View File

@ -0,0 +1,146 @@
ss-redir(1)
===========
NAME
----
ss-redir - shadowsocks client as transparent proxy, libev port
SYNOPSIS
--------
*ss-redir*
[-AuUv] [-h|--help]
[-s <server_host>] [-p <server_port>] [-l <local_port>]
[-k <password>] [-m <encrypt_method>] [-f <pid_file>]
[-t <timeout>] [-c <config_file>] [-b <local_address>]
[-a <user_name>] [-n <nofile>]
DESCRIPTION
-----------
*Shadowsocks-libev* is a lightweight and secure socks5 proxy.
It is a port of the original shadowsocks created by clowwindy.
*Shadowsocks-libev* is written in pure C and takes advantage of libev to
achieve both high performance and low resource consumption.
*Shadowsocks-libev* consists of five components.
`ss-redir`(1) works as a transparent proxy on local machines to proxy TCP
traffic and requires netfilter's NAT module.
For more information, check out `shadowsocks-libev`(8) and the following
'EXAMPLE' section.
OPTIONS
-------
-s <server_host>::
Set the server's hostname or IP.
-p <server_port>::
Set the server's port number.
-l <local_port>::
Set the local port number.
-k <password>::
Set the password. The server and the client should use the same
password.
-m <encrypt_method>::
Set the cipher.
+
*Shadowsocks-libev* accepts 18 different ciphers:
+
table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb,
camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
+
The default cipher is 'table'.
+
If built with PolarSSL or custom OpenSSL libraries, some of
these ciphers may not work.
-a <user_name>::
Run as a specific user.
-f <pid_file>::
Start shadowsocks as a daemon with specific pid file.
-t <timeout>::
Set the socket timeout in seconds. The default value is 60.
-c <config_file>::
Use a configuration file.
+
Refer to `shadowsocks-libev`(8) 'CONFIG FILE' section for more details.
-n <number>::
Specify max number of open files.
+
Only available on Linux.
-b <local_address>::
Specify local address to bind.
-u::
Enable UDP relay.
+
TPROXY is required in redir mode. You may need root permission.
-U::
Enable UDP relay and disable TCP relay.
-A::
Enable onetime authentication.
-v::
Enable verbose mode.
-h|--help::
Print help message.
EXAMPLE
-------
ss-redir requires netfilter's NAT function. Here is an example:
....
# Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
# Add any UDP rules
root@Wrt:~# ip rule add fwmark 0x01/0x01 table 100
root@Wrt:~# ip route add local 0.0.0.0/0 dev lo table 100
root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
# Apply the rules
root@Wrt:~# iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
root@Wrt:~# iptables -t mangle -A PREROUTING -j SHADOWSOCKS
# Start the shadowsocks-redir
root@Wrt:~# ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid
....
SEE ALSO
--------
`ss-local`(1),
`ss-server`(1),
`ss-tunnel`(1),
`ss-manager`(1),
`shadowsocks-libev`(8),
`iptables`(8),
/etc/shadowsocks-libev/config.json

157
Doc/ss-server.asciidoc
View File

@ -0,0 +1,157 @@
ss-server(1)
============
NAME
----
ss-server - shadowsocks server, libev port
SYNOPSIS
--------
*ss-server*
[-AuUv] [-h|--help]
[-s <server_host>] [-p <server_port>] [-l <local_port>]
[-k <password>] [-m <encrypt_method>] [-f <pid_file>]
[-t <timeout>] [-c <config_file>] [-i <interface>]
[-a <user_name>] [-d <addr>] [-n <nofile>]
[--fast-open] [--acl <acl_config>]
[--manager-address <path_to_unix_domain>]
DESCRIPTION
-----------
*Shadowsocks-libev* is a lightweight and secure socks5 proxy.
It is a port of the original shadowsocks created by clowwindy.
*Shadowsocks-libev* is written in pure C and takes advantage of libev to
achieve both high performance and low resource consumption.
*Shadowsocks-libev* consists of five components.
`ss-server`(1) runs on a remote server to provide secured tunnel service.
For more information, check out `shadowsocks-libev`(8).
OPTIONS
-------
-s <server_host>::
Set the server's hostname or IP.
-p <server_port>::
Set the server's port number.
-k <password>::
Set the password. The server and the client should use the same password.
-m <encrypt_method>::
Set the cipher.
+
*Shadowsocks-libev* accepts 18 different ciphers:
+
table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb,
camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
+
The default cipher is 'table'.
+
If built with PolarSSL or custom OpenSSL libraries, some of
these ciphers may not work.
-a <user_name>::
Run as a specific user.
-f <pid_file>::
Start shadowsocks as a daemon with specific pid file.
-t <timeout>::
Set the socket timeout in seconds. The default value is 60.
-c <config_file>::
Use a configuration file.
+
Refer to `shadowsocks-libev`(8) 'CONFIG FILE' section for more details.
-n <number>::
Specify max number of open files.
+
Only available on Linux.
-i <interface>::
Send traffic through specific network interface.
+
For example, there are three interfaces in your device,
which is lo (127.0.0.1), eth0 (192.168.0.1) and eth1 (192.168.0.2).
Meanwhile, you configure `ss-server` to listen on 0.0.0.0:8388 and bind to eth1.
That results the traffic go out through eth1, but not lo nor eth0.
This option is useful to control traffic in multi-interface environment.
-b <local_address>::
Specify local address to bind.
-u::
Enable UDP relay.
-U::
Enable UDP relay and disable TCP relay.
-A::
Enable onetime authentication.
-6::
Resovle hostname to IPv6 address first.
-w::
Enable white list mode (when ACL enabled).
-d <addr>::
Setup name servers for internal DNS resolver (libudns).
The default server is fetched from '/etc/resolv.conf'.
--fast-open::
Enable TCP fast open.
+
Only available with Linux kernel > 3.7.0.
--acl <acl_config>::
Enable ACL (Access Control List) and specify config file.
--manager-address <path_to_unix_domain>::
Specify UNIX domain socket address for the communication between ss-manager(1) and ss-server(1).
+
Only available in server and manager mode.
-v::
Enable verbose mode.
-h|--help::
Print help message.
EXAMPLE
-------
It is recommended to use a config file when starting `ss-server`(1).
The config file is written in JSON and is easy to edit.
Check out the 'SEE ALSO' section for the default path of config file.
....
# Start the ss-server
ss-server -c /etc/shadowsocks-libev/config.json
....
INCOMPATIBILITY
---------------
The config file of `shadowsocks-libev`(8) is slightly different from original
shadowsocks.
In order to listen to both IPv4/IPv6 address, use the following grammar in
your config json file:
....
{
"server":["[::0]","0.0.0.0"],
...
}
....
SEE ALSO
--------
`ss-local`(1),
`ss-tunnel`(1),
`ss-redir`(1),
`ss-manager`(1),
`shadowsocks-libev`(8),
`iptables`(8),
/etc/shadowsocks-libev/config.json

117
Doc/ss-tunnel.asciidoc
View File

@ -0,0 +1,117 @@
ss-tunnel(1)
============
NAME
----
ss-tunnel - shadowsocks tools for local port forwarding, libev port
SYNOPSIS
--------
*ss-tunnel*
[-AuUv] [-h|--help]
[-s <server_host>] [-p <server_port>] [-l <local_port>]
[-k <password>] [-m <encrypt_method>] [-f <pid_file>]
[-t <timeout>] [-c <config_file>] [-i <interface>]
[-b <local_addr>] [-a <user_name>] [-n <nofile>]
[-L addr:port]
DESCRIPTION
-----------
*Shadowsocks-libev* is a lightweight and secure socks5 proxy.
It is a port of the original shadowsocks created by clowwindy.
*Shadowsocks-libev* is written in pure C and takes advantage of libev to
achieve both high performance and low resource consumption.
*Shadowsocks-libev* consists of five components.
`ss-tunnel`(1) is a tool for local port forwarding.
See 'OPTIONS' section for special option needed by `ss-tunnel`(1).
For more information, check out `shadowsocks-libev`(8).
OPTIONS
-------
-s <server_host>::
Set the server's hostname or IP.
-p <server_port>::
Set the server's port number.
-l <local_port>::
Set the local port number.
-k <password>::
Set the password. The server and the client should use the same password.
-m <encrypt_method>::
Set the cipher.
+
*Shadowsocks-libev* accepts 18 different ciphers:
+
table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb,
camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb,
idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
+
The default cipher is 'table'.
+
If built with PolarSSL or custom OpenSSL libraries, some of
these ciphers may not work.
-a <user_name>::
Run as a specific user.
-f <pid_file>::
Start shadowsocks as a daemon with specific pid file.
-t <timeout>::
Set the socket timeout in seconds. The default value is 60.
-c <config_file>::
Use a configuration file.
+
Refer to `shadowsocks-libev`(8) 'CONFIG FILE' section for more details.
-n <number>::
Specify max number of open files.
+
Only available on Linux.
-i <interface>::
Send traffic through specific network interface.
+
For example, there are three interfaces in your device,
which is lo (127.0.0.1), eth0 (192.168.0.1) and eth1 (192.168.0.2).
Meanwhile, you configure `ss-tunnel` to listen on 0.0.0.0:8388 and bind to eth1.
That results the traffic go out through eth1, but not lo nor eth0.
This option is useful to control traffic in multi-interface environment.
-b <local_address>::
Specify local address to bind.
-u::
Enable UDP relay.
-U::
Enable UDP relay and disable TCP relay.
-A::
Enable onetime authentication.
-L <addr:port>::
Specify destination server address and port for local port forwarding.
+
Only used and available in tunnel mode.
-v::
Enable verbose mode.
-h|--help::
Print help message.
SEE ALSO
--------
`ss-local`(1),
`ss-server`(1),
`ss-redir`(1),
`ss-manager`(1),
`shadowsocks-libev`(8),
`iptables`(8),
/etc/shadowsocks-libev/config.json

6
Makefile.am
View File

@ -1,12 +1,10 @@
if USE_SYSTEM_SHARED_LIB
SUBDIRS = libcork libipset src
SUBDIRS = libcork libipset src Doc
else
SUBDIRS = libsodium libcork libipset libudns libev src
SUBDIRS = libsodium libcork libipset libudns libev src Doc
endif
ACLOCAL_AMFLAGS = -I m4
man_MANS = man/shadowsocks-libev.8 man/ss-server.1 man/ss-local.1 man/ss-redir.1\
man/ss-manager.1 man/ss-tunnel.1 man/ss-nat.1
pkgconfiglibdir = $(libdir)/pkgconfig
pkgconfiglib_DATA = shadowsocks-libev.pc

19
configure.ac
View File

@ -45,6 +45,20 @@ AC_ARG_WITH(
[with_crypto_library="openssl"]
)
AC_ARG_ENABLE([documentation],
AS_HELP_STRING([--disable-documentation], [do not build documentation]),
[], [enable_documentation=yes])
AS_IF([test "x$enable_documentation" = xyes], [DISABLE_DOCUMENTATION=0],
[DISABLE_DOCUMENTATION=1])
AC_SUBST([DISABLE_DOCUMENTATION])
if test "x$enable_documentation" = xyes; then
AC_PATH_PROG([ASCIIDOC], [asciidoc], [asciidoc])
AC_PATH_PROG([XMLTO], [xmlto], [xmlto])
AC_PATH_PROG([GZIP], [gzip], [gzip])
AC_PROG_SED
fi
dnl Checks for programs.
AC_PROG_CC
AM_PROG_CC_C_O
@ -53,6 +67,8 @@ AC_PROG_LN_S
AC_PROG_LIBTOOL
AC_PROG_MAKE_SET
AC_LANG_SOURCE
AC_PATH_PROG([RM], [rm], [rm])
AC_PATH_PROG([MV], [mv], [mv])
dnl Checks for libev
AM_COND_IF([USE_SYSTEM_SHARED_LIB],
@ -290,7 +306,8 @@ AC_CONFIG_FILES([ shadowsocks-libev.pc
Makefile
libcork/Makefile
libipset/Makefile
src/Makefile])
src/Makefile
Doc/Makefile])
AM_COND_IF([USE_SYSTEM_SHARED_LIB],
[],
[AC_CONFIG_FILES([libudns/Makefile

254
man/shadowsocks-libev.8
View File

@ -1,254 +0,0 @@
.ig
. manual page for shadowsocks-libev
.
. Copyright (c) 2012-2016, by: Max Lv
. All rights reserved.
.
. Permission is granted to copy, distribute and/or modify this document
. under the terms of the GNU Free Documentation License, Version 1.1 or
. any later version published by the Free Software Foundation;
. with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
.
. A copy of the license is included in the section entitled
. "GNU Free Documentation License".
.
..
\# - these two are for chuckles, makes great grammar
.ds Lo \fBss-local\fR
.ds Re \fBss-redir\fR
.ds Se \fBss-server\fR
.ds Tu \fBss-tunnel\fR
.ds Ma \fBss-manager\fR
.ds Me \fBShadowsocks-libev\fR
.
.TH "SHADOWSOCKS-LIBEV" "8" "April 19, 2016" "SHADOWSOCKS-LIBEV"
.SH NAME
shadowsocks-libev \- a lightweight and secure socks5 proxy
.SH SYNOPSIS
\*(Lo|\*(Re|\*(Se|\*(Tu|\*(Ma
[\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR]
[\fB\-l\fR \fIlocal_port\fR] [\fB\-k\fR \fIpassword\fR]
[\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR]
[\fB\-t\fR \fItimeout\fR] [\fB\-c\fR \fIconfig_file\fR]
.SH DESCRIPTION
\*(Me is a lightweight and secure socks5 proxy. It is a port of the original
shadowsocks created by clowwindy. \*(Me is written in pure C and takes advantage
of \fBlibev\fP to achieve both high performance and low resource consumption.
.PP
\*(Me consists of five components. One is \*(Se(1) that runs on a remote server
to provide secured tunnel service. \*(Lo(1) and \*(Re(1) are clients on your
local machines to proxy TCP traffic. \*(Tu(1) is a tool for local port
forwarding.
.PP
While \*(Lo(1) works as a standard socks5 proxy, \*(Re(1) works as a transparent
proxy and requires netfilter's NAT module. For more information, check out the
example section.
.PP
\*(Ma(1) is a controller for multi-user management and traffic statistics, using
UNIX domain socket to talk with \*(Se(1). Also, it provides a UNIX domain socket
or IP based API for other software. About the details of this API, please refer
to the protocol section.
.SH OPTIONS
.TP
.B \-s \fIserver_host\fP
Set the server's hostname or IP.
.TP
.B \-p \fIserver_port\fP
Set the server's port number.
Not available in manager mode.
.TP
.B \-l \fIlocal_port\fP
Set the local port number.
Not available in server nor manager mode.
.TP
.B \-k \fIpassword\fP
Set the password. The server and the client should use the same password.
.TP
.B \-m \fIencrypt_method\fP
Set the cipher.
\*(Me accepts 18 different ciphers: table, rc4, rc4-md5, aes-128-cfb,
aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb, camellia-192-cfb,
camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, seed-cfb, salsa20,
chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
not work.
.TP
.B \-a \fIuser_name\fP
Run as a specific user.
.TP
.B \-f \fIpid_file\fP
Start shadowsocks as a daemon with specific pid file.
.TP
.B \-t \fItimeout\fP
Set the socket timeout in seconds. The default value is 60.
.TP
.B \-c \fIconfig_file\fP
Use a configuration file.
.TP
.B \-n \fInumber\fP
Specify max number of open files.
Not available in manager mode.
Only available on Linux.
.TP
.B \-i \fIinterface\fP
Send traffic through specific network interface.
For example, there are three interfaces in your device, which is lo (127.0.0.1),
eth0 (192.168.0.1) and eth1 (192.168.0.2). Meanwhile, you configure
\fBshadowsocks-libev\fR to listen on 0.0.0.0:8388 and bind to eth1. That results
the traffic go out through eth1, but not lo nor eth0. This option is useful to
control traffic in multi-interface environment.
Not available in redir mode.
.TP
.B \-b \fIlocal_address\fP
Specify local address to bind.
Not available in server nor manager mode.
.TP
.B \-u
Enable UDP relay.
TPROXY is required in redir mode. You may need root permission.
.TP
.B \-U
Enable UDP relay and disable TCP relay.
Not available in local mode.
.TP
.B \-A
Enable onetime authentication.
.TP
.B \-w
Enable white list mode (when ACL enabled).
Only available in server mode.
.TP
.B \-L \fIaddr\fR:\fIport\fP
Specify destination server address and port for local port forwarding.
Only available in tunnel mode.
.TP
.B \-d \fIaddr\fP
Setup name servers for internal DNS resolver (libudns). The default server is
fetched from /etc/resolv.conf.
Only available in server and manager mode.
.TP
.B \--fast-open
Enable TCP fast open.
Not available in redir nor tunnel mode, with Linux kernel > 3.7.0.
.TP
.B \--acl \fIacl_config\fP
Enable ACL (Access Control List) and specify config file.
Not available in redir nor tunnel mode.
.TP
.B \--manager-address \fIpath_to_unix_domain\fP
Specify UNIX domain socket address.
Only available in server and manager mode.
.TP
.B \--executable \fIpath_to_server_executable\fP
Specify the executable path of ss-server.
Only available in manager mode.
.TP
.B \-v
Enable verbose mode.
.TP
.B \-h, --help
Print help message.
.SH EXAMPLE
\*(Re requires netfilter's NAT function. Here is an example:
.nf
# Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS
root@Wrt:~# iptables -t mangle -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
# Add any UDP rules
root@Wrt:~# ip rule add fwmark 0x01/0x01 table 100
root@Wrt:~# ip route add local 0.0.0.0/0 dev lo table 100
root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
# Apply the rules
root@Wrt:~# iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
root@Wrt:~# iptables -t mangle -A PREROUTING -j SHADOWSOCKS
# Start the shadowsocks-redir
root@Wrt:~# ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid
.fi
.SH PROTOCOL
\*(Ma(1) provides several APIs through UDP protocol:
.in +4n
Send UDP commands in the following format to the manager-address provided to
\*(Ma(1).
command: [JSON data]
To add a port:
add: {"server_port": 8001, "password":"7cd308cc059"}
To remove a port:
remove: {"server_port": 8001}
To receive a pong:
ping
Then \*(Ma(1) will send back the traffic statistics:
stat: {"8001":11370}
.SH SEE ALSO
.BR \*(Lo (1),
.BR \*(Se (1),
.BR \*(Tu (1),
.BR \*(Re (1),
.BR \*(Ma (1),
.BR iptables (8),
/etc/shadowsocks-libev/config.json
.br
.SH AUTHOR
shadowsocks was created by clowwindy <clowwindy42@gmail.com> and
shadowsocks-libev was maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang
<laokongzi@gmail.com>.
.PP
This manual page was written by Max Lv <max.c.lv@gmail.com>.
.PP
The manual pages were rearranged by hosiet <073plan@gmail.com>.

142
man/ss-local.1
View File

@ -1,142 +0,0 @@
.ig
. manual page for shadowsocks-libev
.
. Copyright (c) 2012-2016, by: Max Lv
. All rights reserved.
.
. Permission is granted to copy, distribute and/or modify this document
. under the terms of the GNU Free Documentation License, Version 1.1 or
. any later version published by the Free Software Foundation;
. with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
.
. A copy of the license is included in the section entitled
. "GNU Free Documentation License".
.
..
\# - these two are for chuckles, makes great grammar
.ds Lo \fBss-local\fR
.ds Re \fBss-redir\fR
.ds Se \fBss-server\fR
.ds Tu \fBss-tunnel\fR
.ds Ma \fBss-manager\fR
.ds Me \fBShadowsocks-libev\fR
.
.TH "SS-LOCAL" "1" "April 19, 2016" "SHADOWSOCKS-LIBEV"
.SH NAME
ss-local \- shadowsocks client as socks5 proxy, libev port
.SH SYNOPSIS
\*(Lo
[\fB\-Auv\fR] [\fB\-h\fR|\fB\--help\fR]
[\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] [\fB\-l\fR \fIlocal_port\fR]
[\fB\-k\fR \fIpassword\fR] [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR] [\fB\-t\fR \fItimeout\fR]
[\fB\-c\fR \fIconfig_file\fR] [\fB\-b\fR \fIinterface\fR] [\fB\-a\fR \fIuser_name\fR]
[\fB\-n\fR \fInofile\fR] [\fB\-\-fast\-open\fR] [\fB\-\-acl\fR \fIacl_config\fR]
.SH DESCRIPTION
\*(Me is a lightweight and secure socks5 proxy. It is a port of the original
shadowsocks created by clowwindy. \*(Me is written in pure C and takes advantage
of \fBlibev\fP to achieve both high performance and low resource consumption.
.PP
\*(Me consists of five components. \*(Lo(1) works as a standard socks5 proxy
on local machines to proxy TCP traffic. For more information, check out
\fBshadowsocks-libev\fR(8).
.SH OPTIONS
.TP
.B \-s \fIserver_host\fP
Set the server's hostname or IP.
.TP
.B \-p \fIserver_port\fP
Set the server's port number.
.TP
.B \-l \fIlocal_port\fP
Set the local port number.
.TP
.B \-k \fIpassword\fP
Set the password. The server and the client should use the same password.
.TP
.B \-m \fIencrypt_method\fP
Set the cipher.
\*(Me accepts 18 different ciphers: table, rc4, rc4-md5, aes-128-cfb,
aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb, camellia-192-cfb,
camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, seed-cfb, salsa20,
chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
not work.
.TP
.B \-a \fIuser_name\fP
Run as a specific user.
.TP
.B \-f \fIpid_file\fP
Start shadowsocks as a daemon with specific pid file.
.TP
.B \-t \fItimeout\fP
Set the socket timeout in seconds. The default value is 60.
.TP
.B \-c \fIconfig_file\fP
Use a configuration file.
.TP
.B \-n \fInumber\fP
Specify max number of open files.
Only available on Linux.
.TP
.B \-i \fIinterface\fP
Send traffic through specific network interface.
For example, there are three interfaces in your device, which is lo (127.0.0.1),
eth0 (192.168.0.1) and eth1 (192.168.0.2). Meanwhile, you configure \*(Lo to
listen on 0.0.0.0:8388 and bind to eth1. That results the traffic go out through
eth1, but not lo nor eth0. This option is useful to control traffic in
multi-interface environment.
.TP
.B \-b \fIlocal_address\fP
Specify local address to bind.
.TP
.B \-u
Enable UDP relay.
.TP
.B \-A
Enable onetime authentication.
.TP
.B \--fast-open
Enable TCP fast open.
Only available with Linux kernel > 3.7.0.
.TP
.B \--acl \fIacl_config\fP
Enable ACL (Access Control List) and specify config file.
.TP
.B \-v
Enable verbose mode.
.TP
.B \-h, --help
Print help message.
.SH EXAMPLE
\*(Lo(1) can be started from command line and run in foreground. Here is an
example:
# Start ss-local with given parameters
ss-local -s example.com -p 12345 -l 1080 -k foobar -m aes-256-cfb
.SH SEE ALSO
.BR \*(Se (1),
.BR \*(Tu (1),
.BR \*(Re (1),
.BR \*(Ma (1),
.BR shadowsocks-libev (8),
.BR iptables (8),
/etc/shadowsocks-libev/config.json
.br
.SH AUTHOR
shadowsocks was created by clowwindy <clowwindy42@gmail.com> and
shadowsocks-libev was maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang
<laokongzi@gmail.com>.
.PP
This manual page was written by Max Lv <max.c.lv@gmail.com>.
.PP
The manual pages were rearranged by hosiet <073plan@gmail.com>.

185
man/ss-manager.1
View File

@ -1,185 +0,0 @@
.ig
. manual page for shadowsocks-libev
.
. Copyright (c) 2012-2016, by: Max Lv
. All rights reserved.
.
. Permission is granted to copy, distribute and/or modify this document
. under the terms of the GNU Free Documentation License, Version 1.1 or
. any later version published by the Free Software Foundation;
. with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
.
. A copy of the license is included in the section entitled
. "GNU Free Documentation License".
.
..
\# - these two are for chuckles, makes great grammar
.ds Lo \fBss-local\fR
.ds Re \fBss-redir\fR
.ds Se \fBss-server\fR
.ds Tu \fBss-tunnel\fR
.ds Ma \fBss-manager\fR
.ds Me \fBShadowsocks-libev\fR
.
.TH "SS-MANAGER" "1" "April 19, 2016" "SHADOWSOCKS-LIBEV"
.SH NAME
ss-manager \- ss-server controller for multi-user management and traffic
statistics
.SH SYNOPSIS
\*(Ma
[\fB\-AuUv\fR] [\fB\-h\fR|\fB\--help\fR]
[\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] [\fB\-l\fR \fIlocal_port\fR]
[\fB\-k\fR \fIpassword\fR] [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR]
[\fB\-t\fR \fItimeout\fR] [\fB\-c\fR \fIconfig_file\fR] [\fB\-i\fR \fIinterface\fR]
[\fB\-b\fR \fIlocal_addr\fR] [\fB\-a\fR \fIuser_name\fR]
[\fB\-\-manager\-address\fR \fIpath_to_unix_domain\fR]
[\fB\-\-executable\fR \fIpath_to_server_executable\fR]
.SH DESCRIPTION
\*(Me is a lightweight and secure socks5 proxy. It is a port of the original
shadowsocks created by clowwindy. \*(Me is written in pure C and takes advantage
of \fBlibev\fP to achieve both high performance and low resource consumption.
.PP
\*(Me consists of five components.
\*(Ma(1) is a controller for multi-user management and traffic statistics, using
UNIX domain socket to talk with \*(Se(1). Also, it provides a UNIX domain socket
or IP based API for other software. About the details of this API, please refer
to the following \fBPROTOCOL\fR section.
.SH OPTIONS
.TP
.B \-s \fIserver_host\fP
Set the server's hostname or IP.
.TP
.B \-k \fIpassword\fP
Set the password. The server and the client should use the same password.
.TP
.B \-m \fIencrypt_method\fP
Set the cipher.
\*(Me accepts 18 different ciphers: table, rc4, rc4-md5, aes-128-cfb,
aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb, camellia-192-cfb,
camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, seed-cfb, salsa20,
chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
not work.
.TP
.B \-a \fIuser_name\fP
Run as a specific user.
.TP
.B \-f \fIpid_file\fP
Start shadowsocks as a daemon with specific pid file.
.TP
.B \-t \fItimeout\fP
Set the socket timeout in seconds. The default value is 60.
.TP
.B \-c \fIconfig_file\fP
Use a configuration file.
.TP
.B \-i \fIinterface\fP
Send traffic through specific network interface.
For example, there are three interfaces in your device, which is lo (127.0.0.1),
eth0 (192.168.0.1) and eth1 (192.168.0.2). Meanwhile, you configure \*(Ma to
listen on 0.0.0.0:8388 and bind to eth1. That results the traffic go out through
eth1, but not lo nor eth0. This option is useful to control traffic in
multi-interface environment.
.TP
.B \-u
Enable UDP relay.
.TP
.B \-U
Enable UDP relay and disable TCP relay.
.TP
.B \-A
Enable onetime authentication.
.TP
.B \-d \fIaddr\fP
Setup name servers for internal DNS resolver (libudns). The default server is
fetched from /etc/resolv.conf.
.TP
.B \--fast-open
Enable TCP fast open.
Only available with Linux kernel > 3.7.0.
.TP
.B \--acl \fIacl_config\fP
Enable ACL (Access Control List) and specify config file.
.TP
.B \--manager-address \fIpath_to_unix_domain\fP
Specify UNIX domain socket address for the communication between \*(Ma(1) and
\*(Se(1).
Only available in server and manager mode.
.TP
.B \--executable \fIpath_to_server_executable\fP
Specify the executable path of ss-server.
Only available in manager mode.
.TP
.B \-v
Enable verbose mode.
.TP
.B \-h, --help
Print help message.
.SH PROTOCOL
\*(Ma(1) provides several APIs through UDP protocol:
.in +4n
Send UDP commands in the following format to the manager-address provided to
\*(Ma(1).
command: [JSON data]
To add a port:
add: {"server_port": 8001, "password":"7cd308cc059"}
To remove a port:
remove: {"server_port": 8001}
To receive a pong:
ping
Then \*(Ma(1) will send back the traffic statistics:
stat: {"8001":11370}
.SH EXAMPLE
To use \*(Ma(1), First start it and specify necessary information.
Then communicate with \*(Ma(1) through UNIX Domain Socket using UDP protocol:
# Start the manager. Arguments for ss-server will be passed to generated
# ss-server process(es) respectively.
ss-manager --manager-address /tmp/manager.sock --executable \
$(which ss-server) -s example.com -m aes-256-cfb -c /path/to/config.json
# Connect to the socket. Using netcat-openbsd as an example.
# You should use scripts or other programs for further management.
nc -Uu /tmp/manager.sock
After that, you may communicate with \*(Ma(1) as described above in the
\fBPROTOCOL\fR section.
.SH SEE ALSO
.BR \*(Lo (1),
.BR \*(Se (1),
.BR \*(Tu (1),
.BR \*(Re (1),
.BR shadowsocks-libev (8),
.BR iptables (8),
/etc/shadowsocks-libev/config.json
.br
.SH AUTHOR
shadowsocks was created by clowwindy <clowwindy42@gmail.com> and
shadowsocks-libev was maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang
<laokongzi@gmail.com>.
.PP
This manual page was written by Max Lv <max.c.lv@gmail.com>.
.PP
The manual pages were rearranged by hosiet <073plan@gmail.com>.

119
man/ss-nat.1
View File

@ -1,119 +0,0 @@
.ig
. manual page for shadowsocks-libev
.
. Copyright (c) 2012-2016, by: Max Lv
. All rights reserved.
.
. Permission is granted to copy, distribute and/or modify this document
. under the terms of the GNU Free Documentation License, Version 1.1 or
. any later version published by the Free Software Foundation;
. with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
.
. A copy of the license is included in the section entitled
. "GNU Free Documentation License".
.
..
\# - these two are for chuckles, makes great grammar
.ds Lo \fBss-local\fR
.ds Re \fBss-redir\fR
.ds Se \fBss-server\fR
.ds Tu \fBss-tunnel\fR
.ds Ma \fBss-manager\fR
.ds Na \fBss-nat\fR
.ds Me \fBShadowsocks-libev\fR
.
.TH "SS-NAT" "1" "May 26, 2016" "SHADOWSOCKS-LIBEV"
.SH NAME
ss-nat \- helper script to setup NAT rules for transparent proxy
.SH SYNOPSIS
\*(Na
[\fB\-ouUfh\fR]
[\fB\-s\fR \fIserver_ip\fR] [\fB\-S\fR \fIserver_ip\fR] [\fB\-l\fR \fIlocal_port\fR]
[\fB\-L\fR \fIlocal_port\fR] [\fB\-i\fR \fIip_list_file\fR] [\fB\-a\fR \fIlan_ips\fR]
[\fB\-b\fR \fIwan_ips\fR] [\fB\-w\fR \fIwan_ips\fR] [\fB\-e\fR \fIextra_options\fR]
.SH DESCRIPTION
\*(Me is a lightweight and secure socks5 proxy. It is a port of the original
shadowsocks created by clowwindy. \*(Me is written in pure C and takes advantage
of \fBlibev\fP to achieve both high performance and low resource consumption.
.PP
\*(Na(1) sets up NAT rules for \*(Re(1) to provide traffic redirection. It
requires netfilter's NAT module and \fBiptables\fR(8). For more information,
check out \fBshadowsocks-libev\fR(8) and the following \fBEXAMPLE\fR section.
.SH OPTIONS
.TP
.B \-s \fIserver_ip\fP
IP address of shadowsocks remote server
.TP
.B \-l \fIlocal_port\fP
Port number of shadowsocks local server
.TP
.B \-S \fIserver_ip\fP
IP address of shadowsocks remote UDP server
.TP
.B \-L \fIlocal_port\fP
Port number of shadowsocks local UDP server
.TP
.B \-i \fIip_list_file\fP
a file content is bypassed ip list
.TP
.B \-a \fIlan_ips\fP
LAN IP of access control, need a prefix to define access control mode
.TP
.B \-b \fIwan_ips\fP
WAN IP of will be bypassed
.TP
.B \-w \fIwan_ips\fP
WAN IP of will be forwarded
.TP
.B \-e \fIextra_options\fP
Extra options for iptables
.TP
.B \-o
Apply the rules to the OUTPUT chain
.TP
.B \-u
Enable udprelay mode, TPROXY is required
.TP
.B \-U
Enable udprelay mode, using different IP and ports for TCP and UDP
.TP
.B \-f
Flush the rules
.TP
.B \-h
Show this help message and exit
.TP
.SH EXAMPLE
\*(Na requires \fBiptables\fR(8). Here is an example:
.nf
# Enable NAT rules for shadowsocks,
# with both TCP and UDP redirection enabled,
# and applied for both PREROUTING and OUTPUT chains
root@Wrt:~# ss-nat -s 192.168.1.100 -l 1080 -u -o
# Disable and flush all NAT rules for shadowsocks
root@Wrt:~# ss-nat -f
.fi
.SH SEE ALSO
.BR \*(Lo (1),
.BR \*(Se (1),
.BR \*(Tu (1),
.BR \*(Ma (1),
.BR shadowsocks-libev (8),
.BR iptables (8),
/etc/shadowsocks-libev/config.json
.br
.SH AUTHOR
shadowsocks was created by clowwindy <clowwindy42@gmail.com> and
shadowsocks-libev was maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang
<laokongzi@gmail.com>.
.PP
This manual page was written by Max Lv <max.c.lv@gmail.com>.
.PP
The manual pages were rearranged by hosiet <073plan@gmail.com>.

163
man/ss-redir.1
View File

@ -1,163 +0,0 @@
.ig
. manual page for shadowsocks-libev
.
. Copyright (c) 2012-2016, by: Max Lv
. All rights reserved.
.
. Permission is granted to copy, distribute and/or modify this document
. under the terms of the GNU Free Documentation License, Version 1.1 or
. any later version published by the Free Software Foundation;
. with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
.
. A copy of the license is included in the section entitled
. "GNU Free Documentation License".
.
..
\# - these two are for chuckles, makes great grammar
.ds Lo \fBss-local\fR
.ds Re \fBss-redir\fR
.ds Se \fBss-server\fR
.ds Tu \fBss-tunnel\fR
.ds Ma \fBss-manager\fR
.ds Me \fBShadowsocks-libev\fR
.
.TH "SS-REDIR" "1" "April 19, 2016" "SHADOWSOCKS-LIBEV"
.SH NAME
ss-redir \- shadowsocks client as transparent proxy, libev port
.SH SYNOPSIS
\*(Re
[\fB\-AuUv\fR] [\fB\-h\fR|\fB\--help\fR]
[\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] [\fB\-l\fR \fIlocal_port\fR]
[\fB\-k\fR \fIpassword\fR] [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR]
[\fB\-t\fR \fItimeout\fR] [\fB\-c\fR \fIconfig_file\fR] [\fB\-b\fR \fIlocal_address\fR]
[\fB\-a\fR \fIuser_name\fR] [\fB\-n\fR \fInofile\fR]
.SH DESCRIPTION
\*(Me is a lightweight and secure socks5 proxy. It is a port of the original
shadowsocks created by clowwindy. \*(Me is written in pure C and takes advantage
of \fBlibev\fP to achieve both high performance and low resource consumption.
.PP
\*(Me consists of five components. \*(Re(1) works as a transparent proxy on
local machines to proxy TCP traffic and requires netfilter's NAT module. For
more information, check out \fBshadowsocks-libev\fR(8) and the following
\fBEXAMPLE\fR section.
.SH OPTIONS
.TP
.B \-s \fIserver_host\fP
Set the server's hostname or IP.
.TP
.B \-p \fIserver_port\fP
Set the server's port number.
.TP
.B \-l \fIlocal_port\fP
Set the local port number.
.TP
.B \-k \fIpassword\fP
Set the password. The server and the client should use the same password.
.TP
.B \-m \fIencrypt_method\fP
Set the cipher.
\*(Me accepts 18 different ciphers: table, rc4, rc4-md5, aes-128-cfb,
aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb, camellia-192-cfb,
camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, seed-cfb, salsa20,
chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
not work.
.TP
.B \-a \fIuser_name\fP
Run as a specific user.
.TP
.B \-f \fIpid_file\fP
Start shadowsocks as a daemon with specific pid file.
.TP
.B \-t \fItimeout\fP
Set the socket timeout in seconds. The default value is 60.
.TP
.B \-c \fIconfig_file\fP
Use a configuration file.
.TP
.B \-n \fInumber\fP
Specify max number of open files.
Only available on Linux.
.TP
.B \-b \fIlocal_address\fP
Specify local address to bind.
.TP
.B \-u
Enable UDP relay.
TPROXY is required in redir mode. You may need root permission.
.TP
.B \-U
Enable UDP relay and disable TCP relay.
.TP
.B \-A
Enable onetime authentication.
.TP
.B \-v
Enable verbose mode.
.TP
.B \-h, --help
Print help message.
.SH EXAMPLE
\*(Re requires netfilter's NAT function. Here is an example:
.nf
# Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
# Add any UDP rules
root@Wrt:~# ip rule add fwmark 0x01/0x01 table 100
root@Wrt:~# ip route add local 0.0.0.0/0 dev lo table 100
root@Wrt:~# iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01
# Apply the rules
root@Wrt:~# iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
root@Wrt:~# iptables -t mangle -A PREROUTING -j SHADOWSOCKS
# Start the shadowsocks-redir
root@Wrt:~# ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid
.fi
.SH SEE ALSO
.BR \*(Lo (1),
.BR \*(Se (1),
.BR \*(Tu (1),
.BR \*(Ma (1),
.BR shadowsocks-libev (8),
.BR iptables (8),
/etc/shadowsocks-libev/config.json
.br
.SH AUTHOR
shadowsocks was created by clowwindy <clowwindy42@gmail.com> and
shadowsocks-libev was maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang
<laokongzi@gmail.com>.
.PP
This manual page was written by Max Lv <max.c.lv@gmail.com>.
.PP
The manual pages were rearranged by hosiet <073plan@gmail.com>.

172
man/ss-server.1
View File

@ -1,172 +0,0 @@
.ig
. manual page for shadowsocks-libev
.
. Copyright (c) 2012-2016, by: Max Lv
. All rights reserved.
.
. Permission is granted to copy, distribute and/or modify this document
. under the terms of the GNU Free Documentation License, Version 1.1 or
. any later version published by the Free Software Foundation;
. with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
.
. A copy of the license is included in the section entitled
. "GNU Free Documentation License".
.
..
\# - these two are for chuckles, makes great grammar
.ds Lo \fBss-local\fR
.ds Re \fBss-redir\fR
.ds Se \fBss-server\fR
.ds Tu \fBss-tunnel\fR
.ds Ma \fBss-manager\fR
.ds Me \fBShadowsocks-libev\fR
.
.TH "SS-SERVER" "1" "April 19, 2016" "SHADOWSOCKS-LIBEV"
.SH NAME
ss-server \- shadowsocks server, libev port
.SH SYNOPSIS
\*(Se
[\fB-AuUv\fR] [\fB\-h\fR|\fB\--help\fR]
[\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] [\fB\-l\fR \fIlocal_port\fR]
[\fB\-k\fR \fIpassword\fR] [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR]
[\fB\-t\fR \fItimeout\fR] [\fB\-c\fR \fIconfig_file\fR] [\fB\-i\fR \fIinterface\fR]
[\fB\-a\fR \fIuser_name\fR] [\fB\-d\fR \fIaddr\fR] [\fB\-n\fR \fInofile\fR]
[\fB\-\-fast\-open\fR] [\fB\-\-acl\fR \fIacl_config\fR]
[\fB\-\-manager\-address\fR \fIpath_to_unix_domain\fR]
.SH DESCRIPTION
\*(Me is a lightweight and secure socks5 proxy. It is a port of the original
shadowsocks created by clowwindy. \*(Me is written in pure C and takes advantage
of \fBlibev\fP to achieve both high performance and low resource consumption.
.PP
\*(Me consists of five components. \*(Se(1) runs on a remote server to provide
secured tunnel service. For more information, check out
\fBshadowsocks-libev\fR(8).
.SH OPTIONS
.TP
.B \-s \fIserver_host\fP
Set the server's hostname or IP.
.TP
.B \-p \fIserver_port\fP
Set the server's port number.
.TP
.B \-k \fIpassword\fP
Set the password. The server and the client should use the same password.
.TP
.B \-m \fIencrypt_method\fP
Set the cipher.
\*(Me accepts 18 different ciphers: table, rc4, rc4-md5, aes-128-cfb,
aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb, camellia-192-cfb,
camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, seed-cfb, salsa20,
chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
not work.
.TP
.B \-a \fIuser_name\fP
Run as a specific user.
.TP
.B \-f \fIpid_file\fP
Start shadowsocks as a daemon with specific pid file.
.TP
.B \-t \fItimeout\fP
Set the socket timeout in seconds. The default value is 60.
.TP
.B \-c \fIconfig_file\fP
Use a configuration file.
.TP
.B \-n \fInumber\fP
Specify max number of open files.
Only available on Linux.
.TP
.B \-i \fIinterface\fP
Send traffic through specific network interface.
For example, there are three interfaces in your device, which is lo (127.0.0.1),
eth0 (192.168.0.1) and eth1 (192.168.0.2). Meanwhile, you configure \*(Se to
listen on 0.0.0.0:8388 and bind to eth1. That results the traffic go out through
eth1, but not lo nor eth0. This option is useful to control traffic in
multi-interface environment.
.TP
.B \-b \fIlocal_address\fP
Specify local address to bind.
.TP
.B \-u
Enable UDP relay.
.TP
.B \-U
Enable UDP relay and disable TCP relay.
.TP
.B \-A
Enable onetime authentication.
.TP
.B \-6
Resovle hostname to IPv6 address first.
.TP
.B \-w
Enable white list mode (when ACL enabled).
.TP
.B \-d \fIaddr\fP
Setup name servers for internal DNS resolver (libudns). The default server is
fetched from /etc/resolv.conf.
.TP
.B \--fast-open
Enable TCP fast open.
Only available with Linux kernel > 3.7.0.
.TP
.B \--acl \fIacl_config\fP
Enable ACL (Access Control List) and specify config file.
.TP
.B \--manager-address \fIpath_to_unix_domain\fP
Specify UNIX domain socket address for the communication between \*(Ma(1) and
\*(Se(1).
Only available in server and manager mode.
.TP
.B \-v
Enable verbose mode.
.TP
.B \-h, --help
Print help message.
.SH EXAMPLE
It is recommended to use a config file when starting \*(Se(1).
The config file is written in JSON and is easy to edit. Check out the \fBSEE
ALSO\fR section for the default path of config file.
# Start the ss-server
ss-server -c /etc/shadowsocks-libev/config.json
.SH BUGS
The config file of \fBshadowsocks-libev\fR(8) is slightly different from
original shadowsocks. In order to listen to both IPv4/IPv6 address, use the
following grammar in your config json file:
{
"server":["[::0]","0.0.0.0"],
...
}
.SH SEE ALSO
.BR \*(Lo (1),
.BR \*(Tu (1),
.BR \*(Re (1),
.BR \*(Ma (1),
.BR shadowsocks-libev (8),
.BR iptables (8),
/etc/shadowsocks-libev/config.json
.br
.SH AUTHOR
shadowsocks was created by clowwindy <clowwindy42@gmail.com> and
shadowsocks-libev was maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang
<laokongzi@gmail.com>.
.PP
This manual page was written by Max Lv <max.c.lv@gmail.com>.
.PP
The manual pages were rearranged by hosiet <073plan@gmail.com>.

136
man/ss-tunnel.1
View File

@ -1,136 +0,0 @@
.ig
. manual page for shadowsocks-libev
.
. Copyright (c) 2012-2016, by: Max Lv
. All rights reserved.
.
. Permission is granted to copy, distribute and/or modify this document
. under the terms of the GNU Free Documentation License, Version 1.1 or
. any later version published by the Free Software Foundation;
. with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
.
. A copy of the license is included in the section entitled
. "GNU Free Documentation License".
.
..
\# - these two are for chuckles, makes great grammar
.ds Lo \fBss-local\fR
.ds Re \fBss-redir\fR
.ds Se \fBss-server\fR
.ds Tu \fBss-tunnel\fR
.ds Ma \fBss-manager\fR
.ds Me \fBShadowsocks-libev\fR
.
.TH "SS-TUNNEL" "1" "April 19, 2016" "SHADOWSOCKS-LIBEV"
.SH NAME
ss-tunnel \- shadowsocks tools for local port forwarding, libev port
.SH SYNOPSIS
\*(Tu
[\fB-AuUv\fR] [\fB\-h\fR|\fB\--help\fR]
[\fB\-s\fR \fIserver_host\fR] [\fB\-p\fR \fIserver_port\fR] [\fB\-l\fR \fIlocal_port\fR]
[\fB\-k\fR \fIpassword\fR] [\fB\-m\fR \fIencrypt_method\fR] [\fB\-f\fR \fIpid_file\fR]
[\fB\-t\fR \fItimeout\fR] [\fB\-c\fR \fIconfig_file\fR] [\fB\-i\fR \fIinterface\fR]
[\fB\-b\fR \fIlocal_addr\fR] [\fB\-a\fR \fIuser_name\fR] [\fB\-n\fR \fInofile\fR]
[\fB\-L\fR \fIaddr\fR:\fIport\fR]
.SH DESCRIPTION
\*(Me is a lightweight and secure socks5 proxy. It is a port of the original
shadowsocks created by clowwindy. \*(Me is written in pure C and takes advantage
of \fBlibev\fP to achieve both high performance and low resource consumption.
.PP
\*(Me consists of five components. \*(Tu(1) is a tool for local port forwarding.
See \fBOPTIONS\fR section for special option needed by \*(Tu(1). For more
information, check out \fBshadowsocks-libev\fR(8).
.SH OPTIONS
.TP
.B \-s \fIserver_host\fP
Set the server's hostname or IP.
.TP
.B \-p \fIserver_port\fP
Set the server's port number.
.TP
.B \-l \fIlocal_port\fP
Set the local port number.
.TP
.B \-k \fIpassword\fP
Set the password. The server and the client should use the same password.
.TP
.B \-m \fIencrypt_method\fP
Set the cipher.
\*(Me accepts 18 different ciphers: table, rc4, rc4-md5, aes-128-cfb,
aes-192-cfb, aes-256-cfb, bf-cfb, camellia-128-cfb, camellia-192-cfb,
camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, seed-cfb, salsa20,
chacha20 and chacha20-ietf. The default cipher is \fItable\fP.
If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may
not work.
.TP
.B \-a \fIuser_name\fP
Run as a specific user.
.TP
.B \-f \fIpid_file\fP
Start shadowsocks as a daemon with specific pid file.
.TP
.B \-t \fItimeout\fP
Set the socket timeout in seconds. The default value is 60.
.TP
.B \-c \fIconfig_file\fP
Use a configuration file.
.TP
.B \-n \fInumber\fP
Specify max number of open files.
Only available on Linux.
.TP
.B \-i \fIinterface\fP
Send traffic through specific network interface.
For example, there are three interfaces in your device, which is lo (127.0.0.1),
eth0 (192.168.0.1) and eth1 (192.168.0.2). Meanwhile, you configure \*(Tu to
listen on 0.0.0.0:8388 and bind to eth1. That results the traffic go out through
eth1, but not lo nor eth0. This option is useful to control traffic in
multi-interface environment.
.TP
.B \-b \fIlocal_address\fP
Specify local address to bind.
.TP
.B \-u
Enable UDP relay.
.TP
.B \-U
Enable UDP relay and disable TCP relay.
.TP
.B \-A
Enable onetime authentication.
.TP
.B \-L \fIaddr\fR:\fIport\fP
Specify destination server address and port for local port forwarding.
Only used and available in tunnel mode.
.TP
.B \-v
Enable verbose mode.
.TP
.B \-h, --help
Print help message.
.SH SEE ALSO
.BR \*(Lo (1),
.BR \*(Se (1),
.BR \*(Re (1),
.BR \*(Ma (1),
.BR shadowsocks-libev (8),
.BR iptables (8),
/etc/shadowsocks-libev/config.json
.br
.SH AUTHOR
shadowsocks was created by clowwindy <clowwindy42@gmail.com> and
shadowsocks-libev was maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang
<laokongzi@gmail.com>.
.PP
This manual page was written by Max Lv <max.c.lv@gmail.com>.
.PP
The manual pages were rearranged by hosiet <073plan@gmail.com>.
Write Preview
Loading…
Cancel
Save