Max Lv
8e6724a1fd
|
11 years ago | |
|---|---|---|
| debian | 11 years ago | |
| libasyncns | 11 years ago | |
| libev | 11 years ago | |
| m4 | 11 years ago | |
| openwrt | 11 years ago | |
| src | 11 years ago | |
| .gitignore | 11 years ago | |
| .travis.yml | 11 years ago | |
| COPYING | 11 years ago | |
| INSTALL | 12 years ago | |
| LICENSE | 11 years ago | |
| Makefile.am | 11 years ago | |
| Makefile.in | 11 years ago | |
| README.md | 11 years ago | |
| aclocal.m4 | 11 years ago | |
| ar-lib | 11 years ago | |
| autogen.sh | 12 years ago | |
| config.guess | 12 years ago | |
| config.h.in | 11 years ago | |
| config.sub | 12 years ago | |
| configure | 11 years ago | |
| configure.ac | 11 years ago | |
| depcomp | 12 years ago | |
| install-sh | 12 years ago | |
| ltmain.sh | 12 years ago | |
| missing | 12 years ago | |
| shadowsocks.8 | 11 years ago | |
README.md
shadowsocks-libev
Intro
Shadowsocks-libev is a lightweight secured scoks5 proxy for embedded devices and low end boxes.
It is a port of shadowsocks created by @clowwindy maintained by @madeye.
Current version: 1.3.3 
Changelog
1.3.3 -- Fri, 21 Jun 2013 09:59:20 +0800
- Provide more info in verbose mode.
1.3.2 -- Sun, 09 Jun 2013 09:52:31 +0000
- Fix some ciphers by @linusyang.
1.3.1 -- Tue, 04 Jun 2013 00:56:17 +0000
- Support more cihpers: camellia, idea, rc2 and seed.
1.3 -- Thu, 16 May 2013 10:51:15 +0800
- Able to bind connections to specific interface
- Support more ciphers: aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, cast5-cfb, des-cfb
1.2 -- Tue, 07 May 2013 14:10:33 +0800
- Close timeouted TCP connections
- Fix a high load issue
1.1 -- Wed, 10 Apr 2013 12:11:36 +0800
- Fix a IPV6 resolve issue
1.0 -- Sat, 06 Apr 2013 16:59:15 +0800
- Initial release
Features
Shadowsocks-libev is writen in pure C and only depends on libev and openssl.
In normal usage, the memory consumption is about 600KB and the CPU utilization is no more than 5% on a low-end router (Buffalo WHR-G300N V2 with a 400MHz MIPS CPU, 32MB memory and 4MB flash).
Installation
Build the binary like this:
sudo apt-get install build-essential autoconf libtool libssl-dev
./configure && make
sudo make install
Usage
usage:
ss-[local|redir|server]
-s <server_host> -p <server_port>
-l <local_port> -k <password>
[-m <encrypt_method>] [-f <pid_file>]
[-t <timeout>] [-c <config_file>]
[-i <interface>] [-b <local_address>]
options:
encrypt_method: table, rc4,
aes-128-cfb, aes-192-cfb, aes-256-cfb,
bf-cfb, camellia-128-cfb, camellia-192-cfb,
camellia-256-cfb, cast5-cfb, des-cfb,
idea-cfb, rc2-cfb and seed-cfb
pid_file: valid path to the pid file
timeout: socket timeout in senconds
config_file: json format config file
interface: specific network interface to bind,
only avaliable in local and server modes
local_address: specific local address to bind,
only avaliable in local and redir modes
notes:
ss-redir provides a transparent proxy function and only works on the
Linux platform with iptables.
Advanced usage
The latest shadowsocks-libev has provided a redir mode. You can configure your linux based box or router to proxy all tcp traffic transparently.
# Create new chain
root@Wrt:~# iptables -t nat -N SHADOWSOCKS
# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN
# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to shadowsocks's local port
root@Wrt:~# iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345
# Apply the rules
root@Wrt:~# iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS
# Start the shadowsocks-redir
root@Wrt:~# ss-redir -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid
Security Tips
Although shadowsocks-libev can handle thousands of concurrent connections nicely, we still recommend to set up your server's firewall rules to limit connections from each user.
# Up to 32 connections are enough for normal usages
iptables -A INPUT -p tcp --syn --dport ${SHADOWSOCKS_PORT} -m connlimit --connlimit-above 32 -j REJECT --reject-with tcp-reset
License
Copyright (C) 2013 Max Lv max.c.lv@gmail.com
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.