#
PKG_NAME:=shadowsocks-libev
PKG_VERSION:=3.3.5
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION)
Note also that `src_ips_xx` and `dst_ips_xx` actually also accepts cidr network representation. Option names are retained in its current form for backward compatibility coniderations
+Extra nftables expressions can be specified with `nft_tcp_extra` and `nft_udp_extra` to apply ss_rules only to selected tcp/udp traffics. E.g. `tcp dport { 80, 443 }`, `udp dport 53`, etc.
+
# incompatible changes
| Commit date | Commit ID | Subject | Comment |
json_add_string o_dst_bypass_file "$dst_ips_bypass_file"
json_add_string o_dst_forward_file "$dst_ips_forward_file"
json_add_string o_dst_default "$dst_default"
+ json_add_string o_nft_tcp_extra "$nft_tcp_extra"
+ json_add_string o_nft_udp_extra "$nft_udp_extra"
json_dump -i >"$tmp.json"
if ucode -S -i "$ssrules_uc" -E "$tmp.json" >"$tmp.nft" \
'src_default:or("bypass", "forward", "checkdst"):checkdst' \
'dst_default:or("bypass", "forward"):bypass' \
'local_default:or("bypass", "forward", "checkdst"):bypass' \
+ 'nft_tcp_extra:string' \
+ 'nft_udp_extra:string' \
'ifnames:maxlength(15)'
}
{% if (proto == "tcp"): %}
chain ss_rules_forward_{{ proto }} {
- meta l4proto tcp redirect to :{{ redir_port }};
+ meta l4proto tcp {{ o_nft_tcp_extra }} redirect to :{{ redir_port }};
}
{% let local_verdict = get_local_verdict(); if (local_verdict): %}
chain ss_rules_local_out {
{% endif %}
{% elif (proto == "udp"): %}
chain ss_rules_forward_{{ proto }} {
- meta l4proto udp meta mark set 1 tproxy to :{{ redir_port }};
+ meta l4proto udp {{ o_nft_udp_extra }} meta mark set 1 tproxy to :{{ redir_port }};
}
{% endif %}
{% endif %}