include $(TOPDIR)/rules.mk
PKG_NAME:=shadowsocks-libev
-PKG_VERSION:=2.2.2
+PKG_VERSION:=2.2.3
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE)
-PKG_SOURCE_VERSION:=4883903e657095b93f88a3a3b9a0dccdffdaa397
+PKG_SOURCE_VERSION:=2b1eef11973de3f7380401fd20f937e84bc2b756
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
PKG_MAINTAINER:=Jian Chang <aa65535@live.com>
TITLE:=Lightweight Secured Socks5 Proxy $(2)
URL:=https://github.com/shadowsocks/shadowsocks-libev
VARIANT:=$(1)
- DEPENDS:=$(3) +resolveip +ipset +ip +iptables-mod-tproxy
+ DEPENDS:=$(3) +libpthread +ipset +ip +iptables-mod-tproxy
endef
Package/shadowsocks-libev = $(call Package/shadowsocks-libev/Default,openssl,(OpenSSL),+libopenssl)
Package/shadowsocks-libev-polarssl = $(call Package/shadowsocks-libev/Default,polarssl,(PolarSSL),+libpolarssl)
define Package/shadowsocks-libev/description
-Shadowsocks-libev is a lightweight secured scoks5 proxy for embedded devices and low end boxes.
+Shadowsocks-libev is a lightweight secured socks5 proxy for embedded devices and low end boxes.
endef
Package/shadowsocks-libev-polarssl/description = $(Package/shadowsocks-libev/description)
config_get server $1 server
config_get server_port $1 server_port
config_get local_port $1 local_port
- config_get password $1 password
config_get timeout $1 timeout
+ config_get password $1 password
config_get encrypt_method $1 encrypt_method
config_get ignore_list $1 ignore_list
- config_get udp_relay $1 udp_relay
+ config_get udp_mode $1 udp_mode
+ config_get udp_server $1 udp_server
+ config_get udp_server_port $1 udp_server_port
+ config_get udp_local_port $1 udp_local_port
+ config_get udp_timeout $1 udp_timeout
+ config_get udp_password $1 udp_password
+ config_get udp_encrypt_method $1 udp_encrypt_method
config_get_bool tunnel_enable $1 tunnel_enable
config_get tunnel_port $1 tunnel_port
config_get tunnel_forward $1 tunnel_forward
config_get wan_bp_ip $1 wan_bp_ip
config_get wan_fw_ip $1 wan_fw_ip
config_get ipt_ext $1 ipt_ext
+ : ${timeout:=60}
+ : ${udp_timeout:=60}
: ${tunnel_port:=5300}
: ${tunnel_forward:=8.8.4.4:53}
}
/usr/bin/ss-rules \
-s "$server" \
-l "$local_port" \
+ -S "$udp_server" \
+ -L "$udp_local_port" \
-i "$ignore_list" \
-a "$ac_args" \
-b "$wan_bp_ip" \
}
start_redir() {
- service_start /usr/bin/ss-redir \
- -c "$CONFIG_FILE" $udp
+ cat <<-EOF >$CONFIG_FILE
+ {
+ "server": "$server",
+ "server_port": $server_port,
+ "local_address": "0.0.0.0",
+ "local_port": $local_port,
+ "password": "$password",
+ "timeout": $timeout,
+ "method": "$encrypt_method"
+ }
+EOF
+ if [ "$udp_mode" = 2 ]; then
+ /usr/bin/ss-redir \
+ -c $CONFIG_FILE \
+ -f /var/run/ss-redir_t.pid
+ cat <<-EOF >$CONFIG_FILE
+ {
+ "server": "$udp_server",
+ "server_port": $udp_server_port,
+ "local_address": "0.0.0.0",
+ "local_port": $udp_local_port,
+ "password": "$udp_password",
+ "timeout": $udp_timeout,
+ "method": "$udp_encrypt_method"
+ }
+EOF
+ fi
+ /usr/bin/ss-redir \
+ -c $CONFIG_FILE \
+ -f /var/run/ss-redir.pid \
+ $udp
return $?
}
start_tunnel() {
- service_start /usr/bin/ss-tunnel \
- -c "$CONFIG_FILE" \
- -l "$tunnel_port" \
- -L "$tunnel_forward" \
- -u
+ : ${udp:="-u"}
+ /usr/bin/ss-tunnel \
+ -c $CONFIG_FILE \
+ -l $tunnel_port \
+ -L $tunnel_forward \
+ -f /var/run/ss-tunnel.pid \
+ $udp
return $?
}
config_load shadowsocks-libev
config_foreach get_config shadowsocks-libev
[ "$enable" = 1 ] || exit 0
- [ "$udp_relay" = 1 ] && udp="-u"
- mkdir -p $(dirname $CONFIG_FILE)
+ mkdir -p /var/run /var/etc
: ${server:?}
: ${server_port:?}
: ${local_port:?}
: ${password:?}
: ${encrypt_method:?}
- cat <<-EOF >$CONFIG_FILE
- {
- "server": "$server",
- "server_port": $server_port,
- "local_address": "0.0.0.0",
- "local_port": $local_port,
- "password": "$password",
- "timeout": $timeout,
- "method": "$encrypt_method"
- }
-EOF
+ case $udp_mode in
+ 1) udp="-u"
+ ;;
+ 2)
+ udp="-U"
+ : ${udp_server:?}
+ : ${udp_server_port:?}
+ : ${udp_local_port:?}
+ : ${udp_password:?}
+ : ${udp_encrypt_method:?}
+ ;;
+ esac
+
start_rules
}
stop() {
/usr/bin/ss-rules -f
- service_stop /usr/bin/ss-redir
- service_stop /usr/bin/ss-tunnel
- rm -f $CONFIG_FILE
+ killall -q -9 ss-redir
+ killall -q -9 ss-tunnel
}
-e <extra_options> extra options for iptables
-o apply the rules to the OUTPUT chain
-u enable udprelay mode, TPROXY is required
+ -U enable udprelay mode, using different IP
+ and ports for TCP and UDP
-f flush the rules
EOF
}
fw_rule() {
$ipt_n -N SS_SPEC_WAN_FW && \
$ipt_n -A SS_SPEC_WAN_FW -p tcp \
- -j REDIRECT --to-ports $LOCAL_PORT 2>/dev/null || {
+ -j REDIRECT --to-ports $local_port 2>/dev/null || {
loger 3 "Can't redirect, please check the iptables."
exit 1
}
}
tp_rule() {
- [ "$TPROXY" = 1 ] || return 0
+ [ -n "$TPROXY" ] || return 0
ip rule add fwmark 0x01/0x01 table 100
ip route add local 0.0.0.0/0 dev lo table 100
$ipt_m -N SS_SPEC_TPROXY
return $?
}
-while getopts ":s:l:c:i:e:a:b:w:ouf" arg; do
+while getopts ":s:l:S:L:i:e:a:b:w:ouUf" arg; do
case $arg in
s)
- SERVER=$OPTARG
+ server=$OPTARG
;;
l)
+ local_port=$OPTARG
+ ;;
+ S)
+ SERVER=$OPTARG
+ ;;
+ L)
LOCAL_PORT=$OPTARG
;;
i)
u)
TPROXY=1
;;
+ U)
+ TPROXY=2
+ ;;
f)
flush_r
exit 0
esac
done
-if [ -z "$SERVER" -o -z "$LOCAL_PORT" ]; then
+if [ -z "$server" -o -z "$local_port" ]; then
usage
exit 2
fi
-SERVER=$(resolveip -t60 $SERVER)
+if [ "$TPROXY" = 1 ]; then
+ SERVER=$server
+ LOCAL_PORT=$local_port
+fi
-if [ -z "$SERVER" ]; then
- loger 3 "Can't resolve the server hostname."
- exit 1
+if [ "$TPROXY" = 2 ]; then
+ if [ -z "$SERVER" -o -z "$LOCAL_PORT" ]; then
+ loger 3 "Please use -S and -L specifies IP and port for UDP."
+ fi
fi
if [ -f "$IGNORE" ]; then
fi
IPLIST=$(cat <<-EOF | grep -E "^([0-9]{1,3}\.){3}[0-9]{1,3}"
+ $server
$SERVER
0.0.0.0/8
10.0.0.0/8