diff --git a/net/shadowsocks-libev/Makefile b/net/shadowsocks-libev/Makefile index 2d057292f..415c2dfcc 100644 --- a/net/shadowsocks-libev/Makefile +++ b/net/shadowsocks-libev/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=shadowsocks-libev -PKG_VERSION:=2.2.2 +PKG_VERSION:=2.2.3 PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE) -PKG_SOURCE_VERSION:=4883903e657095b93f88a3a3b9a0dccdffdaa397 +PKG_SOURCE_VERSION:=2b1eef11973de3f7380401fd20f937e84bc2b756 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz PKG_MAINTAINER:=Jian Chang @@ -36,14 +36,14 @@ define Package/shadowsocks-libev/Default TITLE:=Lightweight Secured Socks5 Proxy $(2) URL:=https://github.com/shadowsocks/shadowsocks-libev VARIANT:=$(1) - DEPENDS:=$(3) +resolveip +ipset +ip +iptables-mod-tproxy + DEPENDS:=$(3) +libpthread +ipset +ip +iptables-mod-tproxy endef Package/shadowsocks-libev = $(call Package/shadowsocks-libev/Default,openssl,(OpenSSL),+libopenssl) Package/shadowsocks-libev-polarssl = $(call Package/shadowsocks-libev/Default,polarssl,(PolarSSL),+libpolarssl) define Package/shadowsocks-libev/description -Shadowsocks-libev is a lightweight secured scoks5 proxy for embedded devices and low end boxes. +Shadowsocks-libev is a lightweight secured socks5 proxy for embedded devices and low end boxes. endef Package/shadowsocks-libev-polarssl/description = $(Package/shadowsocks-libev/description) diff --git a/net/shadowsocks-libev/files/shadowsocks-libev.config b/net/shadowsocks-libev/files/shadowsocks-libev.config index 2f7be3d2a..95aec7b2e 100644 --- a/net/shadowsocks-libev/files/shadowsocks-libev.config +++ b/net/shadowsocks-libev/files/shadowsocks-libev.config @@ -8,7 +8,7 @@ config shadowsocks-libev option timeout '60' option encrypt_method 'rc4-md5' option ignore_list '/dev/null' - option udp_relay '0' + option udp_mode '0' option tunnel_enable '1' option tunnel_port '5300' option tunnel_forward '8.8.4.4:53' diff --git a/net/shadowsocks-libev/files/shadowsocks-libev.init b/net/shadowsocks-libev/files/shadowsocks-libev.init index 3d149e754..9a64038a7 100644 --- a/net/shadowsocks-libev/files/shadowsocks-libev.init +++ b/net/shadowsocks-libev/files/shadowsocks-libev.init @@ -14,11 +14,17 @@ get_config() { config_get server $1 server config_get server_port $1 server_port config_get local_port $1 local_port - config_get password $1 password config_get timeout $1 timeout + config_get password $1 password config_get encrypt_method $1 encrypt_method config_get ignore_list $1 ignore_list - config_get udp_relay $1 udp_relay + config_get udp_mode $1 udp_mode + config_get udp_server $1 udp_server + config_get udp_server_port $1 udp_server_port + config_get udp_local_port $1 udp_local_port + config_get udp_timeout $1 udp_timeout + config_get udp_password $1 udp_password + config_get udp_encrypt_method $1 udp_encrypt_method config_get_bool tunnel_enable $1 tunnel_enable config_get tunnel_port $1 tunnel_port config_get tunnel_forward $1 tunnel_forward @@ -27,6 +33,8 @@ get_config() { config_get wan_bp_ip $1 wan_bp_ip config_get wan_fw_ip $1 wan_fw_ip config_get ipt_ext $1 ipt_ext + : ${timeout:=60} + : ${udp_timeout:=60} : ${tunnel_port:=5300} : ${tunnel_forward:=8.8.4.4:53} } @@ -45,6 +53,8 @@ start_rules() { /usr/bin/ss-rules \ -s "$server" \ -l "$local_port" \ + -S "$udp_server" \ + -L "$udp_local_port" \ -i "$ignore_list" \ -a "$ac_args" \ -b "$wan_bp_ip" \ @@ -55,17 +65,48 @@ start_rules() { } start_redir() { - service_start /usr/bin/ss-redir \ - -c "$CONFIG_FILE" $udp + cat <<-EOF >$CONFIG_FILE + { + "server": "$server", + "server_port": $server_port, + "local_address": "0.0.0.0", + "local_port": $local_port, + "password": "$password", + "timeout": $timeout, + "method": "$encrypt_method" + } +EOF + if [ "$udp_mode" = 2 ]; then + /usr/bin/ss-redir \ + -c $CONFIG_FILE \ + -f /var/run/ss-redir_t.pid + cat <<-EOF >$CONFIG_FILE + { + "server": "$udp_server", + "server_port": $udp_server_port, + "local_address": "0.0.0.0", + "local_port": $udp_local_port, + "password": "$udp_password", + "timeout": $udp_timeout, + "method": "$udp_encrypt_method" + } +EOF + fi + /usr/bin/ss-redir \ + -c $CONFIG_FILE \ + -f /var/run/ss-redir.pid \ + $udp return $? } start_tunnel() { - service_start /usr/bin/ss-tunnel \ - -c "$CONFIG_FILE" \ - -l "$tunnel_port" \ - -L "$tunnel_forward" \ - -u + : ${udp:="-u"} + /usr/bin/ss-tunnel \ + -c $CONFIG_FILE \ + -l $tunnel_port \ + -L $tunnel_forward \ + -f /var/run/ss-tunnel.pid \ + $udp return $? } @@ -73,25 +114,26 @@ rules() { config_load shadowsocks-libev config_foreach get_config shadowsocks-libev [ "$enable" = 1 ] || exit 0 - [ "$udp_relay" = 1 ] && udp="-u" - mkdir -p $(dirname $CONFIG_FILE) + mkdir -p /var/run /var/etc : ${server:?} : ${server_port:?} : ${local_port:?} : ${password:?} : ${encrypt_method:?} - cat <<-EOF >$CONFIG_FILE - { - "server": "$server", - "server_port": $server_port, - "local_address": "0.0.0.0", - "local_port": $local_port, - "password": "$password", - "timeout": $timeout, - "method": "$encrypt_method" - } -EOF + case $udp_mode in + 1) udp="-u" + ;; + 2) + udp="-U" + : ${udp_server:?} + : ${udp_server_port:?} + : ${udp_local_port:?} + : ${udp_password:?} + : ${udp_encrypt_method:?} + ;; + esac + start_rules } @@ -109,7 +151,6 @@ start() { stop() { /usr/bin/ss-rules -f - service_stop /usr/bin/ss-redir - service_stop /usr/bin/ss-tunnel - rm -f $CONFIG_FILE + killall -q -9 ss-redir + killall -q -9 ss-tunnel } diff --git a/net/shadowsocks-libev/files/ss-rules b/net/shadowsocks-libev/files/ss-rules index e9e229518..8ce1000cb 100644 --- a/net/shadowsocks-libev/files/ss-rules +++ b/net/shadowsocks-libev/files/ss-rules @@ -16,6 +16,8 @@ usage() { -e extra options for iptables -o apply the rules to the OUTPUT chain -u enable udprelay mode, TPROXY is required + -U enable udprelay mode, using different IP + and ports for TCP and UDP -f flush the rules EOF } @@ -69,7 +71,7 @@ EOF fw_rule() { $ipt_n -N SS_SPEC_WAN_FW && \ $ipt_n -A SS_SPEC_WAN_FW -p tcp \ - -j REDIRECT --to-ports $LOCAL_PORT 2>/dev/null || { + -j REDIRECT --to-ports $local_port 2>/dev/null || { loger 3 "Can't redirect, please check the iptables." exit 1 } @@ -111,7 +113,7 @@ EOF } tp_rule() { - [ "$TPROXY" = 1 ] || return 0 + [ -n "$TPROXY" ] || return 0 ip rule add fwmark 0x01/0x01 table 100 ip route add local 0.0.0.0/0 dev lo table 100 $ipt_m -N SS_SPEC_TPROXY @@ -123,12 +125,18 @@ tp_rule() { return $? } -while getopts ":s:l:c:i:e:a:b:w:ouf" arg; do +while getopts ":s:l:S:L:i:e:a:b:w:ouUf" arg; do case $arg in s) - SERVER=$OPTARG + server=$OPTARG ;; l) + local_port=$OPTARG + ;; + S) + SERVER=$OPTARG + ;; + L) LOCAL_PORT=$OPTARG ;; i) @@ -152,6 +160,9 @@ while getopts ":s:l:c:i:e:a:b:w:ouf" arg; do u) TPROXY=1 ;; + U) + TPROXY=2 + ;; f) flush_r exit 0 @@ -159,16 +170,20 @@ while getopts ":s:l:c:i:e:a:b:w:ouf" arg; do esac done -if [ -z "$SERVER" -o -z "$LOCAL_PORT" ]; then +if [ -z "$server" -o -z "$local_port" ]; then usage exit 2 fi -SERVER=$(resolveip -t60 $SERVER) +if [ "$TPROXY" = 1 ]; then + SERVER=$server + LOCAL_PORT=$local_port +fi -if [ -z "$SERVER" ]; then - loger 3 "Can't resolve the server hostname." - exit 1 +if [ "$TPROXY" = 2 ]; then + if [ -z "$SERVER" -o -z "$LOCAL_PORT" ]; then + loger 3 "Please use -S and -L specifies IP and port for UDP." + fi fi if [ -f "$IGNORE" ]; then @@ -176,6 +191,7 @@ if [ -f "$IGNORE" ]; then fi IPLIST=$(cat <<-EOF | grep -E "^([0-9]{1,3}\.){3}[0-9]{1,3}" + $server $SERVER 0.0.0.0/8 10.0.0.0/8