Plugin options are properties of shadowsocks deployment as a whole,
including both server and each client components. Multiple client
instances accessing the same server will need to share the same plugin
settings
With this change, plugin options will need to specified to "server" and
"ss-server" section, not to each component section.
Fixes: c19e949 ("shadowsocks-libev: add plugin options support")
Reference: https://github.com/openwrt/packages/issues/8903#issuecomment-489674137
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
A short while after 3.2.2 was tagged, it was superseded by 3.2.3 with a
minor fix for aligned memory allocation for 32-bit arch
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Changes summarized by upstream maintainer
* Add MinGW support by @linusyang.
* Refine c-ares integration by @xnoreq.
* Fix building issues with GCC8 by @FlyingheartCN.
* Minor bug fixes.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Notable changes since 3.1.2
afce1b3 eliminate timered delay between handshake and data stream #1572
539bf6e sni in redir removed and no disable_sni option #1876
1d94442..29ff5d3 udprelay fix (no idea what's the problem...) #1883
Now disable_sni=true is the default. Existing uci configs setting it
will be a nop
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
It's an option that is supposed to be fed by ss-manager. It can be
in the form of host:port or path to unix dgram socket. Drop it now with
the assumption that it has no real user at the moment
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Notable changes since 3.1.1
- 57ab828 fix possible use-after-free in ss-server
- 65e9d23 filter through acl first before doing sni detection
- b26cbc2 another attack on null ref
- d237a05 udprelay: fix off-by-one bug
- 0c3cf8b fix runtime TFO detection
- d445ea9 Linux 4.11 TFO socket option support
--no-delay is a new cmdline argument introduced in 3.1.0 to NOT turn off
TCP_NODELAY socket option, i.e. keeping it's default value without
setting it explicitly. This can be potentially useful for interactive
traffics
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Notable changes since 3.1.0
26ae365: fix possible socks5 exchange corruption caused by bad
state transition when parsing responses
f19a96e: fix segfault when presented with config {"mode": null}
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Notable changes since 3.0.8
ede744a: depends on libcares now instead of libudns
1c64829: new cmdline option --no-delay for not turning off TCP_NODELAY
9201619: ss-local: check if client supports socks5 protocol and no-auth-required method
f8283fc: Fix potential buffer overflow when parsing json config
380fddb: redir: fix conversion from DSCP to ToS
The two patches are now in the offical repo
ipset command line utility supports ranges of address: IP-IP, but the
dash character is also valid character in host names. If we have a
remote server ss-00.example.com, ipset may complain that
ipset v6.32: Syntax error: cannot parse ss: resolving to IPv4 address failed
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
ubox 'list' type is for validating multiple elements separated by
tabs/whitespaces in a single value. E.g. The following should not be
accepted
list src_ip_bypass '1.2.3.4 4.3.2.1'
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- New UCI options ifnames, dst_default
- UCI options src_ips_xxx now accept cidr as their values
- Export ipset names as part of the interface so that it can be
depended on and used by other programs
- Bypass only remote servers used ss-redir instances, so that it's
possible to let other servers to go through existing re-redir
instances
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This is the default value taken by ss-server and ss-redir. After this
change ss_rules section can still use those ss-redir instances who do
not have mode explicitly specified.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- It's a common practice that assert should be ignored in release build
- Whether to enable ssp should be decided by the config of build system
This was taken from Makefile in shadowsocks/openwrt-shadowsocks.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Notable changes since 3.0.6
f308dde ss-server: fix a use-after-free bug
0b2dce5 ss-redir: fix a mem leak
b7bdb16 ss-local: SOCKS5 UDP associate terminates the connection prematurely
3f0d39a ss-local: use getsockname udp_fd where it applies (fixes local_port==0)
eb30a3d fix possible data loss with salsa20 cipher
0559d8c fix partial nonce data being overwritten
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The change is mainly for keeping compatibility with old validate_data
before ubox commit ac481cdd99 in Sat Jul
16 14:52:36 2016 +0200. The behaviour change comes with that commit can
be seen with the following command line session
root@LEDE:/usr/bin# validate_data network interface wan 'disabled:bool:false'
network.wan.disabled is unset and defaults to bool false
disabled=0; root@LEDE:/usr/bin#
root@OpenWrt:/# validate_data network interface lan 'disabled:bool:false'
disabled='false'; root@OpenWrt:/#
This will cause shadowsocks-libev in current master branch fail on OpenWrt
15.01 though they actually should only use packages from the 15.01 branch...
Fixesopenwrt/packages#4614
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>