Notable changes since 3.1.2
afce1b3 eliminate timered delay between handshake and data stream #1572
539bf6e sni in redir removed and no disable_sni option #1876
1d94442..29ff5d3 udprelay fix (no idea what's the problem...) #1883
Now disable_sni=true is the default. Existing uci configs setting it
will be a nop
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
It's an option that is supposed to be fed by ss-manager. It can be
in the form of host:port or path to unix dgram socket. Drop it now with
the assumption that it has no real user at the moment
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Notable changes since 3.1.1
- 57ab828 fix possible use-after-free in ss-server
- 65e9d23 filter through acl first before doing sni detection
- b26cbc2 another attack on null ref
- d237a05 udprelay: fix off-by-one bug
- 0c3cf8b fix runtime TFO detection
- d445ea9 Linux 4.11 TFO socket option support
--no-delay is a new cmdline argument introduced in 3.1.0 to NOT turn off
TCP_NODELAY socket option, i.e. keeping it's default value without
setting it explicitly. This can be potentially useful for interactive
traffics
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Notable changes since 3.1.0
26ae365: fix possible socks5 exchange corruption caused by bad
state transition when parsing responses
f19a96e: fix segfault when presented with config {"mode": null}
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Notable changes since 3.0.8
ede744a: depends on libcares now instead of libudns
1c64829: new cmdline option --no-delay for not turning off TCP_NODELAY
9201619: ss-local: check if client supports socks5 protocol and no-auth-required method
f8283fc: Fix potential buffer overflow when parsing json config
380fddb: redir: fix conversion from DSCP to ToS
The two patches are now in the offical repo
ipset command line utility supports ranges of address: IP-IP, but the
dash character is also valid character in host names. If we have a
remote server ss-00.example.com, ipset may complain that
ipset v6.32: Syntax error: cannot parse ss: resolving to IPv4 address failed
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
ubox 'list' type is for validating multiple elements separated by
tabs/whitespaces in a single value. E.g. The following should not be
accepted
list src_ip_bypass '1.2.3.4 4.3.2.1'
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- New UCI options ifnames, dst_default
- UCI options src_ips_xxx now accept cidr as their values
- Export ipset names as part of the interface so that it can be
depended on and used by other programs
- Bypass only remote servers used ss-redir instances, so that it's
possible to let other servers to go through existing re-redir
instances
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This is the default value taken by ss-server and ss-redir. After this
change ss_rules section can still use those ss-redir instances who do
not have mode explicitly specified.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- It's a common practice that assert should be ignored in release build
- Whether to enable ssp should be decided by the config of build system
This was taken from Makefile in shadowsocks/openwrt-shadowsocks.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Notable changes since 3.0.6
f308dde ss-server: fix a use-after-free bug
0b2dce5 ss-redir: fix a mem leak
b7bdb16 ss-local: SOCKS5 UDP associate terminates the connection prematurely
3f0d39a ss-local: use getsockname udp_fd where it applies (fixes local_port==0)
eb30a3d fix possible data loss with salsa20 cipher
0559d8c fix partial nonce data being overwritten
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The change is mainly for keeping compatibility with old validate_data
before ubox commit ac481cdd99 in Sat Jul
16 14:52:36 2016 +0200. The behaviour change comes with that commit can
be seen with the following command line session
root@LEDE:/usr/bin# validate_data network interface wan 'disabled:bool:false'
network.wan.disabled is unset and defaults to bool false
disabled=0; root@LEDE:/usr/bin#
root@OpenWrt:/# validate_data network interface lan 'disabled:bool:false'
disabled='false'; root@OpenWrt:/#
This will cause shadowsocks-libev in current master branch fail on OpenWrt
15.01 though they actually should only use packages from the 15.01 branch...
Fixesopenwrt/packages#4614
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- Selecting only a single or subset of all components of shadowsocks-libev is
now possible (this is the main motivation behind the rewrite)
- Configuring multiple instances of the same component is now also possible
- Same option names as with the json config
- Unified configuration generation method for each component
- Add support for ss-local, ss-tunnel, ss-server
- Most data validation is now done with validate_data
- USE_PROCD=1
- Update ss-rules with the one from shadowsocks/luci-app-shadowsocks
- Add README.md
- Set myself as the maintainer
Addresses #4435
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Below are changes in the packaging method
- Use tarball provided by the upstream project maintainer instead of
cloning the whole git-repo
- Drop openssl variant as it was deprecated then removed by the
upstream project
- Add dependency on libev, libsodium, libudns as they are not bundled
with the source code anymore
Addresses issue #4191
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou
Leong Hui Wong
Daniel Engberg
Jian Chang