cfal / shoes Goto Github PK

View Code? Open in Web Editor NEW

162.0 4.0 12.0 162 KB

A multi-protocol proxy server written in Rust (HTTP, HTTPS, SOCKS5, Vmess, Vless, Shadowsocks, Trojan, Snell)

License: MIT License

Rust 100.00%

shadowsocks vmess v2ray proxy-server proxy-client proxy gfw snell vless snell-server

shoes's Introduction

shoes

shoes is a multi-protocol proxy server written in Rust.

Supported protocols

HTTP/HTTPS (TCP, QUIC)
SOCKS5 (TCP, QUIC)
Vmess (TCP, QUIC, UDP-over-TCP)
- AEAD and Legacy modes
- Supported ciphers:
  - aes-128-gcm
  - chacha20-poly1305
Vless (TCP, QUIC)
Snell v3 (TCP, QUIC, UDP-over-TCP)
- Supported ciphers:
  - aes-128-gcm
  - aes-256-gcm
  - chacha20-ietf-poly1305
Shadowsocks (TCP, QUIC)
- Supported ciphers:
  - aes-128-gcm
  - aes-256-gcm
  - chacha20-ietf-poly1305
  - 2022-blake3-aes-128-gcm
  - 2022-blake3-aes-256-gcm
  - 2022-blake3-chacha20-ietf-poly1305
Trojan (TCP, QUIC)
- Supported ciphers:
  - aes-128-gcm
  - aes-256-gcm
  - chacha20-ietf-poly1305

Features

All supported protocols can be combined with the following features:

TLS support with SNI based forwarding
Websocket obfs (Shadowsocks SIP003)
Upstream proxy support: route connections through other proxy servers
Forwarding rules (allowlists/blocklists): Block or redirect connections based on IP or hostname
Hot reloading: Updated configs are automatically reloaded
Netmask and proxy groups

Examples

Here's an example of running a WSS vmess and shadowsocks server, with all requests routed through a SOCKS proxy:

# Listen on all IPv4 interfaces, port 443 (HTTPS)
- address: 0.0.0.0:443
  transport: tcp
  # Use TLS as the first protocol layer
  protocol:
    type: tls
    # Set a default target, for any (or no) SNI
    default_target:
      cert: cert.pem
      key: key.pem
      # ..which goes to a websocket server
      protocol:
        type: ws
        # .. where we have different supported proxy protocols, based on HTTP request path and headers.
        targets:
          - matching_path: /vmess
            matching_headers:
              X-Secret-Key: "secret"
            protocol:
              type: vmess
              # allow any cipher, which means: none, aes-128-gcm, or chacha20-poly1305.
              cipher: any
              user_id: b0e80a62-8a51-47f0-91f1-f0f7faf8d9d4
          - matching_path: /shadowsocks
            protocol:
              type: shadowsocks
              cipher: 2022-blake3-aes-256-gcm
              password: Hax8btYlNao5qcaN/l/NUl9JgbwapfqG5QyAtH+aKPg=
  rules:
    # Allow clients to connect to all IPs
    - mask: 0.0.0.0/0
      action: allow
      # Forward all requests through a local SOCKS server.
      client_proxy:
        address: 127.0.0.1:5000
        protocol:
          type: socks
          username: socksuser
          password: secretpass

For other YAML config examples, see the examples directory.

Installation

Precompiled binaries for x86_64 and Apple aarch64 are available on Github Releases.

Else, if you have a fairly recent Rust and cargo installation on your system, shoes can be installed with cargo.

cargo install shoes

Usage

shoes [OPTIONS] <YAML CONFIG PATH> [YAML CONFIG PATH] [..]

OPTIONS:

    -t, --threads NUM
        Set the number of worker threads. This usually defaults to the number of CPUs.

    -d, --dry-run
        Parse the config and exit.

Config format

Sorry, formal documentation for the YAML config format have not yet been written. You can refer to the examples, or open an issue if you need help.

Roadmap

Proxy client chaining
SOCKS and Shadowsocks UDP support

Similar projects

shadowsocks-rust: A Rust port of shadowsocks
v2ray-core: A full-featured proxy platform written in Go

shoes's People

Contributors

Stargazers

Watchers

Forkers

essoojay iq-scm tsai002 xixi0218 xucons nyx2022 gngpp bzw1204 tori-ham peyman1992 enp6 xi1314

shoes's Issues

update cfb-mode

cfb-mode had to be version locked due to RustCrypto/traits#964 - but now an alternative is available.

Don't require vmess server response immediately when client is established

https://github.com/cfal/shoes/blob/master/src/vmess/vmess_handler.rs#L984

Please add plugin support for shadowsocks server

Sorry if it already supports ss plugins. I need a shadowsocks server with obfs-simple plugin that forwards traffic to an upstream socks5 server.

Socks5 parent with no password

Hello!
I did try to not use socks5 user and password(trying to connect to local cloudflare warp socks5 proxy(127.0.0.1:40000) that does not support password authentication) as parent connection but it does not work.
Maybe there is some workaround for it?

Getting errors with Snell TCP server

Hello,
I'm getting,

[2023-09-07T17:18:52Z ERROR shoes::tcp_server] (MYIP):5448 finished with error: Custom { kind: InvalidData, error: "failed to setup server stream: open failed for length" }

error when starting snell server with

aes-256-gcm
chacha20-ietf-poly1305

ciphers.
Server works fine with aes-128-gcm cipher.
Please look into this. I'm looking forward for a solution.
Thank you.

Request for help with vless protocol implemented in rust

I referred to your shoes to implement a websocket vless tunnel running on cloudflare workers, but I found that when using safari to visit twitter/facebook/instagram, the webpage would fail to access, and some static files would fail to load, but the same implementation of js was fine https://github.com/zizifn/edgetunnel, I have no way to debug this problem, I'm not sure if it's a cloudflare workers issue or a problem with my code, so I'd like you to help me see if there's anything wrong with my implementation of vless, I'm a rust newbie and can't find any other way to get help for the time being. I apologize for any inconvenience.

https://github.com/zhu327/workers-tunnel/blob/main/src/lib.rs

clean up unwraps and error messages

there's quite a few places where we could be handling errors more gracefully, eg

$ ./shoes
No config specified, assuming loading from file config.shoes.yaml
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Error { kind: Io(Os { code: 2, kind: NotFound, message: "No such file or directory" }), paths: ["/home/jkl/shoes-async/config.shoes.yaml"] }', src/main.rs:71:14
stack backtrace:
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.