shadowsocks / shadowsocks-libev Goto Github PK

View Code? Open in Web Editor NEW

This project forked from clowwindy/shadowsocks-libev

15.7K 760.0 5.7K 10.37 MB

Bug-fix-only libev port of shadowsocks. Future development moved to shadowsocks-rust

Home Page: https://github.com/shadowsocks/shadowsocks-rust

License: GNU General Public License v3.0

Shell 5.13% C 83.23% Makefile 0.74% M4 5.99% CMake 3.79% Batchfile 0.12% Python 0.61% Dockerfile 0.39%

c shadowsocks

shadowsocks-libev's Introduction

shadowsocks-libev

Intro

Shadowsocks-libev is a lightweight secured SOCKS5 proxy for embedded devices and low-end boxes.

It is a port of Shadowsocks created by @clowwindy, and maintained by @madeye and @linusyang.

Current version: 3.3.5 | Changelog

Features

Shadowsocks-libev is written in pure C and depends on libev. It's designed to be a lightweight implementation of shadowsocks protocol, in order to keep the resource usage as low as possible.

For a full list of feature comparison between different versions of shadowsocks, refer to the Wiki page.

Quick Start

Snap is the recommended way to install the latest binaries.

Install snap core

https://snapcraft.io/core

Install from snapcraft.io

Stable channel:

sudo snap install shadowsocks-libev

Edge channel:

sudo snap install shadowsocks-libev --edge

Installation

Distribution-specific guide

Debian & Ubuntu
Fedora & RHEL
- Build from source with centos
Archlinux & Manjaro
NixOS
Nix
Directly build and install on UNIX-like system
FreeBSD
OpenWRT
OS X
Windows (MinGW)
Docker

Initialise the build environment

This repository uses submodules, so you should pull them before you start, using:

git submodule update --init --recursive

Pre-build configure guide

For a complete list of available configure-time option, try configure --help.

Debian & Ubuntu

Install from repository (not recommended)

Shadowsocks-libev is available in the official repository for following distributions:

Debian 8 or higher, including oldoldstable (jessie), old stable (stretch), stable (buster), testing (bullseye) and unstable (sid)
Ubuntu 16.10 or higher

sudo apt update
sudo apt install shadowsocks-libev

Build deb package from source

Supported distributions:

Debian 8, 9 or higher
Ubuntu 14.04 LTS, 16.04 LTS, 16.10 or higher

You can build shadowsocks-libev and all its dependencies by script:

mkdir -p ~/build-area/
cp ./scripts/build_deb.sh ~/build-area/
cd ~/build-area
./build_deb.sh

For older systems, building .deb packages is not supported. Please try to build and install directly from source. See the Linux section below.

Note for Debian 8 (Jessie) users to build their own deb packages:

We strongly encourage you to install shadowsocks-libev from jessie-backports-sloppy. If you insist on building from source, you will need to manually install libsodium from jessie-backports-sloppy, NOT libsodium in main repository.

For more info about backports, you can refer Debian Backports.

cd shadowsocks-libev
sudo sh -c 'printf "deb http://deb.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/jessie-backports.list'
sudo sh -c 'printf "deb http://deb.debian.org/debian jessie-backports-sloppy main" >> /etc/apt/sources.list.d/jessie-backports.list'
sudo apt-get install --no-install-recommends devscripts equivs
mk-build-deps --root-cmd sudo --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y"
./autogen.sh && dpkg-buildpackage -b -us -uc
cd ..
sudo dpkg -i shadowsocks-libev*.deb

Note for Debian 9 (Stretch) users to build their own deb packages:

We strongly encourage you to install shadowsocks-libev from stretch-backports. If you insist on building from source, you will need to manually install libsodium from stretch-backports, NOT libsodium in main repository.

For more info about backports, you can refer Debian Backports.

cd shadowsocks-libev
sudo sh -c 'printf "deb http://deb.debian.org/debian stretch-backports main" > /etc/apt/sources.list.d/stretch-backports.list'
sudo apt-get install --no-install-recommends devscripts equivs
mk-build-deps --root-cmd sudo --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y"
./autogen.sh && dpkg-buildpackage -b -us -uc
cd ..
sudo dpkg -i shadowsocks-libev*.deb

Configure and start the service

# Edit the configuration file
sudo vim /etc/shadowsocks-libev/config.json

# Edit the default configuration for debian
sudo vim /etc/default/shadowsocks-libev

# Start the service
sudo /etc/init.d/shadowsocks-libev start    # for sysvinit, or
sudo systemctl start shadowsocks-libev      # for systemd

Fedora & RHEL

Supported distributions:

Recent Fedora versions (until EOL)
RHEL 6, 7 and derivatives (including CentOS, Scientific Linux)

Build from source with centos

If you are using CentOS 7, you need to install these prerequirements to build from source code:

yum install epel-release -y
yum install gcc gettext autoconf libtool automake make pcre-devel asciidoc xmlto c-ares-devel libev-devel libsodium-devel mbedtls-devel -y

Archlinux & Manjaro

sudo pacman -S shadowsocks-libev

Please refer to downstream PKGBUILD script for extra modifications and distribution-specific bugs.

NixOS

nix-env -iA nixos.shadowsocks-libev

Nix

nix-env -iA nixpkgs.shadowsocks-libev

Linux

In general, you need the following build dependencies:

autotools (autoconf, automake, libtool)
gettext
pkg-config
libmbedtls
libsodium
libpcre3 (old pcre library)
libev
libc-ares
asciidoc (for documentation only)
xmlto (for documentation only)

Notes: Fedora 26 libsodium version >= 1.0.12, so you can install via dnf install libsodium instead build from source.

If your system is too old to provide libmbedtls and libsodium (later than v1.0.8), you will need to either install those libraries manually or upgrade your system.

If your system provides with those libraries, you should not install them from source.You should jump to this section and install them from the distribution repository instead.

For some of the distributions, you might install build dependencies like this:

# Installation of basic build dependencies
## Debian / Ubuntu
sudo apt-get install --no-install-recommends gettext build-essential autoconf libtool libpcre3-dev asciidoc xmlto libev-dev libc-ares-dev automake libmbedtls-dev libsodium-dev pkg-config
## CentOS / Fedora / RHEL
sudo yum install gettext gcc autoconf libtool automake make asciidoc xmlto c-ares-devel libev-devel
## Arch
sudo pacman -S gettext gcc autoconf libtool automake make asciidoc xmlto c-ares libev

# Installation of libsodium
export LIBSODIUM_VER=1.0.16
wget https://download.libsodium.org/libsodium/releases/old/libsodium-$LIBSODIUM_VER.tar.gz
tar xvf libsodium-$LIBSODIUM_VER.tar.gz
pushd libsodium-$LIBSODIUM_VER
./configure --prefix=/usr && make
sudo make install
popd
sudo ldconfig

# Installation of MbedTLS
export MBEDTLS_VER=2.6.0
wget https://github.com/Mbed-TLS/mbedtls/archive/refs/tags/mbedtls-$MBEDTLS_VER.tar.gz
tar xvf mbedtls-$MBEDTLS_VER.tar.gz
pushd mbedtls-$MBEDTLS_VER
make SHARED=1 CFLAGS="-O2 -fPIC"
sudo make DESTDIR=/usr install
popd
sudo ldconfig

# Start building
./autogen.sh && ./configure && make
sudo make install

You may need to manually install missing softwares.

FreeBSD

Install

Shadowsocks-libev is available in FreeBSD Ports Collection. You can install it in either way, pkg or ports.

pkg (recommended)

pkg install shadowsocks-libev

ports

cd /usr/ports/net/shadowsocks-libev
make install

Configuration

Edit your config.json file. By default, it's located in /usr/local/etc/shadowsocks-libev.

To enable shadowsocks-libev, add the following rc variable to your /etc/rc.conf file:

shadowsocks_libev_enable="YES"

Run

Start the Shadowsocks server:

service shadowsocks_libev start

Run as client

By default, shadowsocks-libev is running as a server in FreeBSD. If you would like to start shadowsocks-libev in client mode, you can modify the rc script (/usr/local/etc/rc.d/shadowsocks_libev) manually.

# modify the following line from "ss-server" to "ss-local"
command="/usr/local/bin/ss-local"

Note that is simply a workaround, each time you upgrade the port your changes will be overwritten by the new version.

OpenWRT

The OpenWRT project is maintained here: openwrt-shadowsocks.

OS X

For OS X, use Homebrew to install or build.

Install Homebrew:

ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Install shadowsocks-libev:

brew install shadowsocks-libev

Windows (MinGW)

To build Windows native binaries, the recommended method is to use Docker:

On Windows: double-click make.bat in docker\mingw

On Unix-like system:

  cd shadowsocks-libev/docker/mingw
  make

A tarball with 32-bit and 64-bit binaries will be generated in the same directory.

You could also manually use MinGW-w64 compilers to build in Unix-like shell (MSYS2/Cygwin), or cross-compile on Unix-like systems (Linux/MacOS). Please refer to build scripts in docker/mingw.

Currently you need to use a patched libev library for MinGW:

https://github.com/shadowsocks/libev/archive/mingw.zip

Notice that TCP Fast Open (TFO) is only available on Windows 10, 1607 or later version (precisely, build >= 14393). If you are using 1709 (build 16299) or later version, you also need to run the following command in PowerShell/Command Prompt as Administrator and reboot to use TFO properly:

    netsh int tcp set global fastopenfallback=disabled

Docker

As you expect, simply pull the image and run.

docker pull shadowsocks/shadowsocks-libev
docker run -e PASSWORD=<password> -p<server-port>:8388 -p<server-port>:8388/udp -d shadowsocks/shadowsocks-libev

More information about the image can be found here.

Usage

For a detailed and complete list of all supported arguments, you may refer to the man pages of the applications, respectively.

ss-[local|redir|server|tunnel|manager]

   -s <server_host>           Host name or IP address of your remote server.

   -p <server_port>           Port number of your remote server.

   -l <local_port>            Port number of your local server.

   -k <password>              Password of your remote server.

   -m <encrypt_method>        Encrypt method: rc4-md5,
                              aes-128-gcm, aes-192-gcm, aes-256-gcm,
                              aes-128-cfb, aes-192-cfb, aes-256-cfb,
                              aes-128-ctr, aes-192-ctr, aes-256-ctr,
                              camellia-128-cfb, camellia-192-cfb,
                              camellia-256-cfb, bf-cfb,
                              chacha20-ietf-poly1305,
                              xchacha20-ietf-poly1305,
                              salsa20, chacha20 and chacha20-ietf.
                              The default cipher is chacha20-ietf-poly1305.

   [-a <user>]                Run as another user.

   [-f <pid_file>]            The file path to store pid.

   [-t <timeout>]             Socket timeout in seconds.

   [-c <config_file>]         The path to config file.

   [-n <number>]              Max number of open files.

   [-i <interface>]           Network interface to bind.
                              (not available in redir mode)

   [-b <local_address>]       Local address to bind.
                              For servers: Specify the local address to use 
                              while this server is making outbound 
                              connections to remote servers on behalf of the
                              clients.
                              For clients: Specify the local address to use 
                              while this client is making outbound 
                              connections to the server.

   [-u]                       Enable UDP relay.
                              (TPROXY is required in redir mode)

   [-U]                       Enable UDP relay and disable TCP relay.
                              (not available in local mode)

   [-T]                       Use tproxy instead of redirect. (for tcp)
                              (only available in redir mode)

   [-L <addr>:<port>]         Destination server address and port
                              for local port forwarding.
                              (only available in tunnel mode)

   [-6]                       Resolve hostname to IPv6 address first.

   [-d <addr>]                Name servers for internal DNS resolver.
                              (only available in server mode)

   [--reuse-port]             Enable port reuse.

   [--fast-open]              Enable TCP fast open.
                              with Linux kernel > 3.7.0.
                              (only available in local and server mode)

   [--acl <acl_file>]         Path to ACL (Access Control List).
                              (only available in local and server mode)

   [--manager-address <addr>] UNIX domain socket address.
                              (only available in server and manager mode)

   [--mtu <MTU>]              MTU of your network interface.

   [--mptcp]                  Enable Multipath TCP on MPTCP Kernel.

   [--no-delay]               Enable TCP_NODELAY.

   [--executable <path>]      Path to the executable of ss-server.
                              (only available in manager mode)

   [-D <path>]                Path to the working directory of ss-manager.
                              (only available in manager mode)

   [--key <key_in_base64>]    Key of your remote server.

   [--plugin <name>]          Enable SIP003 plugin. (Experimental)

   [--plugin-opts <options>]  Set SIP003 plugin options. (Experimental)

   [-v]                       Verbose mode.

Transparent proxy

The latest shadowsocks-libev has provided a redir mode. You can configure your Linux-based box or router to proxy all TCP traffic transparently, which is handy if you use an OpenWRT-powered router.

# Create new chain
iptables -t nat -N SHADOWSOCKS
iptables -t mangle -N SHADOWSOCKS

# Ignore your shadowsocks server's addresses
# It's very IMPORTANT, just be careful.
iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN

# Ignore LANs and any other addresses you'd like to bypass the proxy
# See Wikipedia and RFC5735 for full list of reserved networks.
# See ashi009/bestroutetb for a highly optimized CHN route list.
iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN

# Anything else should be redirected to shadowsocks's local port
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345

# Add any UDP rules
ip route add local default dev lo table 100
ip rule add fwmark 1 lookup 100
iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01

# Apply the rules
iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
iptables -t mangle -A PREROUTING -j SHADOWSOCKS

# Start the shadowsocks-redir
ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid

Transparent proxy (pure tproxy)

Executing this script on the linux host can proxy all outgoing traffic of this machine (except the traffic sent to the reserved address). Other hosts under the same LAN can also change their default gateway to the ip of this linux host (at the same time change the dns server to 1.1.1.1 or 8.8.8.8, etc.) to proxy their outgoing traffic.

Of course, the ipv6 proxy is similar, just change iptables to ip6tables, ip to ip -6, 127.0.0.1 to ::1, and other details.

#!/bin/bash

start_ssredir() {
    # please modify MyIP, MyPort, etc.
    (ss-redir -s MyIP -p MyPort -m MyMethod -k MyPasswd -b 127.0.0.1 -l 60080 --no-delay -u -T -v </dev/null &>>/var/log/ss-redir.log &)
}

stop_ssredir() {
    kill -9 $(pidof ss-redir) &>/dev/null
}

start_iptables() {
    ##################### SSREDIR #####################
    iptables -t mangle -N SSREDIR

    # connection-mark -> packet-mark
    iptables -t mangle -A SSREDIR -j CONNMARK --restore-mark
    iptables -t mangle -A SSREDIR -m mark --mark 0x2333 -j RETURN

    # please modify MyIP, MyPort, etc.
    # ignore traffic sent to ss-server
    iptables -t mangle -A SSREDIR -p tcp -d MyIP --dport MyPort -j RETURN
    iptables -t mangle -A SSREDIR -p udp -d MyIP --dport MyPort -j RETURN

    # ignore traffic sent to reserved addresses
    iptables -t mangle -A SSREDIR -d 0.0.0.0/8          -j RETURN
    iptables -t mangle -A SSREDIR -d 10.0.0.0/8         -j RETURN
    iptables -t mangle -A SSREDIR -d 100.64.0.0/10      -j RETURN
    iptables -t mangle -A SSREDIR -d 127.0.0.0/8        -j RETURN
    iptables -t mangle -A SSREDIR -d 169.254.0.0/16     -j RETURN
    iptables -t mangle -A SSREDIR -d 172.16.0.0/12      -j RETURN
    iptables -t mangle -A SSREDIR -d 192.0.0.0/24       -j RETURN
    iptables -t mangle -A SSREDIR -d 192.0.2.0/24       -j RETURN
    iptables -t mangle -A SSREDIR -d 192.88.99.0/24     -j RETURN
    iptables -t mangle -A SSREDIR -d 192.168.0.0/16     -j RETURN
    iptables -t mangle -A SSREDIR -d 198.18.0.0/15      -j RETURN
    iptables -t mangle -A SSREDIR -d 198.51.100.0/24    -j RETURN
    iptables -t mangle -A SSREDIR -d 203.0.113.0/24     -j RETURN
    iptables -t mangle -A SSREDIR -d 224.0.0.0/4        -j RETURN
    iptables -t mangle -A SSREDIR -d 240.0.0.0/4        -j RETURN
    iptables -t mangle -A SSREDIR -d 255.255.255.255/32 -j RETURN

    # mark the first packet of the connection
    iptables -t mangle -A SSREDIR -p tcp --syn                      -j MARK --set-mark 0x2333
    iptables -t mangle -A SSREDIR -p udp -m conntrack --ctstate NEW -j MARK --set-mark 0x2333

    # packet-mark -> connection-mark
    iptables -t mangle -A SSREDIR -j CONNMARK --save-mark

    ##################### OUTPUT #####################
    # proxy the outgoing traffic from this machine
    iptables -t mangle -A OUTPUT -p tcp -m addrtype --src-type LOCAL ! --dst-type LOCAL -j SSREDIR
    iptables -t mangle -A OUTPUT -p udp -m addrtype --src-type LOCAL ! --dst-type LOCAL -j SSREDIR

    ##################### PREROUTING #####################
    # proxy traffic passing through this machine (other->other)
    iptables -t mangle -A PREROUTING -p tcp -m addrtype ! --src-type LOCAL ! --dst-type LOCAL -j SSREDIR
    iptables -t mangle -A PREROUTING -p udp -m addrtype ! --src-type LOCAL ! --dst-type LOCAL -j SSREDIR

    # hand over the marked package to TPROXY for processing
    iptables -t mangle -A PREROUTING -p tcp -m mark --mark 0x2333 -j TPROXY --on-ip 127.0.0.1 --on-port 60080
    iptables -t mangle -A PREROUTING -p udp -m mark --mark 0x2333 -j TPROXY --on-ip 127.0.0.1 --on-port 60080
}

stop_iptables() {
    ##################### PREROUTING #####################
    iptables -t mangle -D PREROUTING -p tcp -m mark --mark 0x2333 -j TPROXY --on-ip 127.0.0.1 --on-port 60080 &>/dev/null
    iptables -t mangle -D PREROUTING -p udp -m mark --mark 0x2333 -j TPROXY --on-ip 127.0.0.1 --on-port 60080 &>/dev/null

    iptables -t mangle -D PREROUTING -p tcp -m addrtype ! --src-type LOCAL ! --dst-type LOCAL -j SSREDIR &>/dev/null
    iptables -t mangle -D PREROUTING -p udp -m addrtype ! --src-type LOCAL ! --dst-type LOCAL -j SSREDIR &>/dev/null

    ##################### OUTPUT #####################
    iptables -t mangle -D OUTPUT -p tcp -m addrtype --src-type LOCAL ! --dst-type LOCAL -j SSREDIR &>/dev/null
    iptables -t mangle -D OUTPUT -p udp -m addrtype --src-type LOCAL ! --dst-type LOCAL -j SSREDIR &>/dev/null

    ##################### SSREDIR #####################
    iptables -t mangle -F SSREDIR &>/dev/null
    iptables -t mangle -X SSREDIR &>/dev/null
}

start_iproute2() {
    ip route add local default dev lo table 100
    ip rule  add fwmark 0x2333        table 100
}

stop_iproute2() {
    ip rule  del   table 100 &>/dev/null
    ip route flush table 100 &>/dev/null
}

start_resolvconf() {
    # or nameserver 8.8.8.8, etc.
    echo "nameserver 1.1.1.1" >/etc/resolv.conf
}

stop_resolvconf() {
    echo "nameserver 114.114.114.114" >/etc/resolv.conf
}

start() {
    echo "start ..."
    start_ssredir
    start_iptables
    start_iproute2
    start_resolvconf
    echo "start end"
}

stop() {
    echo "stop ..."
    stop_resolvconf
    stop_iproute2
    stop_iptables
    stop_ssredir
    echo "stop end"
}

restart() {
    stop
    sleep 1
    start
}

main() {
    if [ $# -eq 0 ]; then
        echo "usage: $0 start|stop|restart ..."
        return 1
    fi

    for funcname in "$@"; do
        if [ "$(type -t $funcname)" != 'function' ]; then
            echo "'$funcname' not a shell function"
            return 1
        fi
    done

    for funcname in "$@"; do
        $funcname
    done
    return 0
}
main "$@"

Security Tips

For any public server, to avoid users accessing localhost of your server, please add --acl acl/server_block_local.acl to the command line.

Although shadowsocks-libev can handle thousands of concurrent connections nicely, we still recommend setting up your server's firewall rules to limit connections from each user:

# Up to 32 connections are enough for normal usage
iptables -A INPUT -p tcp --syn --dport ${SHADOWSOCKS_PORT} -m connlimit --connlimit-above 32 -j REJECT --reject-with tcp-reset

License

Copyright: 2013-2015, Clow Windy <[email protected]>
           2013-2018, Max Lv <[email protected]>
           2014, Linus Yang <[email protected]>

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.

shadowsocks-libev's People

Contributors

Stargazers

Watchers

Forkers

haohaolee alivelee chainkhoo fyhqy firsthym feilaoda tokune nlxswig yangyajun ledzep2 prodigeni sunlei syncnj jie17 zhanglei vinna iamima chijiao scola auxten orientzhu librehat kyalipay ftao wbteve xywwf fqrouter wrjlinuxer xixisidi nodin cookiege bjyuan kacarich xuzizzz fengyn georgejin110 ggllioio rainlake wwwwg wingerted acidburn0zzz gitrepo entao 6mh wicresoftmit oahxu 4575252 gclsoft dndx mikuazusa syl0735 tempbottle daemonp huaimutou cherryz zinbers azuwis afghanistanyn terminateden xxoxx qq779089973 strfkr boytm leonzhu layrong tlhc newtalk whatwewant zc640618 godwasdog cloudcap robinson10240 lqs bitwing flyzjhz code2u hiberplus hardcrack morteza25 vincent-cow ahnan4arch frenzywang yyi-99plus jannson toosgle hynnet jameshyunkim u20024804 czbix saiddy lijiajun evefreedoming bobyangchina sybblow tenwx zxiaodan mimomi tianyi1111 michalliu true0899

shadowsocks-libev's Issues

请问可以在apt源构建armhf构架的包吗？

我是用的是raspberry，添加你们的源总是提示

Get:7 http://shadowsocks.org wheezy Release [2382 B]
Err http://shadowsocks.org wheezy/main armhf Packages
404 Not Found

W: Failed to fetch http://shadowsocks.org/debian/dists/wheezy/main/binary-armhf/Packages 404 Not Found

E: Some index files failed to download. They have been ignored, or old ones used instead.
root@xbmc:~# apt-get install shadowsocks
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package shadowsocks

因此一直无法安装。所有我希望可以提供arm的包

error "Unknown endianness" in mingw32 cross make

make  all-recursive
make[1]: Entering directory `/cross/mingw32/src/shadowsocks-libev'
Making all in libcork
make[2]: Entering directory `/cross/mingw32/src/shadowsocks-libev/libcork'
/bin/bash ../libtool  --tag=CC   --mode=compile i586-mingw32msvc-gcc -DHAVE_CONFIG_H -I. -I..    -Iinclude -DCORK_API=CORK_LOCAL -O2 -pipe -I/cross/mingw32/prebuilt/include -MT cli/libcork_la-commands.lo -MD -MP -MF cli/.deps/libcork_la-commands.Tpo -c -o cli/libcork_la-commands.lo `test -f 'cli/commands.c' || echo './'`cli/commands.c
libtool: compile:  i586-mingw32msvc-gcc -DHAVE_CONFIG_H -I. -I.. -Iinclude -DCORK_API=CORK_LOCAL -O2 -pipe -I/cross/mingw32/prebuilt/include -MT cli/libcork_la-commands.lo -MD -MP -MF cli/.deps/libcork_la-commands.Tpo -c cli/commands.c  -DDLL_EXPORT -DPIC -o cli/.libs/libcork_la-commands.o
In file included from include/libcork/core.h:17,
                 from cli/commands.c:16:
include/libcork/core/byte-order.h:46:2: error: #error "Unknown endianness"
make[2]: *** [cli/libcork_la-commands.lo] Error 1
make[2]: Leaving directory `/cross/mingw32/src/shadowsocks-libev/libcork'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/cross/mingw32/src/shadowsocks-libev'
make: *** [all] Error 2

@madeye @linusyang

我在AUR上创建了此包

这款软件真心好用内存占用很小所以便于方便自己更新就创建了这个包
https://aur.archlinux.org/packages/shadowsocks-libev/
archlinux和archlinux衍生版的用户可以通过AUR安装此包

Implement local port forwarding in ss-redir

To support both TCP and UDP port forwarding.

隧道模式支持iptables转发udp协议吗？服务端与客户端需要怎么配置？

隧道模式支持iptables转发udp协议吗？服务端与客户端需要怎么配置？能给一个示例吗?

Shadowsocks-libev has been ported to FreeBSD ports system

Notes for FreeBSD users

As the title tells, FreeBSD users are able to enjoy free internet surfing via shadowsocks proxy. For installation, just type the following commands:

$ su

cd /usr/ports/net/shadowsocks-libev

make install

Then add your configuration into /etc/rc.conf file:

RECOMMENDED

shadowsocks_libev_enable="YES"
shadowsocks_libev_flags="-c /PATH/TO/CONFIG.JSON"

or you can omit the config.json file, specify arguments directly:

shadowsocks_libev_enable="YES"
shadowsocks_libev_password="YOUR PASSWORD"
shadowsocks_libev_port="1080"
shadowsocks_libev_localport="7070"

Start the shadowsocks server:

service shadowsocks_libev start

Enjoy!

你好，1.4版好像有一个SSL的bug

我是在archlinux上装的，这是AUR地址 https://aur.archlinux.org/packages/shadowsocks-libev-git/

服务器端和客户端都升级到了1.4，连接之后打开任何https站点Chrome都报错，

SSL 连接出错
无法与服务器建立安全连接。可能是服务器出现了问题，也可能是您没有服务器要求的客户端身份验证证书。
错误代码：ERR_SSL_PROTOCOL_ERROR

求救。。

Output is obviously slow in Windows.

When ss-local started correctly, the output seems to print very slowly. Is that a buffer-related stuff?

Only when there is an obvious error, like lacking of parameters, then there would be usage output immediately.

Is there a way to make the output print immediately?

Add JNI to support bypassing addr through protected socket on Android

To implement a better CHN route function.

multiple upstream servers for ss-local

Hi,
I'm currently using ss-server on my VPSes, and I found that for ss-local, if i specify an array of hostnames for server in config file, only one of them is actually been connected.

can u add the feature of multiple-upstream with load banlance?

thanks for your previous work and i appreciate it.

cheers

ashi009/bestroutetb 生成路由表如何给 ss-redir 使用？

ashi009/bestroutetb 里说的是 OpenVPN 和 route up/down 的，不太明白怎么给 shadowsocks 透明代理使用。

建议把完整命令行参数隐藏

ss-server和ss-local运行时，建议把命令行隐藏掉，用ps看不到完整命令行，至少把password和method这两项隐藏掉。

openwrt版本无法运行

Hi madeye,
haohaolee让我找你咨询下这个问题：
服务器端搭建好之后，本地用openwrt（wr703n ar71xx）去连接（IP、端口、密码、加密方式都一致），发现 unsupported cmd的错误，请问是什么原因导致的呢？

以下是本地openwrt端的日志：
2013-10-07 03:55:29 INFO: initialize cihpers... table
2013-10-07 03:55:32 INFO: server listening at port 10801.
2013-10-07 03:55:32 ERROR: unsupported cmd: 107
2013-10-07 03:55:36 ERROR: unsupported cmd: 107
2013-10-07 03:55:44 ERROR: unsupported cmd: 107

在我的air上，下载速度达到600k时，cpu会在8% 12%之间浮动

似乎有点高，用不用加密都一样
这里有没有改进的余地？

ACL not working?

start /min ss-local.exe -s xx.xx.xx.xx -p xxxx -l 8081 -k xxxxxxxx -m xxxx --acl chn.acl -u -v && exit

2014-06-15 12:55:43 INFO: connect to 163.com:80
2014-06-15 12:55:43 INFO: connect to server: xx.xx.xx.xx:xxxx
2014-06-15 12:55:44 INFO: connect to www.163.com:80
2014-06-15 12:55:44 INFO: connect to server: xx.xx.xx.xx:xxxx
2014-06-15 12:55:46 INFO: connect to img3.cache.netease.com:80
2014-06-15 12:55:46 INFO: connect to server: xx.xx.xx.xx:xxxx
2014-06-15 12:55:46 INFO: connect to img6.cache.netease.com:80
2014-06-15 12:55:46 INFO: connect to server: xx.xx.xx.xx:xxxx
2014-06-15 12:55:46 INFO: connect to img3.cache.netease.com:80
2014-06-15 12:55:46 INFO: connect to server: xx.xx.xx.xx:xxxx
2014-06-15 12:55:46 INFO: connect to img2.cache.netease.com:80
2014-06-15 12:55:46 INFO: connect to server: xx.xx.xx.xx:xxxx
2014-06-15 12:55:46 INFO: connect to img4.cache.netease.com:80
2014-06-15 12:55:46 INFO: connect to server: xx.xx.xx.xx:xxxx
2014-06-15 12:55:46 INFO: connect to img1.cache.netease.com:80

Server & Client are both lastest.

init script failed to run shadowsocks on Debian

After madeye update that made on 3 days ago, init script can't act correctly and shadowsocks crashes. I'm using same old code "-c "$CONFFILE" -f $PIDFILE $DAEMON_ARGS " that works

please support multi-port config.json

I tried the following config.json, but always failed, the ss-server always promote me to input parameters and show me usage.

{
"server":"0.0.0.0",
"port_password": {
"8387": "foobar2",
"8388": "foobar1"
},
"timeout":60,
"method":"rc4"
}

常时间使用的情况下，突然无法通信

现象：常时间使用情况下，突然无法通信，连接保持，tcpdump 可见频繁 FIN 包(可能异常)。重新执行 ss-local 无效。
期待：常时间使用，无异常。
操作：常时间使用。
重现：5/5
恢复方法：重启 ss-server
Log：
无法使用后，最后一个输出 log 可能有两种

TCP connection timeout...
ERROR getaddrinfo: ...resource temporary unavailable....

其它说明：
环境： ss-local ---> iptables --> (redir) --> redsocks --> HTTP proxy --> ss-server

能否考虑添加DD-WRT支持？

非常感情！

请问 tunnel mode 怎么用

RT，说明太简单了，可以详细说明下吗

Shadowsocks 1.4.2 AR71XX 在 Openwrt 12.09 release和trunk无法正常停止服务

编译openwrt 12.09 release，包含 libpolarssl （称为固件A)
编译openwrt trunk@ 20130114，包含libpolarssl （称为固件B）
make menuconfig 中两固件所选组件相同。

shadowsocks.org下载最新 ar71xx libpolarssl 版本，安装无问题。

http://travis-ci.s3-website-ap-northeast-1.amazonaws.com/nightly/shadowsocks-libev-polarssl_1.4.2-343940e6ffd2062b11dccab0894b73f7f32722f7_ar71xx.ipk

在固件A 上启动 /etc/init.d/shadowsocks start 报错：
root@gate:~# /etc/init.d/shadowsocks start
/usr/bin/ss-local: can't load library 'libpolarssl.so.3'

在trunk版本上固件B 正常。

按照madeye邮件回复的解决方法，在12.09上将/usr/lib 下libpolarssl.so.2复制成libpolarssl.so.3，shadowsocks可以启动，但是无法正常退出：

/etc/init.d/shadowsocks stop
/var/run 下 shadowsocks.pid 不会删除， ss-local进程还存在，trunk和12.09下都是如此

/etc/init.d/shadowsocks start

12.09 中log报错：
Jan 15 10:47:55 gate kern.info /usr/bin/ss-local[791]: initialize ciphers... null
Jan 15 10:47:55 gate kern.err /usr/bin/ss-local[791]: Invalid cipher name: null, use table instead
Jan 15 10:47:57 gate kern.err /usr/bin/ss-local[791]: bind: Address already in use
Jan 15 10:47:57 gate kern.err /usr/bin/ss-local[791]: Could not bind
Jan 15 10:47:57 gate kern.err /usr/bin/ss-local[791]: bind() error..

在trunk中无法看到log，无法确认是否一样问题，因为目前openwrt trunk中logd有问题，logread读不出log（已知问题）

更新：确认端口绑定错误log是/etc/init.d/shadowsocks stop 时试图停止服务不成功，进程依然存在，导致重启服务再次绑定端口出错。

1.4版本在 AR71XX的cpu 在最新opewrt的trunk主干编译报错

make[4]: Entering directory /home/openwrt/openwrt/build_dir/target-mips_34kc_uClibc-0.9.33.2/shadowsocks-libev-1.4' make all-recursive make[5]: Entering directory/home/openwrt/openwrt/build_dir/target-mips_34kc_uClibc-0.9.33.2/shadowsocks-libev-1.4'
Making all in libasyncns
make[6]: Entering directory /home/openwrt/openwrt/build_dir/target-mips_34kc_uClibc-0.9.33.2/shadowsocks-libev-1.4/libasyncns' /bin/bash ../libtool --tag=CC --mode=compile mips-openwrt-linux-uclibc-gcc -DHAVE_CONFIG_H -I. -I.. -I/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/usr/include -I/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/include -I/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/usr/include -I/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/include -D__EXTENSIONS__ -pthread -Os -pipe -mno-branch-likely -mips32r2 -mtune=34kc -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -mips16 -minterlink-mips16 -MT asyncns.lo -MD -MP -MF .deps/asyncns.Tpo -c -o asyncns.lo asyncns.c OpenWrt-libtool: compile: mips-openwrt-linux-uclibc-gcc -DHAVE_CONFIG_H -I. -I.. -I/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/usr/include -I/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/include -I/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/usr/include -I/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/include -D__EXTENSIONS__ -pthread -Os -pipe -mno-branch-likely -mips32r2 -mtune=34kc -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -mips16 -minterlink-mips16 -MT asyncns.lo -MD -MP -MF .deps/asyncns.Tpo -c asyncns.c -fPIC -DPIC -o .libs/asyncns.o OpenWrt-libtool: compile: mips-openwrt-linux-uclibc-gcc -DHAVE_CONFIG_H -I. -I.. -I/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/usr/include -I/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/include -I/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/usr/include -I/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/include -D__EXTENSIONS__ -pthread -Os -pipe -mno-branch-likely -mips32r2 -mtune=34kc -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -mips16 -minterlink-mips16 -MT asyncns.lo -MD -MP -MF .deps/asyncns.Tpo -c asyncns.c -o asyncns.o >/dev/null 2>&1 mv -f .deps/asyncns.Tpo .deps/asyncns.Plo /bin/bash ../libtool --tag=CC --mode=link mips-openwrt-linux-uclibc-gcc -D__EXTENSIONS__ -pthread -Os -pipe -mno-branch-likely -mips32r2 -mtune=34kc -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -mips16 -minterlink-mips16 -static -L/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/usr/lib -L/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/lib -L/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/usr/lib -L/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/lib -o libasyncns.la asyncns.lo -lcrypto -lm OpenWrt-libtool: link: mips-openwrt-linux-uclibc-ar cru .libs/libasyncns.a asyncns.o OpenWrt-libtool: link: mips-openwrt-linux-uclibc-ranlib .libs/libasyncns.a OpenWrt-libtool: link: ( cd ".libs" && rm -f "libasyncns.la" && ln -s "../libasyncns.la" "libasyncns.la" ) make[6]: Leaving directory/home/openwrt/openwrt/build_dir/target-mips_34kc_uClibc-0.9.33.2/shadowsocks-libev-1.4/libasyncns'
Making all in libev
make[6]: Entering directory /home/openwrt/openwrt/build_dir/target-mips_34kc_uClibc-0.9.33.2/shadowsocks-libev-1.4/libev' /bin/bash ../libtool --tag=CC --mode=compile mips-openwrt-linux-uclibc-gcc -DHAVE_CONFIG_H -I. -I.. -I/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/usr/include -I/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/include -I/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/usr/include -I/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/include -Os -pipe -mno-branch-likely -mips32r2 -mtune=34kc -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -mips16 -minterlink-mips16 -MT ev.lo -MD -MP -MF .deps/ev.Tpo -c -o ev.lo ev.c OpenWrt-libtool: compile: mips-openwrt-linux-uclibc-gcc -DHAVE_CONFIG_H -I. -I.. -I/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/usr/include -I/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/include -I/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/usr/include -I/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/include -Os -pipe -mno-branch-likely -mips32r2 -mtune=34kc -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -mips16 -minterlink-mips16 -MT ev.lo -MD -MP -MF .deps/ev.Tpo -c ev.c -fPIC -DPIC -o .libs/ev.o ev.c:1531:31: warning: 'ev_default_loop_ptr' initialized and declared 'extern' [enabled by default] EV_API_DECL struct ev_loop *ev_default_loop_ptr = 0; /* needs to be initialised to make it a definition despite extern */ ^ {standard input}: Assembler messages: {standard input}:756: Error: unrecognized opcodesync'
{standard input}:766: Error: unrecognized opcode sync' {standard input}:772: Error: unrecognized opcodesync'
{standard input}:781: Error: unrecognized opcode sync' {standard input}:3656: Error: unrecognized opcodesync'
{standard input}:3747: Error: unrecognized opcode sync' {standard input}:3819: Error: unrecognized opcodesync'
{standard input}:3831: Error: unrecognized opcode sync' {standard input}:3842: Error: unrecognized opcodesync'
{standard input}:3885: Error: unrecognized opcode sync' {standard input}:8707: Error: unrecognized opcodesync'
{standard input}:8752: Error: unrecognized opcode sync' {standard input}:9788: Error: unrecognized opcodesync'
make[6]: *** [ev.lo] Error 1
make[6]: Leaving directory `/home/openwrt/openwrt/build_dir/target-mips_34kc_uClibc-0.9.33.2/shadowsocks-libev-1.4/libev'
Making all in src

/////////////////
cache.c: In function 'cache_lookup':
cache.c:132:9: warning: implicit declaration of function 'strnlen' [-Wimplicit-function-declaration]
size_t key_len = strnlen(tmp->key, KEY_MAX_LENGTH);
^
cache.c:122:9: warning: unused variable 'rv' [-Wunused-variable]
int rv;
^
cache.c: In function 'cache_insert':
cache.c:163:9: warning: unused variable 'rv' [-Wunused-variable]
int rv;
^
mv -f .deps/ss_local-cache.Tpo .deps/ss_local-cache.Po
mips-openwrt-linux-uclibc-gcc -DHAVE_CONFIG_H -I. -I.. -I/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/usr/include -I/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/include -I/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/usr/include -I/home/openwrt/openwrt/staging_dir/toolchain-mips_34kc_gcc-4.8-linaro_uClibc-0.9.33.2/include -g -O2 -Wall -fno-strict-aliasing -I../libev -I../libasyncns -DUDPRELAY_LOCAL -Os -pipe -mno-branch-likely -mips32r2 -mtune=34kc -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -mips16 -minterlink-mips16 -MT ss_local-local.o -MD -MP -MF .deps/ss_local-local.Tpo -c -o ss_local-local.o test -f 'local.c' || echo './'local.c
local.c: In function 'main':
local.c:949:9: warning: implicit declaration of function 'udprelay_init' [-Wimplicit-function-declaration]
udprelay_init(local_addr, local_port, remote_host[0], remote_port, m, iface);
^
mv -f .deps/ss_local-local.Tpo .deps/ss_local-local.Po
make[6]: *** No rule to make target ../libev/libev.la', needed byss-local'. Stop.
make[6]: Leaving directory /home/openwrt/openwrt/build_dir/target-mips_34kc_uClibc-0.9.33.2/shadowsocks-libev-1.4/src' make[6]: Entering directory/home/openwrt/openwrt/build_dir/target-mips_34kc_uClibc-0.9.33.2/shadowsocks-libev-1.4'
make[6]: Leaving directory /home/openwrt/openwrt/build_dir/target-mips_34kc_uClibc-0.9.33.2/shadowsocks-libev-1.4' make[5]: *** [all-recursive] Error 1 make[5]: Leaving directory/home/openwrt/openwrt/build_dir/target-mips_34kc_uClibc-0.9.33.2/shadowsocks-libev-1.4'
make[4]: *** [all] Error 2
make[4]: Leaving directory /home/openwrt/openwrt/build_dir/target-mips_34kc_uClibc-0.9.33.2/shadowsocks-libev-1.4' make[3]: *** [/home/openwrt/openwrt/build_dir/target-mips_34kc_uClibc-0.9.33.2/shadowsocks-libev-1.4/.built] Error 2 make[3]: Leaving directory/home/openwrt/openwrt/package/shadowsocks-libev'
make[2]: *** [package/shadowsocks-libev/compile] Error 2
make[2]: Leaving directory /home/openwrt/openwrt' make[1]: *** [/home/openwrt/openwrt/staging_dir/target-mips_34kc_uClibc-0.9.33.2/stamp/.package_compile] Error 2 make[1]: Leaving directory/home/openwrt/openwrt'
make: *** [world] Error 2

Check result of EVP_CipherInit_ex, EVP_DecryptUpdate, and so on

Wrong password may cause SIGABRT

http://www.v2ex.com/t/73565#reply5

多IP绑定问题

在配置文件中写入复数个IP的话，就会提示
/etc/shadowsocks# ss-server -c config.json
2014-02-21 06:08:30 INFO: initialize ciphers... aes-256-cfb
2014-02-21 06:08:30 INFO: server listening at port 23333.
2014-02-21 06:08:30 ERROR: getaddrinfo: Name or service not known
2014-02-21 06:08:30 ERROR: bind() error..

但是直接用ss-server加入两个-s参数的话则正常

How to add multi-port support in openwrt's shadowsocks-libev client config.json

I try to edit like this:
{
"server": "123.123.123.1",
"server_port": [8380, 8381, 8382, 8383],
"local_port": 1081,
"password": "barfoo!",
"timeout": 60,
"method": "aes-256-cfb"
}
But not work.

ss-redir 不稳定？

路由器是 TP-Link WR703N，跑的 OpenWRT trunk (r41181) 上装了 shadowsocks 1.4.5，用 ss-local 跑 SOCKS5，Mac 上手动设置 SOCKS 代理指向路由器，能流畅跑满带宽 (> 10Mbps)，路由器上 ss-local 进程的 CPU 占用不到 10%.

但用 ss-redir 做最基本的透明代理（按照 README 的方式），一个下载连接初期带宽通常 < 5Mbps，且此时路由器上 CPU 占用约 30%~50% 不等。最要命的是连接速度会迅速跌落到 kbps 级别，然后断掉 (curl 的结果是 curl: (18) transfer closed with 102658285 bytes remaining to read）。在路由器上开启 -v 选项也没有任何异常的输出。

不知何故？是 iptables 的问题么？应该怎么排查呢？

Add redir for Freebsd

Freebsd can use pf/ipfw with transparent proxy, so add redir to Freebsd will be very useful.

Add ipset based bypass function

https://github.com/redjack/ipset

Out of tree building is broken due to path issue

The original clowwindy/shadowsocks-libev doesn't have any issue when build out of tree, but this branch is broken.

➜  /tmp  cd shadowsocks-libev 
➜  shadowsocks-libev git:(master) ✔ ls
acl/        autogen.sh*  config.guess*  configure*     debian/   install-sh*  libev/     ltmain.sh    Makefile.in  README.md      src/
aclocal.m4  Changes@     config.h.in    configure.ac*  depcomp*  libasyncns/  libipset/  m4/          missing*     rpm/
ar-lib*     compile*     config.sub*    COPYING        INSTALL   libcork/     LICENSE    Makefile.am  openwrt/     shadowsocks.8
➜  shadowsocks-libev git:(master) ✔ mkdir build
➜  shadowsocks-libev git:(master) ✔ cd build 
➜  build git:(master) ✔ ../configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking dependency style of gcc... gcc3
checking for ar... ar
checking the archiver (ar) interface... ar
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking dependency style of gcc... (cached) gcc3
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking how to print strings... printf
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for fgrep... /bin/grep -F
checking for ld used by gcc... /usr/x86_64-pc-linux-gnu/bin/ld
checking if the linker (/usr/x86_64-pc-linux-gnu/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/x86_64-pc-linux-gnu/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for mt... no
checking if : is a manifest tool... no
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/x86_64-pc-linux-gnu/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking whether ln -s works... yes
checking whether make sets $(MAKE)... (cached) yes
checking whether gcc and cc understand -c and -o together... yes
checking sys/inotify.h usability... yes
checking sys/inotify.h presence... yes
checking for sys/inotify.h... yes
checking sys/epoll.h usability... yes
checking sys/epoll.h presence... yes
checking for sys/epoll.h... yes
checking sys/event.h usability... no
checking sys/event.h presence... no
checking for sys/event.h... no
checking port.h usability... no
checking port.h presence... no
checking for port.h... no
checking poll.h usability... yes
checking poll.h presence... yes
checking for poll.h... yes
checking sys/select.h usability... yes
checking sys/select.h presence... yes
checking for sys/select.h... yes
checking sys/eventfd.h usability... yes
checking sys/eventfd.h presence... yes
checking for sys/eventfd.h... yes
checking sys/signalfd.h usability... yes
checking sys/signalfd.h presence... yes
checking for sys/signalfd.h... yes
checking for inotify_init... yes
checking for epoll_ctl... yes
checking for kqueue... no
checking for port_create... no
checking for poll... yes
checking for select... yes
checking for eventfd... yes
checking for signalfd... yes
checking for clock_gettime... yes
checking for nanosleep... yes
checking for library containing floor... -lm
checking openssl/evp.h usability... yes
checking openssl/evp.h presence... yes
checking for openssl/evp.h... yes
checking openssl/rsa.h usability... yes
checking openssl/rsa.h presence... yes
checking for openssl/rsa.h... yes
checking openssl/rand.h usability... yes
checking openssl/rand.h presence... yes
checking for openssl/rand.h... yes
checking openssl/err.h usability... yes
checking openssl/err.h presence... yes
checking for openssl/err.h... yes
checking openssl/sha.h usability... yes
checking openssl/sha.h presence... yes
checking for openssl/sha.h... yes
checking openssl/pem.h usability... yes
checking openssl/pem.h presence... yes
checking for openssl/pem.h... yes
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
checking for EVP_EncryptInit_ex in -lcrypto... yes
checking for RAND_pseudo_bytes... yes
checking for EVP_EncryptInit_ex... yes
checking whether OpenSSL_add_all_algorithms is declared... yes
checking for C/C++ restrict keyword... __restrict
checking for netdb.h... yes
checking for library containing inet_ntop... none required
checking whether inet_ntop is declared... yes
checking for what kind of host... Linux
checking for stdint.h... (cached) yes
checking for inttypes.h... (cached) yes
checking arpa/inet.h usability... yes
checking arpa/inet.h presence... yes
checking for arpa/inet.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking langinfo.h usability... yes
checking langinfo.h presence... yes
checking for langinfo.h... yes
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking for netdb.h... (cached) yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking for unistd.h... (cached) yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking for net/if.h... yes
checking whether byte ordering is bigendian... no
checking for inline... inline
checking for ssize_t... yes
checking whether to enable assertions... yes
checking for ANSI C header files... (cached) yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking for an ANSI C-conforming const... yes
checking for pid_t... yes
checking for size_t... yes
checking for ssize_t... (cached) yes
checking for uint16_t... yes
checking for uint8_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking vfork.h usability... no
checking vfork.h presence... no
checking for vfork.h... no
checking for fork... yes
checking for vfork... yes
checking for working fork... yes
checking for working vfork... (cached) yes
checking for sys/select.h... (cached) yes
checking for sys/socket.h... (cached) yes
checking types of arguments for select... int,fd_set *,struct timeval *
checking return type of signal handlers... void
checking for memset... yes
checking for select... (cached) yes
checking for setresuid... yes
checking for setreuid... yes
checking for strerror... yes
checking for getpwnam_r... yes
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... no
checking for connect in -lsocket... no
checking for malloc... yes
checking for memset... (cached) yes
checking for socket... yes
checking for the pthreads library -lpthreads... no
checking whether pthreads work without any flags... no
checking whether pthreads work with -Kthread... no
checking whether pthreads work with -kthread... no
checking for the pthreads library -llthread... no
checking whether pthreads work with -pthread... yes
checking for joinable pthread attribute... PTHREAD_CREATE_JOINABLE
checking if more special flags are required for pthreads... no
checking for cc_r... gcc
configure: creating ./config.status
config.status: creating Makefile
config.status: creating libcork/Makefile
config.status: creating libipset/Makefile
config.status: creating libasyncns/Makefile
config.status: creating libev/Makefile
config.status: creating src/Makefile
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commands
➜  build git:(master) ✗ make -j6
CDPATH="${ZSH_VERSION+.}:" && cd .. && /bin/sh /tmp/shadowsocks-libev/missing --run aclocal-1.11 -I m4
main::scan_file() called too early to check prototype at /usr/bin/aclocal-1.11 line 643.
CDPATH="${ZSH_VERSION+.}:" && cd .. && /bin/sh /tmp/shadowsocks-libev/missing --run autoconf
 cd .. && /bin/sh /tmp/shadowsocks-libev/missing --run automake-1.11 --foreign
/bin/sh ./config.status --recheck
running CONFIG_SHELL=/bin/sh /bin/sh ../configure --no-create --no-recursion
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking dependency style of gcc... gcc3
checking for ar... ar
checking the archiver (ar) interface... ar
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking dependency style of gcc... (cached) gcc3
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking how to print strings... printf
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for fgrep... /bin/grep -F
checking for ld used by gcc... /usr/x86_64-pc-linux-gnu/bin/ld
checking if the linker (/usr/x86_64-pc-linux-gnu/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/x86_64-pc-linux-gnu/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for mt... no
checking if : is a manifest tool... no
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/x86_64-pc-linux-gnu/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking whether ln -s works... yes
checking whether make sets $(MAKE)... (cached) yes
checking whether gcc and cc understand -c and -o together... yes
checking sys/inotify.h usability... yes
checking sys/inotify.h presence... yes
checking for sys/inotify.h... yes
checking sys/epoll.h usability... yes
checking sys/epoll.h presence... yes
checking for sys/epoll.h... yes
checking sys/event.h usability... no
checking sys/event.h presence... no
checking for sys/event.h... no
checking port.h usability... no
checking port.h presence... no
checking for port.h... no
checking poll.h usability... yes
checking poll.h presence... yes
checking for poll.h... yes
checking sys/select.h usability... yes
checking sys/select.h presence... yes
checking for sys/select.h... yes
checking sys/eventfd.h usability... yes
checking sys/eventfd.h presence... yes
checking for sys/eventfd.h... yes
checking sys/signalfd.h usability... yes
checking sys/signalfd.h presence... yes
checking for sys/signalfd.h... yes
checking for inotify_init... yes
checking for epoll_ctl... yes
checking for kqueue... no
checking for port_create... no
checking for poll... yes
checking for select... yes
checking for eventfd... yes
checking for signalfd... yes
checking for clock_gettime... yes
checking for nanosleep... yes
checking for library containing floor... -lm
checking openssl/evp.h usability... yes
checking openssl/evp.h presence... yes
checking for openssl/evp.h... yes
checking openssl/rsa.h usability... yes
checking openssl/rsa.h presence... yes
checking for openssl/rsa.h... yes
checking openssl/rand.h usability... yes
checking openssl/rand.h presence... yes
checking for openssl/rand.h... yes
checking openssl/err.h usability... yes
checking openssl/err.h presence... yes
checking for openssl/err.h... yes
checking openssl/sha.h usability... yes
checking openssl/sha.h presence... yes
checking for openssl/sha.h... yes
checking openssl/pem.h usability... yes
checking openssl/pem.h presence... yes
checking for openssl/pem.h... yes
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
checking for EVP_EncryptInit_ex in -lcrypto... yes
checking for RAND_pseudo_bytes... yes
checking for EVP_EncryptInit_ex... yes
checking whether OpenSSL_add_all_algorithms is declared... yes
checking for C/C++ restrict keyword... __restrict
checking for netdb.h... yes
checking for library containing inet_ntop... none required
checking whether inet_ntop is declared... yes
checking for what kind of host... Linux
checking for stdint.h... (cached) yes
checking for inttypes.h... (cached) yes
checking arpa/inet.h usability... yes
checking arpa/inet.h presence... yes
checking for arpa/inet.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking langinfo.h usability... yes
checking langinfo.h presence... yes
checking for langinfo.h... yes
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking for netdb.h... (cached) yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking for unistd.h... (cached) yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking for net/if.h... yes
checking whether byte ordering is bigendian... no
checking for inline... inline
checking for ssize_t... yes
checking whether to enable assertions... yes
checking for ANSI C header files... (cached) yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking for an ANSI C-conforming const... yes
checking for pid_t... yes
checking for size_t... yes
checking for ssize_t... (cached) yes
checking for uint16_t... yes
checking for uint8_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking vfork.h usability... no
checking vfork.h presence... no
checking for vfork.h... no
checking for fork... yes
checking for vfork... yes
checking for working fork... yes
checking for working vfork... (cached) yes
checking for sys/select.h... (cached) yes
checking for sys/socket.h... (cached) yes
checking types of arguments for select... int,fd_set *,struct timeval *
checking return type of signal handlers... void
checking for memset... yes
checking for select... (cached) yes
checking for setresuid... yes
checking for setreuid... yes
checking for strerror... yes
checking for getpwnam_r... yes
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... no
checking for connect in -lsocket... no
checking for malloc... yes
checking for memset... (cached) yes
checking for socket... yes
checking for the pthreads library -lpthreads... no
checking whether pthreads work without any flags... no
checking whether pthreads work with -Kthread... no
checking whether pthreads work with -kthread... no
checking for the pthreads library -llthread... no
checking whether pthreads work with -pthread... yes
checking for joinable pthread attribute... PTHREAD_CREATE_JOINABLE
checking if more special flags are required for pthreads... no
checking for cc_r... gcc
configure: creating ./config.status
 /bin/sh ./config.status
config.status: creating Makefile
config.status: creating libcork/Makefile
config.status: creating libipset/Makefile
config.status: creating libasyncns/Makefile
config.status: creating libev/Makefile
config.status: creating src/Makefile
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands
(CDPATH="${ZSH_VERSION+.}:" && cd .. && /bin/sh /tmp/shadowsocks-libev/missing --run autoheader)
rm -f stamp-h1
touch ../config.h.in
cd . && /bin/sh ./config.status config.h
config.status: creating config.h
config.status: config.h is unchanged
make  all-recursive
make[1]: Entering directory '/tmp/shadowsocks-libev/build'
Making all in libcork
make[2]: Entering directory '/tmp/shadowsocks-libev/build/libcork'
/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../libcork -I..    -Iinclude -DCORK_API=CORK_LOCAL -g -O2 -MT cli/libcork_la-commands.lo -MD -MP -MF cli/.deps/libcork_la-commands.Tpo -c -o cli/libcork_la-commands.lo `test -f 'cli/commands.c' || echo '../../libcork/'`cli/commands.c
/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../libcork -I..    -Iinclude -DCORK_API=CORK_LOCAL -g -O2 -MT core/libcork_la-allocator.lo -MD -MP -MF core/.deps/libcork_la-allocator.Tpo -c -o core/libcork_la-allocator.lo `test -f 'core/allocator.c' || echo '../../libcork/'`core/allocator.c
/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../libcork -I..    -Iinclude -DCORK_API=CORK_LOCAL -g -O2 -MT core/libcork_la-error.lo -MD -MP -MF core/.deps/libcork_la-error.Tpo -c -o core/libcork_la-error.lo `test -f 'core/error.c' || echo '../../libcork/'`core/error.c
/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../libcork -I..    -Iinclude -DCORK_API=CORK_LOCAL -g -O2 -MT core/libcork_la-gc.lo -MD -MP -MF core/.deps/libcork_la-gc.Tpo -c -o core/libcork_la-gc.lo `test -f 'core/gc.c' || echo '../../libcork/'`core/gc.c
/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../libcork -I..    -Iinclude -DCORK_API=CORK_LOCAL -g -O2 -MT core/libcork_la-hash.lo -MD -MP -MF core/.deps/libcork_la-hash.Tpo -c -o core/libcork_la-hash.lo `test -f 'core/hash.c' || echo '../../libcork/'`core/hash.c
/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../libcork -I..    -Iinclude -DCORK_API=CORK_LOCAL -g -O2 -MT core/libcork_la-ip-address.lo -MD -MP -MF core/.deps/libcork_la-ip-address.Tpo -c -o core/libcork_la-ip-address.lo `test -f 'core/ip-address.c' || echo '../../libcork/'`core/ip-address.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../libcork -I.. -Iinclude -DCORK_API=CORK_LOCAL -g -O2 -MT cli/libcork_la-commands.lo -MD -MP -MF cli/.deps/libcork_la-commands.Tpo -c ../../libcork/cli/commands.c  -fPIC -DPIC -o cli/.libs/libcork_la-commands.o
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../libcork -I.. -Iinclude -DCORK_API=CORK_LOCAL -g -O2 -MT core/libcork_la-hash.lo -MD -MP -MF core/.deps/libcork_la-hash.Tpo -c ../../libcork/core/hash.c  -fPIC -DPIC -o core/.libs/libcork_la-hash.o
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../libcork -I.. -Iinclude -DCORK_API=CORK_LOCAL -g -O2 -MT core/libcork_la-allocator.lo -MD -MP -MF core/.deps/libcork_la-allocator.Tpo -c ../../libcork/core/allocator.c  -fPIC -DPIC -o core/.libs/libcork_la-allocator.o
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../libcork -I.. -Iinclude -DCORK_API=CORK_LOCAL -g -O2 -MT core/libcork_la-error.lo -MD -MP -MF core/.deps/libcork_la-error.Tpo -c ../../libcork/core/error.c  -fPIC -DPIC -o core/.libs/libcork_la-error.o
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../libcork -I.. -Iinclude -DCORK_API=CORK_LOCAL -g -O2 -MT core/libcork_la-ip-address.lo -MD -MP -MF core/.deps/libcork_la-ip-address.Tpo -c ../../libcork/core/ip-address.c  -fPIC -DPIC -o core/.libs/libcork_la-ip-address.o
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../libcork -I.. -Iinclude -DCORK_API=CORK_LOCAL -g -O2 -MT core/libcork_la-gc.lo -MD -MP -MF core/.deps/libcork_la-gc.Tpo -c ../../libcork/core/gc.c  -fPIC -DPIC -o core/.libs/libcork_la-gc.o
../../libcork/core/hash.c:13:31: fatal error: libcork/core/hash.h: No such file or directory
 #include "libcork/core/hash.h"
                               ^
compilation terminated.
Makefile:532: recipe for target 'core/libcork_la-hash.lo' failed
make[2]: *** [core/libcork_la-hash.lo] Error 1
make[2]: *** 正在等待未完成的任务....
../../libcork/core/error.c:15:28: fatal error: libcork/config.h: No such file or directory
 #include "libcork/config.h"
                            ^
compilation terminated.
Makefile:518: recipe for target 'core/libcork_la-error.lo' failed
make[2]: *** [core/libcork_la-error.lo] Error 1
../../libcork/core/gc.c:13:35: fatal error: libcork/config/config.h: No such file or directory
 #include "libcork/config/config.h"
                                   ^
compilation terminated.
Makefile:525: recipe for target 'core/libcork_la-gc.lo' failed
make[2]: *** [core/libcork_la-gc.lo] Error 1
../../libcork/core/ip-address.c:13:37: fatal error: libcork/core/byte-order.h: No such file or directory
 #include "libcork/core/byte-order.h"
                                     ^
compilation terminated.
Makefile:539: recipe for target 'core/libcork_la-ip-address.lo' failed
make[2]: *** [core/libcork_la-ip-address.lo] Error 1
../../libcork/core/allocator.c:15:36: fatal error: libcork/core/allocator.h: No such file or directory
 #include "libcork/core/allocator.h"
                                    ^
compilation terminated.
Makefile:511: recipe for target 'core/libcork_la-allocator.lo' failed
make[2]: *** [core/libcork_la-allocator.lo] Error 1
../../libcork/cli/commands.c:15:25: fatal error: libcork/cli.h: No such file or directory
 #include "libcork/cli.h"
                         ^
compilation terminated.
Makefile:504: recipe for target 'cli/libcork_la-commands.lo' failed
make[2]: *** [cli/libcork_la-commands.lo] Error 1
make[2]: Leaving directory '/tmp/shadowsocks-libev/build/libcork'
Makefile:401: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/tmp/shadowsocks-libev/build'
Makefile:289: recipe for target 'all' failed
make: *** [all] Error 2

现在没有最新编译好的Win32的执行文件吗?

如果有的话,请问哪里可以下载呢谢谢

Debian6下MinGW交叉编译出现pwd.h错误

utils.c:5:17: error: pwd.h: No such file or directory

去掉src/utils.c中的#include <pwd.h>后编译成功，不知道对使用有无影响？简单搜索了下，好像pwd.h是POSIX的，Win不需要.
@linusyang

附交叉编译方法:

apt-get install mingw-w64

cat > /usr/bin/mingw << EOF
#!/bin/sh
PREFIX=i586-mingw32msvc
export CC=\${PREFIX}-gcc
export CXX=\${PREFIX}-g++
export CPP=\${PREFIX}-cpp
export AR=\${PREFIX}-ar
export RANLIB=\${PREFIX}-ranlib
export PATH="/usr/bin:\$PATH"
exec "\$@"
EOF

chmod u+x /usr/bin/mingw

mkdir -p /mingw

cd /mingw
[[ -d "openssl-1.0.1f" ]] && rm -rf openssl-1.0.1f
wget http://www.openssl.org/source/openssl-1.0.1f.tar.gz -O -|tar xz
cd openssl-1.0.1f
mingw ./Configure --prefix=/mingw/prebuilt --openssldir=/mingw/prebuilt/openssl mingw
mingw make
mingw make install

cd /mingw
[[ -d "shadowsocks-libev" ]] && rm -rf shadowsocks-libev
git clone git://github.com/madeye/shadowsocks-libev.git
# git clone git://github.com/linusyang/shadowsocks-libev.git
cd shadowsocks-libev
nano src/utils.c # Remove "#include <pwd.h>"
mingw ./configure --host=i686-w64-mingw32 --prefix=/mingw/ss --with-openssl=/mingw/prebuilt
mingw make
mingw make install
# file /mingw/ss/bin/ss-local.exe
# PE32 executable for MS Windows (console) Intel 80386 32-bit

Please add git tag

Please add git tag, we can checkout old version and do more
thx

Got Error : "getdestaddr : Protocol not available" when using ss-redir on ArchLinux.

System : ArchLinux x86_64, kernel version :3.10.2-1.

libev, and openssl both are installed.
And ss-libev is compiled from source.

Sever is running shadowsocks-nodejs.
With shadowsocks-nodejs version as client on the same ArchLinux, everything works, of course, with the same config.json.

I am glad to provide any information you need.

ps:
Thank you for your work!

透明udp报 mtu错误

我用 iptables -t nat -I PREROUTING -p udp -j REDIRECT --to-ports 12346 实现透明udp 。但设备联网后，报mtu错误。何故呢？

idle time out

It would be nice if we could set an idle time out to close the idle connections after x seconds !

希望能加入目标端口限制功能

公开ss后发现有人利用ss进行端口扫描。netstat -an后发现一大排尝试连接135之类目标端口的。希望能加入对目标端口限制的参数，比如只允许连接80和443。

另外能不能考虑加入列出当前链接清单的功能，比如出现上面说的有人滥用ss的时候，想禁止对方IP又没东西可查= =。

CentOS 5.10下编译安装失败

环境：CentOS 5.10 x86
编译安装的是 github 上取得的最新版 Shadowsocks-libev。
编译错误日志详见附件

openwrt：change submenu

openwrt，建议加入到submenu

CATEGORY:=Network

SUBMENU:=Web Servers/Proxies

编译Openwrt出错，提示需要libcrypto.so.1.0.0

在make menuconfig中将shadowsocks-libev和shadowsocks-libev-polarssl勾选上后，make V=99，出错提示Package shadowsocks-libev-polarssl is missing dependencies for the following libraries:libcrypto.so.1.0.0
出去polarssl可以正常编译。请问这是openwrt还是编译环境的原因？
已安装apt-get install libcrypto++

Failed to install shadowsocks-libev

上面的步骤执行完
然后执行 sudo apt-get install shadowsocks
出现下面的错误
Failed to fetch http://shadowsocks.org/debian/dists/wheezy/Release.gpg Could not resolve ''

ver 1.4.5 在 OpenWRT 上用 libPolarSSL 1.2.5 报 segmentation fault

用的 Shadowsocks.org 网站上的 http://shadowsocks.org/nightly/shadowsocks-libev-polarssl_1.4.5_ar71xx.ipk 配合 opkg 安装的 libpolarssl 1.2.5，在 OpenWRT 12.09 上用 aes-*-cfb 等都会导致 segmentation fault，只有 table 不会（des, rc4 等 libpolarssl 不支持）. 硬件是 TL-WR703N.

mingw compiling issue

Making install in libev
make[1]: Entering directory `/cross/mingw32/src/shadowsocks-libev/libev'
make[2]: Entering directory `/cross/mingw32/src/shadowsocks-libev/libev'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/cross/mingw32/src/shadowsocks-libev/libev'
make[1]: Leaving directory `/cross/mingw32/src/shadowsocks-libev/libev'
Making install in src
make[1]: Entering directory `/cross/mingw32/src/shadowsocks-libev/src'
i586-mingw32msvc-gcc -DHAVE_CONFIG_H -I. -I..    -g -O2 -Wall -Werror -Wno-deprecated-declarations -fno-strict-aliasing -std=gnu99 -D_GNU_SOURCE -I../libev -I../libasyncns -DUDPRELAY_LOCAL -O2 -pipe -I/cross/mingw32/prebuilt/include -MT ss_local-udprelay.o -MD -MP -MF .deps/ss_local-udprelay.Tpo -c -o ss_local-udprelay.o `test -f 'udprelay.c' || echo './'`udprelay.c
In file included from udprelay.c:31:
win32.h:39:7: error: no newline at end of file
make[1]: *** [ss_local-udprelay.o] Error 1
make[1]: Leaving directory `/cross/mingw32/src/shadowsocks-libev/src'
make: *** [install-recursive] Error 1

Adding a new blank line to bottom of win32.h can solve the issue.

ss-redir bug ，增加 DNAT 支持

我路由器的ip 是 192.168.1.1

这样能成功当透明代理。
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345

但这样就无法运行，数据出不去：
iptables -t nat -A SHADOWSOCKS -p tcp -j DNAT --to-destination 192.168.1.1:12345

但openwrt缺省的iptable编译是不支持 REDIRECT ，只支持 DNAT 。

如果不重新编译固件，能否增加 DNAT 的支持?

网上下载的网友自制固件80%是不支持 REDIRECT ，只支持 DNAT 的，这对只会下载，不懂编译的朋友来说会很不方便。

Multi Port and Password

Hi.
ss-server won't listen on extra ports using config format like in "config-server-multi-passwd.json" or "config-server-multi-port.json".
This part not load with ss-server:

"port_password": {
  "8380": "barfoo-01!",
  "8381": "barfoo-02!"
 }

I'm on Debian and installing it with apt-get.

warning of apt-get install

$ sudo apt-get install shadowsocks
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  shadowsocks
0 upgraded, 1 newly installed, 0 to remove and 82 not upgraded.
Need to get 186 kB of archives.
After this operation, 441 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  shadowsocks
Install these packages without verification? [y/N] n
E: Some packages could not be authenticated

ss-server (udp replay enabled ) will crash when received invalid packets

server config

{
  "server" : "0.0.0.0",
  "server_port" : 6351,
  "password" : "somepassword",
  "method": "aes-256-cfb",
  "timeout": 600
}

run server with ./ss-server -c config.json -u

send some udp packets to the server

echo -n "he" | nc -4u -q1 localhost 6351

server crashes with segment fault.

(gdb) backtrace 
#0  0x00000000004078d9 in parse_udprealy_header (buf=0x0, buf_len=2, host=0x7fffffffe230 "", port=0x7fffffffe1f0 "")
    at udprelay.c:93
#1  0x0000000000408d4c in server_recv_cb (loop=0x621720 <default_loop_struct>, w=0x628320, revents=1) at udprelay.c:658
#2  0x00000000004137b2 in ev_invoke_pending (loop=0x621720 <default_loop_struct>) at ev.c:2994
#3  0x000000000041468c in ev_run (loop=0x621720 <default_loop_struct>, flags=0) at ev.c:3394
#4  0x000000000040f498 in main (argc=4, argv=0x7fffffffe658) at server.c:1064

It seems when server_recv_cb is not checking ss_decrypt_all return value , when it returns NULL , the server crash.

An pull request will come soon

问一下redir 的端口号如何指定？

实在抱歉，我翻遍了很多网站都没有写如何指定范例中12345转发的端口号，

而且如何在配置文件中指定 redir的端口号？

Can not use iptables to redirect traffic to socks directly

From your advanced-usage, should be good to setup iptables rule at firewall to redirect traffic to socks directly, but seems it does not work from my side. At this moment, I have to install redsocks to redirect http first, not sure if anything wrong I did there. Your advice would be appreciated.

ver 1.4.3 在Openwrt Trunk上无法运行

ss版本：shadowsocks-libev-polarssl_1.4.3-69f8bd61c096337abb34a9e64534865d08022957_ar71xx.ipk

ss-local -c /etc/config/shadowsocks.json输出是这个样子：

2014-03-21 22:20:09 INFO: initialize ciphers... aes-256-cfb
Segmentation fault

Failed to fetch http://shadowsocks.org/debian/dists/squeeze

操作系统: Debian6 32bit
源列表:
deb http://ftp.debian.org/debian/ squeeze main non-free contrib
deb http://ftp.debian.org/debian/ squeeze-proposed-updates main non-free contrib
deb http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main
deb http://shadowsocks.org/debian squeeze main

错误提示:
W: Failed to fetch http://shadowsocks.org/debian/dists/squeeze/Release.gpg Could not resolve ''
W: Failed to fetch http://shadowsocks.org/debian/dists/squeeze/main/i18n/Translation-en.bz2 Could not resolve ''
W: Some index files failed to download, they have been ignored, or old ones used instead.

操作报告: 添加shadowsocks.org debian源后apt-get update出现以上错误提示