Merge pull request #1607 from aa65535/master

shadowsocks-libev: bump version

net/shadowsocks-libev/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=shadowsocks-libev
-PKG_VERSION:=2.2.2
+PKG_VERSION:=2.2.3
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE)
-PKG_SOURCE_VERSION:=4883903e657095b93f88a3a3b9a0dccdffdaa397
+PKG_SOURCE_VERSION:=2b1eef11973de3f7380401fd20f937e84bc2b756
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MAINTAINER:=Jian Chang <aa65535@live.com>
 
@@ -36,14 +36,14 @@ define Package/shadowsocks-libev/Default
 	TITLE:=Lightweight Secured Socks5 Proxy $(2)
 	URL:=https://github.com/shadowsocks/shadowsocks-libev
 	VARIANT:=$(1)
-	DEPENDS:=$(3) +resolveip +ipset +ip +iptables-mod-tproxy
+	DEPENDS:=$(3) +libpthread +ipset +ip +iptables-mod-tproxy
 endef
 
 Package/shadowsocks-libev = $(call Package/shadowsocks-libev/Default,openssl,(OpenSSL),+libopenssl)
 Package/shadowsocks-libev-polarssl = $(call Package/shadowsocks-libev/Default,polarssl,(PolarSSL),+libpolarssl)
 
 define Package/shadowsocks-libev/description
-Shadowsocks-libev is a lightweight secured scoks5 proxy for embedded devices and low end boxes.
+Shadowsocks-libev is a lightweight secured socks5 proxy for embedded devices and low end boxes.
 endef
 
 Package/shadowsocks-libev-polarssl/description = $(Package/shadowsocks-libev/description)

net/shadowsocks-libev/files/shadowsocks-libev.config

@@ -8,7 +8,7 @@ config shadowsocks-libev
 	option timeout '60'
 	option encrypt_method 'rc4-md5'
 	option ignore_list '/dev/null'
-	option udp_relay '0'
+	option udp_mode '0'
 	option tunnel_enable '1'
 	option tunnel_port '5300'
 	option tunnel_forward '8.8.4.4:53'

net/shadowsocks-libev/files/shadowsocks-libev.init

@@ -14,11 +14,17 @@ get_config() {
 	config_get server $1 server
 	config_get server_port $1 server_port
 	config_get local_port $1 local_port
-	config_get password $1 password
 	config_get timeout $1 timeout
+	config_get password $1 password
 	config_get encrypt_method $1 encrypt_method
 	config_get ignore_list $1 ignore_list
-	config_get udp_relay $1 udp_relay
+	config_get udp_mode $1 udp_mode
+	config_get udp_server $1 udp_server
+	config_get udp_server_port $1 udp_server_port
+	config_get udp_local_port $1 udp_local_port
+	config_get udp_timeout $1 udp_timeout
+	config_get udp_password $1 udp_password
+	config_get udp_encrypt_method $1 udp_encrypt_method
 	config_get_bool tunnel_enable $1 tunnel_enable
 	config_get tunnel_port $1 tunnel_port
 	config_get tunnel_forward $1 tunnel_forward
@@ -27,6 +33,8 @@ get_config() {
 	config_get wan_bp_ip $1 wan_bp_ip
 	config_get wan_fw_ip $1 wan_fw_ip
 	config_get ipt_ext $1 ipt_ext
+	: ${timeout:=60}
+	: ${udp_timeout:=60}
 	: ${tunnel_port:=5300}
 	: ${tunnel_forward:=8.8.4.4:53}
 }
@@ -45,6 +53,8 @@ start_rules() {
 	/usr/bin/ss-rules \
 		-s "$server" \
 		-l "$local_port" \
+		-S "$udp_server" \
+		-L "$udp_local_port" \
 		-i "$ignore_list" \
 		-a "$ac_args" \
 		-b "$wan_bp_ip" \
@@ -55,17 +65,48 @@ start_rules() {
 }
 
 start_redir() {
-	service_start /usr/bin/ss-redir \
-		-c "$CONFIG_FILE" $udp
+	cat <<-EOF >$CONFIG_FILE
+		{
+		    "server": "$server",
+		    "server_port": $server_port,
+		    "local_address": "0.0.0.0",
+		    "local_port": $local_port,
+		    "password": "$password",
+		    "timeout": $timeout,
+		    "method": "$encrypt_method"
+		}
+EOF
+	if [ "$udp_mode" = 2 ]; then
+		/usr/bin/ss-redir \
+			-c $CONFIG_FILE \
+			-f /var/run/ss-redir_t.pid
+		cat <<-EOF >$CONFIG_FILE
+			{
+			    "server": "$udp_server",
+			    "server_port": $udp_server_port,
+			    "local_address": "0.0.0.0",
+			    "local_port": $udp_local_port,
+			    "password": "$udp_password",
+			    "timeout": $udp_timeout,
+			    "method": "$udp_encrypt_method"
+			}
+EOF
+	fi
+	/usr/bin/ss-redir \
+		-c $CONFIG_FILE \
+		-f /var/run/ss-redir.pid \
+		$udp
 	return $?
 }
 
 start_tunnel() {
-	service_start /usr/bin/ss-tunnel \
-		-c "$CONFIG_FILE" \
-		-l "$tunnel_port" \
-		-L "$tunnel_forward" \
-		-u
+	: ${udp:="-u"}
+	/usr/bin/ss-tunnel \
+		-c $CONFIG_FILE \
+		-l $tunnel_port \
+		-L $tunnel_forward \
+		-f /var/run/ss-tunnel.pid \
+		$udp
 	return $?
 }
 
@@ -73,25 +114,26 @@ rules() {
 	config_load shadowsocks-libev
 	config_foreach get_config shadowsocks-libev
 	[ "$enable" = 1 ] || exit 0
-	[ "$udp_relay" = 1 ] && udp="-u"
-	mkdir -p $(dirname $CONFIG_FILE)
+	mkdir -p /var/run /var/etc
 
 	: ${server:?}
 	: ${server_port:?}
 	: ${local_port:?}
 	: ${password:?}
 	: ${encrypt_method:?}
-	cat <<-EOF >$CONFIG_FILE
-		{
-		    "server": "$server",
-		    "server_port": $server_port,
-		    "local_address": "0.0.0.0",
-		    "local_port": $local_port,
-		    "password": "$password",
-		    "timeout": $timeout,
-		    "method": "$encrypt_method"
-		}
-EOF
+	case $udp_mode in
+		1) udp="-u"
+		;;
+		2)
+			udp="-U"
+			: ${udp_server:?}
+			: ${udp_server_port:?}
+			: ${udp_local_port:?}
+			: ${udp_password:?}
+			: ${udp_encrypt_method:?}
+		;;
+	esac
+
 	start_rules
 }
 
@@ -109,7 +151,6 @@ start() {
 
 stop() {
 	/usr/bin/ss-rules -f
-	service_stop /usr/bin/ss-redir
-	service_stop /usr/bin/ss-tunnel
-	rm -f $CONFIG_FILE
+	killall -q -9 ss-redir
+	killall -q -9 ss-tunnel
 }

net/shadowsocks-libev/files/ss-rules

@@ -16,6 +16,8 @@ usage() {
 		    -e <extra_options>      extra options for iptables
 		    -o                      apply the rules to the OUTPUT chain
 		    -u                      enable udprelay mode, TPROXY is required
+		    -U                      enable udprelay mode, using different IP
+		                            and ports for TCP and UDP
 		    -f                      flush the rules
 EOF
 }
@@ -69,7 +71,7 @@ EOF
 fw_rule() {
 	$ipt_n -N SS_SPEC_WAN_FW && \
 	$ipt_n -A SS_SPEC_WAN_FW -p tcp \
-		-j REDIRECT --to-ports $LOCAL_PORT 2>/dev/null || {
+		-j REDIRECT --to-ports $local_port 2>/dev/null || {
 		loger 3 "Can't redirect, please check the iptables."
 		exit 1
 	}
@@ -111,7 +113,7 @@ EOF
 }
 
 tp_rule() {
-	[ "$TPROXY" = 1 ] || return 0
+	[ -n "$TPROXY" ] || return 0
 	ip rule add fwmark 0x01/0x01 table 100
 	ip route add local 0.0.0.0/0 dev lo table 100
 	$ipt_m -N SS_SPEC_TPROXY
@@ -123,12 +125,18 @@ tp_rule() {
 	return $?
 }
 
-while getopts ":s:l:c:i:e:a:b:w:ouf" arg; do
+while getopts ":s:l:S:L:i:e:a:b:w:ouUf" arg; do
 	case $arg in
 		s)
-			SERVER=$OPTARG
+			server=$OPTARG
 			;;
 		l)
+			local_port=$OPTARG
+			;;
+		S)
+			SERVER=$OPTARG
+			;;
+		L)
 			LOCAL_PORT=$OPTARG
 			;;
 		i)
@@ -152,6 +160,9 @@ while getopts ":s:l:c:i:e:a:b:w:ouf" arg; do
 		u)
 			TPROXY=1
 			;;
+		U)
+			TPROXY=2
+			;;
 		f)
 			flush_r
 			exit 0
@@ -159,16 +170,20 @@ while getopts ":s:l:c:i:e:a:b:w:ouf" arg; do
 	esac
 done
 
-if [ -z "$SERVER" -o -z "$LOCAL_PORT" ]; then
+if [ -z "$server" -o -z "$local_port" ]; then
 	usage
 	exit 2
 fi
 
-SERVER=$(resolveip -t60 $SERVER)
+if [ "$TPROXY" = 1 ]; then
+	SERVER=$server
+	LOCAL_PORT=$local_port
+fi
 
-if [ -z "$SERVER" ]; then
-	loger 3 "Can't resolve the server hostname."
-	exit 1
+if [ "$TPROXY" = 2 ]; then
+	if [ -z "$SERVER" -o -z "$LOCAL_PORT" ]; then
+		loger 3 "Please use -S and -L specifies IP and port for UDP."
+	fi
 fi
 
 if [ -f "$IGNORE" ]; then
@@ -176,6 +191,7 @@ if [ -f "$IGNORE" ]; then
 fi
 
 IPLIST=$(cat <<-EOF | grep -E "^([0-9]{1,3}\.){3}[0-9]{1,3}"
+	$server
 	$SERVER
 	0.0.0.0/8
 	10.0.0.0/8