vbatts/shadowsocks
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #1 from shadowsocks/master

Browse source 
update
This commit is contained in:
Shane 2018-07-13 11:37:19 +08:00 committed by GitHub
commit 7d82bab83e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 47 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -28,6 +28,11 @@ CentOS:
yum install python-setuptools && easy_install pip yum install python-setuptools && easy_install pip
pip install git+https://github.com/shadowsocks/shadowsocks.git@master pip install git+https://github.com/shadowsocks/shadowsocks.git@master
For CentOS 7, if you need AEAD ciphers, you need install libsodium
```
dnf install libsodium python34-pip
pip3 install git+https://github.com/shadowsocks/shadowsocks.git@master
```
Linux distributions with [snap](http://snapcraft.io/): Linux distributions with [snap](http://snapcraft.io/):
snap install shadowsocks snap install shadowsocks

9
shadowsocks/crypto/mbedtls.py
View file

@ -408,22 +408,20 @@ ciphers = {
def run_method(method): def run_method(method):
from shadowsocks.crypto import openssl
print(method, ': [stream]', 32) print(method, ': [stream]', 32)
cipher = MbedTLSStreamCrypto(method, b'k' * 32, b'i' * 16, 1) cipher = MbedTLSStreamCrypto(method, b'k' * 32, b'i' * 16, 1)
decipher = openssl.OpenSSLStreamCrypto(method, b'k' * 32, b'i' * 16, 0) decipher = MbedTLSStreamCrypto(method, b'k' * 32, b'i' * 16, 0)
util.run_cipher(cipher, decipher) util.run_cipher(cipher, decipher)
def run_aead_method(method, key_len=16): def run_aead_method(method, key_len=16):
from shadowsocks.crypto import openssl
print(method, ': [payload][tag]', key_len) print(method, ': [payload][tag]', key_len)
key_len = int(key_len) key_len = int(key_len)
cipher = MbedTLSAeadCrypto(method, b'k' * key_len, b'i' * key_len, 1) cipher = MbedTLSAeadCrypto(method, b'k' * key_len, b'i' * key_len, 1)
decipher = openssl.OpenSSLAeadCrypto( decipher = MbedTLSAeadCrypto(
method, method,
b'k' * key_len, b'i' * key_len, 0 b'k' * key_len, b'i' * key_len, 0
) )
@ -432,12 +430,11 @@ def run_aead_method(method, key_len=16):
def run_aead_method_chunk(method, key_len=16): def run_aead_method_chunk(method, key_len=16):
from shadowsocks.crypto import openssl
print(method, ': chunk([size][tag][payload][tag]', key_len) print(method, ': chunk([size][tag][payload][tag]', key_len)
key_len = int(key_len) key_len = int(key_len)
cipher = MbedTLSAeadCrypto(method, b'k' * key_len, b'i' * key_len, 1) cipher = MbedTLSAeadCrypto(method, b'k' * key_len, b'i' * key_len, 1)
decipher = openssl.OpenSSLAeadCrypto( decipher = MbedTLSAeadCrypto(
method, method,
b'k' * key_len, b'i' * key_len, 0 b'k' * key_len, b'i' * key_len, 0
) )

4
shadowsocks/crypto/openssl.py
View file

@ -346,6 +346,8 @@ def run_method(method):
def run_aead_method(method, key_len=16): def run_aead_method(method, key_len=16):
if not loaded:
load_openssl(None)
print(method, ': [payload][tag]', key_len) print(method, ': [payload][tag]', key_len)
cipher = libcrypto.EVP_get_cipherbyname(common.to_bytes(method)) cipher = libcrypto.EVP_get_cipherbyname(common.to_bytes(method))
if not cipher: if not cipher:
@ -362,6 +364,8 @@ def run_aead_method(method, key_len=16):
def run_aead_method_chunk(method, key_len=16): def run_aead_method_chunk(method, key_len=16):
if not loaded:
load_openssl(None)
print(method, ': chunk([size][tag][payload][tag]', key_len) print(method, ': chunk([size][tag][payload][tag]', key_len)
cipher = libcrypto.EVP_get_cipherbyname(common.to_bytes(method)) cipher = libcrypto.EVP_get_cipherbyname(common.to_bytes(method))
if not cipher: if not cipher:

7
tests/libopenssl/install.sh
View file

@ -10,3 +10,10 @@ pushd openssl-$OPENSSL_VER
# sudo ldconfig # test multiple libcrypto # sudo ldconfig # test multiple libcrypto
popd popd
rm -rf openssl-$OPENSSL_VER || exit 1 rm -rf openssl-$OPENSSL_VER || exit 1
rm /usr/bin/openssl || exit 1
rm -r /usr/include/openssl || exit 1
ln -s /usr/local/bin/openssl /usr/bin/openssl || exit 1
ln -s /usr/local/include/openssl /usr/include/openssl || exit 1
echo /usr/local/lib >> /etc/ld.so.conf || exit 1
ldconfig -v || exit 1

27
utils/autoban.py
View file

@ -24,9 +24,17 @@
from __future__ import absolute_import, division, print_function, \ from __future__ import absolute_import, division, print_function, \
with_statement with_statement
import os
import sys import sys
import socket
import argparse import argparse
import subprocess
def inet_pton(str_ip):
try:
return socket.inet_pton(socket.AF_INET, str_ip)
except socket.error:
return None
if __name__ == '__main__': if __name__ == '__main__':
parser = argparse.ArgumentParser(description='See README') parser = argparse.ArgumentParser(description='See README')
@ -37,17 +45,22 @@ if __name__ == '__main__':
ips = {} ips = {}
banned = set() banned = set()
for line in sys.stdin: for line in sys.stdin:
if 'can not parse header when' in line: if 'can not parse header when' not in line:
ip = line.split()[-1].split(':')[-2] continue
ip_str = line.split()[-1].rsplit(':', 1)[0]
ip = inet_pton(ip_str)
if ip is None:
continue
if ip not in ips: if ip not in ips:
ips[ip] = 1 ips[ip] = 1
print(ip)
sys.stdout.flush() sys.stdout.flush()
else: else:
ips[ip] += 1 ips[ip] += 1
if ip not in banned and ips[ip] >= config.count: if ip not in banned and ips[ip] >= config.count:
banned.add(ip) banned.add(ip)
cmd = 'iptables -A INPUT -s %s -j DROP' % ip print('ban ip %s' % ip_str)
print(cmd, file=sys.stderr) cmd = ['iptables', '-A', 'INPUT', '-s', ip_str, '-j', 'DROP',
'-m', 'comment', '--comment', 'autoban']
print(' '.join(cmd), file=sys.stderr)
sys.stderr.flush() sys.stderr.flush()
os.system(cmd) subprocess.call(cmd)