commit
7d82bab83e
5 changed files with 47 additions and 21 deletions
|
@ -28,6 +28,11 @@ CentOS:
|
|||
yum install python-setuptools && easy_install pip
|
||||
pip install git+https://github.com/shadowsocks/shadowsocks.git@master
|
||||
|
||||
For CentOS 7, if you need AEAD ciphers, you need install libsodium
|
||||
```
|
||||
dnf install libsodium python34-pip
|
||||
pip3 install git+https://github.com/shadowsocks/shadowsocks.git@master
|
||||
```
|
||||
Linux distributions with [snap](http://snapcraft.io/):
|
||||
|
||||
snap install shadowsocks
|
||||
|
|
|
@ -408,22 +408,20 @@ ciphers = {
|
|||
|
||||
|
||||
def run_method(method):
|
||||
from shadowsocks.crypto import openssl
|
||||
|
||||
print(method, ': [stream]', 32)
|
||||
cipher = MbedTLSStreamCrypto(method, b'k' * 32, b'i' * 16, 1)
|
||||
decipher = openssl.OpenSSLStreamCrypto(method, b'k' * 32, b'i' * 16, 0)
|
||||
decipher = MbedTLSStreamCrypto(method, b'k' * 32, b'i' * 16, 0)
|
||||
|
||||
util.run_cipher(cipher, decipher)
|
||||
|
||||
|
||||
def run_aead_method(method, key_len=16):
|
||||
from shadowsocks.crypto import openssl
|
||||
|
||||
print(method, ': [payload][tag]', key_len)
|
||||
key_len = int(key_len)
|
||||
cipher = MbedTLSAeadCrypto(method, b'k' * key_len, b'i' * key_len, 1)
|
||||
decipher = openssl.OpenSSLAeadCrypto(
|
||||
decipher = MbedTLSAeadCrypto(
|
||||
method,
|
||||
b'k' * key_len, b'i' * key_len, 0
|
||||
)
|
||||
|
@ -432,12 +430,11 @@ def run_aead_method(method, key_len=16):
|
|||
|
||||
|
||||
def run_aead_method_chunk(method, key_len=16):
|
||||
from shadowsocks.crypto import openssl
|
||||
|
||||
print(method, ': chunk([size][tag][payload][tag]', key_len)
|
||||
key_len = int(key_len)
|
||||
cipher = MbedTLSAeadCrypto(method, b'k' * key_len, b'i' * key_len, 1)
|
||||
decipher = openssl.OpenSSLAeadCrypto(
|
||||
decipher = MbedTLSAeadCrypto(
|
||||
method,
|
||||
b'k' * key_len, b'i' * key_len, 0
|
||||
)
|
||||
|
|
|
@ -346,6 +346,8 @@ def run_method(method):
|
|||
|
||||
def run_aead_method(method, key_len=16):
|
||||
|
||||
if not loaded:
|
||||
load_openssl(None)
|
||||
print(method, ': [payload][tag]', key_len)
|
||||
cipher = libcrypto.EVP_get_cipherbyname(common.to_bytes(method))
|
||||
if not cipher:
|
||||
|
@ -362,6 +364,8 @@ def run_aead_method(method, key_len=16):
|
|||
|
||||
def run_aead_method_chunk(method, key_len=16):
|
||||
|
||||
if not loaded:
|
||||
load_openssl(None)
|
||||
print(method, ': chunk([size][tag][payload][tag]', key_len)
|
||||
cipher = libcrypto.EVP_get_cipherbyname(common.to_bytes(method))
|
||||
if not cipher:
|
||||
|
|
|
@ -10,3 +10,10 @@ pushd openssl-$OPENSSL_VER
|
|||
# sudo ldconfig # test multiple libcrypto
|
||||
popd
|
||||
rm -rf openssl-$OPENSSL_VER || exit 1
|
||||
|
||||
rm /usr/bin/openssl || exit 1
|
||||
rm -r /usr/include/openssl || exit 1
|
||||
ln -s /usr/local/bin/openssl /usr/bin/openssl || exit 1
|
||||
ln -s /usr/local/include/openssl /usr/include/openssl || exit 1
|
||||
echo /usr/local/lib >> /etc/ld.so.conf || exit 1
|
||||
ldconfig -v || exit 1
|
||||
|
|
|
@ -24,9 +24,17 @@
|
|||
from __future__ import absolute_import, division, print_function, \
|
||||
with_statement
|
||||
|
||||
import os
|
||||
import sys
|
||||
import socket
|
||||
import argparse
|
||||
import subprocess
|
||||
|
||||
|
||||
def inet_pton(str_ip):
|
||||
try:
|
||||
return socket.inet_pton(socket.AF_INET, str_ip)
|
||||
except socket.error:
|
||||
return None
|
||||
|
||||
if __name__ == '__main__':
|
||||
parser = argparse.ArgumentParser(description='See README')
|
||||
|
@ -37,17 +45,22 @@ if __name__ == '__main__':
|
|||
ips = {}
|
||||
banned = set()
|
||||
for line in sys.stdin:
|
||||
if 'can not parse header when' in line:
|
||||
ip = line.split()[-1].split(':')[-2]
|
||||
if 'can not parse header when' not in line:
|
||||
continue
|
||||
ip_str = line.split()[-1].rsplit(':', 1)[0]
|
||||
ip = inet_pton(ip_str)
|
||||
if ip is None:
|
||||
continue
|
||||
if ip not in ips:
|
||||
ips[ip] = 1
|
||||
print(ip)
|
||||
sys.stdout.flush()
|
||||
else:
|
||||
ips[ip] += 1
|
||||
if ip not in banned and ips[ip] >= config.count:
|
||||
banned.add(ip)
|
||||
cmd = 'iptables -A INPUT -s %s -j DROP' % ip
|
||||
print(cmd, file=sys.stderr)
|
||||
print('ban ip %s' % ip_str)
|
||||
cmd = ['iptables', '-A', 'INPUT', '-s', ip_str, '-j', 'DROP',
|
||||
'-m', 'comment', '--comment', 'autoban']
|
||||
print(' '.join(cmd), file=sys.stderr)
|
||||
sys.stderr.flush()
|
||||
os.system(cmd)
|
||||
subprocess.call(cmd)
|
||||
|
|
Loading…
Reference in a new issue