Awesome

Shadowsocks-ex

shadowsocks-ex is a elixir port of shadowsocks

A fast tunnel proxy that helps you bypass firewalls.

Features:

• TCP support
• UDP support (only server)
• Client support (socks5 and http proxy)
• Server support
• OTA support
• Mulit user support
• Transparent Proxy Client support
• Anti protocol detection
• IP blacklist support
• Simple obfs support

Encryption methods

• rc4-md5
• aes-128-cfb
• aes-192-cfb
• aes-256-cfb
• aes-128-ctr
• aes-192-ctr
• aes-256-ctr
• aes-128-gcm
• aes-192-gcm
• aes-256-gcm

Installation

The package can be installed by adding shadowsocks to your list of dependencies in mix.exs:

def deps do
  [{:shadowsocks, "~> 0.5"}]
end

Documentation

The online docs can be found at https://hexdocs.pm/shadowsocks.

Usage

start a listener

Shadowsocks.start(args)

the args is a keyword list, fields:

• type required atom - the connection type, :client or :server or custom module name

  There are currently four built-in type:

  1. Shadowsocks.Conn.Client - general client, alias is :client
  2. Shadowsocks.Conn.Server - general server, alias is :server
  3. Shadowsocks.Conn.TransparentClient - transparent client, use iptables forward to this port instead socks5 client
  4. Shadowsocks.Conn.ObfsServer - simple http obfs server (Compatible with raw protocol, It means that can both accept http obfs client and original shadowsocks client. see: https://github.com/shadowsocks/simple-obfs)

• port required integer - listen port

• ip optional tuple - listen ip, example: {127,0,0,1}

• method optional string - encode method, default: "rc4-md5"

• password required string - encode password

• ota optional bool - is force open one time auth, default: false

• server optional tuple - required if type is :client, example: {"la.ss.org", 8388}

• udp optional bool - enable udp relay (only support server side)

stop a listener

Shadowsocks.stop(port)

stop listener by listen port, always return :ok

update listener args

Shadowsocks.update(port, args)

the args is a keyword list, see Shadowsocks.start/1 method

IP blacklist

block ip

# block ipv4 address (also will add a ipv6 rule when ipv4 rule added)
Shadowsocks.BlackList.add({127,0,0,1})
# block ipv6 address
Shadowsocks.BlackList.add({0,0,0,0,0,0,0,1})

unblock ip

Shadowsocks.BlackList.del({127,0,0,1})

clear blacklist

# clear all rules
Shadowsocks.BlackList.clear(:all)
# clear static rules
Shadowsocks.BlackList.clear(:static)
# clear dynamic rules
Shadowsocks.BlackList.clear(:dynamic)

list blacklist

Shadowsocks.BlackList.list()

Configuration

startup listeners example:

config :shadowsocks, :listeners,
  [
    [
      type: :server,
      method: "aes-192-cfb",
      password: "pass",
      port: 8888,
      ota: true,
      ip: {127, 0, 0, 1}
    ],
    [
      type: Shadowsocks.Conn.Http302,
      method: "rc4-md5",
      password: "pass",
      port: 8889,
      ota: false,
      ip: {0, 0, 0, 0},
      redirect_url: "https://google.com"
    ],
    [
      type: :client,
      method: "aes-192-cfb",
      password: "pass",
      server: {"localhost", 8888},
      port: 1080,
      ota: true,
      ip: {127, 0, 0, 1}
    ],
  ]

compile time configs

config :shadowsocks, :report,
    port_min_flow: 5 * 1024 * 1024, # report flow when cached flow exceed :port_min_flow
    port_min_time: 60 * 1000,       # report flow when cached flow after :port_min_time
    conn_min_flow: 5 * 1024 * 1024  # send flow to listener when cached flow exceed :conn_min_flow

config :shadowsocks, :protocol,
  recv_timeout: 180000,             # timeout for receive header
  anti_max_time: 10000,             # anti max delay time (ms), random sleep time before close connection
  anti_max_bytes: 500,              # anti max reply bytes, random bytes send to client
  anti_detect: true                 # on / off anti protocol detection
config :shadowsocks,:skip_localhost, true # skip local lookback address(remote address), prevent attacks

runtime configs

# dynamic block attack ip
config :shadowsocks, :dynamic_blocklist,
  enable: true,
  attack_times: 30, # block ip when attack times more than attack_times in attack_time
  collect_duration: 3600 * 1000, # collect attack times every collect_duration
  block_expire: 7 * 3600 * 1000 # how long to block ip

Connection Events

Event name: Shadowsocks.Event

events:

{:port, :open, port}                       # when start listener on port
{:conn, :open, {port, pid, addr}}  # when received connection request
{:conn, :close, {port, pid, reason, flow}} # when connection process exited
{:conn, :connect, {port, pid, {ret, addr, port}}} # connect to remote addr result
{:port, :flow, {port, down, up}}           # flow report on the port
{:bad_request, port, addr} # bad client connection detected (`port` is listener port, `addr` is client addr)
{:dynamic_blocked, addr} # the addr was blocked by dynamic block rules