Awesome
Shadowsocks-ex
shadowsocks-ex is a elixir port of shadowsocks
A fast tunnel proxy that helps you bypass firewalls.
Features:
- TCP support
- UDP support (only server)
- Client support (socks5 and http proxy)
- Server support
- OTA support
- Mulit user support
- Transparent Proxy Client support
- Anti protocol detection
- IP blacklist support
- Simple obfs support
Encryption methods
- rc4-md5
- aes-128-cfb
- aes-192-cfb
- aes-256-cfb
- aes-128-ctr
- aes-192-ctr
- aes-256-ctr
- aes-128-gcm
- aes-192-gcm
- aes-256-gcm
Installation
The package can be installed
by adding shadowsocks
to your list of dependencies in mix.exs
:
def deps do
[{:shadowsocks, "~> 0.5"}]
end
Documentation
The online docs can be found at https://hexdocs.pm/shadowsocks.
Usage
start a listener
Shadowsocks.start(args)
the args
is a keyword list, fields:
-
type
requiredatom
- the connection type,:client
or:server
or custom module nameThere are currently four built-in
type
:Shadowsocks.Conn.Client
- general client, alias is:client
Shadowsocks.Conn.Server
- general server, alias is:server
Shadowsocks.Conn.TransparentClient
- transparent client, use iptables forward to this port instead socks5 clientShadowsocks.Conn.ObfsServer
- simple http obfs server (Compatible with raw protocol, It means that can both accept http obfs client and original shadowsocks client. see: https://github.com/shadowsocks/simple-obfs)
-
port
requiredinteger
- listen port -
ip
optionaltuple
- listen ip, example:{127,0,0,1}
-
method
optionalstring
- encode method, default:"rc4-md5"
-
password
requiredstring
- encode password -
ota
optionalbool
- is force open one time auth, default:false
-
server
optionaltuple
- required iftype
is:client
, example:{"la.ss.org", 8388}
-
udp
optionalbool
- enable udp relay (only support server side)
stop a listener
Shadowsocks.stop(port)
stop listener by listen port, always return :ok
update listener args
Shadowsocks.update(port, args)
the args
is a keyword list, see Shadowsocks.start/1
method
IP blacklist
block ip
# block ipv4 address (also will add a ipv6 rule when ipv4 rule added)
Shadowsocks.BlackList.add({127,0,0,1})
# block ipv6 address
Shadowsocks.BlackList.add({0,0,0,0,0,0,0,1})
unblock ip
Shadowsocks.BlackList.del({127,0,0,1})
clear blacklist
# clear all rules
Shadowsocks.BlackList.clear(:all)
# clear static rules
Shadowsocks.BlackList.clear(:static)
# clear dynamic rules
Shadowsocks.BlackList.clear(:dynamic)
list blacklist
Shadowsocks.BlackList.list()
Configuration
startup listeners example:
config :shadowsocks, :listeners,
[
[
type: :server,
method: "aes-192-cfb",
password: "pass",
port: 8888,
ota: true,
ip: {127, 0, 0, 1}
],
[
type: Shadowsocks.Conn.Http302,
method: "rc4-md5",
password: "pass",
port: 8889,
ota: false,
ip: {0, 0, 0, 0},
redirect_url: "https://google.com"
],
[
type: :client,
method: "aes-192-cfb",
password: "pass",
server: {"localhost", 8888},
port: 1080,
ota: true,
ip: {127, 0, 0, 1}
],
]
compile time configs
config :shadowsocks, :report,
port_min_flow: 5 * 1024 * 1024, # report flow when cached flow exceed :port_min_flow
port_min_time: 60 * 1000, # report flow when cached flow after :port_min_time
conn_min_flow: 5 * 1024 * 1024 # send flow to listener when cached flow exceed :conn_min_flow
config :shadowsocks, :protocol,
recv_timeout: 180000, # timeout for receive header
anti_max_time: 10000, # anti max delay time (ms), random sleep time before close connection
anti_max_bytes: 500, # anti max reply bytes, random bytes send to client
anti_detect: true # on / off anti protocol detection
config :shadowsocks,:skip_localhost, true # skip local lookback address(remote address), prevent attacks
runtime configs
# dynamic block attack ip
config :shadowsocks, :dynamic_blocklist,
enable: true,
attack_times: 30, # block ip when attack times more than attack_times in attack_time
collect_duration: 3600 * 1000, # collect attack times every collect_duration
block_expire: 7 * 3600 * 1000 # how long to block ip
Connection Events
Event name: Shadowsocks.Event
events:
{:port, :open, port} # when start listener on port
{:conn, :open, {port, pid, addr}} # when received connection request
{:conn, :close, {port, pid, reason, flow}} # when connection process exited
{:conn, :connect, {port, pid, {ret, addr, port}}} # connect to remote addr result
{:port, :flow, {port, down, up}} # flow report on the port
{:bad_request, port, addr} # bad client connection detected (`port` is listener port, `addr` is client addr)
{:dynamic_blocked, addr} # the addr was blocked by dynamic block rules