2023.08.08 Update

shadowsocks-libev/Makefile

@@ -1,129 +0,0 @@
-#
-# Copyright (C) 2017-2020 Yousong Zhou <yszhou4tech@gmail.com>
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-# Checklist when bumping versions
-#
-# - update cipher list by checking src/crypto.c:crypto_init()
-# - check if default mode has changed from being tcp_only
-#
-PKG_NAME:=shadowsocks-libev
-PKG_VERSION:=3.3.5
-PKG_RELEASE:=9
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION)
-PKG_HASH:=cfc8eded35360f4b67e18dc447b0c00cddb29cc57a3cec48b135e5fb87433488
-
-PKG_MAINTAINER:=Yousong Zhou <yszhou4tech@gmail.com>
-
-PKG_LICENSE:=GPL-3.0-or-later
-PKG_LICENSE_FILES:=LICENSE
-
-PKG_FIXUP:=autoreconf
-PKG_INSTALL:=1
-PKG_BUILD_FLAGS:=no-mips16 lto
-PKG_BUILD_PARALLEL:=1
-PKG_BUILD_DEPENDS:=c-ares pcre
-
-include $(INCLUDE_DIR)/package.mk
-
-
-define Package/shadowsocks-libev-config
-  SECTION:=net
-  CATEGORY:=Network
-  SUBMENU:=Web Servers/Proxies
-  TITLE:=shadowsocks-libev config scripts
-  URL:=https://github.com/shadowsocks/shadowsocks-libev
-endef
-
-define Package/shadowsocks-libev-config/conffiles
-/etc/config/shadowsocks-libev
-endef
-
-define Package/shadowsocks-libev-config/install
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DATA) ./files/shadowsocks-libev.config $(1)/etc/config/shadowsocks-libev
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/shadowsocks-libev.init $(1)/etc/init.d/shadowsocks-libev
-endef
-
-
-define Package/shadowsocks-libev/Default
-  define Package/shadowsocks-libev-$(1)
-    SECTION:=net
-    CATEGORY:=Network
-    SUBMENU:=Web Servers/Proxies
-    TITLE:=shadowsocks-libev $(1)
-    URL:=https://github.com/shadowsocks/shadowsocks-libev
-    DEPENDS:=+libev +libmbedtls +libpthread +libsodium +shadowsocks-libev-config $(DEPENDS_$(1))
-  endef
-
-  define Package/shadowsocks-libev-$(1)/install
-	$$(INSTALL_DIR) $$(1)/usr/bin
-	$$(INSTALL_BIN) $$(PKG_INSTALL_DIR)/usr/bin/$(1) $$(1)/usr/bin
-  endef
-
-endef
-
-DEPENDS_ss-local = +libpcre
-DEPENDS_ss-server = +libcares +libpcre
-
-SHADOWSOCKS_COMPONENTS:=ss-local ss-redir ss-tunnel ss-server
-define shadowsocks-libev/templates
-  $(foreach component,$(SHADOWSOCKS_COMPONENTS),
-    $(call Package/shadowsocks-libev/Default,$(component))
-  )
-endef
-$(eval $(call shadowsocks-libev/templates))
-
-
-define Package/shadowsocks-libev-ss-rules
-  SECTION:=net
-  CATEGORY:=Network
-  SUBMENU:=Web Servers/Proxies
-  TITLE:=shadowsocks-libev ss-rules
-  URL:=https://github.com/shadowsocks/shadowsocks-libev
-  DEPENDS:=+firewall4 \
-	   +ip \
-	   +resolveip \
-	   +ucode \
-	   +ucode-mod-fs \
-	   +shadowsocks-libev-ss-redir \
-	   +shadowsocks-libev-config \
-	   +kmod-nft-tproxy
-endef
-
-define Package/shadowsocks-libev-ss-rules/install
-	$(INSTALL_DIR) $(1)/usr/share/ss-rules
-	$(INSTALL_DATA) ./files/ss-rules/* $(1)/usr/share/ss-rules/
-endef
-
-define Build/Prepare
-	$(call Build/Prepare/Default)
-	$(FIND) $(PKG_BUILD_DIR) \
-			   -name '*.o' \
-			-o -name '*.lo' \
-			-o -name '.deps' \
-			-o -name '.libs' \
-		| $(XARGS) rm -rvf
-endef
-
-CONFIGURE_ARGS += \
-	--disable-documentation \
-	--disable-silent-rules \
-	--disable-assert \
-	--disable-ssp \
-
-TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
-
-$(eval $(call BuildPackage,shadowsocks-libev-config))
-$(eval $(call BuildPackage,shadowsocks-libev-ss-rules))
-$(foreach component,$(SHADOWSOCKS_COMPONENTS), \
-  $(eval $(call BuildPackage,shadowsocks-libev-$(component))) \
-)

shadowsocks-libev/README.md

@@ -1,185 +0,0 @@
-Skip to [recipes](#recipes) for quick setup instructions
-
-# components
-
-`ss-local` provides SOCKS5 proxy with UDP associate support.
-
-	 socks5                                     ss              plain
-	--------> tcp:local_address:local_port ----> ss server -------> dest
-
-`ss-redir`.  The REDIRECT and TPROXY part are to be provided by `ss-rules` script.  REDIRECT is for tcp traffic (`SO_ORIGINAL_DST` only supports TCP).  TPROXY is for udp messages, but it's only available in the PREROUTING chain and as such cannot proxy local out traffic.
-
-	  plain             plain                                 ss              plain
-	---------> REDIRECT ------> tcp:local_address:local_port ----> ss server -----> original dest
-
-	  plain            plain                                 ss              plain
-	---------> TPROXY -------> udp:local_address:local_port -----> ss server -----> original dest
-
-`ss-tunnel` provides ssh `-L` local-forwarding-like tunnel.  Typically it's used to tunnel DNS traffic to the remote.
-
-	  plain                                       ss               plain
-	---------> tcp|udp:local_address:local_port ------> ss server -------> tunnel_address
-
-`ss-server`, the "ss server" in the above diagram
-
-# uci
-
-Option names are the same as those used in json config files.  Check `validate_xxx` func definition of the [service script](files/shadowsocks-libev.init) and shadowsocks-libev's own documentation for supported options and expected value types.  A [sample config file](files/shadowsocks-libev.config) is also provided for reference.
-
-Every section have a `disabled` option to temporarily turn off the component instance or component instances referring to it.
-
-Section type `server` is for definition of remote shadowsocks servers.  They will be referred to from other component sections and as such should be named (as compared to anonymous section).
-
-Section type `ss_local`, `ss_redir`, `ss_tunnel` are for specification of shadowsocks-libev components.  They share mostly a common set of options like `local_port`, `verbose`, `fast_open`, `timeout`, etc.
-
-Plugin options should be specified in `server` section and will be inherited by other compoenents referring to it.
-
-We can have multiple instances of component and `server` sections.  The relationship between them is many-to-one.  This will have the following implications
-
- - It's possible to have both `ss_local` and `ss_redir` referring to the same `server` definition
- - It's possible to have multiple instances of `ss_redir` listening on the same address:port with `reuse_port` enabled referring to the same or different `server` sections
-
-`ss_rules` section is for configuring the behaviour of `ss-rules` script.  There can only exist at most one such section with the name also being `ss_rules`
-
-	redir_tcp		name of ss_redir section with mode tcp_only or tcp_and_udp
-	redir_udp		name of ss_redir section with mode udp_only or tcp_and_udp
-	ifnames			only apply rules on packets from these ifnames
-
-	--- for incoming packets having source address in
-
-	src_ips_bypass		will bypass the redir chain
-	src_ips_forward		will always go through the redir chain
-	src_ips_checkdst	will continue to have their destination addresses checked
-
-	--- otherwise, the default action can be specified with
-
-	src_default		bypass, forward, [checkdst]
-
-	--- if the previous check result is checkdst,
-	--- then packets having destination address in
-
-	dst_ips_bypass_file
-	dst_ips_bypass		will bypass the redir chain
-	dst_ips_forward_file
-	dst_ips_forward		will go through the redir chain
-
-	--- otherwise, the default action can be specified with
-
-	dst_default		[bypass], forward
-
-	--- for local out tcp packets, the default action can be specified with
-
-	local_default		[bypass], forward, checkdst
-
-ss-rules now uses nft set for storing addresses/networks.  Those set names are also part of the API and can be populated by other programs, e.g. dnsmasq with builtin nft set support.  Note that while nftables set supports storing cidr networks when `interval` flag is on, it rejects elements with overlaping intervals.
-
-Extra nftables expressions can be specified with `nft_tcp_extra` and `nft_udp_extra` to apply ss_rules only to selected tcp/udp traffics.  E.g. `tcp dport { 80, 443 }`, `udp dport 53`, etc.
-
-# incompatible changes
-
-| Commit date | Commit ID | Subject | Comment |
-| ----------- | --------- | ------- | ------- |
-| 2022-03-01  | fdaf2de2a | shadowsocks-libev: ss-rules: convert to using nft | ss-rules now uses nftables. UCI option ipt_args and dst_forward_recentrst are now deprecated and removed |
-| 2020-08-03  | 7d7cbae75 | shadowsocks-libev: support ss-server option local_address_{v4,v6} | ss_server bind_address now deprecated, use local_address |
-| 2019-05-09  | afe7d3424 | shadowsocks-libev: move plugin options to server section | This is a revision against c19e949 committed 2019-05-06 |
-| 2017-07-02  | b61af9703 | shadowsocks-libev: rewrite | Packaging of shadowsocks-libev was rewritten from scratch |
-
-# notes and faq
-
-Useful paths and commands for debugging
-
-	# check current running status
-	ubus call service list '{"name": "shadowsocks-libev"}'
-	ubus call service list '{"name": "shadowsocks-libev", "verbose": true}'
-
-	# dump validate definition
-	ubus call service validate '{"package": "shadowsocks-libev"}'
-	ubus call service validate '{"package": "shadowsocks-libev"}' \
-		| jsonfilter -e '$["shadowsocks-libev"]["ss_tunnel"]'
-
-	# check json config
-	ls -l /var/etc/shadowsocks-libev/
-
-	# set uci config option verbose to 1, restart the service and follow the log
-	logread -f
-
-ss-redir needs to open a new socket and setsockopt IP_TRANSPARENT when sending udp reply to client.  This requires `CAP_NET_ADMIN` and as such the process cannot run as `nobody`
-
-ss-local, ss-redir, etc. supports specifying an array of remote ss server, but supporting this in uci seems to be overkill.  The workaround can be defining multiple `server` sections and multiple `ss-redir` instances with `reuse_port` enabled
-
-# recipes
-
-## forward all
-
-This will setup firewall rules to forward almost all incoming tcp/udp and locally generated tcp traffic (excluding those to private addresses like 192.168.0.0/16 etc.) through remote shadowsocks server
-
-Install components.
-Retry each command till it succeed
-
-	opkg install shadowsocks-libev-ss-redir
-	opkg install shadowsocks-libev-ss-rules
-	opkg install shadowsocks-libev-ss-tunnel
-
-Edit uci config `/etc/config/shadowsocks-libev`.
-Replace `config server 'sss0'` section with parameters of your own remote shadowsocks server.
-As for other options, change them only when you know the effect.
-
-	config server 'sss0'
-		option disabled 0
-		option server '_sss_addr_'
-		option server_port '_sss_port_'
-		option password '********'
-		option method 'aes-256-cfb'
-
-	config ss_tunnel
-		option disabled 0
-		option server 'sss0'
-		option local_address '0.0.0.0'
-		option local_port '8053'
-		option tunnel_address '8.8.8.8:53'
-		option mode 'tcp_and_udp'
-
-	config ss_redir ssr0
-		option disabled 0
-		option server 'sss0'
-		option local_address '0.0.0.0'
-		option local_port '1100'
-		option mode 'tcp_and_udp'
-		option reuse_port 1
-
-	config ss_rules 'ss_rules'
-		option disabled 0
-		option redir_tcp 'ssr0'
-		option redir_udp 'ssr0'
-		option src_default 'checkdst'
-		option dst_default 'forward'
-		option local_default 'forward'
-
-Restart shadowsocks-libev components
-
-	/etc/init.d/shadowsocks-libev restart
-
-Check if things are in place
-
-	nft list ruleset | sed -r -n '/^\t[a-z]+ ss_rules[^ ]+ \{/,/^\t\}/p'
-	netstat -lntp | grep -E '8053|1100'
-	ps ww | grep ss-
-
-Edit `/etc/config/dhcp`, making sure options are present in the first dnsmasq section like the following to let it use local tunnel endpoint for upstream dns query.
-Option `noresolv` instructs dnsmasq to not use other dns servers like advertised by local isp.
-Option `localuse` intends to make sure the device you are configuring also uses this dnsmasq instance as the resolver, not the ones from other sources.
-
-	config dnsmasq
-		...
-		list server '127.0.0.1#8053'
-		option noresolv 1
-		option localuse 1
-
-Restart dnsmasq
-
-	/etc/init.d/dnsmasq restart
-
-Check network on your computer
-
-	nslookup www.google.com
-	curl -vv https://www.google.com

shadowsocks-libev/files/shadowsocks-libev.config

@@ -1,60 +0,0 @@
-config ss_local
-	option disabled 1
-	option server 'sss0'
-	option local_address '0.0.0.0'
-	option local_port '1080'
-	option timeout '30'
-
-config ss_tunnel
-	option disabled 1
-	option server 'sss0'
-	option local_address '0.0.0.0'
-	option local_port '1090'
-	option tunnel_address 'example.com:80'
-	option mode 'tcp_and_udp'
-	option timeout '60'
-
-config ss_redir hi
-	option disabled 1
-	option server 'sss0'
-	option local_address '0.0.0.0'
-	option local_port '1100'
-	option mode 'tcp_and_udp'
-	option timeout '60'
-	option fast_open 1
-	option verbose 1
-	option reuse_port 1
-
-config ss_redir hj
-	option disabled 1
-	option server 'sss0'
-	option local_address '0.0.0.0'
-	option local_port '1100'
-	option mode 'tcp_and_udp'
-	option timeout '60'
-	option fast_open 1
-	option verbose 1
-	option reuse_port 1
-
-config ss_rules 'ss_rules'
-	option disabled 1
-	option redir_tcp 'hi'
-	option redir_udp 'hi'
-	option src_default 'checkdst'
-	option dst_default 'bypass'
-	option local_default 'checkdst'
-	list src_ips_forward '192.168.1.4'
-	list dst_ips_forward '8.8.8.8'
-
-config server 'sss0'
-	option disabled 1
-	option server '192.168.1.3'
-	option server_port '9001'
-	option password '********'
-	option method 'aes-256-cfb'
-
-config ss_server
-	option disabled 1
-	option server_port '9001'
-	option password '********'
-	option method 'aes-256-cfb'

shadowsocks-libev/files/shadowsocks-libev.init

@@ -1,320 +0,0 @@
-#!/bin/sh /etc/rc.common
-#
-# Copyright (C) 2017-2019 Yousong Zhou <yszhou4tech@gmail.com>
-#
-# This is free software, licensed under the GNU General Public License v3.
-# See /LICENSE for more information.
-#
-
-USE_PROCD=1
-START=99
-
-ss_confdir=/var/etc/shadowsocks-libev
-ss_bindir=/usr/bin
-
-ssrules_uc="/usr/share/ss-rules/ss-rules.uc"
-ssrules_nft="/etc/nftables.d/90-ss-rules.nft"
-
-ss_mkjson_server_conf() {
-	local cfgserver
-
-	config_get cfgserver "$cfg" server
-	[ -n "$cfgserver" ] || return 1
-	eval "$(validate_server_section "$cfg" ss_validate_mklocal)"
-	validate_server_section "$cfgserver" || return 1
-	[ "$disabled" = 0 ] || return 1
-	ss_mkjson_server_conf_ "$cfgserver"
-}
-
-ss_mkjson_server_conf_() {
-	[ -n "$server_port" ] || return 1
-	[ -z "$server" ] || json_add_string server "$server"
-	json_add_int server_port "$server_port"
-	[ -z "$method" ] || json_add_string method "$method"
-	[ -z "$key" ] || json_add_string key "$key"
-	[ -z "$password" ] || json_add_string password "$password"
-	[ -z "$plugin" ] || json_add_string plugin "$plugin"
-	[ -z "$plugin_opts" ] || json_add_string plugin_opts "$plugin_opts"
-}
-
-ss_mkjson_ss_local_conf() {
-	ss_mkjson_server_conf
-}
-
-ss_mkjson_ss_redir_conf() {
-	ss_mkjson_server_conf
-}
-
-ss_mkjson_ss_server_conf() {
-	ss_mkjson_server_conf_
-}
-
-ss_mkjson_ss_tunnel_conf() {
-	ss_mkjson_server_conf || return 1
-	[ -n "$tunnel_address" ] || return 1
-	json_add_string tunnel_address "$tunnel_address"
-}
-
-ss_xxx() {
-	local cfg="$1"
-	local cfgtype="$2"
-	local bin="$ss_bindir/${cfgtype/_/-}"
-	local confjson="$ss_confdir/$cfgtype.$cfg.json"
-
-	[ -x "$bin" ] || return
-	eval "$("validate_${cfgtype}_section" "$cfg" ss_validate_mklocal)"
-	"validate_${cfgtype}_section" "$cfg" || return
-	[ "$disabled" = 0 ] || return
-
-	json_init
-	ss_mkjson_${cfgtype}_conf || return
-	json_add_boolean use_syslog 1
-	json_add_boolean ipv6_first "$ipv6_first"
-	json_add_boolean fast_open "$fast_open"
-	json_add_boolean reuse_port "$reuse_port"
-	json_add_boolean no_delay "$no_delay"
-	[ -z "$local_address" ] || json_add_string local_address "$local_address"
-	[ -z "$local_port" ] || json_add_int local_port "$local_port"
-	[ -z "$local_ipv4_address" ] || json_add_string local_ipv4_address "$local_ipv4_address"
-	[ -z "$local_ipv6_address" ] || json_add_string local_ipv6_address "$local_ipv6_address"
-	[ -z "$mode" ] || json_add_string mode "$mode"
-	[ -z "$mtu" ] || json_add_int mtu "$mtu"
-	[ -z "$timeout" ] || json_add_int timeout "$timeout"
-	[ -z "$user" ] || json_add_string user "$user"
-	[ -z "$acl" ] || json_add_string acl "$acl"
-	json_dump -i >"$confjson"
-
-	procd_open_instance "$cfgtype.$cfg"
-	procd_set_param command "$bin" -c "$confjson"
-	[ "$verbose" = 0 ] || procd_append_param command -v
-	if [ -n "$bind_address" ]; then
-		echo "$cfgtype $cfg: uci option bind_address deprecated, please switch to local_address" >&2
-		procd_append_param command -b "$bind_address"
-	fi
-	procd_set_param file "$confjson"
-	procd_set_param respawn
-	procd_close_instance
-	ss_rules_cb
-}
-
-ss_rules_cb() {
-	local cfgserver server
-
-	if [ "$cfgtype" = ss_redir ]; then
-		config_get cfgserver "$cfg" server
-		config_get server "$cfgserver" server
-		ss_redir_servers="$ss_redir_servers $server"
-		if [ "$mode" = tcp_only -o "$mode" = "tcp_and_udp" ]; then
-			eval "ss_rules_redir_tcp_$cfg=$local_port"
-		fi
-		if [ "$mode" = udp_only -o "$mode" = "tcp_and_udp" ]; then
-			eval "ss_rules_redir_udp_$cfg=$local_port"
-		fi
-	fi
-}
-
-ss_rules_nft_gen() {
-	local cfg="ss_rules"
-	local cfgtype
-	local local_port_tcp local_port_udp
-	local remote_servers
-
-	[ -s "$ssrules_uc" ] || return 1
-
-	config_get cfgtype "$cfg" TYPE
-	[ "$cfgtype" = ss_rules ] || return 1
-
-	eval "$(validate_ss_rules_section "$cfg" ss_validate_mklocal)"
-	validate_ss_rules_section "$cfg" || return 1
-	[ "$disabled" = 0 ] || return 2
-
-	eval local_port_tcp="\$ss_rules_redir_tcp_$redir_tcp"
-	eval local_port_udp="\$ss_rules_redir_udp_$redir_udp"
-	[ -n "$local_port_tcp" -o -n "$local_port_udp" ] || return 1
-	remote_servers="$(echo $ss_redir_servers \
-		| tr ' ' '\n' \
-		| sort -u \
-		| xargs -n 1 resolveip \
-		| sort -u)"
-
-	local tmp="/tmp/ssrules"
-	json_init
-	json_add_string o_remote_servers "$remote_servers"
-	json_add_int o_redir_tcp_port "$local_port_tcp"
-	json_add_int o_redir_udp_port "$local_port_udp"
-	json_add_string o_ifnames "$ifnames"
-	json_add_string o_local_default "$local_default"
-	json_add_string o_src_bypass "$src_ips_bypass"
-	json_add_string o_src_forward "$src_ips_forward"
-	json_add_string o_src_checkdst "$src_ips_checkdst"
-	json_add_string o_src_default "$src_default"
-	json_add_string o_dst_bypass "$dst_ips_bypass"
-	json_add_string o_dst_forward "$dst_ips_forward"
-	json_add_string o_dst_bypass_file "$dst_ips_bypass_file"
-	json_add_string o_dst_forward_file "$dst_ips_forward_file"
-	json_add_string o_dst_default "$dst_default"
-	json_add_string o_nft_tcp_extra "$nft_tcp_extra"
-	json_add_string o_nft_udp_extra "$nft_udp_extra"
-	json_dump -i >"$tmp.json"
-
-	if utpl -S -F "$tmp.json" "$ssrules_uc" >"$tmp.nft" \
-		&& ! cmp -s "$tmp.nft" "$ssrules_nft"; then
-		echo "table inet chk {include \"$tmp.nft\";}" >"$tmp.nft.chk"
-		if nft -f "$tmp.nft.chk" -c; then
-			mv "$tmp.nft" "$ssrules_nft"
-			fw4 restart
-		fi
-		rm -f "$tmp.nft.chk"
-	fi
-	rm -f "$tmp.json"
-	rm -f "$tmp.nft"
-}
-
-ss_rules_nft_reset() {
-	if [ -f "$ssrules_nft" ]; then
-		rm -f "$ssrules_nft"
-		fw4 restart
-	fi
-}
-
-ss_rules() {
-	if ! ss_rules_nft_gen; then
-		ss_rules_nft_reset
-	fi
-}
-
-start_service() {
-	local cfgtype
-
-	mkdir -p "$ss_confdir"
-	config_load shadowsocks-libev
-	for cfgtype in ss_local ss_redir ss_server ss_tunnel; do
-		config_foreach ss_xxx "$cfgtype" "$cfgtype"
-	done
-	ss_rules
-}
-
-stop_service() {
-	ss_rules_nft_reset
-	rm -rf "$ss_confdir"
-}
-
-service_triggers() {
-	procd_add_reload_interface_trigger wan
-	procd_add_reload_trigger shadowsocks-libev
-	procd_open_validate
-	validate_server_section
-	validate_ss_local_section
-	validate_ss_redir_section
-	validate_ss_rules_section
-	validate_ss_server_section
-	validate_ss_tunnel_section
-	procd_close_validate
-}
-
-ss_validate_mklocal() {
-	local tuple opts
-
-	shift 2
-	for tuple in "$@"; do
-		opts="${tuple%%:*} $opts"
-	done
-	[ -z "$opts" ] || echo "local $opts"
-}
-
-ss_validate() {
-	uci_validate_section shadowsocks-libev "$@"
-}
-
-validate_common_server_options_() {
-	local cfgtype="$1"; shift
-	local cfg="$1"; shift
-	local func="$1"; shift
-	local stream_methods='"table", "rc4", "rc4-md5", "aes-128-cfb", "aes-192-cfb", "aes-256-cfb", "aes-128-ctr", "aes-192-ctr", "aes-256-ctr", "bf-cfb", "camellia-128-cfb", "camellia-192-cfb", "camellia-256-cfb", "salsa20", "chacha20", "chacha20-ietf"'
-	local aead_methods='"aes-128-gcm", "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305", "xchacha20-ietf-poly1305"'
-
-	"${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
-		'disabled:bool:0' \
-		'server:host' \
-		'server_port:port' \
-		'password:string' \
-		'key:string' \
-		"method:or($stream_methods, $aead_methods)" \
-		'plugin:string' \
-		'plugin_opts:string'
-}
-
-validate_common_client_options_() {
-	validate_common_options_ "$@" \
-		'server:uci("shadowsocks-libev", "@server")' \
-		'local_address:ipaddr:0.0.0.0' \
-		'local_port:port'
-}
-
-validate_common_options_() {
-	local cfgtype="$1"; shift
-	local cfg="$1"; shift
-	local func="$1"; shift
-
-	"${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
-		'disabled:bool:0' \
-		'fast_open:bool:0' \
-		'ipv6_first:bool:0' \
-		'no_delay:bool:0' \
-		'reuse_port:bool:0' \
-		'verbose:bool:0' \
-		'mode:or("tcp_only", "udp_only", "tcp_and_udp"):tcp_only' \
-		'mtu:uinteger' \
-		'timeout:uinteger' \
-		'user:string'
-}
-
-validate_server_section() {
-	validate_common_server_options_ server "$1" "$2"
-}
-
-validate_ss_local_section() {
-	validate_common_client_options_ ss_local "$1" "$2" \
-		'acl:file'
-}
-
-validate_ss_redir_section() {
-	validate_common_client_options_ ss_redir "$1" "$2"
-}
-
-validate_ss_rules_section() {
-	"${2:-ss_validate}" ss_rules "$1" \
-		'disabled:bool:0' \
-		'redir_tcp:uci("shadowsocks-libev", "@ss_redir")' \
-		'redir_udp:uci("shadowsocks-libev", "@ss_redir")' \
-		'src_ips_bypass:or(ipaddr,cidr)' \
-		'src_ips_forward:or(ipaddr,cidr)' \
-		'src_ips_checkdst:or(ipaddr,cidr)' \
-		'dst_ips_bypass_file:file' \
-		'dst_ips_bypass:or(ipaddr,cidr)' \
-		'dst_ips_forward_file:file' \
-		'dst_ips_forward:or(ipaddr,cidr)' \
-		'src_default:or("bypass", "forward", "checkdst"):checkdst' \
-		'dst_default:or("bypass", "forward"):bypass' \
-		'local_default:or("bypass", "forward", "checkdst"):bypass' \
-		'nft_tcp_extra:string' \
-		'nft_udp_extra:string' \
-		'ifnames:maxlength(15)'
-}
-
-validate_ss_server_section() {
-	validate_common_server_options_ ss_server "$1" \
-		validate_common_options_ \
-		"$2" \
-		'local_address:ipaddr' \
-		'local_ipv4_address:ip4addr' \
-		'local_ipv6_address:ip6addr' \
-		'bind_address:ipaddr' \
-		'acl:file'
-}
-
-validate_ss_tunnel_section() {
-	validate_common_client_options_ ss_tunnel "$1" \
-		"$2" \
-		'tunnel_address:regex(".+\:[0-9]+")'
-}

shadowsocks-libev/files/ss-rules/chain.uc

@@ -1,122 +0,0 @@
-{%
-function get_local_verdict() {
-	let v = o_local_default;
-	if (v == "checkdst") {
-		return "goto ss_rules_dst_" + proto;
-	} else if (v == "forward") {
-		return "goto ss_rules_forward_" + proto;
-	} else {
-		return null;
-	}
-}
-
-function get_src_default_verdict() {
-	let v = o_src_default;
-	if (v == "checkdst") {
-		return "goto ss_rules_dst_" + proto;
-	} else if (v == "forward") {
-		return "goto ss_rules_forward_" + proto;
-	} else {
-		return "accept";
-	}
-}
-
-function get_dst_default_verdict() {
-	let v = o_dst_default;
-	if (v == "forward") {
-		return "goto ss_rules_forward_" + proto;
-	} else {
-		return "accept";
-	}
-}
-
-function get_ifnames() {
-	let res = [];
-	for (let ifname in split(o_ifnames, /[ \t\n]/)) {
-		ifname = trim(ifname);
-		if (ifname) push(res, ifname);
-	}
-	return res;
-}
-
-let type, hook, priority, redir_port;
-if (proto == "tcp") {
-	type = "nat";
-	hook = "prerouting";
-	priority = -1;
-	redir_port = o_redir_tcp_port;
-} else if (proto == "udp") {
-	type = "filter";
-	hook = "prerouting";
-	priority = "mangle";
-	redir_port = o_redir_udp_port;
-	if (system("
-		set -o errexit
-		iprr() {
-			while ip $1 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
-			      ip $1 rule add fwmark 1 lookup 100
-			ip $1 route flush table 100 2>/dev/null || true
-			ip $1 route add local default dev lo table 100
-		}
-		iprr -4
-		iprr -6
-	") != 0) {
-		return ;
-	}
-} else {
-	return;
-}
-
-%}
-{% if (redir_port): %}
-
-chain ss_rules_pre_{{ proto }} {
-	type {{ type }} hook {{ hook }} priority {{ priority }};
-	meta l4proto {{ proto }}{%- let ifnames=get_ifnames(); if (length(ifnames)): %} iifname { {{join(", ", ifnames)}} }{% endif %} goto ss_rules_pre_src_{{ proto }};
-}
-
-chain ss_rules_pre_src_{{ proto }} {
-	ip daddr @ss_rules_dst_bypass_ accept;
-	ip6 daddr @ss_rules6_dst_bypass_ accept;
-	goto ss_rules_src_{{ proto }};
-}
-
-chain ss_rules_src_{{ proto }} {
-	ip saddr @ss_rules_src_bypass accept;
-	ip saddr @ss_rules_src_forward goto ss_rules_forward_{{ proto }};
-	ip saddr @ss_rules_src_checkdst goto ss_rules_dst_{{ proto }};
-	ip6 saddr @ss_rules6_src_bypass accept;
-	ip6 saddr @ss_rules6_src_forward goto ss_rules_forward_{{ proto }};
-	ip6 saddr @ss_rules6_src_checkdst goto ss_rules_dst_{{ proto }};
-	{{ get_src_default_verdict() }};
-}
-
-chain ss_rules_dst_{{ proto }} {
-	ip daddr @ss_rules_dst_bypass accept;
-	ip daddr @ss_rules_dst_forward goto ss_rules_forward_{{ proto }};
-	ip6 daddr @ss_rules6_dst_bypass accept;
-	ip6 daddr @ss_rules6_dst_forward goto ss_rules_forward_{{ proto }};
-	{{ get_dst_default_verdict() }};
-}
-
-{%   if (proto == "tcp"): %}
-chain ss_rules_forward_{{ proto }} {
-	meta l4proto tcp {{ o_nft_tcp_extra }} redirect to :{{ redir_port }};
-}
-{%   let local_verdict = get_local_verdict(); if (local_verdict): %}
-chain ss_rules_local_out {
-	type {{ type }} hook output priority -1;
-	meta l4proto != tcp accept;
-	ip daddr @ss_rules_dst_bypass_ accept;
-	ip daddr @ss_rules_dst_bypass accept;
-	ip6 daddr @ss_rules6_dst_bypass_ accept;
-	ip6 daddr @ss_rules6_dst_bypass accept;
-	{{ local_verdict }};
-}
-{%     endif %}
-{%   elif (proto == "udp"): %}
-chain ss_rules_forward_{{ proto }} {
-	meta l4proto udp {{ o_nft_udp_extra }} meta mark set 1 tproxy to :{{ redir_port }};
-}
-{%   endif %}
-{% endif %}

shadowsocks-libev/files/ss-rules/set.uc

@@ -1,114 +0,0 @@
-{%
-let fs = require("fs");
-
-let o_dst_bypass4_ = "
-	0.0.0.0/8
-	10.0.0.0/8
-	100.64.0.0/10
-	127.0.0.0/8
-	169.254.0.0/16
-	172.16.0.0/12
-	192.0.0.0/24
-	192.0.2.0/24
-	192.31.196.0/24
-	192.52.193.0/24
-	192.88.99.0/24
-	192.168.0.0/16
-	192.175.48.0/24
-	198.18.0.0/15
-	198.51.100.0/24
-	203.0.113.0/24
-	224.0.0.0/4
-	240.0.0.0/4
-";
-let o_dst_bypass6_ = "
-	::1/128
-	::/128
-	::ffff:0:0/96
-	64:ff9b:1::/48
-	100::/64
-	fe80::/10
-	2001::/23
-	fc00::/7
-";
-let o_dst_bypass_ = o_dst_bypass4_ + " " + o_dst_bypass6_;
-
-let set_suffix = {
-	"src_bypass": {
-		str: o_src_bypass,
-	},
-	"src_forward": {
-		str: o_src_forward,
-	},
-	"src_checkdst": {
-		str: o_src_checkdst,
-	},
-	"dst_bypass": {
-		str: o_dst_bypass,
-		file: o_dst_bypass_file,
-	},
-	"dst_bypass_": {
-		str: o_dst_bypass_,
-	},
-	"dst_forward": {
-		str: o_dst_forward,
-		file: o_dst_forward_file,
-	},
-	"dst_forward_rrst_": {},
-};
-
-function set_name(suf, af) {
-	if (af == 4) {
-		return "ss_rules_"+suf;
-	} else {
-		return "ss_rules6_"+suf;
-	}
-}
-
-function set_elements_parse(res, str, af) {
-	for (let addr in split(str, /[ \t\n]/)) {
-		addr = trim(addr);
-		if (!addr) continue;
-		if (af == 4 && index(addr, ":") != -1) continue;
-		if (af == 6 && index(addr, ":") == -1) continue;
-		push(res, addr);
-	}
-}
-
-function set_elements(suf, af) {
-	let obj = set_suffix[suf];
-	let res = [];
-	let addr;
-
-	let str = obj["str"];
-	if (str) {
-		set_elements_parse(res, str, af);
-	}
-
-	let file = obj["file"];
-	if (file) {
-		let fd = fs.open(file);
-		if (fd) {
-			str = fd.read("all");
-			set_elements_parse(res, str, af);
-		}
-	}
-
-	return res;
-}
-%}
-
-{% for (let suf in set_suffix): for (let af in [4, 6]): %}
-set {{ set_name(suf, af) }} {
-	type ipv{{af}}_addr;
-	flags interval;
-	auto-merge;
-{%   let elems = set_elements(suf, af); if (length(elems)): %}
-	elements = {
-{%     for (let i = 0; i < length(elems); i++): %}
-		{{ elems[i] }}{% if (i < length(elems) - 1): %},{% endif %}{% print("\n") %}
-{%     endfor %}
-	}
-{%   endif %}
-}
-{% endfor; endfor %}

shadowsocks-libev/files/ss-rules/ss-rules.uc

@@ -1,8 +0,0 @@
-{%
-
-include("set.uc");
-include("chain.uc", {proto: "tcp"});
-include("chain.uc", {proto: "udp"});
-
-%}
-

shadowsocks-rust/Makefile

@@ -6,8 +6,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=shadowsocks-rust
-PKG_VERSION:=1.15.2
-PKG_RELEASE:=1
+PKG_VERSION:=1.15.4
+PKG_RELEASE:=42
 
 PKG_SOURCE_HEADER:=shadowsocks-v$(PKG_VERSION)
 PKG_SOURCE_BODY:=unknown-linux-musl
@@ -16,33 +16,33 @@ PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-rust/releases/downloa
 
 ifeq ($(ARCH),aarch64)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).aarch64-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=97850893c5a35b68ccd419b542c1785e4c0006e8c0c0b10eac8e5b8c67b12704
+  PKG_HASH:=skip
 else ifeq ($(ARCH),arm)
   # Referred to golang/golang-values.mk
   ARM_CPU_FEATURES:=$(word 2,$(subst +,$(space),$(call qstrip,$(CONFIG_CPU_TYPE))))
   ifeq ($(ARM_CPU_FEATURES),)
     PKG_SOURCE:=$(PKG_SOURCE_HEADER).arm-$(PKG_SOURCE_BODY)eabi.$(PKG_SOURCE_FOOTER)
-    PKG_HASH:=728f4550abe4f18679555fa00b88ce889d2f412be7fa0d96bf153d086ad0c63e
+    PKG_HASH:=skip
   else
     PKG_SOURCE:=$(PKG_SOURCE_HEADER).arm-$(PKG_SOURCE_BODY)eabihf.$(PKG_SOURCE_FOOTER)
-    PKG_HASH:=f13ae6497843347c91ef8b0634cee96f5043a644b2fba30009cafd6c9e65d7df
+    PKG_HASH:=skip
   endif
 else ifeq ($(ARCH),i386)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).i686-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=a8558a9e898f9ba875136c3d038e968ca8d301a7dcde977f6483d5072f57695f
+  PKG_HASH:=skip
 else ifeq ($(ARCH),mips)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).mips-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=a3f99d549c9f417fef63fa323840e0c4fb4dc96a53cf8329293c2a4e485ed239
+  PKG_HASH:=skip
 else ifeq ($(ARCH),mipsel)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).mipsel-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=47d0f10d94216376057fc4238ebab68d19e3882293d5fe76ac3d29c41458a985
+  PKG_HASH:=skip
 else ifeq ($(ARCH),x86_64)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).x86_64-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=69c2df2bd4e9e2ff0d70faa14b70888de2eb205ab2a49dd7066c86363e2acc50
+  PKG_HASH:=skip
 # Set the default value to make OpenWrt Package Checker happy
 else
   PKG_SOURCE:=dummy
-  PKG_HASH:=dummy
+  PKG_HASH:=skip
 endif
 
 PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>

shadowsocksr-libev/Makefile

@@ -8,19 +8,20 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=shadowsocksr-libev
 PKG_VERSION:=2.5.6
-PKG_RELEASE:=9
+PKG_RELEASE:=38
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/shadowsocksrr/shadowsocksr-libev
 PKG_SOURCE_DATE:=2018-03-07
 PKG_SOURCE_VERSION:=d63ff863800a5645aca4309d5dd5962bd1e95543
-PKG_MIRROR_HASH:=34308ed827a5dd4f4e35619914102d55b00604faa44fda051d1d25fb4a319325
+PKG_MIRROR_HASH:=skip
 
 PKG_LICENSE:=GPL-3.0
 PKG_LICENSE_FILES:=LICENSE
 
 PKG_FIXUP:=autoreconf
 PKG_USE_MIPS16:=0
+PKG_BUILD_FLAGS:=no-mips16
 PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1