I wrote a note for the usage of shadowsocks few days ago:
http://xatierlike.blogspot.tw/2015/03/note-for-shadowsocks.html
I spent some time to dig into the source code of the project and came up with this note, just a note for what I've found. :D
License
shadowsocks is under Apache 2.0.
autoban
There's a script called
autoban.py under
shadowsocks/utils .
According to the official wiki, that is used for banning brute force crackers.
https://github.com/shadowsocks/shadowsocks/wiki/Ban-Brute-Force-Crackers
Actually,
autoban.py is implemented by
iptables , this script looks at the log and find something like this and grab the remote remote IP out.
'2015-04-07 16:42:26 ERROR can not parse header when handling connection from 61.157.96.193:27242'
if 'can not parse header when' in line:
ip = line.split()[-1].split(':')[0
...
cmd = 'iptables -A INPUT -s %s -j DROP' % ip
print(cmd, file=sys.stderr)
os.system(cmd)
Versions
shadowsocks uses a very strange way to determine it's running under python2 or python3.
if bytes == str
This is
True in python2 but False in python3.
Also, here's a strange logic to check the version.
I will write if info[0] == 2 and info[1] < 6 rather than the author does.
def check_python():
info = sys.version_info
if info[0] == 2 and not info[1] >= 6:
print('Python 2.6+ required')
sys.exit(1)
elif info[0] == 3 and not info[1] >= 3:
print('Python 3.3+ required')
sys.exit(1)
elif info[0] not in [2, 3]:
print('Python version not supported')
sys.exit(1)
Argument parsing
The entry points of
sslocal and
ssserver commands are the
main functions in
local.py and
server.py, respectively.
shell.py checks command line arguments and checks the configuration files, it's using
getopt, I think that should should be rewrite with
argparse .
Event loop and Relay:
Basically shadowsocks abstracts three kinds of polling system:
epool,
kqueue and system
select, it will use them in order if available.
class EventLoop(object):
def __init__(self):
self._iterating = False
if hasattr(select, 'epoll'):
self._impl = EpollLoop()
model = 'epoll'
elif hasattr(select, 'kqueue'):
self._impl = KqueueLoop()
model = 'kqueue'
elif hasattr(select, 'select'):
self._impl = SelectLoop()
model = 'select'
else:
raise Exception('can not find any available functions in select '
'package')
So basically shadowsocks has a local server connected to the SOCK5 proxy and send data to remote via TCP/UDP relays.
Both of TCP/UDP relays will encrypt the payload with specified algorithms.
Here's the diagram of the idea of shadowsocks.
browser <== SOCKS proxy ==> local <== TCP/UDP relays ==> remote => free world
browser <== plain text ==> local <= encrypted data => GFW <= encrypted data => remote => free world
Pretty similar to SSH tunnel, right?
browser <= socks proxy => ssh client <= tunnel => ssh server => free world
The feathers of SSH handshaking traffic is easily blocked by GFW, shadowsocks are just simple standard TCP/UDP traffic with unknown/encrypted payloads.
The following is from the comments of
tcprelay.py and
rdprelay.py .
TCP Relay
# for each opening port, we have a TCP Relay
# for each connection, we have a TCP Relay Handler to handle the connection
# for each handler, we have 2 sockets:
# local: connected to the client
# remote: connected to remote server
# as sslocal:
# stage 0 SOCKS hello received from local, send hello to local
# stage 1 addr received from local, query DNS for remote
# stage 2 UDP assoc
# stage 3 DNS resolved, connect to remote
# stage 4 still connecting, more data from local received
# stage 5 remote connected, piping local and remote
# as ssserver:
# stage 0 just jump to stage 1
# stage 1 addr received from local, query DNS for remote
# stage 3 DNS resolved, connect to remote
# stage 4 still connecting, more data from local received
# stage 5 remote connected, piping local and remote
UDP Relay
# HOW TO NAME THINGS
# ------------------
# `dest` means destination server, which is from DST fields in the SOCKS5
# request
# `local` means local server of shadowsocks
# `remote` means remote server of shadowsocks
# `client` means UDP clients that connects to other servers
# `server` means the UDP server that handles user requests
Misc
shadowsocks implements its own DNS query (asyncdns.py) and LRU caching (lru_cache.py) system.
Reference:
http://vc2tea.com/whats-shadowsocks/
http://gpio.me/readcode-ShadowSocks.html
