shadowsocks/shadowsocks-rust v1.9.0

on GitHub

Complete refactored the whole implementation and splits into 3 different crates:

• shadowsocks - Core feature of shadowsocks
• shadowsocks-service - Service library for implementing Local Server, Remote Server, Manager Server
• shadowsocks-rust - Binary crate for release

Replaced libsodium and libcrypto with crypto2.

Features

• Support setting SO_MARK, SO_BINDTODEVICE on Linux
• Support setting SO_SNDBUF and SO_RCVBUF for TCP sockets
• Support SIP008 extend server fields server, server_port, remarks
• Local DNS Relay
  • Support sending TCP and UDP queries simutaneously
  • Support connection reusability
• Remove mostly TCP timeout setting for tunnels, connections will only be killed if clients or servers close
• Auto-reload DNS resolver configuration from /etc/resolv.conf on *NIX platforms.
• #379 Allow customizing number of worker-threads for multi-threaded scheduler.
• #401 Support field disabled in extended server configuration
• Ping Balancer
  • Treat timeouts as failures, so requests that receive no response count as failures.
  • Increase check timeout from 2s to 5s to avoid penalties on slow servers.
  • Increase check interval from 6s to 10s.
• --outbound-bind-interface is now supported in both Linux and macOS
• #352 Support customizing inbound and outbound sockets' SO_SNDBUF and SO_RCVBUF by command line options

Library Update

• tokio v1.0
• shadowsocks-crypto, crypto2

Optimization

• UDP Relays sending respond packets directly to UdpSocket instead of channel, which will significantly improve respond latency
• #408 Enable std features for the spin crate to enable yielding threads when spinning on waiting.

BUG Fixes

• For BSD systems, set IPV6_BINDANY and SO_BINDANY on SOL_SOCKET properly
• trust-dns-resolver requires explicit enables feature dns-over-https-rustls for DoH #367
• ACL domain rules should be case insensitive. Domain names are case insensitive.
• shadowsocks/shadowsocks-android#2667 set timeout for protect() call to Android's VpnService

Miscellaneous

• Disable HTTPS outbound connection for local HTTP proxy by default. For most use cases, HTTPS should be proxied with CONNECT method.
• Unified UDP relay association implementation for less duplicated code.
• Deprecated single-threaded build feature, replaced by multi-threaded.
• Disable stream ciphers by default. Could be enabled with feature stream-cipher.
• Enable IPv6 dual stack mode by default when listening on ::.

Releases

Releases are built with ISA that are supported by Modern CPUs, see comments in .cargo/config.toml. If you see any related messages like Illegal Instruction, then you must be running on a very old CPU, so you can:

• Delete .cargo/config.toml and build your own release
  • NOTE: This may lead to no hardware accleration for cryptographic operations
• Change your CPU to some more advanced model