shadowsocksrr / shadowsocksr Goto Github PK

2017-10-05 08:07:13 ERROR server_pool.py:87 'NoneType' object has no attribute 'dispose'
Traceback (most recent call last):
File "/home/shadowsocksr/server_pool.py", line 81, in _loop
loop.run()
File "/home/shadowsocksr/shadowsocks/eventloop.py", line 221, in run
handle = handler.handle_event(sock, fd, event) or handle
File "/home/shadowsocksr/shadowsocks/tcprelay.py", line 1443, in handle_event
handle = handler.handle_event(sock, fd, event)
File "/home/shadowsocksr/shadowsocks/tcprelay.py", line 1062, in handle_event
self._on_remote_read(sock == self._remote_sock)
File "/home/shadowsocksr/shadowsocks/tcprelay.py", line 960, in _on_remote_read
self.destroy()
File "/home/shadowsocksr/shadowsocks/tcprelay.py", line 1166, in destroy
self._encryptor.dispose()
AttributeError: 'NoneType' object has no attribute 'dispose'
2017-10-05 08:07:14 INFO server_pool.py:184 stopped server at 0.0.0.0:30550 already stop
2017-10-05 08:07:14 INFO server_pool.py:202 stopped server at [::]:30550
2017-10-05 08:07:14 INFO server_pool.py:184 stopped server at 0.0.0.0:30551 already stop
2017-10-05 08:07:14 INFO server_pool.py:202 stopped server at [::]:30551
IPv6 not support

版本：akkariiin/dev
问题：log里面报大量这种错误日志，但是却又能正常上网。

2018-01-09 19:47:23 ERROR    tcprelay.py:1097 can not parse header when handling connection from ::ffff:183.62.139.204:51487
2018-01-09 19:47:23 WARNING  common.py:238 unsupported addrtype 69, maybe wrong password or encryption method
2018-01-09 19:47:23 WARNING  tcprelay.py:521 Protocol ERROR, TCP ogn data 474554202f20485454502f312e310d0a0d0a from ::ffff:183.62.139.204:51490 via port 6006 by UID 6006

my server opened only one port 443 to many users.
here is my config information:

{
    "server":"xx",
    "server_ipv6": "::",
    "server_port":443,
    "local_address": "127.0.0.1",
    "local_port":1080,
    "password":"xxxxxxx",
    "timeout":300,
    "method":"aes-128-ctr",
    "obfs":"tls1.2_ticket_auth",
    "protocol":"auth_aes128_md5",
    "protocolparam":"port:xxxxx",
    "fast_open": false,
    "workers": 1
}

this account works fine on my windows PC and ios ,mac,
but when I use it on centos ubuntu
it doesn't work
here is the log:
2017-09-03 13:48:16 INFO obfs_tls.py:147 data = 485454502f312e31203430302042616420526571756573740d0a5365727665723a20636c6f7564666c6172652d6e67696e780d0a446174653a2053756e2c2030332053657020323031372031373a34383a313620474d540d0a436f6e74656e742d547970653a20746578742f68746d6c0d0a436f6e74656e742d4c656e6774683a203137370d0a436f6e6e656374696f6e3a20636c6f73650d0a43462d5241593a202d0d0a0d0a3c68746d6c3e0d0a3c686561643e3c7469746c653e3430302042616420526571756573743c2f7469746c653e3c2f686561643e0d0a3c626f6479206267636f6c6f723d227768697465223e0d0a3c63656e7465723e3c68313e3430302042616420526571756573743c2f68313e3c2f63656e7465723e0d0a3c68723e3c63656e7465723e636c6f7564666c6172652d6e67696e783c2f63656e7465723e0d0a3c2f626f64793e0d0a3c2f68746d6c3e0d0a 2017-09-03 13:48:16 ERROR shell.py:50 server_decode appdata error 2017-09-03 13:48:16 ERROR tcprelay.py:971 exception from 127.0.0.1:44700

I wonder if there is some bug when use it as a client
Thank you for your great work!

请问我用git clone https://github.com/shadowsocksrr/shadowsocksr.git，
然而安装的不是你改进的支持auth-chain-e和f的最新版，还是破娃最后一版支持auth-china-ab的那版。
我的命令应该如何改？

使用auth_chain_d以后的协议，访问强制使用HSTS的网站都会有这类提示。请教下，如何解决

之前在树莓派(运行Debian Jessie系统)上使用原版SS，今天抽空升级到SSR(Python版本)，但是发现本地SOCKS5服务器却怎么也启不来，也没有任何报错，有什么建议吗？

先说一下配置过程吧，首先删除了原版SS(sudo pip uninstall shadowsocks，成功！)，然后按照教程配置单用户版SSR(https://github.com/shadowsocksrr/shadowsocks-rss/wiki/Server-Setup)

贴一下user-config.json，192.168.1.21是树莓派的本地IP，试过127.0.0.1或0.0.0.0结果也都是一样
{
"server": "x.x.x",
"server_ipv6": "::",
"server_port": 23456,
"local_address": "192.168.1.21",
"local_port": 1080,

"password": "xxx",
"method": "chacha20",
"protocol": "auth_sha1_v4",
"protocol_param": "",
"obfs": "tls1.2_ticket_auth",
"obfs_param": "",
"speed_limit_per_con": 0,
"speed_limit_per_user": 0,

"additional_ports" : {}, // only works under multi-user mode
"additional_ports_only" : false, // only works under multi-user mode
"timeout": 120,
"udp_timeout": 60,
"dns_ipv6": false,
"connect_verbose_info": 0,
"redirect": "",
"fast_open": false
}

运行SSR时也没有任何报错: python server.py
IPv6 support
2017-09-21 16:58:17 INFO util.py:85 loading libsodium from libsodium.so.13
2017-09-21 16:58:17 INFO shell.py:72 ShadowsocksR 3.4.0 2017-07-27
2017-09-21 16:58:17 INFO server.py:46 current process RLIMIT_NOFILE resource: soft 65536 hard 65536
2017-09-21 16:58:17 INFO asyncdns.py:324 dns server: [('127.0.0.1', 53)]
2017-09-21 16:58:17 INFO server.py:106 server start with protocol[auth_sha1_v4] password [xxx] method [chacha20] obfs [tls1.2_ticket_auth] obfs_param []
2017-09-21 16:58:17 INFO server.py:122 starting server at [::]:23456
2017-09-21 16:58:17 INFO server.py:142 starting server at x.x.x:23456

但是本地1080端口并没有被监听，说明本地服务器没有成功启动起来
sudo netstat -apn | grep 1080

如题，希望加一下这个功能。

2018-01-31 17:32:07 INFO shell.py:72 ShadowsocksR 3.4.0 2017-07-27
2018-01-31 17:32:07 INFO server.py:46 current process RLIMIT_NOFILE resource : soft 512000 hard 512000
2018-01-31 17:32:07 INFO asyncdns.py:324 dns server: [('8.8.8.8', 53), ('213 .59.0.3', 53)]
2018-01-31 17:32:07 INFO server.py:106 server start with protocol[origin] pa ssword [zxcvbnm123] method [aes-256-cfb] obfs [plain] obfs_param []
2018-01-31 17:32:07 INFO server.py:122 starting server at [::]:666
2018-01-31 17:32:07 INFO server.py:142 starting server at 0.0.0.0:666
2018-01-31 17:32:24 ERROR tcprelay.py:1097 unable to parse hostname www.googl e.com when handling connection from ::ffff:123.157.129.60:28806
2018-01-31 17:32:24 ERROR tcprelay.py:1097 unable to parse hostname www.googl e.com.ph when handling connection from ::ffff:123.157.129.60:25350
2018-01-31 17:32:25 ERROR tcprelay.py:1097 unable to parse hostname ben.crxmo use.com when handling connection from ::ffff:123.157.129.60:50572
2018-01-31 17:33:02 ERROR tcprelay.py:1097 unable to parse hostname mtalk.goo gle.com when handling connection from ::ffff:123.157.129.60:4907
2018-01-31 17:33:50 ERROR tcprelay.py:1097 unable to parse hostname www.google.com.hk when handling connection from ::ffff:123.157.129.60:9276
2018-01-31 17:33:50 ERROR tcprelay.py:1097 unable to parse hostname www.google.com.hk when handling connection from ::ffff:123.157.129.60:23396

这是什么问题

RT

protocol[auth_chain_a] 
password [隐藏] 
method [none] 
obfs [tls1.2_ticket_auth] 
obfs_param [cloudflare.com]

运行 python server.py，错误代码如下：

2017-11-30 16:28:56 INFO     server.py:106 server start with protocol[auth_chain_a] password [隐藏] method [none] obfs [tls1.2_ticket_auth] obfs_param [cloudflare.com]
2017-11-30 16:28:56 INFO     server.py:122 starting server at [::]:8000
2017-11-30 16:28:56 INFO     server.py:142 starting server at 0.0.0.0:8000
2017-11-30 16:29:00 INFO     util.py:85 loading libcrypto from libcrypto.so.10
2017-11-30 16:29:00 ERROR    tcprelay.py:1097 unable to parse hostname www.google.com when handling connection from ::ffff:112.5.203.79:48300
2017-11-30 16:29:03 ERROR    tcprelay.py:1097 unable to parse hostname www.google.com when handling connection from ::ffff:112.5.203.79:48301
2017-11-30 16:29:35 ERROR    tcprelay.py:1097 unable to parse hostname www.google.com when handling connection from ::ffff:112.5.203.79:48304

ssr破娃版本 那个3.4的只能在config里设置，对正个服务器都限速。。。因为是数据库版本，每次都有去读取user表的用户信息，现在我往user表里加入两个字段，代表对用户的端口限速和线程限速，简单看的懂python，但是不会改，大佬可否出一个版本。

新的 auth_chain_e和f的说明没有添加

好像是前几天刚添加的。请问大佬可以简单介绍下这个版本主要有什么不同吗？？谢谢大佬

akkariiin/master这个分支用旧的dockerfile已经无法部署了。
请更新，最好是像这种，可以在docker run时加参数的方式。
https://github.com/mritd/dockerfile/blob/master/shadowsocks/Dockerfile

分支akkariiin/dev
前端sspanelv3
报错信息
2017-12-14 13:34:07 WARNING common.py:238 unsupported addrtype 149, maybe wrong password or encryption method
2017-12-14 13:34:07 WARNING tcprelay.py:521 Protocol ERROR, TCP ogn data b'4eb60462537b13f6661fe74d1fb95144e467fd6e2a99efabc1d541c88f594637f7de38772ff273d7f4d47765d353ee18e2c65adcb405d1164f32ee73e4e84ea536f1bfece3094709c4d4fbd5b36d431a0874aedd183da2290501e2546d68da2d80b8b8198ebb5bddd235d2e11f4e81aef10b88296b81085c10e533587e79b33c9717699a712640e3632b' from xxx.xxx.xxx.xxx:xxxxx via port 1025 by UID 1025
2017-12-14 13:34:07 ERROR tcprelay.py:1097 can not parse header when handling connection from xxx.xxx.xxx.xxx:xxxxx

使用/utils/fail2ban/shadowsocks.conf无法让fail2ban正确识别出异常的请求并进行封禁，希望能够更新一下

您好！

info:
Vultr Seattle, CentOS 6
xchacha20, auth_chain_e, 4.9.0
教育网，支持v6.
可以正常连接至v4地址，但是v6地址连接不上。
可以ping通，各种远程都可以登录，只有SSR不能连接。
服务器端log没有什么记录……本地log是一堆connect和disconnect
就是这种画风
......
[2018-03-05 21:40:35] [Info] Connect profile.firefox.com.cn:443
[2018-03-05 21:40:37] [Info] Connect www.google.com.hk:443
[2018-03-05 21:40:38] [Info] Connect tiles.services.mozilla.com:443
[2018-03-05 21:40:38] [Info] Disconnect incoming.telemetry.mozilla.org:443
[2018-03-05 21:40:39] [Info] Disconnect api-accounts.firefox.com.cn:443
[2018-03-05 21:40:39] [Info] Connect api-accounts.firefox.com.cn:443
[2018-03-05 21:40:40] [Info] Connect profile.firefox.com.cn:443
[2018-03-05 21:40:42] [Info] Connect www.google.com.hk:443
[2018-03-05 21:40:43] [Info] Disconnect tiles.services.mozilla.com:443
[2018-03-05 21:40:45] [Info] Connect api-accounts.firefox.com.cn:443
[2018-03-05 21:40:45] [Info] Disconnect profile.firefox.com.cn:443
[2018-03-05 21:40:47] [Info] Disconnect www.google.com.hk:443
......
（之前用4.8.0的时候还可以用）

本人对这些内容了解甚少，希望可以帮忙分析一下原因。
十分感谢您的帮助！

如题，最近改进ssrpanel时，做端口自动释放时发现的。
现实需求如下：
1.大量用户已被设置为禁用 enable = 0
2.ssrpanel定时任务自定将这些enable = 0 的用户的 port 置为 0
3.ssrr在启动进程时还是会判断端口是否重复，应当判断enable = 1且 端口重复时才需要抛出错误异常

目前ssrr可以正常跑，就是会一直抛出端口重复error信息

是否可以在mujson_mgr.py添加'fast_open':1实现？

使用dev branch，已经pull到最新
auth_chain_a b c d 都是正常的 只有e f没办法用
tcprelay.py:521 Protocol ERROR, TCP ogn data
上面是在日志里出现的
client 和 server的时区以及时间几乎没有差别
不知道是哪里出现问题了emmm

在后台可以看到节点可用但是显示ssr订阅显示后台封禁或节点不可用
自己输入ssr报错
ERROR tcprelay.py:1097 can not parse header when handling connection from ::ffff:eo我的ip
WARNING common.py:238 unsupported addrtype 69, maybe wrong password or encryption method
WARNING tcprelay.py:521 Protocol ERROR, TCP ogn data
怀疑验证问题

    "protocol": "auth_chain_a",
    "protocol_param": "",
    "obfs": "http_simple",
    "obfs_param": "",
    "speed_limit_per_con": 0,
    "speed_limit_per_user": 0,

    "additional_ports" : {
    "80":  {
        "passwd": "123456",
        "method": "aes-128-ctr",
        "protocol": "auth_chain_a",
        "protocol_param": "2#",
        "obfs": "http_simple",
        "obfs_param": ""
    },
    "443": {
        "passwd": "123456",
        "method": "aes-128-ctr",
        "protocol": "auth_chain_a",
        "protocol_param": "2#",
        "obfs": "http_simple",
        "obfs_param": ""
    },
    "8080": {
        "passwd": "12456",
        "method": "aes-128-ctr",
        "protocol": "auth_chain_a",
        "protocol_param": "2#",
        "obfs": "http_simple",
        "obfs_param": ""
    }
}, // only works under multi-user mode
    "additional_ports_only" : false, // only works under multi-user mode
    "timeout": 120,
    "udp_timeout": 60,
    "dns_ipv6": false,
    "connect_verbose_info": 1,
    "redirect": "",
    "fast_open": false

网站我开的88端口
后台用的自动部署

wget -N --no-check-certificate https://raw.githubusercontent.com/maxzh0916/Shadowsowcks1Click/master/Shadowsowcks1Click.sh;chmod +x Shadowsowcks1Click.sh;./Shadowsowcks1Click.sh

协议，密码等都一样，监听多个IP，可否实现？

It's used to be ok, but in chain_* the passwd is salted with random data, so the dic keeps grow.

the above issue report by a user who contect me from email.

so, who have a idea to fix this possible memory leak ?
or, it real exist ?

速飞SS VPN 是不是被查封了，还有没有别的办法可以登录的，或者有QQ群之类的

你好！我使用秋水逸冰的脚本安装你的ssr，但是，24小时内ip又被封杀！别问我为什么又是“又”。
1.脚本地址
https://teddysun.com/486.html
2.配置参数
{
"server":"0.0.0.0",
"server_ipv6":"::",
"server_port":1984,
"port_password":{},
"local_address":"127.0.0.1",
"local_port":1080,
"timeout":120,
"method":"none",
"protocol":"auth_chain_a",
"protocol_param":"",
"obfs":"tls1.2_ticket_auth",
"obfs_param":"",
"redirect":"",
"dns_ipv6":false,
"fast_open":false,
"workers":1
}
请问是我的配置问题还是别的原因？

manyuser https://github.com/glzjin/shadowsocks.git 我看很长时间没有更新了，而且我最近发现，我通过mod_mu的方式修改了用户名后，服务端这里没有生效啊。这个怎么弄?不能用户那里修改一下密码，我这里就要重启一下服务端吧？
我看说明文档里是支持 glzjinmod的方式的，但怎么也找不到使用说明。

Python新手，求高手大概讲解一下哪些代码是关于账号验证的，想增加REST auth api，可以对接其他数据库或验证方式

X41 D-Sec GmbH Security Advisory: X41-2017-008 中提到的 Bruteforcable shadowsocks traffic because of MD5 在本项目中同样存在。

参见 shadowsocks/encrypt.py +60~67 。

在READNE.md里client相关的介绍是windows或OpenWRT之类带有GUI的客户端，我使用的是Ubuntu17.10，请问下该如何使用这个客户端？谢谢哈！

2017-12-18 07:23:14 ERROR server_pool.py:87 'NoneType' object has no attribute 'dispose'
Traceback (most recent call last):
File "/root/shadowsocksrr/server_pool.py", line 81, in _loop
loop.run()
File "/root/shadowsocksrr/shadowsocks/eventloop.py", line 221, in run
handle = handler.handle_event(sock, fd, event) or handle
File "/root/shadowsocksrr/shadowsocks/tcprelay.py", line 1443, in handle_event
handle = handler.handle_event(sock, fd, event)
File "/root/shadowsocksrr/shadowsocks/tcprelay.py", line 1062, in handle_event
self._on_remote_read(sock == self._remote_sock)
File "/root/shadowsocksrr/shadowsocks/tcprelay.py", line 960, in _on_remote_read
self.destroy()
File "/root/shadowsocksrr/shadowsocks/tcprelay.py", line 1166, in destroy
self._encryptor.dispose()
AttributeError: 'NoneType' object has no attribute 'dispose'
2017-12-18 07:23:20 INFO server_pool.py:186 stopped server at 0.0.0.0:443
2017-12-18 07:23:20 INFO server_pool.py:186 stopped server at 0.0.0.0:995

995端口 android客户端
客户端配置aes-128-ctr origin plain 无DNS转发 china dns:119.29.29.29:53 dns:8.8.8.8:53 自定义ACL
服务器配置 aes-128-ctr auth_sha1_v4_compatible tls1.2_ticket_auth_compatible
ssrr版本3.2.1

git clone https://github.com/shadowsocksr/shadowsocksr.git

已经无法安装了，我是通过下载源码解压安装的，可是如果要更新，毕竟还是通过git比较方便，
希望能更新下

The Random Forest Based Detection of Shadowsock's Traffic

https://github.com/shadowsocks/shadowsocks/issues/988

有关数据库接口规范问题
sspanelv2, sspanelv3, sspanelv3ssr, glzjinmod, legendsockssr，这些标志具体含义是什么？它们具体读取或操作数据库文件中哪些字段？

Hi,
Please see the attachment of capture.
My OS is Ubuntu 16.06
Python version 2.7.13
Server version 3.2.1(newest)
Method: none
Protocol: auth_chain_a
Obfs: tls1.2
The VPS is used by myself only, with Android, C# and Python clients (not at the same time) for almost two days.
I just wonder in a common sense how much memory would it cost for a single Youtube user?
P.S. I have referred to the article of optimizing the performance:
https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks
Also TCP_BBR is applied

你好，我在四核的香橙派搭建ssr服务端（-Python），多人跑满宽带时发现cpu利用率不高 ，似乎无法用到四核心。请教一下如何用上多核心。

想用local.py做一个打包，但测试发现同样的服务器和配置，其它所有版本客户端连都没有问题，但用local.py连接几秒或者1分钟左右就会出错 shell.py:50 [Errno 54] Connection reset by peer

本人Mac，试过python2/3都不行，服务器是

protocol [auth_aes128_md5]
method [chacha20]
obfs [tls1.2_ticket_auth]
obfs_param []

本地已安装libsodium，求教大神们，何解？

应该可以确定不是gfw干扰问题，否则其他客户端都应该出错

作者还在吗？
调试显示：
2018-02-26 13:45:51 INFO util.py:49 loading libcrypto from libcrypto.so.10
2018-02-26 13:45:51 INFO asyncdns.py:324 dns server: [('8.8.8.8', 53), ('8.8.4.4', 53)]
2018-02-26 13:45:51 INFO asyncdns.py:324 dns server: [('8.8.8.8', 53), ('8.8.4.4', 53)]
2018-02-26 13:45:52 INFO auto_block.py:89 Read hosts.deny from line 13
2018-02-26 13:45:53 INFO db_transfer.py:820 db start server at port [12345] pass [kjhnfkqg] protocol [auth_sha1_v4] method [aes-256-cfb] obfs [http_simple]
2018-02-26 13:45:53 INFO server_pool.py:146 starting server at [::]:12345
2018-02-26 13:45:53 INFO server_pool.py:176 starting server at 0.0.0.0:12345
2018-02-26 13:46:53 INFO auto_block.py:89 Read hosts.deny from line 13
2018-02-26 13:47:54 INFO auto_block.py:89 Read hosts.deny from line 13
2018-02-26 13:48:55 INFO auto_block.py:89 Read hosts.deny from line 13
2018-02-26 13:49:56 INFO auto_block.py:89 Read hosts.deny from line 13
2018-02-26 13:50:57 INFO auto_block.py:89 Read hosts.deny from line 13
2018-02-26 13:51:58 INFO auto_block.py:89 Read hosts.deny from line 13
2018-02-26 13:53:00 INFO auto_block.py:89 Read hosts.deny from line 13
以前同一台服务器一次成功，但是现在重装就这样，也不知道怎么回事。。。

Could you give an introduction about these two protocols? Are they available to be used in master branch?

Hi, Akkariiin,
There is some ERRORs in my server log, could you help me?
OS: Ubuntu 16.04 LTS
Password: XXXXXX
Method: none
Protocol: auth_chain_b
obfs: tls1.2_ticket_auth
server version: 3.2.1
python 2.7.12
the XXX.XX.XX.XXX is my IP that connects to the server.
I can enjoy Youtube flawlessly (i.e. it is working), but there is ERROR in the server log.
Please help why this happened (the ERROR comes repetitively):
/var/log/shadowsocksr.log:

2017-10-12 17:02:43 ERROR shell.py:50 server_post_decrype data uncorrect checksum
2017-10-12 17:02:43 ERROR tcprelay.py:905 exception from ::ffff:XXX.XXX.XXX.XXX:58674
2017-10-12 17:02:44 INFO auth_chain.py:540 auth_chain_b: checksum error, data b58f32275ddc33655138ed2b21c853379f145a1c46f997f363a61fb7bbd0c27414aef4b24b6259b54e40af28b2f000c9b08b04f04b68c6798977065534b16b24905eb76552ee6ed4d56bf8ad5c10408a8cf2215a885237c8d1e39c172881c66e5f0aec7a6c303d3b5b5a44532a8cd3d65a135a245b871e3f10f6b7438d6df56990af542025f231693e32b8660ad86885a085eab200abf14c75685c17c4b77fe89256fb87192a97cd5953b1f28ad84d5efc616aaf49e578c35e617af207c4735a7c1fb9d922e4bc0f4a27a180f55007b8e7b9813e7fbb9d952d00bf50c589125746cd41cad7088e1335f26f0bba4a635530769f08ea9b1422b6aeb22dc7916749022384e85ef451d5c0dcf6ef1b970efbf5e27dba53a83cd629f919f9179ad9d87485823097cf9b90dac42aca124fa7bca3958b31e68cc3f5ee744887de71d0d3cbd129b453ad40da14d5bd1d95dd54abb4665f871fc3245c975b39
2017-10-12 17:02:44 ERROR shell.py:50 server_post_decrype data uncorrect

我的服务端配置文件如下：
{
"server": "0.0.0.0",
"server_ipv6": "::",
"local_address": "0.0.0.0",
"local_port": 1081,

"password": "xxxxxx",
"method": "aes-128-cfb",
"protocol": "origin",
"protocol_param": "",
"obfs": "plain",
"obfs_param": "",
"speed_limit_per_con": 100,
"speed_limit_per_user": 0,

"additional_ports" : {}, // only works under multi-user mode
"additional_ports_only" : false, // only works under multi-user mode
"timeout": 120,
"udp_timeout": 60,
"dns_ipv6": false,
"connect_verbose_info": 0,
"redirect": "",
"fast_open": false

}

发现连接数多的时候，CPU使用率达到50%（4c vps），而内存使用非常少，请问如何提高性能？提高并发连接数。谢谢。

Any advice here?

"black_hostname_list" 是不是可以理解为dns 不解析里面的列表？

我里面添加了map.baidu.com

客户端仍然可以访问map.baidu.com

是不是我用错啦？

分支，akkariiin/dev
修改哪里可以改成json多用户？

使用auth_chain_f出现报错，D和E中都没问题，F无法使用，服务器系统Debian7_X64详细日志如下

self._protocol.set_server_info(server_info)

File "/usr/local/shadowsocksr/shadowsocks/obfs.py", line 58, in set_server_info
return self.obfs.set_server_info(server_info)
File "/usr/local/shadowsocksr/shadowsocks/obfsplugin/auth_chain.py", line 891, in set_server_info
self.init_data_size(self.server_info.key)
File "/usr/local/shadowsocksr/shadowsocks/obfsplugin/auth_chain.py", line 901, in init_data_size
random.init_from_bin(new_key)
File "/usr/local/shadowsocksr/shadowsocks/obfsplugin/auth_chain.py", line 96, in init_from_bin
self.v0 = struct.unpack('<Q', bin[:8])[0]
error: unpack requires a string argument of length 8
2017-12-11 19:39:50 INFO server_pool.py:184 stopped server at 0.0.0.0:443 already stop
2017-12-11 19:39:50 INFO server_pool.py:202 stopped server at [::]:443
2017-12-11 19:39:50 WARNING server_pool.py:212 443
IPv6 support

#  @ archlinux in ~/shadowsocksr on git:akkariiin/dev x [16:12:53]
$ ./tail.sh
2017-11-27 21:24:18 INFO     shell.py:74 ShadowsocksR SSRR 3.2.1 2017-10-15
2017-11-27 21:24:18 INFO     db_transfer.py:238 current process RLIMIT_NOFILE resource: soft 512000 hard 512000
2017-11-27 21:24:18 INFO     db_transfer.py:205 db start server at port [443] pass [b'xxx'] protocol [b'auth_chain_f'] m                                                 ethod [b'none'] obfs [b'tls1.2_ticket_auth_compatible']
2017-11-27 21:24:18 INFO     server_pool.py:127 starting server at [::]:443
2017-11-27 21:24:18 INFO     server_pool.py:153 starting server at 0.0.0.0:443
2017-11-27 21:24:18 WARNING  server_pool.py:165 IPV4 [Errno 98] Address already in use
2017-11-27 21:24:18 INFO     db_transfer.py:205 db start server at port [80] pass [b'xxx'] protocol [b'auth_chain_d'                                                 ] method [b'none'] obfs [b'tls1.2_ticket_auth_compatible']
2017-11-27 21:24:18 INFO     server_pool.py:127 starting server at [::]:80
2017-11-27 21:24:18 INFO     server_pool.py:153 starting server at 0.0.0.0:80
2017-11-27 21:24:18 WARNING  server_pool.py:165 IPV4 [Errno 98] Address already in use

客户端与服务器时区一致，时钟误差可能有1-2秒，网络延迟一般在200-240ms
客户端混淆：尝试过Plain和tls1.2_ticket_auth
客户端其它设置都与服务端对应

通过SSR访问Google，返回503，日志如下：

2017-11-28 00:42:20 ERROR    tcprelay.py:905 exception from ::ffff:xxx:18875
2017-11-28 00:42:21 ERROR    shell.py:49 must be str, not bytes
2017-11-28 00:42:21 ERROR    tcprelay.py:905 exception from ::ffff:xxx:18880
2017-11-28 00:42:22 ERROR    shell.py:49 must be str, not bytes

My OS is Ubuntu 16.04 LTS, I met error msg when I run server.py, it seem like I need a mysql server to support shadowsocksR? plz help me.

root@localhost:~/shadowsocksr# ./server.py
IPv6 support
2017-10-13 09:10:19 INFO util.py:85 loading libcrypto from libcrypto.so.1.0.0
2017-10-13 09:10:19 INFO asyncdns.py:324 dns server: [('139.162.73.5', 53), ('139.162.74.5', 53), ('139.162.75.5', 53), ('139.162.66.5', 53), ('139.162.67.5', 53), ('139.162.68.5', 53), ('139.162.69.5', 53), ('139.162.70.5', 53), ('139.162.71.5', 53), ('139.162.72.5', 53)]
2017-10-13 09:10:19 INFO shell.py:72 ShadowsocksR 3.4.0 2017-07-27
2017-10-13 09:10:19 INFO db_transfer.py:238 current process RLIMIT_NOFILE resource: soft 1024 hard 65536
2017-10-13 09:10:19 ERROR db_transfer.py:266 Traceback (most recent call last):
File "/root/shadowsocksr/db_transfer.py", line 248, in thread_db
rows = db_instance.pull_db_all_user()
File "/root/shadowsocksr/db_transfer.py", line 383, in pull_db_all_user
db=self.cfg["db"], charset='utf8')
File "/usr/local/lib/python2.7/dist-packages/cymysql/init.py", line 85, in Connect
return Connection(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/cymysql/connections.py", line 245, in init
self._connect()
File "/usr/local/lib/python2.7/dist-packages/cymysql/connections.py", line 410, in _connect
raise OperationalError(2003, "Can't connect to MySQL server on %r (%s)" % (self.host, e.args[0]))
OperationalError: (2003, "Can't connect to MySQL server on u'127.0.0.1' (111)")

能否考虑在启用了tproxy的机器上，在redirect到某个地址的时候，使用tproxy？这样能得到原始连接的ip。谢谢！

关于整体服务端监听模式的改进建议

SSR服务端的多用户版本的实现方式是每个端口对应于一个密码，在多用户使用的时候只需给单独的用户分配单独的端口，再分配对应的密码即可。

这种方式简单有效，但是十分不便于规模化部署。

1. 先不考虑服务器总端口数有限的问题(总共也就65535个端口，去掉系统保留端口之类，就更少了，而且有些端口还会与服务器上其他服务的端口冲突)
2. 当SSR用于docker swarm集群时，配置多个端口从集群内暴露到集群外是一件非常麻烦的事情，而且很难动态调整
3. 当使用服务器层面的负载均衡器时，配置多端口的监听以及转发也是很困难的事情。
   例如，在云服务商下拥有ABC三台服务器作为一个集群G，每个服务器都开放20000-30000的端口号(也就是接受一万个用户)，然后当我使用云服务商提供的负载均衡服务时，需要配置负载均衡器X的转发规则。
   那么我需要配置10000个端口号的TCP转发，才能把指向X各端口的流量均衡到集群G中的各端口上，这是非常不现实的。
4. 一个服务监听太多端口也是不符合程序设计模式的。

以下是我建议的一种模式

参考多个知名开源项目的服务监听方式，例如Strongswan、MongoDB、MySQL、Nginx等

SSR整个服务应该只监听服务器上的少数几个指定的端口，例如只监听10000端口

这个端口负责处理所有用户的连接，不同用户携带不同的账号信息发往10000端口，那么服务器只需要在10000端口上统一处理所有用户的请求即可。再根据用户发来的凭证信息去后端数据库查找比对来判断拒绝还是接受连接。

单端口模式(或者少数几个端口)的优势

1. 添加新用户时便不需要再在服务器层面增加新的端口监听了，而只需要在数据库中添加一条用户信息即可。
2. 方便部署在集群中。例如部署在Docker Swarm集群中(或者kubernates)，只需要配置对外开放10000这一个端口，对于指向任意节点的10000端口的连接，都会被Docker Swarm内部实现的负载均衡功能分发到所有的节点中处理，当增加新的节点时也会更加灵活
3. 假如使用云服务商提供的服务器负载均衡服务，那么负载均衡器只需要负责监听指向总入口的10000端口的连接并转发到后端集群中即可，配置起来也简单，而且节省成本(一个负载均衡器最多配置50条转发规则，多了就要另外开一个均衡器，意味着双倍的成本)

观察到近期作者主要是专注于开发csharp客户端，服务端这边也很久没有重大的更新了。希望作者能够重视起服务端的开发，毕竟很多时候性能瓶颈还是在服务端

建议macOS和安卓客户端支持指定服务器UDP端口，像CSharp客户端那样。因为有时候服务器上的TCP监听和UDP监听是分端口的

当然我提出的这个方案如果实施起来需要变化的地方太多，基本上算是整体重构了一遍，工作量非常大。但考虑到此方案的发展前景，我认为还是值得一试的。

我此前也一直在研究SSR的服务端python代码，同时开发过基于MongoDB数据库作为后端的用户管理(想发PR的，但没整理好)。服务端部署了一段时间，感觉服务端的并发性能不是很好，当用户流量大时内存占用严重(100~300M，正常的时候是30M左右)。好像SSR多线程部分并没有实现的很好，建议作者参考Python Cookbook上的一些经典设计模式。

阿卡丽同学 服务端成功启动也已经实现了数据库多用户的关联但是我现在不知道怎么调试，
比如服务启动在了800端口 这个时候有一个客户端连接了我的800端口 我该怎么才能跟踪调试链接800端口后的程序执行过程呢？
我使用Pycharm可以调试服务端server.py的启动过程， 但是 却追踪不到用户链接时候的代码执行流程 。 我是新手 帮帮我吧

Hi,
Akkariiin, thank you for your hard work.
I have a question about chain series. According to breakwa11, the data is already encrypted with RC4 method. However, if the setting of the server we use, for example, 'chacha20' instead of 'none', will the data be encrypted with the new method instead? or this option is totally ignored and the original method is still applied? or the data first will be encrypted with RC4 and then with chacha20? I am a little confused about this setting.