Released 3.4.0

* Merged upstream repo (https://github.com/shadowsocks/shadowsocks)

.travis.yml

@@ -10,12 +10,14 @@ cache:
 before_install:
   - sudo apt-get update -qq
   - sudo apt-get install -qq build-essential dnsutils iproute nginx bc
-  - sudo dd if=/dev/urandom of=/usr/share/nginx/www/file bs=1M count=10
+  - sudo dd if=/dev/urandom of=/usr/share/nginx/html/file bs=1M count=10
   - sudo sh -c "echo '127.0.0.1    localhost' > /etc/hosts"
   - sudo service nginx restart
   - pip install pep8 pyflakes nose coverage PySocks
   - sudo tests/socksify/install.sh
   - sudo tests/libsodium/install.sh
+  - sudo tests/libmbedtls/install.sh
+  - sudo tests/libopenssl/install.sh
   - sudo tests/setup_tc.sh
 script:
   - tests/jenkins.sh

config.json.example

@@ -0,0 +1,17 @@
+{
+    "server":"127.0.0.1",
+    "server_port":8388,
+    "local_port":1080,
+    "password":"password",
+    "timeout":600,
+    "method":"aes-256-cfb",
+    "local_address":"127.0.0.1",
+    "fast_open":false,
+    "tunnel_remote":"8.8.8.8",
+    "dns_server":["8.8.8.8", "8.8.4.4"],
+    "tunnel_remote_port":53,
+    "tunnel_port":53,
+    "libopenssl":"C:\\Program Files\\Git\\mingw64\\bin\\libeay32.dll",
+    "libsodium":"/usr/local/lib/libsodium.so",
+    "libmbedtls":"/usr/local/lib/libmbedcrypto.2.4.0.dylib"
+}

debian/config.json

@@ -7,5 +7,6 @@
     "timeout":300,
     "method":"aes-256-cfb",
     "fast_open": false,
-    "workers": 1
+    "workers": 1,
+    "prefer_ipv6": false
 }

shadowsocks/asyncdns.py

@@ -244,13 +244,13 @@ def __str__(self):
         return '%s: %s' % (self.hostname, str(self.answers))
 
 
-STATUS_IPV4 = 0
-STATUS_IPV6 = 1
+STATUS_FIRST = 0
+STATUS_SECOND = 1
 
 
 class DNSResolver(object):
 
-    def __init__(self, server_list=None):
+    def __init__(self, server_list=None, prefer_ipv6=False):
         self._loop = None
         self._hosts = {}
         self._hostname_status = {}
@@ -263,6 +263,10 @@ def __init__(self, server_list=None):
             self._parse_resolv()
         else:
             self._servers = server_list
+        if prefer_ipv6:
+            self._QTYPES = [QTYPE_AAAA, QTYPE_A]
+        else:
+            self._QTYPES = [QTYPE_A, QTYPE_AAAA]
         self._parse_hosts()
         # TODO monitor hosts change and reload hosts
         # TODO parse /etc/gai.conf and follow its rules
@@ -350,17 +354,18 @@ def _handle_data(self, data):
                         answer[2] == QCLASS_IN:
                     ip = answer[0]
                     break
-            if not ip and self._hostname_status.get(hostname, STATUS_IPV6) \
-                    == STATUS_IPV4:
-                self._hostname_status[hostname] = STATUS_IPV6
-                self._send_req(hostname, QTYPE_AAAA)
+            if not ip and self._hostname_status.get(hostname, STATUS_SECOND) \
+                    == STATUS_FIRST:
+                self._hostname_status[hostname] = STATUS_SECOND
+                self._send_req(hostname, self._QTYPES[1])
             else:
                 if ip:
                     self._cache[hostname] = ip
                     self._call_callback(hostname, ip)
-                elif self._hostname_status.get(hostname, None) == STATUS_IPV6:
+                elif self._hostname_status.get(hostname, None) \
+                        == STATUS_SECOND:
                     for question in response.questions:
-                        if question[1] == QTYPE_AAAA:
+                        if question[1] == self._QTYPES[1]:
                             self._call_callback(hostname, None)
                             break
 
@@ -426,14 +431,14 @@ def resolve(self, hostname, callback):
                 return
             arr = self._hostname_to_cb.get(hostname, None)
             if not arr:
-                self._hostname_status[hostname] = STATUS_IPV4
-                self._send_req(hostname, QTYPE_A)
+                self._hostname_status[hostname] = STATUS_FIRST
+                self._send_req(hostname, self._QTYPES[0])
                 self._hostname_to_cb[hostname] = [callback]
                 self._cb_to_hostname[callback] = hostname
             else:
                 arr.append(callback)
                 # TODO send again only if waited too long
-                self._send_req(hostname, QTYPE_A)
+                self._send_req(hostname, self._QTYPES[0])
 
     def close(self):
         if self._sock:

shadowsocks/common.py

@@ -146,6 +146,7 @@ def patch_socket():
 
 def pack_addr(address):
     address_str = to_str(address)
+    address = to_bytes(address)
     for family in (socket.AF_INET, socket.AF_INET6):
         try:
             r = socket.inet_pton(family, address_str)
@@ -160,6 +161,13 @@ def pack_addr(address):
     return b'\x03' + chr(len(address)) + address
 
 
+# add ss header
+def add_header(address, port, data=b''):
+    _data = b''
+    _data = pack_addr(address) + struct.pack('>H', port) + data
+    return _data
+
+
 def parse_header(data):
     addrtype = ord(data[0])
     dest_addr = None

shadowsocks/crypto/aead.py

@@ -71,20 +71,22 @@
 sodium_loaded = False
 
 
-def load_sodium():
+def load_sodium(path=None):
     """
     Load libsodium helpers for nonce increment
     :return: None
     """
     global libsodium, sodium_loaded
 
     libsodium = util.find_library('sodium', 'sodium_increment',
-                                  'libsodium')
+                                  'libsodium', path)
     if libsodium is None:
+        print('load libsodium failed with path %s' % path)
         return
 
     if libsodium.sodium_init() < 0:
         libsodium = None
+        print('sodium init failed')
         return
 
     libsodium.sodium_increment.restype = c_void_p
@@ -139,7 +141,7 @@ class AeadCryptoBase(object):
     +--------+-----------+-----------+
     """
 
-    def __init__(self, cipher_name, key, iv, op):
+    def __init__(self, cipher_name, key, iv, op, crypto_path=None):
         self._op = int(op)
         self._salt = iv
         self._nlen = CIPHER_NONCE_LEN[cipher_name]
@@ -158,7 +160,9 @@ def __init__(self, cipher_name, key, iv, op):
 
         # load libsodium for nonce increment
         if not sodium_loaded:
-            load_sodium()
+            crypto_path = dict(crypto_path) if crypto_path else dict()
+            path = crypto_path.get('sodium', None)
+            load_sodium(path)
 
     def nonce_increment(self):
         """
@@ -171,14 +175,14 @@ def nonce_increment(self):
             libsodium.sodium_increment(byref(self._nonce), c_int(self._nlen))
         else:
             nonce_increment(self._nonce, self._nlen)
+        # print("".join("%02x" % ord(b) for b in self._nonce))
 
     def cipher_ctx_init(self):
         """
         Increase nonce to make it unique for the same key
         :return: None
         """
         self.nonce_increment()
-        # print("".join("%02x" % ord(b) for b in self._nonce))
 
     def aead_encrypt(self, data):
         """