Cov ntaub ntawv ntawm Shadowsocks
navigation
Shadowsocks Configuration Format
Kho Cov Ntaub Ntawv
Shadowsocks siv JSON hom kev teeb tsa:
{
"server": "my_server_ip",
"server_port": 8388,
"local_port": 1080,
"password": "barfoo!",
"method":"chacha20-ietf-poly1305"
}
JSON Format
- server: koj lub hostname lossis server IP (IPv4 / IPv6).
- server_port: server chaw nres nkoj naj npawb.
- local_port: tus lej chaw nres nkoj hauv zos.
- password: tus password siv los encrypt pauv.
- method: encryption method.
Txoj kev encryption
Peb teeb tsa peb cov servers thiab pom zoo kom koj siv chacha20-ietf-poly1305 AEAD cipher vim tias nws yog txoj hauv kev zoo tshaj plaws ntawm kev encryption.
Yog tias teeb tsa koj tus kheej shadowsocks server, koj tuaj yeem xaiv los ntawm "chacha20-ietf-poly1305" lossis "aes-256-gcm".
URI & QR Code
Shadowsocks rau Android / IOS kuj siv BASE64 encoded URI hom configs:
ss://BASE64-ENCODED-STRING-WITHOUT-PADDING#TAG
Lub tiaj URI yuav tsum yog: ss: // txoj kev: password@hostname: chaw nres nkoj
URI saum toj no tsis ua raws RFC3986. Tus password nyob rau hauv cov ntaub ntawv no yuav tsum yog cov ntawv nyeem, tsis feem pua-encoded.
Piv txwv: Peb tab tom siv lub server ntawm 192.168.100.1:8888 siv bf cfb ua txoj kev encryption thiab password tes/!@#:.
Tom qab ntawd, nrog lub tiaj URI ss://bf-cfb:test/!@#:@192.168.100.1:8888 ib, peb tuaj yeem tsim BASE64 encoded URI:
> console.log( "ss://" + btoa("bf-cfb:test/!@#:@192.168.100.1:8888")
ss://YmYtY2ZiOnRlc3QvIUAjOkAxOTIuMTY4LjEwMC4xOjg4ODg
Txhawm rau pab txhim kho thiab txheeb xyuas cov URIs no, koj tuaj yeem ntxiv ib lub cim tom qab BASE64 encoded hlua:
ss://YmYtY2ZiOnRlc3QvIUAjOkAxOTIuMTY4LjEwMC4xOjg4ODg#example-server
Hais lus
Shadowsocks siv cov chaw nyob hauv SOCKS5 chaw nyob hom:
[1-byte type][variable-ntev host][2-byte port]
Nov yog hom chaw nyob tau txhais:
- 0x01: tus tswv tsev yog qhov chaw nyob 4-byte IPv4.
- 0x03 : tus tswv tsev yog ib txoj hlua ntev sib txawv, pib nrog 1-byte ntev, ua raws li max 255-byte sau npe.
- 0x04: tus tswv tsev yog qhov chaw nyob 16-byte IPv6.
Tus lej chaw nres nkoj yog 2-byte big-endian unsigned integer.
TCP
Tus neeg siv ss-hauv zos pib muaj kev sib txuas rau ss-remote los ntawm kev xa cov ntaub ntawv encrypted pib nrog lub hom phiaj chaw nyob ua raws li cov ntaub ntawv them nyiaj. Lub encryption yuav txawv nyob ntawm seb tus cipher siv.
[qhov chaw nyob] [payload]
ss-remote tau txais cov ntaub ntawv encrypted, ces decrypts thiab parses lub hom phiaj chaw nyob. Tom qab ntawd nws tsim TCP txuas tshiab rau lub hom phiaj thiab xa cov ntaub ntawv them nyiaj rau nws. ss-remote tau txais cov lus teb los ntawm lub hom phiaj ces encrypts cov ntaub ntawv thiab xa rov qab mus rau ss-local kom txog thaum nws raug txiav.
Rau lub hom phiaj obfuscation, hauv zos thiab tej thaj chaw deb yuav tsum xa cov ntaub ntawv tuav tes nrog qee qhov them nyiaj hauv thawj pob ntawv.
UDP
ss-local xa cov ntaub ntawv encrypted pob ntawv uas muaj lub hom phiaj chaw nyob thiab them nyiaj rau ss-remote.
[qhov chaw nyob] [payload]
Thaum tau txais cov pob ntawv encrypted, ss-remote decrypts thiab txheeb xyuas qhov chaw nyob. Tom qab ntawd nws xa cov ntaub ntawv tshiab nrog lub payload mus rau lub hom phiaj. ss-remote tau txais cov ntaub ntawv packets los ntawm lub hom phiaj thiab prepends lub hom phiaj chaw nyob rau lub payload nyob rau hauv txhua pob ntawv. Cov ntawv theej encrypted raug xa rov qab mus rau ss-local.
[qhov chaw nyob] [payload]
Cov txheej txheem no tuaj yeem ua rau kub hnyiab mus rau ss-chaw taws teeb ua lub network chaw nyob txhais lus rau ss-local.
