jigsaw-code / outline-ss-server Goto Github PK
View Code? Open in Web Editor NEWThis project forked from fortuna/ss-example
Outline Shadowsocks server
Home Page: https://getoutline.org
License: Apache License 2.0
This project forked from fortuna/ss-example
Outline Shadowsocks server
Home Page: https://getoutline.org
License: Apache License 2.0
Outline is blocked in Russia. What can you do about it? vless protocol works good, outline partialy. Some websites won't open.
This blocking started a few days ago.
Looking to work on TODO in line 61 of tcp.go, but I have a few questions.
Mechanically we could probably do something like a map with the key type representing the IP attempting to connect, and then the value type being a slice of a count of failures and average time since last failure.
If failures gets passed n (decided above) and average time since last failure is < $some_reasonable_amount we could start denying connections.
Let me know what you think / if anyone is already working on this.
Cheers
Hey guys, thanks for all of your hard work on Outline. Really enjoying using it.
Would you mind sharing your Grafana dashboard info? I would like to set it up the way that you guys show in the README of this project.
Thank you!
shadowsocks/go-shadowsocks2#224
Since outline-ss-server is based on go-shadowsocks2, this issue applies to it as well.
Describe the bug
go-shadowsocks2 sends TCP Keep-Alive packets every 15 seconds, on every connected and listened TCP socket (shadowsocks server-client connections, outgoing connections to other servers), which leads to high battery usage on mobile devices.
Since keep-alive interval is set also on listening socket, non-go-shadowsocks2 clients will also receive keep-alive packets every 15 seconds when connecting to go-shadowsocks2 server.
More information here: golang/go#48622
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I expect Keep-Alive interval to be configurable.
go-shadowsocks2 should allow to increase TCP Keep-Alive or to disable it completely.
15 seconds is a golang default value and it's way too short. For comparison, Linux sets default keep-alive value to 2 hours (which is probably too high).
Some of my users dos/ddos externals servers through VPN. and the datacenter sends me a abuse email.
How can I find access key id by IP ? is there logs about this ?
I would like to log the IP addresses of connecting devices per key. any solution ?
For example :
Time | Key ID | IP |
---|---|---|
2023/04/30 10:13:16 | 3 | 144.8.252.162 |
2023/04/30 11:34:56 | 3 | 45.19.146.148 |
2023/04/30 14:54:06 | 2 | 220.126.224.116 |
2023/04/30 21:04:25 | 10 | 63.235.39.34 |
root@VM-4-2-ubuntu:~# netstat -atunp | grep ss
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 974/sshd
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 8813/sshd: root@pts
tcp 0 0 10.0.4.2:45946 8.129.63.1:443 ESTABLISHED 1121/ss
tcp 0 0 10.0.4.2:53448 173.194.209.188:443 ESTABLISHED 1121/ss
tcp 0 0 10.0.4.2:22 109.172.10.241:55268 ESTABLISHED 8957/sshd: root@not
tcp 0 0 10.0.4.2:54722 61.111.129.166:3306 ESTABLISHED 1121/ss
tcp 0 0 10.0.4.2:39708 17.57.145.8:443 ESTABLISHED 1121/ss
tcp 0 0 10.0.4.2:39870 163.181.33.228:443 ESTABLISHED 1121/ss
tcp 0 52 10.0.4.2:22 109.172.10.241:55180 ESTABLISHED 8813/sshd: root@pts
tcp6 0 0 :::8888 :::* LISTEN 1121/ss
tcp6 0 0 :::20030 :::* LISTEN 1121/ss
tcp6 0 0 :::6060 :::* LISTEN 1121/ss
tcp6 0 0 10.0.4.2:20030 193.84.85.86:7270 ESTABLISHED 1121/ss
tcp6 0 0 10.0.4.2:20030 193.84.85.86:7269 ESTABLISHED 1121/ss
tcp6 0 0 10.0.4.2:20030 103.135.102.66:48588 ESTABLISHED 1121/ss
tcp6 0 0 10.0.4.2:20030 103.135.102.66:56064 ESTABLISHED 1121/ss
tcp6 0 0 10.0.4.2:20030 103.135.102.66:48784 ESTABLISHED 1121/ss
tcp6 0 0 10.0.4.2:20030 193.84.85.86:7271 ESTABLISHED 1121/ss
tcp6 0 0 10.0.4.2:20030 103.135.102.66:48622 ESTABLISHED 1121/ss
udp6 0 0 :::42133 :::* 1121/ss
udp6 0 0 :::53909 :::* 1121/ss
udp6 0 0 :::44693 :::* 1121/ss
udp6 0 0 :::48278 :::* 1121/ss
udp6 0 0 :::39063 :::* 1121/ss
udp6 0 0 :::44184 :::* 1121/ss
udp6 0 0 :::39065 :::* 1121/ss
udp6 0 0 :::46745 :::* 1121/ss
udp6 0 0 :::36506 :::* 1121/ss
udp6 0 0 :::48794 :::* 1121/ss
udp6 0 0 :::43675 :::* 1121/ss
udp6 0 0 :::58523 :::* 1121/ss
udp6 0 0 :::47260 :::* 1121/ss
udp6 0 0 :::52382 :::* 1121/ss
udp6 0 0 :::44190 :::* 1121/ss
udp6 0 0 :::49822 :::* 1121/ss
udp6 0 0 :::42655 :::* 1121/ss
udp6 0 0 :::51871 :::* 1121/ss
udp6 0 0 :::39586 :::* 1121/ss
udp6 0 0 :::44194 :::* 1121/ss
udp6 0 0 :::32933 :::* 1121/ss
udp6 0 0 :::34982 :::* 1121/ss
udp6 0 0 :::35496 :::* 1121/ss
udp6 0 0 :::45224 :::* 1121/ss
udp6 0 0 :::36009 :::* 1121/ss
udp6 0 0 :::49321 :::* 1121/ss
udp6 0 0 :::56491 :::* 1121/ss
udp6 0 0 :::35499 :::* 1121/ss
udp6 0 0 :::57519 :::* 1121/ss
udp6 0 0 :::58033 :::* 1121/ss
udp6 0 0 :::51889 :::* 1121/ss
udp6 0 0 :::57010 :::* 1121/ss
udp6 0 0 :::46771 :::* 1121/ss
udp6 0 0 :::40115 :::* 1121/ss
udp6 0 0 :::47283 :::* 1121/ss
udp6 0 0 :::57524 :::* 1121/ss
udp6 0 0 :::33977 :::* 1121/ss
udp6 0 0 :::57531 :::* 1121/ss
udp6 0 0 :::60603 :::* 1121/ss
udp6 0 0 :::45758 :::* 1121/ss
udp6 0 0 :::33983 :::* 1121/ss
udp6 0 0 :::51903 :::* 1121/ss
udp6 0 0 :::44223 :::* 1121/ss
udp6 0 0 :::37056 :::* 1121/ss
udp6 0 0 :::39104 :::* 1121/ss
udp6 0 0 :::56001 :::* 1121/ss
udp6 0 0 :::39105 :::* 1121/ss
udp6 0 0 :::59586 :::* 1121/ss
udp6 0 0 :::60098 :::* 1121/ss
udp6 0 0 :::47299 :::* 1121/ss
udp6 0 0 :::51396 :::* 1121/ss
udp6 0 0 :::55492 :::* 1121/ss
udp6 0 0 :::51397 :::* 1121/ss
udp6 0 0 :::47301 :::* 1121/ss
udp6 0 0 :::45766 :::* 1121/ss
udp6 0 0 :::41158 :::* 1121/ss
udp6 0 0 :::59591 :::* 1121/ss
udp6 0 0 :::36553 :::* 1121/ss
udp6 0 0 :::59082 :::* 1121/ss
udp6 0 0 :::37580 :::* 1121/ss
udp6 0 0 :::56524 :::* 1121/ss
udp6 0 0 :::60108 :::* 1121/ss
udp6 0 0 :::57550 :::* 1121/ss
udp6 0 0 :::50894 :::* 1121/ss
udp6 0 0 :::42191 :::* 1121/ss
udp6 0 0 :::47314 :::* 1121/ss
udp6 0 0 :::46802 :::* 1121/ss
udp6 0 0 :::50901 :::* 1121/ss
udp6 0 0 :::36568 :::* 1121/ss
udp6 0 0 :::47320 :::* 1121/ss
udp6 0 0 :::39642 :::* 1121/ss
udp6 0 0 :::38108 :::* 1121/ss
udp6 0 0 :::34015 :::* 1121/ss
udp6 0 0 :::56031 :::* 1121/ss
udp6 0 0 :::59107 :::* 1121/ss
udp6 0 0 :::40675 :::* 1121/ss
udp6 0 0 :::33508 :::* 1121/ss
udp6 0 0 :::55012 :::* 1121/ss
udp6 0 0 :::55013 :::* 1121/ss
udp6 0 0 :::51942 :::* 1121/ss
udp6 0 0 :::57063 :::* 1121/ss
udp6 0 0 :::59111 :::* 1121/ss
udp6 0 0 :::53991 :::* 1121/ss
udp6 0 0 :::45289 :::* 1121/ss
udp6 0 0 :::46313 :::* 1121/ss
udp6 0 0 :::40170 :::* 1121/ss
udp6 0 0 :::44266 :::* 1121/ss
udp6 0 0 :::38637 :::* 1121/ss
udp6 0 0 :::41198 :::* 1121/ss
udp6 0 0 :::58608 :::* 1121/ss
udp6 0 0 :::52976 :::* 1121/ss
udp6 0 0 :::43248 :::* 1121/ss
udp6 0 0 :::33520 :::* 1121/ss
udp6 0 0 :::36081 :::* 1121/ss
udp6 0 0 :::48369 :::* 1121/ss
udp6 0 0 :::49394 :::* 1121/ss
udp6 0 0 :::37106 :::* 1121/ss
udp6 0 0 :::36595 :::* 1121/ss
udp6 0 0 :::35059 :::* 1121/ss
udp6 0 0 :::50933 :::* 1121/ss
udp6 0 0 :::45814 :::* 1121/ss
udp6 0 0 :::44278 :::* 1121/ss
udp6 0 0 :::48887 :::* 1121/ss
udp6 0 0 :::39672 :::* 1121/ss
udp6 0 0 :::51961 :::* 1121/ss
udp6 0 0 :::58107 :::* 1121/ss
udp6 0 0 :::54012 :::* 1121/ss
udp6 0 0 :::33020 :::* 1121/ss
udp6 0 0 :::60668 :::* 1121/ss
udp6 0 0 :::55036 :::* 1121/ss
udp6 0 0 :::51454 :::* 1121/ss
udp6 0 0 :::58623 :::* 1121/ss
udp6 0 0 :::56064 :::* 1121/ss
udp6 0 0 :::44289 :::* 1121/ss
udp6 0 0 :::57602 :::* 1121/ss
udp6 0 0 :::34563 :::* 1121/ss
udp6 0 0 :::44803 :::* 1121/ss
udp6 0 0 :::49411 :::* 1121/ss
udp6 0 0 :::59655 :::* 1121/ss
udp6 0 0 :::41735 :::* 1121/ss
udp6 0 0 :::54024 :::* 1121/ss
udp6 0 0 :::42248 :::* 1121/ss
udp6 0 0 :::55048 :::* 1121/ss
udp6 0 0 :::50441 :::* 1121/ss
udp6 0 0 :::58121 :::* 1121/ss
udp6 0 0 :::59145 :::* 1121/ss
udp6 0 0 :::49417 :::* 1121/ss
udp6 0 0 :::44297 :::* 1121/ss
udp6 0 0 :::54026 :::* 1121/ss
udp6 0 0 :::36107 :::* 1121/ss
udp6 0 0 :::44300 :::* 1121/ss
udp6 0 0 :::60173 :::* 1121/ss
udp6 0 0 :::51983 :::* 1121/ss
udp6 0 0 :::40207 :::* 1121/ss
udp6 0 0 :::49935 :::* 1121/ss
udp6 0 0 :::60688 :::* 1121/ss
udp6 0 0 :::50960 :::* 1121/ss
udp6 0 0 :::33041 :::* 1121/ss
udp6 0 0 :::37650 :::* 1121/ss
udp6 0 0 :::60691 :::* 1121/ss
udp6 0 0 :::59667 :::* 1121/ss
udp6 0 0 :::56084 :::* 1121/ss
udp6 0 0 :::59157 :::* 1121/ss
udp6 0 0 :::46871 :::* 1121/ss
udp6 0 0 :::33048 :::* 1121/ss
udp6 0 0 :::48921 :::* 1121/ss
udp6 0 0 :::45852 :::* 1121/ss
udp6 0 0 :::50972 :::* 1121/ss
udp6 0 0 :::47901 :::* 1121/ss
udp6 0 0 :::56093 :::* 1121/ss
udp6 0 0 :::53022 :::* 1121/ss
udp6 0 0 :::40225 :::* 1121/ss
udp6 0 0 :::59682 :::* 1121/ss
udp6 0 0 :::60707 :::* 1121/ss
udp6 0 0 :::58149 :::* 1121/ss
udp6 0 0 :::60710 :::* 1121/ss
udp6 0 0 :::43303 :::* 1121/ss
udp6 0 0 :::46378 :::* 1121/ss
udp6 0 0 :::52010 :::* 1121/ss
udp6 0 0 :::50475 :::* 1121/ss
udp6 0 0 :::43308 :::* 1121/ss
udp6 0 0 :::38189 :::* 1121/ss
udp6 0 0 :::46893 :::* 1121/ss
udp6 0 0 :::48942 :::* 1121/ss
udp6 0 0 :::49966 :::* 1121/ss
udp6 0 0 :::57649 :::* 1121/ss
udp6 0 0 :::60723 :::* 1121/ss
udp6 0 0 :::48435 :::* 1121/ss
udp6 0 0 :::40756 :::* 1121/ss
udp6 0 0 :::48437 :::* 1121/ss
udp6 0 0 :::55605 :::* 1121/ss
udp6 0 0 :::58678 :::* 1121/ss
udp6 0 0 :::47926 :::* 1121/ss
udp6 0 0 :::44342 :::* 1121/ss
udp6 0 0 :::34103 :::* 1121/ss
udp6 0 0 :::34615 :::* 1121/ss
udp6 0 0 :::52537 :::* 1121/ss
udp6 0 0 :::54585 :::* 1121/ss
udp6 0 0 :::57657 :::* 1121/ss
udp6 0 0 :::57658 :::* 1121/ss
udp6 0 0 :::35642 :::* 1121/ss
udp6 0 0 :::49466 :::* 1121/ss
udp6 0 0 :::54075 :::* 1121/ss
udp6 0 0 :::59195 :::* 1121/ss
udp6 0 0 :::59708 :::* 1121/ss
udp6 0 0 :::56125 :::* 1121/ss
udp6 0 0 :::57149 :::* 1121/ss
udp6 0 0 :::36669 :::* 1121/ss
udp6 0 0 :::41789 :::* 1121/ss
udp6 0 0 :::56127 :::* 1121/ss
udp6 0 0 :::40255 :::* 1121/ss
udp6 0 0 :::44864 :::* 1121/ss
udp6 0 0 :::56131 :::* 1121/ss
udp6 0 0 :::37191 :::* 1121/ss
udp6 0 0 :::51527 :::* 1121/ss
udp6 0 0 :::48458 :::* 1121/ss
udp6 0 0 :::45898 :::* 1121/ss
udp6 0 0 :::34634 :::* 1121/ss
udp6 0 0 :::36683 :::* 1121/ss
udp6 0 0 :::45899 :::* 1121/ss
udp6 0 0 :::42315 :::* 1121/ss
udp6 0 0 :::33101 :::* 1121/ss
udp6 0 0 :::35150 :::* 1121/ss
udp6 0 0 :::51538 :::* 1121/ss
udp6 0 0 :::52050 :::* 1121/ss
udp6 0 0 :::60754 :::* 1121/ss
udp6 0 0 :::50003 :::* 1121/ss
udp6 0 0 :::48980 :::* 1121/ss
udp6 0 0 :::43861 :::* 1121/ss
udp6 0 0 :::52054 :::* 1121/ss
udp6 0 0 :::40792 :::* 1121/ss
udp6 0 0 :::45400 :::* 1121/ss
udp6 0 0 :::48472 :::* 1121/ss
udp6 0 0 :::60249 :::* 1121/ss
udp6 0 0 :::48989 :::* 1121/ss
udp6 0 0 :::50527 :::* 1121/ss
udp6 0 0 :::38752 :::* 1121/ss
udp6 0 0 :::60259 :::* 1121/ss
udp6 0 0 :::41828 :::* 1121/ss
udp6 0 0 :::57189 :::* 1121/ss
udp6 0 0 :::56679 :::* 1121/ss
udp6 0 0 :::45416 :::* 1121/ss
udp6 0 0 :::60267 :::* 1121/ss
udp6 0 0 :::49005 :::* 1121/ss
udp6 0 0 :::36205 :::* 1121/ss
udp6 0 0 :::44912 :::* 1121/ss
udp6 0 0 :::57201 :::* 1121/ss
udp6 0 0 :::38257 :::* 1121/ss
udp6 0 0 :::41329 :::* 1121/ss
udp6 0 0 :::56178 :::* 1121/ss
udp6 0 0 :::56179 :::* 1121/ss
udp6 0 0 :::60276 :::* 1121/ss
udp6 0 0 :::39284 :::* 1121/ss
udp6 0 0 :::49524 :::* 1121/ss
udp6 0 0 :::44918 :::* 1121/ss
udp6 0 0 :::53111 :::* 1121/ss
udp6 0 0 :::39800 :::* 1121/ss
udp6 0 0 :::49018 :::* 1121/ss
udp6 0 0 :::54138 :::* 1121/ss
udp6 0 0 :::50044 :::* 1121/ss
udp6 0 0 :::40833 :::* 1121/ss
udp6 0 0 :::57217 :::* 1121/ss
udp6 0 0 :::49028 :::* 1121/ss
udp6 0 0 :::51590 :::* 1121/ss
udp6 0 0 :::50054 :::* 1121/ss
udp6 0 0 :::39305 :::* 1121/ss
udp6 0 0 :::34185 :::* 1121/ss
udp6 0 0 :::52619 :::* 1121/ss
udp6 0 0 :::45964 :::* 1121/ss
udp6 0 0 :::46477 :::* 1121/ss
udp6 0 0 :::43405 :::* 1121/ss
udp6 0 0 :::51086 :::* 1121/ss
udp6 0 0 :::43406 :::* 1121/ss
udp6 0 0 :::33167 :::* 1121/ss
udp6 0 0 :::38289 :::* 1121/ss
udp6 0 0 :::45458 :::* 1121/ss
udp6 0 0 :::37267 :::* 1121/ss
udp6 0 0 :::49045 :::* 1121/ss
udp6 0 0 :::58773 :::* 1121/ss
udp6 0 0 :::39830 :::* 1121/ss
udp6 0 0 :::49047 :::* 1121/ss
udp6 0 0 :::46999 :::* 1121/ss
udp6 0 0 :::49560 :::* 1121/ss
udp6 0 0 :::58777 :::* 1121/ss
udp6 0 0 :::43931 :::* 1121/ss
udp6 0 0 :::57244 :::* 1121/ss
udp6 0 0 :::51101 :::* 1121/ss
udp6 0 0 :::43933 :::* 1121/ss
udp6 0 0 :::58269 :::* 1121/ss
udp6 0 0 :::49055 :::* 1121/ss
udp6 0 0 :::34719 :::* 1121/ss
udp6 0 0 :::45473 :::* 1121/ss
udp6 0 0 :::33698 :::* 1121/ss
udp6 0 0 :::55203 :::* 1121/ss
udp6 0 0 :::36771 :::* 1121/ss
udp6 0 0 :::47012 :::* 1121/ss
udp6 0 0 :::42405 :::* 1121/ss
udp6 0 0 :::60837 :::* 1121/ss
udp6 0 0 :::59302 :::* 1121/ss
udp6 0 0 :::60838 :::* 1121/ss
udp6 0 0 :::52134 :::* 1121/ss
udp6 0 0 :::43944 :::* 1121/ss
udp6 0 0 :::57770 :::* 1121/ss
udp6 0 0 :::44458 :::* 1121/ss
udp6 0 0 :::42411 :::* 1121/ss
udp6 0 0 :::35245 :::* 1121/ss
udp6 0 0 :::51117 :::* 1121/ss
udp6 0 0 :::51631 :::* 1121/ss
udp6 0 0 :::55727 :::* 1121/ss
udp6 0 0 :::50608 :::* 1121/ss
udp6 0 0 :::39344 :::* 1121/ss
udp6 0 0 :::49585 :::* 1121/ss
udp6 0 0 :::49073 :::* 1121/ss
udp6 0 0 :::33713 :::* 1121/ss
udp6 0 0 :::52147 :::* 1121/ss
udp6 0 0 :::34229 :::* 1121/ss
udp6 0 0 :::46005 :::* 1121/ss
udp6 0 0 :::59831 :::* 1121/ss
udp6 0 0 :::57272 :::* 1121/ss
udp6 0 0 :::58299 :::* 1121/ss
udp6 0 0 :::44989 :::* 1121/ss
udp6 0 0 :::42941 :::* 1121/ss
udp6 0 0 :::42944 :::* 1121/ss
udp6 0 0 :::55746 :::* 1121/ss
udp6 0 0 :::49602 :::* 1121/ss
udp6 0 0 :::40899 :::* 1121/ss
udp6 0 0 :::46020 :::* 1121/ss
udp6 0 0 :::46532 :::* 1121/ss
udp6 0 0 :::42948 :::* 1121/ss
udp6 0 0 :::50629 :::* 1121/ss
udp6 0 0 :::57798 :::* 1121/ss
udp6 0 0 :::52168 :::* 1121/ss
udp6 0 0 :::55241 :::* 1121/ss
udp6 0 0 :::58315 :::* 1121/ss
udp6 0 0 :::40907 :::* 1121/ss
udp6 0 0 :::34251 :::* 1121/ss
udp6 0 0 :::45518 :::* 1121/ss
udp6 0 0 :::43982 :::* 1121/ss
udp6 0 0 :::44494 :::* 1121/ss
udp6 0 0 :::40399 :::* 1121/ss
udp6 0 0 :::59346 :::* 1121/ss
udp6 0 0 :::34258 :::* 1121/ss
udp6 0 0 :::46547 :::* 1121/ss
udp6 0 0 :::47059 :::* 1121/ss
udp6 0 0 :::53716 :::* 1121/ss
udp6 0 0 :::40917 :::* 1121/ss
udp6 0 0 :::45013 :::* 1121/ss
udp6 0 0 :::49622 :::* 1121/ss
udp6 0 0 :::55256 :::* 1121/ss
udp6 0 0 :::40408 :::* 1121/ss
udp6 0 0 :::52185 :::* 1121/ss
udp6 0 0 :::60889 :::* 1121/ss
udp6 0 0 :::55770 :::* 1121/ss
udp6 0 0 :::47579 :::* 1121/ss
udp6 0 0 :::37342 :::* 1121/ss
udp6 0 0 :::39390 :::* 1121/ss
udp6 0 0 :::36319 :::* 1121/ss
udp6 0 0 :::36320 :::* 1121/ss
udp6 0 0 :::34273 :::* 1121/ss
udp6 0 0 :::51172 :::* 1121/ss
udp6 0 0 :::46564 :::* 1121/ss
udp6 0 0 :::45029 :::* 1121/ss
udp6 0 0 :::51173 :::* 1121/ss
udp6 0 0 :::37351 :::* 1121/ss
udp6 0 0 :::38892 :::* 1121/ss
udp6 0 0 :::37869 :::* 1121/ss
udp6 0 0 :::53742 :::* 1121/ss
udp6 0 0 :::34804 :::* 1121/ss
udp6 0 0 :::40950 :::* 1121/ss
udp6 0 0 :::59383 :::* 1121/ss
udp6 0 0 :::39927 :::* 1121/ss
udp6 0 0 :::38905 :::* 1121/ss
udp6 0 0 :::59385 :::* 1121/ss
udp6 0 0 :::39930 :::* 1121/ss
udp6 0 0 :::56827 :::* 1121/ss
udp6 0 0 :::41980 :::* 1121/ss
udp6 0 0 :::33277 :::* 1121/ss
udp6 0 0 :::51710 :::* 1121/ss
udp6 0 0 :::59902 :::* 1121/ss
udp6 0 0 :::46079 :::* 1121/ss
udp6 0 0 :::39424 :::* 1121/ss
udp6 0 0 :::44032 :::* 1121/ss
udp6 0 0 :::46081 :::* 1121/ss
udp6 0 0 :::49154 :::* 1121/ss
udp6 0 0 :::59395 :::* 1121/ss
udp6 0 0 :::35844 :::* 1121/ss
udp6 0 0 :::55300 :::* 1121/ss
udp6 0 0 :::56325 :::* 1121/ss
udp6 0 0 :::55302 :::* 1121/ss
udp6 0 0 :::53256 :::* 1121/ss
udp6 0 0 :::36361 :::* 1121/ss
udp6 0 0 :::58380 :::* 1121/ss
udp6 0 0 :::46606 :::* 1121/ss
udp6 0 0 :::39439 :::* 1121/ss
udp6 0 0 :::48655 :::* 1121/ss
udp6 0 0 :::48656 :::* 1121/ss
udp6 0 0 :::52241 :::* 1121/ss
udp6 0 0 :::54290 :::* 1121/ss
udp6 0 0 :::48658 :::* 1121/ss
udp6 0 0 :::55827 :::* 1121/ss
udp6 0 0 :::37396 :::* 1121/ss
udp6 0 0 :::57878 :::* 1121/ss
udp6 0 0 :::43543 :::* 1121/ss
udp6 0 0 :::45079 :::* 1121/ss
udp6 0 0 :::42520 :::* 1121/ss
udp6 0 0 :::49176 :::* 1121/ss
udp6 0 0 :::40475 :::* 1121/ss
udp6 0 0 :::34843 :::* 1121/ss
udp6 0 0 :::57884 :::* 1121/ss
udp6 0 0 :::32796 :::* 1121/ss
udp6 0 0 :::46111 :::* 1121/ss
udp6 0 0 :::45089 :::* 1121/ss
udp6 0 0 :::49185 :::* 1121/ss
udp6 0 0 :::50722 :::* 1121/ss
udp6 0 0 :::58914 :::* 1121/ss
udp6 0 0 :::51235 :::* 1121/ss
udp6 0 0 :::52774 :::* 1121/ss
udp6 0 0 :::51238 :::* 1121/ss
udp6 0 0 :::55847 :::* 1121/ss
udp6 0 0 :::56359 :::* 1121/ss
udp6 0 0 :::51751 :::* 1121/ss
udp6 0 0 :::34857 :::* 1121/ss
udp6 0 0 :::46633 :::* 1121/ss
udp6 0 0 :::33322 :::* 1121/ss
udp6 0 0 :::39980 :::* 1121/ss
udp6 0 0 :::58929 :::* 1121/ss
udp6 0 0 :::45105 :::* 1121/ss
udp6 0 0 :::54321 :::* 1121/ss
udp6 0 0 :::43571 :::* 1121/ss
udp6 0 0 :::53299 :::* 1121/ss
udp6 0 0 :::58421 :::* 1121/ss
udp6 0 0 :::59445 :::* 1121/ss
udp6 0 0 :::47669 :::* 1121/ss
udp6 0 0 :::42038 :::* 1121/ss
udp6 0 0 :::52790 :::* 1121/ss
udp6 0 0 :::44599 :::* 1121/ss
udp6 0 0 :::51255 :::* 1121/ss
udp6 0 0 :::37946 :::* 1121/ss
udp6 0 0 :::50234 :::* 1121/ss
udp6 0 0 :::58427 :::* 1121/ss
udp6 0 0 :::49213 :::* 1121/ss
udp6 0 0 :::35389 :::* 1121/ss
udp6 0 0 :::50237 :::* 1121/ss
udp6 0 0 :::57406 :::* 1121/ss
udp6 0 0 :::20030 :::* 1121/ss
udp6 0 0 :::53824 :::* 1121/ss
udp6 0 0 :::52801 :::* 1121/ss
udp6 0 0 :::47171 :::* 1121/ss
udp6 0 0 :::37443 :::* 1121/ss
udp6 0 0 :::56902 :::* 1121/ss
udp6 0 0 :::49734 :::* 1121/ss
udp6 0 0 :::35911 :::* 1121/ss
udp6 0 0 :::44616 :::* 1121/ss
udp6 0 0 :::43592 :::* 1121/ss
udp6 0 0 :::58440 :::* 1121/ss
udp6 0 0 :::52297 :::* 1121/ss
udp6 0 0 :::35401 :::* 1121/ss
udp6 0 0 :::45642 :::* 1121/ss
udp6 0 0 :::42058 :::* 1121/ss
udp6 0 0 :::54347 :::* 1121/ss
udp6 0 0 :::50252 :::* 1121/ss
udp6 0 0 :::35404 :::* 1121/ss
udp6 0 0 :::44620 :::* 1121/ss
udp6 0 0 :::33868 :::* 1121/ss
udp6 0 0 :::57933 :::* 1121/ss
udp6 0 0 :::37454 :::* 1121/ss
udp6 0 0 :::50254 :::* 1121/ss
udp6 0 0 :::54350 :::* 1121/ss
udp6 0 0 :::58959 :::* 1121/ss
udp6 0 0 :::58448 :::* 1121/ss
udp6 0 0 :::52304 :::* 1121/ss
udp6 0 0 :::41042 :::* 1121/ss
udp6 0 0 :::47187 :::* 1121/ss
udp6 0 0 :::45141 :::* 1121/ss
udp6 0 0 :::36949 :::* 1121/ss
udp6 0 0 :::33878 :::* 1121/ss
udp6 0 0 :::48728 :::* 1121/ss
udp6 0 0 :::39513 :::* 1121/ss
udp6 0 0 :::47705 :::* 1121/ss
udp6 0 0 :::50265 :::* 1121/ss
udp6 0 0 :::34394 :::* 1121/ss
udp6 0 0 :::47196 :::* 1121/ss
udp6 0 0 :::49246 :::* 1121/ss
udp6 0 0 :::45663 :::* 1121/ss
udp6 0 0 :::33891 :::* 1121/ss
udp6 0 0 :::35427 :::* 1121/ss
udp6 0 0 :::57956 :::* 1121/ss
udp6 0 0 :::48741 :::* 1121/ss
udp6 0 0 :::47717 :::* 1121/ss
udp6 0 0 :::46693 :::* 1121/ss
udp6 0 0 :::43110 :::* 1121/ss
udp6 0 0 :::60519 :::* 1121/ss
udp6 0 0 :::44649 :::* 1121/ss
udp6 0 0 :::35947 :::* 1121/ss
udp6 0 0 :::41579 :::* 1121/ss
udp6 0 0 :::53355 :::* 1121/ss
udp6 0 0 :::53357 :::* 1121/ss
udp6 0 0 :::59503 :::* 1121/ss
udp6 0 0 :::56431 :::* 1121/ss
udp6 0 0 :::34415 :::* 1121/ss
udp6 0 0 :::60527 :::* 1121/ss
udp6 0 0 :::47217 :::* 1121/ss
udp6 0 0 :::34418 :::* 1121/ss
udp6 0 0 :::39027 :::* 1121/ss
udp6 0 0 :::37494 :::* 1121/ss
udp6 0 0 :::39031 :::* 1121/ss
udp6 0 0 :::46711 :::* 1121/ss
udp6 0 0 :::43127 :::* 1121/ss
udp6 0 0 :::57975 :::* 1121/ss
udp6 0 0 :::47737 :::* 1121/ss
udp6 0 0 :::45177 :::* 1121/ss
udp6 0 0 :::32889 :::* 1121/ss
udp6 0 0 :::60025 :::* 1121/ss
udp6 0 0 :::54394 :::* 1121/ss
udp6 0 0 :::55930 :::* 1121/ss
udp6 0 0 :::52859 :::* 1121/ss
udp6 0 0 :::50300 :::* 1121/ss
udp6 0 0 :::47741 :::* 1121/ss
udp6 0 0 :::36990 :::* 1121/ss
udp6 0 0 :::45183 :::* 1121/ss
udp6 0 0 :::40066 :::* 1121/ss
udp6 0 0 :::34948 :::* 1121/ss
udp6 0 0 :::47238 :::* 1121/ss
udp6 0 0 :::42630 :::* 1121/ss
udp6 0 0 :::37511 :::* 1121/ss
udp6 0 0 :::48776 :::* 1121/ss
udp6 0 0 :::53898 :::* 1121/ss
udp6 0 0 :::43660 :::* 1121/ss
udp6 0 0 :::41612 :::* 1121/ss
udp6 0 0 :::46734 :::* 1121/ss
udp6 0 0 :::42638 :::* 1121/ss
udp6 0 0 :::48782 :::* 1121/ss
udp6 0 0 :::46227 :::* 1121/ss
root@VM-4-2-ubuntu:~#
Can I add new users , is there an API for this ? Well or as it is possible to load dynamically new users and to delete .
Thanks
I recently upgraded to v1.0.5
and it looks like the UDP is not working now.
Steps to reproduce:
On the server, run
outline-ss-server -config server.yml -udptimeout 32s -metrics 127.0.0.1:9999
On the client side, I use ss-tunnel
from shadowsocks-libev
ss-tunnel -b 127.0.42.1 -l 53 -L 8.8.8.8:53 -c client.json
Then on the client side, run
dig example.com @127.0.42.1
The dig command timed out, and on the server side, I see these error logs:
E2019-08-09T09:56:22.368+08:00 19076 udp.go:93] Panic in UDP loop: interface conversion: net.Addr is *net.UDPAddr, not *net.IPAddr
goroutine 21 [running]:
runtime/debug.Stack(0x79115a, 0xc00007d830, 0x1)
/usr/lib/go-1.11/src/runtime/debug/stack.go:24 +0xa7
runtime/debug.PrintStack()
/usr/lib/go-1.11/src/runtime/debug/stack.go:16 +0x22
github.com/Jigsaw-Code/outline-ss-server/shadowsocks.(*udpService).Start.func1.1()
/home/xxxx/build/outline-ss-server/outline-ss-server-master/shadowsocks/udp.go:94 +0xc2
panic(0x8485e0, 0xc0004407b0)
/usr/lib/go-1.11/src/runtime/panic.go:513 +0x1b9
github.com/Jigsaw-Code/outline-ss-server/shadowsocks.(*udpService).Start.func1(0xc000065940, 0xc000150000, 0x10000, 0x10000, 0xc000160000, 0x10000, 0x10000, 0xc000065a00, 0x0)
/home/xxxx/build/outline-ss-server/outline-ss-server-master/shadowsocks/udp.go:124 +0x16e1
github.com/Jigsaw-Code/outline-ss-server/shadowsocks.(*udpService).Start(0xc000065940)
/home/xxxx/build/outline-ss-server/outline-ss-server-master/shadowsocks/udp.go:165 +0x1d5
created by main.(*SSServer).startPort
/home/xxxx/build/outline-ss-server/outline-ss-server-master/server.go:81 +0x5aa
Hi
I have many ip of one interface card(Centos 7) as like below
eth0 10.10.10.10
eth0:0 10.10.10.11
eth0:1 10.10.10.12
eth0:2 10.10.10.13
but, if i connect 10.10.10.12 then all packet's are output on 10.10.10.10, not 10.10.10.12
how can i output packet to client request ip (of request port)
ex)
8081 port 10.10.10.11 <-> client A
8082 port 10.10.10.12 <-> client B
8083 port 10.10.10.13 <-> client C
Thanks
If transport traffic with proxy protocol, outline-ss-server can't get the real client ip & can't auth the user
hope to support proxy protocol
On every new connection findAccessKey tests every single user's key against the incoming data.
This isn't that much of an issue for TCP where the 'findAccessKey' time is much smaller that the overall TX time of the data.
But for UDP this is going to be a mess. UDP packets are small and frequent. Any application that sends large amounts of UDP is likely to waste many many cycles of CPU time.
Why not add a cache?
Because of NAT we need to have an array per ip and store all users who connect from that ip. We can go a step further and search users already bound to an ip last.
unbound_Users = { user1, user2, user3, user4 }
cache_ip_userlist = {}
cache_user_to_ip = {}
// user1 connection from ip1
findAccessKey [test keys for user in] cache_ip_userlist[ip1] - Nothing found
findAccessKey [test keys for user in] unbound_Users - found user1
unbound_Users.remove(user1)
cache_ip_userlist[ip1][user1] = expire_time;
cache_user_to_ip[user1] = ip1;
// user2 connection from ip1
findAccessKey [test keys for user in] cache_ip_userlist[ip1] - Nothing found
findAccessKey [test keys for user in] unbound_Users - found user2
unbound_Users.remove(user2)
cache_ip_userlist[ip1][user2] = expire_time;
cache_user_to_ip[user2] = ip1;
// user1 connection from ip1 (again)
findAccessKey [test keys for user in] cache_ip_userlist[ip1] - found user1
cache_ip_userlist[ip1][user1] = expire_time; // Refresh expire time
// user1 connects from ip2 (user1 was connecting from ip1, but changed to ip2)
findAccessKey [test keys for user in] cache_ip_userlist[ip2] - Nothing found
findAccessKey [test keys for user in] unbound_Users - Nothing found
findAccessKey [test keys for user in] all cache_ip_userlist's - found user1 in cache_ip_userlist[ip]
cache_ip_userlist[ cache_user_to_ip[user1] ].remove(user1) // Move user1 from cache_ip_userlist[ip1] -> cache_ip_userlist[ip2]
cache_ip_userlist[ip2][user1] = expire_time;
cache_user_to_ip[user1] = ip2;
cache_ip_userlist should also store an expire time, which should get updated on any match, and expired entries can be purged every time it's searched, and cache_user_to_ip along with it.
A long expire time will mean less key search time when clients don't send data often, while a short expire time will mean connections from new clients won't waste time searching disconnected clients.
In any case since it's per ip, worst case scenario is having to search all user's keys for every connection WHEN all users happen to connect from exactly the same IP.
Just looking at the UDP code and it seems to work the same as shadowsocks2. There's a timed copy setup from remote netCon to the local netCon sending back to the user.
Every time a message arrives from the peer the message is processed and a new timed read starts again - i.e. the timeout is reset.
However if only the client is sending the readdeadline is never reset.
Consider this example with timeout 30 seconds:
Time=0) user sends UDP message, new natmap starts with a timed read of 30 seconds from the peer
Time=29) user sends second UDP message.
Time=30) the natmap expires
Time=32) peer replies to a stale socket - message is lost.
The timed read should be reset every time a message comes in from either side.
Also it really would make sense to store the (found) key in the natmap too, and test that first when a new message comes in from the same source ip/port. In fact if we find the key has changed then the whole natmap should be re-created or at least the key changed to the new one.
del
Hi Outline team,
First of all, thank you for your great and essential work. After having multiple Outline servers of mine blocked within a week, all of which were serving users in China, it came to my attention that new detection techniques were rolled out on or around October 3rd, 2022 according to this issue: net4people/bbs#136
The authors of that post have developed a preliminary workaround, but it breaks compatibility with the existing shadowsocks packet format and is thus only supported on their temporary fork of shadowsocks-rust
.
I realize this leaves y'all (and us) in kind of a shitty situation in which the old format is dying and the new format struggles to be born, but I would strongly suggest paying attention to that thread and/or participating in development so that outline-ss-server
can implement the new format as soon as it's ready.
Filtering in Iran causes to not to able to create new ACTIVE servers on AMAZON LIGHTSAIL SERVERS or DIGITAL OCEAN !
I have amazon lightsail premium account and digital ocean too and I am from Iran . it is about 3 days ago when I wanted to create new servers I did it but new servers were not able to connect to the Servers by Outline Client on any of internet providers like MTN IRANCEL or MCI . so what should we do ?
We need a great and non-censorship solution for Iran on Outline Servers and Client ????
The replay cache is only passed to the TCP service. Was UDP left out intentionally, or was it an oversight?
Is your feature request related to a problem? Please describe.
I would like to create a chain of shadowsocks servers
Describe the solution you'd like
Have a chain option in shadowsocks
Describe alternatives you've considered
Tor but its not self hosted and all nodes are on blacklists
Additional context
Use case; I want to run a local server that's not\barely exposed to the public internet. Via shadowsocks I would be able to connect to the local network of the shadowsocks server. Currently this is completely blocked via
outline-ss-server/net/private_net.go
Line 36 in 3c2b0f1
Hey guys,
How can I configure the server to listen on a specific interface or IP address ?
Restart process will cause connection lost.
It would be great to add a pre-filter for DNS requests (for example, a redirect to AdguardHome DNS installed on the same server to block ad servers or torrent servers or something).
I apologize if this possibility already exists and was considered by someone, but I found the manual only for the wireguard + AdguardHome bundle, but not for Outline-ss.
I'm not very good at this myself(
Best regards
The existing dependencies have not been updated for too long, could we update them? Thanks.
https://github.com/shadowsocks/shadowsocks/wiki/Manage-Multiple-Users#protocol
Users can be add, delete and transfer statistics through the API.
Many clients already support AEAD-2022 Ciphers (v2rayNG, FoXray, V2Box)
https://shadowsocks.org/doc/sip022.html
Sorry to distrub.
Situation: I am a starter with few knowledge and experience on Linux. I have successfully deployed an outline server and it is running well, but I would like to taste this outline_ss_server.
Efforts I have made: I have read the README.MD and I have googled about how to install GO Envriment and how to install shadowsocks_go as a reference. And I have followed the steps above with little understanding of them. And I also tried to follow the instructions in README.MD. But I still neither can get a clue nor get a successful install or running.
Is there any possiblity of publishing a beginner-friendly installing guide? I tried mutiple times and fail to find someone I can follow on the existing Internet. And if google does not have it, I can't get a clue what and where to learn to install this.😂 Or would you please give me some hints about which knowledge needed?
Best regards, thanks!
refer: shadowsocks/go-shadowsocks2@e07df3f
Should we update the go-shadowsocks2 version to 0.15?
thanks.
The Shadowsocks-Rust currently supports SIP022 (Shadowsocks 2022) which handles multiple users on a single port in a proper way to avoid performance issues. I was wondering if there is any plan to switch the outline ss server to Shadowsocks 2022.
Currently, I am using an older version of Shadowsocks (non-ss2022) to build my service, and it is encountering severe performance issues (CPU usage often exceeds 150%) when there are a large number of users (over 10,000 available users and 200+ online).
Are there any strategies or methods for performance optimization? I would appreciate any suggestions you may have.
Thank you!
Can I make a setup with mysql (mariadb) or another db? I want to store creds in one mariadb, and connect multiple outline-ss-server to db with ssl. This is convenient for centralized management.
Not exactly a bug, might be a problem in some situation. Hit the limit of open file count happened in many ss server. When ss-libev got this problem, it won't exit.
Log:
./outline-ss-server -config config.yml
I2019-03-06T09:29:07.810-05:00 6853 server.go:75] Listening TCP and UDP on port 3389
I2019-03-06T09:29:07.810-05:00 6853 server.go:75] Listening TCP and UDP on port 1521
I2019-03-06T09:29:07.810-05:00 6853 server.go:149] Loaded 2 access keys
E2019-04-02T22:58:06.287-04:00 6853 tcp.go:157] Failed to accept: accept tcp [::]:3389: accept4: too many open files
E2019-04-02T22:58:06.288-04:00 6853 tcp.go:157] Failed to accept: accept tcp [::]:3389: accept4: too many open files
E2019-04-02T22:58:06.288-04:00 6853 tcp.go:157] Failed to accept: accept tcp [::]:3389: accept4: too many open files
E2019-04-02T22:58:06.288-04:00 6853 tcp.go:157] Failed to accept: accept tcp [::]:3389: accept4: too many open files
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x532425]
goroutine 456877 [running]:
net.(*TCPConn).RemoteAddr(0x0, 0x0, 0x0)
<autogenerated>:1 +0x5
github.com/Jigsaw-Code/outline-ss-server/shadowsocks.(*tcpService).Start.func1(0xc0001185a0, 0xc0001e5e30, 0x0)
/usr/local/google/home/fortuna/firehook/outline-ss-server/shadowsocks/tcp.go:161 +0x57
created by github.com/Jigsaw-Code/outline-ss-server/shadowsocks.(*tcpService).Start
/usr/local/google/home/fortuna/firehook/outline-ss-server/shadowsocks/tcp.go:160 +0x61
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.