Merge branch 'develop', version 1.1.2

Author: cyfdecyf

.travis.yml

@@ -1,15 +1,10 @@
 language: go
 go:
-  - 1.1
+  - 1.3
 install:
-  - go get github.com/cyfdecyf/leakybuf
   - go get code.google.com/p/go.crypto/blowfish
   - go get code.google.com/p/go.crypto/cast5
-  - pushd $TRAVIS_BUILD_DIR
   - go install ./cmd/shadowsocks-local
   - go install ./cmd/shadowsocks-server
-  - popd
 script:
-  - pushd $TRAVIS_BUILD_DIR
   - PATH=$PATH:$HOME/gopath/bin bash -x ./script/test.sh
-  - popd

CHANGELOG

@@ -1,3 +1,7 @@
+1.1.2 (2014-09-21)
+    * Support new encryption method "rc4-md5"
+    * Use aes-256-cfb as default encryption method for command line app
+
 1.1.1 (2013-07-12)
     * Add -b option to limit listen address for client
     * Fix can't override server address on command line

README.md

@@ -1,6 +1,6 @@
 # shadowsocks-go
 
-Current version: 1.1.1 [![Build Status](https://travis-ci.org/shadowsocks/shadowsocks-go.png?branch=master)](https://travis-ci.org/shadowsocks/shadowsocks-go)
+Current version: 1.1.2 [![Build Status](https://travis-ci.org/shadowsocks/shadowsocks-go.png?branch=master)](https://travis-ci.org/shadowsocks/shadowsocks-go)
 
 shadowsocks-go is a lightweight tunnel proxy which can help you get through firewalls. It is a port of [shadowsocks](https://github.com/clowwindy/shadowsocks).
 
@@ -23,7 +23,7 @@ go get github.com/shadowsocks/shadowsocks-go/cmd/shadowsocks-server
 go get github.com/shadowsocks/shadowsocks-go/cmd/shadowsocks-local
 ```
 
-It's recommend to disable cgo when compiling shadowsocks-go. This will prevent the go runtime from creating too many threads for dns lookup.
+It's recommended to disable cgo when compiling shadowsocks-go. This will prevent the go runtime from creating too many threads for dns lookup.
 
 # Usage
 
@@ -35,8 +35,8 @@ Configuration file is in json format and has the same syntax with [shadowsocks-n
 server          your server ip or hostname
 server_port     server port
 local_port      local socks5 proxy port
-method          encryption method, null by default, the following methods are supported:
-                    aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, cast5-cfb, des-cfb, rc4
+method          encryption method, null by default (table), the following methods are supported:
+                    aes-128-cfb, aes-192-cfb, aes-256-cfb, bf-cfb, cast5-cfb, des-cfb, rc4-md5, rc4, table
 password        a password used to encrypt transfer
 timeout         server option, in seconds
 ```
@@ -51,20 +51,20 @@ SOCKS5 127.0.0.1:local_port
 
 ## About encryption methods
 
-AES is recommended for shadowsocks-go. ([Intel AES Instruction Set](http://en.wikipedia.org/wiki/AES_instruction_set) will be used if available and can make encryption/decryption fast.)
+AES is recommended for shadowsocks-go. [Intel AES Instruction Set](http://en.wikipedia.org/wiki/AES_instruction_set) will be used if available and can make encryption/decryption very fast. To be more specific, **`aes-128-cfb` is recommended as it is faster and [secure enough](https://www.schneier.com/blog/archives/2009/07/another_new_aes.html)**.
 
-**rc4 and table encryption methods are deprecated because they are not secure**.
+**rc4 and table encryption methods are deprecated because they are not secure.**
 
 ## Command line options
 
 Command line options can override settings from configuration files. Use `-h` option to see all available options.
 
 ```
 shadowsocks-local -s server_address -p server_port -k password
-    -m rc4 -c config.json
+    -m aes-128-cfb -c config.json
     -b local_address -l local_port
 shadowsocks-server -p server_port -k password
-    -m rc4 -c config.json
+    -m aes-128-cfb -c config.json
     -t timeout
 ```
 

cmd/shadowsocks-local/local.go

@@ -355,7 +355,7 @@ func main() {
 	flag.StringVar(&cmdConfig.Password, "k", "", "password")
 	flag.IntVar(&cmdConfig.ServerPort, "p", 0, "server port")
 	flag.IntVar(&cmdConfig.LocalPort, "l", 0, "local socks5 proxy port")
-	flag.StringVar(&cmdConfig.Method, "m", "", "encryption method, use empty string or rc4")
+	flag.StringVar(&cmdConfig.Method, "m", "aes-256-cfb", "encryption method")
 	flag.BoolVar((*bool)(&debug), "d", false, "print debug message")
 
 	flag.Parse()

cmd/shadowsocks-server/server.go

@@ -57,7 +57,7 @@ func getRequest(conn *ss.Conn) (host string, extra []byte, err error) {
 	case typeDm:
 		reqLen = int(buf[idDmLen]) + lenDmBase
 	default:
-		err = errors.New(fmt.Sprintf("addr type %d not supported", buf[idType]))
+		err = fmt.Errorf("addr type %d not supported", buf[idType])
 		return
 	}
 
@@ -322,7 +322,7 @@ func main() {
 	flag.StringVar(&cmdConfig.Password, "k", "", "password")
 	flag.IntVar(&cmdConfig.ServerPort, "p", 0, "server port")
 	flag.IntVar(&cmdConfig.Timeout, "t", 60, "connection timeout (in seconds)")
-	flag.StringVar(&cmdConfig.Method, "m", "", "encryption method, use empty string or rc4")
+	flag.StringVar(&cmdConfig.Method, "m", "aes-256-cfb", "encryption method")
 	flag.IntVar(&core, "core", 0, "maximum number of CPU cores to use, default is determinied by Go runtime")
 	flag.BoolVar((*bool)(&debug), "d", false, "print debug message")
 

config.json

@@ -3,5 +3,6 @@
     "server_port":8388,
     "local_port":1080,
     "password":"barfoo!",
+    "method": "aes-128-cfb",
     "timeout":600
 }

sample-config/client-multi-server.json

@@ -1,7 +1,7 @@
 {
-	"local_port":1081,
+	"local_port": 1081,
 	"server_password": [
 		["127.0.0.1:8387", "foobar"],
-		["127.0.0.1:8388", "barfoo", "rc4"]
+		["127.0.0.1:8388", "barfoo", "aes-128-cfb"]
 	]
 }

sample-config/server-multi-port.json

@@ -3,5 +3,6 @@
 		"8387": "foobar",
 		"8388": "barfoo"
 	},
-	"timeout": 600,
+	"method": "aes-128-cfb",
+	"timeout": 600
 }

script/build.sh

@@ -51,11 +51,11 @@ build windows 386 win32 local
 
 build linux amd64 linux64 server
 build linux 386 linux32 server
-#build darwin amd64 mac64 server
+build darwin amd64 mac64 server
 build windows amd64 win64 server
 build windows 386 win32 server
 
-script/createdeb.sh amd64
-script/createdeb.sh 386
-mv shadowsocks-go_$version-1-*.deb bin/
-rm -rf shadowsocks-go_$version-1*
+#script/createdeb.sh amd64
+#script/createdeb.sh i386
+#mv shadowsocks-go_$version-1-*.deb bin/
+#rm -rf shadowsocks-go_$version-1*

script/createdeb.sh

@@ -13,7 +13,7 @@ export GOOS=linux
 
 arch=$1
 case $arch in
-    386)
+    i386)
         export GOARCH=386
         ;;
     amd64)

script/http.go

@@ -0,0 +1,21 @@
+/* Simple http server for testing. */
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+)
+
+func handler(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintf(w, "Hello, shadowsocks-go!")
+}
+
+func main() {
+	if len(os.Args) != 2 {
+		fmt.Println("Usage: http <port>")
+		os.Exit(1)
+	}
+	http.HandleFunc("/", handler)
+	http.ListenAndServe("127.0.0.1:"+os.Args[1], nil)
+}

script/test.sh

@@ -1,8 +1,22 @@
 #!/bin/bash
 
+# Run in the scripts directory.
+cd "$( dirname "${BASH_SOURCE[0]}" )"
+
 OPTION="-p 8389 -k foobar"
 LOCAL_PORT="1090"
 SOCKS="127.0.0.1:$LOCAL_PORT"
+HTTP_PORT="8123"
+
+start_http_server() {
+    go build http.go
+    ./http $HTTP_PORT &
+    http_pid=$!
+}
+
+stop_http_server() {
+    kill -SIGTERM $http_pid
+}
 
 test_get() {
     local url
@@ -45,23 +59,36 @@ test_shadowsocks() {
     $LOCAL $OPTION -s 127.0.0.1 -l $LOCAL_PORT -m "$method" &
     local_pid=$!
 
-    # wait server and client finish startup
-    sleep 1
+    # Wait server and client finish startup.
+    sleeptime=0.1
+    if [ -n "$TRAVIS" ]; then
+        # On Travis we need to wait a little longer.
+        sleeptime=1
+    elif echo $SERVER $LOCAL | grep 'py'; then
+        # The python version is slow to start.
+        if [[ $method == "table" ]]; then
+            sleeptime=2
+        else
+            sleeptime=0.5
+        fi
+    fi
+    echo $sleeptime
+    sleep $sleeptime
 
     for i in {1..3}; do
-        if ! test_get $url "<html"; then
+        if ! test_get $url "shadowsocks-go"; then
             kill -SIGTERM $server_pid
             kill -SIGTERM $local_pid
+            stop_http_server
             exit 1
         fi
-        sleep 0.3
     done
     echo "=============================="
     echo "GET $url $method passed"
     echo "=============================="
     kill -SIGTERM $server_pid
     kill -SIGTERM $local_pid
-    sleep 1
+    sleep 0.1
 }
 
 test_server_local_pair() {
@@ -70,37 +97,32 @@ test_server_local_pair() {
     echo "============================================================"
 
     local url
-    if [[ -z "$TRAVIS" ]]; then
-        url="www.baidu.com"
-    else
-        # on travis
-        url="www.google.com"
-    fi
-    test_shadowsocks baidu.com table
-    test_shadowsocks baidu.com rc4
-    test_shadowsocks baidu.com aes-128-cfb
-    test_shadowsocks baidu.com aes-192-cfb
-    test_shadowsocks baidu.com aes-256-cfb
-    test_shadowsocks baidu.com bf-cfb
-    test_shadowsocks baidu.com des-cfb
-    test_shadowsocks baidu.com cast5-cfb
+    url=http://127.0.0.1:$HTTP_PORT/README.md
+    test_shadowsocks $url table
+    test_shadowsocks $url rc4
+    test_shadowsocks $url rc4-md5
+    test_shadowsocks $url aes-128-cfb
+    test_shadowsocks $url aes-192-cfb
+    test_shadowsocks $url aes-256-cfb
+    test_shadowsocks $url bf-cfb
+    test_shadowsocks $url des-cfb
+    test_shadowsocks $url cast5-cfb
 }
 
+start_http_server
+
 SERVER="shadowsocks-server"
 LOCAL="shadowsocks-local"
 test_server_local_pair
 
-if [[ -n $SS_NODEJS ]]; then
-    pushd $SS_NODEJS
-
-    SERVER="node server.js"
+if [[ -n $SS_PYTHON ]]; then
+    SERVER="$SS_PYTHON/server.py"
     LOCAL="shadowsocks-local"
     test_server_local_pair
 
     SERVER="shadowsocks-server"
-    LOCAL="node local.js"
+    LOCAL="$SS_PYTHON/local.py"
     test_server_local_pair
-
-    popd $SS_NODEJS
 fi
 
+stop_http_server

shadowsocks/config_test.go

@@ -5,16 +5,19 @@ import (
 )
 
 func TestConfigJson(t *testing.T) {
-	config, err := ParseConfig("testdata/config.json")
+	config, err := ParseConfig("../config.json")
 	if err != nil {
 		t.Fatal("error parsing config.json:", err)
 	}
 
 	if config.Password != "barfoo!" {
 		t.Error("wrong password from config")
 	}
-	if config.Timeout != 0 {
-		t.Error("tiemout should default to 0")
+	if config.Timeout != 600 {
+		t.Error("timeout should be 600")
+	}
+	if config.Method != "aes-128-cfb" {
+		t.Error("method should be aes-128-cfb")
 	}
 	srvArr := config.GetServerArray()
 	if len(srvArr) != 1 || srvArr[0] != "127.0.0.1" {
@@ -25,7 +28,7 @@ func TestConfigJson(t *testing.T) {
 func TestServerMultiPort(t *testing.T) {
 	config, err := ParseConfig("../sample-config/server-multi-port.json")
 	if err != nil {
-		t.Fatal("error parsing multi server-multi-port.json:", err)
+		t.Fatal("error parsing ../sample-config/server-multi-port.json:", err)
 	}
 
 	if config.PortPassword["8387"] != "foobar" {
@@ -85,7 +88,7 @@ func TestClientMultiServerArray(t *testing.T) {
 	if sv[1] != "barfoo" {
 		t.Error("server_password 2nd server passwd wrong")
 	}
-	if sv[2] != "rc4" {
+	if sv[2] != "aes-128-cfb" {
 		t.Error("server_password 2nd server enc method wrong")
 	}
 }