From 6345c0dcf14e5a659ecc0bf9c34bc642c60dc3b9 Mon Sep 17 00:00:00 2001
From: zonyitoo <zonyitoo@gmail.com>
Date: Thu, 13 Jun 2024 00:00:05 +0800
Subject: [PATCH 1/4] feat(server): tokio v1.38 stablized
 RuntimeMetrics::num_workers

---
 Cargo.lock                                        |  1 -
 Cargo.toml                                        |  1 -
 crates/shadowsocks-service/Cargo.toml             |  2 +-
 crates/shadowsocks-service/src/config.rs          |  7 -------
 crates/shadowsocks-service/src/manager/server.rs  | 14 --------------
 crates/shadowsocks-service/src/server/mod.rs      |  4 ----
 crates/shadowsocks-service/src/server/server.rs   | 13 +------------
 crates/shadowsocks-service/src/server/udprelay.rs | 11 ++---------
 src/service/manager.rs                            |  5 -----
 src/service/server.rs                             |  5 -----
 10 files changed, 4 insertions(+), 59 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 899120ca2eb8..34323cf3dc44 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3184,7 +3184,6 @@ dependencies = [
  "log4rs",
  "mimalloc",
  "mime",
- "num_cpus",
  "qrcode",
  "rand",
  "reqwest",
diff --git a/Cargo.toml b/Cargo.toml
index 9928912025a9..a7fb48c33a72 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -239,7 +239,6 @@ rand = "0.8"
 
 futures = "0.3"
 tokio = { version = "1", features = ["rt", "signal"] }
-num_cpus = "1.15"
 
 ipnet = { version = "2.9", optional = true }
 
diff --git a/crates/shadowsocks-service/Cargo.toml b/crates/shadowsocks-service/Cargo.toml
index 8b84a56cb82f..74fcfd851859 100644
--- a/crates/shadowsocks-service/Cargo.toml
+++ b/crates/shadowsocks-service/Cargo.toml
@@ -144,7 +144,7 @@ rand = { version = "0.8", features = ["small_rng"] }
 sled = { version = "0.34.7", optional = true }
 
 futures = "0.3"
-tokio = { version = "1.5", features = [
+tokio = { version = "1.38", features = [
     "io-util",
     "macros",
     "net",
diff --git a/crates/shadowsocks-service/src/config.rs b/crates/shadowsocks-service/src/config.rs
index 13026ba8eba8..5301ebdf91d8 100644
--- a/crates/shadowsocks-service/src/config.rs
+++ b/crates/shadowsocks-service/src/config.rs
@@ -1359,11 +1359,6 @@ pub struct Config {
     /// This is normally for auto-reloading if implementation supports.
     pub config_path: Option<PathBuf>,
 
-    #[doc(hidden)]
-    /// Workers in runtime
-    /// It should be replaced with metrics APIs: https://github.com/tokio-rs/tokio/issues/4073
-    pub worker_count: usize,
-
     /// OnlineConfiguration (SIP008)
     /// https://shadowsocks.org/doc/sip008.html
     #[cfg(feature = "local-online-config")]
@@ -1488,8 +1483,6 @@ impl Config {
 
             config_path: None,
 
-            worker_count: 1,
-
             #[cfg(feature = "local-online-config")]
             online_config: None,
         }
diff --git a/crates/shadowsocks-service/src/manager/server.rs b/crates/shadowsocks-service/src/manager/server.rs
index f5db629dad1a..ae27acee602c 100644
--- a/crates/shadowsocks-service/src/manager/server.rs
+++ b/crates/shadowsocks-service/src/manager/server.rs
@@ -85,7 +85,6 @@ pub struct ManagerBuilder {
     acl: Option<Arc<AccessControl>>,
     ipv6_first: bool,
     security: SecurityConfig,
-    worker_count: usize,
 }
 
 impl ManagerBuilder {
@@ -106,7 +105,6 @@ impl ManagerBuilder {
             acl: None,
             ipv6_first: false,
             security: SecurityConfig::default(),
-            worker_count: 1,
         }
     }
 
@@ -156,14 +154,6 @@ impl ManagerBuilder {
         self.security = security;
     }
 
-    /// Set runtime worker count
-    ///
-    /// Should be replaced with tokio's metric API when it is stablized.
-    /// https://github.com/tokio-rs/tokio/issues/4073
-    pub fn set_worker_count(&mut self, worker_count: usize) {
-        self.worker_count = worker_count;
-    }
-
     /// Build the manager server instance
     pub async fn build(self) -> io::Result<Manager> {
         let listener = ManagerListener::bind(&self.context, &self.svr_cfg.addr).await?;
@@ -178,7 +168,6 @@ impl ManagerBuilder {
             acl: self.acl,
             ipv6_first: self.ipv6_first,
             security: self.security,
-            worker_count: self.worker_count,
             listener,
         })
     }
@@ -196,7 +185,6 @@ pub struct Manager {
     acl: Option<Arc<AccessControl>>,
     ipv6_first: bool,
     security: SecurityConfig,
-    worker_count: usize,
     listener: ManagerListener,
 }
 
@@ -293,8 +281,6 @@ impl Manager {
 
         server_builder.set_security_config(&self.security);
 
-        server_builder.set_worker_count(self.worker_count);
-
         let server_port = server_builder.server_config().addr().port();
 
         let mut servers = self.servers.lock().await;
diff --git a/crates/shadowsocks-service/src/server/mod.rs b/crates/shadowsocks-service/src/server/mod.rs
index bb4c6b47b4c0..d58ab450134f 100644
--- a/crates/shadowsocks-service/src/server/mod.rs
+++ b/crates/shadowsocks-service/src/server/mod.rs
@@ -150,10 +150,6 @@ pub async fn run(config: Config) -> io::Result<()> {
             server_builder.set_ipv6_first(config.ipv6_first);
         }
 
-        if config.worker_count >= 1 {
-            server_builder.set_worker_count(config.worker_count);
-        }
-
         server_builder.set_security_config(&config.security);
 
         let server = server_builder.build().await?;
diff --git a/crates/shadowsocks-service/src/server/server.rs b/crates/shadowsocks-service/src/server/server.rs
index f06811aee3ec..2bd0d033714b 100644
--- a/crates/shadowsocks-service/src/server/server.rs
+++ b/crates/shadowsocks-service/src/server/server.rs
@@ -30,7 +30,6 @@ pub struct ServerBuilder {
     udp_capacity: Option<usize>,
     manager_addr: Option<ManagerAddr>,
     accept_opts: AcceptOpts,
-    worker_count: usize,
 }
 
 impl ServerBuilder {
@@ -48,7 +47,6 @@ impl ServerBuilder {
             udp_capacity: None,
             manager_addr: None,
             accept_opts: AcceptOpts::default(),
-            worker_count: 1,
         }
     }
 
@@ -83,14 +81,6 @@ impl ServerBuilder {
         self.manager_addr = Some(manager_addr);
     }
 
-    /// Set runtime worker count
-    ///
-    /// Should be replaced with tokio's metric API when it is stablized.
-    /// https://github.com/tokio-rs/tokio/issues/4073
-    pub fn set_worker_count(&mut self, worker_count: usize) {
-        self.worker_count = worker_count;
-    }
-
     /// Get server's configuration
     pub fn server_config(&self) -> &ServerConfig {
         &self.svr_cfg
@@ -147,7 +137,7 @@ impl ServerBuilder {
 
         let mut udp_server = None;
         if self.svr_cfg.mode().enable_udp() {
-            let mut server = UdpServer::new(
+            let server = UdpServer::new(
                 self.context.clone(),
                 self.svr_cfg.clone(),
                 self.udp_expiry_duration,
@@ -155,7 +145,6 @@ impl ServerBuilder {
                 self.accept_opts.clone(),
             )
             .await?;
-            server.set_worker_count(self.worker_count);
             udp_server = Some(server);
         }
 
diff --git a/crates/shadowsocks-service/src/server/udprelay.rs b/crates/shadowsocks-service/src/server/udprelay.rs
index 0cc3cb45f675..9efbdfcea7d6 100644
--- a/crates/shadowsocks-service/src/server/udprelay.rs
+++ b/crates/shadowsocks-service/src/server/udprelay.rs
@@ -27,7 +27,7 @@ use shadowsocks::{
     },
     ServerConfig,
 };
-use tokio::{sync::mpsc, task::JoinHandle, time};
+use tokio::{runtime::Handle, sync::mpsc, task::JoinHandle, time};
 #[cfg(windows)]
 use windows_sys::Win32::Networking::WinSock::WSAEAFNOSUPPORT;
 
@@ -93,7 +93,6 @@ pub struct UdpServer {
     keepalive_tx: mpsc::Sender<NatKey>,
     keepalive_rx: mpsc::Receiver<NatKey>,
     time_to_live: Duration,
-    worker_count: usize,
     listener: Arc<MonProxySocket>,
     svr_cfg: ServerConfig,
 }
@@ -140,17 +139,11 @@ impl UdpServer {
             keepalive_tx,
             keepalive_rx,
             time_to_live,
-            worker_count: 1,
             listener,
             svr_cfg,
         })
     }
 
-    #[inline]
-    pub(crate) fn set_worker_count(&mut self, worker_count: usize) {
-        self.worker_count = worker_count;
-    }
-
     /// Server's configuration
     pub fn server_config(&self) -> &ServerConfig {
         &self.svr_cfg
@@ -173,7 +166,7 @@ impl UdpServer {
 
         let mut orx_opt = None;
 
-        let cpus = self.worker_count;
+        let cpus = Handle::current().metrics().num_workers();
         let mut other_receivers = Vec::new();
         if cpus > 1 {
             let (otx, orx) = mpsc::channel((cpus - 1) * 16);
diff --git a/src/service/manager.rs b/src/service/manager.rs
index b232da305497..0d44a8fad9c9 100644
--- a/src/service/manager.rs
+++ b/src/service/manager.rs
@@ -500,23 +500,18 @@ pub fn create(matches: &ArgMatches) -> Result<(Runtime, impl Future<Output = Exi
 
         info!("shadowsocks manager {} build {}", crate::VERSION, crate::BUILD_TIME);
 
-        let mut worker_count = 1;
         let mut builder = match service_config.runtime.mode {
             RuntimeMode::SingleThread => Builder::new_current_thread(),
             #[cfg(feature = "multi-threaded")]
             RuntimeMode::MultiThread => {
                 let mut builder = Builder::new_multi_thread();
                 if let Some(worker_threads) = service_config.runtime.worker_count {
-                    worker_count = worker_threads;
                     builder.worker_threads(worker_threads);
-                } else {
-                    worker_count = num_cpus::get();
                 }
 
                 builder
             }
         };
-        config.worker_count = worker_count;
 
         let runtime = builder.enable_all().build().expect("create tokio Runtime");
 
diff --git a/src/service/server.rs b/src/service/server.rs
index 4efaacbc1152..bdb01262c286 100644
--- a/src/service/server.rs
+++ b/src/service/server.rs
@@ -520,23 +520,18 @@ pub fn create(matches: &ArgMatches) -> Result<(Runtime, impl Future<Output = Exi
 
         info!("shadowsocks server {} build {}", crate::VERSION, crate::BUILD_TIME);
 
-        let mut worker_count = 1;
         let mut builder = match service_config.runtime.mode {
             RuntimeMode::SingleThread => Builder::new_current_thread(),
             #[cfg(feature = "multi-threaded")]
             RuntimeMode::MultiThread => {
                 let mut builder = Builder::new_multi_thread();
                 if let Some(worker_threads) = service_config.runtime.worker_count {
-                    worker_count = worker_threads;
                     builder.worker_threads(worker_threads);
-                } else {
-                    worker_count = num_cpus::get();
                 }
 
                 builder
             }
         };
-        config.worker_count = worker_count;
 
         let runtime = builder.enable_all().build().expect("create tokio Runtime");
 

From fd723259d9b4a4de2a59000e57c034f0eb236702 Mon Sep 17 00:00:00 2001
From: ty <zonyitoo@gmail.com>
Date: Thu, 13 Jun 2024 13:35:42 +0800
Subject: [PATCH 2/4] feat: enable ppc64el, s390x on snap

---
 snap/snapcraft.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
index e241a78fece0..489421c9d2ae 100644
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -10,8 +10,8 @@ architectures:
   - build-on: amd64
   - build-on: arm64
   - build-on: armhf
-  # - build-on: ppc64el
-  # - build-on: s390x
+  - build-on: ppc64el
+  - build-on: s390x
   - build-on: riscv64
 license: MIT
 source-code: https://github.com/shadowsocks/shadowsocks-rust

From b5f3065f3df875a2450629e475d462ce4cdfec30 Mon Sep 17 00:00:00 2001
From: zonyitoo <zonyitoo@gmail.com>
Date: Fri, 14 Jun 2024 23:22:59 +0800
Subject: [PATCH 3/4] fix: TABLE cipher doesn't need to make a derived key

- fix #887
- Reference Implemetation: shadowsocks-libev, shadowsocks (Python)
  https://github.com/shadowsocks/shadowsocks-libev/blob/5ff4f27b74be9f390e639b960a6ec8baafc1e850/src/encrypt.c#L1395-L1399
---
 Cargo.lock                            | 34 ++++++++++++++-------------
 Cargo.toml                            |  4 ++--
 crates/shadowsocks-service/Cargo.toml |  6 ++---
 crates/shadowsocks/Cargo.toml         |  2 +-
 crates/shadowsocks/src/config.rs      |  7 ++++++
 debian/changelog                      |  6 +++++
 6 files changed, 37 insertions(+), 22 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 34323cf3dc44..9d969d982828 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1980,9 +1980,9 @@ dependencies = [
 
 [[package]]
 name = "memchr"
-version = "2.7.2"
+version = "2.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d"
+checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
 
 [[package]]
 name = "mimalloc"
@@ -2272,7 +2272,7 @@ checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8"
 dependencies = [
  "cfg-if",
  "libc",
- "redox_syscall 0.5.1",
+ "redox_syscall 0.5.2",
  "smallvec",
  "windows-targets 0.52.5",
 ]
@@ -2577,9 +2577,9 @@ dependencies = [
 
 [[package]]
 name = "redox_syscall"
-version = "0.5.1"
+version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "469052894dcb553421e483e4209ee581a45100d31b4018de03e5a7ad86374a7e"
+checksum = "c82cf8cff14456045f55ec4241383baeff27af886adb72ffb2162f99911de0fd"
 dependencies = [
  "bitflags 2.5.0",
 ]
@@ -3098,7 +3098,7 @@ dependencies = [
 
 [[package]]
 name = "shadowsocks"
-version = "1.19.1"
+version = "1.20.0"
 dependencies = [
  "aes",
  "arc-swap",
@@ -3136,9 +3136,9 @@ dependencies = [
 
 [[package]]
 name = "shadowsocks-crypto"
-version = "0.5.4"
+version = "0.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "65da645ff4a6440ba1b52a9d6b4c8792054860ac135cb87f8ad3d2c7a78d41b5"
+checksum = "a9e49ecfad8b27f3df28848af11f08aa10df0c6b74b45748131753913be23373"
 dependencies = [
  "aead",
  "aes",
@@ -3164,7 +3164,7 @@ dependencies = [
 
 [[package]]
 name = "shadowsocks-rust"
-version = "1.19.4"
+version = "1.20.0"
 dependencies = [
  "base64 0.22.1",
  "build-time",
@@ -3205,7 +3205,7 @@ dependencies = [
 
 [[package]]
 name = "shadowsocks-service"
-version = "1.19.4"
+version = "1.20.0"
 dependencies = [
  "arc-swap",
  "async-trait",
@@ -3344,18 +3344,18 @@ dependencies = [
 
 [[package]]
 name = "snmalloc-rs"
-version = "0.3.5"
+version = "0.3.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc157dd2183548a4b4b0b428d59efbb527b19360a678b632842fe3fcfb2c30f9"
+checksum = "2504c9edd7ca7a1cfe637296dc0d263ce1e9975c4ec43f3652616ebce9d1df1c"
 dependencies = [
  "snmalloc-sys",
 ]
 
 [[package]]
 name = "snmalloc-sys"
-version = "0.3.5"
+version = "0.3.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0761b83013b42a16bab6c3bd5a68e80b1a54f7af9e68e40f00e017489821e8fa"
+checksum = "8d448599db5c3263b35d67ab26a2399e74ca0265211f5f5dd4cb9f4c3ccada6a"
 dependencies = [
  "cmake",
 ]
@@ -3809,20 +3809,22 @@ checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
 
 [[package]]
 name = "tun2"
-version = "1.3.1"
+version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5af6b725dd317dd689d1e37f559e70cfbe6e87effdaf5f62c80d919bfc9eda95"
+checksum = "27292e82cd2fdfe35a1cdffd2936f213d1a1f2abcb5115ba2ba465681a3c9cdf"
 dependencies = [
  "bytes",
  "cfg-if",
  "futures-core",
  "ipnet",
  "libc",
+ "libloading",
  "log",
  "nix",
  "thiserror",
  "tokio",
  "tokio-util",
+ "windows-sys 0.52.0",
  "wintun",
 ]
 
diff --git a/Cargo.toml b/Cargo.toml
index a7fb48c33a72..61773b69a2ac 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "shadowsocks-rust"
-version = "1.19.4"
+version = "1.20.0"
 authors = ["Shadowsocks Contributors"]
 description = "shadowsocks is a fast tunnel proxy that helps you bypass firewalls."
 repository = "https://github.com/shadowsocks/shadowsocks-rust"
@@ -248,7 +248,7 @@ jemallocator = { version = "0.5", optional = true }
 snmalloc-rs = { version = "0.3", optional = true }
 rpmalloc = { version = "0.2", optional = true }
 
-shadowsocks-service = { version = "1.19.4", path = "./crates/shadowsocks-service" }
+shadowsocks-service = { version = "1.20.0", path = "./crates/shadowsocks-service" }
 
 windows-service = { version = "0.7", optional = true }
 
diff --git a/crates/shadowsocks-service/Cargo.toml b/crates/shadowsocks-service/Cargo.toml
index 74fcfd851859..df2489a7af21 100644
--- a/crates/shadowsocks-service/Cargo.toml
+++ b/crates/shadowsocks-service/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "shadowsocks-service"
-version = "1.19.4"
+version = "1.20.0"
 authors = ["Shadowsocks Contributors"]
 description = "shadowsocks is a fast tunnel proxy that helps you bypass firewalls."
 repository = "https://github.com/shadowsocks/shadowsocks-rust"
@@ -181,7 +181,7 @@ flate2 = { version = "1.0", optional = true }
 brotli = { version = "6.0", optional = true }
 zstd = { version = "0.13", optional = true }
 
-tun2 = { version = "1", optional = true, features = ["async"] }
+tun2 = { version = "2", optional = true, features = ["async"] }
 etherparse = { version = "0.15", optional = true }
 smoltcp = { version = "0.11", optional = true, default-features = false, features = [
     "std",
@@ -198,7 +198,7 @@ serde = { version = "1.0", features = ["derive"] }
 json5 = "0.4"
 bson = { version = "2.10.0", optional = true }
 
-shadowsocks = { version = "1.19.0", path = "../shadowsocks", default-features = false }
+shadowsocks = { version = "1.20.0", path = "../shadowsocks", default-features = false }
 
 # Just for the ioctl call macro
 [target.'cfg(any(target_os = "macos", target_os = "ios", target_os = "freebsd"))'.dependencies]
diff --git a/crates/shadowsocks/Cargo.toml b/crates/shadowsocks/Cargo.toml
index 736a4c63e476..45df2fd9eebf 100644
--- a/crates/shadowsocks/Cargo.toml
+++ b/crates/shadowsocks/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "shadowsocks"
-version = "1.19.1"
+version = "1.20.0"
 authors = ["Shadowsocks Contributors"]
 description = "shadowsocks is a fast tunnel proxy that helps you bypass firewalls."
 repository = "https://github.com/shadowsocks/shadowsocks-rust"
diff --git a/crates/shadowsocks/src/config.rs b/crates/shadowsocks/src/config.rs
index 1c2ea525dcfb..27437372b5de 100644
--- a/crates/shadowsocks/src/config.rs
+++ b/crates/shadowsocks/src/config.rs
@@ -405,6 +405,13 @@ where
 {
     let password = password.into();
 
+    if method == CipherKind::SS_TABLE {
+        // TABLE cipher doesn't need key derivation.
+        // Reference implemenation: shadowsocks-libev, shadowsocks (Python)
+        let enc_key = password.clone().into_bytes().into_boxed_slice();
+        return (password, enc_key, Vec::new());
+    }
+
     #[cfg(feature = "aead-cipher-2022")]
     if method_support_eih(method) {
         // Extensible Identity Headers
diff --git a/debian/changelog b/debian/changelog
index f535a66cefe5..fbde21d98853 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+shadowsocks-rust (1.20.0) unstable; urgency=medium
+
+  ## Breaking Changes
+
+  - #887 shadowsocks stream cipher (`TABLE`) doesn't need to make a derived key instead of using user's predefined key directly. This change will make shadowsocks-rust not going to be compatible with its older version. Users who are using `TABLE` cipher should upgrade all your local and server instances to the latest version of shadowsocks-rust. On the other hand, `TABLE` cipher is marked deprecated because it is vulnerable, users **must** migrate to other more secured methods immediately.
+
 shadowsocks-rust (1.19.4) unstable; urgency=medium
 
   ## Features

From bc8cfeeda79cf90abb032b7306abe7582ee7eb45 Mon Sep 17 00:00:00 2001
From: zonyitoo <zonyitoo@gmail.com>
Date: Fri, 14 Jun 2024 23:27:20 +0800
Subject: [PATCH 4/4] fix: TABLE is only enabled for feature="stream-cipher"

---
 crates/shadowsocks/src/config.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crates/shadowsocks/src/config.rs b/crates/shadowsocks/src/config.rs
index 27437372b5de..405c01b0a470 100644
--- a/crates/shadowsocks/src/config.rs
+++ b/crates/shadowsocks/src/config.rs
@@ -405,6 +405,7 @@ where
 {
     let password = password.into();
 
+    #[cfg(feature = "stream-cipher")]
     if method == CipherKind::SS_TABLE {
         // TABLE cipher doesn't need key derivation.
         // Reference implemenation: shadowsocks-libev, shadowsocks (Python)