ss-manager [-AuUv] [-h|--help] [-s <server_host>] [-p <server_port>] [-l <local_port>] [-k <password>] [-m <encrypt_method>] [-f <pid_file>] [-t <timeout>] [-c <config_file>] [-i <interface>] [-b <local_addr>] [-a <user_name>] [--manager-address <path_to_unix_domain>] [--executable <path_to_server_executable>]
Shadowsocks-libev is a lightweight and secure socks5 proxy. It is a port of the original shadowsocks created by clowwindy. Shadowsocks-libev is written in pure C and takes advantage of libev to achieve both high performance and low resource consumption.
Shadowsocks-libev consists of five components.
ss-manager
(1) is a controller for multi-user management and
traffic statistics, using UNIX domain socket to talk with ss-server
(1).
Also, it provides a UNIX domain socket or IP based API for other software.
About the details of this API, please refer to the following PROTOCOL
section.
- -s <server_host>
-
Set the server’s hostname or IP.
- -k <password>
-
Set the password. The server and the client should use the same password.
- -m <encrypt_method>
-
Set the cipher.
Shadowsocks-libev accepts 21 different ciphers:
table, rc4, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb, camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, cast5-cfb, des-cfb, idea-cfb, rc2-cfb, seed-cfb, salsa20, chacha20 and chacha20-ietf.
The default cipher is rc4-md5.
If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may not work.
- -a <user_name>
-
Run as a specific user.
- -f <pid_file>
-
Start shadowsocks as a daemon with specific pid file.
- -t <timeout>
-
Set the socket timeout in seconds. The default value is 60.
- -c <config_file>
-
Use a configuration file.
- -i <interface>
-
Send traffic through specific network interface.
For example, there are three interfaces in your device, which is lo (127.0.0.1), eth0 (192.168.0.1) and eth1 (192.168.0.2). Meanwhile, you configure
ss-local
to listen on 0.0.0.0:8388 and bind to eth1. That results the traffic go out through eth1, but not lo nor eth0. This option is useful to control traffic in multi-interface environment. - -u
-
Enable UDP relay.
- -U
-
Enable UDP relay and disable TCP relay.
- -A
-
Enable onetime authentication.
- -d <addr>
-
Setup name servers for internal DNS resolver (libudns). The default server is fetched from
/etc/resolv.conf
. - --fast-open
-
Enable TCP fast open.
Only available with Linux kernel > 3.7.0.
- --acl <acl_config>
-
Enable ACL (Access Control List) and specify config file.
- --manager-address <path_to_unix_domain>
-
Specify UNIX domain socket address for the communication between ss-manager(1) and ss-server(1).
Only available in server and manager mode.
- --executable <path_to_server_executable>
-
Specify the executable path of ss-server.
Only available in manager mode.
- -v
-
Enable verbose mode.
- -h|--help
-
Print help message.
ss-manager
(1) provides several APIs through UDP protocol:
- Send UDP commands in the following format to the manager-address provided to ss-manager(1):
-
command: [JSON data]
- To add a port:
-
add: {"server_port": 8001, "password":"7cd308cc059"}
- To remove a port:
-
remove: {"server_port": 8001}
- To receive a pong:
-
ping
- Then
ss-manager
(1) will send back the traffic statistics: -
stat: {"8001":11370}
To use ss-manager
(1), First start it and specify necessary information.
Then communicate with ss-manager
(1) through UNIX Domain Socket using UDP
protocol:
# Start the manager. Arguments for ss-server will be passed to generated # ss-server process(es) respectively. ss-manager --manager-address /tmp/manager.sock --executable $(which ss-server) -s example.com -m aes-256-cfb -c /path/to/config.json # Connect to the socket. Using netcat-openbsd as an example. # You should use scripts or other programs for further management. nc -Uu /tmp/manager.sock
After that, you may communicate with ss-manager
(1) as described above in the
PROTOCOL section.