v1.10.6

It is recommended all users since v1.9.0 to upgrade to this release.

Features

• shadowsocks/shadowsocks-crypto#8 Support non-standard AEAD ciphers with crypto2, could be enabled by feature aead-cipher-extra
  • aes-128-ccm, aes-256-ccm
  • aes-128-gcm-siv, aes-256-gcm-siv
  • aes-128-ocb-taglen128, aes-192-ocb-taglen128, aes-256-ocb-taglen128
  • aes-siv-cmac-256, aes-siv-cmac-384, aes-siv-cmac-512
  • xchacha20-ietf-poly1305

Bug Fixes

• shadowsocks/shadowsocks-android#2705 MD5 algorithm bug causes KDF (Key Derived Function) produces wrong key when LEN(password) % 64 in [50, 64)

v1.10.5

It is recommended all users since v1.9.0 to upgrade to this release.

BUG Fixed

• ProxyClientStream should keep the concatenated first packet buffer alive before asynchronous write() finishes

v1.10.4

Fixed BUG

• ProxyClientStream::poll_write may lose the Address in the packet to be sent if socket returns EAGAIN

Features

• Support protocol in basic configuration format

v1.10.3

BUG Fixed

• #472 Fixed SO_INCOMING_CPU when building on some Linux targets. rust-lang/socket2#213

v1.10.2

BUG Fixed

• mode in basic configuration format doesn't work for local instance

v1.10.1

BUG Fixed

• #469 Compilation error on Android

Miscellaneous

• sslocal checks new local instance's parameters dependency
  • --protocol, --forward-addr, ... will require --local-addr to be specified

v1.10.0

Features

• #452 sslocal supports starting multiple instances in the same process
  • Add locals in extended configuration format for specifying multiple local server instances
  • (Android Only) Support unix:// schema in dns configuration
  • Support tcp:// and udp:// in dnsconfiguration for setting DNS protocol. Uses both TCP and UDP if not specified.

SOCKS/HTTP -+            +- Shadowsocks ----------------------------------------+
            |            |                                                      |
     redir -+-- sslocal -+- Shadowsocks ----------------------------------------+- 🌐
            |            |                                                      |
    tunnel -+            +- Shadowsocks ----------------------------------------+

• Support quad9_https predefined DNS servers
• Updated shadowsocks-crypto to v0.2, which Cipher implementation uses enum static dispatch instead of Boxed Trait Object for dynamic dispatch

BUG Fixes

• PingBalancer 2nd check will be sent 10s after 1st initialization check.

Breaking Changes

• sslocal's command line options are now for creating a new local instance:
  • --local-addr, --forward-addr, -U, -u, --protocol, ... will only applied to the local instance specified by --local-addr
• ssserver's command line options are now for creating a new server instance:
  • -U and -u will only applied to the local instance specified by --server-addr

v1.9.2

Features

• #442 Check repeated salt after first successful decryption

BUG Fixes

• Redir: setting SO_REUSEPORT, SO_MARK for UDP send-back sockets

v1.9.1

It is recommended that all v1.9.0 users should update to this version.

BUG Fixes

• #431 UdpSocket::from_std requires sockets to be non-blocked.

Features

• Removed avx from the default CPU features

v1.9.0

Complete refactored the whole implementation and splits into 3 different crates:

• shadowsocks - Core feature of shadowsocks
• shadowsocks-service - Service library for implementing Local Server, Remote Server, Manager Server
• shadowsocks-rust - Binary crate for release

Replaced libsodium and libcrypto with crypto2.

Features

• Support setting SO_MARK, SO_BINDTODEVICE on Linux
• Support setting SO_SNDBUF and SO_RCVBUF for TCP sockets
• Support SIP008 extend server fields server, server_port, remarks
• Local DNS Relay
  • Support sending TCP and UDP queries simutaneously
  • Support connection reusability
• Remove mostly TCP timeout setting for tunnels, connections will only be killed if clients or servers close
• Auto-reload DNS resolver configuration from /etc/resolv.conf on *NIX platforms.
• #379 Allow customizing number of worker-threads for multi-threaded scheduler.
• #401 Support field disabled in extended server configuration
• Ping Balancer
  • Treat timeouts as failures, so requests that receive no response count as failures.
  • Increase check timeout from 2s to 5s to avoid penalties on slow servers.
  • Increase check interval from 6s to 10s.
• --outbound-bind-interface is now supported in both Linux and macOS
• #352 Support customizing inbound and outbound sockets' SO_SNDBUF and SO_RCVBUF by command line options

Library Update

• tokio v1.0
• shadowsocks-crypto, crypto2

Optimization

• UDP Relays sending respond packets directly to UdpSocket instead of channel, which will significantly improve respond latency
• #408 Enable std features for the spin crate to enable yielding threads when spinning on waiting.

BUG Fixes

• For BSD systems, set IPV6_BINDANY and SO_BINDANY on SOL_SOCKET properly
• trust-dns-resolver requires explicit enables feature dns-over-https-rustls for DoH #367
• ACL domain rules should be case insensitive. Domain names are case insensitive.
• shadowsocks/shadowsocks-android#2667 set timeout for protect() call to Android's VpnService

Miscellaneous

• Disable HTTPS outbound connection for local HTTP proxy by default. For most use cases, HTTPS should be proxied with CONNECT method.
• Unified UDP relay association implementation for less duplicated code.
• Deprecated single-threaded build feature, replaced by multi-threaded.
• Disable stream ciphers by default. Could be enabled with feature stream-cipher.
• Enable IPv6 dual stack mode by default when listening on ::.

Releases

Releases are built with ISA that are supported by Modern CPUs, see comments in .cargo/config.toml. If you see any related messages like Illegal Instruction, then you must be running on a very old CPU, so you can:

• Delete .cargo/config.toml and build your own release
  • NOTE: This may lead to no hardware accleration for cryptographic operations
• Change your CPU to some more advanced model