A Pull Request #26
Open
A Pull Request #26
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
After five years, memory footprint is not a problem for most of low-end boxes and high-end routers now. It should also improve the speed on loopback and high-speed LAN networks.
remove -u arguments by default
* change from bzero(3) to memset(3) for better compatibility. * cleanup
Make ss-local(1) more verbose in verbose mode
Add echo for stat API
Change from network.target to network-online.target in systemd service files.
…" fail." This reverts commit ca4caab.
The change is to support the 'fail2ban' feature. Instead of
blocking IPs by server itself, server just add malicious IPs
to specified sets of nftables. So admin can configure rules
to deal with those IPs.
Notes: cap_net_admin capability is required.
Example configuration:
# nft add table ip fail2ban
# nft add chain ip fail2ban input { type filter hook input priority 0 \; }
# nft add set ip fail2ban badips { type ipv4_addr \; flags dynamic, timeout \; timeout 1h \; }
# nft add rule ip fail2ban input ip saddr @badips drop
# ss-server -c config.json --nftables-sets badips
This confused me, and looking at the issues, it has confused other people as well. [1](#2758) I'm not sure if we can automate it though, e.g. in `autogen.sh`. Because some people might want to build with a modified version of the libraries. Perhaps we could automatically fetch the submodules IF we see they are empty... Anyway, for now, we can at least document this step.
Set {listen,server}_sock to -1 when needed as already done in
src/manager.c by commit ecf1fcc to
avoid the following build failure:
local.c: In function 'create_and_bind':
local.c:218:12: error: 'listen_sock' may be used uninitialized in this function [-Werror=maybe-uninitialized]
218 | return listen_sock;
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/27471a878ff52a972ac087d534e44fb0c50808f6
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Mainlined MPTCP on Linux 5.6+ is enabled with IPPROTO_MPTCP rather than setsockopt.
Update the PKGBUILD url.
ref shadowsocks/shadowsocks-rust#855 When receiving UDP packets from remote servers, Redir will have to create transparent sockets to bind() on those target addresses and then relay data back to the local client. Target addresses may be IPv4 or IPv6 addresses, so we may have to create that transprent sockets based on the target addresses' family. The most simpliest and easiest way is to always create IPv6 sockets and converts IPv4 binding addresses and peer addresses to IPv4-mapped-IPv6.
221: You should jump this section and install them from distribution repository instead. -> You should jump to this section and install them from the distribution repository instead. FIX #7
README.md translated to Brazilian Portuguese
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
hi, all
I'd like to pull code from this git, it has been a very long time since I last update my ss.
KMI & THX.