Dokumentasi Shadowsocks
pandhu arah
Format Konfigurasi Shadowsocks
File Konfigurasi
Shadowsocks njupuk konfigurasi format JSON:
{
"server":"my_server_ip",
"Server_port": 8388,
"port_lokal": 1080,
"sandi":"barfoo!",
"metode":"chacha20-ietf-poly1305"
}
Format JSON
- server: jeneng host utawa IP server sampeyan (IPv4/IPv6).
- server_port: nomer port server.
- local_port: nomer port lokal.
- sandi: sandi digunakake kanggo encrypt transfer.
- metode: metode enkripsi.
Metode Enkripsi
Kita ngatur server lan menehi saran supaya sampeyan nggunakake cipher chacha20-ietf-poly1305 AEAD amarga iku cara enkripsi sing paling kuat.
Yen ngatur server shadowsocks dhewe, sampeyan bisa milih saka "chacha20-ietf-poly1305" utawa "aes-256-gcm".
URI & QR Code
Shadowsocks kanggo Android / IOS uga njupuk konfigurasi format URI sing dienkode BASE64:
ss://BASE64-ENCODED-STRING-TANPA-PADDING#TAG
URI kosong kudu: ss: // method: password@hostname: port
URI ing ndhuwur ora ngetutake RFC3986. Tembung sandhi ing kasus iki kudu teks biasa, ora persen-enkode.
Conto: Kita nggunakake server ing 192.168.100.1:8888 nggunakake bf-cfb cara enkripsi lan sandhi tes/!@#:.
Banjur, kanthi URI kosong ss://bf-cfb:test/!@#:@192.168.100.1:8888, kita bisa ngasilake URI sing dienkode BASE64:
> console.log( “ss://” + btoa(“bf-cfb:test/!@#:@192.168.100.1:8888”) )
ss://YmYtY2ZiOnRlc3QvIUAjOkAxOTIuMTY4LjEwMC4xOjg4ODg
Kanggo mbantu ngatur lan ngenali URI kasebut, sampeyan bisa nambah tag sawise string sing dienkode BASE64:
ss://YmYtY2ZiOnRlc3QvIUAjOkAxOTIuMTY4LjEwMC4xOjg4ODg#example-server
Ngatasi
Shadowsocks nggunakake alamat sing ditemokake ing format alamat SOCKS5:
[1-byte type][variabel-length host][2-byte port]
Ing ngisor iki jinis alamat sing ditetepake:
- 0x01 : host minangka alamat IPv4 4-bait.
- 0x03 : host minangka string dawa variabel, diwiwiti kanthi dawa 1-byte, banjur jeneng domain maksimal 255-byte.
- 0x04 : host minangka alamat IPv16 6-bait.
Nomer port minangka integer unsigned 2-byte big-endian.
TCP
Klien ss-lokal miwiti sambungan menyang ss-remote kanthi ngirim data sing dienkripsi diwiwiti karo alamat target sing diikuti karo data muatan. Enkripsi bakal beda-beda gumantung saka cipher sing digunakake.
[alamat target] [payload]
Ss-remote nampa data sing dienkripsi, banjur dekripsi lan ngurai alamat target. Banjur nggawe sambungan TCP anyar menyang target lan nerusake data muatan kasebut. ss-remote nampa balesan saka target banjur encrypts data lan nerusake bali menyang ss-local nganti pedhot.
Kanggo tujuan obfuscation, lokal lan remot ngirim data jabat tangan karo sawetara payload ing paket pisanan.
UDP
ss-local ngirim paket data sing dienkripsi sing ngemot alamat target lan muatan menyang ss-remote.
[alamat target] [payload]
Sawise paket ndhelik ditampa, ss-remote decrypts lan parses alamat target. Banjur ngirim paket data anyar kanthi muatan menyang target. ss-remote nampa paket data saka target lan prepends alamat target kanggo payload ing saben paket. Salinan sing dienkripsi dikirim bali menyang ss-local.
[alamat target] [payload]
Proses iki bisa digodhog menyang ss-remote nindakake terjemahan alamat jaringan kanggo ss-local.