diff options
| -rw-r--r-- | net/shadowsocks-libev/Makefile | 2 | ||||
| -rw-r--r-- | net/shadowsocks-libev/README.md | 2 | ||||
| -rw-r--r-- | net/shadowsocks-libev/files/shadowsocks-libev.init | 4 | ||||
| -rw-r--r-- | net/shadowsocks-libev/files/ss-rules/chain.uc | 4 |
4 files changed, 9 insertions, 3 deletions
diff --git a/net/shadowsocks-libev/Makefile b/net/shadowsocks-libev/Makefile index d5d26f53c..1a76d67fe 100644 --- a/net/shadowsocks-libev/Makefile +++ b/net/shadowsocks-libev/Makefile @@ -14,7 +14,7 @@ include $(TOPDIR)/rules.mk # PKG_NAME:=shadowsocks-libev PKG_VERSION:=3.3.5 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION) diff --git a/net/shadowsocks-libev/README.md b/net/shadowsocks-libev/README.md index 3f57af62e..8e72e7fbf 100644 --- a/net/shadowsocks-libev/README.md +++ b/net/shadowsocks-libev/README.md @@ -75,6 +75,8 @@ ss-rules now uses nft set for storing addresses/networks. Those set names are a Note also that `src_ips_xx` and `dst_ips_xx` actually also accepts cidr network representation. Option names are retained in its current form for backward compatibility coniderations +Extra nftables expressions can be specified with `nft_tcp_extra` and `nft_udp_extra` to apply ss_rules only to selected tcp/udp traffics. E.g. `tcp dport { 80, 443 }`, `udp dport 53`, etc. + # incompatible changes | Commit date | Commit ID | Subject | Comment | diff --git a/net/shadowsocks-libev/files/shadowsocks-libev.init b/net/shadowsocks-libev/files/shadowsocks-libev.init index 0805e4019..be72a9f66 100644 --- a/net/shadowsocks-libev/files/shadowsocks-libev.init +++ b/net/shadowsocks-libev/files/shadowsocks-libev.init @@ -152,6 +152,8 @@ ss_rules() { json_add_string o_dst_bypass_file "$dst_ips_bypass_file" json_add_string o_dst_forward_file "$dst_ips_forward_file" json_add_string o_dst_default "$dst_default" + json_add_string o_nft_tcp_extra "$nft_tcp_extra" + json_add_string o_nft_udp_extra "$nft_udp_extra" json_dump -i >"$tmp.json" if ucode -S -i "$ssrules_uc" -E "$tmp.json" >"$tmp.nft" \ @@ -283,6 +285,8 @@ validate_ss_rules_section() { 'src_default:or("bypass", "forward", "checkdst"):checkdst' \ 'dst_default:or("bypass", "forward"):bypass' \ 'local_default:or("bypass", "forward", "checkdst"):bypass' \ + 'nft_tcp_extra:string' \ + 'nft_udp_extra:string' \ 'ifnames:maxlength(15)' } diff --git a/net/shadowsocks-libev/files/ss-rules/chain.uc b/net/shadowsocks-libev/files/ss-rules/chain.uc index 00362f694..a378e770e 100644 --- a/net/shadowsocks-libev/files/ss-rules/chain.uc +++ b/net/shadowsocks-libev/files/ss-rules/chain.uc @@ -97,7 +97,7 @@ chain ss_rules_dst_{{ proto }} { {% if (proto == "tcp"): %} chain ss_rules_forward_{{ proto }} { - meta l4proto tcp redirect to :{{ redir_port }}; + meta l4proto tcp {{ o_nft_tcp_extra }} redirect to :{{ redir_port }}; } {% let local_verdict = get_local_verdict(); if (local_verdict): %} chain ss_rules_local_out { @@ -112,7 +112,7 @@ chain ss_rules_local_out { {% endif %} {% elif (proto == "udp"): %} chain ss_rules_forward_{{ proto }} { - meta l4proto udp meta mark set 1 tproxy to :{{ redir_port }}; + meta l4proto udp {{ o_nft_udp_extra }} meta mark set 1 tproxy to :{{ redir_port }}; } {% endif %} {% endif %} |