Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

shadowsocks-libev: added support for ACL #20647

Closed
wants to merge 1 commit into from
Closed

shadowsocks-libev: added support for ACL #20647

wants to merge 1 commit into from

Conversation

fertkir
Copy link
Contributor

@fertkir fertkir commented Mar 11, 2023
edited

Added ability to pass an Access Control List (--acl param) to forbid access to specified IP addresses

Maintainer: @yousong
Compile tested: didn't compile, since this is only an init-file change
Run tested: MediaTek MT7628AN ver:1 eco:2, TP-Link TL-WR841N v13, OpenWrt 22.03.3 r20028-43d71ad93e

@fertkir
Copy link
Contributor Author

fertkir commented Mar 23, 2023

@yousong, please review

yousong
yousong reviewed Apr 19, 2023
View reviewed changes
net/shadowsocks-libev/files/shadowsocks-libev.init Outdated
@@ -307,7 +308,8 @@ validate_ss_server_section() {
'local_address:ipaddr' \
'local_ipv4_address:ip4addr' \
'local_ipv6_address:ip6addr' \
'bind_address:ipaddr'
'bind_address:ipaddr' \
'acl:string'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the value supposed to be a path to the acl file? Consider using something like dst_ips_bypass_file:file

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My guess is that the option should be set at the client side. That is validate_common_client_options_, right?

Copy link
Contributor Author

@fertkir fertkir Apr 21, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the value supposed to be a path to the acl file? Consider using something like dst_ips_bypass_file:file

Changed the type from string to file

My guess is that the option should be set at the client side. That is validate_common_client_options_, right?

According to docs, ACL is only available in local and server mode. At least I use it for ssserver. So added to validate_ss_server_section and validate_ss_local_section.

@yousong yousong self-assigned this Apr 19, 2023
@yousong
Copy link
Member

yousong commented Apr 19, 2023

Please also increment PKG_RELEASE variable for the package Makefile.

If you are also a user of luci-app-shadowsocks-libev, please consider adding support for this newly-added field there.
Maybe following the example of dst_ips_bypass_file , but for client instances. This is optional and will not block merging of this pull request here.

@fertkir
Copy link
Contributor Author

fertkir commented Apr 21, 2023
edited

PKG_RELEASE incremented.
Pull-request for Luci: openwrt/luci#6354

@fertkir fertkir closed this Apr 21, 2023
@fertkir
shadowsocks-libev: ACL support
c9d4437 
Signed-off-by: Kirill Fertikov <kirill.fertikov@gmail.com>
@fertkir fertkir reopened this Apr 21, 2023
yousong pushed a commit that referenced this pull request Apr 23, 2023
@fertkir @yousong
shadowsocks-libev: ACL support
d1ad585 
Link: #20647
Signed-off-by: Kirill Fertikov <kirill.fertikov@gmail.com>
[indentation fix]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
@yousong
Copy link
Member

yousong commented Apr 23, 2023

Hi @fertkir , The change was just applied after an indention fix. Thank you!

@yousong yousong closed this Apr 23, 2023
qxwd1123 pushed a commit to qxwd1123/packages that referenced this pull request May 7, 2023
@fertkir
shadowsocks-libev: ACL support
08e8afe 
Link: openwrt/packages#20647
Signed-off-by: Kirill Fertikov <kirill.fertikov@gmail.com>
[indentation fix]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This was referenced Oct 9, 2023
Closed
Closed
BKPepe pushed a commit that referenced this pull request Oct 23, 2023
@fertkir @BKPepe
shadowsocks-libev: ACL support
8396f6a 
Link: #20647
Signed-off-by: Kirill Fertikov <kirill.fertikov@gmail.com>
[indentation fix]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit d1ad585)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yousong yousong yousong left review comments

Assignees

@yousong yousong

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@fertkir @yousong