shadowsocks-libev出到3.0了
edit:
如果不想看下面这一大段垃圾伤眼,可以直接去下载lz编译好的http://oglopss.github.io/ctng-ss-jekyll/
同样使用之前弄出来的ct-ng工具链
-
Use crosstool-ng 1.21 toolchain
git clone https://github.com/crosstool-ng/crosstool-ng.git cd crosstool-ng git checkout tags/crosstool-ng-1.21.0 ./bootstrap ./configure make && make install
- compile toolchain
config files gistmkdir -p ~/config cd ~/config # copy my ctng.config as .config # copy uclibc.config as uclibc.config ct-ng build.4
-
clone shadowsock-libev
cd ~/Downloads# 连submodule一起clone下来 git clone --recursive https://github.com/shadowsocks/shadowsocks-libev.git cd shadowsocks-libev git checkout tags/v3.0.5
如果clone的时候没有连带submodule一起,可以
# git >= 1.8.2 git submodule update --recursive --remote # git >= 1.7.3 git submodule update --init --recursive # 如果想把submodule升级到最新,无视repo里的设置 git pull --recurse-submodules
-
把toolchain加到PATH里
export PATH=/home/oglop/x-tools/mipsel-unknown-linux-uclibc/bin:$PATH
- libsodium
cd ~/Downloads/shadowsocks-libev export LIBSODIUM_VER=1.0.11 # 好像这地址挂了 # wget https://download.libsodium.org/libsodium/releases/libsodium-$LIBSODIUM_VER.tar.gz wget --backups=1 https://github.com/jedisct1/libsodium/releases/download/$LIBSODIUM_VER/libsodium-$LIBSODIUM_VER.tar.gz tar xvf libsodium-$LIBSODIUM_VER.tar.gz pushd libsodium-$LIBSODIUM_VER CC=mipsel-unknown-linux-uclibc-gcc CXX=mipsel-unknown-linux-uclibc-g++ AR=mipsel-unknown-linux-uclibc-ar RANLIB=mipsel-unknown-linux-uclibc-ranlib ./configure --prefix=$HOME/Downloads/libsodium-install --host=mipsel-uclibc-linux make make install popd
- mbedTLS
export MBEDTLS_VER=2.4.2 wget https://tls.mbed.org/download/mbedtls-$MBEDTLS_VER-gpl.tgz tar xvf mbedtls-$MBEDTLS_VER-gpl.tgz pushd mbedtls-$MBEDTLS_VER CC=mipsel-unknown-linux-uclibc-gcc CXX=mipsel-unknown-linux-uclibc-g++ AR=mipsel-unknown-linux-uclibc-ar RANLIB=mipsel-unknown-linux-uclibc-ranlib make SHARED=1 CFLAGS=-fPIC make install DESTDIR=$HOME/Downloads/mbedtls-install popd
这里有个问题是如果在make后面不加 SHARED=1 CFLAGS=-fPIC 最后就不会产生对libmbedcrypto.so.0的依赖,但是可执行文件会大一点,因为静态链接进去了大概,但依然会有libev的依赖
- udns
export UDNS_VER=0.4 wget http://www.corpit.ru/mjt/udns/udns-$UDNS_VER.tar.gz tar xvf udns-$UDNS_VER.tar.gz pushd udns-$UDNS_VERCC=mipsel-unknown-linux-uclibc-gcc CXX=mipsel-unknown-linux-uclibc-g++ AR=mipsel-unknown-linux-uclibc-ar RANLIB=mipsel-unknown-linux-uclibc-ranlib ./configure make # 因为作者没在makefile里放install popd
其中conftest过不了,因为是cross compiling,所以去config.lib里做如下修改 跳过conftest
if [ -n "$CC" ]; then - if ac_run $CC -o conftest conftest.c && ac_run ./conftest; then + if ac_run $CC -o conftest conftest.c; then ac_result "\$CC ($CC)" else ac_result no ccld="$cc" if [ -n "$LDFLAGS" ]; then ccld="$ccld $LDFLAGS"; fi if [ -n "$LIBS" ]; then ccld="$ccld $LIBS"; fi - if ac_yesno "whenever the C compiler ($ccld) - can produce executables" \ - ac_compile_run <<EOF -int main() { return 0; } -EOF - then : - else - ac_fatal "no working C compiler found" - fi
- pcre
export PCRE_VER=8.40 wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-$PCRE_VER.tar.gz tar xvf pcre-$PCRE_VER.tar.gz cd pcre-$PCRE_VERCC=mipsel-unknown-linux-uclibc-gcc CXX=mipsel-unknown-linux-uclibc-g++ AR=mipsel-unknown-linux-uclibc-ar RANLIB=mipsel-unknown-linux-uclibc-ranlib ./configure --host=mipsel-uclibc-linux --prefix=$HOME/Downloads/pcre-install make make install
- libev
git clone https://github.com/enki/libev.git cd libev CPPFLAGS=-I$HOME/Downloads/udns-0.4 LDFLAGS=-L$HOME/Downloads/udns-0.4 CC=mipsel-unknown-linux-uclibc-gcc CXX=mipsel-unknown-linux-uclibc-g++ AR=mipsel-unknown-linux-uclibc-ar RANLIB=mipsel-unknown-linux-uclibc-ranlib ./configure --prefix=$HOME/Downloads/libev-install --host=mipsel-uclibc-linux make make install
- shadowsocks-libev
因为configure没有给libev和udns的配置参数,所以放在CPPFLAGS和LDFLAGS里了./autogen.shCPPFLAGS="-I$HOME/Downloads/udns-0.4 -I$HOME/Downloads/libev-install/include" LDFLAGS="-Wl,-rpath,/jffs/lib -L$HOME/Downloads/udns-0.4 -L$HOME/Downloads/libev-install/lib" CC=mipsel-unknown-linux-uclibc-gcc CXX=mipsel-unknown-linux-uclibc-g++ AR=mipsel-unknown-linux-uclibc-ar RANLIB=mipsel-unknown-linux-uclibc-ranlib ./configure --disable-ssp --prefix=$HOME/ss-install --with-pcre=$HOME/Downloads/pcre-install --with-sodium=$HOME/Downloads/libsodium-install --with-mbedtls=$HOME/Downloads/mbedtls-install --disable-documentation --host=mipsel-uclibc-linux make make install
注意上面lz把 /opt/lib 放在了 rpath的最前面,这是为了让装有entware的路由器找到 libcrypto.so里的MD5 symbol, 以及libev.solz把/jffs/lib加到了rpath里面,原因见下文lz试过
-Wl,-z,origin -Wl,-rpath,\$\$ORIGIN':/lib:/usr/lib
不过似乎没效果,也许是v138里的uclibc不支持rpath里用$ORIGIN, 那就还是自己用tomatoedit把.so文件放进/usr/lib吧
-
然后在$HOME/ss-install下可以见到编译出来的成果,把他们strip小一点然后upx压缩一下
# 不要压./ss-nat因为他是个shell script find . ! -path './ss-nat' -type f | xargs mipsel-unknown-linux-uclibc-strip# upx 一下 find . ! -path './ss-nat' -type f | xargs ~/Downloads/upx-3.91-amd64_linux/upx Ultimate Packer for eXecutables Copyright (C) 1996 - 2013 UPX 3.91 Markus Oberhumer, Laszlo Molnar & John Reiser Sep 30th 2013 File size Ratio Format Name -------------------- ------ ----------- ----------- 172376 -> 64116 37.20% linux/mipsel ss-local 150008 -> 56140 37.42% linux/mipsel ss-tunnel 212296 -> 78252 36.86% linux/mipsel ss-server 91372 -> 37552 41.10% linux/mipsel ss-manager 158488 -> 58948 37.19% linux/mipsel ss-redir -------------------- ------ ----------- ----------- 784540 -> 295008 37.60% [ 5 files ]
压缩之前
$ ll --block-size=K total 2916K -rwxr-xr-x. 1 oglop oglop 663K Feb 16 00:57 ss-local -rwxr-xr-x. 1 oglop oglop 339K Feb 16 00:57 ss-manager -rwxr-xr-x. 1 oglop oglop 6K Feb 16 00:57 ss-nat -rwxr-xr-x. 1 oglop oglop 594K Feb 16 00:57 ss-redir -rwxr-xr-x. 1 oglop oglop 737K Feb 16 00:57 ss-server -rwxr-xr-x. 1 oglop oglop 567K Feb 16 00:57 ss-tunnel
压缩之后
$ ll --block-size=K total 308K -rwxr-xr-x. 1 oglop oglop 63K Feb 16 00:58 ss-local -rwxr-xr-x. 1 oglop oglop 37K Feb 16 00:58 ss-manager -rwxr-xr-x. 1 oglop oglop 6K Feb 16 00:57 ss-nat -rwxr-xr-x. 1 oglop oglop 58K Feb 16 00:58 ss-redir -rwxr-xr-x. 1 oglop oglop 77K Feb 16 00:58 ss-server -rwxr-xr-x. 1 oglop oglop 55K Feb 16 00:58 ss-tunnel
- 拷到路由器上测试一下,lz的路由器是tomato shibby AIO v138,插了优盘,装了entware的
root@unknown:/jffs/ss# ldd ./ss-server libev.so.4 => /jffs/lib/libev.so.4 (0x2aac1000) libm.so.0 => /lib/libm.so.0 (0x2aae1000) libsodium.so.18 => /usr/lib/libsodium.so.18 (0x2aaf8000) libmbedcrypto.so.0 => /jffs/lib/libmbedcrypto.so.0 (0x2ab56000) libpcre.so.1 => /usr/lib/libpcre.so.1 (0x2abf0000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x2ac3c000) libpthread.so.0 => /lib/libpthread.so.0 (0x2ac5b000) libc.so.0 => /lib/libc.so.0 (0x2ac7e000) ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x2aaa8000)
由此看来,默认情况下AIO已经带了大部分需要的lib,(entware的都在/opt/lib下),
还少一个libev,少libev和libmbedcrypto, 如果你在 configure ss的时候没加-Wl,-rpath,/jffs/lib 就会找不到libev和libmbedcrypto,此时你要么用tomatoedit把这个so加到固件里,然后重刷,要么可以试试用rpath修改可执行文件的rpath路径因为lz的路由器有usb口可以插优盘,而且lz装有entware,所以lz的libev是用opkg install libev直接从repo里装的,省去了一些麻烦.
root@unknown:/tmp/home/root# opkg install libev Installing libev (4.20-1) to root... Downloading http://entware.wl500g.info/binaries/mipselsf/libev_4.20-1_mipselsf.ipk. Configuring libev.
edit:
经过尝试把 /opt/lib 加到 rpath里似乎不行,对于>=2.6.3的ss来说,会找不到某个symbol,所以还是需要把编译libev时产生的.so嵌入到/usr/lib下,或者可以试试自定义个路径加到/etc/ld.so.conf里,然后保存进nvram,或者加个/etc/ld.so.conf.d/ss.conf,如果不想重刷路由器的话最后…
root@unknown:/tmp/home/root# ./ss-server -h shadowsocks-libev 3.0.5 maintained by Max Lv <max.c.lv@gmail.com> and Linus Yang <laokongzi@gmail.com> usage: ss-server -s <server_host> Host name or IP address of your remote server. -p <server_port> Port number of your remote server. -l <local_port> Port number of your local server. -k <password> Password of your remote server. -m <encrypt_method> Encrypt method: rc4-md5, aes-128-gcm, aes-192-gcm, aes-256-gcm, aes-128-cfb, aes-192-cfb, aes-256-cfb, aes-128-ctr, aes-192-ctr, aes-256-ctr, camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, bf-cfb, chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf. The default cipher is rc4-md5. [-a <user>] Run as another user. [-f <pid_file>] The file path to store pid. [-t <timeout>] Socket timeout in seconds. [-c <config_file>] The path to config file. [-n <number>] Max number of open files. [-i <interface>] Network interface to bind. [-b <local_address>] Local address to bind. [-u] Enable UDP relay. [-U] Enable UDP relay and disable TCP relay. [-6] Resovle hostname to IPv6 address first. [-d <addr>] Name servers for internal DNS resolver. [--reuse-port] Enable port reuse. [--fast-open] Enable TCP fast open. with Linux kernel > 3.7.0. [--acl <acl_file>] Path to ACL (Access Control List). [--manager-address <addr>] UNIX domain socket address. [--mtu <MTU>] MTU of your network interface. [--mptcp] Enable Multipath TCP on MPTCP Kernel. [--key <key_in_base64>] Key of your remote server. [--plugin <name>] Enable SIP003 plugin. (Experimental) [--plugin-opts <options>] Set SIP003 plugin options. (Experimental) [-v] Verbose mode. [-h, --help] Print this message.
- compile simple-obfs
git clone https://github.com/shadowsocks/simple-obfs cd simple-obfs git checkout tags/v0.0.3 git submodule init && git submodule updateLDFLAGS="-Wl,-rpath,/jffs/lib -L$HOME/Downloads/libsodium-install/lib -L$HOME/Downloads/udns-$UDNS_VER -L$HOME/Downloads/libev-install/lib" CFLAGS="-I$HOME/Downloads/libsodium-install/include -I$HOME/Downloads/udns-$UDNS_VER -I$HOME/Downloads/libev-install/include" CC=mipsel-unknown-linux-uclibc-gcc CXX=mipsel-unknown-linux-uclibc-g++ AR=mipsel-unknown-linux-uclibc-ar RANLIB=mipsel-unknown-linux-uclibc-ranlib ./configure --host=mipsel-uclibc-linux --prefix=$HOME/Downloads/obfs-install --disable-ssp --disable-documentation make && make install
obfs
root@unknown:/jffs/ss# ./obfs-server -h simple-obfs 0.0.3 maintained by Max Lv <max.c.lv@gmail.com> usage: obfs-server -s <server_host> Host name or IP address of your remote server. -p <server_port> Port number of your remote server. -l <local_port> Port number of your local server. -r <addr>:<port> Forward traffic to this remote server address. --obfs <http|tls> Enable obfuscating: HTTP or TLS (Experimental). [-a <user>] Run as another user. [-f <pid_file>] The file path to store pid. [-t <timeout>] Socket timeout in seconds. [-c <config_file>] The path to config file. [-n <number>] Max number of open files. [-b <local_address>] Local address to bind. [-6] Resovle hostname to IPv6 address first. [-d <addr>] Name servers for internal DNS resolver. [--fast-open] Enable TCP fast open. with Linux kernel > 3.7.0. [--mptcp] Enable Multipath TCP on MPTCP Kernel. [-v] Verbose mode. [-h, --help] Print this message. root@unknown:/jffs/ss# ./obfs-local -h simple-obfs 0.0.3 maintained by Max Lv <max.c.lv@gmail.com> usage: obfs-local -s <server_host> Host name or IP address of your remote server. -p <server_port> Port number of your remote server. -l <local_port> Port number of your local server. --obfs <http|tls> Enable obfuscating: HTTP or TLS (Experimental). --obfs-host <host_name> Hostname for obfuscating (Experimental). [-a <user>] Run as another user. [-f <pid_file>] The file path to store pid. [-t <timeout>] Socket timeout in seconds. [-c <config_file>] The path to config file. [-n <number>] Max number of open files. [-b <local_address>] Local address to bind. [--fast-open] Enable TCP fast open. with Linux kernel > 3.7.0. [--mptcp] Enable Multipath TCP on MPTCP Kernel. [-v] Verbose mode. [-h, --help] Print this message.
ps:
在travis ci上compile mbedtls的时候遇到奇怪的问题
# 如果使用下面的命令, 在笔记本上一切正常 CC=mipsel-unknown-linux-uclibc-gcc CXX=mipsel-unknown-linux-uclibc-g++ AR=mipsel-unknown-linux-uclibc-ar RANLIB=mipsel-unknown-linux-uclibc-ranlib make SHARED=1 CFLAGS=-fPIC 总是提示没有看到-fPIC参数 /home/travis/x-tools/mipsel-unknown-linux-uclibc/lib/gcc/mipsel-unknown-linux-uclibc/5.2.0/../../../../mipsel-unknown-linux-uclibc/bin/ld: aes.o: relocation R_MIPS_HI16 against `a local symbol' can not be used when making a shared object; recompile with -fPIC aes.o: could not read symbols: Bad value collect2: error: ld returned 1 exit status make[1]: *** [libmbedcrypto.so.0] Error 1 make: *** [lib] Error 2 # 必须改成这样才行 CC="mipsel-unknown-linux-uclibc-gcc -fPIC" CXX="mipsel-unknown-linux-uclibc-g++ -fPIC" AR=mipsel-unknown-linux-uclibc-ar RANLIB=mipsel-unknown-linux-uclibc-ranlib make SHARED=1
如果mbedtls不编译成动态的(不加SHARED=1 CFLAGS=-fPIC ),编译出来的可执行文件会大一些,但是同时也少了一个依赖,不过lz还是希望可执行文件小一点,所以文末提供的下载是上面所示的更小的版本
total 532K -rwxr-xr-x 1 travis travis 119K Feb 17 08:21 ss-local -rwxr-xr-x 1 travis travis 37K Feb 17 08:21 ss-manager -rwxr-xr-x 1 travis travis 6K Feb 17 08:21 ss-nat -rwxr-xr-x 1 travis travis 114K Feb 17 08:21 ss-redir -rwxr-xr-x 1 travis travis 133K Feb 17 08:21 ss-server -rwxr-xr-x 1 travis travis 112K Feb 17 08:21 ss-tunnel
文件下载:
http://oglopss.github.io/ctng-ss-jekyll/
需要注意的是对于>=2.6.3的版本,会有如上ldd结果显示的依赖,所以还需要将两个.so文件放入/jffs/lib或者用tomatoedit加入固件中
ps:
目前ss-server >=2.6.3的版本在tomato shibby v138上 会有如下错误,无法正常使用
root@unknown:/jffs/ss# gdb -ex run --args /jffs/ss/ss-servre -c /jffs/ss/ss-server-config.json -u -v 2017-03-11 08:10:02 INFO: UDP relay enabled 2017-03-11 08:10:02 INFO: initializing ciphers... aes-256-cfb 2017-03-11 08:10:02 INFO: tcp server listening at 0.0.0.0:18388 2017-03-11 08:10:02 INFO: udp server listening at 0.0.0.0:18388 2017-03-11 08:10:02 INFO: running from root user 2017-03-11 08:10:08 INFO: accept a connection Bus error Program received signal SIGSEGV, Segmentation fault. 0x0041b88c in cork_error_set_printf () (gdb) bt #0 0x0041b88c in cork_error_set_printf () #1 0x0041c7d0 in cork_ip_init () #2 0x004112e8 in server_recv_cb () at server.c:795 #3 0x2aac2a70 in ev_invoke_pending () from /jffs/lib/libev.so.4 #4 0x2aac6818 in ev_run () from /jffs/lib/libev.so.4 #5 0x00413044 in main () at server.c:1890
For higher version of crosstool-ng, the following patch maybe needed for libev
sed -i "/#define HAVE_EVENTFD 1/s/^/\/\/ /" ./config.h # sed -i "s/epoll_create1/epoll_create/g" ./ev_epoll.c
and for libcork, force disable tls
sed -i -e 's/\(#define CORK_CONFIG_HAVE_THREAD_STORAGE_CLASS \)1/\10/' ./libcork/include/libcork/config/gcc.h
perp
root@unknown:/jffs/ss# perpls [+ +++ +++] ss uptime: 18s/18s pids: 11703/11701 [+ +++ +++] ss-server uptime: 14s/14s pids: 11707/11706
参考:
compile udns-0.0.9 on an MIPSEL-architecture
How To Automatically Skip Wget SSL Certificate Check
Easy way pull latest of all submodules
rpath=$ORIGIN not having desired effect?
Building Portable Binaries – Attempting to self-contain application dependencies
Recompile with -fPIC option, but the option is already in the makefile
谢谢编译. 用tomatoedit塞进所需要的lib.
tomato-K26-1.28.RT-N5x-MIPSR2-138-Max-cht-0807_SS.trx
https://www.sendspace.com/file/j5p00i
8m容量的q3能跑ss 3.0.2
你是自己编译的ss么?有没有遇到rc4-md5 cipher无法使用的问题?
非是自己编译的.只是用别人编译好NVRAM 32K的shibby正体中文版加入两个lib文件、连结。
3.0.2选rc4-md5会跳下面的问题
ss-server: can’t resolve symbol ‘MD5’ in lib ‘ss-server’.
因之前都使用chacha20所以没发现这个问题,不过新版的3.0.2能跑是能跑,
但不太稳定,直接在ssh前台下命令看,跑一阵后就会跳Bus error直接退出。
3.0.1的rc4-md5是正常能跑的,不过一样会跳Bus error退出。
3.0.0、2.6.3也是跑一跑就跳出,无法维持在后台。
2.6.2目前看来是正常的,但也是有md5问题。
另2.6.3之后的json好像有变动,用之前的跑命令会跳Bus error。
“server”:[“[::0]”,”0.0.0.0″],
去掉”[::0]”,只留ipv4才能跑ss-server -c .json
我觉得可以试试
a.自己加个路径到ld.so.conf.d下,然后存到nvram里,这样可以避免用tomatoedit 省得刷机
b.干脆设置/jffs/lib到rpath里,这样不会影响其他软件,但有一点是低端路由器jffs剩余空间太少,放进ss就基本放不了别的什么了,意义不大,高端路由器空间是有,不过一般都有usb口,那一般人也不会去开jffs了,不然刷的时候还要先关,刷完还要恢复文件 好麻烦
ps:试过在rpath里设$ORIGIN了,似乎在shibby v138上没有效果
8M固件开jffs有近1m可用,只放ss-server和vlmcsd两个服務还可以。
之前ss都会开启ota,3.0.2新版已去掉ota功能,才发现机子重启后,
有时第一次连线会卡住上不了。退回2.6.2时也是同样问题,此时
客户端若开ota就能立即连上,再之后即使没用ota也能顺利连结,
另台k2刷padavan的ss服务器已没ota,是都很顺利的连上。
不知是ss tomato版本的问题?还是q3机子BCM5357性能不佳?
也怀疑是isp随机阻断,因为这问题不是每次都发生。
ss新版混淆功能你之后会编译在tomato上跑吗?感谢!!
我目前还没机会测试,我之前的用法是客户端,服务端都在路由器上,服务端在国内,客户端在国外,主要用途是反向翻墙回国内看b站和用虾米,但是现在国内端挂了,无法远程修复
看hiboy padavan的ss-server
ldd ss-server
libev.so.4 => /lib/libev.so.4 (0x775de000)
libm.so.0 => /lib/libm.so.0 (0x775c2000)
libsodium.so.18 => /lib/libsodium.so.18 (0x77542000)
libmbedcrypto.so.0 => /lib/libmbedcrypto.so.0 (0x774e2000)
libpthread.so.0 => /lib/libpthread.so.0 (0x774bc000)
libc.so.0 => /lib/libc.so.0 (0x77440000)
ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x775f9000)
libdl.so.0 => /lib/libdl.so.0 (0x7742c000)
^^
8个文件和你的9个文件有差别,libdl.so.0 // libpcre.so.1、libgcc_s.so.1
而且编译的文件都比较大 3.0.2 ss-server 216kb
不知是否有关?
p.s. ss-server -c /jffs/ss.json -d start -u 这命令跑一阵也是会消失
你可以试试我半自动编译网站上的vsnapshot,作者说他在commit 5b122d4里修复了posix_memalign问题
我试了下,也是有这个问题,不过最新的shadowsocks-libev-vsnapshot-f7f90.tar.gz 这个似乎没问题,没有bus error, md5也能用. 之前不能用的原因大概是因为在>2.6.3版本里用了openssl的lib, <2.6.3不能用的原因是没把这个so文件放到/jffs/lib里,不放也可以用是因为路由器自带有libcrypto.so.1.0.0,只是缺这个symbol而已
不知道为何2.6.3和latest snapshot依然需要openssl, 所以可能依然有md5找不到的问题,但是如果你试下travis ci页面上3.0.2的下载链接,应该没这个问题(因为没用openssl,用的是mbedtls)
shadowsocks-libev-vsnapshot-f7f90.tar.gz
看了版本是旧的shadowsocks-libev 2.5.2
/lib/libcrypto.so.1 11kb
/usr/lib/libcrypto.so.1.0.0 1365kb
和这个解压出来的libcrypto.so.1.0.0 2.26mb有差别吗?
目前拿最新的3.0.3 直接运作会跳出
ss-server: can’t resolve symbol ‘posix_memalign’ in lib ‘ss-server’
Q3 tomato上头现在跑2.6.2服务端没问题,不知2.6.3之后改了什么造成不稳定?
vsnapshot那个可能我放错了,我去检查一下,他本意是编译原repo里最新的commit。凡是下载安装包里有.so文件的,都是交叉编译中在编译的依赖的包里的.so,因为他们可能和路由器里/lib /usr/lib下的版本不同,所以才在rpath里把/jffs/lib放在了最前面,这个用意是将他们放在/jffs/lib下,就会使用他们而不是路由器自带的so(如果使用自带的so出现错误的话),我试过3.0.2,没看到任何错误,rc4-md5 cipher也可以正常使用,我猜2.6.3以后你都要把那些so放到/jffs/lib,才不会出问题,我觉得q3 jffs空间应该不够了,除非使用4mb的firmware, (max版本一般都6.x MB,我用的是tomato shibby v138)
新的3.0.2跑rc4-md5是没跳出错消息了,
而从2.6.3之后文件大小缩到7x kb的ss-server,
会遇到运行一段时间会从后台消失。
ss-server -c /jffs/ss.json -f /var/run/ss.pid -u
这个命令在2.6.2之前没问题的,另外找到
ss-server -c /jffs/ss.json -d start -u
这个好像可以自动保护后台执行?
3.0.3 则是下命令时没问题,只要客户端一连就跳
ss-server: can’t resolve symbol ‘posix_memalign’ in lib ‘ss-server’.
不是路径的问题吧?用ldd看是都有连到,
最后刷了小固件,把三个lib文件塞到/jffs/lib也一样。
我测试了下,也遇到和你一样的错误,你自己用电脑编译试试吧,也许我步骤有不对的地方
刚又加装libmbedcrypto.so.0试了新的3.0.2,下载的速度跑一跑就会变慢,再切回2.6.2是正常的。
https://www.sendspace.com/file/j61su2
以tomatoedit将max版的tor去除,加入aio版的libpcre.so.1.2.3及lz提供的libev.so.4、libmbedcrypto.so.0,Q3刷完开jffs是1664kb。可以跑ss-server 2.6.3之后版本,只是
ss新版测过不是很稳定。建议还是先用旧的稳定版本。
现在gfw挡掉pptp,而openvpn要绕道ss/ssr服务器才能连上。
tomato上的openvpn用Static key方式比较方便点。
把下面二行加入.open文件内最后,pc上开启ss/ssr软件(已设好随便一个能连上的ss/ssr),
应该就能用pc的OpenVPN GUI连回tomato了。
socks-proxy 127.0.0.1 1089 //port数字与pc上ss/ssr软件开启的local port对应
route Tomato路由IP 255.255.255.255 net_gateway //Tomato路由可以是ip或ddns位置
若之前tomato沒開openvpn,现在ss还能跑,pc上开启ss/ssr软件。
firefox进阶选项中手动将proxy设成127.0.0.1 port是ss/ssr软件开启的local port
SOCKS v5。 然后就能登入tomato的私网ip,去设定openvpn。
当然最快速的方式是登入后直接开启外网访问处理,短期间应该没什么安全性的问题吧?
这次是客户端一连跳 Floating Point Exception
查了一下说法是由于使用高版本的gcc glibc 编译后在低版本的glibc上运行导致
那也许不能用我一直在用的工具链了,你自己试试看有没有别的方法吧。我晚上再拷到路由器上试试
压缩内3个lib文件替换至tomato 138 内,3.0.3没跳Floating Point Exception了。
但还是有跑一跑就Bus error停止的问题。
-a6154 3.0.3版本的ss-server目前使用正常了。
只是最高速度会少0.1mb/s
你用的是哪个travis ci build?我改了很多次,a6154这个是ss的build,我每次改动自动编译脚本的时候,他都是不会变的(只有我从ss原repo git pull的时候他才会变)
隔了一天,发现服务端已失联…。
在Q3上跑新版的稳定度不够,要让这台退到二线去了。
重新编译了工具链,经测试似乎一切正常
试了一下,看来确实是正常很多。感谢重编译。