diff --git a/Cargo.lock b/Cargo.lock index 035a5591c43a..aa83eff43a78 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3288,7 +3288,7 @@ dependencies = [ [[package]] name = "shadowsocks-rust" -version = "1.21.2" +version = "1.21.3" dependencies = [ "base64 0.22.1", "build-time", @@ -3329,7 +3329,7 @@ dependencies = [ [[package]] name = "shadowsocks-service" -version = "1.21.2" +version = "1.21.3" dependencies = [ "arc-swap", "async-trait", diff --git a/Cargo.toml b/Cargo.toml index 1002e194b169..e51055e1c942 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "shadowsocks-rust" -version = "1.21.2" +version = "1.21.3" authors = ["Shadowsocks Contributors"] description = "shadowsocks is a fast tunnel proxy that helps you bypass firewalls." repository = "https://github.com/shadowsocks/shadowsocks-rust" @@ -67,11 +67,19 @@ default = [ "local-tunnel", "local-socks4", "multi-threaded", + "aead-cipher", "aead-cipher-2022", ] # Basic Features -basic = ["logging", "hickory-dns", "local", "server", "multi-threaded"] +basic = [ + "logging", + "hickory-dns", + "local", + "server", + "multi-threaded", + "aead-cipher", +] # All Suggested Features full = [ @@ -95,6 +103,7 @@ full = [ "local-online-config", "multi-threaded", "stream-cipher", + "aead-cipher", "aead-cipher-2022", ] @@ -190,9 +199,12 @@ multi-threaded = ["tokio/rt-multi-thread"] # Users should always avoid using these ciphers in practice stream-cipher = ["shadowsocks-service/stream-cipher"] +# Enable AEAD ciphers +aead-cipher = ["shadowsocks-service/aead-cipher"] + # Enable extra AEAD ciphers # WARN: These non-standard AEAD ciphers are not officially supported by shadowsocks community -aead-cipher-extra = ["shadowsocks-service/aead-cipher-extra"] +aead-cipher-extra = ["aead-cipher", "shadowsocks-service/aead-cipher-extra"] # Enable AEAD 2022 aead-cipher-2022 = ["shadowsocks-service/aead-cipher-2022"] @@ -248,7 +260,7 @@ jemallocator = { version = "0.5", optional = true } snmalloc-rs = { version = "0.3", optional = true } rpmalloc = { version = "0.2", optional = true } -shadowsocks-service = { version = "1.21.2", path = "./crates/shadowsocks-service" } +shadowsocks-service = { version = "1.21.3", path = "./crates/shadowsocks-service" } windows-service = { version = "0.7", optional = true } diff --git a/crates/shadowsocks-service/Cargo.toml b/crates/shadowsocks-service/Cargo.toml index 4da71815afa0..18f9781c9b10 100644 --- a/crates/shadowsocks-service/Cargo.toml +++ b/crates/shadowsocks-service/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "shadowsocks-service" -version = "1.21.2" +version = "1.21.3" authors = ["Shadowsocks Contributors"] description = "shadowsocks is a fast tunnel proxy that helps you bypass firewalls." repository = "https://github.com/shadowsocks/shadowsocks-rust" @@ -15,6 +15,9 @@ rust-version = "1.74" maintenance = { status = "passively-maintained" } [features] +# WARN: Just for compatible. May be removed in the future releases. +default = ["aead-cipher"] + full = [ "local", "server", @@ -24,6 +27,7 @@ full = [ "local-redir", "local-tunnel", "local-socks4", + "aead-cipher", ] # Enable local server @@ -114,14 +118,20 @@ local-online-config = [ # Users should always avoid using these ciphers in practice stream-cipher = ["shadowsocks/stream-cipher"] +# Enable AEAD ciphers +aead-cipher = ["shadowsocks/aead-cipher"] + # Enable extra AEAD ciphers # WARN: These non-standard AEAD ciphers are not officially supported by shadowsocks community -aead-cipher-extra = ["shadowsocks/aead-cipher-extra"] +aead-cipher-extra = ["aead-cipher", "shadowsocks/aead-cipher-extra"] # Enable AEAD 2022 aead-cipher-2022 = ["shadowsocks/aead-cipher-2022"] # Enable AEAD 2022 with extra ciphers -aead-cipher-2022-extra = ["shadowsocks/aead-cipher-2022-extra"] +aead-cipher-2022-extra = [ + "aead-cipher-2022", + "shadowsocks/aead-cipher-2022-extra", +] # Enable detection against replay attack security-replay-attack-detect = ["shadowsocks/security-replay-attack-detect"] @@ -205,7 +215,7 @@ serde = { version = "1.0", features = ["derive"] } json5 = "0.4" bson = { version = "2.13.0", optional = true } -shadowsocks = { version = "1.21.0", path = "../shadowsocks", default-features = false } +shadowsocks = { version = "1.21.1", path = "../shadowsocks", default-features = false } # Just for the ioctl call macro [target.'cfg(any(target_os = "macos", target_os = "ios", target_os = "freebsd", target_os = "openbsd"))'.dependencies] diff --git a/crates/shadowsocks-service/src/manager/server.rs b/crates/shadowsocks-service/src/manager/server.rs index 1e5244cb2bff..62359324275c 100644 --- a/crates/shadowsocks-service/src/manager/server.rs +++ b/crates/shadowsocks-service/src/manager/server.rs @@ -473,7 +473,10 @@ impl Manager { return Ok(AddResponse(err)); } }, + #[cfg(feature = "aead-cipher")] None => self.svr_cfg.method.unwrap_or(CipherKind::CHACHA20_POLY1305), + #[cfg(not(feature = "aead-cipher"))] + None => return Ok(AddResponse("method is required")), }; let mut svr_cfg = ServerConfig::new(addr, req.password.clone(), method); diff --git a/crates/shadowsocks-service/src/server/udprelay.rs b/crates/shadowsocks-service/src/server/udprelay.rs index e6835454bd2d..e1aba396b316 100644 --- a/crates/shadowsocks-service/src/server/udprelay.rs +++ b/crates/shadowsocks-service/src/server/udprelay.rs @@ -113,9 +113,9 @@ impl UdpServer { } let assoc_map = match svr_cfg.method().category() { - CipherCategory::None | CipherCategory::Aead => { - NatMap::Association(create_assoc_map(time_to_live, capacity)) - } + CipherCategory::None => NatMap::Association(create_assoc_map(time_to_live, capacity)), + #[cfg(feature = "aead-cipher")] + CipherCategory::Aead => NatMap::Association(create_assoc_map(time_to_live, capacity)), #[cfg(feature = "stream-cipher")] CipherCategory::Stream => NatMap::Association(create_assoc_map(time_to_live, capacity)), #[cfg(feature = "aead-cipher-2022")]