infra/conf/shadowsocks.go

package conf

import (
	"strings"

	"github.com/sagernet/sing-shadowsocks/shadowaead_2022"
	C "github.com/sagernet/sing/common"
	"github.com/xtls/xray-core/common/errors"
	"github.com/xtls/xray-core/common/protocol"
	"github.com/xtls/xray-core/common/serial"
	"github.com/xtls/xray-core/proxy/shadowsocks"
	"github.com/xtls/xray-core/proxy/shadowsocks_2022"
	"google.golang.org/protobuf/proto"
)

func cipherFromString(c string) shadowsocks.CipherType {
	switch strings.ToLower(c) {
	case "aes-128-gcm", "aead_aes_128_gcm":
		return shadowsocks.CipherType_AES_128_GCM
	case "aes-256-gcm", "aead_aes_256_gcm":
		return shadowsocks.CipherType_AES_256_GCM
	case "chacha20-poly1305", "aead_chacha20_poly1305", "chacha20-ietf-poly1305":
		return shadowsocks.CipherType_CHACHA20_POLY1305
	case "xchacha20-poly1305", "aead_xchacha20_poly1305", "xchacha20-ietf-poly1305":
		return shadowsocks.CipherType_XCHACHA20_POLY1305
	case "none", "plain":
		return shadowsocks.CipherType_NONE
	default:
		return shadowsocks.CipherType_UNKNOWN
	}
}

type ShadowsocksUserConfig struct {
	Cipher   string   `json:"method"`
	Password string   `json:"password"`
	Level    byte     `json:"level"`
	Email    string   `json:"email"`
	Address  *Address `json:"address"`
	Port     uint16   `json:"port"`
}

type ShadowsocksServerConfig struct {
	Cipher      string                   `json:"method"`
	Password    string                   `json:"password"`
	Level       byte                     `json:"level"`
	Email       string                   `json:"email"`
	Users       []*ShadowsocksUserConfig `json:"clients"`
	NetworkList *NetworkList             `json:"network"`
	IVCheck     bool                     `json:"ivCheck"`
}

func (v *ShadowsocksServerConfig) Build() (proto.Message, error) {
	if C.Contains(shadowaead_2022.List, v.Cipher) {
		return buildShadowsocks2022(v)
	}

	config := new(shadowsocks.ServerConfig)
	config.Network = v.NetworkList.Build()

	if v.Users != nil {
		for _, user := range v.Users {
			account := &shadowsocks.Account{
				Password:   user.Password,
				CipherType: cipherFromString(user.Cipher),
				IvCheck:    v.IVCheck,
			}
			if account.Password == "" {
				return nil, errors.New("Shadowsocks password is not specified.")
			}
			if account.CipherType < shadowsocks.CipherType_AES_128_GCM ||
				account.CipherType > shadowsocks.CipherType_XCHACHA20_POLY1305 {
				return nil, errors.New("unsupported cipher method: ", user.Cipher)
			}
			config.Users = append(config.Users, &protocol.User{
				Email:   user.Email,
				Level:   uint32(user.Level),
				Account: serial.ToTypedMessage(account),
			})
		}
	} else {
		account := &shadowsocks.Account{
			Password:   v.Password,
			CipherType: cipherFromString(v.Cipher),
			IvCheck:    v.IVCheck,
		}
		if account.Password == "" {
			return nil, errors.New("Shadowsocks password is not specified.")
		}
		if account.CipherType == shadowsocks.CipherType_UNKNOWN {
			return nil, errors.New("unknown cipher method: ", v.Cipher)
		}
		config.Users = append(config.Users, &protocol.User{
			Email:   v.Email,
			Level:   uint32(v.Level),
			Account: serial.ToTypedMessage(account),
		})
	}

	return config, nil
}

func buildShadowsocks2022(v *ShadowsocksServerConfig) (proto.Message, error) {
	if len(v.Users) == 0 {
		config := new(shadowsocks_2022.ServerConfig)
		config.Method = v.Cipher
		config.Key = v.Password
		config.Network = v.NetworkList.Build()
		config.Email = v.Email
		return config, nil
	}

	if v.Cipher == "" {
		return nil, errors.New("shadowsocks 2022 (multi-user): missing server method")
	}
	if !strings.Contains(v.Cipher, "aes") {
		return nil, errors.New("shadowsocks 2022 (multi-user): only blake3-aes-*-gcm methods are supported")
	}

	if v.Users[0].Address == nil {
		config := new(shadowsocks_2022.MultiUserServerConfig)
		config.Method = v.Cipher
		config.Key = v.Password
		config.Network = v.NetworkList.Build()

		for _, user := range v.Users {
			if user.Cipher != "" {
				return nil, errors.New("shadowsocks 2022 (multi-user): users must have empty method")
			}
			account := &shadowsocks_2022.Account{
				Key: user.Password,
			}
			config.Users = append(config.Users, &protocol.User{
				Email:   user.Email,
				Level:   uint32(user.Level),
				Account: serial.ToTypedMessage(account),
			})
		}
		return config, nil
	}

	config := new(shadowsocks_2022.RelayServerConfig)
	config.Method = v.Cipher
	config.Key = v.Password
	config.Network = v.NetworkList.Build()
	for _, user := range v.Users {
		if user.Cipher != "" {
			return nil, errors.New("shadowsocks 2022 (relay): users must have empty method")
		}
		if user.Address == nil {
			return nil, errors.New("shadowsocks 2022 (relay): all users must have relay address")
		}
		config.Destinations = append(config.Destinations, &shadowsocks_2022.RelayDestination{
			Key:     user.Password,
			Email:   user.Email,
			Address: user.Address.Build(),
			Port:    uint32(user.Port),
		})
	}
	return config, nil
}

type ShadowsocksServerTarget struct {
	Address    *Address `json:"address"`
	Port       uint16   `json:"port"`
	Level      byte     `json:"level"`
	Email      string   `json:"email"`
	Cipher     string   `json:"method"`
	Password   string   `json:"password"`
	IVCheck    bool     `json:"ivCheck"`
	UoT        bool     `json:"uot"`
	UoTVersion int      `json:"uotVersion"`
}

type ShadowsocksClientConfig struct {
	Address    *Address                   `json:"address"`
	Port       uint16                     `json:"port"`
	Level      byte                       `json:"level"`
	Email      string                     `json:"email"`
	Cipher     string                     `json:"method"`
	Password   string                     `json:"password"`
	IVCheck    bool                       `json:"ivCheck"`
	UoT        bool                       `json:"uot"`
	UoTVersion int                        `json:"uotVersion"`
	Servers    []*ShadowsocksServerTarget `json:"servers"`
}

func (v *ShadowsocksClientConfig) Build() (proto.Message, error) {
	if v.Address != nil {
		v.Servers = []*ShadowsocksServerTarget{
			{
				Address:    v.Address,
				Port:       v.Port,
				Level:      v.Level,
				Email:      v.Email,
				Cipher:     v.Cipher,
				Password:   v.Password,
				IVCheck:    v.IVCheck,
				UoT:        v.UoT,
				UoTVersion: v.UoTVersion,
			},
		}
	}
	if len(v.Servers) != 1 {
		return nil, errors.New(`Shadowsocks settings: "servers" should have one and only one member. Multiple endpoints in "servers" should use multiple Shadowsocks outbounds and routing balancer instead`)
	}

	if len(v.Servers) == 1 {
		server := v.Servers[0]
		if C.Contains(shadowaead_2022.List, server.Cipher) {
			if server.Address == nil {
				return nil, errors.New("Shadowsocks server address is not set.")
			}
			if server.Port == 0 {
				return nil, errors.New("Invalid Shadowsocks port.")
			}
			if server.Password == "" {
				return nil, errors.New("Shadowsocks password is not specified.")
			}

			config := new(shadowsocks_2022.ClientConfig)
			config.Address = server.Address.Build()
			config.Port = uint32(server.Port)
			config.Method = server.Cipher
			config.Key = server.Password
			config.UdpOverTcp = server.UoT
			config.UdpOverTcpVersion = uint32(server.UoTVersion)
			return config, nil
		}
	}

	config := new(shadowsocks.ClientConfig)
	for _, server := range v.Servers {
		if C.Contains(shadowaead_2022.List, server.Cipher) {
			return nil, errors.New("Shadowsocks 2022 accept no multi servers")
		}
		if server.Address == nil {
			return nil, errors.New("Shadowsocks server address is not set.")
		}
		if server.Port == 0 {
			return nil, errors.New("Invalid Shadowsocks port.")
		}
		if server.Password == "" {
			return nil, errors.New("Shadowsocks password is not specified.")
		}
		account := &shadowsocks.Account{
			Password: server.Password,
		}
		account.CipherType = cipherFromString(server.Cipher)
		if account.CipherType == shadowsocks.CipherType_UNKNOWN {
			return nil, errors.New("unknown cipher method: ", server.Cipher)
		}

		account.IvCheck = server.IVCheck

		ss := &protocol.ServerEndpoint{
			Address: server.Address.Build(),
			Port:    uint32(server.Port),
			User:    &protocol.User{
				Level:   uint32(server.Level),
				Email:   server.Email,
				Account: serial.ToTypedMessage(account),
			},
		}

		config.Server = ss
		break
	}

	return config, nil
}
v1.0.0 2020-11-25 19:01:53 +08:00			`package conf`

			`import (`
			`"strings"`

Migrate shadowsocks-2022 to protocol library 2022-05-25 17:25:26 +08:00			`"github.com/sagernet/sing-shadowsocks/shadowaead_2022"`
Merge shadowsocks 2022 config 2022-05-23 20:45:30 +08:00			`C "github.com/sagernet/sing/common"`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`"github.com/xtls/xray-core/common/errors"`
v1.1.0 2020-12-04 09:36:16 +08:00			`"github.com/xtls/xray-core/common/protocol"`
			`"github.com/xtls/xray-core/common/serial"`
			`"github.com/xtls/xray-core/proxy/shadowsocks"`
Merge shadowsocks 2022 config 2022-05-23 20:45:30 +08:00			`"github.com/xtls/xray-core/proxy/shadowsocks_2022"`
refactor(deps): replace github.com/golang/protobuf with google.golang.org/protobuf 2023-08-10 04:43:34 +00:00			`"google.golang.org/protobuf/proto"`
v1.0.0 2020-11-25 19:01:53 +08:00			`)`

			`func cipherFromString(c string) shadowsocks.CipherType {`
			`switch strings.ToLower(c) {`
			`case "aes-128-gcm", "aead_aes_128_gcm":`
			`return shadowsocks.CipherType_AES_128_GCM`
			`case "aes-256-gcm", "aead_aes_256_gcm":`
			`return shadowsocks.CipherType_AES_256_GCM`
			`case "chacha20-poly1305", "aead_chacha20_poly1305", "chacha20-ietf-poly1305":`
			`return shadowsocks.CipherType_CHACHA20_POLY1305`
Add xchacha20-ietf-poly1305 for Shadowsocks 2021-05-25 23:45:48 +08:00			`case "xchacha20-poly1305", "aead_xchacha20_poly1305", "xchacha20-ietf-poly1305":`
			`return shadowsocks.CipherType_XCHACHA20_POLY1305`
v1.0.0 2020-11-25 19:01:53 +08:00			`case "none", "plain":`
			`return shadowsocks.CipherType_NONE`
			`default:`
			`return shadowsocks.CipherType_UNKNOWN`
			`}`
			`}`

Refactor: Shadowsocks AEAD Single-port Multi-user (Needs Optimizations) https://t.me/projectXray/170851 2021-01-18 22:52:35 +00:00			`type ShadowsocksUserConfig struct {`
Add shadowsocks 2022 relay config 2022-08-07 19:18:23 -04:00			Cipher string `json:"method"`
			Password string `json:"password"`
			Level byte `json:"level"`
			Email string `json:"email"`
			Address *Address `json:"address"`
			Port uint16 `json:"port"`
Refactor: Shadowsocks AEAD Single-port Multi-user (Needs Optimizations) https://t.me/projectXray/170851 2021-01-18 22:52:35 +00:00			`}`

v1.0.0 2020-11-25 19:01:53 +08:00			`type ShadowsocksServerConfig struct {`
Refactor: Shadowsocks AEAD Single-port Multi-user (Needs Optimizations) https://t.me/projectXray/170851 2021-01-18 22:52:35 +00:00			Cipher string `json:"method"`
			Password string `json:"password"`
			Level byte `json:"level"`
			Email string `json:"email"`
			Users []*ShadowsocksUserConfig `json:"clients"`
			NetworkList *NetworkList `json:"network"`
Use shadowsocket's bloomring for shadowsocket's replay protection (#764) * use shadowsocket's bloomring for shadowsocket's replay protection * added shadowsockets iv check for tcp socket * Rename to shadowsockets iv check * shadowsocks iv check config file * iv check should proceed after decryption * use shadowsocket's bloomring for shadowsocket's replay protection * Chore: format code (#842) Co-authored-by: Shelikhoo <xiaokangwang@outlook.com> Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com> 2021-10-22 00:03:09 -04:00			IVCheck bool `json:"ivCheck"`
v1.0.0 2020-11-25 19:01:53 +08:00			`}`

			`func (v *ShadowsocksServerConfig) Build() (proto.Message, error) {`
Merge shadowsocks 2022 config 2022-05-23 20:45:30 +08:00			`if C.Contains(shadowaead_2022.List, v.Cipher) {`
Add shadowsocks 2022 relay config 2022-08-07 19:18:23 -04:00			`return buildShadowsocks2022(v)`
Merge shadowsocks 2022 config 2022-05-23 20:45:30 +08:00			`}`

v1.0.0 2020-11-25 19:01:53 +08:00			`config := new(shadowsocks.ServerConfig)`
			`config.Network = v.NetworkList.Build()`

Refactor: Shadowsocks AEAD Single-port Multi-user (Needs Optimizations) https://t.me/projectXray/170851 2021-01-18 22:52:35 +00:00			`if v.Users != nil {`
			`for _, user := range v.Users {`
			`account := &shadowsocks.Account{`
			`Password: user.Password,`
			`CipherType: cipherFromString(user.Cipher),`
Use shadowsocket's bloomring for shadowsocket's replay protection (#764) * use shadowsocket's bloomring for shadowsocket's replay protection * added shadowsockets iv check for tcp socket * Rename to shadowsockets iv check * shadowsocks iv check config file * iv check should proceed after decryption * use shadowsocket's bloomring for shadowsocket's replay protection * Chore: format code (#842) Co-authored-by: Shelikhoo <xiaokangwang@outlook.com> Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com> 2021-10-22 00:03:09 -04:00			`IvCheck: v.IVCheck,`
Refactor: Shadowsocks AEAD Single-port Multi-user (Needs Optimizations) https://t.me/projectXray/170851 2021-01-18 22:52:35 +00:00			`}`
			`if account.Password == "" {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("Shadowsocks password is not specified.")`
Refactor: Shadowsocks AEAD Single-port Multi-user (Needs Optimizations) https://t.me/projectXray/170851 2021-01-18 22:52:35 +00:00			`}`
Fix: protobuf file (#724) 2021-09-20 22:41:09 +08:00			`if account.CipherType < shadowsocks.CipherType_AES_128_GCM \|\|`
fix unsupported cipher method: xChaCha20-IETF-Poly1305 2021-12-17 00:25:16 +08:00			`account.CipherType > shadowsocks.CipherType_XCHACHA20_POLY1305 {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("unsupported cipher method: ", user.Cipher)`
Refactor: Shadowsocks AEAD Single-port Multi-user (Needs Optimizations) https://t.me/projectXray/170851 2021-01-18 22:52:35 +00:00			`}`
			`config.Users = append(config.Users, &protocol.User{`
			`Email: user.Email,`
			`Level: uint32(user.Level),`
			`Account: serial.ToTypedMessage(account),`
			`})`
			`}`
			`} else {`
			`account := &shadowsocks.Account{`
			`Password: v.Password,`
			`CipherType: cipherFromString(v.Cipher),`
Use shadowsocket's bloomring for shadowsocket's replay protection (#764) * use shadowsocket's bloomring for shadowsocket's replay protection * added shadowsockets iv check for tcp socket * Rename to shadowsockets iv check * shadowsocks iv check config file * iv check should proceed after decryption * use shadowsocket's bloomring for shadowsocket's replay protection * Chore: format code (#842) Co-authored-by: Shelikhoo <xiaokangwang@outlook.com> Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com> 2021-10-22 00:03:09 -04:00			`IvCheck: v.IVCheck,`
Refactor: Shadowsocks AEAD Single-port Multi-user (Needs Optimizations) https://t.me/projectXray/170851 2021-01-18 22:52:35 +00:00			`}`
			`if account.Password == "" {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("Shadowsocks password is not specified.")`
Refactor: Shadowsocks AEAD Single-port Multi-user (Needs Optimizations) https://t.me/projectXray/170851 2021-01-18 22:52:35 +00:00			`}`
			`if account.CipherType == shadowsocks.CipherType_UNKNOWN {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("unknown cipher method: ", v.Cipher)`
Refactor: Shadowsocks AEAD Single-port Multi-user (Needs Optimizations) https://t.me/projectXray/170851 2021-01-18 22:52:35 +00:00			`}`
			`config.Users = append(config.Users, &protocol.User{`
			`Email: v.Email,`
			`Level: uint32(v.Level),`
			`Account: serial.ToTypedMessage(account),`
			`})`
v1.0.0 2020-11-25 19:01:53 +08:00			`}`

			`return config, nil`
			`}`

Add shadowsocks 2022 relay config 2022-08-07 19:18:23 -04:00			`func buildShadowsocks2022(v *ShadowsocksServerConfig) (proto.Message, error) {`
			`if len(v.Users) == 0 {`
			`config := new(shadowsocks_2022.ServerConfig)`
			`config.Method = v.Cipher`
			`config.Key = v.Password`
			`config.Network = v.NetworkList.Build()`
			`config.Email = v.Email`
			`return config, nil`
			`}`
Run core/format.go 2022-12-25 19:37:35 -05:00
Add shadowsocks 2022 relay config 2022-08-07 19:18:23 -04:00			`if v.Cipher == "" {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("shadowsocks 2022 (multi-user): missing server method")`
Add shadowsocks 2022 relay config 2022-08-07 19:18:23 -04:00			`}`
			`if !strings.Contains(v.Cipher, "aes") {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("shadowsocks 2022 (multi-user): only blake3-aes-*-gcm methods are supported")`
Add shadowsocks 2022 relay config 2022-08-07 19:18:23 -04:00			`}`

			`if v.Users[0].Address == nil {`
			`config := new(shadowsocks_2022.MultiUserServerConfig)`
			`config.Method = v.Cipher`
			`config.Key = v.Password`
			`config.Network = v.NetworkList.Build()`
Run core/format.go 2022-12-25 19:37:35 -05:00
Add shadowsocks 2022 relay config 2022-08-07 19:18:23 -04:00			`for _, user := range v.Users {`
			`if user.Cipher != "" {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("shadowsocks 2022 (multi-user): users must have empty method")`
Add shadowsocks 2022 relay config 2022-08-07 19:18:23 -04:00			`}`
API: Add new Get Inbound User (#3644) * Add GetInboundUser in proto * Add get user logic for all existing inbounds * Add inbounduser command * Add option to get all users * Fix shadowsocks2022 config * Fix init users in shadowsocks2022 * Fix copy * Add inbound user count command This api costs much less than get inbound user, could be useful in some case * Update from latest main 2024-11-03 00:25:23 -04:00			`account := &shadowsocks_2022.Account{`
			`Key: user.Password,`
			`}`
			`config.Users = append(config.Users, &protocol.User{`
			`Email: user.Email,`
			`Level: uint32(user.Level),`
			`Account: serial.ToTypedMessage(account),`
Add shadowsocks 2022 relay config 2022-08-07 19:18:23 -04:00			`})`
			`}`
			`return config, nil`
			`}`

			`config := new(shadowsocks_2022.RelayServerConfig)`
			`config.Method = v.Cipher`
			`config.Key = v.Password`
			`config.Network = v.NetworkList.Build()`
			`for _, user := range v.Users {`
			`if user.Cipher != "" {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("shadowsocks 2022 (relay): users must have empty method")`
Add shadowsocks 2022 relay config 2022-08-07 19:18:23 -04:00			`}`
			`if user.Address == nil {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("shadowsocks 2022 (relay): all users must have relay address")`
Add shadowsocks 2022 relay config 2022-08-07 19:18:23 -04:00			`}`
			`config.Destinations = append(config.Destinations, &shadowsocks_2022.RelayDestination{`
Run core/format.go 2022-12-25 19:37:35 -05:00			`Key: user.Password,`
			`Email: user.Email,`
Add shadowsocks 2022 relay config 2022-08-07 19:18:23 -04:00			`Address: user.Address.Build(),`
Run core/format.go 2022-12-25 19:37:35 -05:00			`Port: uint32(user.Port),`
Add shadowsocks 2022 relay config 2022-08-07 19:18:23 -04:00			`})`
			`}`
			`return config, nil`
			`}`

v1.0.0 2020-11-25 19:01:53 +08:00			`type ShadowsocksServerTarget struct {`
Update UoT protocol 2023-03-15 14:42:32 +08:00			Address *Address `json:"address"`
			Port uint16 `json:"port"`
Config: Outbound proxy config no need to be nested (#5124) Like https://github.com/XTLS/Xray-core/commit/eda8be601f56c788b1ad176c7d68d8e2ce22c7ca 2025-09-11 21:48:20 +08:00			Level byte `json:"level"`
			Email string `json:"email"`
Update UoT protocol 2023-03-15 14:42:32 +08:00			Cipher string `json:"method"`
			Password string `json:"password"`
			IVCheck bool `json:"ivCheck"`
			UoT bool `json:"uot"`
			UoTVersion int `json:"uotVersion"`
v1.0.0 2020-11-25 19:01:53 +08:00			`}`

			`type ShadowsocksClientConfig struct {`
Outbound: One endpoint and at most one user only (#5144) https://github.com/XTLS/Xray-core/pull/5124#issuecomment-3281091009 Fixes https://github.com/XTLS/Xray-core/pull/5124#pullrequestreview-3218097421 2025-09-15 21:31:27 +08:00			Address *Address `json:"address"`
			Port uint16 `json:"port"`
			Level byte `json:"level"`
			Email string `json:"email"`
			Cipher string `json:"method"`
			Password string `json:"password"`
			IVCheck bool `json:"ivCheck"`
			UoT bool `json:"uot"`
			UoTVersion int `json:"uotVersion"`
			Servers []*ShadowsocksServerTarget `json:"servers"`
v1.0.0 2020-11-25 19:01:53 +08:00			`}`

			`func (v *ShadowsocksClientConfig) Build() (proto.Message, error) {`
Config: Outbound proxy config no need to be nested (#5124) Like https://github.com/XTLS/Xray-core/commit/eda8be601f56c788b1ad176c7d68d8e2ce22c7ca 2025-09-11 21:48:20 +08:00			`if v.Address != nil {`
			`v.Servers = []*ShadowsocksServerTarget{`
			`{`
			`Address: v.Address,`
			`Port: v.Port,`
			`Level: v.Level,`
			`Email: v.Email,`
			`Cipher: v.Cipher,`
			`Password: v.Password,`
			`IVCheck: v.IVCheck,`
			`UoT: v.UoT,`
			`UoTVersion: v.UoTVersion,`
			`},`
			`}`
			`}`
Outbound: One endpoint and at most one user only (#5144) https://github.com/XTLS/Xray-core/pull/5124#issuecomment-3281091009 Fixes https://github.com/XTLS/Xray-core/pull/5124#pullrequestreview-3218097421 2025-09-15 21:31:27 +08:00			`if len(v.Servers) != 1 {`
			return nil, errors.New(`Shadowsocks settings: "servers" should have one and only one member. Multiple endpoints in "servers" should use multiple Shadowsocks outbounds and routing balancer instead`)
v1.0.0 2020-11-25 19:01:53 +08:00			`}`

Merge shadowsocks 2022 config 2022-05-23 20:45:30 +08:00			`if len(v.Servers) == 1 {`
			`server := v.Servers[0]`
			`if C.Contains(shadowaead_2022.List, server.Cipher) {`
			`if server.Address == nil {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("Shadowsocks server address is not set.")`
Merge shadowsocks 2022 config 2022-05-23 20:45:30 +08:00			`}`
			`if server.Port == 0 {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("Invalid Shadowsocks port.")`
Merge shadowsocks 2022 config 2022-05-23 20:45:30 +08:00			`}`
			`if server.Password == "" {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("Shadowsocks password is not specified.")`
Merge shadowsocks 2022 config 2022-05-23 20:45:30 +08:00			`}`

			`config := new(shadowsocks_2022.ClientConfig)`
			`config.Address = server.Address.Build()`
			`config.Port = uint32(server.Port)`
			`config.Method = server.Cipher`
			`config.Key = server.Password`
Add udp over tcp support for shadowsocks-2022 2022-06-01 11:12:43 +08:00			`config.UdpOverTcp = server.UoT`
Update UoT protocol 2023-03-15 14:42:32 +08:00			`config.UdpOverTcpVersion = uint32(server.UoTVersion)`
Merge shadowsocks 2022 config 2022-05-23 20:45:30 +08:00			`return config, nil`
			`}`
			`}`

			`config := new(shadowsocks.ClientConfig)`
Outbound: One endpoint and at most one user only (#5144) https://github.com/XTLS/Xray-core/pull/5124#issuecomment-3281091009 Fixes https://github.com/XTLS/Xray-core/pull/5124#pullrequestreview-3218097421 2025-09-15 21:31:27 +08:00			`for _, server := range v.Servers {`
Merge shadowsocks 2022 config 2022-05-23 20:45:30 +08:00			`if C.Contains(shadowaead_2022.List, server.Cipher) {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("Shadowsocks 2022 accept no multi servers")`
Merge shadowsocks 2022 config 2022-05-23 20:45:30 +08:00			`}`
v1.0.0 2020-11-25 19:01:53 +08:00			`if server.Address == nil {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("Shadowsocks server address is not set.")`
v1.0.0 2020-11-25 19:01:53 +08:00			`}`
			`if server.Port == 0 {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("Invalid Shadowsocks port.")`
v1.0.0 2020-11-25 19:01:53 +08:00			`}`
			`if server.Password == "" {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("Shadowsocks password is not specified.")`
v1.0.0 2020-11-25 19:01:53 +08:00			`}`
			`account := &shadowsocks.Account{`
			`Password: server.Password,`
			`}`
			`account.CipherType = cipherFromString(server.Cipher)`
			`if account.CipherType == shadowsocks.CipherType_UNKNOWN {`
Refactor log (#3446) * Refactor log * Add new log methods * Fix logger test * Change all logging code * Clean up pathObj * Rebase to latest main * Remove invoking method name after the dot 2024-06-29 14:32:57 -04:00			`return nil, errors.New("unknown cipher method: ", server.Cipher)`
v1.0.0 2020-11-25 19:01:53 +08:00			`}`

Use shadowsocket's bloomring for shadowsocket's replay protection (#764) * use shadowsocket's bloomring for shadowsocket's replay protection * added shadowsockets iv check for tcp socket * Rename to shadowsockets iv check * shadowsocks iv check config file * iv check should proceed after decryption * use shadowsocket's bloomring for shadowsocket's replay protection * Chore: format code (#842) Co-authored-by: Shelikhoo <xiaokangwang@outlook.com> Co-authored-by: Loyalsoldier <10487845+Loyalsoldier@users.noreply.github.com> 2021-10-22 00:03:09 -04:00			`account.IvCheck = server.IVCheck`

v1.0.0 2020-11-25 19:01:53 +08:00			`ss := &protocol.ServerEndpoint{`
			`Address: server.Address.Build(),`
			`Port: uint32(server.Port),`
Outbound: One endpoint and at most one user only (#5144) https://github.com/XTLS/Xray-core/pull/5124#issuecomment-3281091009 Fixes https://github.com/XTLS/Xray-core/pull/5124#pullrequestreview-3218097421 2025-09-15 21:31:27 +08:00			`User: &protocol.User{`
			`Level: uint32(server.Level),`
			`Email: server.Email,`
			`Account: serial.ToTypedMessage(account),`
v1.0.0 2020-11-25 19:01:53 +08:00			`},`
			`}`

Outbound: One endpoint and at most one user only (#5144) https://github.com/XTLS/Xray-core/pull/5124#issuecomment-3281091009 Fixes https://github.com/XTLS/Xray-core/pull/5124#pullrequestreview-3218097421 2025-09-15 21:31:27 +08:00			`config.Server = ss`
			`break`
v1.0.0 2020-11-25 19:01:53 +08:00			`}`

			`return config, nil`
			`}`