Shadowsocks-android: ACL 列表的疑问
在 bypass-china.acl 和 bypass-lan-china.acl 这两个文件,大致内容是这样的:
[proxy_all]
[bypass_list]
# china ip list (& lan ip list)
# ...
[proxy_list]
# gfwlist 以及 telegram ip
# ...
我的疑问是既然 [proxy_all] 了,那么以下这整段是否可以不要?
[proxy_list]
# gfwlist 以及 telegram ip
# ...
pexcn
All 16 comments
Nope, they're required to handle corner cases.
madeye
on 30 Jul 2018
[proxy_all] 在以上两个文件里的意思不是 代理全部,但是除了 bypass 的那些 吗?
我没找到关于 ACL 的文档,难道这个 ACL 的语法是 ss-libev 实现的?如果是这样,能否改进下 ss-libev 对它的处理以便让 ACL 文件的语法看起来更加合理呢?🤔
pexcn
on 30 Jul 2018
[proxy_all] means "go through proxy by default", after applying [bypass_list], we need to handle some corner cases in [proxy_list].
madeye
on 30 Jul 2018
好的,感谢解答。
本来不太懂,后来找到这两个代码片段:
src/local.c#L514
src/acl.c#L244
想验证一下,弄了两个规则:
@pexcn/share/whitelist.acl
@pexcn/share/bypass-lan-china-origin.acl
然后在自定义规则 -> 手动设置,添加其中一个在线规则,配置文件选中自定义规则。
准备测试,结果发现自定义规则好像不能用?
Android 7.x (LineageOS 14.1), 在 /data/data/<ss-android 包名> 目录下,搜索了一遍,没有找到 *.acl 文件,好像 ACL 文件并没有下载下来。难道这个在线规则的功能并不是我理解的那样?
pexcn
on 30 Jul 2018
@pexcn Good catch. I just realized there's probably a bug with that code in local.c. UPDATE: And also this.
acl files are stored in device storage. Check /data/user_de/<uid>/com.github.shadowsocks/files.
@madeye Check your inbox please?
Mygod
on 30 Jul 2018
@Mygod 原来 Android 7.x 改了 /data/data/... 路径啊,难怪我找不到...
EDIT:
刚才又试了一下,custom-rules.acl 始终没有被替换成在线 ACL 列表的内容
pexcn
on 30 Jul 2018
@Mygod On Android VPN mode, I think atyp can only be 1 or 4, so it's safe to assume that ip is already initialized.
The only exception is now we support local proxy, which may be a problem.
madeye
on 30 Jul 2018
@pexcn Did you add your URL as a URL instead of a rule?
@madeye Yes I just realized that. I'll open a PR shortly to fix that issue. (also please acknowledge the email)
Mygod
on 30 Jul 2018
I just push a commit https://github.com/shadowsocks/shadowsocks-libev/commit/9a561555136c1aea448bf59735042e686e8381c0, please help to review it.
madeye
on 30 Jul 2018
@Mygod 我是作为 "在线规则文件 URL" 添加的
pexcn
on 31 Jul 2018
Make sure you picked Custom Rules as your routing and has started the service at least once.
Mygod
on 31 Jul 2018
@Mygod 是的,一开始我就是这么做的,配置里也选择了 "自定义规则",也是先启动了一次,custom-rules.acl 还是 28 字节。
版本是最后的 release: https://github.com/shadowsocks/shadowsocks-android/commit/8aabc73b9698b2bb26a89717d59ac1660e79fad8
pexcn
on 31 Jul 2018
If it's 28 bytes, it probably failed to import anything. Check logcat.
Mygod
on 31 Jul 2018
好像有点问题,附上 log:
07-31 11:50:52.080 22056 22056 W View : requestLayout() improperly called by android.support.v7.widget.AppCompatTextView{969401a I.ED..... ......I. 3,3-195,195} during second layout pass: posting in next frame
07-31 11:50:52.098 22056 22056 W View : requestLayout() improperly called by android.support.v7.widget.AppCompatTextView{969401a I.ED..... ......I. 3,3-195,195} during layout: running second layout pass
07-31 11:50:52.143 22056 22056 W View : requestLayout() improperly called by android.support.v7.widget.AppCompatTextView{969401a I.ED..... ......I. 3,3-195,195} during second layout pass: posting in next frame
07-31 11:50:53.332 22091 22579 W System : ClassLoader referenced unknown path: /system/framework/tcmclient.jar
07-31 11:50:55.828 22091 22579 W Acl : Imported network ACL has a conflicting mode set. This will probably not work as intended. URL: https://github.com/pexcn/share/raw/gh-pages/whitelist.acl
07-31 11:50:55.850 775 30529 D Vpn : setting state=CONNECTING, reason=establish
07-31 11:50:55.851 775 30529 D VpnJni : Address added on tun0: 172.19.0.1/24
07-31 11:50:55.870 775 30529 D ConnectivityService: registerNetworkAgent NetworkAgentInfo{ ni{[type: VPN[], state: CONNECTING/CONNECTING, reason: (unspecified), extra: (none), failover: false, available: false, roaming: false, metered: false]} network{537} nethandle{2306413873886} lp{{InterfaceName: tun0 LinkAddresses: [172.19.0.1/24,] Routes: [0.0.0.0/0 -> 0.0.0.0 tun0,::/0 unreachable,] DnsAddresses: [8.8.8.8,] Domains: MTU: 0}} nc{[ Transports: VPN Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED]} Score{0} everValidated{false} lastValidated{false} created{false} lingering{false} explicitlySelected{false} acceptUnvalidated{false} everCaptivePortalDetected{false} lastCaptivePortalDetected{false} }
07-31 11:50:55.870 22602 22602 D shadowsocks: initializing acl...
07-31 11:50:55.870 775 30529 D Vpn : setting state=CONNECTED, reason=agentConnect
07-31 11:50:55.871 775 30529 I Vpn : Established by com.github.shadowsocks on tun0
07-31 11:50:55.871 22602 22602 D shadowsocks: initializing ciphers... chacha20-ietf-poly1305
07-31 11:50:55.871 22602 22602 D shadowsocks: listening at 127.0.0.1:1080
07-31 11:50:55.871 22602 22602 D shadowsocks: udprelay enabled
07-31 11:50:55.871 775 881 D ConnectivityService: NetworkAgentInfo [VPN () - 537] EVENT_NETWORK_INFO_CHANGED, going from null to CONNECTING
07-31 11:50:55.879 775 881 D ConnectivityService: NetworkAgentInfo [VPN () - 537] EVENT_NETWORK_INFO_CHANGED, going from CONNECTING to CONNECTED
07-31 11:50:55.879 775 881 D ConnectivityService: Adding iface tun0 to network 537
07-31 11:50:55.906 22611 22611 D tun2socks: NOTICE(tun2socks): initializing BadVPN tun2socks 1.999.130
07-31 11:50:55.931 775 881 D ConnectivityService: Setting DNS servers for network 537 to [/8.8.8.8]
07-31 11:50:55.946 22611 22611 D tun2socks: NOTICE(tun2socks): entering event loop
07-31 11:50:55.958 775 881 W ConnectivityExtension: ConnectivityExt jar file not present
07-31 11:50:55.980 775 881 W ConnectivityExtension: ConnectivityExt jar file not present
07-31 11:50:55.991 775 22609 D NetworkMonitor/NetworkAgentInfo [VPN () - 537]: Network would not satisfy default request, not validating
07-31 11:50:55.998 775 881 D ConnectivityService: Sending CONNECTED broadcast for type 17 NetworkAgentInfo [VPN () - 537] isDefaultNetwork=false
07-31 11:50:56.032 775 881 D ConnectivityService: NetworkAgentInfo [VPN () - 537] validation passed
07-31 11:50:56.043 13187 13320 W System : ClassLoader referenced unknown path: /system/framework/tcmclient.jar
07-31 11:50:56.047 13530 13530 D WeatherUpdateService: onCreate
07-31 11:50:56.069 13530 13530 D WeatherUpdateService: Service started, but shouldn't update ... stopping
07-31 11:50:56.071 13530 13530 D WeatherUpdateService: onDestroy
07-31 11:50:56.665 22606 22606 I overture: time="2018-07-31T03:50:56Z" level=info msg="If you need any help, please visit the project repository: https://github.com/shadowsocks/overture"
07-31 11:50:56.673 22606 22606 I overture: time="2018-07-31T03:50:56Z" level=info msg="Load IP network file successful"
07-31 11:50:56.673 22606 22606 I overture: time="2018-07-31T03:50:56Z" level=error msg="Open Custom domain file failed: open : no such file or directory"
07-31 11:50:56.673 22606 22606 I overture: time="2018-07-31T03:50:56Z" level=info msg="Minimum TTL is 120"
07-31 11:50:56.673 22606 22606 I overture: time="2018-07-31T03:50:56Z" level=info msg="CacheSize is 4096"
07-31 11:50:56.673 22606 22606 I overture: time="2018-07-31T03:50:56Z" level=info msg="Load hosts file successful"
07-31 11:50:56.674 22606 22606 I overture: time="2018-07-31T03:50:56Z" level=info msg="Start overture on 127.0.0.1:5450"
07-31 11:50:57.855 923 923 W View : requestLayout() improperly called by com.android.internal.widget.NotificationExpandButton{5f80559 V.ED..C.. ......ID 351,48-393,93 #10203b6 android:id/expand_button} during layout: running second layout pass
07-31 11:50:57.855 923 923 W View : requestLayout() improperly called by com.android.internal.widget.NotificationExpandButton{811951e V.ED..C.. ......ID 351,48-393,93 #10203b6 android:id/expand_button} during layout: running second layout pass
07-31 11:50:57.855 923 923 W View : requestLayout() improperly called by com.android.internal.widget.NotificationExpandButton{e1fd1ff V.ED..C.. ......ID 351,48-393,93 #10203b6 android:id/expand_button} during layout: running second layout pass
07-31 11:51:02.061 22611 22611 D tun2socks: NOTICE(tun2socks): termination requested
07-31 11:51:02.061 22611 22611 D tun2socks: NOTICE(tun2socks): tearing down
07-31 11:51:02.061 22611 22611 D tun2socks: NOTICE(tun2socks): Free TCP connections
07-31 11:51:02.061 22611 22611 D tun2socks: NOTICE(tun2socks): exiting
07-31 11:51:02.079 242 761 D NetlinkEvent: Unknown ifindex 39 in RTM_DELADDR
07-31 11:51:02.086 794 794 W android.fg: type=1400 audit(0.0:2573): avc: denied { sys_module } for capability=16 scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=capability permissive=0
07-31 11:51:02.090 775 881 D ConnectivityService: NetworkAgentInfo [VPN () - 537] EVENT_NETWORK_INFO_CHANGED, going from CONNECTED to DISCONNECTED
07-31 11:51:02.090 775 881 D VPN : NetworkAgent: NetworkAgent channel lost
07-31 11:51:02.090 775 881 D ConnectivityService: NetworkAgentInfo [VPN () - 537] got DISCONNECTED, was satisfying 9
07-31 11:51:02.126 775 881 W ConnectivityExtension: ConnectivityExt jar file not present
07-31 11:51:02.145 775 881 D ConnectivityService: Sending DISCONNECTED broadcast for type 17 NetworkAgentInfo [VPN () - 537] isDefaultNetwork=false
07-31 11:51:02.195 13530 13530 D WeatherUpdateService: onCreate
07-31 11:51:02.206 13530 13530 D WeatherUpdateService: Service started, but shouldn't update ... stopping
07-31 11:51:02.214 13530 13530 D WeatherUpdateService: onDestroy
这两行:
07-31 11:50:55.828 22091 22579 W Acl : Imported network ACL has a conflicting mode set. This will probably not work as intended. URL: https://github.com/pexcn/share/raw/gh-pages/whitelist.acl
..........
07-31 11:50:56.673 22606 22606 I overture: time="2018-07-31T03:50:56Z" level=error msg="Open Custom domain file failed: open : no such file or directory"
That means custom rules only support bypass_all mode. Your acl file is not supported.
Mygod
on 31 Jul 2018
原来是这样啊。
感谢。:beer:
pexcn
on 31 Jul 2018
Related issues
kuaihou2012
·
6Comments
ggwolfking
·
3Comments
zhangchunsheng
·
3Comments
mahdiG
·
4Comments
tamashii
·
5Comments