Shadowsocks-libev: 使用 Systemd 管理 ss-redir 时无法使用 -u 选项

Created on 18 May 2016 · 3Comments · Source: shadowsocks/shadowsocks-libev

我在 shadowsocks-libev-redir 的 unit file 中 ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks-libev/%i.json 后添加了 -u，然后启动 redir 服务时日志里显示 ERROR: [udp] setsockopt IP_TRANSPARENT: Operation not permitted，但是对 local 和 tunnel 的 unit file 添加 -u 参数可以正常启动。
另外，直接执行 /usr/bin/ss-redir -c /etc/shadowsocks-libev/redir.json -u 时没有问题。

测试环境：
Debian 8.4
Ubuntu 16.04

bug

Source

zent00

Most helpful comment

The IP_TRANSPARENT needs root permission.

kimw on 18 May 2016

👍2

All 3 comments

My fault. IP_TRANSPARENT needs CAP_NET_ADMIN.

On Wed, May 18, 2016, 09:24 zent00 [email protected] wrote:

我在 shadowsocks-libev-redir 的 unit file 中 ExecStart=/usr/bin/ss-redir -c
/etc/shadowsocks-libev/%i.json 后添加了 -u，然后启动 redir 服务时日志里显示 ERROR: [udp]
setsockopt IP_TRANSPARENT: Operation not permitted，但是对 local 和 tunnel 的
unit file 添加 -u 参数可以正常启动。
另外，直接执行 /usr/bin/ss-redir -c /etc/shadowsocks-libev/redir.json -u 时没有问题。

测试环境：
Debian 8.4
Ubuntu 16.04

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
https://github.com/shadowsocks/shadowsocks-libev/issues/638

hosiet on 18 May 2016

The IP_TRANSPARENT needs root permission.

kimw on 18 May 2016

👍2

I got same issues on Raspbian Jessie

my systemd file:

/etc/systemd/system/ssredir.service

[Unit]
Description=Shadowsocks-Libev Custom Client Service Redir Mode 
After=network.target

[Service]
Type=simple
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
ExecStart=/usr/bin/ss-redir -c /etc/ss/ss-redir.json -u

[Install]
WantedBy=multi-user.target

with command:

sudo systemctl start ssredir

I can start ss-redir successfully

but failed when auto start on boot

log：

● ssredir.service - Shadowsocks-Libev Custom Client Service Redir Mode
   Loaded: loaded (/etc/systemd/system/ssredir.service; enabled)
   Active: failed (Result: exit-code) since Sat 2017-08-05 23:35:29 CST; 13s ago
 Main PID: 514 (code=exited, status=255)

Aug 05 23:35:29 raspberrypi systemd[1]: Started Shadowsocks-Libev Custom Client Service Redir Mode.
Aug 05 23:35:29 raspberrypi ss-redir[514]: 2017-08-05 23:35:29 INFO: initializing ciphers... chacha20
Aug 05 23:35:29 raspberrypi ss-redir[514]: 2017-08-05 23:35:29 INFO: tcp port reuse enabled
Aug 05 23:35:29 raspberrypi ss-redir[514]: 2017-08-05 23:35:29 INFO: UDP relay enabled
Aug 05 23:35:29 raspberrypi ss-redir[514]: 2017-08-05 23:35:29 ERROR: [udp] getaddrinfo: Address family for hostname not supported
Aug 05 23:35:29 raspberrypi ss-redir[514]: 2017-08-05 23:35:29 ERROR: [udp] bind() error
Aug 05 23:35:29 raspberrypi systemd[1]: ssredir.service: main process exited, code=exited, status=255/n/a
Aug 05 23:35:29 raspberrypi systemd[1]: Unit ssredir.service entered failed state.

without -u the ss-redir service capable start on boot