vimagick/build-shadowsocks-libev.sh

## build-shadowsocks-libev.sh
sudo apt-get install --no-install-recommends gettext build-essential autoconf libtool libpcre3-dev libev-dev libc-ares-dev automake libmbedtls-dev libsodium-dev pkg-config

git clone --depth=1 --recurse-submodules https://github.com/shadowsocks/shadowsocks-libev.git

cd shadowsocks-libev
vim -p src/server.c src/resolv.c
./autogen.sh
CFLAGS="-Wno-unused-function" ./configure --prefix=/usr --disable-documentation
make -j$(getconf _NPROCESSORS_ONLN)
make install
cd /usr/bin/
ls ss-* | xargs -n1 setcap cap_net_bind_service+ep
ls ss-* | grep -v ss-nat | xargs -n1 strip
ss-server --help
ss-local --help

## filebeat.yml
filebeat.inputs:

- type: journald
  id: shadowsocks-libev-server
  seek: tail
  units:
    - shadowsocks-libev-server@443.service
  fields:
    project: vpn
  fields_under_root: true
  processors:
    - drop_event:
        when.not.regexp.message: " connect to "
    - include_fields:
        fields: ["message", "project"]

## logstash.conf
input {
  beats {
    port => 5044
  }
}

filter {
  if [project] == "vpn" {
    grok {
      match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:loglevel}: \[%{IPV4:client}\] connect to (?<remote>%{URIHOST}|\[%{IPV6}\]):%{POSINT:port}" }
      remove_field => [ "message" ]
    }
    date {
      match => [ "timestamp", "yyyy-MM-dd HH:mm:ss" ]
      remove_field => [ "timestamp" ]
    }
    mutate {
      remove_field => [ "[host]", "[agent]", "[ecs][version]" ]
    }
  } else {
    drop {}
  }
}

output {
  elasticsearch {
    hosts => ["elasticsearch:9200"]
    ilm_enabled => "false"
  }
}

## resolv.c
# https://github.com/shadowsocks/shadowsocks-libev/blob/master/src/resolv.c

struct resolv_query {
-    int requests[2];
+    int requests[1];
     size_t response_count;
     struct sockaddr **responses;

void
resolv_start(const char *hostname, uint16_t port,
             void (*client_cb)(struct sockaddr *, void *),
             void (*free_cb)(void *), void *data)
{

     query->requests[0] = AF_INET;
-    query->requests[1] = AF_INET6;
+    //query->requests[1] = AF_INET6;

     ares_gethostbyname(default_ctx.channel, hostname, AF_INET, dns_query_v4_cb, query);
-    ares_gethostbyname(default_ctx.channel, hostname, AF_INET6, dns_query_v6_cb, query);
+    //ares_gethostbyname(default_ctx.channel, hostname, AF_INET6, dns_query_v6_cb, query);
 }

## server.c
# https://github.com/shadowsocks/shadowsocks-libev/blob/master/src/server.c#L1145-L1150

-        if (verbose) {
+        if (verbose || true) {
+            char *peer_name = get_peer_name(server->fd);
             if ((atyp & ADDRTYPE_MASK) == 4)
-                LOGI("[%s] connect to [%s]:%d", remote_port, host, ntohs(port));
+                LOGI("[%s] connect to [%s]:%d", peer_name, host, ntohs(port));
             else
-                LOGI("[%s] connect to %s:%d", remote_port, host, ntohs(port));
+                LOGI("[%s] connect to %s:%d", peer_name, host, ntohs(port));
         }
	sudo apt-get install --no-install-recommends gettext build-essential autoconf libtool libpcre3-dev libev-dev libc-ares-dev automake libmbedtls-dev libsodium-dev pkg-config

	git clone --depth=1 --recurse-submodules https://github.com/shadowsocks/shadowsocks-libev.git

	cd shadowsocks-libev
	vim -p src/server.c src/resolv.c
	./autogen.sh
	CFLAGS="-Wno-unused-function" ./configure --prefix=/usr --disable-documentation
	make -j$(getconf _NPROCESSORS_ONLN)
	make install
	cd /usr/bin/
	ls ss-* \| xargs -n1 setcap cap_net_bind_service+ep
	ls ss-* \| grep -v ss-nat \| xargs -n1 strip
	ss-server --help
	ss-local --help
	filebeat.inputs:

	- type: journald
	id: shadowsocks-libev-server
	seek: tail
	units:
	- shadowsocks-libev-server@443.service
	fields:
	project: vpn
	fields_under_root: true
	processors:
	- drop_event:
	when.not.regexp.message: " connect to "
	- include_fields:
	fields: ["message", "project"]
	input {
	beats {
	port => 5044
	}
	}

	filter {
	if [project] == "vpn" {
	grok {
	match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:loglevel}: \[%{IPV4:client}\] connect to (?<remote>%{URIHOST}\|\[%{IPV6}\]):%{POSINT:port}" }
	remove_field => [ "message" ]
	}
	date {
	match => [ "timestamp", "yyyy-MM-dd HH:mm:ss" ]
	remove_field => [ "timestamp" ]
	}
	mutate {
	remove_field => [ "[host]", "[agent]", "[ecs][version]" ]
	}
	} else {
	drop {}
	}
	}

	output {
	elasticsearch {
	hosts => ["elasticsearch:9200"]
	ilm_enabled => "false"
	}
	}
	# https://github.com/shadowsocks/shadowsocks-libev/blob/master/src/resolv.c

	struct resolv_query {
	- int requests[2];
	+ int requests[1];
	size_t response_count;
	struct sockaddr **responses;

	void
	resolv_start(const char *hostname, uint16_t port,
	void (client_cb)(struct sockaddr , void *),
	void (free_cb)(void ), void *data)
	{

	query->requests[0] = AF_INET;
	- query->requests[1] = AF_INET6;
	+ //query->requests[1] = AF_INET6;

	ares_gethostbyname(default_ctx.channel, hostname, AF_INET, dns_query_v4_cb, query);
	- ares_gethostbyname(default_ctx.channel, hostname, AF_INET6, dns_query_v6_cb, query);
	+ //ares_gethostbyname(default_ctx.channel, hostname, AF_INET6, dns_query_v6_cb, query);
	}
	# https://github.com/shadowsocks/shadowsocks-libev/blob/master/src/server.c#L1145-L1150

	- if (verbose) {
	+ if (verbose \|\| true) {
	+ char *peer_name = get_peer_name(server->fd);
	if ((atyp & ADDRTYPE_MASK) == 4)
	- LOGI("[%s] connect to [%s]:%d", remote_port, host, ntohs(port));
	+ LOGI("[%s] connect to [%s]:%d", peer_name, host, ntohs(port));
	else
	- LOGI("[%s] connect to %s:%d", remote_port, host, ntohs(port));
	+ LOGI("[%s] connect to %s:%d", peer_name, host, ntohs(port));
	}