-
Notifications
You must be signed in to change notification settings - Fork 556
Protocol
Shadowsocks is a secure split proxy protocol loosely based on SOCKS5.
client <---> SS local <--[encrypted]--> SS remote <---> target server
The Shadowsocks local component acts like a traditional SOCKS5 server and provides proxy service to clients. It encrypts and forwards data streams and packets to the Shadowsocks remote component, which decrypts and forwards to the target server.
Addresses used in Shadowsocks are based on SOCKS5 address format:
[1-byte type][variable-length host][2-byte port]
The following address types are defined:
- 0x01: host is a 4-byte IPv4 address.
- 0x03: Domain name, host is a variable length string, starting with a 1-byte length, followed by up to 255-byte domain name.
- 0x04: host is 16-byte IPv6 address
The port number is a 2-byte big-endian unsigned integer.
The Shadowsocks local component initiates a TCP connection to the remote component by sending an encrypted data stream starting with the target address followed by payload data. The exact encryption scheme differs depending on the cipher used.
[target address][payload]
The Shadowsocks remote component receives the encrypted data stream, decrypts and parses the leading target address. It then establishes a TCP connection to the target server and forwards payload data to it. The Shadowsocks remote component receives reply from the target server, encrypts and forwards it back to the Shadowsocks local component, until the local component disconnects.
When the client-side receives a UDP request from other applications, RSV and FRAG are dropped and a shadowsocks UDP request is made out from it. A random IV is always generated and used for the encryption of shadowsocks UDP request and response. Therefore, all UDP requests and responses have the same structure, no matter whether it's the first packet or not.